/**
* Checks whether a valid CSRF token has been provided along the given request.
*
* Returns TRUE in case the given request contains a valid CSRF token.
* Otherwise returns FALSE.
*
* @param \Ableron\Lib\Http\HttpRequest $httpRequest The request to check for valid security token
* @return bool
*/
public function checkCsrfToken(HttpRequest $httpRequest)
{
// check POST request
if ($httpRequest->isPost() && $httpRequest->getPostParameters()->containsKey(ABLERON_PARAM_CSRF_TOKEN) && $this->isValidCsrfToken($httpRequest->getPostParameters()->get(ABLERON_PARAM_CSRF_TOKEN))) {
return true;
}
// check GET request
if ($httpRequest->isGet() && $httpRequest->getQueryParameters()->containsKey(ABLERON_PARAM_CSRF_TOKEN) && $this->isValidCsrfToken($httpRequest->getQueryParameters()->get(ABLERON_PARAM_CSRF_TOKEN))) {
return true;
}
// handle missing/invalid CSRF token
$this->handlePossibleCsrfAttack();
// given request does not contain valid CSRF token
return false;
}
/**
* Tests whether __construct() sets provided values correctly.
*
* @return void
*/
public function testConstructWithOptionalParameters()
{
$request = new HttpRequest(new Uri('http://example.com/foo'), HttpRequest::METHOD_POST, AbstractHttpMessage::HTTP_VERSION_1_0, array(new GenericHeaderField('X-Test', 'Foo')), array('a' => '1'), array('b' => '2'), array(new HttpCookie('test')));
$this->assertSame('', $request->getContent());
$this->assertSame('text/plain; charset=utf-8', $request->getContentType()->toString());
$this->assertFalse($request->getContentType()->hasBinaryContent());
$this->assertSame('X-Test: Foo', $request->getHeaderFields()->get('x-test')->toString());
$this->assertTrue($request->getCookies()->containsKey('test'));
$this->assertSame('1', $request->getQueryParameters()->get('a'));
$this->assertSame(array('b' => '2'), $request->getPostParameters()->toArray());
$this->assertSame('http://example.com/foo', $request->getUri()->toString());
$this->assertSame(HttpRequest::METHOD_POST, $request->getMethod());
}
