/** * Checks whether a valid CSRF token has been provided along the given request. * * Returns TRUE in case the given request contains a valid CSRF token. * Otherwise returns FALSE. * * @param \Ableron\Lib\Http\HttpRequest $httpRequest The request to check for valid security token * @return bool */ public function checkCsrfToken(HttpRequest $httpRequest) { // check POST request if ($httpRequest->isPost() && $httpRequest->getPostParameters()->containsKey(ABLERON_PARAM_CSRF_TOKEN) && $this->isValidCsrfToken($httpRequest->getPostParameters()->get(ABLERON_PARAM_CSRF_TOKEN))) { return true; } // check GET request if ($httpRequest->isGet() && $httpRequest->getQueryParameters()->containsKey(ABLERON_PARAM_CSRF_TOKEN) && $this->isValidCsrfToken($httpRequest->getQueryParameters()->get(ABLERON_PARAM_CSRF_TOKEN))) { return true; } // handle missing/invalid CSRF token $this->handlePossibleCsrfAttack(); // given request does not contain valid CSRF token return false; }
/** * Tests whether isConnect() / isDelete() / isGet() / isHead() / isOptions() * isPatch() / isPost() / isPut() / isTrace() work as expected. * * @dataProvider dataProviderTestIsSpecificRequestMethod * @return void */ public function testIsSpecificRequestMethod($requestMethod, $isConnect, $isDelete, $isGet, $isHead, $isOptions, $isPath, $isPost, $isPut, $isTrace) { $request = new HttpRequest(null, $requestMethod); $this->assertSame($isConnect, $request->isConnect()); $this->assertSame($isDelete, $request->isDelete()); $this->assertSame($isGet, $request->isGet()); $this->assertSame($isHead, $request->isHead()); $this->assertSame($isOptions, $request->isOptions()); $this->assertSame($isPath, $request->isPatch()); $this->assertSame($isPost, $request->isPost()); $this->assertSame($isPut, $request->isPut()); $this->assertSame($isTrace, $request->isTrace()); }