private function protectAgainstCSRF() { $user = $this->auth->getCurrentUser(); if ($this->auth->isDavAuthenticated($user)) { return true; } if ($this->request->passesCSRFCheck()) { return true; } throw new BadRequest(); }