oss/wallabag
oss/wallabag
1
0
Fork 0
mirror of https://github.com/wallabag/wallabag.git synced 2025-06-27 16:36:00 +00:00
Code Wiki Activity

Protect generate_token with a CSRF token

Browse source
This commit is contained in:
Yassine Guedidi 2025-03-18 23:38:48 +01:00
parent f71d8332e0
commit d703fa6a3a
4 changed files with 72 additions and 63 deletions
Download patch file Download diff file Expand all files Collapse all files

21
tests/Wallabag/CoreBundle/Controller/ConfigControllerTest.php
View file

@ -328,7 +328,8 @@ class ConfigControllerTest extends WallabagCoreTestCase
$this->assertGreaterThan(1, $body = $crawler->filter('body')->extract(['_text']));
$this->assertStringContainsString('config.form_feed.no_token', $body[0]);
$client->request('GET', '/generate-token');
$client->submit($crawler->selectButton('config.form_feed.token_create')->form());
$this->assertSame(302, $client->getResponse()->getStatusCode());
$crawler = $client->followRedirect();
@ -337,24 +338,6 @@ class ConfigControllerTest extends WallabagCoreTestCase
$this->assertStringContainsString('config.form_feed.token_reset', $body[0]);
}
public function testGenerateTokenAjax()
{
$this->logInAs('admin');
$client = $this->getTestClient();
$client->request(
'GET',
'/generate-token',
[],
[],
['HTTP_X-Requested-With' => 'XMLHttpRequest']
);
$this->assertSame(200, $client->getResponse()->getStatusCode());
$content = json_decode($client->getResponse()->getContent(), true);
$this->assertArrayHasKey('token', $content);
}
public function testRevokeTokenAjax()
{
$this->logInAs('admin');