mirror of
https://github.com/wallabag/wallabag.git
synced 2025-08-01 17:38:38 +00:00
Fix CSRF on user deletion
This commit is contained in:
parent
784bc1393c
commit
f1b3d5cdd7
3 changed files with 14 additions and 8 deletions
|
@ -794,7 +794,7 @@ class ConfigControllerTest extends WallabagCoreTestCase
|
|||
$this->assertGreaterThan(1, $body = $crawler->filter('body')->extract(['_text']));
|
||||
$this->assertStringNotContainsString('config.form_user.delete.button', $body[0]);
|
||||
|
||||
$client->request('GET', '/account/delete');
|
||||
$client->request('POST', '/account/delete');
|
||||
$this->assertSame(403, $client->getResponse()->getStatusCode());
|
||||
|
||||
$user = $em
|
||||
|
@ -860,9 +860,9 @@ class ConfigControllerTest extends WallabagCoreTestCase
|
|||
|
||||
$crawler = $client->request('GET', '/config');
|
||||
|
||||
$deleteLink = $crawler->filter('.delete-account')->last()->link();
|
||||
$deleteForm = $crawler->filter('form[name=delete-account]')->form();
|
||||
|
||||
$client->click($deleteLink);
|
||||
$client->submit($deleteForm);
|
||||
$this->assertSame(302, $client->getResponse()->getStatusCode());
|
||||
|
||||
$em = $client->getContainer()->get('doctrine.orm.entity_manager');
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue