Skip to content

Commit

Permalink
Apply CSRF token on demand, so validation is not based on a default
Browse files Browse the repository at this point in the history
  • Loading branch information
@bajb
bajb committed Jan 16, 2019
1 parent 78f6fb5 commit 4ed7457
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 0 deletions.
5 changes: 5 additions & 0 deletions src/Csrf/CsrfDataHandler.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,12 @@ public function __construct($formSecret, $sessionSecret)
{
$this->setFormSecret($formSecret);
$this->setSessionSecret($sessionSecret);
}

public function applyNewToken()
{
$this->setValue(password_hash($this->_generatePassword(), PASSWORD_DEFAULT));
return $this;
}

protected function _generatePassword()
Expand Down
2 changes: 2 additions & 0 deletions tests/Csrf/CsrfFormTest.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ public function testCsrfToken()
{
$secret = 'user-secret';
$form = new CsrfForm($secret);
$form->csrfToken->applyNewToken();
$formValue = $form->csrfToken->getValue();

$this->assertTrue($form->csrfToken->isValid());
Expand All @@ -30,6 +31,7 @@ public function testRender()
{
$secret = 'user-secret';
$form = new CsrfForm($secret);
$form->csrfToken->applyNewToken();
$html = $form->produceSafeHTML()->getContent();
$this->assertRegExp(
'/\<form method="POST"\>\<input type="hidden" value=".*" name="csrfToken" \/\>\<\/form\>/',
Expand Down

0 comments on commit 4ed7457

Please sign in to comment.