Update CSRF template tag to support query string

platine-php · Dec 6, 2023 · 483e3b4 · 483e3b4
1 parent 4521e5f
commit 483e3b4
Show file tree

Hide file tree

Showing 4 changed files with 42 additions and 4 deletions.
diff --git a/src/Auth/Entity/Permission.php b/src/Auth/Entity/Permission.php
@@ -69,7 +69,7 @@ public static function mapEntity(EntityMapperInterface $mapper): void
             'created_at' => 'date',
             'updated_at' => '?date',
         ]);
-		
-		$mapper->relation('roles')->shareMany(Role::class);
+
+        $mapper->relation('roles')->shareMany(Role::class);
     }
 }
diff --git a/src/Template/Tag/CsrfTag.php b/src/Template/Tag/CsrfTag.php
@@ -51,6 +51,7 @@
 use Platine\Framework\Security\Csrf\CsrfManager;
 use Platine\Template\Parser\AbstractTag;
 use Platine\Template\Parser\Context;
+use Platine\Template\Parser\Parser;
 
 /**
  * @class CsrfTag
@@ -59,6 +60,15 @@
  */
 class CsrfTag extends AbstractTag
 {
+    /**
+    * {@inheritdoc}
+    */
+    public function __construct(string $markup, &$tokens, Parser $parser)
+    {
+        parent::__construct($markup, $tokens, $parser);
+        $this->extractAttributes($markup);
+    }
+
     /**
      * {@inheritdoc}
      */
@@ -70,6 +80,12 @@ public function render(Context $context): string
         /** @var CsrfManager<T> $csrfManager */
         $csrfManager = app(CsrfManager::class);
 
+        $query = array_key_exists('query', $this->attributes);
+
+        if ($query) {
+            return http_build_query($csrfManager->getTokenQuery());
+        }
+
         $key = $config->get('security.csrf.key', '');
         $token = $csrfManager->getToken();
 

diff --git a/tests/Template/Tag/CsrfTagTest.php b/tests/Template/Tag/CsrfTagTest.php
@@ -37,4 +37,27 @@ public function testRender(): void
 
         $this->assertEquals('<input type = "hidden" name = "csrf" value = "foo" />', $o->render($context));
     }
+
+    public function testRenderUsingQueryString(): void
+    {
+        global $mock_app_to_instance,
+               $mock_app_config_items,
+               $mock_sha1_foo;
+
+        $mock_sha1_foo = true;
+        $mock_app_to_instance = true;
+
+        $mock_app_config_items = [
+            'security.csrf' => ['expire' => 400, 'key' => 'csrf'],
+            'security.csrf.key' => 'csrf',
+        ];
+
+        $parser = $this->getMockInstance(Parser::class);
+        $context = $this->getMockInstance(Context::class);
+
+        $tokens = ['tnh', '{% endcapture %}'];
+        $o = new CsrfTag('myname query:1', $tokens, $parser);
+
+        $this->assertEquals('csrf=foo', $o->render($context));
+    }
 }
diff --git a/tests/Template/Tag/RouteUrlTagTest.php b/tests/Template/Tag/RouteUrlTagTest.php
@@ -19,11 +19,10 @@ class RouteUrlTagTest extends PlatineTestCase
     public function testConstructWrongSynthax(): void
     {
         $parser = $this->getMockInstance(Parser::class);
-        $context = $this->getMockInstance(Context::class);
 
         $tokens = [];
         $this->expectException(ParseException::class);
-        $o = new RouteUrlTag('', $tokens, $parser);
+        (new RouteUrlTag('', $tokens, $parser));
     }