Home Explore Help
Sign In
githab
/
cakephp
2
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Storing form token in session is no longer required.

ADmad 6 years ago
parent
e1ad5c22c6
commit
cca6f63f60
2 changed files with 0 additions and 38 deletions
Split View Show Diff Stats
  1. 0 2
      src/Controller/Component/SecurityComponent.php
  2. 0 36
      tests/TestCase/Controller/Component/SecurityComponentTest.php

+ 0 - 2
src/Controller/Component/SecurityComponent.php
View File 

@@ -489,8 +489,6 @@ class SecurityComponent extends Component
 
             'unlockedFields' => $this->_config['unlockedFields'],
 
         ];
 
 
-        $request->getSession()->write('_formToken', $token);
 
-
 
         return $request->withAttribute('_formToken', [
 
             'unlockedFields' => $token['unlockedFields'],
 
         ]);

+ 0 - 36
tests/TestCase/Controller/Component/SecurityComponentTest.php
View File 

@@ -204,19 +204,6 @@ class SecurityComponentTest extends TestCase
 
     }
 
 
     /**
 
-     * testStartup method
 
-     *
 
-     * @return void
 
-     * @triggers Controller.startup $this->Controller
 
-     */
 
-    public function testStartup(): void
 
-    {
 
-        $event = new Event('Controller.startup', $this->Controller);
 
-        $this->Controller->Security->startup($event);
 
-        $this->assertTrue($this->Controller->getRequest()->getSession()->check('_formToken'));
 
-    }
 
-
 
-    /**
 
      * testRequireSecureFail method
 
      *
 
      * @return void
 
@@ -356,7 +343,6 @@ class SecurityComponentTest extends TestCase
 
     {
 
         $event = new Event('Controller.startup', $this->Controller);
 
         $this->Security->startup($event);
 
-        $this->Controller->getRequest()->getSession()->delete('_Token');
 
         $unlocked = '';
 
         $debug = urlencode(json_encode([
 
             '/articles/index',
 
@@ -385,7 +371,6 @@ class SecurityComponentTest extends TestCase
 
     {
 
         $event = new Event('Controller.startup', $this->Controller);
 
         $this->Security->startup($event);
 
-        $this->Controller->getRequest()->getSession()->delete('_Token');
 
 
         $fields = 'a5475372b40f6e3ccbf9f8af191f20e1642fd877%3AModel.valid';
 
 
@@ -1231,27 +1216,6 @@ class SecurityComponentTest extends TestCase
 
     }
 
 
     /**
 
-     * testBlackHoleNotDeletingSessionInformation method
 
-     *
 
-     * Test that blackhole doesn't delete the _Token session key so repeat data submissions
 
-     * stay blackholed.
 
-     *
 
-     * @return void
 
-     * @triggers Controller.startup $this->Controller
 
-     */
 
-    public function testBlackHoleNotDeletingSessionInformation(): void
 
-    {
 
-        $event = new Event('Controller.startup', $this->Controller);
 
-        $this->Security->startup($event);
 
-
 
-        $this->Security->blackHole($this->Controller, 'auth');
 
-        $this->assertTrue(
 
-            $this->Controller->getRequest()->getSession()->check('_formToken'),
 
-            '_Token was deleted by blackHole %s'
 
-        );
 
-    }
 
-
 
-    /**
 
      * testGenerateToken method
 
      *
 
      * Test generateToken().