Rename request attribute "formToken" to "formTokenData".

Previous name was misleading. It does not contain the form token but rather
the data used to the generate token.

src/Controller/Component/FormProtectionComponent.php

@@ -98,7 +98,7 @@ class FormProtectionComponent extends Component
         $token = [
             'unlockedFields' => $this->_config['unlockedFields'],
         ];
-        $request = $request->withAttribute('formToken', [
+        $request = $request->withAttribute('formTokenData', [
             'unlockedFields' => $token['unlockedFields'],
         ]);
 

src/Controller/Component/SecurityComponent.php

@@ -489,7 +489,7 @@ class SecurityComponent extends Component
             'unlockedFields' => $this->_config['unlockedFields'],
         ];
 
-        return $request->withAttribute('formToken', [
+        return $request->withAttribute('formTokenData', [
             'unlockedFields' => $token['unlockedFields'],
         ]);
     }

src/View/Helper/FormHelper.php

@@ -443,7 +443,7 @@ class FormHelper extends Helper
         $htmlAttributes += $options;
 
         if ($this->requestType !== 'get') {
-            $formTokenData = $this->_View->getRequest()->getAttribute('formToken');
+            $formTokenData = $this->_View->getRequest()->getAttribute('formTokenData');
             if ($formTokenData !== null) {
                 $this->formProtector = $this->createFormProtector($this->_lastAction, $formTokenData);
             }
@@ -550,7 +550,7 @@ class FormHelper extends Helper
     {
         $out = '';
 
-        if ($this->requestType !== 'get' && $this->_View->getRequest()->getAttribute('formToken') !== null) {
+        if ($this->requestType !== 'get' && $this->_View->getRequest()->getAttribute('formTokenData') !== null) {
             $out .= $this->secure([], $secureAttributes);
         }
         $out .= $this->formatTemplate('formEnd', []);
@@ -1837,7 +1837,7 @@ class FormHelper extends Helper
         ]);
         $out .= $this->_csrfField();
 
-        $formTokenData = $this->_View->getRequest()->getAttribute('formToken');
+        $formTokenData = $this->_View->getRequest()->getAttribute('formTokenData');
         if ($formTokenData !== null) {
             $this->formProtector = $this->createFormProtector($this->_lastAction, $formTokenData);
         }
@@ -2273,7 +2273,7 @@ class FormHelper extends Helper
     protected function _initInputField(string $field, array $options = []): array
     {
         if (!isset($options['secure'])) {
-            $options['secure'] = $this->_View->getRequest()->getAttribute('formToken') === null ? false : true;
+            $options['secure'] = $this->_View->getRequest()->getAttribute('formTokenData') === null ? false : true;
         }
         $context = $this->_getContext();
 

tests/TestCase/Controller/Component/FormProtectionComponentTest.php

@@ -228,7 +228,7 @@ class FormProtectionComponentTest extends TestCase
         $event = new Event('Controller.startup', $this->Controller);
         $this->Controller->FormProtection->startup($event);
 
-        $securityToken = $this->Controller->getRequest()->getAttribute('formToken');
+        $securityToken = $this->Controller->getRequest()->getAttribute('formTokenData');
         $this->assertNotEmpty($securityToken);
         $this->assertSame([], $securityToken['unlockedFields']);
     }

tests/TestCase/Controller/Component/SecurityComponentTest.php

@@ -1227,7 +1227,7 @@ class SecurityComponentTest extends TestCase
         $request = $this->Controller->getRequest();
         $request = $this->Security->generateToken($request);
 
-        $securityToken = $request->getAttribute('formToken');
+        $securityToken = $request->getAttribute('formTokenData');
         $this->assertNotEmpty($securityToken);
         $this->assertSame([], $securityToken['unlockedFields']);
     }

tests/TestCase/View/Helper/FormHelperTest.php

@@ -243,7 +243,7 @@ class FormHelperTest extends TestCase
      */
     public function testOrderForRenderingWidgetAndFetchingSecureFields()
     {
-        $this->View->setRequest($this->View->getRequest()->withAttribute('formToken', [
+        $this->View->setRequest($this->View->getRequest()->withAttribute('formTokenData', [
             'unlockedFields' => [],
         ]));
 
@@ -277,7 +277,7 @@ class FormHelperTest extends TestCase
      */
     public function testRenderingWidgetWithEmptyName()
     {
-        $this->View->setRequest($this->View->getRequest()->withAttribute('formToken', []));
+        $this->View->setRequest($this->View->getRequest()->withAttribute('formTokenData', []));
         $this->Form->create();
 
         $result = $this->Form->widget('select', ['secure' => true, 'name' => '']);
@@ -1099,7 +1099,7 @@ class FormHelperTest extends TestCase
      */
     public function testValidateHashNoModel()
     {
-        $this->View->setRequest($this->View->getRequest()->withAttribute('formToken', []));
+        $this->View->setRequest($this->View->getRequest()->withAttribute('formTokenData', []));
 
         $fields = ['anything'];
         $this->Form->create();
@@ -1116,7 +1116,7 @@ class FormHelperTest extends TestCase
      */
     public function testNoCheckboxLocking()
     {
-        $this->View->setRequest($this->View->getRequest()->withAttribute('formToken', []));
+        $this->View->setRequest($this->View->getRequest()->withAttribute('formTokenData', []));
         $this->Form->create();
 
         $this->assertSame([], $this->Form->getFormProtector()->__debugInfo()['fields']);
@@ -1136,7 +1136,7 @@ class FormHelperTest extends TestCase
     {
         $fields = ['Model.password', 'Model.username', 'Model.valid' => '0'];
 
-        $this->View->setRequest($this->View->getRequest()->withAttribute('formToken', []));
+        $this->View->setRequest($this->View->getRequest()->withAttribute('formTokenData', []));
         $this->Form->create();
         $result = $this->Form->secure($fields);
 
@@ -1185,7 +1185,7 @@ class FormHelperTest extends TestCase
         Configure::write('debug', false);
         $fields = ['Model.password', 'Model.username', 'Model.valid' => '0'];
 
-        $this->View->setRequest($this->View->getRequest()->withAttribute('formToken', []));
+        $this->View->setRequest($this->View->getRequest()->withAttribute('formTokenData', []));
         $this->Form->create();
         $result = $this->Form->secure($fields);
 
@@ -1373,7 +1373,7 @@ class FormHelperTest extends TestCase
      */
     public function testFormSecurityMultipleFields()
     {
-        $this->View->setRequest($this->View->getRequest()->withAttribute('formToken', []));
+        $this->View->setRequest($this->View->getRequest()->withAttribute('formTokenData', []));
         $this->Form->create();
 
         $fields = [
@@ -1437,7 +1437,7 @@ class FormHelperTest extends TestCase
      */
     public function testFormSecurityMultipleSubmitButtons()
     {
-        $this->View->setRequest($this->View->getRequest()->withAttribute('formToken', []));
+        $this->View->setRequest($this->View->getRequest()->withAttribute('formTokenData', []));
 
         $this->Form->create($this->article);
         $this->Form->text('Address.title');
@@ -1501,7 +1501,7 @@ class FormHelperTest extends TestCase
      */
     public function testSecurityButtonNestedNamed()
     {
-        $this->View->setRequest($this->View->getRequest()->withAttribute('formToken', []));
+        $this->View->setRequest($this->View->getRequest()->withAttribute('formTokenData', []));
 
         $this->Form->create();
         $this->Form->button('Test', ['type' => 'submit', 'name' => 'Address[button]']);
@@ -1516,7 +1516,7 @@ class FormHelperTest extends TestCase
      */
     public function testSecuritySubmitNestedNamed()
     {
-        $this->View->setRequest($this->View->getRequest()->withAttribute('formToken', []));
+        $this->View->setRequest($this->View->getRequest()->withAttribute('formTokenData', []));
 
         $this->Form->create($this->article);
         $this->Form->submit('Test', ['type' => 'submit', 'name' => 'Address[button]']);
@@ -1531,7 +1531,7 @@ class FormHelperTest extends TestCase
      */
     public function testSecuritySubmitImageNoName()
     {
-        $this->View->setRequest($this->View->getRequest()->withAttribute('formToken', []));
+        $this->View->setRequest($this->View->getRequest()->withAttribute('formTokenData', []));
 
         $this->Form->create();
         $result = $this->Form->submit('save.png');
@@ -1553,7 +1553,7 @@ class FormHelperTest extends TestCase
      */
     public function testSecuritySubmitImageName()
     {
-        $this->View->setRequest($this->View->getRequest()->withAttribute('formToken', []));
+        $this->View->setRequest($this->View->getRequest()->withAttribute('formTokenData', []));
 
         $this->Form->create();
         $result = $this->Form->submit('save.png', ['name' => 'test']);
@@ -1576,7 +1576,7 @@ class FormHelperTest extends TestCase
      */
     public function testFormSecurityMultipleControlFields()
     {
-        $this->View->setRequest($this->View->getRequest()->withAttribute('formToken', []));
+        $this->View->setRequest($this->View->getRequest()->withAttribute('formTokenData', []));
         $this->Form->create();
 
         $this->Form->hidden('Addresses.0.id', ['value' => '123456']);
@@ -1655,7 +1655,7 @@ class FormHelperTest extends TestCase
      */
     public function testFormSecurityArrayFields()
     {
-        $this->View->setRequest($this->View->getRequest()->withAttribute('formToken', []));
+        $this->View->setRequest($this->View->getRequest()->withAttribute('formTokenData', []));
 
         $this->Form->create();
         $this->Form->text('Address.primary.1');
@@ -1676,7 +1676,7 @@ class FormHelperTest extends TestCase
      */
     public function testFormSecurityMultipleControlDisabledFields()
     {
-        $this->View->setRequest($this->View->getRequest()->withAttribute('formToken', [
+        $this->View->setRequest($this->View->getRequest()->withAttribute('formTokenData', [
             'unlockedFields' => ['first_name', 'address'],
         ]));
         $this->Form->create();
@@ -1752,13 +1752,13 @@ class FormHelperTest extends TestCase
      */
     public function testFormSecurityControlUnlockedFields()
     {
-        $this->View->setRequest($this->View->getRequest()->withAttribute('formToken', [
+        $this->View->setRequest($this->View->getRequest()->withAttribute('formTokenData', [
             'unlockedFields' => ['first_name', 'address'],
         ]));
         $this->Form->create();
         $result = $this->Form->getFormProtector()->__debugInfo()['unlockedFields'];
         $this->assertEquals(
-            $this->View->getRequest()->getAttribute('formToken'),
+            $this->View->getRequest()->getAttribute('formTokenData'),
             ['unlockedFields' => $result]
         );
 
@@ -1831,13 +1831,13 @@ class FormHelperTest extends TestCase
      */
     public function testFormSecurityControlUnlockedFieldsDebugSecurityTrue()
     {
-        $this->View->setRequest($this->View->getRequest()->withAttribute('formToken', [
+        $this->View->setRequest($this->View->getRequest()->withAttribute('formTokenData', [
             'unlockedFields' => ['first_name', 'address'],
         ]));
         $this->Form->create();
         $result = $this->Form->getFormProtector()->__debugInfo()['unlockedFields'];
         $this->assertEquals(
-            $this->View->getRequest()->getAttribute('formToken'),
+            $this->View->getRequest()->getAttribute('formTokenData'),
             ['unlockedFields' => $result]
         );
 
@@ -1909,13 +1909,13 @@ class FormHelperTest extends TestCase
      */
     public function testFormSecurityControlUnlockedFieldsDebugSecurityDebugFalse()
     {
-        $this->View->setRequest($this->View->getRequest()->withAttribute('formToken', [
+        $this->View->setRequest($this->View->getRequest()->withAttribute('formTokenData', [
             'unlockedFields' => ['first_name', 'address'],
         ]));
         $this->Form->create();
         $result = $this->Form->getFormProtector()->__debugInfo()['unlockedFields'];
         $this->assertEquals(
-            $this->View->getRequest()->getAttribute('formToken'),
+            $this->View->getRequest()->getAttribute('formTokenData'),
             ['unlockedFields' => $result]
         );
 
@@ -1967,13 +1967,13 @@ class FormHelperTest extends TestCase
      */
     public function testFormSecurityControlUnlockedFieldsDebugSecurityFalse()
     {
-        $this->View->setRequest($this->View->getRequest()->withAttribute('formToken', [
+        $this->View->setRequest($this->View->getRequest()->withAttribute('formTokenData', [
             'unlockedFields' => ['first_name', 'address'],
         ]));
         $this->Form->create();
         $result = $this->Form->getFormProtector()->__debugInfo()['unlockedFields'];
         $this->assertEquals(
-            $this->View->getRequest()->getAttribute('formToken'),
+            $this->View->getRequest()->getAttribute('formTokenData'),
             ['unlockedFields' => $result]
         );
 
@@ -2026,7 +2026,7 @@ class FormHelperTest extends TestCase
      */
     public function testFormSecureWithCustomNameAttribute()
     {
-        $this->View->setRequest($this->View->getRequest()->withAttribute('formToken', []));
+        $this->View->setRequest($this->View->getRequest()->withAttribute('formTokenData', []));
         $this->Form->create();
 
         $this->Form->text('UserForm.published', ['name' => 'User[custom]']);
@@ -2048,7 +2048,7 @@ class FormHelperTest extends TestCase
     public function testFormSecuredControl()
     {
         $this->View->setRequest($this->View->getRequest()
-            ->withAttribute('formToken', [])
+            ->withAttribute('formTokenData', [])
             ->withAttribute('csrfToken', 'testKey'));
         $this->article['schema'] = [
             'ratio' => ['type' => 'decimal', 'length' => 5, 'precision' => 6],
@@ -2214,7 +2214,7 @@ class FormHelperTest extends TestCase
      */
     public function testSecuredControlCustomName()
     {
-        $this->View->setRequest($this->View->getRequest()->withAttribute('formToken', []));
+        $this->View->setRequest($this->View->getRequest()->withAttribute('formTokenData', []));
         $this->Form->create();
 
         $this->Form->text('text_input', [
@@ -2247,7 +2247,7 @@ class FormHelperTest extends TestCase
      */
     public function testSecuredControlDuplicate()
     {
-        $this->View->setRequest($this->View->getRequest()->withAttribute('formToken', []));
+        $this->View->setRequest($this->View->getRequest()->withAttribute('formTokenData', []));
         $this->Form->create();
 
         $this->Form->control('text_val', [
@@ -2275,7 +2275,7 @@ class FormHelperTest extends TestCase
      */
     public function testFormSecuredFileControl()
     {
-        $this->View->setRequest($this->View->getRequest()->withAttribute('formToken', []));
+        $this->View->setRequest($this->View->getRequest()->withAttribute('formTokenData', []));
         $this->Form->create();
 
         $this->Form->file('Attachment.file');
@@ -2297,7 +2297,7 @@ class FormHelperTest extends TestCase
      */
     public function testFormSecuredMultipleSelect()
     {
-        $this->View->setRequest($this->View->getRequest()->withAttribute('formToken', []));
+        $this->View->setRequest($this->View->getRequest()->withAttribute('formTokenData', []));
         $this->Form->create();
 
         $options = ['1' => 'one', '2' => 'two'];
@@ -2319,7 +2319,7 @@ class FormHelperTest extends TestCase
      */
     public function testFormSecuredRadio()
     {
-        $this->View->setRequest($this->View->getRequest()->withAttribute('formToken', []));
+        $this->View->setRequest($this->View->getRequest()->withAttribute('formTokenData', []));
         $this->Form->create();
 
         $options = ['1' => 'option1', '2' => 'option2'];
@@ -2353,7 +2353,7 @@ class FormHelperTest extends TestCase
      */
     public function testFormSecuredAndDisabledNotAssoc()
     {
-        $this->View->setRequest($this->View->getRequest()->withAttribute('formToken', []));
+        $this->View->setRequest($this->View->getRequest()->withAttribute('formTokenData', []));
         $this->Form->create();
 
         $this->Form->select('Model.select', [1, 2], ['disabled']);
@@ -2380,7 +2380,7 @@ class FormHelperTest extends TestCase
      */
     public function testFormSecuredAndDisabled()
     {
-        $this->View->setRequest($this->View->getRequest()->withAttribute('formToken', []));
+        $this->View->setRequest($this->View->getRequest()->withAttribute('formTokenData', []));
         $this->Form->create();
 
         $this->Form->checkbox('Model.checkbox', ['disabled' => true]);
@@ -2412,7 +2412,7 @@ class FormHelperTest extends TestCase
      */
     public function testUnlockFieldAddsToList()
     {
-        $this->View->setRequest($this->View->getRequest()->withAttribute('formToken', [
+        $this->View->setRequest($this->View->getRequest()->withAttribute('formTokenData', [
             'unlockedFields' => [],
         ]));
         $this->Form->create();
@@ -2436,7 +2436,7 @@ class FormHelperTest extends TestCase
      */
     public function testUnlockFieldRemovingFromFields()
     {
-        $this->View->setRequest($this->View->getRequest()->withAttribute('formToken', [
+        $this->View->setRequest($this->View->getRequest()->withAttribute('formTokenData', [
             'unlockedFields' => [],
         ]));
         $this->Form->create($this->article);
@@ -2462,7 +2462,7 @@ class FormHelperTest extends TestCase
      */
     public function testResetUnlockFields()
     {
-        $this->View->setRequest($this->View->getRequest()->withAttribute('formToken', [
+        $this->View->setRequest($this->View->getRequest()->withAttribute('formTokenData', [
             'key' => 'testKey',
             'unlockedFields' => [],
         ]));
@@ -2489,7 +2489,7 @@ class FormHelperTest extends TestCase
      */
     public function testSecuredFormUrlIgnoresHost()
     {
-        $this->View->setRequest($this->View->getRequest()->withAttribute('formToken', ['key' => 'testKey']));
+        $this->View->setRequest($this->View->getRequest()->withAttribute('formTokenData', ['key' => 'testKey']));
 
         $expected = '2548654895b160d724042ed269a2a863fd9d66ee%3A';
         $this->Form->create($this->article, [
@@ -2520,7 +2520,7 @@ class FormHelperTest extends TestCase
      */
     public function testSecuredFormUrlHasHtmlAndIdentifier()
     {
-        $this->View->setRequest($this->View->getRequest()->withAttribute('formToken', []));
+        $this->View->setRequest($this->View->getRequest()->withAttribute('formTokenData', []));
 
         $expected = '0a913f45b887b4d9cc2650ef1edc50183896959c%3A';
         $this->Form->create($this->article, [
@@ -5570,7 +5570,7 @@ class FormHelperTest extends TestCase
      */
     public function testSelectMultipleCheckboxSecurity()
     {
-        $this->View->setRequest($this->View->getRequest()->withAttribute('formToken', []));
+        $this->View->setRequest($this->View->getRequest()->withAttribute('formTokenData', []));
         $this->Form->create();
 
         $this->Form->select(
@@ -5597,7 +5597,7 @@ class FormHelperTest extends TestCase
      */
     public function testSelectMultipleSecureWithNoOptions()
     {
-        $this->View->setRequest($this->View->getRequest()->withAttribute('formToken', []));
+        $this->View->setRequest($this->View->getRequest()->withAttribute('formTokenData', []));
         $this->Form->create();
 
         $this->Form->select(
@@ -5619,7 +5619,7 @@ class FormHelperTest extends TestCase
      */
     public function testSelectNoSecureWithNoOptions()
     {
-        $this->View->setRequest($this->View->getRequest()->withAttribute('formToken', []));
+        $this->View->setRequest($this->View->getRequest()->withAttribute('formTokenData', []));
         $this->Form->create();
 
         $this->Form->select(
@@ -6059,7 +6059,7 @@ class FormHelperTest extends TestCase
     public function testDateTimeSecured()
     {
         $this->View->setRequest(
-            $this->View->getRequest()->withAttribute('formToken', ['unlockedFields' => []])
+            $this->View->getRequest()->withAttribute('formTokenData', ['unlockedFields' => []])
         );
         $this->Form->create();
 
@@ -6085,7 +6085,7 @@ class FormHelperTest extends TestCase
     public function testDateTimeSecuredDisabled()
     {
         $this->View->setRequest(
-            $this->View->getRequest()->withAttribute('formToken', ['unlockedFields' => []])
+            $this->View->getRequest()->withAttribute('formTokenData', ['unlockedFields' => []])
         );
         $this->Form->create();
 
@@ -6590,7 +6590,7 @@ class FormHelperTest extends TestCase
      */
     public function testButtonUnlockedByDefault()
     {
-        $this->View->setRequest($this->View->getRequest()->withAttribute('formToken', []));
+        $this->View->setRequest($this->View->getRequest()->withAttribute('formTokenData', []));
         $this->Form->create();
 
         $this->Form->button('Save', ['name' => 'save']);
@@ -6723,7 +6723,7 @@ class FormHelperTest extends TestCase
     {
         $this->View->setRequest($this->View->getRequest()
             ->withAttribute('csrfToken', 'testkey')
-            ->withAttribute('formToken', ['unlockedFields' => []]));
+            ->withAttribute('formTokenData', ['unlockedFields' => []]));
 
         $result = $this->Form->postButton('Delete', '/posts/delete/1');
         $tokenDebug = urlencode(json_encode([
@@ -6947,7 +6947,7 @@ class FormHelperTest extends TestCase
     {
         $hash = hash_hmac('sha1', '/posts/delete/1' . serialize(['id' => '1']) . session_id(), Security::getSalt());
         $hash .= '%3Aid';
-        $this->View->setRequest($this->View->getRequest()->withAttribute('formToken', ['key' => 'test']));
+        $this->View->setRequest($this->View->getRequest()->withAttribute('formTokenData', ['key' => 'test']));
 
         $result = $this->Form->postLink(
             'Delete',
@@ -7000,7 +7000,7 @@ class FormHelperTest extends TestCase
     {
         $hash = hash_hmac('sha1', '/posts/delete/1' . serialize([]) . session_id(), Security::getSalt());
         $hash .= '%3A';
-        $this->View->setRequest($this->View->getRequest()->withAttribute('formToken', ['key' => 'test']));
+        $this->View->setRequest($this->View->getRequest()->withAttribute('formTokenData', ['key' => 'test']));
 
         $this->Form->create(null, ['url' => ['action' => 'add']]);
         $this->Form->control('title');
@@ -7028,7 +7028,7 @@ class FormHelperTest extends TestCase
         $hash = hash_hmac('sha1', '/posts/delete/1' . serialize(['id' => '1']) . session_id(), Security::getSalt());
         $hash .= '%3Aid';
         $this->View->setRequest($this->View->getRequest()
-            ->withAttribute('formToken', ['key' => 'test']));
+            ->withAttribute('formTokenData', ['key' => 'test']));
 
         $result = $this->Form->postLink(
             'Delete',
@@ -7087,7 +7087,7 @@ class FormHelperTest extends TestCase
     {
         $this->View->setRequest($this->View->getRequest()
             ->withAttribute('csrfToken', 'testkey')
-            ->withAttribute('formToken', []));
+            ->withAttribute('formTokenData', []));
 
         $this->Form->create($this->article, ['type' => 'get']);
         $this->Form->end();
@@ -7301,7 +7301,7 @@ class FormHelperTest extends TestCase
      */
     public function testSubmitUnlockedByDefault()
     {
-        $this->View->setRequest($this->View->getRequest()->withAttribute('formToken', []));
+        $this->View->setRequest($this->View->getRequest()->withAttribute('formTokenData', []));
         $this->Form->create();
         $this->Form->submit('Go go');
         $this->Form->submit('Save', ['name' => 'save']);