Process token retrieve through Slim controller

2020-06-21 12:21:31 +02:00 · 2020-06-21 12:21:31 +02:00 · 764d34a7d3
commit 764d34a7d3
parent 1b8620b1ad
5 changed files with 71 additions and 4 deletions
--- a/application/front/controller/admin/TokenController.php
+++ b/application/front/controller/admin/TokenController.php
@ -0,0 +1,26 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Shaarli\Front\Controller\Admin;
+
+use Slim\Http\Request;
+use Slim\Http\Response;
+
+/**
+ * Class TokenController
+ *
+ * Endpoint used to retrieve a XSRF token. Useful for AJAX requests.
+ */
+class TokenController extends ShaarliAdminController
+{
+    /**
+     * GET /admin/token
+     */
+    public function getToken(Request $request, Response $response): Response
+    {
+        $response = $response->withHeader('Content-Type', 'text/plain');
+
+        return $response->write($this->container->sessionManager->generateToken());
+    }
+}
--- a/assets/common/js/thumbnails-update.js
+++ b/assets/common/js/thumbnails-update.js
@ -33,7 +33,7 @@ function updateThumb(basePath, ids, i, elements) {
        elements.thumbnail.innerHTML = `<img src="${response.thumbnail}">`;
      }
      if (i < ids.length) {
-        updateThumb(ids, i, elements);
+        updateThumb(basePath, ids, i, elements);
      }
    }
  };
--- a/assets/default/js/base.js
+++ b/assets/default/js/base.js
@ -27,7 +27,7 @@ function findParent(element, tagName, attributes) {
 */
 function refreshToken(basePath) {
  const xhr = new XMLHttpRequest();
-  xhr.open('GET', `${basePath}/?do=token`);
+  xhr.open('GET', `${basePath}/admin/token`);
  xhr.onload = () => {
    const token = document.getElementById('token');
    token.setAttribute('value', xhr.responseText);
--- a/index.php
+++ b/index.php
@ -597,8 +597,7 @@ function renderPage($conf, $pluginManager, $bookmarkService, $history, $sessionM

    // Get a fresh token
    if ($targetPage == Router::$GET_TOKEN) {
-        header('Content-Type:text/plain');
-        echo $sessionManager->generateToken();
+        header('Location: ./admin/token');
        exit;
    }

@ -978,6 +977,7 @@ function install($conf, $sessionManager, $loginManager)
    $this->post('/admin/import', '\Shaarli\Front\Controller\Admin\ImportController:import');
    $this->get('/admin/plugins', '\Shaarli\Front\Controller\Admin\PluginsController:index');
    $this->post('/admin/plugins', '\Shaarli\Front\Controller\Admin\PluginsController:save');
+    $this->get('/admin/token', '\Shaarli\Front\Controller\Admin\TokenController:getToken');

    $this->get('/links-per-page', '\Shaarli\Front\Controller\Admin\SessionFilterController:linksPerPage');
    $this->get('/visibility/{visibility}', '\Shaarli\Front\Controller\Admin\SessionFilterController:visibility');
--- a/tests/front/controller/admin/TokenControllerTest.php
+++ b/tests/front/controller/admin/TokenControllerTest.php
@ -0,0 +1,41 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Shaarli\Front\Controller\Admin;
+
+use PHPUnit\Framework\TestCase;
+use Slim\Http\Request;
+use Slim\Http\Response;
+
+class TokenControllerTest extends TestCase
+{
+    use FrontAdminControllerMockHelper;
+
+    /** @var TokenController */
+    protected $controller;
+
+    public function setUp(): void
+    {
+        $this->createContainer();
+
+        $this->controller = new TokenController($this->container);
+    }
+
+    public function testGetToken(): void
+    {
+        $request = $this->createMock(Request::class);
+        $response = new Response();
+
+        $this->container->sessionManager
+            ->expects(static::once())
+            ->method('generateToken')
+            ->willReturn($token = 'token1234')
+        ;
+
+        $result = $this->controller->getToken($request, $response);
+
+        static::assertSame(200, $result->getStatusCode());
+        static::assertSame($token, (string) $result->getBody());
+    }
+}