Process token retrieve through Slim controller

application/front/controller/admin/TokenController.php

@@ -0,0 +1,26 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Shaarli\Front\Controller\Admin;
+
+use Slim\Http\Request;
+use Slim\Http\Response;
+
+/**
+ * Class TokenController
+ *
+ * Endpoint used to retrieve a XSRF token. Useful for AJAX requests.
+ */
+class TokenController extends ShaarliAdminController
+{
+    /**
+     * GET /admin/token
+     */
+    public function getToken(Request $request, Response $response): Response
+    {
+        $response = $response->withHeader('Content-Type', 'text/plain');
+
+        return $response->write($this->container->sessionManager->generateToken());
+    }
+}

assets/common/js/thumbnails-update.js

@@ -33,7 +33,7 @@ function updateThumb(basePath, ids, i, elements) {
         elements.thumbnail.innerHTML = `<img src="${response.thumbnail}">`;
       }
       if (i < ids.length) {
-        updateThumb(ids, i, elements);
+        updateThumb(basePath, ids, i, elements);
       }
     }
   };

assets/default/js/base.js

@@ -27,7 +27,7 @@ function findParent(element, tagName, attributes) {
  */
 function refreshToken(basePath) {
   const xhr = new XMLHttpRequest();
-  xhr.open('GET', `${basePath}/?do=token`);
+  xhr.open('GET', `${basePath}/admin/token`);
   xhr.onload = () => {
     const token = document.getElementById('token');
     token.setAttribute('value', xhr.responseText);

index.php

@@ -597,8 +597,7 @@ function renderPage($conf, $pluginManager, $bookmarkService, $history, $sessionM
 
     // Get a fresh token
     if ($targetPage == Router::$GET_TOKEN) {
-        header('Content-Type:text/plain');
-        echo $sessionManager->generateToken();
+        header('Location: ./admin/token');
         exit;
     }
 
@@ -978,6 +977,7 @@ $app->group('', function () {
     $this->post('/admin/import', '\Shaarli\Front\Controller\Admin\ImportController:import');
     $this->get('/admin/plugins', '\Shaarli\Front\Controller\Admin\PluginsController:index');
     $this->post('/admin/plugins', '\Shaarli\Front\Controller\Admin\PluginsController:save');
+    $this->get('/admin/token', '\Shaarli\Front\Controller\Admin\TokenController:getToken');
 
     $this->get('/links-per-page', '\Shaarli\Front\Controller\Admin\SessionFilterController:linksPerPage');
     $this->get('/visibility/{visibility}', '\Shaarli\Front\Controller\Admin\SessionFilterController:visibility');

tests/front/controller/admin/TokenControllerTest.php

@@ -0,0 +1,41 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Shaarli\Front\Controller\Admin;
+
+use PHPUnit\Framework\TestCase;
+use Slim\Http\Request;
+use Slim\Http\Response;
+
+class TokenControllerTest extends TestCase
+{
+    use FrontAdminControllerMockHelper;
+
+    /** @var TokenController */
+    protected $controller;
+
+    public function setUp(): void
+    {
+        $this->createContainer();
+
+        $this->controller = new TokenController($this->container);
+    }
+
+    public function testGetToken(): void
+    {
+        $request = $this->createMock(Request::class);
+        $response = new Response();
+
+        $this->container->sessionManager
+            ->expects(static::once())
+            ->method('generateToken')
+            ->willReturn($token = 'token1234')
+        ;
+
+        $result = $this->controller->getToken($request, $response);
+
+        static::assertSame(200, $result->getStatusCode());
+        static::assertSame($token, (string) $result->getBody());
+    }
+}