Jingga/phpOMS
1
0
Fork 0
mirror of https://github.com/Karaka-Management/phpOMS.git synced 2026-01-11 09:48:40 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fix csrf check and unit tests

Browse Source
This commit is contained in:
Dennis Eichhorn 2019-04-12 23:12:47 +02:00
parent 95869f70c4
commit eac63202f7
2 changed files with 22 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
Router/Router.php
View File

@ -14,6 +14,10 @@ declare(strict_types=1);
namespace phpOMS\Router;
use phpOMS\Message\RequestAbstract;
use phpOMS\Message\Http\Request;
use phpOMS\Uri\Http;
/**
* Router class.
*
@ -95,18 +99,21 @@ final class Router
/**
* Route request.
*
* @param string $request Request to route
* @param int $verb Route verb
* @param RequestAbstract $request Request to route
* @param int $verb Route verb
*
* @return array[]
*
* @since 1.0.0
*/
public function route(string $request, int $verb = RouteVerb::GET, string $app = null, int $orgId = null, $account = null) : array
public function route(RequestAbstract $request, int $verb = RouteVerb::GET, string $app = null, int $orgId = null, $account = null) : array
{
$bound = [];
$uri = $request->getUri()->getRoute();
$csrf = $request->getData('CSRF');
foreach ($this->routes as $route => $destination) {
if (!((bool) \preg_match('~^' . $route . '$~', $request))) {
if (!((bool) \preg_match('~^' . $route . '$~', $uri))) {
continue;
}
@ -116,8 +123,8 @@ final class Router
|| ($verb & $d['verb']) === $verb
) {
// if csrf is required but not set
if (isset($d['csrf']) && !$d['csrf']) {
\array_merge($bound, $this->route('/' . $app . '/e403', $verb));
if (isset($d['csrf']) && $csrf === null) {
\array_merge($bound, $this->route(new Request(new Http('/' . $app . '/e403')), $verb));
continue;
}
@ -127,7 +134,7 @@ final class Router
|| (isset($d['permission'])
&& !$account->hasPermission($d['permission']['type'], $orgId, $app, $d['permission']['module'], $d['permission']['state']))
) {
\array_merge($bound, $this->route('/' . $app . '/e403', $verb));
\array_merge($bound, $this->route(new Request(new Http('/' . $app . '/e403')), $verb));
continue;
}

17
tests/Router/RouterTest.php
View File

@ -38,7 +38,6 @@ class RouterTest extends \PHPUnit\Framework\TestCase
{
$router = new Router();
self::assertEmpty($router->route(new Request(new Http('http://test.com'))));
self::assertEmpty($router->route('http://test.com'));
}
public function testGetSet() : void
@ -49,33 +48,33 @@ class RouterTest extends \PHPUnit\Framework\TestCase
self::assertEquals(
[['dest' => '\Modules\Admin\Controller:viewSettingsGeneral']],
$router->route('http://test.com/backend/admin/settings/general/something?test')
$router->route(new Request(new Http('http://test.com/backend/admin/settings/general/something?test')))
);
self::assertNotEquals(
[['dest' => '\Modules\Admin\Controller:viewSettingsGeneral']],
$router->route('http://test.com/backend/admin/settings/general/something?test', RouteVerb::PUT)
$router->route(new Request(new Http('http://test.com/backend/admin/settings/general/something?test')), RouteVerb::PUT)
);
self::assertNotEquals(
[['dest' => '\Modules\Admin\Controller:viewSettingsGeneral']],
$router->route('http://test.com/backends/admin/settings/general/something?test')
$router->route(new Request(new Http('http://test.com/backends/admin/settings/general/something?test')))
);
$router->add('^.*/backends/admin/settings/general.*$', 'Controller:test', RouteVerb::GET | RouteVerb::SET);
self::assertEquals(
[['dest' => 'Controller:test']],
$router->route('http://test.com/backends/admin/settings/general/something?test', RouteVerb::ANY)
$router->route(new Request(new Http('http://test.com/backends/admin/settings/general/something?test')), RouteVerb::ANY)
);
self::assertEquals(
[['dest' => 'Controller:test']],
$router->route('http://test.com/backends/admin/settings/general/something?test', RouteVerb::SET)
$router->route(new Request(new Http('http://test.com/backends/admin/settings/general/something?test')), RouteVerb::SET)
);
self::assertEquals(
[['dest' => 'Controller:test']],
$router->route('http://test.com/backends/admin/settings/general/something?test', RouteVerb::GET)
$router->route(new Request(new Http('http://test.com/backends/admin/settings/general/something?test')), RouteVerb::GET)
);
}
@ -101,7 +100,7 @@ class RouterTest extends \PHPUnit\Framework\TestCase
self::assertEquals(
[['dest' => '\Modules\Admin\Controller:viewSettingsGeneral']],
$router->route(
'http://test.com/backend/admin/settings/general/something?test',
new Request(new Http('http://test.com/backend/admin/settings/general/something?test')),
RouteVerb::GET,
null,
null,
@ -150,7 +149,7 @@ class RouterTest extends \PHPUnit\Framework\TestCase
self::assertNotEquals(
[['dest' => '\Modules\Admin\Controller:viewSettingsGeneral']],
$router->route(
'http://test.com/backend/admin/settings/general/something?test',
new Request(new Http('http://test.com/backend/admin/settings/general/something?test')),
RouteVerb::GET,
null,
null,