Loading src/Controller/CoffeeController.php +7 −4 Original line number Diff line number Diff line Loading @@ -8,6 +8,7 @@ use Drupal\Core\Controller\ControllerBase; use Drupal\Core\Menu\LocalTaskManagerInterface; use Drupal\Core\Menu\MenuLinkTreeInterface; use Drupal\Core\Menu\MenuTreeParameters; use Drupal\Core\Routing\UrlGeneratorInterface; use Drupal\Core\Url; use Symfony\Component\DependencyInjection\ContainerInterface; use Symfony\Component\HttpFoundation\JsonResponse; Loading Loading @@ -57,11 +58,12 @@ class CoffeeController extends ControllerBase { * @param \Drupal\Core\Access\AccessManagerInterface $access_manager * The access manager service. */ public function __construct(ConfigFactoryInterface $config_factory, MenuLinkTreeInterface $menu_link_tree, LocalTaskManagerInterface $local_task_manager, AccessManagerInterface $access_manager) { public function __construct(ConfigFactoryInterface $config_factory, MenuLinkTreeInterface $menu_link_tree, LocalTaskManagerInterface $local_task_manager, AccessManagerInterface $access_manager, UrlGeneratorInterface $url_generator) { $this->config = $config_factory->get('coffee.configuration'); $this->menuLinkTree = $menu_link_tree; $this->localTaskManager = $local_task_manager; $this->accessManager = $access_manager; $this->urlGenerator = $url_generator; } /** Loading @@ -72,7 +74,8 @@ class CoffeeController extends ControllerBase { $container->get('config.factory'), $container->get('menu.link_tree'), $container->get('plugin.manager.menu.local_task'), $container->get('access_manager') $container->get('access_manager'), $container->get('coffee.url_generator') ); } Loading @@ -93,7 +96,7 @@ class CoffeeController extends ControllerBase { $link = $tree_element->link; $output[$link->getRouteName()] = [ 'value' => $link->getUrlObject()->toString(), 'value' => $link->getUrlObject()->setUrlGenerator($this->urlGenerator)->toString(), 'label' => $link->getTitle(), 'command' => $commands_group, ]; Loading @@ -103,7 +106,7 @@ class CoffeeController extends ControllerBase { foreach ($tasks as $route_name => $task) { if (empty($output[$route_name])) { $output[$route_name] = [ 'value' => $task['url']->toString(), 'value' => $task['url']->setUrlGenerator($this->urlGenerator)->toString(), 'label' => $link->getTitle() . ' - ' . $task['title'], 'command' => NULL, ]; Loading tests/modules/coffee_test/coffee_test.info.yml +2 −0 Original line number Diff line number Diff line Loading @@ -3,3 +3,5 @@ type: module description: 'Support module for coffee testing.' package: Testing core: 8.x dependencies: - drupal:node tests/modules/coffee_test/coffee_test.routing.yml 0 → 100644 +7 −0 Original line number Diff line number Diff line coffee_test.csrf: path: '/coffee-test-csrf' defaults: _controller: '\Drupal\coffee_test\Controller\CoffeeTestController::csrf' requirements: _access: 'TRUE' _csrf_token: 'TRUE' tests/modules/coffee_test/src/Controller/CoffeeTestController.php 0 → 100644 +13 −0 Original line number Diff line number Diff line <?php namespace Drupal\coffee_test\Controller; use Drupal\Core\Controller\ControllerBase; use Drupal\Core\Render\HtmlResponse; class CoffeeTestController extends ControllerBase { public function csrf() { return new HtmlResponse('ok'); } } tests/src/Functional/CoffeeTest.php +39 −1 Original line number Diff line number Diff line Loading @@ -2,7 +2,10 @@ namespace Drupal\Tests\coffee\Functional; use Drupal\menu_link_content\Entity\MenuLinkContent; use Drupal\system\Entity\Menu; use Drupal\Tests\BrowserTestBase; use PHPUnit\Util\Json; /** * Tests Coffee module functionality. Loading @@ -16,7 +19,7 @@ class CoffeeTest extends BrowserTestBase { * * @var array */ public static $modules = ['coffee']; public static $modules = ['coffee', 'coffee_test', 'menu_link_content']; /** * The user for tests. Loading Loading @@ -154,4 +157,39 @@ class CoffeeTest extends BrowserTestBase { $this->assertSession()->elementExists('xpath', $tab_xpath); } /** * Tests that CSRF tokens are correctly handled. */ public function testCoffeeCsrf() { $account = $this->drupalCreateUser(['access coffee', 'access administration pages']); $this->drupalLogin($account); // Set up a new menu with one link. $menu = Menu::create([ 'id' => 'coffee', 'label' => 'Coffee', 'description' => 'Menu for testing Coffee.', ]); $menu->save(); $menu_link = MenuLinkContent::create([ 'title' => 'Coffee test', 'provider' => 'menu_link_content', 'menu_name' => 'coffee', 'link' => ['uri' => 'internal:/coffee-test-csrf'], ]); $menu_link->save(); $this->config('coffee.configuration')->set('coffee_menus', ['coffee'])->save(); // Get the link with CSRF token. $result = $this->drupalGet('/admin/coffee/get-data'); $result = json_decode($result); // For some reason, drupalGet('path?token=foo') does not work, and // we have to explicitly set the token in the query options. $token = substr($result[0]->value, strpos($result[0]->value, 'token=') + 6); $this->drupalGet('/coffee-test-csrf', ['query' => ['token' => $token]]); $this->assertResponse(200); } } Loading
src/Controller/CoffeeController.php +7 −4 Original line number Diff line number Diff line Loading @@ -8,6 +8,7 @@ use Drupal\Core\Controller\ControllerBase; use Drupal\Core\Menu\LocalTaskManagerInterface; use Drupal\Core\Menu\MenuLinkTreeInterface; use Drupal\Core\Menu\MenuTreeParameters; use Drupal\Core\Routing\UrlGeneratorInterface; use Drupal\Core\Url; use Symfony\Component\DependencyInjection\ContainerInterface; use Symfony\Component\HttpFoundation\JsonResponse; Loading Loading @@ -57,11 +58,12 @@ class CoffeeController extends ControllerBase { * @param \Drupal\Core\Access\AccessManagerInterface $access_manager * The access manager service. */ public function __construct(ConfigFactoryInterface $config_factory, MenuLinkTreeInterface $menu_link_tree, LocalTaskManagerInterface $local_task_manager, AccessManagerInterface $access_manager) { public function __construct(ConfigFactoryInterface $config_factory, MenuLinkTreeInterface $menu_link_tree, LocalTaskManagerInterface $local_task_manager, AccessManagerInterface $access_manager, UrlGeneratorInterface $url_generator) { $this->config = $config_factory->get('coffee.configuration'); $this->menuLinkTree = $menu_link_tree; $this->localTaskManager = $local_task_manager; $this->accessManager = $access_manager; $this->urlGenerator = $url_generator; } /** Loading @@ -72,7 +74,8 @@ class CoffeeController extends ControllerBase { $container->get('config.factory'), $container->get('menu.link_tree'), $container->get('plugin.manager.menu.local_task'), $container->get('access_manager') $container->get('access_manager'), $container->get('coffee.url_generator') ); } Loading @@ -93,7 +96,7 @@ class CoffeeController extends ControllerBase { $link = $tree_element->link; $output[$link->getRouteName()] = [ 'value' => $link->getUrlObject()->toString(), 'value' => $link->getUrlObject()->setUrlGenerator($this->urlGenerator)->toString(), 'label' => $link->getTitle(), 'command' => $commands_group, ]; Loading @@ -103,7 +106,7 @@ class CoffeeController extends ControllerBase { foreach ($tasks as $route_name => $task) { if (empty($output[$route_name])) { $output[$route_name] = [ 'value' => $task['url']->toString(), 'value' => $task['url']->setUrlGenerator($this->urlGenerator)->toString(), 'label' => $link->getTitle() . ' - ' . $task['title'], 'command' => NULL, ]; Loading
tests/modules/coffee_test/coffee_test.info.yml +2 −0 Original line number Diff line number Diff line Loading @@ -3,3 +3,5 @@ type: module description: 'Support module for coffee testing.' package: Testing core: 8.x dependencies: - drupal:node
tests/modules/coffee_test/coffee_test.routing.yml 0 → 100644 +7 −0 Original line number Diff line number Diff line coffee_test.csrf: path: '/coffee-test-csrf' defaults: _controller: '\Drupal\coffee_test\Controller\CoffeeTestController::csrf' requirements: _access: 'TRUE' _csrf_token: 'TRUE'
tests/modules/coffee_test/src/Controller/CoffeeTestController.php 0 → 100644 +13 −0 Original line number Diff line number Diff line <?php namespace Drupal\coffee_test\Controller; use Drupal\Core\Controller\ControllerBase; use Drupal\Core\Render\HtmlResponse; class CoffeeTestController extends ControllerBase { public function csrf() { return new HtmlResponse('ok'); } }
tests/src/Functional/CoffeeTest.php +39 −1 Original line number Diff line number Diff line Loading @@ -2,7 +2,10 @@ namespace Drupal\Tests\coffee\Functional; use Drupal\menu_link_content\Entity\MenuLinkContent; use Drupal\system\Entity\Menu; use Drupal\Tests\BrowserTestBase; use PHPUnit\Util\Json; /** * Tests Coffee module functionality. Loading @@ -16,7 +19,7 @@ class CoffeeTest extends BrowserTestBase { * * @var array */ public static $modules = ['coffee']; public static $modules = ['coffee', 'coffee_test', 'menu_link_content']; /** * The user for tests. Loading Loading @@ -154,4 +157,39 @@ class CoffeeTest extends BrowserTestBase { $this->assertSession()->elementExists('xpath', $tab_xpath); } /** * Tests that CSRF tokens are correctly handled. */ public function testCoffeeCsrf() { $account = $this->drupalCreateUser(['access coffee', 'access administration pages']); $this->drupalLogin($account); // Set up a new menu with one link. $menu = Menu::create([ 'id' => 'coffee', 'label' => 'Coffee', 'description' => 'Menu for testing Coffee.', ]); $menu->save(); $menu_link = MenuLinkContent::create([ 'title' => 'Coffee test', 'provider' => 'menu_link_content', 'menu_name' => 'coffee', 'link' => ['uri' => 'internal:/coffee-test-csrf'], ]); $menu_link->save(); $this->config('coffee.configuration')->set('coffee_menus', ['coffee'])->save(); // Get the link with CSRF token. $result = $this->drupalGet('/admin/coffee/get-data'); $result = json_decode($result); // For some reason, drupalGet('path?token=foo') does not work, and // we have to explicitly set the token in the query options. $token = substr($result[0]->value, strpos($result[0]->value, 'token=') + 6); $this->drupalGet('/coffee-test-csrf', ['query' => ['token' => $token]]); $this->assertResponse(200); } }
