--- /dev/null
+<?php
+
+declare(strict_types=1);
+
+namespace Shaarli\Front\Controller\Admin;
+
+use Slim\Http\Request;
+use Slim\Http\Response;
+
+/**
+ * Class TokenController
+ *
+ * Endpoint used to retrieve a XSRF token. Useful for AJAX requests.
+ */
+class TokenController extends ShaarliAdminController
+{
+ /**
+ * GET /admin/token
+ */
+ public function getToken(Request $request, Response $response): Response
+ {
+ $response = $response->withHeader('Content-Type', 'text/plain');
+
+ return $response->write($this->container->sessionManager->generateToken());
+ }
+}
elements.thumbnail.innerHTML = `<img src="${response.thumbnail}">`;
}
if (i < ids.length) {
- updateThumb(ids, i, elements);
+ updateThumb(basePath, ids, i, elements);
}
}
};
*/
function refreshToken(basePath) {
const xhr = new XMLHttpRequest();
- xhr.open('GET', `${basePath}/?do=token`);
+ xhr.open('GET', `${basePath}/admin/token`);
xhr.onload = () => {
const token = document.getElementById('token');
token.setAttribute('value', xhr.responseText);
// Get a fresh token
if ($targetPage == Router::$GET_TOKEN) {
- header('Content-Type:text/plain');
- echo $sessionManager->generateToken();
+ header('Location: ./admin/token');
exit;
}
$this->post('/admin/import', '\Shaarli\Front\Controller\Admin\ImportController:import');
$this->get('/admin/plugins', '\Shaarli\Front\Controller\Admin\PluginsController:index');
$this->post('/admin/plugins', '\Shaarli\Front\Controller\Admin\PluginsController:save');
+ $this->get('/admin/token', '\Shaarli\Front\Controller\Admin\TokenController:getToken');
$this->get('/links-per-page', '\Shaarli\Front\Controller\Admin\SessionFilterController:linksPerPage');
$this->get('/visibility/{visibility}', '\Shaarli\Front\Controller\Admin\SessionFilterController:visibility');
--- /dev/null
+<?php
+
+declare(strict_types=1);
+
+namespace Shaarli\Front\Controller\Admin;
+
+use PHPUnit\Framework\TestCase;
+use Slim\Http\Request;
+use Slim\Http\Response;
+
+class TokenControllerTest extends TestCase
+{
+ use FrontAdminControllerMockHelper;
+
+ /** @var TokenController */
+ protected $controller;
+
+ public function setUp(): void
+ {
+ $this->createContainer();
+
+ $this->controller = new TokenController($this->container);
+ }
+
+ public function testGetToken(): void
+ {
+ $request = $this->createMock(Request::class);
+ $response = new Response();
+
+ $this->container->sessionManager
+ ->expects(static::once())
+ ->method('generateToken')
+ ->willReturn($token = 'token1234')
+ ;
+
+ $result = $this->controller->getToken($request, $response);
+
+ static::assertSame(200, $result->getStatusCode());
+ static::assertSame($token, (string) $result->getBody());
+ }
+}