Process token retrieve through Slim controller

diff --git a/application/front/controller/admin/TokenController.php b/application/front/controller/admin/TokenController.php
new file mode 100644 (file)
index 0000000..08d68d0
--- /dev/null
+++ b/application/front/controller/admin/TokenController.php
@@ -0,0 +1,26 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Shaarli\Front\Controller\Admin;
+
+use Slim\Http\Request;
+use Slim\Http\Response;
+
+/**
+ * Class TokenController
+ *
+ * Endpoint used to retrieve a XSRF token. Useful for AJAX requests.
+ */
+class TokenController extends ShaarliAdminController
+{
+    /**
+     * GET /admin/token
+     */
+    public function getToken(Request $request, Response $response): Response
+    {
+        $response = $response->withHeader('Content-Type', 'text/plain');
+
+        return $response->write($this->container->sessionManager->generateToken());
+    }
+}

diff --git a/assets/common/js/thumbnails-update.js b/assets/common/js/thumbnails-update.js
index 35608169aa52d6aa9bef1834651b09f9f5d5f8ab..b37a32f307e427f1a5941c994406b4945a7bd27f 100644 (file)
--- a/assets/common/js/thumbnails-update.js
+++ b/assets/common/js/thumbnails-update.js
@@ -33,7 +33,7 @@ function updateThumb(basePath, ids, i, elements) {
         elements.thumbnail.innerHTML = `<img src="${response.thumbnail}">`;
       }
       if (i < ids.length) {
-        updateThumb(ids, i, elements);
+        updateThumb(basePath, ids, i, elements);
       }
     }
   };

diff --git a/assets/default/js/base.js b/assets/default/js/base.js
index af3d650c3a66fcedce1345e85b950bedcc47b76c..76e4fe2a1bd142217059a4d8536ef8906a86317c 100644 (file)
--- a/assets/default/js/base.js
+++ b/assets/default/js/base.js
@@ -27,7 +27,7 @@ function findParent(element, tagName, attributes) {
  */
 function refreshToken(basePath) {
   const xhr = new XMLHttpRequest();
-  xhr.open('GET', `${basePath}/?do=token`);
+  xhr.open('GET', `${basePath}/admin/token`);
   xhr.onload = () => {
     const token = document.getElementById('token');
     token.setAttribute('value', xhr.responseText);

diff --git a/index.php b/index.php
index 1571df60c9fa6f6085e1e21021712f2c0d2d0fdb..9202cb84689badd4371e6f2f1e39d98cc6a4961f 100644 (file)
--- a/index.php
+++ b/index.php
@@ -597,8 +597,7 @@ function renderPage($conf, $pluginManager, $bookmarkService, $history, $sessionM
 
     // Get a fresh token
     if ($targetPage == Router::$GET_TOKEN) {
-        header('Content-Type:text/plain');
-        echo $sessionManager->generateToken();
+        header('Location: ./admin/token');
         exit;
     }
 
@@ -978,6 +977,7 @@ $app->group('', function () {
     $this->post('/admin/import', '\Shaarli\Front\Controller\Admin\ImportController:import');
     $this->get('/admin/plugins', '\Shaarli\Front\Controller\Admin\PluginsController:index');
     $this->post('/admin/plugins', '\Shaarli\Front\Controller\Admin\PluginsController:save');
+    $this->get('/admin/token', '\Shaarli\Front\Controller\Admin\TokenController:getToken');
 
     $this->get('/links-per-page', '\Shaarli\Front\Controller\Admin\SessionFilterController:linksPerPage');
     $this->get('/visibility/{visibility}', '\Shaarli\Front\Controller\Admin\SessionFilterController:visibility');

diff --git a/tests/front/controller/admin/TokenControllerTest.php b/tests/front/controller/admin/TokenControllerTest.php
new file mode 100644 (file)
index 0000000..04b0c0f
--- /dev/null
+++ b/tests/front/controller/admin/TokenControllerTest.php
@@ -0,0 +1,41 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Shaarli\Front\Controller\Admin;
+
+use PHPUnit\Framework\TestCase;
+use Slim\Http\Request;
+use Slim\Http\Response;
+
+class TokenControllerTest extends TestCase
+{
+    use FrontAdminControllerMockHelper;
+
+    /** @var TokenController */
+    protected $controller;
+
+    public function setUp(): void
+    {
+        $this->createContainer();
+
+        $this->controller = new TokenController($this->container);
+    }
+
+    public function testGetToken(): void
+    {
+        $request = $this->createMock(Request::class);
+        $response = new Response();
+
+        $this->container->sessionManager
+            ->expects(static::once())
+            ->method('generateToken')
+            ->willReturn($token = 'token1234')
+        ;
+
+        $result = $this->controller->getToken($request, $response);
+
+        static::assertSame(200, $result->getStatusCode());
+        static::assertSame($token, (string) $result->getBody());
+    }
+}