API Respect CSRF on login form

2024-06-27 06:59:37 +02:00 · 2016-04-20 10:59:48 +12:00 · 2016-04-20 10:59:48 +12:00 · d6016d4b7a
commit d6016d4b7a
parent 4297f56352
2 changed files with 29 additions and 23 deletions
--- a/.editorconfig
+++ b/.editorconfig
@ -0,0 +1,18 @@
+# For more information about the properties used in this file,
+# please see the EditorConfig documentation:
+# http://editorconfig.org
+
+[*]
+charset = utf-8
+end_of_line = lf
+indent_size = 4
+indent_style = space
+insert_final_newline = true
+trim_trailing_whitespace = true
+
+[{*.yml,package.json}]
+indent_size = 2
+
+# The indent size used in the package.json file cannot be changed:
+# https://github.com/npm/npm/pull/3180#issuecomment-16336516
+
--- a/src/SilverStripe/BehatExtension/Context/LoginContext.php
+++ b/src/SilverStripe/BehatExtension/Context/LoginContext.php
@ -124,27 +124,12 @@ class LoginContext extends BehatContext
     */
    public function stepILogInWith($email, $password)
    {
-        $page = $this->getSession()->getPage();
-        $forms = $page->findAll('xpath', '//form[contains(@action, "Security/LoginForm")]');
-        assertNotNull($forms, 'Login form not found');
-
-        // Try to find visible forms on current page
-        // Allow multiple login forms (e.g. social login) by filering for "Email" field
-        $visibleForm = null;
-        foreach($forms as $form) {
-            if($form->isVisible() && $form->find('css', '[name=Email]')) {
-                $visibleForm = $form;
-            }
-        }
-    
-        // If no login form, go to /security/login page
-        if(!$visibleForm) {
        $c = $this->getMainContext();
        $loginUrl = $c->joinUrlParts($c->getBaseUrl(), $c->getLoginUrl());
        $this->getSession()->visit($loginUrl);
        $page = $this->getSession()->getPage();
        $forms = $page->findAll('xpath', '//form[contains(@action, "Security/LoginForm")]');
-        }
+        assertNotNull($forms, 'Login form not found');

        // Try to find visible forms again on login page.
        $visibleForm = null;
@ -159,10 +144,13 @@ class LoginContext extends BehatContext
        $emailField = $visibleForm->find('css', '[name=Email]');
        $passwordField = $visibleForm->find('css', '[name=Password]');
        $submitButton = $visibleForm->find('css', '[type=submit]');
+        $securityID = $visibleForm->find('css', '[name=SecurityID]');

        assertNotNull($emailField, 'Email field on login form not found');
        assertNotNull($passwordField, 'Password field on login form not found');
        assertNotNull($submitButton, 'Submit button on login form not found');
+        // @todo Once CSRF is mandatory, uncomment this
+        // assertNotNull($securityID, 'CSRF token not found');

        $emailField->setValue($email);
        $passwordField->setValue($password);