Hello world,
As part of a cakephp 3.6 to 4.4 migration. I’m trying to put the tests to green but I have a problem with black-holes with post methods.
In my tests, I added the methods to ignore the tokens.
$this->enableCsrfToken();
$this->enableSecurityToken();
So I have a code 500, with this line in debug = false.
[Cake\Controller\Exception\SecurityException] The request has been black-holed
this line in debug = true.
[Cake\Controller\Exception\AuthSecurityException] Invalid security debug token.
The only way to solve the problem is to create in the controller a BeforeFilter which will unlockedActions the method.
$this->Security->setConfig('unlockedActions', [
'index'
]);
This poses conceptual problems for me. If I unlockedActions the CRSF token is no longer applied and therefore opens a security hole in my application.
Have you encountered this problem and how did you resolve it?
THANKS
NB: Here is an exemple of my test
public function testPostIndexWithAuth($userId = 1)
{
// session
$user = $this->Utilisateurs->get($userId);
$this->session(['Auth' => $user]);
// Security
$this->enableCsrfToken();
$this->enableSecurityToken();
// Data & Post
$data = ['name' => 'Ledo'];
$this->post('/company', $data);
$this->assertResponseSuccess();
$this->assertResponseCode(302);
// Redirect
$this->get('/company?name=' . $data['name']);
$this->assertResponseContains('<td>Ledo Garden</td>');
$this->assertResponseContains('<td>Speciales</td>');
}