Forked, Nette 2.4 support, enhanced, improved tests.

.gitignore

@@ -1,3 +1,5 @@
 /composer.lock
 /vendor
-output
+/tests/report.html
+/tests/report.xml
+/tests/cases/output

.travis.yml

@@ -1,16 +1,20 @@
 language: php
 php:
-    - 5.4
-    - 5.5
     - 5.6
     - 7.0
-    - hhvm
-
-env:
-    - PHP_BIN=php
+    - 7.1
 
 before_script:
     - composer install --no-interaction
+    - if [ $TRAVIS_PHP_VERSION == "7.0" ]; then coverage="-p phpdbg --coverage tests/report.xml --coverage-src src"; fi
 
 script:
-    - ./vendor/bin/tester -p $PHP_BIN -s ./tests/cases
+    - ./vendor/bin/tester tests -s -p php -c tests/unix.ini $coverage
+
+after_script:
+    # Report Code Coverage
+    - >
+      if [ "$coverage" != "" ]; then
+      wget https://github.com/satooshi/php-coveralls/releases/download/v1.0.1/coveralls.phar
+      && php coveralls.phar --verbose --config tests/.coveralls.yml
+      || true; fi

README.md

@@ -1,20 +1,20 @@
 ## Nextras\SecuredLinks
 
-[![Build Status](https://travis-ci.org/nextras/secured-links.svg?branch=master)](https://travis-ci.org/nextras/secured-links)
-[![Downloads this Month](https://img.shields.io/packagist/dm/nextras/secured-links.svg?style=flat)](https://packagist.org/packages/nextras/secured-links)
-[![Stable version](http://img.shields.io/packagist/v/nextras/secured-links.svg?style=flat)](https://packagist.org/packages/nextras/secured-links)
-[![HHVM Status](http://img.shields.io/hhvm/nextras/secured-links.svg?style=flat)](http://hhvm.h4cc.de/package/nextras/secured-links)
-
+[![Build Status](https://travis-ci.org/adambisek/secured-links.svg?branch=master)](https://travis-ci.org/adambisek/secured-links)
+[![Coverage Status](https://coveralls.io/repos/github/adambisek/secured-links/badge.svg?branch=master)](https://coveralls.io/github/adambisek/secured-links?branch=master)
+[![Stable version](http://img.shields.io/packagist/v/adambisek/secured-links.svg?style=flat)](https://packagist.org/packages/adambisek/secured-links)
 
 **SecuredLinksTrait** creates secured signal links.
 **PHP 5.4+ ONLY**
 
+forked from nextras/secured-links
+
 ## Installation
 
 The best way to install is using [Composer](http://getcomposer.org/):
 
 ```sh
-$ composer require nextras/secured-links
+$ composer require adambisek/secured-links
 ```
 
 ## Usage of SecuredLinksTrait

composer.json

@@ -1,5 +1,5 @@
 {
-	"name": "nextras/secured-links",
+	"name": "adambisek/secured-links",
 	"type": "library",
 	"description": "Package secures Nette Framework signals against CSRF attack.",
 	"keywords": ["nextras", "nette", "application", "secured signals"],
@@ -9,26 +9,22 @@
 			"name": "Jan Skrasek",
 			"email": "[email protected]",
 			"homepage": "http://jan.skrasek.com"
+		},
+		{
+		  "name": "Adam Bisek",
+		  "email": "[email protected]"
 		}
 	],
 	"require": {
 		"php": ">=5.4",
-		"nette/application": "~2.2",
-		"nette/utils": "~2.2"
+		"nette/application": "^2.4",
+		"nette/utils": "^2.4"
 	},
 	"require-dev": {
-		"nette/tester": "~1.3",
+		"nette/tester":  "~1.7",
 		"mockery/mockery": "~0.9"
 	},
-	"extra": {
-		"branch-alias": {
-			"dev-master": "1.3-dev"
-		}
-	},
 	"autoload": {
-		"psr-4": { "Nextras\\Application\\UI\\": "src/" }
-	},
-	"replace": {
-		"nextras/application": "self.version"
+		"psr-4": { "AdamBisek\\": "src/" }
 	}
 }

src/SecuredLinksControlTrait.php

@@ -3,34 +3,17 @@
 /**
  * This file is part of the Nextras community extensions of Nette Framework
  *
- * @license    MIT
- * @link       https://github.com/nextras
- * @author     Jan Skrasek
+ * @license MIT
+ * @author Jan Skrasek
+ * @author Adam Bisek <[email protected]>
  */
-
-namespace Nextras\Application\UI;
+namespace AdamBisek;
 
 use Nette;
 
-
 trait SecuredLinksControlTrait
 {
 
-	/**
-	 * {@inheritdoc}
-	 */
-	public function link($destination, $args = array())
-	{
-		if (!is_array($args)) {
-			$args = func_get_args();
-			array_shift($args);
-		}
-
-		$link = parent::link($destination, $args);
-		return $this->getPresenter()->createSecuredLink($this, $link, $destination);
-	}
-
-
 	/**
 	 * For @secured annotated signal handler methods checks if URL parameters has not been changed
 	 *
@@ -58,17 +41,16 @@ public function signalReceived($signal)
 						}
 					}
 				}
-
 				if (!isset($this->params['_sec']) || $this->params['_sec'] !== $this->getPresenter()->getCsrfToken(get_class($this), $method, $params)) {
-					throw new Nette\Application\UI\BadSignalException("Invalid security token for signal '$signal' in class {$this->reflection->name}.");
+					throw new Nette\Application\UI\BadSignalException("Invalid security token for signal '$signal' in class " . get_class($this) . ".");
 				}
 			}
 		}
 
 		parent::signalReceived($signal);
 
 		if ($secured && !$this->getPresenter()->isAjax()) {
-			throw new \LogicException("Secured signal '$signal' did not redirect. Possible csrf-token reveal by http referer header.");
+			throw new \LogicException("Secured signal '$signal' did not redirect. Possible csrf-token reveal by http referer header. Please redirect in $method().");
 		}
 	}
 

src/SecuredLinksPresenterTrait.php

@@ -3,105 +3,56 @@
 /**
  * This file is part of the Nextras community extensions of Nette Framework
  *
- * @license    MIT
- * @link       https://github.com/nextras
- * @author     Jan Skrasek
+ * @license MIT
+ * @author Jan Skrasek
+ * @author Adam Bisek <[email protected]>
  */
-
-namespace Nextras\Application\UI;
+namespace AdamBisek;
 
 use Nette;
-use Nette\Application\UI\PresenterComponent;
-
 
 trait SecuredLinksPresenterTrait
 {
-	use SecuredLinksControlTrait;
 
+	use SecuredLinksControlTrait;
 
 	/**
-	 * @param  PresenterComponent $component
-	 * @param  string $link created URL
-	 * @param  string $destination
-	 * @return string
-	 * @throws Nette\Application\UI\InvalidLinkException
+	 * Request/URL factory.
+	 * @param  Component  base
+	 * @param  string   destination in format "[//] [[[module:]presenter:]action | signal! | this] [#fragment]"
+	 * @param  array    array of arguments
+	 * @param  string   forward|redirect|link
+	 * @return string   URL
+	 * @throws InvalidLinkException
+	 * @internal
 	 */
-	public function createSecuredLink(PresenterComponent $component, $link, $destination)
+	protected function createRequest($component, $destination, array $args, $mode)
 	{
-		/** @var $lastRequest Nette\Application\Request */
-		$lastRequest = $this->getLastCreatedRequest();
-
-		do {
-			if ($lastRequest === NULL) {
-				break;
-			}
-
-			$params = $lastRequest->getParameters();
-			if (!isset($params[Nette\Application\UI\Presenter::SIGNAL_KEY])) {
-				break;
-			}
-
-			if (($pos = strpos($destination, '#')) !== FALSE) {
-				$destination = substr($destination, 0, $pos);
-			}
-
-			$a = strpos($destination, '//');
-			if ($a !== FALSE) {
-				$destination = substr($destination, $a + 2);
-			}
-
+		if (!$component instanceof self || substr($destination, -1) === '!') {
+			// check if signal must be secured
 			$signal = strtr(rtrim($destination, '!'), ':', '-');
-			$a = strrpos($signal, '-');
-			if ($a !== FALSE) {
-				if ($component instanceof Nette\Application\UI\Presenter && substr($destination, -1) !== '!') {
-					break;
-				}
-
-				$component = $component->getComponent(substr($signal, 0, $a));
-				$signal = (string) substr($signal, $a + 1);
-			}
-
-			if ($signal == NULL) { // intentionally ==
-				throw new Nette\Application\UI\InvalidLinkException('Signal must be non-empty string.');
-			}
-
-			// only PresenterComponent
-			if (!$component instanceof PresenterComponent) {
-				break;
-			}
-
-			$reflection = $component->getReflection();
 			$method = $component->formatSignalMethod($signal);
-			$signalReflection = $reflection->getMethod($method);
-
-			if (!$signalReflection->hasAnnotation('secured')) {
-				break;
+			$signalMethodReflection = new Nette\Reflection\Method($component, $method);
+			if (!$signalMethodReflection->hasAnnotation('secured')) {
+				goto parent;
 			}
-
-			$origParams = $lastRequest->getParameters();
+			// gather args, create hash and append to args
+			$namedArgs = $args;
+			self::argsToParams($this, $method, $namedArgs); // convert indexed args to named args
 			$protectedParams = array($component->getUniqueId());
-			foreach ($signalReflection->getParameters() as $param) {
+			foreach ($signalMethodReflection->getParameters() as $param) {
 				if ($param->isOptional()) {
 					continue;
 				}
-				if (isset($origParams[$component->getParameterId($param->name)])) {
-					$protectedParams[$param->name] = $origParams[$component->getParameterId($param->name)];
+				if (isset($namedArgs[$component->getParameterId($param->name)])) {
+					$protectedParams[$param->name] = $namedArgs[$component->getParameterId($param->name)];
 				}
 			}
+			$args['_sec'] = $this->getCsrfToken(get_class($component), $method, $protectedParams);
+		}
 
-			$protectedParam = $this->getCsrfToken(get_class($component), $method, $protectedParams);
-
-			if (($pos = strpos($link, '#')) === FALSE) {
-				$fragment = '';
-			} else {
-				$fragment = substr($link, $pos);
-				$link = substr($link, 0, $pos);
-			}
-
-			$link .= (strpos($link, '?') !== FALSE ? '&' : '?') . $component->getParameterId('_sec') . '=' . $protectedParam . $fragment;
-		} while (FALSE);
-
-		return $link;
+		parent:
+		return parent::createRequest($component, $destination, $args, $mode);
 	}
 
 

tests/.coveralls.yml

@@ -0,0 +1,3 @@
+service_name: travis-ci
+coverage_clover: tests/report.xml
+json_path: tests/report.json