From 23c0fae36fb8159bcf8b95bae98555201146457e Mon Sep 17 00:00:00 2001
From: Igor Scheller <igor.scheller@igorshp.de>
Date: Mon, 3 Sep 2018 15:33:13 +0100
Subject: Added csrf middleware

---
 src/Http/Response.php               | 12 ++++++++++--
 src/Http/SessionServiceProvider.php |  7 +++++++
 2 files changed, 17 insertions(+), 2 deletions(-)

(limited to 'src/Http')

diff --git a/src/Http/Response.php b/src/Http/Response.php
index 4edf644a..58cd7662 100644
--- a/src/Http/Response.php
+++ b/src/Http/Response.php
@@ -96,7 +96,7 @@ class Response extends SymfonyResponse implements ResponseInterface
     /**
      * Return an instance with the rendered content.
      *
-     * THis method retains the immutability of the message and returns
+     * This method retains the immutability of the message and returns
      * an instance with the updated status and headers
      *
      * @param string              $view
@@ -111,6 +111,14 @@ class Response extends SymfonyResponse implements ResponseInterface
             throw new \InvalidArgumentException('Renderer not defined');
         }
 
-        return $this->create($this->view->render($view, $data), $status, $headers);
+        $new = clone $this;
+        $new->setContent($this->view->render($view, $data));
+        $new->setStatusCode($status, ($status == $this->getStatusCode() ? $this->statusText : null));
+
+        foreach ($headers as $key => $values) {
+            $new = $new->withAddedHeader($key, $values);
+        }
+
+        return $new;
     }
 }
diff --git a/src/Http/SessionServiceProvider.php b/src/Http/SessionServiceProvider.php
index c2e09624..4d779aa6 100644
--- a/src/Http/SessionServiceProvider.php
+++ b/src/Http/SessionServiceProvider.php
@@ -5,7 +5,9 @@ namespace Engelsystem\Http;
 use Engelsystem\Config\Config;
 use Engelsystem\Container\ServiceProvider;
 use Engelsystem\Http\SessionHandlers\DatabaseHandler;
+use Illuminate\Support\Str;
 use Symfony\Component\HttpFoundation\Session\Session;
+use Symfony\Component\HttpFoundation\Session\SessionInterface;
 use Symfony\Component\HttpFoundation\Session\Storage\MockArraySessionStorage;
 use Symfony\Component\HttpFoundation\Session\Storage\NativeSessionStorage;
 use Symfony\Component\HttpFoundation\Session\Storage\SessionStorageInterface;
@@ -21,6 +23,11 @@ class SessionServiceProvider extends ServiceProvider
         $session = $this->app->make(Session::class);
         $this->app->instance(Session::class, $session);
         $this->app->instance('session', $session);
+        $this->app->bind(SessionInterface::class, Session::class);
+
+        if (!$session->has('_token')) {
+            $session->set('_token', Str::random(42));
+        }
 
         /** @var Request $request */
         $request = $this->app->get('request');
-- 
cgit v1.2.3-70-g09d2