質問編集履歴

cookieにcsrftokenあるか確認。追加コード

2020/11/27 13:43

投稿

YuhiUsui

スコア11

test CHANGED Viewed

File without changes

test CHANGED Viewed

@@ -46,7 +46,37 @@
 ```ここに言語を入力
+<?php
+declare(strict_types=1);
+/**
+ * CakePHP(tm) : Rapid Development Framework (https://cakephp.org)
+ * Copyright (c) Cake Software Foundation, Inc. (https://cakefoundation.org)
+ *
+ * Licensed under The MIT License
+ * For full copyright and license information, please see the LICENSE.txt
+ * Redistributions of files must retain the above copyright notice.
+ *
+ * @copyright Copyright (c) Cake Software Foundation, Inc. (https://cakefoundation.org)
+ * @link      https://cakephp.org CakePHP(tm) Project
+ * @since     3.3.0
+ * @license   https://opensource.org/licenses/mit-license.php MIT License
+ */
 namespace App;
@@ -70,7 +100,293 @@
 use Cake\Routing\Middleware\RoutingMiddleware;
+// use Cake\Network\Exception\InvalidCsrfTokenException;
+// use Authentication\AuthenticationService;
+// use Authentication\AuthenticationServiceInterface;
+// use Authentication\AuthenticationServiceProviderInterface;
+// use Authentication\Middleware\AuthenticationMiddleware;
+// use Psr\Http\Message\ServerRequestInterface;
+/**
+ * Application setup class.
+ *
+ * This defines the bootstrapping logic and middleware layers you
+ * want to use in your application.
+ */
+class Application extends BaseApplication
+// implements AuthenticationServiceProviderInterface
+{
+    /**
+     * Load all the application configuration and bootstrap logic.
+     *
+     * @return void
+     */
+    public function bootstrap(): void
+    {
+        $this->addPlugin('Migrations');
+        // Call parent to load bootstrap from files.
+        parent::bootstrap();
+        if (PHP_SAPI === 'cli') {
+            $this->bootstrapCli();
+        }
+        /*
+         * Only try to load DebugKit in development mode
+         * Debug Kit should not be installed on a production system
+         */
+        if (Configure::read('debug')) {
+            $this->addPlugin('DebugKit');
+        }
+        // Load more plugins here
+    }
+    /**
+     * Setup the middleware queue your application will use.
+     *
+     * @param \Cake\Http\MiddlewareQueue $middlewareQueue The middleware queue to setup.
+     * @return \Cake\Http\MiddlewareQueue The updated middleware queue.
+     */
+    public function middleware(MiddlewareQueue $middlewareQueue): MiddlewareQueue
+    {
+        $middlewareQueue
+            // Catch any exceptions in the lower layers,
+            // and make an error page/response
+            ->add(new ErrorHandlerMiddleware(Configure::read('Error')))
+            // Handle plugin/theme assets like CakePHP normally does.
+            ->add(new AssetMiddleware([
+                'cacheTime' => Configure::read('Asset.cacheTime'),
+            ]))
+            // Add routing middleware.
+            // If you have a large number of routes connected, turning on routes
+            // caching in production could improve performance. For that when
+            // creating the middleware instance specify the cache config name by
+            // using it's second constructor argument:
+            // `new RoutingMiddleware($this, '_cake_routes_')`
+            ->add(new RoutingMiddleware($this))
+            // Parse various types of encoded request bodies so that they are
+            // available as array through $request->getData()
+            // https://book.cakephp.org/4/en/controllers/middleware.html#body-parser-middleware
+            ->add(new BodyParserMiddleware())
+            // Cross Site Request Forgery (CSRF) Protection Middleware
+            // https://book.cakephp.org/4/en/controllers/middleware.html#cross-site-request-forgery-csrf-middleware
+            ->add(new CsrfProtectionMiddleware([
+                'httponly' => true,
+            ]));
+        return $middlewareQueue;
+    }
+    /**
+     * Bootstrapping for CLI application.
+     *
+     * That is when running commands.
+     *
+     * @return void
+     */
+    protected function bootstrapCli(): void
+    {
+        try {
+            $this->addPlugin('Bake');
+        } catch (MissingPluginException $e) {
+            // Do not halt if the plugin is missing
+        }
+        $this->addPlugin('Migrations');
+        // Load more plugins here
+    }
+    // public function middleware(MiddlewareQueue $middlewareQueue): MiddlewareQueue
+    // {
+    //     $middlewareQueue
+    //         // ... 前に追加された他のミドルウェア
+    //         ->add(new RoutingMiddleware($this))
+    //         // RoutingMiddleware の後に認証を追加
+    //         ->add(new AuthenticationMiddleware($this));
+    //     return $middlewareQueue;
+    // }
+    // public function getAuthenticationService(ServerRequestInterface $request): AuthenticationServiceInterface
+    // {
+    //     $authenticationService = new AuthenticationService([
+    //         'unauthenticatedRedirect' => '/users/login',
+    //         'queryParam' => 'redirect',
+    //     ]);
+    //     // identifiers を読み込み、email と password のフィールドを確認します
+    //     $authenticationService->loadIdentifier('Authentication.Password', [
+    //         'fields' => [
+    //             'username' => 'email',
+    //             'password' => 'password',
+    //         ]
+    //     ]);
+    //     //  authenticatorsをロードしたら, 最初にセッションが必要です
+    //     $authenticationService->loadAuthenticator('Authentication.Session');
+    //     // 入力した email と password をチェックする為のフォームデータを設定します
+    //     $authenticationService->loadAuthenticator('Authentication.Form', [
+    //         'fields' => [
+    //             'username' => 'email',
+    //             'password' => 'password',
+    //         ],
+    //         'loginUrl' => '/users/login',
+    //     ]);
+    //     return $authenticationService;
+    // }
+}
 ```
@@ -284,6 +600,8 @@
 ![イメージ説明](4b785e8d09270aefc7efaf7bb9d72a79.png)
+![![CSRF cookie](ac8d817446730583082c50fdb99971e6.png)](b36e4c632f1d76be4dc36127af49f19b.png)
 ### 補足情報（FW/ツールのバージョンなど）