Commits

Luke Plant committed 9394e79

Renamed csrfProtectView -> csrfViewProcessor

Comments (0)

Files changed (2)

src/Ella/Processors/Security.hs

 -- unique to each user, and requires incoming POST requests to have the same
 -- token.
 data CSRFProtection = CSRFProtection {
-      csrfProtectView :: View -> View -- ^ view processor that stops requests
+      csrfViewProcessor :: View -> View -- ^ view processor that stops requests
                                   -- without the CSRF token and sets an outgoing
                                   -- cookie.
     , csrfTokenField :: Request -> String -- ^ function that returns a hidden
                    else normalProc
             else normalProc
 
-    in CSRFProtection { csrfProtectView = pview
+    in CSRFProtection { csrfViewProcessor = pview
                       , csrfTokenField = mkTokenField
                       , csrfTokenName = tokenName
                       , csrfTokenValue = getTokenFromReq

testsuite/Tests/Ella/Processors/Security.hs

                                           , cookieSecure = False })
                  csrfRejectionView "secret"
 
-protectedView = (csrfProtectView csrfProtection) csrfTestView
+protectedView = (csrfViewProcessor csrfProtection) csrfTestView
 
 aCsrfToken = "01234567890123456789"
 -- Utility function for adding a valid CSRF cookie to a Request
       let req = mkGetReq "/foo/"
           -- view that extracts 'csrftoken' from request environment field
           view = \req -> return $ Just $ buildResponse [ addContent $ utf8 $ Map.findWithDefault "" "csrftoken" $ environment req ] utf8TextResponse
-      Just resp <- (csrfProtectView csrfProtection) view req
+      Just resp <- (csrfViewProcessor csrfProtection) view req
       return ((BS.length $ content resp) > 1)
     ) ~? "csrf processor puts token into request environment"
 
       let req = mkGetReq "/foo/" `with` [ addCsrfCookie ]
           -- view that extracts 'csrftoken' from request environment field
           view = \req -> return $ Just $ buildResponse [ addContent $ utf8 $ csrfTokenField csrfProtection $ req ] utf8TextResponse
-      Just resp <- (csrfProtectView csrfProtection) view req
+      Just resp <- (csrfViewProcessor csrfProtection) view req
       return (content resp == utf8 ("<div style=\"display:none\"><input type=\"hidden\" name=\"csrftoken\" value=\"" ++ aCsrfToken ++ "\" ></div>"))
     ) ~? "csrf hidden input field is correct"