From c221381c0277abedb8737e4ad1d0de25479af154 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Simon=20Sessing=C3=B8?= <simon.sessingoe@gmail.com>
Date: Wed, 21 Oct 2015 17:09:31 +0200
Subject: [PATCH] [FEATURE] csrf token

- Removed request-type prefix when loading methods.
- Optimised csrf token class.
---
 src/Pecee/CsrfToken.php                | 44 ++++++--------------------
 src/Pecee/SimpleRouter/RouterEntry.php |  2 +-
 2 files changed, 10 insertions(+), 36 deletions(-)

diff --git a/src/Pecee/CsrfToken.php b/src/Pecee/CsrfToken.php
index e3cd7a6..80311c7 100644
--- a/src/Pecee/CsrfToken.php
+++ b/src/Pecee/CsrfToken.php
@@ -3,30 +3,15 @@ namespace Pecee;
 
 class CsrfToken {
 
-    const CSRF_KEY = 'csrf_token';
+    const CSRF_KEY = 'csrf';
 
-    protected static $instance;
-
-    protected $lastToken;
-    protected $currentToken;
-
-    public static function getInstance() {
-        if(self::$instance === null) {
-            self::$instance = new static();
-        }
-        return self::$instance;
-    }
+    protected $token;
 
     public function __construct() {
         $this->lastToken = isset($_SESSION[self::CSRF_KEY]) ? $_SESSION[self::CSRF_KEY] : null;
         $this->currentToken = $this->generate();
 
-        // Initialise session, if it hasn't been initialised.
-        if(!isset($_SESSION)) {
-            session_start();
-        }
-
-        $_SESSION['csrf_token'] = $this->currentToken;
+        $_COOKIE[self::CSRF_KEY] = $this->currentToken;
     }
 
     /**
@@ -47,28 +32,17 @@ class CsrfToken {
      * @return bool
      */
     public function validate($token) {
-        return hash_equals($token, $_SESSION[self::CSRF_KEY]);
+        return hash_equals($token, $this->getCurrentToken());
     }
 
     /**
      * @return string|null
      */
-    public function getLastToken(){
-        return $this->lastToken;
-    }
-
-    /**
-     * @param string|null $lastToken
-     */
-    public function setLastToken($lastToken){
-        $this->lastToken = $lastToken;
-    }
-
-    /**
-     * @return string|null
-     */
-    public function getCurrentToken(){
-        return $this->currentToken;
+    public function getToken(){
+        if(isset($_COOKIE[self::CSRF_KEY])) {
+            return $_COOKIE[self::CSRF_KEY];
+        }
+        return null;
     }
 
 }
\ No newline at end of file
diff --git a/src/Pecee/SimpleRouter/RouterEntry.php b/src/Pecee/SimpleRouter/RouterEntry.php
index 37fa567..aa50533 100644
--- a/src/Pecee/SimpleRouter/RouterEntry.php
+++ b/src/Pecee/SimpleRouter/RouterEntry.php
@@ -269,7 +269,7 @@ abstract class RouterEntry {
             $className = $this->getNamespace() . '\\' . $controller[0];
 
             $class = $this->loadClass($className);
-            $method = $request->getMethod() . ucfirst($controller[1]);
+            $method = $controller[1];
 
             if (!method_exists($class, $method)) {
                 throw new RouterException(sprintf('Method %s does not exist in class %s', $method, $className), 404);