Only throw TokenMismatchException if in debug mode

Closes #118
mzur · Jan 28, 2017 · 61f8e85 · 61f8e85
1 parent 1deef47
commit 61f8e85
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 1 deletion.
diff --git a/src/Form.php b/src/Form.php
@@ -173,7 +173,11 @@ public function validate()
         $this->shouldValidate = false;
 
         if (csrf(R::postData(self::CSRF_FIELD)) !== true) {
-            throw new TokenMismatchException('The CSRF token was invalid.');
+            if (Config::get('debug') === true) {
+                throw new TokenMismatchException('The CSRF token was invalid.');
+            }
+
+            $this->fail();
         }
 
         if (parent::validates()) {

diff --git a/tests/FormTest.php b/tests/FormTest.php
@@ -2,6 +2,7 @@
 
 namespace Uniform\Tests;
 
+use C as Config;
 use Uniform\Form;
 use Jevets\Kirby\Flash;
 use Uniform\Guards\Guard;
@@ -16,6 +17,7 @@ class FormTest extends TestCase
     public function setUp()
     {
         parent::setUp();
+        Config::set('debug', true);
         $this->form = new FormStub;
     }
 
@@ -35,6 +37,19 @@ public function testValidateCsrfException()
         $this->form->validate();
     }
 
+    public function testValidateCsrfExceptionNoDebug()
+    {
+        Config::set('debug', false);
+
+        try {
+            $this->form->validate();
+            $this->assertFalse($this->form->success());
+            $this->assertFalse(true);
+        } catch (Exception $e) {
+            $this->assertEquals('Redirected', $e->getMessage());
+        }
+    }
+
     public function testValidateCsrfSuccess()
     {
         $_POST['csrf_token'] = csrf();