csrf: align documentation with reality

Also implement the wrongly documented event.
tigron · Jul 19, 2024 · 662ee1b · 662ee1b
1 parent 0024172
commit 662ee1b
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 4 deletions.
diff --git a/README.md b/README.md
@@ -489,12 +489,12 @@ a successful validation. It expects a boolean as a return value.
 	public function csrf_validate_success(): bool
 
 
-##### csrf_validation_failed
+##### csrf_validate_failed
 
-The `csrf_validation_failed` method allows you to override the check result
+The `csrf_validate_failed` method allows you to override the check result
 after a failed validation. It expects a boolean as a return value.
 
-	public function csrf_validation_failed(): bool {
+	public function csrf_validate_failed(): bool {
 
 
 ##### csrf_generate_session_token

diff --git a/lib/Skeleton/Core/Application/Web.php b/lib/Skeleton/Core/Application/Web.php
@@ -157,7 +157,14 @@ public function run() {
 		$csrf = \Skeleton\Core\Web\Security\Csrf::get();
 
 		if ($session_properties['resumed'] === true && !$csrf->validate()) {
-			$this->call_event('security', 'csrf_validation_failed');
+			if ($this->event_exists('security', 'csrf_validate_failed')) {
+				$this->call_event_if_exists('security', 'csrf_validate_failed');
+			} elseif ($this->event_exists('security', 'csrf_validation_failed')) {
+				// This should be deprecated, documentation inconsistency
+				$this->call_event_if_exists('security', 'csrf_validation_failed');
+			} else {
+				\Skeleton\Core\Web\HTTP\Status::code_403('CSRF validation failed');
+			}
 		}
 
 		/**