To prevent CSRF attacks, I'm adding a state parameter with my current CSRF token to an external link. When the external page redirects the user back to my site, it will include the state.
With a simple condition I can check it in my controller:
if($data['state'] !== csrf_token()){
throw new TokenMismatchException;
}
Now I want to write a test for it to pass the if condition, but csrf_token() is empty in the test directory, however not in the controller. So it fails, unfortunately. Here is an excerpt of the test:
/** @test */
public function it_saves_the_data_in_database()
{
$this->get(route('connect.index', [
'scope' => $this->scope,
'code' => $this->code,
'state' => csrf_token(), //it's null here...
]))->assertStatus(200); //however it returns 419
}
Is it possible to generate the token before?