Also allow caching of the logout route

It is a bit more general. If the only argument is the requesttoken. So a
get request will work with the CSRF protection. The route will be
generated without the parameters and the request token will be added at
the end.

Before the route could not properly be cached as the request token was
always changeing. However now it can be cached saving precious cpu
cycles.

Signed-off-by: Roeland Jago Douma <[email protected]>

Author: rullzer

lib/private/Route/CachingRouter.php

@@ -1,4 +1,5 @@
 <?php
+declare(strict_types=1);
 /**
  * @copyright Copyright (c) 2016, ownCloud, Inc.
  *
@@ -50,16 +51,31 @@ public function __construct($cache, ILogger $logger) {
 	 * @param bool $absolute
 	 * @return string
 	 */
-	public function generate($name, $parameters = array(), $absolute = false) {
+	public function generate($name, $parameters = [], $absolute = false): string {
+		/*
+		 * If the only parameter is the request token we should do special
+		 * handling. As caching with the request token is not very useful since
+		 * it will change with each request.
+		 */
+		$requestToken = null;
+		if (count($parameters) === 1 && isset($parameters['requesttoken'])) {
+			$requestToken = $parameters['requesttoken'];
+			$parameters = [];
+		}
+
 		asort($parameters);
 		$key = $this->context->getHost() . '#' . $this->context->getBaseUrl() . $name . sha1(json_encode($parameters)) . (int)$absolute;
-		$cachedKey = $this->cache->get($key);
-		if ($cachedKey) {
-			return $cachedKey;
-		} else {
+		$url = $this->cache->get($key);
+		if ($url === null) {
 			$url = parent::generate($name, $parameters, $absolute);
 			$this->cache->set($key, $url, 3600);
-			return $url;
 		}
+
+		// Add the request token if required
+		if ($requestToken !== null) {
+			$url .= '?requesttoken=' . $requestToken;
+		}
+
+		return $url;
 	}
 }