With the lack of better solution - this one is working with Codeception 2.1.*:
This is AcceptanceHelper:
<?php
namespace Codeception\Module;
use Yii;
// here you can define custom actions
// all public methods declared in helper class will be available in $I
class AcceptanceHelper extends \Codeception\Module
{
public function csrf(){
$file = codecept_output_dir() . 'page.html';
$this->getModule('PhpBrowser')->_savePageSource($file);
$page = file_get_contents($file);
$csrf_param = Yii::$app->request->csrfParam;
if(preg_match('/<meta name="csrf-token" content="(.*?)">/', $page, $match)){
$csrf_token = $match[1];
}else{
fwrite(STDOUT, "\r\n" . 'ERROR: COULD NOT FIND CSRF TOKEN');
//this token will not work!!!
$csrf_token = Yii::$app->request->csrfToken;
}
unlink($file);
return [$csrf_param => $csrf_token];
}
}
And this is how to use this to test logout action in case it is CSRF protected and limited to POST verb:
$I->sendPOST('main/logout', $I->csrf());
Not perfect but acceptable. I am open for any suggestions.