‪TYPO3CMS  10.4
AbstractFormProtectionTest.php
Go to the documentation of this file.
1 <?php
2 
3 declare(strict_types=1);
4 
5 /*
6  * This file is part of the TYPO3 CMS project.
7  *
8  * It is free software; you can redistribute it and/or modify it under
9  * the terms of the GNU General Public License, either version 2
10  * of the License, or any later version.
11  *
12  * For the full copyright and license information, please read the
13  * LICENSE.txt file that was distributed with this source code.
14  *
15  * The TYPO3 project - inspiring people to share!
16  */
17 
18 namespace ‪TYPO3\CMS\Core\Tests\Unit\FormProtection;
19 
20 use ‪TYPO3\CMS\Core\Tests\Unit\FormProtection\Fixtures\FormProtectionTesting;
21 use TYPO3\TestingFramework\Core\Unit\UnitTestCase;
22 
26 class ‪AbstractFormProtectionTest extends UnitTestCase
27 {
31  protected ‪$subject;
32 
33  protected function ‪setUp(): void
34  {
35  parent::setUp();
36  $this->subject = new ‪FormProtectionTesting();
37  }
38 
40  // Tests concerning the basic functions
42 
45  public function ‪generateTokenRetrievesTokenOnce(): void
46  {
47  ‪$subject = $this->getMockBuilder(FormProtectionTesting::class)
48  ->setMethods(['retrieveSessionToken'])
49  ->getMock();
50  ‪$subject->expects(self::once())->method('retrieveSessionToken')->willReturn('token');
51  ‪$subject->‪generateToken('foo');
52  ‪$subject->‪generateToken('foo');
53  }
54 
58  public function ‪validateTokenRetrievesTokenOnce(): void
59  {
60  ‪$subject = $this->getMockBuilder(FormProtectionTesting::class)
61  ->setMethods(['retrieveSessionToken'])
62  ->getMock();
63  ‪$subject->expects(self::once())->method('retrieveSessionToken')->willReturn('token');
64  ‪$subject->‪validateToken('foo', 'bar');
65  ‪$subject->‪validateToken('foo', 'bar');
66  }
67 
71  public function ‪cleanMakesTokenInvalid(): void
72  {
73  $formName = 'foo';
74  $tokenId = $this->subject->generateToken($formName);
75  $this->subject->clean();
76  self::assertFalse($this->subject->validateToken($tokenId, $formName));
77  }
78 
82  public function ‪cleanPersistsToken(): void
83  {
84  ‪$subject = $this->getMockBuilder(FormProtectionTesting::class)
85  ->setMethods(['persistSessionToken'])
86  ->getMock();
87  ‪$subject->expects(self::once())->method('persistSessionToken');
88  ‪$subject->‪clean();
89  }
90 
92  // Tests concerning generateToken
94 
97  public function ‪generateTokenFormForEmptyFormNameThrowsException(): void
98  {
99  $this->expectException(\InvalidArgumentException::class);
100  $this->expectExceptionCode(1294586643);
101  $this->subject->generateToken('', 'edit', 'bar');
102  }
103 
107  public function ‪generateTokenFormForEmptyActionNotThrowsException(): void
108  {
109  $this->subject->generateToken('foo', '', '42');
110  }
111 
115  public function ‪generateTokenFormForEmptyFormInstanceNameNotThrowsException(): void
116  {
117  $this->subject->generateToken('foo', 'edit', '');
118  }
119 
123  public function ‪generateTokenFormForOmittedActionAndFormInstanceNameNotThrowsException(): void
124  {
125  $this->subject->generateToken('foo');
126  }
127 
131  public function ‪generateTokenReturns32CharacterHexToken(): void
132  {
133 
134  // @todo remove condition and else branch as soon as phpunit v8 goes out of support
135  if (method_exists($this, 'assertMatchesRegularExpression')) {
136  self::assertMatchesRegularExpression('/^[0-9a-f]{40}$/', $this->subject->generateToken('foo'));
137  } else {
138  self::assertRegExp('/^[0-9a-f]{40}$/', $this->subject->generateToken('foo'));
139  }
140  }
141 
145  public function ‪generateTokenCalledTwoTimesWithSameParametersReturnsSameTokens(): void
146  {
147  self::assertEquals($this->subject->generateToken('foo', 'edit', 'bar'), $this->subject->generateToken('foo', 'edit', 'bar'));
148  }
149 
151  // Tests concerning validateToken
153 
156  public function ‪validateTokenWithFourEmptyParametersNotThrowsException(): void
157  {
158  $this->subject->validateToken('', '', '', '');
159  }
160 
164  public function ‪validateTokenWithTwoEmptyAndTwoMissingParametersNotThrowsException(): void
165  {
166  $this->subject->validateToken('', '');
167  }
168 
172  public function ‪validateTokenWithDataFromGenerateTokenWithFormInstanceNameReturnsTrue(): void
173  {
174  $formName = 'foo';
175  $action = 'edit';
176  $formInstanceName = 'bar';
177  self::assertTrue($this->subject->validateToken($this->subject->generateToken($formName, $action, $formInstanceName), $formName, $action, $formInstanceName));
178  }
179 
183  public function ‪validateTokenWithDataFromGenerateTokenWithMissingActionAndFormInstanceNameReturnsTrue(): void
184  {
185  $formName = 'foo';
186  self::assertTrue($this->subject->validateToken($this->subject->generateToken($formName), $formName));
187  }
188 
192  public function ‪validateTokenWithValidDataCalledTwoTimesReturnsTrueOnSecondCall(): void
193  {
194  $formName = 'foo';
195  $action = 'edit';
196  $formInstanceName = 'bar';
197  $tokenId = $this->subject->generateToken($formName, $action, $formInstanceName);
198  $this->subject->validateToken($tokenId, $formName, $action, $formInstanceName);
199  self::assertTrue($this->subject->validateToken($tokenId, $formName, $action, $formInstanceName));
200  }
201 
205  public function ‪validateTokenWithMismatchingTokenIdReturnsFalse(): void
206  {
207  $formName = 'foo';
208  $action = 'edit';
209  $formInstanceName = 'bar';
210  $this->subject->generateToken($formName, $action, $formInstanceName);
211  self::assertFalse($this->subject->validateToken('Hello world!', $formName, $action, $formInstanceName));
212  }
213 
217  public function ‪validateTokenWithMismatchingFormNameReturnsFalse(): void
218  {
219  $formName = 'foo';
220  $action = 'edit';
221  $formInstanceName = 'bar';
222  $tokenId = $this->subject->generateToken($formName, $action, $formInstanceName);
223  self::assertFalse($this->subject->validateToken($tokenId, 'espresso', $action, $formInstanceName));
224  }
225 
229  public function ‪validateTokenWithMismatchingActionReturnsFalse(): void
230  {
231  $formName = 'foo';
232  $action = 'edit';
233  $formInstanceName = 'bar';
234  $tokenId = $this->subject->generateToken($formName, $action, $formInstanceName);
235  self::assertFalse($this->subject->validateToken($tokenId, $formName, 'delete', $formInstanceName));
236  }
237 
241  public function ‪validateTokenWithMismatchingFormInstanceNameReturnsFalse(): void
242  {
243  $formName = 'foo';
244  $action = 'edit';
245  $formInstanceName = 'bar';
246  $tokenId = $this->subject->generateToken($formName, $action, $formInstanceName);
247  self::assertFalse($this->subject->validateToken($tokenId, $formName, $action, 'beer'));
248  }
249 
253  public function ‪validateTokenForValidTokenNotCallsCreateValidationErrorMessage(): void
254  {
256  ‪$subject = $this->getMockBuilder(FormProtectionTesting::class)
257  ->setMethods(['createValidationErrorMessage'])
258  ->getMock();
259  ‪$subject->expects(self::never())->method('createValidationErrorMessage');
260  $formName = 'foo';
261  $action = 'edit';
262  $formInstanceName = 'bar';
263  $token = ‪$subject->‪generateToken($formName, $action, $formInstanceName);
264  ‪$subject->‪validateToken($token, $formName, $action, $formInstanceName);
265  ‪$subject->‪__destruct();
266  }
267 
271  public function ‪validateTokenForInvalidTokenCallsCreateValidationErrorMessage(): void
272  {
274  ‪$subject = $this->getMockBuilder(FormProtectionTesting::class)
275  ->setMethods(['createValidationErrorMessage'])
276  ->getMock();
277  ‪$subject->expects(self::once())->method('createValidationErrorMessage');
278  $formName = 'foo';
279  $action = 'edit';
280  $formInstanceName = 'bar';
281  ‪$subject->‪generateToken($formName, $action, $formInstanceName);
282  ‪$subject->‪validateToken('an invalid token ...', $formName, $action, $formInstanceName);
283  ‪$subject->‪__destruct();
284  }
285 
289  public function ‪validateTokenForInvalidFormNameCallsCreateValidationErrorMessage(): void
290  {
292  ‪$subject = $this->getMockBuilder(FormProtectionTesting::class)
293  ->setMethods(['createValidationErrorMessage'])
294  ->getMock();
295  ‪$subject->expects(self::once())->method('createValidationErrorMessage');
296  $formName = 'foo';
297  $action = 'edit';
298  $formInstanceName = 'bar';
299  $token = ‪$subject->‪generateToken($formName, $action, $formInstanceName);
300  ‪$subject->‪validateToken($token, 'another form name', $action, $formInstanceName);
301  ‪$subject->‪__destruct();
302  }
303 }
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\AbstractFormProtectionTest\generateTokenFormForEmptyFormNameThrowsException
‪generateTokenFormForEmptyFormNameThrowsException()
Definition: AbstractFormProtectionTest.php:96
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\AbstractFormProtectionTest\generateTokenRetrievesTokenOnce
‪generateTokenRetrievesTokenOnce()
Definition: AbstractFormProtectionTest.php:44
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\AbstractFormProtectionTest\generateTokenReturns32CharacterHexToken
‪generateTokenReturns32CharacterHexToken()
Definition: AbstractFormProtectionTest.php:130
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\AbstractFormProtectionTest\validateTokenWithMismatchingFormNameReturnsFalse
‪validateTokenWithMismatchingFormNameReturnsFalse()
Definition: AbstractFormProtectionTest.php:216
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\AbstractFormProtectionTest\validateTokenWithFourEmptyParametersNotThrowsException
‪validateTokenWithFourEmptyParametersNotThrowsException()
Definition: AbstractFormProtectionTest.php:155
‪TYPO3\CMS\Core\FormProtection\AbstractFormProtection\generateToken
‪string generateToken($formName, $action='', $formInstanceName='')
Definition: AbstractFormProtection.php:83
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\AbstractFormProtectionTest\validateTokenForInvalidFormNameCallsCreateValidationErrorMessage
‪validateTokenForInvalidFormNameCallsCreateValidationErrorMessage()
Definition: AbstractFormProtectionTest.php:288
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\AbstractFormProtectionTest\validateTokenWithDataFromGenerateTokenWithMissingActionAndFormInstanceNameReturnsTrue
‪validateTokenWithDataFromGenerateTokenWithMissingActionAndFormInstanceNameReturnsTrue()
Definition: AbstractFormProtectionTest.php:182
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\AbstractFormProtectionTest\validateTokenWithTwoEmptyAndTwoMissingParametersNotThrowsException
‪validateTokenWithTwoEmptyAndTwoMissingParametersNotThrowsException()
Definition: AbstractFormProtectionTest.php:163
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\AbstractFormProtectionTest\cleanMakesTokenInvalid
‪cleanMakesTokenInvalid()
Definition: AbstractFormProtectionTest.php:70
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\AbstractFormProtectionTest\validateTokenWithDataFromGenerateTokenWithFormInstanceNameReturnsTrue
‪validateTokenWithDataFromGenerateTokenWithFormInstanceNameReturnsTrue()
Definition: AbstractFormProtectionTest.php:171
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\AbstractFormProtectionTest\generateTokenCalledTwoTimesWithSameParametersReturnsSameTokens
‪generateTokenCalledTwoTimesWithSameParametersReturnsSameTokens()
Definition: AbstractFormProtectionTest.php:144
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\AbstractFormProtectionTest\validateTokenWithValidDataCalledTwoTimesReturnsTrueOnSecondCall
‪validateTokenWithValidDataCalledTwoTimesReturnsTrueOnSecondCall()
Definition: AbstractFormProtectionTest.php:191
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\Fixtures\FormProtectionTesting
Definition: FormProtectionTesting.php:27
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\AbstractFormProtectionTest\generateTokenFormForEmptyActionNotThrowsException
‪generateTokenFormForEmptyActionNotThrowsException()
Definition: AbstractFormProtectionTest.php:106
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\AbstractFormProtectionTest\validateTokenForValidTokenNotCallsCreateValidationErrorMessage
‪validateTokenForValidTokenNotCallsCreateValidationErrorMessage()
Definition: AbstractFormProtectionTest.php:252
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\AbstractFormProtectionTest\validateTokenWithMismatchingActionReturnsFalse
‪validateTokenWithMismatchingActionReturnsFalse()
Definition: AbstractFormProtectionTest.php:228
‪TYPO3\CMS\Core\FormProtection\AbstractFormProtection\clean
‪clean()
Definition: AbstractFormProtection.php:64
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\AbstractFormProtectionTest\validateTokenWithMismatchingFormInstanceNameReturnsFalse
‪validateTokenWithMismatchingFormInstanceNameReturnsFalse()
Definition: AbstractFormProtectionTest.php:240
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\AbstractFormProtectionTest\validateTokenForInvalidTokenCallsCreateValidationErrorMessage
‪validateTokenForInvalidTokenCallsCreateValidationErrorMessage()
Definition: AbstractFormProtectionTest.php:270
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\AbstractFormProtectionTest\generateTokenFormForEmptyFormInstanceNameNotThrowsException
‪generateTokenFormForEmptyFormInstanceNameNotThrowsException()
Definition: AbstractFormProtectionTest.php:114
‪TYPO3\CMS\Core\FormProtection\AbstractFormProtection\validateToken
‪bool validateToken($tokenId, $formName, $action='', $formInstanceName='')
Definition: AbstractFormProtection.php:102
‪TYPO3\CMS\Core\FormProtection\AbstractFormProtection\__destruct
‪__destruct()
Definition: AbstractFormProtection.php:54
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\AbstractFormProtectionTest\cleanPersistsToken
‪cleanPersistsToken()
Definition: AbstractFormProtectionTest.php:81
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\AbstractFormProtectionTest\validateTokenRetrievesTokenOnce
‪validateTokenRetrievesTokenOnce()
Definition: AbstractFormProtectionTest.php:57
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\AbstractFormProtectionTest\setUp
‪setUp()
Definition: AbstractFormProtectionTest.php:32
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\AbstractFormProtectionTest
Definition: AbstractFormProtectionTest.php:27
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\AbstractFormProtectionTest\generateTokenFormForOmittedActionAndFormInstanceNameNotThrowsException
‪generateTokenFormForOmittedActionAndFormInstanceNameNotThrowsException()
Definition: AbstractFormProtectionTest.php:122
‪TYPO3\CMS\Core\Tests\Unit\FormProtection
Definition: AbstractFormProtectionTest.php:18
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\AbstractFormProtectionTest\validateTokenWithMismatchingTokenIdReturnsFalse
‪validateTokenWithMismatchingTokenIdReturnsFalse()
Definition: AbstractFormProtectionTest.php:204
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\AbstractFormProtectionTest\$subject
‪FormProtectionTesting $subject
Definition: AbstractFormProtectionTest.php:30