‪TYPO3CMS  10.4
BackendFormProtectionTest.php
Go to the documentation of this file.
1 <?php
2 
3 /*
4  * This file is part of the TYPO3 CMS project.
5  *
6  * It is free software; you can redistribute it and/or modify it under
7  * the terms of the GNU General Public License, either version 2
8  * of the License, or any later version.
9  *
10  * For the full copyright and license information, please read the
11  * LICENSE.txt file that was distributed with this source code.
12  *
13  * The TYPO3 project - inspiring people to share!
14  */
15 
16 namespace ‪TYPO3\CMS\Core\Tests\Unit\FormProtection;
17 
18 use ‪TYPO3\CMS\Core\Authentication\BackendUserAuthentication;
19 use ‪TYPO3\CMS\Core\FormProtection\BackendFormProtection;
20 use ‪TYPO3\CMS\Core\Registry;
21 use ‪TYPO3\CMS\Core\Utility\GeneralUtility;
22 use TYPO3\TestingFramework\Core\Unit\UnitTestCase;
23 
27 class ‪BackendFormProtectionTest extends UnitTestCase
28 {
32  protected ‪$subject;
33 
37  protected ‪$backendUserMock;
38 
42  protected ‪$registryMock;
43 
47  protected function ‪setUp(): void
48  {
49  parent::setUp();
50  $this->backendUserMock = $this->createMock(BackendUserAuthentication::class);
51  $this->backendUserMock->user['uid'] = 1;
52  $this->registryMock = $this->createMock(Registry::class);
53  $this->subject = new ‪BackendFormProtection(
54  $this->backendUserMock,
55  $this->registryMock,
56  function () {
57  throw new \Exception('Closure called', 1442592030);
58  }
59  );
60  }
61 
65  public function ‪generateTokenReadsTokenFromSessionData()
66  {
67  $this->backendUserMock
68  ->expects(self::once())
69  ->method('getSessionData')
70  ->with('formProtectionSessionToken')
71  ->willReturn([]);
72  $this->subject->generateToken('foo');
73  }
74 
78  public function ‪tokenFromSessionDataIsAvailableForValidateToken()
79  {
80  $sessionToken = '881ffea2159ac72182557b79dc0c723f5a8d20136f9fab56cdd4f8b3a1dbcfcd';
81  $formName = 'foo';
82  $action = 'edit';
83  $formInstanceName = '42';
84 
85  $tokenId = GeneralUtility::hmac(
86  $formName . $action . $formInstanceName . $sessionToken
87  );
88 
89  $this->backendUserMock
90  ->expects(self::atLeastOnce())
91  ->method('getSessionData')
92  ->with('formProtectionSessionToken')
93  ->willReturn($sessionToken);
94 
95  self::assertTrue(
96  $this->subject->validateToken($tokenId, $formName, $action, $formInstanceName)
97  );
98  }
99 
103  public function ‪restoreSessionTokenFromRegistryThrowsExceptionIfSessionTokenIsEmpty()
104  {
105  $this->expectException(\UnexpectedValueException::class);
106  $this->expectExceptionCode(1301827270);
107 
108  $this->subject->setSessionTokenFromRegistry();
109  }
110 
114  public function ‪persistSessionTokenWritesTokenToSession()
115  {
116  $this->backendUserMock
117  ->expects(self::once())
118  ->method('setAndSaveSessionData');
119  $this->subject->persistSessionToken();
120  }
121 
125  public function ‪failingTokenValidationInvokesFailingTokenClosure()
126  {
127  $this->expectException(\Exception::class);
128  $this->expectExceptionCode(1442592030);
129 
130  $this->subject->validateToken('foo', 'bar');
131  }
132 }
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\BackendFormProtectionTest\setUp
‪setUp()
Definition: BackendFormProtectionTest.php:44
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\BackendFormProtectionTest\tokenFromSessionDataIsAvailableForValidateToken
‪tokenFromSessionDataIsAvailableForValidateToken()
Definition: BackendFormProtectionTest.php:75
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\BackendFormProtectionTest\$backendUserMock
‪BackendUserAuthentication PHPUnit Framework MockObject MockObject $backendUserMock
Definition: BackendFormProtectionTest.php:35
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\BackendFormProtectionTest\generateTokenReadsTokenFromSessionData
‪generateTokenReadsTokenFromSessionData()
Definition: BackendFormProtectionTest.php:62
‪TYPO3\CMS\Core\Registry
Definition: Registry.php:33
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\BackendFormProtectionTest\restoreSessionTokenFromRegistryThrowsExceptionIfSessionTokenIsEmpty
‪restoreSessionTokenFromRegistryThrowsExceptionIfSessionTokenIsEmpty()
Definition: BackendFormProtectionTest.php:100
‪TYPO3\CMS\Core\FormProtection\BackendFormProtection
Definition: BackendFormProtection.php:75
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\BackendFormProtectionTest\$registryMock
‪Registry PHPUnit Framework MockObject MockObject $registryMock
Definition: BackendFormProtectionTest.php:39
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\BackendFormProtectionTest
Definition: BackendFormProtectionTest.php:28
‪TYPO3\CMS\Core\Authentication\BackendUserAuthentication
Definition: BackendUserAuthentication.php:62
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\BackendFormProtectionTest\persistSessionTokenWritesTokenToSession
‪persistSessionTokenWritesTokenToSession()
Definition: BackendFormProtectionTest.php:111
‪TYPO3\CMS\Core\Tests\Unit\FormProtection
Definition: AbstractFormProtectionTest.php:18
‪TYPO3\CMS\Core\Utility\GeneralUtility
Definition: GeneralUtility.php:46
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\BackendFormProtectionTest\failingTokenValidationInvokesFailingTokenClosure
‪failingTokenValidationInvokesFailingTokenClosure()
Definition: BackendFormProtectionTest.php:122
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\BackendFormProtectionTest\$subject
‪TYPO3 CMS Core FormProtection BackendFormProtection PHPUnit Framework MockObject MockObject TYPO3 TestingFramework Core AccessibleObjectInterface $subject
Definition: BackendFormProtectionTest.php:31