‪TYPO3CMS  10.4
ReferrerEnforcerTest.php
Go to the documentation of this file.
1 <?php
2 
3 declare(strict_types=1);
4 
5 /*
6  * This file is part of the TYPO3 CMS project.
7  *
8  * It is free software; you can redistribute it and/or modify it under
9  * the terms of the GNU General Public License, either version 2
10  * of the License, or any later version.
11  *
12  * For the full copyright and license information, please read the
13  * LICENSE.txt file that was distributed with this source code.
14  *
15  * The TYPO3 project - inspiring people to share!
16  */
17 
18 namespace ‪TYPO3\CMS\Core\Tests\Unit\Http\Security;
19 
20 use Prophecy\Prophecy\ObjectProphecy;
21 use Psr\Http\Message\ServerRequestInterface;
22 use ‪TYPO3\CMS\Core\Http\NormalizedParams;
23 use ‪TYPO3\CMS\Core\Http\Security\InvalidReferrerException;
24 use ‪TYPO3\CMS\Core\Http\Security\MissingReferrerException;
25 use ‪TYPO3\CMS\Core\Http\Security\ReferrerEnforcer;
26 use ‪TYPO3\CMS\Core\Http\Uri;
27 use TYPO3\TestingFramework\Core\Unit\UnitTestCase;
28 
29 class ‪ReferrerEnforcerTest extends UnitTestCase
30 {
31  private static function ‪buildRefreshContentPattern(string $uri): string
32  {
33  return sprintf(
34  '#.+href="%s\d+" id="referrer-refresh".+#',
35  preg_quote(htmlspecialchars($uri . '&referrer-refresh='), '#')
36  );
37  }
38 
39  public function ‪validReferrerIsHandledDataProvider(): array
40  {
41  return [
42  [
43  'https://example.org/typo3/index.php?route=%2Flogin', // requestUri
44  'https://example.org/typo3/index.php', // referrer
45  null, // options
46  null, // response
47  ],
48  [
49  'https://example.org/typo3/index.php?route=%2Flogin',
50  '',
51  ['flags' => ['refresh-empty']],
52  ‪self::buildRefreshContentPattern(
53  'https://example.org/typo3/index.php?route=%2Flogin'
54  ),
55  ],
56  [
57  'https://example.org/typo3/index.php?route=%2Flogin',
58  'https://example.org/?eID=handler',
59  ['flags' => ['refresh-same-site']],
60  ‪self::buildRefreshContentPattern(
61  'https://example.org/typo3/index.php?route=%2Flogin'
62  ),
63  ],
64  [
65  'https://example.org/typo3/index.php?route=%2Flogin',
66  'https://other-example.site/security/',
67  ['flags' => ['refresh-always']],
68  ‪self::buildRefreshContentPattern(
69  'https://example.org/typo3/index.php?route=%2Flogin'
70  ),
71  ],
72  ];
73  }
74 
84  public function ‪validReferrerIsHandled(string $requestUri, string $referrer, ?array $options, ?string $expectedResponse): void
85  {
86  $subject = $this->‪buildSubject($requestUri, $referrer);
87  $response = $subject->handle($options);
88 
89  if ($expectedResponse === null) {
90  self::assertNull($response);
91  } else {
92 
93  // @todo remove condition and else branch as soon as phpunit v8 goes out of support
94  if (method_exists($this, 'assertMatchesRegularExpression')) {
95  self::assertMatchesRegularExpression($expectedResponse, (string)$response->getBody());
96  } else {
97  self::assertRegExp($expectedResponse, (string)$response->getBody());
98  }
99  }
100  }
101 
102  public function ‪invalidReferrerIsHandledDataProvider(): array
103  {
104  return [
105  [
106  'https://example.org/typo3/index.php?route=%2Flogin', // requestUri
107  'https://example.org/?eID=handler', // referrer
108  null, // options
109  ],
110  [
111  'https://example.org/typo3/index.php?route=%2Flogin',
112  'https://example.org/?eID=handler',
113  ['flags' => ['refresh-empty']],
114  ],
115  [
116  'https://example.org/typo3/index.php?route=%2Flogin',
117  'https://example.org.security/?eID=handler',
118  ['flags' => ['refresh-same-site']],
119  ],
120  [
121  'https://example.org/typo3/index.php?route=%2Flogin',
122  'https://other-example.site/security/',
123  null,
124  ],
125  ];
126  }
127 
136  public function ‪invalidReferrerIsHandled(string $requestUri, string $referrer, ?array $options): void
137  {
138  $this->expectException(InvalidReferrerException::class);
139  $this->expectExceptionCode(1588095936);
140  $subject = $this->‪buildSubject($requestUri, $referrer);
141  $subject->handle($options);
142  }
143 
147  public function ‪missingReferrerIsHandled(): void
148  {
149  $this->expectException(MissingReferrerException::class);
150  $this->expectExceptionCode(1588095935);
151  $subject = $this->‪buildSubject(
152  'https://example.org/typo3/index.php?route=%2Flogin',
153  ''
154  );
155  $subject->handle();
156  }
157 
158  private function ‪buildSubject(string $requestUri, string $referrer): ‪ReferrerEnforcer
159  {
160  $requestUriInstance = new ‪Uri($requestUri);
161  $host = sprintf(
162  '%s://%s',
163  $requestUriInstance->getScheme(),
164  $requestUriInstance->getHost()
165  );
166  ‪$dir = $host . rtrim(dirname($requestUriInstance->getPath()), '/') . '/';
167  parse_str($requestUriInstance->getQuery(), $queryParams);
168 
170  $normalizedParams = $this->prophesize(NormalizedParams::class);
171  $normalizedParams->getRequestHost()->willReturn($host);
172  $normalizedParams->getRequestDir()->willReturn(‪$dir);
174  $request = $this->prophesize(ServerRequestInterface::class);
175  $request->getAttribute('normalizedParams')->willReturn($normalizedParams);
176  $request->getServerParams()->willReturn(['HTTP_REFERER' => $referrer]);
177  $request->getUri()->willReturn($requestUriInstance);
178  $request->getQueryParams()->willReturn($queryParams);
179 
180  return new ‪ReferrerEnforcer($request->reveal());
181  }
182 }
‪TYPO3\CMS\Core\Http\Security\ReferrerEnforcer
Definition: ReferrerEnforcer.php:31
‪TYPO3\CMS\Core\Tests\Unit\Http\Security\ReferrerEnforcerTest\validReferrerIsHandledDataProvider
‪validReferrerIsHandledDataProvider()
Definition: ReferrerEnforcerTest.php:39
‪TYPO3\CMS\Core\Tests\Unit\Http\Security\ReferrerEnforcerTest\buildSubject
‪buildSubject(string $requestUri, string $referrer)
Definition: ReferrerEnforcerTest.php:158
‪TYPO3\CMS\Core\Tests\Unit\Http\Security\ReferrerEnforcerTest\buildRefreshContentPattern
‪static buildRefreshContentPattern(string $uri)
Definition: ReferrerEnforcerTest.php:31
‪$dir
‪$dir
Definition: validateRstFiles.php:213
‪TYPO3\CMS\Core\Http\Security\MissingReferrerException
Definition: MissingReferrerException.php:24
‪TYPO3\CMS\Core\Tests\Unit\Http\Security\ReferrerEnforcerTest\invalidReferrerIsHandled
‪invalidReferrerIsHandled(string $requestUri, string $referrer, ?array $options)
Definition: ReferrerEnforcerTest.php:136
‪TYPO3\CMS\Core\Http\Uri
Definition: Uri.php:29
‪TYPO3\CMS\Core\Tests\Unit\Http\Security\ReferrerEnforcerTest\validReferrerIsHandled
‪validReferrerIsHandled(string $requestUri, string $referrer, ?array $options, ?string $expectedResponse)
Definition: ReferrerEnforcerTest.php:84
‪TYPO3\CMS\Core\Tests\Unit\Http\Security\ReferrerEnforcerTest\invalidReferrerIsHandledDataProvider
‪invalidReferrerIsHandledDataProvider()
Definition: ReferrerEnforcerTest.php:102
‪TYPO3\CMS\Core\Tests\Unit\Http\Security\ReferrerEnforcerTest\missingReferrerIsHandled
‪missingReferrerIsHandled()
Definition: ReferrerEnforcerTest.php:147
‪TYPO3\CMS\Core\Tests\Unit\Http\Security
Definition: ReferrerEnforcerTest.php:18
‪TYPO3\CMS\Core\Http\Security\InvalidReferrerException
Definition: InvalidReferrerException.php:24
‪TYPO3\CMS\Core\Tests\Unit\Http\Security\ReferrerEnforcerTest
Definition: ReferrerEnforcerTest.php:30
‪TYPO3\CMS\Core\Http\NormalizedParams
Definition: NormalizedParams.php:35