‪TYPO3CMS  11.5
AbstractFormProtectionTest.php
Go to the documentation of this file.
1 <?php
2 
3 declare(strict_types=1);
4 
5 /*
6  * This file is part of the TYPO3 CMS project.
7  *
8  * It is free software; you can redistribute it and/or modify it under
9  * the terms of the GNU General Public License, either version 2
10  * of the License, or any later version.
11  *
12  * For the full copyright and license information, please read the
13  * LICENSE.txt file that was distributed with this source code.
14  *
15  * The TYPO3 project - inspiring people to share!
16  */
17 
18 namespace ‪TYPO3\CMS\Core\Tests\Unit\FormProtection;
19 
20 use ‪TYPO3\CMS\Core\Tests\Unit\FormProtection\Fixtures\FormProtectionTesting;
21 use TYPO3\TestingFramework\Core\Unit\UnitTestCase;
22 
26 class ‪AbstractFormProtectionTest extends UnitTestCase
27 {
28  protected ?‪FormProtectionTesting ‪$subject;
29 
30  protected function ‪setUp(): void
31  {
32  parent::setUp();
33  $this->subject = new ‪FormProtectionTesting();
34  ‪$GLOBALS['TYPO3_CONF_VARS']['SYS']['encryptionKey'] = '';
35  }
36 
40  public function ‪generateTokenRetrievesTokenOnce(): void
41  {
42  ‪$subject = $this->getMockBuilder(FormProtectionTesting::class)
43  ->onlyMethods(['retrieveSessionToken'])
44  ->getMock();
45  ‪$subject->expects(self::once())->method('retrieveSessionToken')->willReturn('token');
46  ‪$subject->‪generateToken('foo');
47  ‪$subject->‪generateToken('foo');
48  }
49 
53  public function ‪validateTokenRetrievesTokenOnce(): void
54  {
55  ‪$subject = $this->getMockBuilder(FormProtectionTesting::class)
56  ->onlyMethods(['retrieveSessionToken'])
57  ->getMock();
58  ‪$subject->expects(self::once())->method('retrieveSessionToken')->willReturn('token');
59  ‪$subject->‪validateToken('foo', 'bar');
60  ‪$subject->‪validateToken('foo', 'bar');
61  }
62 
66  public function ‪cleanMakesTokenInvalid(): void
67  {
68  $formName = 'foo';
69  $tokenId = $this->subject->generateToken($formName);
70  $this->subject->clean();
71  self::assertFalse($this->subject->validateToken($tokenId, $formName));
72  }
73 
77  public function ‪cleanPersistsToken(): void
78  {
79  ‪$subject = $this->getMockBuilder(FormProtectionTesting::class)
80  ->onlyMethods(['persistSessionToken'])
81  ->getMock();
82  ‪$subject->expects(self::once())->method('persistSessionToken');
83  ‪$subject->‪clean();
84  }
85 
89  public function ‪generateTokenFormForEmptyFormNameThrowsException(): void
90  {
91  $this->expectException(\InvalidArgumentException::class);
92  $this->expectExceptionCode(1294586643);
93  $this->subject->generateToken('', 'edit', 'bar');
94  }
95 
99  public function ‪generateTokenFormForEmptyActionNotThrowsException(): void
100  {
101  $this->subject->generateToken('foo', '', '42');
102  }
103 
107  public function ‪generateTokenFormForEmptyFormInstanceNameNotThrowsException(): void
108  {
109  $this->subject->generateToken('foo', 'edit', '');
110  }
111 
115  public function ‪generateTokenFormForOmittedActionAndFormInstanceNameNotThrowsException(): void
116  {
117  $this->subject->generateToken('foo');
118  }
119 
123  public function ‪generateTokenReturns32CharacterHexToken(): void
124  {
125  self::assertMatchesRegularExpression('/^[0-9a-f]{40}$/', $this->subject->generateToken('foo'));
126  }
127 
131  public function ‪generateTokenCalledTwoTimesWithSameParametersReturnsSameTokens(): void
132  {
133  self::assertEquals($this->subject->generateToken('foo', 'edit', 'bar'), $this->subject->generateToken('foo', 'edit', 'bar'));
134  }
135 
139  public function ‪validateTokenWithFourEmptyParametersNotThrowsException(): void
140  {
141  $this->subject->validateToken('', '', '', '');
142  }
143 
147  public function ‪validateTokenWithTwoEmptyAndTwoMissingParametersNotThrowsException(): void
148  {
149  $this->subject->validateToken('', '');
150  }
151 
155  public function ‪validateTokenWithDataFromGenerateTokenWithFormInstanceNameReturnsTrue(): void
156  {
157  $formName = 'foo';
158  $action = 'edit';
159  $formInstanceName = 'bar';
160  self::assertTrue($this->subject->validateToken($this->subject->generateToken($formName, $action, $formInstanceName), $formName, $action, $formInstanceName));
161  }
162 
166  public function ‪validateTokenWithDataFromGenerateTokenWithMissingActionAndFormInstanceNameReturnsTrue(): void
167  {
168  $formName = 'foo';
169  self::assertTrue($this->subject->validateToken($this->subject->generateToken($formName), $formName));
170  }
171 
175  public function ‪validateTokenWithValidDataCalledTwoTimesReturnsTrueOnSecondCall(): void
176  {
177  $formName = 'foo';
178  $action = 'edit';
179  $formInstanceName = 'bar';
180  $tokenId = $this->subject->generateToken($formName, $action, $formInstanceName);
181  $this->subject->validateToken($tokenId, $formName, $action, $formInstanceName);
182  self::assertTrue($this->subject->validateToken($tokenId, $formName, $action, $formInstanceName));
183  }
184 
188  public function ‪validateTokenWithMismatchingTokenIdReturnsFalse(): void
189  {
190  $formName = 'foo';
191  $action = 'edit';
192  $formInstanceName = 'bar';
193  $this->subject->generateToken($formName, $action, $formInstanceName);
194  self::assertFalse($this->subject->validateToken('Hello world!', $formName, $action, $formInstanceName));
195  }
196 
200  public function ‪validateTokenWithMismatchingFormNameReturnsFalse(): void
201  {
202  $formName = 'foo';
203  $action = 'edit';
204  $formInstanceName = 'bar';
205  $tokenId = $this->subject->generateToken($formName, $action, $formInstanceName);
206  self::assertFalse($this->subject->validateToken($tokenId, 'espresso', $action, $formInstanceName));
207  }
208 
212  public function ‪validateTokenWithMismatchingActionReturnsFalse(): void
213  {
214  $formName = 'foo';
215  $action = 'edit';
216  $formInstanceName = 'bar';
217  $tokenId = $this->subject->generateToken($formName, $action, $formInstanceName);
218  self::assertFalse($this->subject->validateToken($tokenId, $formName, 'delete', $formInstanceName));
219  }
220 
224  public function ‪validateTokenWithMismatchingFormInstanceNameReturnsFalse(): void
225  {
226  $formName = 'foo';
227  $action = 'edit';
228  $formInstanceName = 'bar';
229  $tokenId = $this->subject->generateToken($formName, $action, $formInstanceName);
230  self::assertFalse($this->subject->validateToken($tokenId, $formName, $action, 'beer'));
231  }
232 
236  public function ‪validateTokenForValidTokenNotCallsCreateValidationErrorMessage(): void
237  {
238  ‪$subject = $this->getMockBuilder(FormProtectionTesting::class)
239  ->onlyMethods(['createValidationErrorMessage'])
240  ->getMock();
241  ‪$subject->expects(self::never())->method('createValidationErrorMessage');
242  $formName = 'foo';
243  $action = 'edit';
244  $formInstanceName = 'bar';
245  $token = ‪$subject->‪generateToken($formName, $action, $formInstanceName);
246  ‪$subject->‪validateToken($token, $formName, $action, $formInstanceName);
247  }
248 
252  public function ‪validateTokenForInvalidTokenCallsCreateValidationErrorMessage(): void
253  {
254  ‪$subject = $this->getMockBuilder(FormProtectionTesting::class)
255  ->onlyMethods(['createValidationErrorMessage'])
256  ->getMock();
257  ‪$subject->expects(self::once())->method('createValidationErrorMessage');
258  $formName = 'foo';
259  $action = 'edit';
260  $formInstanceName = 'bar';
261  ‪$subject->‪generateToken($formName, $action, $formInstanceName);
262  ‪$subject->‪validateToken('an invalid token ...', $formName, $action, $formInstanceName);
263  }
264 
268  public function ‪validateTokenForInvalidFormNameCallsCreateValidationErrorMessage(): void
269  {
270  ‪$subject = $this->getMockBuilder(FormProtectionTesting::class)
271  ->onlyMethods(['createValidationErrorMessage'])
272  ->getMock();
273  ‪$subject->expects(self::once())->method('createValidationErrorMessage');
274  $formName = 'foo';
275  $action = 'edit';
276  $formInstanceName = 'bar';
277  $token = ‪$subject->‪generateToken($formName, $action, $formInstanceName);
278  ‪$subject->‪validateToken($token, 'another form name', $action, $formInstanceName);
279  }
280 }
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\AbstractFormProtectionTest\generateTokenFormForEmptyFormNameThrowsException
‪generateTokenFormForEmptyFormNameThrowsException()
Definition: AbstractFormProtectionTest.php:89
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\AbstractFormProtectionTest\generateTokenRetrievesTokenOnce
‪generateTokenRetrievesTokenOnce()
Definition: AbstractFormProtectionTest.php:40
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\AbstractFormProtectionTest\generateTokenReturns32CharacterHexToken
‪generateTokenReturns32CharacterHexToken()
Definition: AbstractFormProtectionTest.php:123
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\AbstractFormProtectionTest\validateTokenWithMismatchingFormNameReturnsFalse
‪validateTokenWithMismatchingFormNameReturnsFalse()
Definition: AbstractFormProtectionTest.php:200
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\AbstractFormProtectionTest\validateTokenWithFourEmptyParametersNotThrowsException
‪validateTokenWithFourEmptyParametersNotThrowsException()
Definition: AbstractFormProtectionTest.php:139
‪TYPO3\CMS\Core\FormProtection\AbstractFormProtection\generateToken
‪string generateToken($formName, $action='', $formInstanceName='')
Definition: AbstractFormProtection.php:75
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\AbstractFormProtectionTest\validateTokenForInvalidFormNameCallsCreateValidationErrorMessage
‪validateTokenForInvalidFormNameCallsCreateValidationErrorMessage()
Definition: AbstractFormProtectionTest.php:268
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\AbstractFormProtectionTest\validateTokenWithDataFromGenerateTokenWithMissingActionAndFormInstanceNameReturnsTrue
‪validateTokenWithDataFromGenerateTokenWithMissingActionAndFormInstanceNameReturnsTrue()
Definition: AbstractFormProtectionTest.php:166
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\AbstractFormProtectionTest\validateTokenWithTwoEmptyAndTwoMissingParametersNotThrowsException
‪validateTokenWithTwoEmptyAndTwoMissingParametersNotThrowsException()
Definition: AbstractFormProtectionTest.php:147
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\AbstractFormProtectionTest\cleanMakesTokenInvalid
‪cleanMakesTokenInvalid()
Definition: AbstractFormProtectionTest.php:66
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\AbstractFormProtectionTest\validateTokenWithDataFromGenerateTokenWithFormInstanceNameReturnsTrue
‪validateTokenWithDataFromGenerateTokenWithFormInstanceNameReturnsTrue()
Definition: AbstractFormProtectionTest.php:155
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\AbstractFormProtectionTest\generateTokenCalledTwoTimesWithSameParametersReturnsSameTokens
‪generateTokenCalledTwoTimesWithSameParametersReturnsSameTokens()
Definition: AbstractFormProtectionTest.php:131
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\AbstractFormProtectionTest\validateTokenWithValidDataCalledTwoTimesReturnsTrueOnSecondCall
‪validateTokenWithValidDataCalledTwoTimesReturnsTrueOnSecondCall()
Definition: AbstractFormProtectionTest.php:175
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\Fixtures\FormProtectionTesting
Definition: FormProtectionTesting.php:29
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\AbstractFormProtectionTest\generateTokenFormForEmptyActionNotThrowsException
‪generateTokenFormForEmptyActionNotThrowsException()
Definition: AbstractFormProtectionTest.php:99
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\AbstractFormProtectionTest\validateTokenForValidTokenNotCallsCreateValidationErrorMessage
‪validateTokenForValidTokenNotCallsCreateValidationErrorMessage()
Definition: AbstractFormProtectionTest.php:236
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\AbstractFormProtectionTest\validateTokenWithMismatchingActionReturnsFalse
‪validateTokenWithMismatchingActionReturnsFalse()
Definition: AbstractFormProtectionTest.php:212
‪TYPO3\CMS\Core\FormProtection\AbstractFormProtection\clean
‪clean()
Definition: AbstractFormProtection.php:56
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\AbstractFormProtectionTest\validateTokenWithMismatchingFormInstanceNameReturnsFalse
‪validateTokenWithMismatchingFormInstanceNameReturnsFalse()
Definition: AbstractFormProtectionTest.php:224
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\AbstractFormProtectionTest\validateTokenForInvalidTokenCallsCreateValidationErrorMessage
‪validateTokenForInvalidTokenCallsCreateValidationErrorMessage()
Definition: AbstractFormProtectionTest.php:252
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\AbstractFormProtectionTest\generateTokenFormForEmptyFormInstanceNameNotThrowsException
‪generateTokenFormForEmptyFormInstanceNameNotThrowsException()
Definition: AbstractFormProtectionTest.php:107
‪TYPO3\CMS\Core\FormProtection\AbstractFormProtection\validateToken
‪bool validateToken($tokenId, $formName, $action='', $formInstanceName='')
Definition: AbstractFormProtection.php:94
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\AbstractFormProtectionTest\cleanPersistsToken
‪cleanPersistsToken()
Definition: AbstractFormProtectionTest.php:77
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\AbstractFormProtectionTest\validateTokenRetrievesTokenOnce
‪validateTokenRetrievesTokenOnce()
Definition: AbstractFormProtectionTest.php:53
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\AbstractFormProtectionTest\setUp
‪setUp()
Definition: AbstractFormProtectionTest.php:30
‪$GLOBALS
‪$GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['adminpanel']['modules']
Definition: ext_localconf.php:25
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\AbstractFormProtectionTest
Definition: AbstractFormProtectionTest.php:27
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\AbstractFormProtectionTest\generateTokenFormForOmittedActionAndFormInstanceNameNotThrowsException
‪generateTokenFormForOmittedActionAndFormInstanceNameNotThrowsException()
Definition: AbstractFormProtectionTest.php:115
‪TYPO3\CMS\Core\Tests\Unit\FormProtection
Definition: AbstractFormProtectionTest.php:18
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\AbstractFormProtectionTest\validateTokenWithMismatchingTokenIdReturnsFalse
‪validateTokenWithMismatchingTokenIdReturnsFalse()
Definition: AbstractFormProtectionTest.php:188
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\AbstractFormProtectionTest\$subject
‪FormProtectionTesting $subject
Definition: AbstractFormProtectionTest.php:28