‪TYPO3CMS  11.5
BackendFormProtectionTest.php
Go to the documentation of this file.
1 <?php
2 
3 declare(strict_types=1);
4 
5 /*
6  * This file is part of the TYPO3 CMS project.
7  *
8  * It is free software; you can redistribute it and/or modify it under
9  * the terms of the GNU General Public License, either version 2
10  * of the License, or any later version.
11  *
12  * For the full copyright and license information, please read the
13  * LICENSE.txt file that was distributed with this source code.
14  *
15  * The TYPO3 project - inspiring people to share!
16  */
17 
18 namespace ‪TYPO3\CMS\Core\Tests\Unit\FormProtection;
19 
20 use ‪TYPO3\CMS\Core\Authentication\BackendUserAuthentication;
21 use ‪TYPO3\CMS\Core\FormProtection\BackendFormProtection;
22 use ‪TYPO3\CMS\Core\Registry;
23 use ‪TYPO3\CMS\Core\Utility\GeneralUtility;
24 use TYPO3\TestingFramework\Core\Unit\UnitTestCase;
25 
29 class ‪BackendFormProtectionTest extends UnitTestCase
30 {
34  protected ‪$subject;
35 
39  protected ‪$backendUserMock;
40 
44  protected ‪$registryMock;
45 
49  protected function ‪setUp(): void
50  {
51  parent::setUp();
52  $this->backendUserMock = $this->createMock(BackendUserAuthentication::class);
53  $this->backendUserMock->user['uid'] = 1;
54  $this->registryMock = $this->createMock(Registry::class);
55  $this->subject = new ‪BackendFormProtection(
56  $this->backendUserMock,
57  $this->registryMock,
58  static function () {
59  throw new \Exception('Closure called', 1442592030);
60  }
61  );
62  ‪$GLOBALS['TYPO3_CONF_VARS']['SYS']['encryptionKey'] = '';
63  }
64 
68  public function ‪generateTokenReadsTokenFromSessionData(): void
69  {
70  $this->backendUserMock
71  ->expects(self::once())
72  ->method('getSessionData')
73  ->with('formProtectionSessionToken')
74  ->willReturn([]);
75  $this->subject->generateToken('foo');
76  }
77 
81  public function ‪tokenFromSessionDataIsAvailableForValidateToken(): void
82  {
83  $sessionToken = '881ffea2159ac72182557b79dc0c723f5a8d20136f9fab56cdd4f8b3a1dbcfcd';
84  $formName = 'foo';
85  $action = 'edit';
86  $formInstanceName = '42';
87 
88  $tokenId = GeneralUtility::hmac(
89  $formName . $action . $formInstanceName . $sessionToken
90  );
91 
92  $this->backendUserMock
93  ->expects(self::atLeastOnce())
94  ->method('getSessionData')
95  ->with('formProtectionSessionToken')
96  ->willReturn($sessionToken);
97 
98  self::assertTrue(
99  $this->subject->validateToken($tokenId, $formName, $action, $formInstanceName)
100  );
101  }
102 
106  public function ‪restoreSessionTokenFromRegistryThrowsExceptionIfSessionTokenIsEmpty(): void
107  {
108  $this->expectException(\UnexpectedValueException::class);
109  $this->expectExceptionCode(1301827270);
110 
111  $this->subject->setSessionTokenFromRegistry();
112  }
113 
117  public function ‪persistSessionTokenWritesTokenToSession(): void
118  {
119  $this->backendUserMock
120  ->expects(self::once())
121  ->method('setAndSaveSessionData');
122  $this->subject->persistSessionToken();
123  }
124 
128  public function ‪failingTokenValidationInvokesFailingTokenClosure(): void
129  {
130  $this->expectException(\Exception::class);
131  $this->expectExceptionCode(1442592030);
132 
133  $this->subject->validateToken('foo', 'bar');
134  }
135 }
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\BackendFormProtectionTest\setUp
‪setUp()
Definition: BackendFormProtectionTest.php:46
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\BackendFormProtectionTest\tokenFromSessionDataIsAvailableForValidateToken
‪tokenFromSessionDataIsAvailableForValidateToken()
Definition: BackendFormProtectionTest.php:78
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\BackendFormProtectionTest\$backendUserMock
‪BackendUserAuthentication PHPUnit Framework MockObject MockObject $backendUserMock
Definition: BackendFormProtectionTest.php:37
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\BackendFormProtectionTest\generateTokenReadsTokenFromSessionData
‪generateTokenReadsTokenFromSessionData()
Definition: BackendFormProtectionTest.php:65
‪TYPO3\CMS\Core\Registry
Definition: Registry.php:33
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\BackendFormProtectionTest\restoreSessionTokenFromRegistryThrowsExceptionIfSessionTokenIsEmpty
‪restoreSessionTokenFromRegistryThrowsExceptionIfSessionTokenIsEmpty()
Definition: BackendFormProtectionTest.php:103
‪TYPO3\CMS\Core\FormProtection\BackendFormProtection
Definition: BackendFormProtection.php:75
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\BackendFormProtectionTest\$registryMock
‪Registry PHPUnit Framework MockObject MockObject $registryMock
Definition: BackendFormProtectionTest.php:41
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\BackendFormProtectionTest
Definition: BackendFormProtectionTest.php:30
‪TYPO3\CMS\Core\Authentication\BackendUserAuthentication
Definition: BackendUserAuthentication.php:62
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\BackendFormProtectionTest\persistSessionTokenWritesTokenToSession
‪persistSessionTokenWritesTokenToSession()
Definition: BackendFormProtectionTest.php:114
‪$GLOBALS
‪$GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['adminpanel']['modules']
Definition: ext_localconf.php:25
‪TYPO3\CMS\Core\Tests\Unit\FormProtection
Definition: AbstractFormProtectionTest.php:18
‪TYPO3\CMS\Core\Utility\GeneralUtility
Definition: GeneralUtility.php:50
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\BackendFormProtectionTest\failingTokenValidationInvokesFailingTokenClosure
‪failingTokenValidationInvokesFailingTokenClosure()
Definition: BackendFormProtectionTest.php:125
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\BackendFormProtectionTest\$subject
‪TYPO3 CMS Core FormProtection BackendFormProtection PHPUnit Framework MockObject MockObject TYPO3 TestingFramework Core AccessibleObjectInterface $subject
Definition: BackendFormProtectionTest.php:33