‪TYPO3CMS  9.5
AbstractFormProtectionTest.php
Go to the documentation of this file.
1 <?php
2 declare(strict_types = 1);
3 namespace ‪TYPO3\CMS\Core\Tests\Unit\FormProtection;
4 
5 /*
6  * This file is part of the TYPO3 CMS project.
7  *
8  * It is free software; you can redistribute it and/or modify it under
9  * the terms of the GNU General Public License, either version 2
10  * of the License, or any later version.
11  *
12  * For the full copyright and license information, please read the
13  * LICENSE.txt file that was distributed with this source code.
14  *
15  * The TYPO3 project - inspiring people to share!
16  */
17 
18 use ‪TYPO3\CMS\Core\Tests\Unit\FormProtection\Fixtures\FormProtectionTesting;
19 use TYPO3\TestingFramework\Core\Unit\UnitTestCase;
20 
24 class ‪AbstractFormProtectionTest extends UnitTestCase
25 {
29  protected ‪$subject;
30 
31  protected function ‪setUp(): void
32  {
33  $this->subject = new ‪FormProtectionTesting();
34  }
35 
37  // Tests concerning the basic functions
39 
42  public function ‪generateTokenRetrievesTokenOnce(): void
43  {
44  ‪$subject = $this->getMockBuilder(FormProtectionTesting::class)
45  ->setMethods(['retrieveSessionToken'])
46  ->getMock();
47  ‪$subject->expects($this->once())->method('retrieveSessionToken')->will($this->returnValue('token'));
48  ‪$subject->‪generateToken('foo');
49  ‪$subject->‪generateToken('foo');
50  }
51 
55  public function ‪validateTokenRetrievesTokenOnce(): void
56  {
57  ‪$subject = $this->getMockBuilder(FormProtectionTesting::class)
58  ->setMethods(['retrieveSessionToken'])
59  ->getMock();
60  ‪$subject->expects($this->once())->method('retrieveSessionToken')->will($this->returnValue('token'));
61  ‪$subject->‪validateToken('foo', 'bar');
62  ‪$subject->‪validateToken('foo', 'bar');
63  }
64 
68  public function ‪cleanMakesTokenInvalid(): void
69  {
70  $formName = 'foo';
71  $tokenId = $this->subject->generateToken($formName);
72  $this->subject->clean();
73  $this->assertFalse($this->subject->validateToken($tokenId, $formName));
74  }
75 
79  public function ‪cleanPersistsToken(): void
80  {
81  ‪$subject = $this->getMockBuilder(FormProtectionTesting::class)
82  ->setMethods(['persistSessionToken'])
83  ->getMock();
84  ‪$subject->expects($this->once())->method('persistSessionToken');
85  ‪$subject->‪clean();
86  }
87 
89  // Tests concerning generateToken
91 
94  public function ‪generateTokenFormForEmptyFormNameThrowsException(): void
95  {
96  $this->expectException(\InvalidArgumentException::class);
97  $this->expectExceptionCode(1294586643);
98  $this->subject->generateToken('', 'edit', 'bar');
99  }
100 
104  public function ‪generateTokenFormForEmptyActionNotThrowsException(): void
105  {
106  $this->subject->generateToken('foo', '', '42');
107  }
108 
112  public function ‪generateTokenFormForEmptyFormInstanceNameNotThrowsException(): void
113  {
114  $this->subject->generateToken('foo', 'edit', '');
115  }
116 
120  public function ‪generateTokenFormForOmittedActionAndFormInstanceNameNotThrowsException(): void
121  {
122  $this->subject->generateToken('foo');
123  }
124 
128  public function ‪generateTokenReturns32CharacterHexToken(): void
129  {
130  $this->assertRegExp('/^[0-9a-f]{40}$/', $this->subject->generateToken('foo'));
131  }
132 
136  public function ‪generateTokenCalledTwoTimesWithSameParametersReturnsSameTokens(): void
137  {
138  $this->assertEquals($this->subject->generateToken('foo', 'edit', 'bar'), $this->subject->generateToken('foo', 'edit', 'bar'));
139  }
140 
142  // Tests concerning validateToken
144 
147  public function ‪validateTokenWithFourEmptyParametersNotThrowsException(): void
148  {
149  $this->subject->validateToken('', '', '', '');
150  }
151 
155  public function ‪validateTokenWithTwoEmptyAndTwoMissingParametersNotThrowsException(): void
156  {
157  $this->subject->validateToken('', '');
158  }
159 
163  public function ‪validateTokenWithDataFromGenerateTokenWithFormInstanceNameReturnsTrue(): void
164  {
165  $formName = 'foo';
166  $action = 'edit';
167  $formInstanceName = 'bar';
168  $this->assertTrue($this->subject->validateToken($this->subject->generateToken($formName, $action, $formInstanceName), $formName, $action, $formInstanceName));
169  }
170 
174  public function ‪validateTokenWithDataFromGenerateTokenWithMissingActionAndFormInstanceNameReturnsTrue(): void
175  {
176  $formName = 'foo';
177  $this->assertTrue($this->subject->validateToken($this->subject->generateToken($formName), $formName));
178  }
179 
183  public function ‪validateTokenWithValidDataCalledTwoTimesReturnsTrueOnSecondCall(): void
184  {
185  $formName = 'foo';
186  $action = 'edit';
187  $formInstanceName = 'bar';
188  $tokenId = $this->subject->generateToken($formName, $action, $formInstanceName);
189  $this->subject->validateToken($tokenId, $formName, $action, $formInstanceName);
190  $this->assertTrue($this->subject->validateToken($tokenId, $formName, $action, $formInstanceName));
191  }
192 
196  public function ‪validateTokenWithMismatchingTokenIdReturnsFalse(): void
197  {
198  $formName = 'foo';
199  $action = 'edit';
200  $formInstanceName = 'bar';
201  $this->subject->generateToken($formName, $action, $formInstanceName);
202  $this->assertFalse($this->subject->validateToken('Hello world!', $formName, $action, $formInstanceName));
203  }
204 
208  public function ‪validateTokenWithMismatchingFormNameReturnsFalse(): void
209  {
210  $formName = 'foo';
211  $action = 'edit';
212  $formInstanceName = 'bar';
213  $tokenId = $this->subject->generateToken($formName, $action, $formInstanceName);
214  $this->assertFalse($this->subject->validateToken($tokenId, 'espresso', $action, $formInstanceName));
215  }
216 
220  public function ‪validateTokenWithMismatchingActionReturnsFalse(): void
221  {
222  $formName = 'foo';
223  $action = 'edit';
224  $formInstanceName = 'bar';
225  $tokenId = $this->subject->generateToken($formName, $action, $formInstanceName);
226  $this->assertFalse($this->subject->validateToken($tokenId, $formName, 'delete', $formInstanceName));
227  }
228 
232  public function ‪validateTokenWithMismatchingFormInstanceNameReturnsFalse(): void
233  {
234  $formName = 'foo';
235  $action = 'edit';
236  $formInstanceName = 'bar';
237  $tokenId = $this->subject->generateToken($formName, $action, $formInstanceName);
238  $this->assertFalse($this->subject->validateToken($tokenId, $formName, $action, 'beer'));
239  }
240 
244  public function ‪validateTokenForValidTokenNotCallsCreateValidationErrorMessage(): void
245  {
247  ‪$subject = $this->getMockBuilder(FormProtectionTesting::class)
248  ->setMethods(['createValidationErrorMessage'])
249  ->getMock();
250  ‪$subject->expects($this->never())->method('createValidationErrorMessage');
251  $formName = 'foo';
252  $action = 'edit';
253  $formInstanceName = 'bar';
254  $token = ‪$subject->‪generateToken($formName, $action, $formInstanceName);
255  ‪$subject->‪validateToken($token, $formName, $action, $formInstanceName);
256  ‪$subject->‪__destruct();
257  }
258 
262  public function ‪validateTokenForInvalidTokenCallsCreateValidationErrorMessage(): void
263  {
265  ‪$subject = $this->getMockBuilder(FormProtectionTesting::class)
266  ->setMethods(['createValidationErrorMessage'])
267  ->getMock();
268  ‪$subject->expects($this->once())->method('createValidationErrorMessage');
269  $formName = 'foo';
270  $action = 'edit';
271  $formInstanceName = 'bar';
272  ‪$subject->‪generateToken($formName, $action, $formInstanceName);
273  ‪$subject->‪validateToken('an invalid token ...', $formName, $action, $formInstanceName);
274  ‪$subject->‪__destruct();
275  }
276 
280  public function ‪validateTokenForInvalidFormNameCallsCreateValidationErrorMessage(): void
281  {
283  ‪$subject = $this->getMockBuilder(FormProtectionTesting::class)
284  ->setMethods(['createValidationErrorMessage'])
285  ->getMock();
286  ‪$subject->expects($this->once())->method('createValidationErrorMessage');
287  $formName = 'foo';
288  $action = 'edit';
289  $formInstanceName = 'bar';
290  $token = ‪$subject->‪generateToken($formName, $action, $formInstanceName);
291  ‪$subject->‪validateToken($token, 'another form name', $action, $formInstanceName);
292  ‪$subject->‪__destruct();
293  }
294 }
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\AbstractFormProtectionTest\generateTokenFormForEmptyFormNameThrowsException
‪generateTokenFormForEmptyFormNameThrowsException()
Definition: AbstractFormProtectionTest.php:93
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\AbstractFormProtectionTest\generateTokenRetrievesTokenOnce
‪generateTokenRetrievesTokenOnce()
Definition: AbstractFormProtectionTest.php:41
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\AbstractFormProtectionTest\generateTokenReturns32CharacterHexToken
‪generateTokenReturns32CharacterHexToken()
Definition: AbstractFormProtectionTest.php:127
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\AbstractFormProtectionTest\validateTokenWithMismatchingFormNameReturnsFalse
‪validateTokenWithMismatchingFormNameReturnsFalse()
Definition: AbstractFormProtectionTest.php:207
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\AbstractFormProtectionTest\validateTokenWithFourEmptyParametersNotThrowsException
‪validateTokenWithFourEmptyParametersNotThrowsException()
Definition: AbstractFormProtectionTest.php:146
‪TYPO3\CMS\Core\FormProtection\AbstractFormProtection\generateToken
‪string generateToken($formName, $action='', $formInstanceName='')
Definition: AbstractFormProtection.php:82
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\AbstractFormProtectionTest\validateTokenForInvalidFormNameCallsCreateValidationErrorMessage
‪validateTokenForInvalidFormNameCallsCreateValidationErrorMessage()
Definition: AbstractFormProtectionTest.php:279
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\AbstractFormProtectionTest\validateTokenWithDataFromGenerateTokenWithMissingActionAndFormInstanceNameReturnsTrue
‪validateTokenWithDataFromGenerateTokenWithMissingActionAndFormInstanceNameReturnsTrue()
Definition: AbstractFormProtectionTest.php:173
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\AbstractFormProtectionTest\validateTokenWithTwoEmptyAndTwoMissingParametersNotThrowsException
‪validateTokenWithTwoEmptyAndTwoMissingParametersNotThrowsException()
Definition: AbstractFormProtectionTest.php:154
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\AbstractFormProtectionTest\cleanMakesTokenInvalid
‪cleanMakesTokenInvalid()
Definition: AbstractFormProtectionTest.php:67
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\AbstractFormProtectionTest\validateTokenWithDataFromGenerateTokenWithFormInstanceNameReturnsTrue
‪validateTokenWithDataFromGenerateTokenWithFormInstanceNameReturnsTrue()
Definition: AbstractFormProtectionTest.php:162
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\AbstractFormProtectionTest\generateTokenCalledTwoTimesWithSameParametersReturnsSameTokens
‪generateTokenCalledTwoTimesWithSameParametersReturnsSameTokens()
Definition: AbstractFormProtectionTest.php:135
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\AbstractFormProtectionTest\validateTokenWithValidDataCalledTwoTimesReturnsTrueOnSecondCall
‪validateTokenWithValidDataCalledTwoTimesReturnsTrueOnSecondCall()
Definition: AbstractFormProtectionTest.php:182
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\Fixtures\FormProtectionTesting
Definition: FormProtectionTesting.php:24
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\AbstractFormProtectionTest\generateTokenFormForEmptyActionNotThrowsException
‪generateTokenFormForEmptyActionNotThrowsException()
Definition: AbstractFormProtectionTest.php:103
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\AbstractFormProtectionTest\validateTokenForValidTokenNotCallsCreateValidationErrorMessage
‪validateTokenForValidTokenNotCallsCreateValidationErrorMessage()
Definition: AbstractFormProtectionTest.php:243
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\AbstractFormProtectionTest\validateTokenWithMismatchingActionReturnsFalse
‪validateTokenWithMismatchingActionReturnsFalse()
Definition: AbstractFormProtectionTest.php:219
‪TYPO3\CMS\Core\FormProtection\AbstractFormProtection\clean
‪clean()
Definition: AbstractFormProtection.php:63
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\AbstractFormProtectionTest\validateTokenWithMismatchingFormInstanceNameReturnsFalse
‪validateTokenWithMismatchingFormInstanceNameReturnsFalse()
Definition: AbstractFormProtectionTest.php:231
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\AbstractFormProtectionTest\validateTokenForInvalidTokenCallsCreateValidationErrorMessage
‪validateTokenForInvalidTokenCallsCreateValidationErrorMessage()
Definition: AbstractFormProtectionTest.php:261
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\AbstractFormProtectionTest\generateTokenFormForEmptyFormInstanceNameNotThrowsException
‪generateTokenFormForEmptyFormInstanceNameNotThrowsException()
Definition: AbstractFormProtectionTest.php:111
‪TYPO3\CMS\Core\FormProtection\AbstractFormProtection\validateToken
‪bool validateToken($tokenId, $formName, $action='', $formInstanceName='')
Definition: AbstractFormProtection.php:101
‪TYPO3\CMS\Core\FormProtection\AbstractFormProtection\__destruct
‪__destruct()
Definition: AbstractFormProtection.php:53
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\AbstractFormProtectionTest\cleanPersistsToken
‪cleanPersistsToken()
Definition: AbstractFormProtectionTest.php:78
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\AbstractFormProtectionTest\validateTokenRetrievesTokenOnce
‪validateTokenRetrievesTokenOnce()
Definition: AbstractFormProtectionTest.php:54
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\AbstractFormProtectionTest\setUp
‪setUp()
Definition: AbstractFormProtectionTest.php:30
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\AbstractFormProtectionTest
Definition: AbstractFormProtectionTest.php:25
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\AbstractFormProtectionTest\generateTokenFormForOmittedActionAndFormInstanceNameNotThrowsException
‪generateTokenFormForOmittedActionAndFormInstanceNameNotThrowsException()
Definition: AbstractFormProtectionTest.php:119
‪TYPO3\CMS\Core\Tests\Unit\FormProtection
Definition: AbstractFormProtectionTest.php:3
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\AbstractFormProtectionTest\validateTokenWithMismatchingTokenIdReturnsFalse
‪validateTokenWithMismatchingTokenIdReturnsFalse()
Definition: AbstractFormProtectionTest.php:195
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\AbstractFormProtectionTest\$subject
‪FormProtectionTesting $subject
Definition: AbstractFormProtectionTest.php:28