‪TYPO3CMS  9.5
BackendFormProtectionTest.php
Go to the documentation of this file.
1 <?php
2 namespace ‪TYPO3\CMS\Core\Tests\Unit\FormProtection;
3 
4 /*
5  * This file is part of the TYPO3 CMS project.
6  *
7  * It is free software; you can redistribute it and/or modify it under
8  * the terms of the GNU General Public License, either version 2
9  * of the License, or any later version.
10  *
11  * For the full copyright and license information, please read the
12  * LICENSE.txt file that was distributed with this source code.
13  *
14  * The TYPO3 project - inspiring people to share!
15  */
16 
17 use ‪TYPO3\CMS\Core\Authentication\BackendUserAuthentication;
18 use ‪TYPO3\CMS\Core\FormProtection\BackendFormProtection;
19 use ‪TYPO3\CMS\Core\Registry;
20 use TYPO3\TestingFramework\Core\Unit\UnitTestCase;
21 
25 class ‪BackendFormProtectionTest extends UnitTestCase
26 {
30  protected ‪$subject;
31 
35  protected ‪$backendUserMock;
36 
40  protected ‪$registryMock;
41 
45  protected function ‪setUp()
46  {
47  $this->backendUserMock = $this->createMock(\‪TYPO3\CMS\Core\Authentication\BackendUserAuthentication::class);
48  $this->backendUserMock->user['uid'] = 1;
49  $this->registryMock = $this->createMock(Registry::class);
50  $this->subject = new ‪BackendFormProtection(
51  $this->backendUserMock,
52  $this->registryMock,
53  function () {
54  throw new \Exception('Closure called', 1442592030);
55  }
56  );
57  }
58 
62  public function ‪generateTokenReadsTokenFromSessionData()
63  {
64  $this->backendUserMock
65  ->expects($this->once())
66  ->method('getSessionData')
67  ->with('formProtectionSessionToken')
68  ->will($this->returnValue([]));
69  $this->subject->generateToken('foo');
70  }
71 
75  public function ‪tokenFromSessionDataIsAvailableForValidateToken()
76  {
77  $sessionToken = '881ffea2159ac72182557b79dc0c723f5a8d20136f9fab56cdd4f8b3a1dbcfcd';
78  $formName = 'foo';
79  $action = 'edit';
80  $formInstanceName = '42';
81 
82  $tokenId = \TYPO3\CMS\Core\Utility\GeneralUtility::hmac(
83  $formName . $action . $formInstanceName . $sessionToken
84  );
85 
86  $this->backendUserMock
87  ->expects($this->atLeastOnce())
88  ->method('getSessionData')
89  ->with('formProtectionSessionToken')
90  ->will($this->returnValue($sessionToken));
91 
92  $this->assertTrue(
93  $this->subject->validateToken($tokenId, $formName, $action, $formInstanceName)
94  );
95  }
96 
100  public function ‪restoreSessionTokenFromRegistryThrowsExceptionIfSessionTokenIsEmpty()
101  {
102  $this->expectException(\UnexpectedValueException::class);
103  $this->expectExceptionCode(1301827270);
104 
105  $this->subject->setSessionTokenFromRegistry();
106  }
107 
111  public function ‪persistSessionTokenWritesTokenToSession()
112  {
113  $this->backendUserMock
114  ->expects($this->once())
115  ->method('setAndSaveSessionData');
116  $this->subject->persistSessionToken();
117  }
118 
122  public function ‪failingTokenValidationInvokesFailingTokenClosure()
123  {
124  $this->expectException(\Exception::class);
125  $this->expectExceptionCode(1442592030);
126 
127  $this->subject->validateToken('foo', 'bar');
128  }
129 }
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\BackendFormProtectionTest\setUp
‪setUp()
Definition: BackendFormProtectionTest.php:42
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\BackendFormProtectionTest\$backendUserMock
‪BackendUserAuthentication PHPUnit_Framework_MockObject_MockObject $backendUserMock
Definition: BackendFormProtectionTest.php:33
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\BackendFormProtectionTest\$subject
‪TYPO3 CMS Core FormProtection BackendFormProtection PHPUnit_Framework_MockObject_MockObject TYPO3 TestingFramework Core AccessibleObjectInterface $subject
Definition: BackendFormProtectionTest.php:29
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\BackendFormProtectionTest\tokenFromSessionDataIsAvailableForValidateToken
‪tokenFromSessionDataIsAvailableForValidateToken()
Definition: BackendFormProtectionTest.php:72
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\BackendFormProtectionTest\$registryMock
‪Registry PHPUnit_Framework_MockObject_MockObject $registryMock
Definition: BackendFormProtectionTest.php:37
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\BackendFormProtectionTest\generateTokenReadsTokenFromSessionData
‪generateTokenReadsTokenFromSessionData()
Definition: BackendFormProtectionTest.php:59
‪TYPO3
‪TYPO3\CMS\Core\Registry
Definition: Registry.php:32
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\BackendFormProtectionTest\restoreSessionTokenFromRegistryThrowsExceptionIfSessionTokenIsEmpty
‪restoreSessionTokenFromRegistryThrowsExceptionIfSessionTokenIsEmpty()
Definition: BackendFormProtectionTest.php:97
‪TYPO3\CMS\Core\FormProtection\BackendFormProtection
Definition: BackendFormProtection.php:73
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\BackendFormProtectionTest
Definition: BackendFormProtectionTest.php:26
‪TYPO3\CMS\Core\Authentication\BackendUserAuthentication
Definition: BackendUserAuthentication.php:45
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\BackendFormProtectionTest\persistSessionTokenWritesTokenToSession
‪persistSessionTokenWritesTokenToSession()
Definition: BackendFormProtectionTest.php:108
‪TYPO3\CMS\Core\Tests\Unit\FormProtection
Definition: AbstractFormProtectionTest.php:3
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\BackendFormProtectionTest\failingTokenValidationInvokesFailingTokenClosure
‪failingTokenValidationInvokesFailingTokenClosure()
Definition: BackendFormProtectionTest.php:119