‪TYPO3CMS  9.5
ReferrerEnforcerTest.php
Go to the documentation of this file.
1 <?php
2 
3 declare(strict_types = 1);
4 
5 /*
6  * This file is part of the TYPO3 CMS project.
7  *
8  * It is free software; you can redistribute it and/or modify it under
9  * the terms of the GNU General Public License, either version 2
10  * of the License, or any later version.
11  *
12  * For the full copyright and license information, please read the
13  * LICENSE.txt file that was distributed with this source code.
14  *
15  * The TYPO3 project - inspiring people to share!
16  */
17 
18 namespace ‪TYPO3\CMS\Core\Tests\Unit\Http\Security;
19 
20 use Prophecy\Prophecy\ObjectProphecy;
21 use Psr\Http\Message\ServerRequestInterface;
22 use ‪TYPO3\CMS\Core\Http\NormalizedParams;
23 use ‪TYPO3\CMS\Core\Http\Security\InvalidReferrerException;
24 use ‪TYPO3\CMS\Core\Http\Security\MissingReferrerException;
25 use ‪TYPO3\CMS\Core\Http\Security\ReferrerEnforcer;
26 use ‪TYPO3\CMS\Core\Http\Uri;
27 use TYPO3\TestingFramework\Core\Unit\UnitTestCase;
28 
29 class ‪ReferrerEnforcerTest extends UnitTestCase
30 {
31  private static function ‪buildRefreshContentPattern(string $uri): string
32  {
33  return sprintf(
34  '#.+href="%s\d+" id="referrer-refresh".+#',
35  preg_quote(htmlspecialchars($uri . '&referrer-refresh='), '#')
36  );
37  }
38 
39  public function ‪validReferrerIsHandledDataProvider(): array
40  {
41  return [
42  [
43  'https://example.org/typo3/index.php?route=%2Flogin', // requestUri
44  'https://example.org/typo3/index.php', // referrer
45  null, // options
46  null, // response
47  ],
48  [
49  'https://example.org/typo3/index.php?route=%2Flogin',
50  '',
51  ['flags' => ['refresh-empty']],
52  ‪self::buildRefreshContentPattern(
53  'https://example.org/typo3/index.php?route=%2Flogin'
54  ),
55  ],
56  [
57  'https://example.org/typo3/index.php?route=%2Flogin',
58  'https://example.org/?eID=handler',
59  ['flags' => ['refresh-same-site']],
60  ‪self::buildRefreshContentPattern(
61  'https://example.org/typo3/index.php?route=%2Flogin'
62  ),
63  ],
64  [
65  'https://example.org/typo3/index.php?route=%2Flogin',
66  'https://other-example.site/security/',
67  ['flags' => ['refresh-always']],
68  ‪self::buildRefreshContentPattern(
69  'https://example.org/typo3/index.php?route=%2Flogin'
70  ),
71  ],
72  ];
73  }
74 
84  public function ‪validReferrerIsHandled(string $requestUri, string $referrer, ?array $options, ?string $expectedResponse): void
85  {
86  $subject = $this->‪buildSubject($requestUri, $referrer);
87  $response = $subject->handle($options);
88 
89  if ($expectedResponse === null) {
90  self::assertNull($response);
91  } else {
92  self::assertRegExp($expectedResponse, (string)$response->getBody());
93  }
94  }
95 
96  public function ‪invalidReferrerIsHandledDataProvider(): array
97  {
98  return [
99  [
100  'https://example.org/typo3/index.php?route=%2Flogin', // requestUri
101  'https://example.org/?eID=handler', // referrer
102  null, // options
103  ],
104  [
105  'https://example.org/typo3/index.php?route=%2Flogin',
106  'https://example.org/?eID=handler',
107  ['flags' => ['refresh-empty']],
108  ],
109  [
110  'https://example.org/typo3/index.php?route=%2Flogin',
111  'https://example.org.security/?eID=handler',
112  ['flags' => ['refresh-same-site']],
113  ],
114  [
115  'https://example.org/typo3/index.php?route=%2Flogin',
116  'https://other-example.site/security/',
117  null,
118  ],
119  ];
120  }
121 
130  public function ‪invalidReferrerIsHandled(string $requestUri, string $referrer, ?array $options): void
131  {
132  $this->expectException(InvalidReferrerException::class);
133  $this->expectExceptionCode(1588095936);
134  $subject = $this->‪buildSubject($requestUri, $referrer);
135  $subject->handle($options);
136  }
137 
141  public function ‪missingReferrerIsHandled(): void
142  {
143  $this->expectException(MissingReferrerException::class);
144  $this->expectExceptionCode(1588095935);
145  $subject = $this->‪buildSubject(
146  'https://example.org/typo3/index.php?route=%2Flogin',
147  ''
148  );
149  $subject->handle();
150  }
151 
152  private function ‪buildSubject(string $requestUri, string $referrer): ‪ReferrerEnforcer
153  {
154  $requestUriInstance = new ‪Uri($requestUri);
155  $host = sprintf(
156  '%s://%s',
157  $requestUriInstance->getScheme(),
158  $requestUriInstance->getHost()
159  );
160  ‪$dir = $host . rtrim(dirname($requestUriInstance->getPath()), '/') . '/';
161  parse_str($requestUriInstance->getQuery(), $queryParams);
162 
164  $normalizedParams = $this->prophesize(NormalizedParams::class);
165  $normalizedParams->getRequestHost()->willReturn($host);
166  $normalizedParams->getRequestDir()->willReturn(‪$dir);
168  $request = $this->prophesize(ServerRequestInterface::class);
169  $request->getAttribute('normalizedParams')->willReturn($normalizedParams);
170  $request->getServerParams()->willReturn(['HTTP_REFERER' => $referrer]);
171  $request->getUri()->willReturn($requestUriInstance);
172  $request->getQueryParams()->willReturn($queryParams);
173 
174  $subject = $this->getMockBuilder(ReferrerEnforcer::class)
175  ->setConstructorArgs([$request->reveal()])
176  ->setMethods(['resolveAbsoluteWebPath'])
177  ->getMock();
178  $subject->method('resolveAbsoluteWebPath')
179  ->with('EXT:core/Resources/Public/JavaScript/ReferrerRefresh.js')
180  ->willReturn('/typo3/sysext/core/Resources/Public/JavaScript/ReferrerRefresh.js');
181  return $subject;
182  }
183 }
‪TYPO3\CMS\Core\Http\Security\ReferrerEnforcer
Definition: ReferrerEnforcer.php:31
‪TYPO3\CMS\Core\Tests\Unit\Http\Security\ReferrerEnforcerTest\validReferrerIsHandledDataProvider
‪validReferrerIsHandledDataProvider()
Definition: ReferrerEnforcerTest.php:39
‪TYPO3\CMS\Core\Tests\Unit\Http\Security\ReferrerEnforcerTest\buildSubject
‪buildSubject(string $requestUri, string $referrer)
Definition: ReferrerEnforcerTest.php:152
‪TYPO3\CMS\Core\Tests\Unit\Http\Security\ReferrerEnforcerTest\buildRefreshContentPattern
‪static buildRefreshContentPattern(string $uri)
Definition: ReferrerEnforcerTest.php:31
‪$dir
‪$dir
Definition: validateRstFiles.php:213
‪TYPO3\CMS\Core\Http\Security\MissingReferrerException
Definition: MissingReferrerException.php:24
‪TYPO3\CMS\Core\Tests\Unit\Http\Security\ReferrerEnforcerTest\invalidReferrerIsHandled
‪invalidReferrerIsHandled(string $requestUri, string $referrer, ?array $options)
Definition: ReferrerEnforcerTest.php:130
‪TYPO3\CMS\Core\Http\Uri
Definition: Uri.php:27
‪TYPO3\CMS\Core\Tests\Unit\Http\Security\ReferrerEnforcerTest\validReferrerIsHandled
‪validReferrerIsHandled(string $requestUri, string $referrer, ?array $options, ?string $expectedResponse)
Definition: ReferrerEnforcerTest.php:84
‪TYPO3\CMS\Core\Tests\Unit\Http\Security\ReferrerEnforcerTest\invalidReferrerIsHandledDataProvider
‪invalidReferrerIsHandledDataProvider()
Definition: ReferrerEnforcerTest.php:96
‪TYPO3\CMS\Core\Tests\Unit\Http\Security\ReferrerEnforcerTest\missingReferrerIsHandled
‪missingReferrerIsHandled()
Definition: ReferrerEnforcerTest.php:141
‪TYPO3\CMS\Core\Tests\Unit\Http\Security
Definition: ReferrerEnforcerTest.php:18
‪TYPO3\CMS\Core\Http\Security\InvalidReferrerException
Definition: InvalidReferrerException.php:24
‪TYPO3\CMS\Core\Tests\Unit\Http\Security\ReferrerEnforcerTest
Definition: ReferrerEnforcerTest.php:30
‪TYPO3\CMS\Core\Http\NormalizedParams
Definition: NormalizedParams.php:32