AbstractFormProtectionTest.php

Go to the documentation of this file.

<?php
namespace TYPO3\CMS\Core\Tests\Unit\FormProtection;

class AbstractFormProtectionTest extends \TYPO3\CMS\Core\Tests\UnitTestCase {

    protected $subject;

    public function setUp() {
        $this->subject = new \TYPO3\CMS\Core\Tests\Unit\FormProtection\Fixtures\FormProtectionTesting();
    }

    // Tests concerning the basic functions

    public function generateTokenRetrievesTokenOnce() {
        $subject = $this->getMock('TYPO3\\CMS\\Core\\Tests\\Unit\\FormProtection\\Fixtures\\FormProtectionTesting', array('retrieveSessionToken'));
        $subject->expects($this->once())->method('retrieveSessionToken')->will($this->returnValue('token'));
        $subject->generateToken('foo');
        $subject->generateToken('foo');
    }

    public function validateTokenRetrievesTokenOnce() {
        $subject = $this->getMock('TYPO3\\CMS\\Core\\Tests\\Unit\\FormProtection\\Fixtures\\FormProtectionTesting', array('retrieveSessionToken'));
        $subject->expects($this->once())->method('retrieveSessionToken')->will($this->returnValue('token'));
        $subject->validateToken('foo', 'bar');
        $subject->validateToken('foo', 'bar');
    }

    public function cleanMakesTokenInvalid() {
        $formName = 'foo';
        $tokenId = $this->subject->generateToken($formName);
        $this->subject->clean();
        $this->assertFalse($this->subject->validateToken($tokenId, $formName));
    }

    public function cleanPersistsToken() {
        $subject = $this->getMock('TYPO3\\CMS\\Core\\Tests\\Unit\\FormProtection\\Fixtures\\FormProtectionTesting', array('persistSessionToken'));
        $subject->expects($this->once())->method('persistSessionToken');
        $subject->clean();
    }

    // Tests concerning generateToken

    public function generateTokenFormForEmptyFormNameThrowsException() {
        $this->setExpectedException('InvalidArgumentException', '$formName must not be empty.');
        $this->subject->generateToken('', 'edit', 'bar');
    }

    public function generateTokenFormForEmptyActionNotThrowsException() {
        $this->subject->generateToken('foo', '', '42');
    }

    public function generateTokenFormForEmptyFormInstanceNameNotThrowsException() {
        $this->subject->generateToken('foo', 'edit', '');
    }

    public function generateTokenFormForOmittedActionAndFormInstanceNameNotThrowsException() {
        $this->subject->generateToken('foo');
    }

    public function generateTokenReturns32CharacterHexToken() {
        $this->assertRegexp('/^[0-9a-f]{40}$/', $this->subject->generateToken('foo'));
    }

    public function generateTokenCalledTwoTimesWithSameParametersReturnsSameTokens() {
        $this->assertEquals($this->subject->generateToken('foo', 'edit', 'bar'), $this->subject->generateToken('foo', 'edit', 'bar'));
    }

    // Tests concerning validateToken

    public function validateTokenWithFourEmptyParametersNotThrowsException() {
        $this->subject->validateToken('', '', '', '');
    }

    public function validateTokenWithTwoEmptyAndTwoMissingParametersNotThrowsException() {
        $this->subject->validateToken('', '');
    }

    public function validateTokenWithDataFromGenerateTokenWithFormInstanceNameReturnsTrue() {
        $formName = 'foo';
        $action = 'edit';
        $formInstanceName = 'bar';
        $this->assertTrue($this->subject->validateToken($this->subject->generateToken($formName, $action, $formInstanceName), $formName, $action, $formInstanceName));
    }

    public function validateTokenWithDataFromGenerateTokenWithMissingActionAndFormInstanceNameReturnsTrue() {
        $formName = 'foo';
        $this->assertTrue($this->subject->validateToken($this->subject->generateToken($formName), $formName));
    }

    public function validateTokenWithValidDataCalledTwoTimesReturnsTrueOnSecondCall() {
        $formName = 'foo';
        $action = 'edit';
        $formInstanceName = 'bar';
        $tokenId = $this->subject->generateToken($formName, $action, $formInstanceName);
        $this->subject->validateToken($tokenId, $formName, $action, $formInstanceName);
        $this->assertTrue($this->subject->validateToken($tokenId, $formName, $action, $formInstanceName));
    }

    public function validateTokenWithMismatchingTokenIdReturnsFalse() {
        $formName = 'foo';
        $action = 'edit';
        $formInstanceName = 'bar';
        $this->subject->generateToken($formName, $action, $formInstanceName);
        $this->assertFalse($this->subject->validateToken('Hello world!', $formName, $action, $formInstanceName));
    }

    public function validateTokenWithMismatchingFormNameReturnsFalse() {
        $formName = 'foo';
        $action = 'edit';
        $formInstanceName = 'bar';
        $tokenId = $this->subject->generateToken($formName, $action, $formInstanceName);
        $this->assertFalse($this->subject->validateToken($tokenId, 'espresso', $action, $formInstanceName));
    }

    public function validateTokenWithMismatchingActionReturnsFalse() {
        $formName = 'foo';
        $action = 'edit';
        $formInstanceName = 'bar';
        $tokenId = $this->subject->generateToken($formName, $action, $formInstanceName);
        $this->assertFalse($this->subject->validateToken($tokenId, $formName, 'delete', $formInstanceName));
    }

    public function validateTokenWithMismatchingFormInstanceNameReturnsFalse() {
        $formName = 'foo';
        $action = 'edit';
        $formInstanceName = 'bar';
        $tokenId = $this->subject->generateToken($formName, $action, $formInstanceName);
        $this->assertFalse($this->subject->validateToken($tokenId, $formName, $action, 'beer'));
    }

    public function validateTokenForValidTokenNotCallsCreateValidationErrorMessage() {
        $subject = $this->getMock('TYPO3\\CMS\\Core\\Tests\\Unit\\FormProtection\\Fixtures\\FormProtectionTesting', array('createValidationErrorMessage'));
        $subject->expects($this->never())->method('createValidationErrorMessage');
        $formName = 'foo';
        $action = 'edit';
        $formInstanceName = 'bar';
        $token = $subject->generateToken($formName, $action, $formInstanceName);
        $subject->validateToken($token, $formName, $action, $formInstanceName);
        $subject->__destruct();
    }

    public function validateTokenForInvalidTokenCallsCreateValidationErrorMessage() {
        $subject = $this->getMock('TYPO3\\CMS\\Core\\Tests\\Unit\\FormProtection\\Fixtures\\FormProtectionTesting', array('createValidationErrorMessage'));
        $subject->expects($this->once())->method('createValidationErrorMessage');
        $formName = 'foo';
        $action = 'edit';
        $formInstanceName = 'bar';
        $subject->generateToken($formName, $action, $formInstanceName);
        $subject->validateToken('an invalid token ...', $formName, $action, $formInstanceName);
        $subject->__destruct();
    }

    public function validateTokenForInvalidFormNameCallsCreateValidationErrorMessage() {
        $subject = $this->getMock('TYPO3\\CMS\\Core\\Tests\\Unit\\FormProtection\\Fixtures\\FormProtectionTesting', array('createValidationErrorMessage'));
        $subject->expects($this->once())->method('createValidationErrorMessage');
        $formName = 'foo';
        $action = 'edit';
        $formInstanceName = 'bar';
        $token = $subject->generateToken($formName, $action, $formInstanceName);
        $subject->validateToken($token, 'another form name', $action, $formInstanceName);
        $subject->__destruct();
    }

}