1 <?php

2 namespace TYPO3\CMS\Core\Tests\Unit\FormProtection;

3 

22 class AbstractFormProtectionTest extends \TYPO3\CMS\Core\Tests\UnitTestCase {

23 

27  protected $subject;

28 

29  public function setUp() {

30  $this->subject = new \TYPO3\CMS\Core\Tests\Unit\FormProtection\Fixtures\FormProtectionTesting();

31  }

32 

34  // Tests concerning the basic functions

36 

39  public function generateTokenRetrievesTokenOnce() {

40  $subject = $this->getMock('TYPO3\\CMS\\Core\\Tests\\Unit\\FormProtection\\Fixtures\\FormProtectionTesting', array('retrieveSessionToken'));

41  $subject->expects($this->once())->method('retrieveSessionToken')->will($this->returnValue('token'));

42  $subject->generateToken('foo');

43  $subject->generateToken('foo');

44  }

45 

49  public function validateTokenRetrievesTokenOnce() {

50  $subject = $this->getMock('TYPO3\\CMS\\Core\\Tests\\Unit\\FormProtection\\Fixtures\\FormProtectionTesting', array('retrieveSessionToken'));

51  $subject->expects($this->once())->method('retrieveSessionToken')->will($this->returnValue('token'));

52  $subject->validateToken('foo', 'bar');

53  $subject->validateToken('foo', 'bar');

54  }

55 

59  public function cleanMakesTokenInvalid() {

60  $formName = 'foo';

61  $tokenId = $this->subject->generateToken($formName);

62  $this->subject->clean();

63  $this->assertFalse($this->subject->validateToken($tokenId, $formName));

64  }

65 

69  public function cleanPersistsToken() {

70  $subject = $this->getMock('TYPO3\\CMS\\Core\\Tests\\Unit\\FormProtection\\Fixtures\\FormProtectionTesting', array('persistSessionToken'));

71  $subject->expects($this->once())->method('persistSessionToken');

72  $subject->clean();

73  }

74 

76  // Tests concerning generateToken

78 

81  public function generateTokenFormForEmptyFormNameThrowsException() {

82  $this->setExpectedException('InvalidArgumentException', '$formName must not be empty.');

83  $this->subject->generateToken('', 'edit', 'bar');

84  }

85 

89  public function generateTokenFormForEmptyActionNotThrowsException() {

90  $this->subject->generateToken('foo', '', '42');

91  }

92 

96  public function generateTokenFormForEmptyFormInstanceNameNotThrowsException() {

97  $this->subject->generateToken('foo', 'edit', '');

98  }

99 

103  public function generateTokenFormForOmittedActionAndFormInstanceNameNotThrowsException() {

104  $this->subject->generateToken('foo');

105  }

106 

110  public function generateTokenReturns32CharacterHexToken() {

111  $this->assertRegexp('/^[0-9a-f]{40}$/', $this->subject->generateToken('foo'));

112  }

113 

117  public function generateTokenCalledTwoTimesWithSameParametersReturnsSameTokens() {

118  $this->assertEquals($this->subject->generateToken('foo', 'edit', 'bar'), $this->subject->generateToken('foo', 'edit', 'bar'));

119  }

120 

122  // Tests concerning validateToken

124 

127  public function validateTokenWithFourEmptyParametersNotThrowsException() {

128  $this->subject->validateToken('', '', '', '');

129  }

130 

134  public function validateTokenWithTwoEmptyAndTwoMissingParametersNotThrowsException() {

135  $this->subject->validateToken('', '');

136  }

137 

141  public function validateTokenWithDataFromGenerateTokenWithFormInstanceNameReturnsTrue() {

142  $formName = 'foo';

143  $action = 'edit';

144  $formInstanceName = 'bar';

145  $this->assertTrue($this->subject->validateToken($this->subject->generateToken($formName, $action, $formInstanceName), $formName, $action, $formInstanceName));

146  }

147 

151  public function validateTokenWithDataFromGenerateTokenWithMissingActionAndFormInstanceNameReturnsTrue() {

152  $formName = 'foo';

153  $this->assertTrue($this->subject->validateToken($this->subject->generateToken($formName), $formName));

154  }

155 

159  public function validateTokenWithValidDataCalledTwoTimesReturnsTrueOnSecondCall() {

160  $formName = 'foo';

161  $action = 'edit';

162  $formInstanceName = 'bar';

163  $tokenId = $this->subject->generateToken($formName, $action, $formInstanceName);

164  $this->subject->validateToken($tokenId, $formName, $action, $formInstanceName);

165  $this->assertTrue($this->subject->validateToken($tokenId, $formName, $action, $formInstanceName));

166  }

167 

171  public function validateTokenWithMismatchingTokenIdReturnsFalse() {

172  $formName = 'foo';

173  $action = 'edit';

174  $formInstanceName = 'bar';

175  $this->subject->generateToken($formName, $action, $formInstanceName);

176  $this->assertFalse($this->subject->validateToken('Hello world!', $formName, $action, $formInstanceName));

177  }

178 

182  public function validateTokenWithMismatchingFormNameReturnsFalse() {

183  $formName = 'foo';

184  $action = 'edit';

185  $formInstanceName = 'bar';

186  $tokenId = $this->subject->generateToken($formName, $action, $formInstanceName);

187  $this->assertFalse($this->subject->validateToken($tokenId, 'espresso', $action, $formInstanceName));

188  }

189 

193  public function validateTokenWithMismatchingActionReturnsFalse() {

194  $formName = 'foo';

195  $action = 'edit';

196  $formInstanceName = 'bar';

197  $tokenId = $this->subject->generateToken($formName, $action, $formInstanceName);

198  $this->assertFalse($this->subject->validateToken($tokenId, $formName, 'delete', $formInstanceName));

199  }

200 

204  public function validateTokenWithMismatchingFormInstanceNameReturnsFalse() {

205  $formName = 'foo';

206  $action = 'edit';

207  $formInstanceName = 'bar';

208  $tokenId = $this->subject->generateToken($formName, $action, $formInstanceName);

209  $this->assertFalse($this->subject->validateToken($tokenId, $formName, $action, 'beer'));

210  }

211 

215  public function validateTokenForValidTokenNotCallsCreateValidationErrorMessage() {

217  $subject = $this->getMock('TYPO3\\CMS\\Core\\Tests\\Unit\\FormProtection\\Fixtures\\FormProtectionTesting', array('createValidationErrorMessage'));

218  $subject->expects($this->never())->method('createValidationErrorMessage');

219  $formName = 'foo';

220  $action = 'edit';

221  $formInstanceName = 'bar';

222  $token = $subject->generateToken($formName, $action, $formInstanceName);

223  $subject->validateToken($token, $formName, $action, $formInstanceName);

224  $subject->__destruct();

225  }

226 

230  public function validateTokenForInvalidTokenCallsCreateValidationErrorMessage() {

232  $subject = $this->getMock('TYPO3\\CMS\\Core\\Tests\\Unit\\FormProtection\\Fixtures\\FormProtectionTesting', array('createValidationErrorMessage'));

233  $subject->expects($this->once())->method('createValidationErrorMessage');

234  $formName = 'foo';

235  $action = 'edit';

236  $formInstanceName = 'bar';

237  $subject->generateToken($formName, $action, $formInstanceName);

238  $subject->validateToken('an invalid token ...', $formName, $action, $formInstanceName);

239  $subject->__destruct();

240  }

241 

245  public function validateTokenForInvalidFormNameCallsCreateValidationErrorMessage() {

247  $subject = $this->getMock('TYPO3\\CMS\\Core\\Tests\\Unit\\FormProtection\\Fixtures\\FormProtectionTesting', array('createValidationErrorMessage'));

248  $subject->expects($this->once())->method('createValidationErrorMessage');

249  $formName = 'foo';

250  $action = 'edit';

251  $formInstanceName = 'bar';

252  $token = $subject->generateToken($formName, $action, $formInstanceName);

253  $subject->validateToken($token, 'another form name', $action, $formInstanceName);

254  $subject->__destruct();

255  }

256 

257 }