TYPO3 CMS  TYPO3_7-6
AbstractFormProtectionTest.php
Go to the documentation of this file.
1 <?php
3 
4 /*
5  * This file is part of the TYPO3 CMS project.
6  *
7  * It is free software; you can redistribute it and/or modify it under
8  * the terms of the GNU General Public License, either version 2
9  * of the License, or any later version.
10  *
11  * For the full copyright and license information, please read the
12  * LICENSE.txt file that was distributed with this source code.
13  *
14  * The TYPO3 project - inspiring people to share!
15  */
16 
21 {
25  protected $subject;
26 
27  protected function setUp()
28  {
29  $this->subject = new \TYPO3\CMS\Core\Tests\Unit\FormProtection\Fixtures\FormProtectionTesting();
30  }
31 
33  // Tests concerning the basic functions
35 
39  {
40  $subject = $this->getMock(\TYPO3\CMS\Core\Tests\Unit\FormProtection\Fixtures\FormProtectionTesting::class, ['retrieveSessionToken']);
41  $subject->expects($this->once())->method('retrieveSessionToken')->will($this->returnValue('token'));
42  $subject->generateToken('foo');
43  $subject->generateToken('foo');
44  }
45 
50  {
51  $subject = $this->getMock(\TYPO3\CMS\Core\Tests\Unit\FormProtection\Fixtures\FormProtectionTesting::class, ['retrieveSessionToken']);
52  $subject->expects($this->once())->method('retrieveSessionToken')->will($this->returnValue('token'));
53  $subject->validateToken('foo', 'bar');
54  $subject->validateToken('foo', 'bar');
55  }
56 
60  public function cleanMakesTokenInvalid()
61  {
62  $formName = 'foo';
63  $tokenId = $this->subject->generateToken($formName);
64  $this->subject->clean();
65  $this->assertFalse($this->subject->validateToken($tokenId, $formName));
66  }
67 
71  public function cleanPersistsToken()
72  {
73  $subject = $this->getMock(\TYPO3\CMS\Core\Tests\Unit\FormProtection\Fixtures\FormProtectionTesting::class, ['persistSessionToken']);
74  $subject->expects($this->once())->method('persistSessionToken');
75  $subject->clean();
76  }
77 
79  // Tests concerning generateToken
81 
85  {
86  $this->setExpectedException('InvalidArgumentException', '$formName must not be empty.');
87  $this->subject->generateToken('', 'edit', 'bar');
88  }
89 
94  {
95  $this->subject->generateToken('foo', '', '42');
96  }
97 
102  {
103  $this->subject->generateToken('foo', 'edit', '');
104  }
105 
110  {
111  $this->subject->generateToken('foo');
112  }
113 
118  {
119  $this->assertRegexp('/^[0-9a-f]{40}$/', $this->subject->generateToken('foo'));
120  }
121 
126  {
127  $this->assertEquals($this->subject->generateToken('foo', 'edit', 'bar'), $this->subject->generateToken('foo', 'edit', 'bar'));
128  }
129 
131  // Tests concerning validateToken
133 
137  {
138  $this->subject->validateToken('', '', '', '');
139  }
140 
145  {
146  $this->subject->validateToken('', '');
147  }
148 
153  {
154  $formName = 'foo';
155  $action = 'edit';
156  $formInstanceName = 'bar';
157  $this->assertTrue($this->subject->validateToken($this->subject->generateToken($formName, $action, $formInstanceName), $formName, $action, $formInstanceName));
158  }
159 
164  {
165  $formName = 'foo';
166  $this->assertTrue($this->subject->validateToken($this->subject->generateToken($formName), $formName));
167  }
168 
173  {
174  $formName = 'foo';
175  $action = 'edit';
176  $formInstanceName = 'bar';
177  $tokenId = $this->subject->generateToken($formName, $action, $formInstanceName);
178  $this->subject->validateToken($tokenId, $formName, $action, $formInstanceName);
179  $this->assertTrue($this->subject->validateToken($tokenId, $formName, $action, $formInstanceName));
180  }
181 
186  {
187  $formName = 'foo';
188  $action = 'edit';
189  $formInstanceName = 'bar';
190  $this->subject->generateToken($formName, $action, $formInstanceName);
191  $this->assertFalse($this->subject->validateToken('Hello world!', $formName, $action, $formInstanceName));
192  }
193 
198  {
199  $formName = 'foo';
200  $action = 'edit';
201  $formInstanceName = 'bar';
202  $tokenId = $this->subject->generateToken($formName, $action, $formInstanceName);
203  $this->assertFalse($this->subject->validateToken($tokenId, 'espresso', $action, $formInstanceName));
204  }
205 
210  {
211  $formName = 'foo';
212  $action = 'edit';
213  $formInstanceName = 'bar';
214  $tokenId = $this->subject->generateToken($formName, $action, $formInstanceName);
215  $this->assertFalse($this->subject->validateToken($tokenId, $formName, 'delete', $formInstanceName));
216  }
217 
222  {
223  $formName = 'foo';
224  $action = 'edit';
225  $formInstanceName = 'bar';
226  $tokenId = $this->subject->generateToken($formName, $action, $formInstanceName);
227  $this->assertFalse($this->subject->validateToken($tokenId, $formName, $action, 'beer'));
228  }
229 
233  public function validateTokenForValidTokenNotCallsCreateValidationErrorMessage()
234  {
236  $subject = $this->getMock(\TYPO3\CMS\Core\Tests\Unit\FormProtection\Fixtures\FormProtectionTesting::class, ['createValidationErrorMessage']);
237  $subject->expects($this->never())->method('createValidationErrorMessage');
238  $formName = 'foo';
239  $action = 'edit';
240  $formInstanceName = 'bar';
241  $token = $subject->generateToken($formName, $action, $formInstanceName);
242  $subject->validateToken($token, $formName, $action, $formInstanceName);
243  $subject->__destruct();
244  }
245 
249  public function validateTokenForInvalidTokenCallsCreateValidationErrorMessage()
250  {
252  $subject = $this->getMock(\TYPO3\CMS\Core\Tests\Unit\FormProtection\Fixtures\FormProtectionTesting::class, ['createValidationErrorMessage']);
253  $subject->expects($this->once())->method('createValidationErrorMessage');
254  $formName = 'foo';
255  $action = 'edit';
256  $formInstanceName = 'bar';
257  $subject->generateToken($formName, $action, $formInstanceName);
258  $subject->validateToken('an invalid token ...', $formName, $action, $formInstanceName);
259  $subject->__destruct();
260  }
261 
265  public function validateTokenForInvalidFormNameCallsCreateValidationErrorMessage()
266  {
268  $subject = $this->getMock(\TYPO3\CMS\Core\Tests\Unit\FormProtection\Fixtures\FormProtectionTesting::class, ['createValidationErrorMessage']);
269  $subject->expects($this->once())->method('createValidationErrorMessage');
270  $formName = 'foo';
271  $action = 'edit';
272  $formInstanceName = 'bar';
273  $token = $subject->generateToken($formName, $action, $formInstanceName);
274  $subject->validateToken($token, 'another form name', $action, $formInstanceName);
275  $subject->__destruct();
276  }
277 }