TYPO3 CMS  TYPO3_7-6
BackendFormProtectionTest.php
Go to the documentation of this file.
1 <?php
2 namespace TYPO3\CMS\Core\Tests\Unit\FormProtection;
3 
4 /*
5  * This file is part of the TYPO3 CMS project.
6  *
7  * It is free software; you can redistribute it and/or modify it under
8  * the terms of the GNU General Public License, either version 2
9  * of the License, or any later version.
10  *
11  * For the full copyright and license information, please read the
12  * LICENSE.txt file that was distributed with this source code.
13  *
14  * The TYPO3 project - inspiring people to share!
15  */
16 
17 use TYPO3\CMS\Core\Authentication\BackendUserAuthentication;
18 use TYPO3\CMS\Core\FormProtection\BackendFormProtection;
19 use TYPO3\CMS\Core\Registry;
20 
24 class BackendFormProtectionTest extends \TYPO3\CMS\Core\Tests\UnitTestCase
25 {
29  protected $subject;
30 
34  protected $backendUserMock;
35 
39  protected $registryMock;
40 
44  protected function setUp()
45  {
46  $this->backendUserMock = $this->getMock(\TYPO3\CMS\Core\Authentication\BackendUserAuthentication::class);
47  $this->backendUserMock->user['uid'] = 1;
48  $this->registryMock = $this->getMock(Registry::class);
49  $this->subject = new BackendFormProtection(
50  $this->backendUserMock,
51  $this->registryMock,
52  function () {
53  throw new \Exception('Closure called', 1442592030);
54  }
55  );
56  }
57 
61  public function generateTokenReadsTokenFromSessionData()
62  {
63  $this->backendUserMock
64  ->expects($this->once())
65  ->method('getSessionData')
66  ->with('formProtectionSessionToken')
67  ->will($this->returnValue([]));
68  $this->subject->generateToken('foo');
69  }
70 
74  public function tokenFromSessionDataIsAvailableForValidateToken()
75  {
76  $sessionToken = '881ffea2159ac72182557b79dc0c723f5a8d20136f9fab56cdd4f8b3a1dbcfcd';
77  $formName = 'foo';
78  $action = 'edit';
79  $formInstanceName = '42';
80 
81  $tokenId = \TYPO3\CMS\Core\Utility\GeneralUtility::hmac(
82  $formName . $action . $formInstanceName . $sessionToken
83  );
84 
85  $this->backendUserMock
86  ->expects($this->atLeastOnce())
87  ->method('getSessionData')
88  ->with('formProtectionSessionToken')
89  ->will($this->returnValue($sessionToken));
90 
91  $this->assertTrue(
92  $this->subject->validateToken($tokenId, $formName, $action, $formInstanceName)
93  );
94  }
95 
100  public function restoreSessionTokenFromRegistryThrowsExceptionIfSessionTokenIsEmpty()
101  {
102  $this->subject->setSessionTokenFromRegistry();
103  }
104 
108  public function persistSessionTokenWritesTokenToSession()
109  {
110  $this->backendUserMock
111  ->expects($this->once())
112  ->method('setAndSaveSessionData');
113  $this->subject->persistSessionToken();
114  }
115 
121  public function failingTokenValidationInvokesFailingTokenClosure()
122  {
123  $this->subject->validateToken('foo', 'bar');
124  }
125 }
TYPO3\CMS\Core\Utility\GeneralUtility\hmac
static hmac($input, $additionalSecret='')
Definition: GeneralUtility.php:795