‪TYPO3CMS  ‪main
AbstractFormProtectionTest.php
Go to the documentation of this file.
1 <?php
2 
3 declare(strict_types=1);
4 
5 /*
6  * This file is part of the TYPO3 CMS project.
7  *
8  * It is free software; you can redistribute it and/or modify it under
9  * the terms of the GNU General Public License, either version 2
10  * of the License, or any later version.
11  *
12  * For the full copyright and license information, please read the
13  * LICENSE.txt file that was distributed with this source code.
14  *
15  * The TYPO3 project - inspiring people to share!
16  */
17 
18 namespace ‪TYPO3\CMS\Core\Tests\Unit\FormProtection;
19 
20 use PHPUnit\Framework\Attributes\Test;
21 use ‪TYPO3\CMS\Core\Tests\Unit\FormProtection\Fixtures\FormProtectionTesting;
22 use TYPO3\TestingFramework\Core\Unit\UnitTestCase;
23 
27 final class ‪AbstractFormProtectionTest extends UnitTestCase
28 {
29  protected bool ‪$resetSingletonInstances = true;
30  protected ?‪FormProtectionTesting ‪$subject;
31 
32  protected function ‪setUp(): void
33  {
34  parent::setUp();
35  $this->subject = new ‪FormProtectionTesting();
36  ‪$GLOBALS['TYPO3_CONF_VARS']['SYS']['encryptionKey'] = '';
37  }
38 
39  #[Test]
40  public function ‪generateTokenRetrievesTokenOnce(): void
41  {
42  ‪$subject = $this->getMockBuilder(FormProtectionTesting::class)
43  ->onlyMethods(['retrieveSessionToken'])
44  ->getMock();
45  ‪$subject->expects(self::once())->method('retrieveSessionToken')->willReturn('token');
46  ‪$subject->‪generateToken('foo');
47  ‪$subject->‪generateToken('foo');
48  }
49 
50  #[Test]
51  public function ‪validateTokenRetrievesTokenOnce(): void
52  {
53  ‪$subject = $this->getMockBuilder(FormProtectionTesting::class)
54  ->onlyMethods(['retrieveSessionToken'])
55  ->getMock();
56  ‪$subject->expects(self::once())->method('retrieveSessionToken')->willReturn('token');
57  ‪$subject->‪validateToken('foo', 'bar');
58  ‪$subject->‪validateToken('foo', 'bar');
59  }
60 
61  #[Test]
62  public function ‪cleanMakesTokenInvalid(): void
63  {
64  $formName = 'foo';
65  $tokenId = $this->subject->generateToken($formName);
66  $this->subject->clean();
67  self::assertFalse($this->subject->validateToken($tokenId, $formName));
68  }
69 
70  #[Test]
71  public function ‪cleanPersistsToken(): void
72  {
73  ‪$subject = $this->getMockBuilder(FormProtectionTesting::class)
74  ->onlyMethods(['persistSessionToken'])
75  ->getMock();
76  ‪$subject->expects(self::once())->method('persistSessionToken');
77  ‪$subject->‪clean();
78  }
79 
80  #[Test]
81  public function ‪generateTokenFormForEmptyFormNameThrowsException(): void
82  {
83  $this->expectException(\InvalidArgumentException::class);
84  $this->expectExceptionCode(1294586643);
85  $this->subject->generateToken('', 'edit', 'bar');
86  }
87 
88  #[Test]
89  public function ‪generateTokenFormForEmptyActionNotThrowsException(): void
90  {
91  $this->subject->generateToken('foo', '', '42');
92  }
93 
94  #[Test]
95  public function ‪generateTokenFormForEmptyFormInstanceNameNotThrowsException(): void
96  {
97  $this->subject->generateToken('foo', 'edit', '');
98  }
99 
100  #[Test]
101  public function ‪generateTokenFormForOmittedActionAndFormInstanceNameNotThrowsException(): void
102  {
103  $this->subject->generateToken('foo');
104  }
105 
106  #[Test]
107  public function ‪generateTokenReturns32CharacterHexToken(): void
108  {
109  self::assertMatchesRegularExpression('/^[0-9a-f]{40}$/', $this->subject->generateToken('foo'));
110  }
111 
112  #[Test]
113  public function ‪generateTokenCalledTwoTimesWithSameParametersReturnsSameTokens(): void
114  {
115  self::assertEquals($this->subject->generateToken('foo', 'edit', 'bar'), $this->subject->generateToken('foo', 'edit', 'bar'));
116  }
117 
118  #[Test]
119  public function ‪validateTokenWithFourEmptyParametersNotThrowsException(): void
120  {
121  $this->subject->validateToken('', '', '', '');
122  }
123 
124  #[Test]
125  public function ‪validateTokenWithTwoEmptyAndTwoMissingParametersNotThrowsException(): void
126  {
127  $this->subject->validateToken('', '');
128  }
129 
130  #[Test]
131  public function ‪validateTokenWithDataFromGenerateTokenWithFormInstanceNameReturnsTrue(): void
132  {
133  $formName = 'foo';
134  $action = 'edit';
135  $formInstanceName = 'bar';
136  self::assertTrue($this->subject->validateToken($this->subject->generateToken($formName, $action, $formInstanceName), $formName, $action, $formInstanceName));
137  }
138 
139  #[Test]
140  public function ‪validateTokenWithDataFromGenerateTokenWithMissingActionAndFormInstanceNameReturnsTrue(): void
141  {
142  $formName = 'foo';
143  self::assertTrue($this->subject->validateToken($this->subject->generateToken($formName), $formName));
144  }
145 
146  #[Test]
147  public function ‪validateTokenWithValidDataCalledTwoTimesReturnsTrueOnSecondCall(): void
148  {
149  $formName = 'foo';
150  $action = 'edit';
151  $formInstanceName = 'bar';
152  $tokenId = $this->subject->generateToken($formName, $action, $formInstanceName);
153  $this->subject->validateToken($tokenId, $formName, $action, $formInstanceName);
154  self::assertTrue($this->subject->validateToken($tokenId, $formName, $action, $formInstanceName));
155  }
156 
157  #[Test]
158  public function ‪validateTokenWithMismatchingTokenIdReturnsFalse(): void
159  {
160  $formName = 'foo';
161  $action = 'edit';
162  $formInstanceName = 'bar';
163  $this->subject->generateToken($formName, $action, $formInstanceName);
164  self::assertFalse($this->subject->validateToken('Hello world!', $formName, $action, $formInstanceName));
165  }
166 
167  #[Test]
168  public function ‪validateTokenWithMismatchingFormNameReturnsFalse(): void
169  {
170  $formName = 'foo';
171  $action = 'edit';
172  $formInstanceName = 'bar';
173  $tokenId = $this->subject->generateToken($formName, $action, $formInstanceName);
174  self::assertFalse($this->subject->validateToken($tokenId, 'espresso', $action, $formInstanceName));
175  }
176 
177  #[Test]
178  public function ‪validateTokenWithMismatchingActionReturnsFalse(): void
179  {
180  $formName = 'foo';
181  $action = 'edit';
182  $formInstanceName = 'bar';
183  $tokenId = $this->subject->generateToken($formName, $action, $formInstanceName);
184  self::assertFalse($this->subject->validateToken($tokenId, $formName, 'delete', $formInstanceName));
185  }
186 
187  #[Test]
188  public function ‪validateTokenWithMismatchingFormInstanceNameReturnsFalse(): void
189  {
190  $formName = 'foo';
191  $action = 'edit';
192  $formInstanceName = 'bar';
193  $tokenId = $this->subject->generateToken($formName, $action, $formInstanceName);
194  self::assertFalse($this->subject->validateToken($tokenId, $formName, $action, 'beer'));
195  }
196 
197  #[Test]
198  public function ‪validateTokenForValidTokenNotCallsCreateValidationErrorMessage(): void
199  {
200  ‪$subject = $this->getMockBuilder(FormProtectionTesting::class)
201  ->onlyMethods(['createValidationErrorMessage'])
202  ->getMock();
203  ‪$subject->expects(self::never())->method('createValidationErrorMessage');
204  $formName = 'foo';
205  $action = 'edit';
206  $formInstanceName = 'bar';
207  $token = ‪$subject->‪generateToken($formName, $action, $formInstanceName);
208  ‪$subject->‪validateToken($token, $formName, $action, $formInstanceName);
209  }
210 
211  #[Test]
212  public function ‪validateTokenForInvalidTokenCallsCreateValidationErrorMessage(): void
213  {
214  ‪$subject = $this->getMockBuilder(FormProtectionTesting::class)
215  ->onlyMethods(['createValidationErrorMessage'])
216  ->getMock();
217  ‪$subject->expects(self::once())->method('createValidationErrorMessage');
218  $formName = 'foo';
219  $action = 'edit';
220  $formInstanceName = 'bar';
221  ‪$subject->‪generateToken($formName, $action, $formInstanceName);
222  ‪$subject->‪validateToken('an invalid token ...', $formName, $action, $formInstanceName);
223  }
224 
225  #[Test]
226  public function ‪validateTokenForInvalidFormNameCallsCreateValidationErrorMessage(): void
227  {
228  ‪$subject = $this->getMockBuilder(FormProtectionTesting::class)
229  ->onlyMethods(['createValidationErrorMessage'])
230  ->getMock();
231  ‪$subject->expects(self::once())->method('createValidationErrorMessage');
232  $formName = 'foo';
233  $action = 'edit';
234  $formInstanceName = 'bar';
235  $token = ‪$subject->‪generateToken($formName, $action, $formInstanceName);
236  ‪$subject->‪validateToken($token, 'another form name', $action, $formInstanceName);
237  }
238 }
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\AbstractFormProtectionTest\generateTokenFormForEmptyFormNameThrowsException
‪generateTokenFormForEmptyFormNameThrowsException()
Definition: AbstractFormProtectionTest.php:81
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\AbstractFormProtectionTest\generateTokenRetrievesTokenOnce
‪generateTokenRetrievesTokenOnce()
Definition: AbstractFormProtectionTest.php:40
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\AbstractFormProtectionTest\generateTokenReturns32CharacterHexToken
‪generateTokenReturns32CharacterHexToken()
Definition: AbstractFormProtectionTest.php:107
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\AbstractFormProtectionTest\validateTokenWithMismatchingFormNameReturnsFalse
‪validateTokenWithMismatchingFormNameReturnsFalse()
Definition: AbstractFormProtectionTest.php:168
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\AbstractFormProtectionTest\validateTokenWithFourEmptyParametersNotThrowsException
‪validateTokenWithFourEmptyParametersNotThrowsException()
Definition: AbstractFormProtectionTest.php:119
‪TYPO3\CMS\Core\FormProtection\AbstractFormProtection\generateToken
‪string generateToken($formName, $action='', $formInstanceName='')
Definition: AbstractFormProtection.php:76
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\AbstractFormProtectionTest\validateTokenForInvalidFormNameCallsCreateValidationErrorMessage
‪validateTokenForInvalidFormNameCallsCreateValidationErrorMessage()
Definition: AbstractFormProtectionTest.php:226
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\AbstractFormProtectionTest\validateTokenWithDataFromGenerateTokenWithMissingActionAndFormInstanceNameReturnsTrue
‪validateTokenWithDataFromGenerateTokenWithMissingActionAndFormInstanceNameReturnsTrue()
Definition: AbstractFormProtectionTest.php:140
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\AbstractFormProtectionTest\validateTokenWithTwoEmptyAndTwoMissingParametersNotThrowsException
‪validateTokenWithTwoEmptyAndTwoMissingParametersNotThrowsException()
Definition: AbstractFormProtectionTest.php:125
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\AbstractFormProtectionTest\cleanMakesTokenInvalid
‪cleanMakesTokenInvalid()
Definition: AbstractFormProtectionTest.php:62
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\AbstractFormProtectionTest\validateTokenWithDataFromGenerateTokenWithFormInstanceNameReturnsTrue
‪validateTokenWithDataFromGenerateTokenWithFormInstanceNameReturnsTrue()
Definition: AbstractFormProtectionTest.php:131
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\AbstractFormProtectionTest\generateTokenCalledTwoTimesWithSameParametersReturnsSameTokens
‪generateTokenCalledTwoTimesWithSameParametersReturnsSameTokens()
Definition: AbstractFormProtectionTest.php:113
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\AbstractFormProtectionTest\validateTokenWithValidDataCalledTwoTimesReturnsTrueOnSecondCall
‪validateTokenWithValidDataCalledTwoTimesReturnsTrueOnSecondCall()
Definition: AbstractFormProtectionTest.php:147
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\Fixtures\FormProtectionTesting
Definition: FormProtectionTesting.php:29
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\AbstractFormProtectionTest\generateTokenFormForEmptyActionNotThrowsException
‪generateTokenFormForEmptyActionNotThrowsException()
Definition: AbstractFormProtectionTest.php:89
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\AbstractFormProtectionTest\validateTokenForValidTokenNotCallsCreateValidationErrorMessage
‪validateTokenForValidTokenNotCallsCreateValidationErrorMessage()
Definition: AbstractFormProtectionTest.php:198
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\AbstractFormProtectionTest\validateTokenWithMismatchingActionReturnsFalse
‪validateTokenWithMismatchingActionReturnsFalse()
Definition: AbstractFormProtectionTest.php:178
‪TYPO3\CMS\Core\FormProtection\AbstractFormProtection\clean
‪clean()
Definition: AbstractFormProtection.php:57
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\AbstractFormProtectionTest\validateTokenWithMismatchingFormInstanceNameReturnsFalse
‪validateTokenWithMismatchingFormInstanceNameReturnsFalse()
Definition: AbstractFormProtectionTest.php:188
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\AbstractFormProtectionTest\validateTokenForInvalidTokenCallsCreateValidationErrorMessage
‪validateTokenForInvalidTokenCallsCreateValidationErrorMessage()
Definition: AbstractFormProtectionTest.php:212
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\AbstractFormProtectionTest\$resetSingletonInstances
‪bool $resetSingletonInstances
Definition: AbstractFormProtectionTest.php:29
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\AbstractFormProtectionTest\generateTokenFormForEmptyFormInstanceNameNotThrowsException
‪generateTokenFormForEmptyFormInstanceNameNotThrowsException()
Definition: AbstractFormProtectionTest.php:95
‪TYPO3\CMS\Core\FormProtection\AbstractFormProtection\validateToken
‪bool validateToken($tokenId, $formName, $action='', $formInstanceName='')
Definition: AbstractFormProtection.php:95
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\AbstractFormProtectionTest\cleanPersistsToken
‪cleanPersistsToken()
Definition: AbstractFormProtectionTest.php:71
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\AbstractFormProtectionTest\validateTokenRetrievesTokenOnce
‪validateTokenRetrievesTokenOnce()
Definition: AbstractFormProtectionTest.php:51
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\AbstractFormProtectionTest\setUp
‪setUp()
Definition: AbstractFormProtectionTest.php:32
‪$GLOBALS
‪$GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['adminpanel']['modules']
Definition: ext_localconf.php:25
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\AbstractFormProtectionTest
Definition: AbstractFormProtectionTest.php:28
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\AbstractFormProtectionTest\generateTokenFormForOmittedActionAndFormInstanceNameNotThrowsException
‪generateTokenFormForOmittedActionAndFormInstanceNameNotThrowsException()
Definition: AbstractFormProtectionTest.php:101
‪TYPO3\CMS\Core\Tests\Unit\FormProtection
Definition: AbstractFormProtectionTest.php:18
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\AbstractFormProtectionTest\validateTokenWithMismatchingTokenIdReturnsFalse
‪validateTokenWithMismatchingTokenIdReturnsFalse()
Definition: AbstractFormProtectionTest.php:158
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\AbstractFormProtectionTest\$subject
‪FormProtectionTesting $subject
Definition: AbstractFormProtectionTest.php:30