‪TYPO3CMS  ‪main
BackendFormProtectionTest.php
Go to the documentation of this file.
1 <?php
2 
3 declare(strict_types=1);
4 
5 /*
6  * This file is part of the TYPO3 CMS project.
7  *
8  * It is free software; you can redistribute it and/or modify it under
9  * the terms of the GNU General Public License, either version 2
10  * of the License, or any later version.
11  *
12  * For the full copyright and license information, please read the
13  * LICENSE.txt file that was distributed with this source code.
14  *
15  * The TYPO3 project - inspiring people to share!
16  */
17 
19 
20 use PHPUnit\Framework\Attributes\Test;
21 use PHPUnit\Framework\MockObject\MockObject;
27 use TYPO3\TestingFramework\Core\Unit\UnitTestCase;
28 
29 final class ‪BackendFormProtectionTest extends UnitTestCase
30 {
31  protected bool ‪$resetSingletonInstances = true;
35 
36  protected function ‪setUp(): void
37  {
38  parent::setUp();
39  $this->backendUserMock = $this->createMock(BackendUserAuthentication::class);
40  $this->backendUserMock->user['uid'] = 1;
41  $this->subject = new ‪BackendFormProtection(
42  $this->backendUserMock,
43  $this->createMock(Registry::class),
44  static function () {
45  throw new \Exception('Closure called', 1442592030);
46  }
47  );
48  $this->hashService = new ‪HashService();
49  ‪$GLOBALS['TYPO3_CONF_VARS']['SYS']['encryptionKey'] = '';
50  }
51 
52  #[Test]
54  {
55  $this->backendUserMock
56  ->expects(self::once())
57  ->method('getSessionData')
58  ->with('formProtectionSessionToken')
59  ->willReturn([]);
60  $this->subject->generateToken('foo');
61  }
62 
63  #[Test]
65  {
66  $sessionToken = '881ffea2159ac72182557b79dc0c723f5a8d20136f9fab56cdd4f8b3a1dbcfcd';
67  $formName = 'foo';
68  $action = 'edit';
69  $formInstanceName = '42';
70 
71  $tokenId = $this->hashService->hmac(
72  $formName . $action . $formInstanceName . $sessionToken,
73  AbstractFormProtection::class
74  );
75 
76  $this->backendUserMock
77  ->expects(self::atLeastOnce())
78  ->method('getSessionData')
79  ->with('formProtectionSessionToken')
80  ->willReturn($sessionToken);
81 
82  self::assertTrue(
83  $this->subject->validateToken($tokenId, $formName, $action, $formInstanceName)
84  );
85  }
86 
87  #[Test]
89  {
90  $this->expectException(\UnexpectedValueException::class);
91  $this->expectExceptionCode(1301827270);
92 
93  $this->subject->setSessionTokenFromRegistry();
94  }
95 
96  #[Test]
98  {
99  $this->backendUserMock
100  ->expects(self::once())
101  ->method('setAndSaveSessionData');
102  $this->subject->persistSessionToken();
103  }
104 
105  #[Test]
107  {
108  $this->expectException(\Exception::class);
109  $this->expectExceptionCode(1442592030);
110 
111  $this->subject->validateToken('foo', 'bar');
112  }
113 }
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\BackendFormProtectionTest\setUp
‪setUp()
Definition: BackendFormProtectionTest.php:36
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\BackendFormProtectionTest\tokenFromSessionDataIsAvailableForValidateToken
‪tokenFromSessionDataIsAvailableForValidateToken()
Definition: BackendFormProtectionTest.php:64
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\BackendFormProtectionTest\generateTokenReadsTokenFromSessionData
‪generateTokenReadsTokenFromSessionData()
Definition: BackendFormProtectionTest.php:53
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\BackendFormProtectionTest\$backendUserMock
‪BackendUserAuthentication &MockObject $backendUserMock
Definition: BackendFormProtectionTest.php:33
‪TYPO3\CMS\Core\Registry
Definition: Registry.php:33
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\BackendFormProtectionTest\restoreSessionTokenFromRegistryThrowsExceptionIfSessionTokenIsEmpty
‪restoreSessionTokenFromRegistryThrowsExceptionIfSessionTokenIsEmpty()
Definition: BackendFormProtectionTest.php:88
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\BackendFormProtectionTest\$resetSingletonInstances
‪bool $resetSingletonInstances
Definition: BackendFormProtectionTest.php:31
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\BackendFormProtectionTest\$subject
‪BackendFormProtection $subject
Definition: BackendFormProtectionTest.php:32
‪TYPO3\CMS\Core\FormProtection\BackendFormProtection
Definition: BackendFormProtection.php:75
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\BackendFormProtectionTest
Definition: BackendFormProtectionTest.php:30
‪TYPO3\CMS\Core\Authentication\BackendUserAuthentication
Definition: BackendUserAuthentication.php:62
‪TYPO3\CMS\Core\FormProtection\AbstractFormProtection
Definition: AbstractFormProtection.php:31
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\BackendFormProtectionTest\$hashService
‪HashService $hashService
Definition: BackendFormProtectionTest.php:34
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\BackendFormProtectionTest\persistSessionTokenWritesTokenToSession
‪persistSessionTokenWritesTokenToSession()
Definition: BackendFormProtectionTest.php:97
‪$GLOBALS
‪$GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['adminpanel']['modules']
Definition: ext_localconf.php:25
‪TYPO3\CMS\Core\Tests\Unit\FormProtection
Definition: AbstractFormProtectionTest.php:18
‪TYPO3\CMS\Core\Crypto\HashService
Definition: HashService.php:27
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\BackendFormProtectionTest\failingTokenValidationInvokesFailingTokenClosure
‪failingTokenValidationInvokesFailingTokenClosure()
Definition: BackendFormProtectionTest.php:106