‪TYPO3CMS  ‪main
InstallToolFormProtectionTest.php
Go to the documentation of this file.
1 <?php
2 
3 declare(strict_types=1);
4 
5 /*
6  * This file is part of the TYPO3 CMS project.
7  *
8  * It is free software; you can redistribute it and/or modify it under
9  * the terms of the GNU General Public License, either version 2
10  * of the License, or any later version.
11  *
12  * For the full copyright and license information, please read the
13  * LICENSE.txt file that was distributed with this source code.
14  *
15  * The TYPO3 project - inspiring people to share!
16  */
17 
18 namespace ‪TYPO3\CMS\Core\Tests\Unit\FormProtection;
19 
20 use PHPUnit\Framework\Attributes\Test;
21 use ‪TYPO3\CMS\Core\Crypto\HashService;
22 use ‪TYPO3\CMS\Core\FormProtection\AbstractFormProtection;
23 use ‪TYPO3\CMS\Core\FormProtection\InstallToolFormProtection;
24 use TYPO3\TestingFramework\Core\Unit\UnitTestCase;
25 
26 final class ‪InstallToolFormProtectionTest extends UnitTestCase
27 {
28  protected bool ‪$resetSingletonInstances = true;
29  protected ‪HashService ‪$hashService;
30 
31  protected function ‪setUp(): void
32  {
33  parent::setUp();
34  ‪$GLOBALS['TYPO3_CONF_VARS']['SYS']['encryptionKey'] = '';
35  $this->hashService = new ‪HashService();
36  }
37 
38  #[Test]
39  public function ‪tokenFromSessionDataIsAvailableForValidateToken(): void
40  {
41  $sessionToken = '881ffea2159ac72182557b79dc0c723f5a8d20136f9fab56cdd4f8b3a1dbcfcd';
42  $formName = 'foo';
43  $action = 'edit';
44  $formInstanceName = '42';
45  $tokenId = $this->hashService->hmac(
46  $formName . $action . $formInstanceName . $sessionToken,
47  AbstractFormProtection::class
48  );
49  $_SESSION['installToolFormToken'] = $sessionToken;
50  $subject = $this->getAccessibleMock(InstallToolFormProtection::class, null);
51  $subject->_call('retrieveSessionToken');
52  self::assertTrue($subject->validateToken($tokenId, $formName, $action, $formInstanceName));
53  }
54 
55  #[Test]
56  public function ‪persistSessionTokenWritesTokensToSession(): void
57  {
58  $_SESSION['installToolFormToken'] = 'foo';
59  $subject = $this->getAccessibleMock(InstallToolFormProtection::class, null);
60  $subject->_set('sessionToken', '881ffea2159ac72182557b79dc0c723f5a8d20136f9fab56cdd4f8b3a1dbcfcd');
61  $subject->persistSessionToken();
62  self::assertEquals(
63  '881ffea2159ac72182557b79dc0c723f5a8d20136f9fab56cdd4f8b3a1dbcfcd',
64  $_SESSION['installToolFormToken']
65  );
66  }
67 }
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\InstallToolFormProtectionTest\setUp
‪setUp()
Definition: InstallToolFormProtectionTest.php:31
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\InstallToolFormProtectionTest\persistSessionTokenWritesTokensToSession
‪persistSessionTokenWritesTokensToSession()
Definition: InstallToolFormProtectionTest.php:56
‪TYPO3\CMS\Core\FormProtection\InstallToolFormProtection
Definition: InstallToolFormProtection.php:61
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\InstallToolFormProtectionTest\tokenFromSessionDataIsAvailableForValidateToken
‪tokenFromSessionDataIsAvailableForValidateToken()
Definition: InstallToolFormProtectionTest.php:39
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\InstallToolFormProtectionTest\$hashService
‪HashService $hashService
Definition: InstallToolFormProtectionTest.php:29
‪TYPO3\CMS\Core\FormProtection\AbstractFormProtection
Definition: AbstractFormProtection.php:31
‪$GLOBALS
‪$GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['adminpanel']['modules']
Definition: ext_localconf.php:25
‪TYPO3\CMS\Core\Tests\Unit\FormProtection
Definition: AbstractFormProtectionTest.php:18
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\InstallToolFormProtectionTest\$resetSingletonInstances
‪bool $resetSingletonInstances
Definition: InstallToolFormProtectionTest.php:28
‪TYPO3\CMS\Core\Tests\Unit\FormProtection\InstallToolFormProtectionTest
Definition: InstallToolFormProtectionTest.php:27
‪TYPO3\CMS\Core\Crypto\HashService
Definition: HashService.php:27