‪TYPO3CMS  ‪main
SlugSiteRequestAllowInsecureSiteResolutionByQueryParametersDisabledTest.php
Go to the documentation of this file.
1 <?php
2 
3 declare(strict_types=1);
4 
5 /*
6  * This file is part of the TYPO3 CMS project.
7  *
8  * It is free software; you can redistribute it and/or modify it under
9  * the terms of the GNU General Public License, either version 2
10  * of the License, or any later version.
11  *
12  * For the full copyright and license information, please read the
13  * LICENSE.txt file that was distributed with this source code.
14  *
15  * The TYPO3 project - inspiring people to share!
16  */
17 
18 namespace ‪TYPO3\CMS\Frontend\Tests\Functional\SiteHandling;
19 
20 use PHPUnit\Framework\Attributes\DataProvider;
21 use PHPUnit\Framework\Attributes\Test;
22 use ‪TYPO3\CMS\Core\Localization\LanguageServiceFactory;
23 use TYPO3\TestingFramework\Core\Functional\Framework\DataHandling\Scenario\DataHandlerFactory;
24 use TYPO3\TestingFramework\Core\Functional\Framework\DataHandling\Scenario\DataHandlerWriter;
25 use TYPO3\TestingFramework\Core\Functional\Framework\Frontend\InternalRequest;
26 
27 final class ‪SlugSiteRequestAllowInsecureSiteResolutionByQueryParametersDisabledTest extends ‪AbstractTestCase
28 {
29  protected array $configurationToUseInTestInstance = [
30  'SYS' => [
31  'devIPmask' => '123.123.123.123',
32  'encryptionKey' => '4408d27a916d51e624b69af3554f516dbab61037a9f7b9fd6f81b4d3bedeccb6',
33  'features' => [
34  'security.frontend.allowInsecureSiteResolutionByQueryParameters' => false,
35  ],
36  ],
37  'FE' => [
38  'cacheHash' => [
39  'requireCacheHashPresenceParameters' => ['value', 'testing[value]', 'tx_testing_link[value]'],
40  'excludedParameters' => ['L', 'tx_testing_link[excludedValue]'],
41  'enforceValidation' => true,
42  ],
43  'debug' => false,
44  ],
45  ];
46 
47  protected function setUp(): void
48  {
49  parent::setUp();
50  $this->withDatabaseSnapshot(function () {
51  $this->importCSVDataSet(__DIR__ . '/../Fixtures/be_users.csv');
52  $backendUser = $this->setUpBackendUser(1);
53  ‪$GLOBALS['LANG'] = $this->get(LanguageServiceFactory::class)->createFromUserPreferences($backendUser);
54  $scenarioFile = __DIR__ . '/Fixtures/SlugScenario.yaml';
55  $factory = DataHandlerFactory::fromYamlFile($scenarioFile);
56  $writer = DataHandlerWriter::withBackendUser($backendUser);
57  $writer->invokeFactory($factory);
58  static::failIfArrayIsNotEmpty($writer->getErrors());
59  $this->setUpFrontendRootPage(
60  1000,
61  [
62  'EXT:core/Tests/Functional/Fixtures/Frontend/JsonRenderer.typoscript',
63  'EXT:frontend/Tests/Functional/SiteHandling/Fixtures/JsonRenderer.typoscript',
64  ],
65  [
66  'title' => 'ACME Root',
67  ]
68  );
69  $this->setUpFrontendRootPage(
70  3000,
71  [
72  'EXT:core/Tests/Functional/Fixtures/Frontend/JsonRenderer.typoscript',
73  'EXT:frontend/Tests/Functional/SiteHandling/Fixtures/JsonRenderer.typoscript',
74  ],
75  [
76  'title' => 'ACME Archive',
77  ]
78  );
79  });
80  }
81 
82  public static function siteWithPageIdRequestsAreCorrectlyHandledDataProvider(): \Generator
83  {
84  yield 'valid same-site request is redirected' => ['https://website.local/?id=1000&L=0', 307];
85  yield 'valid same-site request is processed' => ['https://website.local/?id=1100&L=0', 200];
86  yield 'invalid off-site request with unknown domain is denied' => ['https://otherdomain.website.local/?id=3000&L=0', 404];
87  yield 'invalid off-site request with unknown domain and without L parameter is denied' => ['https://otherdomain.website.local/?id=3000', 404];
88  yield 'invalid cross-site request without L parameter is denied' => ['https://website.local/?id=3000', 404];
89  yield 'invalid cross-site request *not* denied' => ['https://website.local/?id=3000&L=0', 404];
90  }
91 
92  #[DataProvider('siteWithPageIdRequestsAreCorrectlyHandledDataProvider')]
93  #[Test]
94  public function siteWithPageIdRequestsAreCorrectlyHandled(string $uri, int $expectation): void
95  {
96  $this->‪writeSiteConfiguration(
97  'website-local',
98  $this->‪buildSiteConfiguration(1000, 'https://website.local/'),
99  [
100  $this->‪buildDefaultLanguageConfiguration('EN', '/'),
101  ],
102  $this->‪buildErrorHandlingConfiguration('Fluid', [404])
103  );
104  $this->‪writeSiteConfiguration(
105  'archive-acme-com',
106  $this->‪buildSiteConfiguration(3000, 'https://archive.acme.com/'),
107  [
108  $this->‪buildDefaultLanguageConfiguration('EN', '/'),
109  ],
110  $this->‪buildErrorHandlingConfiguration('Fluid', [404])
111  );
112 
113  $response = $this->executeFrontendSubRequest(new InternalRequest($uri));
114  self::assertSame($expectation, $response->getStatusCode());
115  }
116 }
‪TYPO3\CMS\Core\Localization\LanguageServiceFactory
Definition: LanguageServiceFactory.php:25
‪TYPO3\CMS\Core\Tests\Functional\SiteHandling\SiteBasedTestTrait\writeSiteConfiguration
‪writeSiteConfiguration(string $identifier, array $site=[], array $languages=[], array $errorHandling=[])
Definition: SiteBasedTestTrait.php:50
‪TYPO3\CMS\Frontend\Tests\Functional\SiteHandling\AbstractTestCase
Definition: AbstractTestCase.php:29
‪TYPO3\CMS\Core\Tests\Functional\SiteHandling\SiteBasedTestTrait\buildSiteConfiguration
‪buildSiteConfiguration(int $rootPageId, string $base='')
Definition: SiteBasedTestTrait.php:88
‪TYPO3\CMS\Core\Tests\Functional\SiteHandling\SiteBasedTestTrait\buildErrorHandlingConfiguration
‪buildErrorHandlingConfiguration(string $handler, array $codes)
Definition: SiteBasedTestTrait.php:142
‪TYPO3\CMS\Frontend\Tests\Functional\SiteHandling\SlugSiteRequestAllowInsecureSiteResolutionByQueryParametersDisabledTest
Definition: SlugSiteRequestAllowInsecureSiteResolutionByQueryParametersDisabledTest.php:28
‪TYPO3\CMS\Frontend\Tests\Functional\SiteHandling
Definition: AbstractTestCase.php:18
‪TYPO3\CMS\Core\Tests\Functional\SiteHandling\SiteBasedTestTrait\buildDefaultLanguageConfiguration
‪buildDefaultLanguageConfiguration(string $identifier, string $base)
Definition: SiteBasedTestTrait.php:98
‪$GLOBALS
‪$GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['adminpanel']['modules']
Definition: ext_localconf.php:25