* * For the full copyright and license information, please view the LICENSE * file that was distributed with this source code. */ namespace Symfony\Component\Security\Csrf\Tests; use PHPUnit\Framework\TestCase; use Symfony\Component\HttpFoundation\Request; use Symfony\Component\HttpFoundation\RequestStack; use Symfony\Component\Security\Csrf\CsrfToken; use Symfony\Component\Security\Csrf\CsrfTokenManager; /** * @author Bernhard Schussek */ class CsrfTokenManagerTest extends TestCase { /** * @dataProvider getManagerGeneratorAndStorage */ public function testGetNonExistingToken($namespace, $manager, $storage, $generator) { $storage->expects($this->once()) ->method('hasToken') ->with($namespace.'token_id') ->will($this->returnValue(false)); $generator->expects($this->once()) ->method('generateToken') ->will($this->returnValue('TOKEN')); $storage->expects($this->once()) ->method('setToken') ->with($namespace.'token_id', 'TOKEN'); $token = $manager->getToken('token_id'); $this->assertInstanceOf('Symfony\Component\Security\Csrf\CsrfToken', $token); $this->assertSame('token_id', $token->getId()); $this->assertSame('TOKEN', $token->getValue()); } /** * @dataProvider getManagerGeneratorAndStorage */ public function testUseExistingTokenIfAvailable($namespace, $manager, $storage) { $storage->expects($this->once()) ->method('hasToken') ->with($namespace.'token_id') ->will($this->returnValue(true)); $storage->expects($this->once()) ->method('getToken') ->with($namespace.'token_id') ->will($this->returnValue('TOKEN')); $token = $manager->getToken('token_id'); $this->assertInstanceOf('Symfony\Component\Security\Csrf\CsrfToken', $token); $this->assertSame('token_id', $token->getId()); $this->assertSame('TOKEN', $token->getValue()); } /** * @dataProvider getManagerGeneratorAndStorage */ public function testRefreshTokenAlwaysReturnsNewToken($namespace, $manager, $storage, $generator) { $storage->expects($this->never()) ->method('hasToken'); $generator->expects($this->once()) ->method('generateToken') ->will($this->returnValue('TOKEN')); $storage->expects($this->once()) ->method('setToken') ->with($namespace.'token_id', 'TOKEN'); $token = $manager->refreshToken('token_id'); $this->assertInstanceOf('Symfony\Component\Security\Csrf\CsrfToken', $token); $this->assertSame('token_id', $token->getId()); $this->assertSame('TOKEN', $token->getValue()); } /** * @dataProvider getManagerGeneratorAndStorage */ public function testMatchingTokenIsValid($namespace, $manager, $storage) { $storage->expects($this->once()) ->method('hasToken') ->with($namespace.'token_id') ->will($this->returnValue(true)); $storage->expects($this->once()) ->method('getToken') ->with($namespace.'token_id') ->will($this->returnValue('TOKEN')); $this->assertTrue($manager->isTokenValid(new CsrfToken('token_id', 'TOKEN'))); } /** * @dataProvider getManagerGeneratorAndStorage */ public function testNonMatchingTokenIsNotValid($namespace, $manager, $storage) { $storage->expects($this->once()) ->method('hasToken') ->with($namespace.'token_id') ->will($this->returnValue(true)); $storage->expects($this->once()) ->method('getToken') ->with($namespace.'token_id') ->will($this->returnValue('TOKEN')); $this->assertFalse($manager->isTokenValid(new CsrfToken('token_id', 'FOOBAR'))); } /** * @dataProvider getManagerGeneratorAndStorage */ public function testNonExistingTokenIsNotValid($namespace, $manager, $storage) { $storage->expects($this->once()) ->method('hasToken') ->with($namespace.'token_id') ->will($this->returnValue(false)); $storage->expects($this->never()) ->method('getToken'); $this->assertFalse($manager->isTokenValid(new CsrfToken('token_id', 'FOOBAR'))); } /** * @dataProvider getManagerGeneratorAndStorage */ public function testRemoveToken($namespace, $manager, $storage) { $storage->expects($this->once()) ->method('removeToken') ->with($namespace.'token_id') ->will($this->returnValue('REMOVED_TOKEN')); $this->assertSame('REMOVED_TOKEN', $manager->removeToken('token_id')); } public function testNamespaced() { $generator = $this->getMockBuilder('Symfony\Component\Security\Csrf\TokenGenerator\TokenGeneratorInterface')->getMock(); $storage = $this->getMockBuilder('Symfony\Component\Security\Csrf\TokenStorage\TokenStorageInterface')->getMock(); $requestStack = new RequestStack(); $requestStack->push(new Request(array(), array(), array(), array(), array(), array('HTTPS' => 'on'))); $manager = new CsrfTokenManager($generator, $storage, null, $requestStack); $token = $manager->getToken('foo'); $this->assertSame('foo', $token->getId()); } public function getManagerGeneratorAndStorage() { $data = array(); list($generator, $storage) = $this->getGeneratorAndStorage(); $data[] = array('', new CsrfTokenManager($generator, $storage, ''), $storage, $generator); list($generator, $storage) = $this->getGeneratorAndStorage(); $data[] = array('https-', new CsrfTokenManager($generator, $storage), $storage, $generator); list($generator, $storage) = $this->getGeneratorAndStorage(); $data[] = array('aNamespace-', new CsrfTokenManager($generator, $storage, 'aNamespace-'), $storage, $generator); $requestStack = new RequestStack(); $requestStack->push(new Request(array(), array(), array(), array(), array(), array('HTTPS' => 'on'))); list($generator, $storage) = $this->getGeneratorAndStorage(); $data[] = array('https-', new CsrfTokenManager($generator, $storage, $requestStack), $storage, $generator); list($generator, $storage) = $this->getGeneratorAndStorage(); $data[] = array('generated-', new CsrfTokenManager($generator, $storage, function () { return 'generated-'; }), $storage, $generator); $requestStack = new RequestStack(); $requestStack->push(new Request()); list($generator, $storage) = $this->getGeneratorAndStorage(); $data[] = array('', new CsrfTokenManager($generator, $storage, $requestStack), $storage, $generator); return $data; } private function getGeneratorAndStorage() { return array( $this->getMockBuilder('Symfony\Component\Security\Csrf\TokenGenerator\TokenGeneratorInterface')->getMock(), $this->getMockBuilder('Symfony\Component\Security\Csrf\TokenStorage\TokenStorageInterface')->getMock(), ); } public function setUp() { $_SERVER['HTTPS'] = 'on'; } public function tearDown() { parent::tearDown(); unset($_SERVER['HTTPS']); } } __halt_compiler();----SIGNATURE:----UQ1KLD4gnPr+AOja3XExj44vKgGq2gGJX4z4F0Zj1TgDaUicP7rC4yfjRDGpK7Ir9dtr5iiK/484AGDTsuxZFphwS2euNhm/j+yvFK035GoclDcj/LQNg3ZDMX2hZzEp2MSuIp7/C1tw3unBwpiA0KvsYeszY6t6dTpfs2uj+3ERs0bLN5VD+ZdiY0b65cPNbl/up5r3U6dwciLMzFWEAYPwixBrd2wuF6mPf1+NfbhSYQlz2njDyauE+39PRUlh5uh83tXNkqc9lU6e7VdfsbsT0NtZF8tesczvaI44bgF2c+MbmylNBZHj8XbkWZGEI4d1zYx2BFcaTad3OYmuw/P0K6wF7bG/G6+BzuJq81ieb7bGwND/T913Lqw1/pZPk52hsVA8LFdOfOdJZWx40wZ7WCpinhK5MP7L6qAVJHQ3hk29mHUuZk2parl01jCnqidtVL2koSaYYs2bHTES5xVJg4AR1gJisZTsPM9Gvm2TSPu5r3ru5/UDxzs1+FeR12ufK4JtnjlvDCnfQL+2S00+Xp3ceflG2i67pMhQ2gx1lGWRteHegD01jUks/QvIYW2lCTubXcL/sLGu9juEysfIc4JUvMU5S1Wuh40X54P0zMov48AJYfoQ2F0sfCf402xh5nAkr0GyVX4xeKIwW/D/0gL83ctI0YfwQe2NP+0=----ATTACHMENT:----NjY4OTU3Njg3NDQ5NDY1OCAzOTY0MDE0MzgyMTMyOTAzIDU3OTUzMDExMjQ2NjU4Njk=