CsrfTokenGeneratorTest.php 4.41 KB
Newer Older
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39
<?php

/**
 * @file
 * Contains \Drupal\Tests\Core\Access\CsrfTokenGeneratorTest.
 */

namespace Drupal\Tests\Core\Access {

use Drupal\Tests\UnitTestCase;
use Drupal\Core\Access\CsrfTokenGenerator;
use Drupal\Component\Utility\Crypt;
use Symfony\Component\HttpFoundation\Request;

/**
 * Tests the CSRF token generator.
 */
class CsrfTokenGeneratorTest extends UnitTestCase {

  /**
   * The CSRF token generator.
   *
   * @var \Drupal\Core\Access\CsrfTokenGenerator
   */
  protected $generator;

  public static function getInfo() {
    return array(
      'name' => 'CsrfTokenGenerator test',
      'description' => 'Tests the CsrfTokenGenerator class.',
      'group' => 'Access'
    );
  }

  /**
   * {@inheritdoc}
   */
  function setUp() {
    parent::setUp();
40
    $this->key = Crypt::randomBytesBase64(55);
41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70

    $private_key = $this->getMockBuilder('Drupal\Core\PrivateKey')
      ->disableOriginalConstructor()
      ->setMethods(array('get'))
      ->getMock();

    $private_key->expects($this->any())
      ->method('get')
      ->will($this->returnValue($this->key));

    $this->generator = new CsrfTokenGenerator($private_key);
  }

  /**
   * Tests CsrfTokenGenerator::get().
   */
  public function testGet() {
    $this->assertInternalType('string', $this->generator->get());
    $this->assertNotSame($this->generator->get(), $this->generator->get($this->randomName()));
    $this->assertNotSame($this->generator->get($this->randomName()), $this->generator->get($this->randomName()));
  }

  /**
   * Tests CsrfTokenGenerator::validate().
   */
  public function testValidate() {
    $token = $this->generator->get();
    $this->assertTrue($this->generator->validate($token));
    $this->assertFalse($this->generator->validate($token, 'foo'));

71

72 73
    $token = $this->generator->get('bar');
    $this->assertTrue($this->generator->validate($token, 'bar'));
74 75 76 77 78 79 80

    // Check the skip_anonymous option with both a anonymous user and a real
    // user.
    $account = $this->getMock('Drupal\Core\Session\AccountInterface');
    $account->expects($this->once())
      ->method('isAnonymous')
      ->will($this->returnValue(TRUE));
81
    $this->generator->setCurrentUser($account);
82 83 84 85 86 87
    $this->assertTrue($this->generator->validate($token, 'foo', TRUE));

    $account = $this->getMock('Drupal\Core\Session\AccountInterface');
    $account->expects($this->once())
      ->method('isAnonymous')
      ->will($this->returnValue(FALSE));
88
    $this->generator->setCurrentUser($account);
89 90

    $this->assertFalse($this->generator->validate($token, 'foo', TRUE));
91 92
  }

93 94 95 96 97 98 99 100 101 102
  /**
   * Tests CsrfTokenGenerator::validate() with different parameter types.
   *
   * @param mixed $token
   *   The token to be validated.
   * @param mixed $value
   *   (optional) An additional value to base the token on.
   *
   * @dataProvider providerTestValidateParameterTypes
   */
103
  public function testValidateParameterTypes($token, $value) {
104 105 106
    // The following check might throw PHP fatals and notices, so we disable
    // error assertions.
    set_error_handler(function () {return TRUE;});
107
    $this->assertFalse($this->generator->validate($token, $value));
108 109 110 111
    restore_error_handler();
  }

  /**
112
   * Provides data for testValidateParameterTypes.
113 114 115 116 117
   *
   * @return array
   *   An array of data used by the test.
   */
  public function providerTestValidateParameterTypes() {
118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146
    return array(
      array(array(), ''),
      array(TRUE, 'foo'),
      array(0, 'foo'),
    );
  }

  /**
   * Tests CsrfTokenGenerator::validate() with invalid parameter types.
   *
   * @param mixed $token
   *   The token to be validated.
   * @param mixed $value
   *   (optional) An additional value to base the token on.
   *
   * @dataProvider providerTestInvalidParameterTypes
   * @expectedException InvalidArgumentException
   */
  public function testInvalidParameterTypes($token, $value = '') {
    $this->generator->validate($token, $value);
  }

  /**
   * Provides data for testInvalidParameterTypes.
   *
   * @return array
   *   An array of data used by the test.
   */
  public function providerTestInvalidParameterTypes() {
147 148 149 150
    return array(
      array(NULL, new \stdClass()),
      array(0, array()),
      array('', array()),
151
      array(array(), array()),
152 153 154
    );
  }

155 156 157 158 159 160 161 162 163 164 165 166 167 168
}

}

/**
 * @todo Remove this when https://drupal.org/node/2036259 is resolved.
 */
namespace {
  if (!function_exists('drupal_get_hash_salt')) {
    function drupal_get_hash_salt() {
      return hash('sha256', 'test_hash_salt');
    }
  }
}