CsrfTokenGeneratorTest.php 4.41 KB
Newer Older
1
2
3
4
5
6
7
<?php

/**
 * @file
 * Contains \Drupal\Tests\Core\Access\CsrfTokenGeneratorTest.
 */

8
namespace Drupal\Tests\Core\Access {
9
10
11
12

use Drupal\Tests\UnitTestCase;
use Drupal\Core\Access\CsrfTokenGenerator;
use Drupal\Component\Utility\Crypt;
13
use Symfony\Component\HttpFoundation\Request;
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39

/**
 * Tests the CSRF token generator.
 */
class CsrfTokenGeneratorTest extends UnitTestCase {

  /**
   * The CSRF token generator.
   *
   * @var \Drupal\Core\Access\CsrfTokenGenerator
   */
  protected $generator;

  public static function getInfo() {
    return array(
      'name' => 'CsrfTokenGenerator test',
      'description' => 'Tests the CsrfTokenGenerator class.',
      'group' => 'Access'
    );
  }

  /**
   * {@inheritdoc}
   */
  function setUp() {
    parent::setUp();
40
    $this->key = Crypt::randomBytesBase64(55);
41
42
43
44
45
46
47
48
49
50

    $private_key = $this->getMockBuilder('Drupal\Core\PrivateKey')
      ->disableOriginalConstructor()
      ->setMethods(array('get'))
      ->getMock();

    $private_key->expects($this->any())
      ->method('get')
      ->will($this->returnValue($this->key));

51
    $this->generator = new CsrfTokenGenerator($private_key);
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
  }

  /**
   * Tests CsrfTokenGenerator::get().
   */
  public function testGet() {
    $this->assertInternalType('string', $this->generator->get());
    $this->assertNotSame($this->generator->get(), $this->generator->get($this->randomName()));
    $this->assertNotSame($this->generator->get($this->randomName()), $this->generator->get($this->randomName()));
  }

  /**
   * Tests CsrfTokenGenerator::validate().
   */
  public function testValidate() {
    $token = $this->generator->get();
    $this->assertTrue($this->generator->validate($token));
    $this->assertFalse($this->generator->validate($token, 'foo'));

71

72
73
    $token = $this->generator->get('bar');
    $this->assertTrue($this->generator->validate($token, 'bar'));
74
75
76
77
78
79
80

    // Check the skip_anonymous option with both a anonymous user and a real
    // user.
    $account = $this->getMock('Drupal\Core\Session\AccountInterface');
    $account->expects($this->once())
      ->method('isAnonymous')
      ->will($this->returnValue(TRUE));
81
    $this->generator->setCurrentUser($account);
82
83
84
85
86
87
    $this->assertTrue($this->generator->validate($token, 'foo', TRUE));

    $account = $this->getMock('Drupal\Core\Session\AccountInterface');
    $account->expects($this->once())
      ->method('isAnonymous')
      ->will($this->returnValue(FALSE));
88
    $this->generator->setCurrentUser($account);
89
90

    $this->assertFalse($this->generator->validate($token, 'foo', TRUE));
91
92
  }

93
94
95
96
97
98
99
100
101
102
  /**
   * Tests CsrfTokenGenerator::validate() with different parameter types.
   *
   * @param mixed $token
   *   The token to be validated.
   * @param mixed $value
   *   (optional) An additional value to base the token on.
   *
   * @dataProvider providerTestValidateParameterTypes
   */
103
  public function testValidateParameterTypes($token, $value) {
104
105
106
    // The following check might throw PHP fatals and notices, so we disable
    // error assertions.
    set_error_handler(function () {return TRUE;});
107
    $this->assertFalse($this->generator->validate($token, $value));
108
109
110
111
    restore_error_handler();
  }

  /**
112
   * Provides data for testValidateParameterTypes.
113
114
115
116
117
   *
   * @return array
   *   An array of data used by the test.
   */
  public function providerTestValidateParameterTypes() {
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
    return array(
      array(array(), ''),
      array(TRUE, 'foo'),
      array(0, 'foo'),
    );
  }

  /**
   * Tests CsrfTokenGenerator::validate() with invalid parameter types.
   *
   * @param mixed $token
   *   The token to be validated.
   * @param mixed $value
   *   (optional) An additional value to base the token on.
   *
   * @dataProvider providerTestInvalidParameterTypes
   * @expectedException InvalidArgumentException
   */
  public function testInvalidParameterTypes($token, $value = '') {
    $this->generator->validate($token, $value);
  }

  /**
   * Provides data for testInvalidParameterTypes.
   *
   * @return array
   *   An array of data used by the test.
   */
  public function providerTestInvalidParameterTypes() {
147
148
149
150
    return array(
      array(NULL, new \stdClass()),
      array(0, array()),
      array('', array()),
151
      array(array(), array()),
152
153
154
    );
  }

155
}
156
157
158
159
160
161
162
163
164
165
166
167
168

}

/**
 * @todo Remove this when https://drupal.org/node/2036259 is resolved.
 */
namespace {
  if (!function_exists('drupal_get_hash_salt')) {
    function drupal_get_hash_salt() {
      return hash('sha256', 'test_hash_salt');
    }
  }
}