mirror of
https://github.com/codeigniter4/CodeIgniter4.git
synced 2025-02-20 11:44:28 +08:00
CSRF more tests
This commit is contained in:
michalsn
parent
6db0ddf5a9
commit
198c2648c0
@ -62,7 +62,7 @@ class SecurityTest extends \CIUnitTestCase {
|
||||
|
||||
//--------------------------------------------------------------------
|
||||
|
||||
public function testCSRFVerifyThrowsExceptionOnNoMatch()
|
||||
public function testCSRFVerifyPostThrowsExceptionOnNoMatch()
|
||||
{
|
||||
$security = new MockSecurity(new MockAppConfig());
|
||||
$request = new IncomingRequest(new MockAppConfig(), new URI('http://badurl.com'), null, new UserAgent());
|
||||
@ -79,12 +79,13 @@ class SecurityTest extends \CIUnitTestCase {
|
||||
|
||||
//--------------------------------------------------------------------
|
||||
|
||||
public function testCSRFVerifyReturnsSelfOnMatch()
|
||||
public function testCSRFVerifyPostReturnsSelfOnMatch()
|
||||
{
|
||||
$security = new MockSecurity(new MockAppConfig());
|
||||
$request = new IncomingRequest(new MockAppConfig(), new URI('http://badurl.com'), null, new UserAgent());
|
||||
|
||||
$_SERVER['REQUEST_METHOD'] = 'POST';
|
||||
$_POST['foo'] = 'bar';
|
||||
$_POST['csrf_test_name'] = '8b9218a55906f9dcc1dc263dce7f005a';
|
||||
$_COOKIE = [
|
||||
'csrf_cookie_name' => '8b9218a55906f9dcc1dc263dce7f005a',
|
||||
@ -92,6 +93,85 @@ class SecurityTest extends \CIUnitTestCase {
|
||||
|
||||
$this->assertInstanceOf('CodeIgniter\Security\Security', $security->CSRFVerify($request));
|
||||
$this->assertLogged('info', 'CSRF token verified');
|
||||
|
||||
$this->assertTrue(count($_POST) === 1);
|
||||
}
|
||||
|
||||
//--------------------------------------------------------------------
|
||||
|
||||
public function testCSRFVerifyHeaderThrowsExceptionOnNoMatch()
|
||||
{
|
||||
$security = new MockSecurity(new MockAppConfig());
|
||||
$request = new IncomingRequest(new MockAppConfig(), new URI('http://badurl.com'), null, new UserAgent());
|
||||
|
||||
$request->setHeader('X-CSRF-TOKEN', '8b9218a55906f9dcc1dc263dce7f005a');
|
||||
|
||||
$_SERVER['REQUEST_METHOD'] = 'POST';
|
||||
$_COOKIE = [
|
||||
'csrf_cookie_name' => '8b9218a55906f9dcc1dc263dce7f005b',
|
||||
];
|
||||
|
||||
$this->expectException(SecurityException::class);
|
||||
$security->CSRFVerify($request);
|
||||
}
|
||||
|
||||
//--------------------------------------------------------------------
|
||||
|
||||
public function testCSRFVerifyHeaderReturnsSelfOnMatch()
|
||||
{
|
||||
$security = new MockSecurity(new MockAppConfig());
|
||||
$request = new IncomingRequest(new MockAppConfig(), new URI('http://badurl.com'), null, new UserAgent());
|
||||
|
||||
$request->setHeader('X-CSRF-TOKEN', '8b9218a55906f9dcc1dc263dce7f005a');
|
||||
|
||||
$_SERVER['REQUEST_METHOD'] = 'POST';
|
||||
$_POST['foo'] = 'bar';
|
||||
$_COOKIE = [
|
||||
'csrf_cookie_name' => '8b9218a55906f9dcc1dc263dce7f005a',
|
||||
];
|
||||
|
||||
$this->assertInstanceOf('CodeIgniter\Security\Security', $security->CSRFVerify($request));
|
||||
$this->assertLogged('info', 'CSRF token verified');
|
||||
|
||||
$this->assertTrue(count($_POST) === 1);
|
||||
}
|
||||
|
||||
//--------------------------------------------------------------------
|
||||
|
||||
public function testCSRFVerifyJsonThrowsExceptionOnNoMatch()
|
||||
{
|
||||
$security = new MockSecurity(new MockAppConfig());
|
||||
$request = new IncomingRequest(new MockAppConfig(), new URI('http://badurl.com'), null, new UserAgent());
|
||||
|
||||
$request->setBody('{"csrf_test_name":"8b9218a55906f9dcc1dc263dce7f005a"}');
|
||||
|
||||
$_SERVER['REQUEST_METHOD'] = 'POST';
|
||||
$_COOKIE = [
|
||||
'csrf_cookie_name' => '8b9218a55906f9dcc1dc263dce7f005b',
|
||||
];
|
||||
|
||||
$this->expectException(SecurityException::class);
|
||||
$security->CSRFVerify($request);
|
||||
}
|
||||
|
||||
//--------------------------------------------------------------------
|
||||
|
||||
public function testCSRFVerifyJsonReturnsSelfOnMatch()
|
||||
{
|
||||
$security = new MockSecurity(new MockAppConfig());
|
||||
$request = new IncomingRequest(new MockAppConfig(), new URI('http://badurl.com'), null, new UserAgent());
|
||||
|
||||
$request->setBody('{"csrf_test_name":"8b9218a55906f9dcc1dc263dce7f005a","foo":"bar"}');
|
||||
|
||||
$_SERVER['REQUEST_METHOD'] = 'POST';
|
||||
$_COOKIE = [
|
||||
'csrf_cookie_name' => '8b9218a55906f9dcc1dc263dce7f005a',
|
||||
];
|
||||
|
||||
$this->assertInstanceOf('CodeIgniter\Security\Security', $security->CSRFVerify($request));
|
||||
$this->assertLogged('info', 'CSRF token verified');
|
||||
|
||||
$this->assertTrue($request->getBody() === '{"foo":"bar"}');
|
||||
}
|
||||
|
||||
//--------------------------------------------------------------------
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user