diff options
| author | Igor Scheller <igor.scheller@igorshp.de> | 2018-11-27 13:34:55 +0100 |
|---|---|---|
| committer | msquare <msquare@notrademark.de> | 2018-12-02 12:53:31 +0100 |
| commit | 55beca95cd8d6ecfe610daea304c8374a10485af (patch) | |
| tree | e84ca6064c3d3b6315e9c026b0a808f8e594d16a /tests | |
| parent | 9788c5095a67a45fe3545ae0fc747b8e629ea4fd (diff) | |
Refactoring: Throw HttpAuthExpired on csrf token mismatch
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/Unit/Http/Exceptions/HttpAuthExpiredTest.php | 22 | ||||
| -rw-r--r-- | tests/Unit/Middleware/VerifyCsrfTokenTest.php | 44 |
2 files changed, 43 insertions, 23 deletions
diff --git a/tests/Unit/Http/Exceptions/HttpAuthExpiredTest.php b/tests/Unit/Http/Exceptions/HttpAuthExpiredTest.php new file mode 100644 index 00000000..4eaee032 --- /dev/null +++ b/tests/Unit/Http/Exceptions/HttpAuthExpiredTest.php @@ -0,0 +1,22 @@ +<?php + +namespace Engelsystem\Test\Unit\Http\Exceptions; + +use Engelsystem\Http\Exceptions\HttpAuthExpired; +use PHPUnit\Framework\TestCase; + +class HttpAuthExpiredTest extends TestCase +{ + /** + * @covers \Engelsystem\Http\Exceptions\HttpAuthExpired::__construct + */ + public function testConstruct() + { + $exception = new HttpAuthExpired(); + $this->assertEquals(419, $exception->getStatusCode()); + $this->assertEquals('Authentication Expired', $exception->getMessage()); + + $exception = new HttpAuthExpired('Oops!'); + $this->assertEquals('Oops!', $exception->getMessage()); + } +} diff --git a/tests/Unit/Middleware/VerifyCsrfTokenTest.php b/tests/Unit/Middleware/VerifyCsrfTokenTest.php index 60280c5b..636e1f81 100644 --- a/tests/Unit/Middleware/VerifyCsrfTokenTest.php +++ b/tests/Unit/Middleware/VerifyCsrfTokenTest.php @@ -2,6 +2,7 @@ namespace Engelsystem\Test\Unit\Middleware; +use Engelsystem\Http\Exceptions\HttpAuthExpired; use Engelsystem\Middleware\VerifyCsrfToken; use PHPUnit\Framework\MockObject\MockObject; use PHPUnit\Framework\TestCase; @@ -33,13 +34,9 @@ class VerifyCsrfTokenTest extends TestCase /** @var VerifyCsrfToken|MockObject $middleware */ $middleware = $this->getMockBuilder(VerifyCsrfToken::class) ->disableOriginalConstructor() - ->setMethods(['notAuthorizedResponse', 'tokensMatch']) + ->setMethods(['tokensMatch']) ->getMock(); - $middleware->expects($this->exactly(1)) - ->method('notAuthorizedResponse') - ->willReturn($response); - $middleware->expects($this->exactly(2)) ->method('tokensMatch') ->willReturnOnConsecutiveCalls(true, false); @@ -47,10 +44,15 @@ class VerifyCsrfTokenTest extends TestCase // Results in true, false, false $request->expects($this->exactly(3)) ->method('getMethod') - ->willReturnOnConsecutiveCalls('GET', 'POST', 'DELETE'); + ->willReturnOnConsecutiveCalls('GET', 'DELETE', 'POST'); + // Is reading $middleware->process($request, $handler); + // Tokens match $middleware->process($request, $handler); + + // No match + $this->expectException(HttpAuthExpired::class); $middleware->process($request, $handler); } @@ -66,23 +68,18 @@ class VerifyCsrfTokenTest extends TestCase $handler = $this->getMockForAbstractClass(RequestHandlerInterface::class); /** @var ResponseInterface|MockObject $response */ $response = $this->getMockForAbstractClass(ResponseInterface::class); - /** @var ResponseInterface|MockObject $noAuthResponse */ - $noAuthResponse = $this->getMockForAbstractClass(ResponseInterface::class); /** @var SessionInterface|MockObject $session */ $session = $this->getMockForAbstractClass(SessionInterface::class); /** @var VerifyCsrfToken|MockObject $middleware */ $middleware = $this->getMockBuilder(VerifyCsrfToken::class) ->setConstructorArgs([$session]) - ->setMethods(['isReading', 'notAuthorizedResponse']) + ->setMethods(['isReading']) ->getMock(); $middleware->expects($this->atLeastOnce()) ->method('isReading') ->willReturn(false); - $middleware->expects($this->exactly(1)) - ->method('notAuthorizedResponse') - ->willReturn($noAuthResponse); $handler->expects($this->exactly(3)) ->method('handle') @@ -92,37 +89,38 @@ class VerifyCsrfTokenTest extends TestCase ->method('getParsedBody') ->willReturnOnConsecutiveCalls( null, - null, ['_token' => 'PostFooToken'], - ['_token' => 'PostBarToken'] + ['_token' => 'PostBarToken'], + null ); $request->expects($this->exactly(4)) ->method('getHeader') ->with('X-CSRF-TOKEN') ->willReturnOnConsecutiveCalls( - [], ['HeaderFooToken'], [], - ['HeaderBarToken'] + ['HeaderBarToken'], + [] ); $session->expects($this->exactly(4)) ->method('get') ->with('_token') ->willReturnOnConsecutiveCalls( - 'NotAvailableToken', 'HeaderFooToken', 'PostFooToken', - 'PostBarToken' + 'PostBarToken', + 'NotAvailableToken' ); - // Not tokens - $this->assertEquals($noAuthResponse, $middleware->process($request, $handler)); // Header token - $this->assertEquals($response, $middleware->process($request, $handler)); + $middleware->process($request, $handler); // POST token - $this->assertEquals($response, $middleware->process($request, $handler)); + $middleware->process($request, $handler); // Header and POST tokens - $this->assertEquals($response, $middleware->process($request, $handler)); + $middleware->process($request, $handler); + // No tokens + $this->expectException(HttpAuthExpired::class); + $middleware->process($request, $handler); } } |