4 * This file is part of the Symfony package.
6 * (c) Fabien Potencier <fabien@symfony.com>
8 * For the full copyright and license information, please view the LICENSE
9 * file that was distributed with this source code.
12 namespace Symfony\Component\Form\Tests\Extension\Csrf\Type
;
14 use Symfony\Component\Form\AbstractType
;
15 use Symfony\Component\Form\FormBuilderInterface
;
16 use Symfony\Component\Form\FormError
;
17 use Symfony\Component\Form\Test\TypeTestCase
;
18 use Symfony\Component\Form\Extension\Csrf\CsrfExtension
;
20 class FormTypeCsrfExtensionTest_ChildType
extends AbstractType
22 public function buildForm(FormBuilderInterface
$builder, array $options)
24 // The form needs a child in order to trigger CSRF protection by
26 $builder->add('name', 'text');
29 public function getName()
31 return 'csrf_collection_test';
35 class FormTypeCsrfExtensionTest
extends TypeTestCase
38 * @var \PHPUnit_Framework_MockObject_MockObject
40 protected $csrfProvider;
43 * @var \PHPUnit_Framework_MockObject_MockObject
45 protected $translator;
47 protected function setUp()
49 $this->csrfProvider
= $this->getMock('Symfony\Component\Form\Extension\Csrf\CsrfProvider\CsrfProviderInterface');
50 $this->translator
= $this->getMock('Symfony\Component\Translation\TranslatorInterface');
55 protected function tearDown()
57 $this->csrfProvider
= null;
58 $this->translator
= null;
63 protected function getExtensions()
65 return array_merge(parent
::getExtensions(), array(
66 new CsrfExtension($this->csrfProvider
, $this->translator
),
70 public function testCsrfProtectionByDefaultIfRootAndCompound()
72 $view = $this->factory
73 ->create('form', null, array(
74 'csrf_field_name' => 'csrf',
79 $this->assertTrue(isset($view['csrf']));
82 public function testNoCsrfProtectionByDefaultIfCompoundButNotRoot()
84 $view = $this->factory
85 ->createNamedBuilder('root', 'form')
87 ->createNamedBuilder('form', 'form', null, array(
88 'csrf_field_name' => 'csrf',
96 $this->assertFalse(isset($view['csrf']));
99 public function testNoCsrfProtectionByDefaultIfRootButNotCompound()
101 $view = $this->factory
102 ->create('form', null, array(
103 'csrf_field_name' => 'csrf',
108 $this->assertFalse(isset($view['csrf']));
111 public function testCsrfProtectionCanBeDisabled()
113 $view = $this->factory
114 ->create('form', null, array(
115 'csrf_field_name' => 'csrf',
116 'csrf_protection' => false,
121 $this->assertFalse(isset($view['csrf']));
124 public function testGenerateCsrfToken()
126 $this->csrfProvider
->expects($this->once())
127 ->method('generateCsrfToken')
128 ->with('%INTENTION%')
129 ->will($this->returnValue('token'));
131 $view = $this->factory
132 ->create('form', null, array(
133 'csrf_field_name' => 'csrf',
134 'csrf_provider' => $this->csrfProvider
,
135 'intention' => '%INTENTION%',
140 $this->assertEquals('token', $view['csrf']->vars
['value']);
143 public function provideBoolean()
152 * @dataProvider provideBoolean
154 public function testValidateTokenOnSubmitIfRootAndCompound($valid)
156 $this->csrfProvider
->expects($this->once())
157 ->method('isCsrfTokenValid')
158 ->with('%INTENTION%', 'token')
159 ->will($this->returnValue($valid));
161 $form = $this->factory
162 ->createBuilder('form', null, array(
163 'csrf_field_name' => 'csrf',
164 'csrf_provider' => $this->csrfProvider
,
165 'intention' => '%INTENTION%',
168 ->add('child', 'text')
176 // Remove token from data
177 $this->assertSame(array('child' => 'foobar'), $form->getData());
179 // Validate accordingly
180 $this->assertSame($valid, $form->isValid());
183 public function testFailIfRootAndCompoundAndTokenMissing()
185 $this->csrfProvider
->expects($this->never())
186 ->method('isCsrfTokenValid');
188 $form = $this->factory
189 ->createBuilder('form', null, array(
190 'csrf_field_name' => 'csrf',
191 'csrf_provider' => $this->csrfProvider
,
192 'intention' => '%INTENTION%',
195 ->add('child', 'text')
203 // Remove token from data
204 $this->assertSame(array('child' => 'foobar'), $form->getData());
206 // Validate accordingly
207 $this->assertFalse($form->isValid());
210 public function testDontValidateTokenIfCompoundButNoRoot()
212 $this->csrfProvider
->expects($this->never())
213 ->method('isCsrfTokenValid');
215 $form = $this->factory
216 ->createNamedBuilder('root', 'form')
218 ->createNamedBuilder('form', 'form', null, array(
219 'csrf_field_name' => 'csrf',
220 'csrf_provider' => $this->csrfProvider
,
221 'intention' => '%INTENTION%',
234 public function testDontValidateTokenIfRootButNotCompound()
236 $this->csrfProvider
->expects($this->never())
237 ->method('isCsrfTokenValid');
239 $form = $this->factory
240 ->create('form', null, array(
241 'csrf_field_name' => 'csrf',
242 'csrf_provider' => $this->csrfProvider
,
243 'intention' => '%INTENTION%',
252 public function testNoCsrfProtectionOnPrototype()
254 $prototypeView = $this->factory
255 ->create('collection', null, array(
256 'type' => new FormTypeCsrfExtensionTest_ChildType(),
258 'csrf_field_name' => 'csrf',
266 $this->assertFalse(isset($prototypeView['csrf']));
267 $this->assertCount(1, $prototypeView);
270 public function testsTranslateCustomErrorMessage()
272 $this->csrfProvider
->expects($this->once())
273 ->method('isCsrfTokenValid')
274 ->with('%INTENTION%', 'token')
275 ->will($this->returnValue(false));
277 $this->translator
->expects($this->once())
280 ->will($this->returnValue('[trans]Foobar[/trans]'));
282 $form = $this->factory
283 ->createBuilder('form', null, array(
284 'csrf_field_name' => 'csrf',
285 'csrf_provider' => $this->csrfProvider
,
286 'csrf_message' => 'Foobar',
287 'intention' => '%INTENTION%',
296 $errors = $form->getErrors();
298 $this->assertGreaterThan(0, count($errors));
299 $this->assertEquals(new FormError('[trans]Foobar[/trans]'), $errors[0]);