diff options
Diffstat (limited to 'vendor/symfony/form/Symfony/Component/Form/Tests/Extension/Csrf/Type/FormTypeCsrfExtensionTest.php')
-rw-r--r-- | vendor/symfony/form/Symfony/Component/Form/Tests/Extension/Csrf/Type/FormTypeCsrfExtensionTest.php | 301 |
1 files changed, 301 insertions, 0 deletions
diff --git a/vendor/symfony/form/Symfony/Component/Form/Tests/Extension/Csrf/Type/FormTypeCsrfExtensionTest.php b/vendor/symfony/form/Symfony/Component/Form/Tests/Extension/Csrf/Type/FormTypeCsrfExtensionTest.php new file mode 100644 index 00000000..0a1f0dc4 --- /dev/null +++ b/vendor/symfony/form/Symfony/Component/Form/Tests/Extension/Csrf/Type/FormTypeCsrfExtensionTest.php | |||
@@ -0,0 +1,301 @@ | |||
1 | <?php | ||
2 | |||
3 | /* | ||
4 | * This file is part of the Symfony package. | ||
5 | * | ||
6 | * (c) Fabien Potencier <fabien@symfony.com> | ||
7 | * | ||
8 | * For the full copyright and license information, please view the LICENSE | ||
9 | * file that was distributed with this source code. | ||
10 | */ | ||
11 | |||
12 | namespace Symfony\Component\Form\Tests\Extension\Csrf\Type; | ||
13 | |||
14 | use Symfony\Component\Form\AbstractType; | ||
15 | use Symfony\Component\Form\FormBuilderInterface; | ||
16 | use Symfony\Component\Form\FormError; | ||
17 | use Symfony\Component\Form\Test\TypeTestCase; | ||
18 | use Symfony\Component\Form\Extension\Csrf\CsrfExtension; | ||
19 | |||
20 | class FormTypeCsrfExtensionTest_ChildType extends AbstractType | ||
21 | { | ||
22 | public function buildForm(FormBuilderInterface $builder, array $options) | ||
23 | { | ||
24 | // The form needs a child in order to trigger CSRF protection by | ||
25 | // default | ||
26 | $builder->add('name', 'text'); | ||
27 | } | ||
28 | |||
29 | public function getName() | ||
30 | { | ||
31 | return 'csrf_collection_test'; | ||
32 | } | ||
33 | } | ||
34 | |||
35 | class FormTypeCsrfExtensionTest extends TypeTestCase | ||
36 | { | ||
37 | /** | ||
38 | * @var \PHPUnit_Framework_MockObject_MockObject | ||
39 | */ | ||
40 | protected $csrfProvider; | ||
41 | |||
42 | /** | ||
43 | * @var \PHPUnit_Framework_MockObject_MockObject | ||
44 | */ | ||
45 | protected $translator; | ||
46 | |||
47 | protected function setUp() | ||
48 | { | ||
49 | $this->csrfProvider = $this->getMock('Symfony\Component\Form\Extension\Csrf\CsrfProvider\CsrfProviderInterface'); | ||
50 | $this->translator = $this->getMock('Symfony\Component\Translation\TranslatorInterface'); | ||
51 | |||
52 | parent::setUp(); | ||
53 | } | ||
54 | |||
55 | protected function tearDown() | ||
56 | { | ||
57 | $this->csrfProvider = null; | ||
58 | $this->translator = null; | ||
59 | |||
60 | parent::tearDown(); | ||
61 | } | ||
62 | |||
63 | protected function getExtensions() | ||
64 | { | ||
65 | return array_merge(parent::getExtensions(), array( | ||
66 | new CsrfExtension($this->csrfProvider, $this->translator), | ||
67 | )); | ||
68 | } | ||
69 | |||
70 | public function testCsrfProtectionByDefaultIfRootAndCompound() | ||
71 | { | ||
72 | $view = $this->factory | ||
73 | ->create('form', null, array( | ||
74 | 'csrf_field_name' => 'csrf', | ||
75 | 'compound' => true, | ||
76 | )) | ||
77 | ->createView(); | ||
78 | |||
79 | $this->assertTrue(isset($view['csrf'])); | ||
80 | } | ||
81 | |||
82 | public function testNoCsrfProtectionByDefaultIfCompoundButNotRoot() | ||
83 | { | ||
84 | $view = $this->factory | ||
85 | ->createNamedBuilder('root', 'form') | ||
86 | ->add($this->factory | ||
87 | ->createNamedBuilder('form', 'form', null, array( | ||
88 | 'csrf_field_name' => 'csrf', | ||
89 | 'compound' => true, | ||
90 | )) | ||
91 | ) | ||
92 | ->getForm() | ||
93 | ->get('form') | ||
94 | ->createView(); | ||
95 | |||
96 | $this->assertFalse(isset($view['csrf'])); | ||
97 | } | ||
98 | |||
99 | public function testNoCsrfProtectionByDefaultIfRootButNotCompound() | ||
100 | { | ||
101 | $view = $this->factory | ||
102 | ->create('form', null, array( | ||
103 | 'csrf_field_name' => 'csrf', | ||
104 | 'compound' => false, | ||
105 | )) | ||
106 | ->createView(); | ||
107 | |||
108 | $this->assertFalse(isset($view['csrf'])); | ||
109 | } | ||
110 | |||
111 | public function testCsrfProtectionCanBeDisabled() | ||
112 | { | ||
113 | $view = $this->factory | ||
114 | ->create('form', null, array( | ||
115 | 'csrf_field_name' => 'csrf', | ||
116 | 'csrf_protection' => false, | ||
117 | 'compound' => true, | ||
118 | )) | ||
119 | ->createView(); | ||
120 | |||
121 | $this->assertFalse(isset($view['csrf'])); | ||
122 | } | ||
123 | |||
124 | public function testGenerateCsrfToken() | ||
125 | { | ||
126 | $this->csrfProvider->expects($this->once()) | ||
127 | ->method('generateCsrfToken') | ||
128 | ->with('%INTENTION%') | ||
129 | ->will($this->returnValue('token')); | ||
130 | |||
131 | $view = $this->factory | ||
132 | ->create('form', null, array( | ||
133 | 'csrf_field_name' => 'csrf', | ||
134 | 'csrf_provider' => $this->csrfProvider, | ||
135 | 'intention' => '%INTENTION%', | ||
136 | 'compound' => true, | ||
137 | )) | ||
138 | ->createView(); | ||
139 | |||
140 | $this->assertEquals('token', $view['csrf']->vars['value']); | ||
141 | } | ||
142 | |||
143 | public function provideBoolean() | ||
144 | { | ||
145 | return array( | ||
146 | array(true), | ||
147 | array(false), | ||
148 | ); | ||
149 | } | ||
150 | |||
151 | /** | ||
152 | * @dataProvider provideBoolean | ||
153 | */ | ||
154 | public function testValidateTokenOnSubmitIfRootAndCompound($valid) | ||
155 | { | ||
156 | $this->csrfProvider->expects($this->once()) | ||
157 | ->method('isCsrfTokenValid') | ||
158 | ->with('%INTENTION%', 'token') | ||
159 | ->will($this->returnValue($valid)); | ||
160 | |||
161 | $form = $this->factory | ||
162 | ->createBuilder('form', null, array( | ||
163 | 'csrf_field_name' => 'csrf', | ||
164 | 'csrf_provider' => $this->csrfProvider, | ||
165 | 'intention' => '%INTENTION%', | ||
166 | 'compound' => true, | ||
167 | )) | ||
168 | ->add('child', 'text') | ||
169 | ->getForm(); | ||
170 | |||
171 | $form->submit(array( | ||
172 | 'child' => 'foobar', | ||
173 | 'csrf' => 'token', | ||
174 | )); | ||
175 | |||
176 | // Remove token from data | ||
177 | $this->assertSame(array('child' => 'foobar'), $form->getData()); | ||
178 | |||
179 | // Validate accordingly | ||
180 | $this->assertSame($valid, $form->isValid()); | ||
181 | } | ||
182 | |||
183 | public function testFailIfRootAndCompoundAndTokenMissing() | ||
184 | { | ||
185 | $this->csrfProvider->expects($this->never()) | ||
186 | ->method('isCsrfTokenValid'); | ||
187 | |||
188 | $form = $this->factory | ||
189 | ->createBuilder('form', null, array( | ||
190 | 'csrf_field_name' => 'csrf', | ||
191 | 'csrf_provider' => $this->csrfProvider, | ||
192 | 'intention' => '%INTENTION%', | ||
193 | 'compound' => true, | ||
194 | )) | ||
195 | ->add('child', 'text') | ||
196 | ->getForm(); | ||
197 | |||
198 | $form->submit(array( | ||
199 | 'child' => 'foobar', | ||
200 | // token is missing | ||
201 | )); | ||
202 | |||
203 | // Remove token from data | ||
204 | $this->assertSame(array('child' => 'foobar'), $form->getData()); | ||
205 | |||
206 | // Validate accordingly | ||
207 | $this->assertFalse($form->isValid()); | ||
208 | } | ||
209 | |||
210 | public function testDontValidateTokenIfCompoundButNoRoot() | ||
211 | { | ||
212 | $this->csrfProvider->expects($this->never()) | ||
213 | ->method('isCsrfTokenValid'); | ||
214 | |||
215 | $form = $this->factory | ||
216 | ->createNamedBuilder('root', 'form') | ||
217 | ->add($this->factory | ||
218 | ->createNamedBuilder('form', 'form', null, array( | ||
219 | 'csrf_field_name' => 'csrf', | ||
220 | 'csrf_provider' => $this->csrfProvider, | ||
221 | 'intention' => '%INTENTION%', | ||
222 | 'compound' => true, | ||
223 | )) | ||
224 | ) | ||
225 | ->getForm() | ||
226 | ->get('form'); | ||
227 | |||
228 | $form->submit(array( | ||
229 | 'child' => 'foobar', | ||
230 | 'csrf' => 'token', | ||
231 | )); | ||
232 | } | ||
233 | |||
234 | public function testDontValidateTokenIfRootButNotCompound() | ||
235 | { | ||
236 | $this->csrfProvider->expects($this->never()) | ||
237 | ->method('isCsrfTokenValid'); | ||
238 | |||
239 | $form = $this->factory | ||
240 | ->create('form', null, array( | ||
241 | 'csrf_field_name' => 'csrf', | ||
242 | 'csrf_provider' => $this->csrfProvider, | ||
243 | 'intention' => '%INTENTION%', | ||
244 | 'compound' => false, | ||
245 | )); | ||
246 | |||
247 | $form->submit(array( | ||
248 | 'csrf' => 'token', | ||
249 | )); | ||
250 | } | ||
251 | |||
252 | public function testNoCsrfProtectionOnPrototype() | ||
253 | { | ||
254 | $prototypeView = $this->factory | ||
255 | ->create('collection', null, array( | ||
256 | 'type' => new FormTypeCsrfExtensionTest_ChildType(), | ||
257 | 'options' => array( | ||
258 | 'csrf_field_name' => 'csrf', | ||
259 | ), | ||
260 | 'prototype' => true, | ||
261 | 'allow_add' => true, | ||
262 | )) | ||
263 | ->createView() | ||
264 | ->vars['prototype']; | ||
265 | |||
266 | $this->assertFalse(isset($prototypeView['csrf'])); | ||
267 | $this->assertCount(1, $prototypeView); | ||
268 | } | ||
269 | |||
270 | public function testsTranslateCustomErrorMessage() | ||
271 | { | ||
272 | $this->csrfProvider->expects($this->once()) | ||
273 | ->method('isCsrfTokenValid') | ||
274 | ->with('%INTENTION%', 'token') | ||
275 | ->will($this->returnValue(false)); | ||
276 | |||
277 | $this->translator->expects($this->once()) | ||
278 | ->method('trans') | ||
279 | ->with('Foobar') | ||
280 | ->will($this->returnValue('[trans]Foobar[/trans]')); | ||
281 | |||
282 | $form = $this->factory | ||
283 | ->createBuilder('form', null, array( | ||
284 | 'csrf_field_name' => 'csrf', | ||
285 | 'csrf_provider' => $this->csrfProvider, | ||
286 | 'csrf_message' => 'Foobar', | ||
287 | 'intention' => '%INTENTION%', | ||
288 | 'compound' => true, | ||
289 | )) | ||
290 | ->getForm(); | ||
291 | |||
292 | $form->submit(array( | ||
293 | 'csrf' => 'token', | ||
294 | )); | ||
295 | |||
296 | $errors = $form->getErrors(); | ||
297 | |||
298 | $this->assertGreaterThan(0, count($errors)); | ||
299 | $this->assertEquals(new FormError('[trans]Foobar[/trans]'), $errors[0]); | ||
300 | } | ||
301 | } | ||