diff options
Diffstat (limited to 'vendor/symfony/form/Symfony/Component/Form/Tests/Extension/Csrf')
4 files changed, 535 insertions, 0 deletions
diff --git a/vendor/symfony/form/Symfony/Component/Form/Tests/Extension/Csrf/CsrfProvider/DefaultCsrfProviderTest.php b/vendor/symfony/form/Symfony/Component/Form/Tests/Extension/Csrf/CsrfProvider/DefaultCsrfProviderTest.php new file mode 100644 index 00000000..a99b5444 --- /dev/null +++ b/vendor/symfony/form/Symfony/Component/Form/Tests/Extension/Csrf/CsrfProvider/DefaultCsrfProviderTest.php | |||
@@ -0,0 +1,81 @@ | |||
1 | <?php | ||
2 | |||
3 | /* | ||
4 | * This file is part of the Symfony package. | ||
5 | * | ||
6 | * (c) Fabien Potencier <fabien@symfony.com> | ||
7 | * | ||
8 | * For the full copyright and license information, please view the LICENSE | ||
9 | * file that was distributed with this source code. | ||
10 | */ | ||
11 | |||
12 | namespace Symfony\Component\Form\Tests\Extension\Csrf\CsrfProvider; | ||
13 | |||
14 | use Symfony\Component\Form\Extension\Csrf\CsrfProvider\DefaultCsrfProvider; | ||
15 | |||
16 | /** | ||
17 | * @runTestsInSeparateProcesses | ||
18 | */ | ||
19 | class DefaultCsrfProviderTest extends \PHPUnit_Framework_TestCase | ||
20 | { | ||
21 | protected $provider; | ||
22 | |||
23 | public static function setUpBeforeClass() | ||
24 | { | ||
25 | ini_set('session.save_handler', 'files'); | ||
26 | ini_set('session.save_path', sys_get_temp_dir()); | ||
27 | } | ||
28 | |||
29 | protected function setUp() | ||
30 | { | ||
31 | $this->provider = new DefaultCsrfProvider('SECRET'); | ||
32 | } | ||
33 | |||
34 | protected function tearDown() | ||
35 | { | ||
36 | $this->provider = null; | ||
37 | } | ||
38 | |||
39 | public function testGenerateCsrfToken() | ||
40 | { | ||
41 | session_start(); | ||
42 | |||
43 | $token = $this->provider->generateCsrfToken('foo'); | ||
44 | |||
45 | $this->assertEquals(sha1('SECRET'.'foo'.session_id()), $token); | ||
46 | } | ||
47 | |||
48 | public function testGenerateCsrfTokenOnUnstartedSession() | ||
49 | { | ||
50 | session_id('touti'); | ||
51 | |||
52 | if (!version_compare(PHP_VERSION, '5.4', '>=')) { | ||
53 | $this->markTestSkipped('This test requires PHP >= 5.4'); | ||
54 | } | ||
55 | |||
56 | $this->assertSame(PHP_SESSION_NONE, session_status()); | ||
57 | |||
58 | $token = $this->provider->generateCsrfToken('foo'); | ||
59 | |||
60 | $this->assertEquals(sha1('SECRET'.'foo'.session_id()), $token); | ||
61 | $this->assertSame(PHP_SESSION_ACTIVE, session_status()); | ||
62 | } | ||
63 | |||
64 | public function testIsCsrfTokenValidSucceeds() | ||
65 | { | ||
66 | session_start(); | ||
67 | |||
68 | $token = sha1('SECRET'.'foo'.session_id()); | ||
69 | |||
70 | $this->assertTrue($this->provider->isCsrfTokenValid('foo', $token)); | ||
71 | } | ||
72 | |||
73 | public function testIsCsrfTokenValidFails() | ||
74 | { | ||
75 | session_start(); | ||
76 | |||
77 | $token = sha1('SECRET'.'bar'.session_id()); | ||
78 | |||
79 | $this->assertFalse($this->provider->isCsrfTokenValid('foo', $token)); | ||
80 | } | ||
81 | } | ||
diff --git a/vendor/symfony/form/Symfony/Component/Form/Tests/Extension/Csrf/CsrfProvider/SessionCsrfProviderTest.php b/vendor/symfony/form/Symfony/Component/Form/Tests/Extension/Csrf/CsrfProvider/SessionCsrfProviderTest.php new file mode 100644 index 00000000..1dcc6b4c --- /dev/null +++ b/vendor/symfony/form/Symfony/Component/Form/Tests/Extension/Csrf/CsrfProvider/SessionCsrfProviderTest.php | |||
@@ -0,0 +1,75 @@ | |||
1 | <?php | ||
2 | |||
3 | /* | ||
4 | * This file is part of the Symfony package. | ||
5 | * | ||
6 | * (c) Fabien Potencier <fabien@symfony.com> | ||
7 | * | ||
8 | * For the full copyright and license information, please view the LICENSE | ||
9 | * file that was distributed with this source code. | ||
10 | */ | ||
11 | |||
12 | namespace Symfony\Component\Form\Tests\Extension\Csrf\CsrfProvider; | ||
13 | |||
14 | use Symfony\Component\Form\Extension\Csrf\CsrfProvider\SessionCsrfProvider; | ||
15 | |||
16 | class SessionCsrfProviderTest extends \PHPUnit_Framework_TestCase | ||
17 | { | ||
18 | protected $provider; | ||
19 | protected $session; | ||
20 | |||
21 | protected function setUp() | ||
22 | { | ||
23 | if (!class_exists('Symfony\Component\HttpFoundation\Session\Session')) { | ||
24 | $this->markTestSkipped('The "HttpFoundation" component is not available'); | ||
25 | } | ||
26 | |||
27 | $this->session = $this->getMock( | ||
28 | 'Symfony\Component\HttpFoundation\Session\Session', | ||
29 | array(), | ||
30 | array(), | ||
31 | '', | ||
32 | false // don't call constructor | ||
33 | ); | ||
34 | $this->provider = new SessionCsrfProvider($this->session, 'SECRET'); | ||
35 | } | ||
36 | |||
37 | protected function tearDown() | ||
38 | { | ||
39 | $this->provider = null; | ||
40 | $this->session = null; | ||
41 | } | ||
42 | |||
43 | public function testGenerateCsrfToken() | ||
44 | { | ||
45 | $this->session->expects($this->once()) | ||
46 | ->method('getId') | ||
47 | ->will($this->returnValue('ABCDEF')); | ||
48 | |||
49 | $token = $this->provider->generateCsrfToken('foo'); | ||
50 | |||
51 | $this->assertEquals(sha1('SECRET'.'foo'.'ABCDEF'), $token); | ||
52 | } | ||
53 | |||
54 | public function testIsCsrfTokenValidSucceeds() | ||
55 | { | ||
56 | $this->session->expects($this->once()) | ||
57 | ->method('getId') | ||
58 | ->will($this->returnValue('ABCDEF')); | ||
59 | |||
60 | $token = sha1('SECRET'.'foo'.'ABCDEF'); | ||
61 | |||
62 | $this->assertTrue($this->provider->isCsrfTokenValid('foo', $token)); | ||
63 | } | ||
64 | |||
65 | public function testIsCsrfTokenValidFails() | ||
66 | { | ||
67 | $this->session->expects($this->once()) | ||
68 | ->method('getId') | ||
69 | ->will($this->returnValue('ABCDEF')); | ||
70 | |||
71 | $token = sha1('SECRET'.'bar'.'ABCDEF'); | ||
72 | |||
73 | $this->assertFalse($this->provider->isCsrfTokenValid('foo', $token)); | ||
74 | } | ||
75 | } | ||
diff --git a/vendor/symfony/form/Symfony/Component/Form/Tests/Extension/Csrf/EventListener/CsrfValidationListenerTest.php b/vendor/symfony/form/Symfony/Component/Form/Tests/Extension/Csrf/EventListener/CsrfValidationListenerTest.php new file mode 100644 index 00000000..0bcfe74e --- /dev/null +++ b/vendor/symfony/form/Symfony/Component/Form/Tests/Extension/Csrf/EventListener/CsrfValidationListenerTest.php | |||
@@ -0,0 +1,78 @@ | |||
1 | <?php | ||
2 | |||
3 | /* | ||
4 | * This file is part of the Symfony package. | ||
5 | * | ||
6 | * (c) Fabien Potencier <fabien@symfony.com> | ||
7 | * | ||
8 | * For the full copyright and license information, please view the LICENSE | ||
9 | * file that was distributed with this source code. | ||
10 | */ | ||
11 | |||
12 | namespace Symfony\Component\Form\Tests\Extension\Csrf\EventListener; | ||
13 | |||
14 | use Symfony\Component\Form\FormBuilder; | ||
15 | use Symfony\Component\Form\FormEvent; | ||
16 | use Symfony\Component\Form\Extension\Csrf\EventListener\CsrfValidationListener; | ||
17 | |||
18 | class CsrfValidationListenerTest extends \PHPUnit_Framework_TestCase | ||
19 | { | ||
20 | protected $dispatcher; | ||
21 | protected $factory; | ||
22 | protected $csrfProvider; | ||
23 | |||
24 | protected function setUp() | ||
25 | { | ||
26 | if (!class_exists('Symfony\Component\EventDispatcher\EventDispatcher')) { | ||
27 | $this->markTestSkipped('The "EventDispatcher" component is not available'); | ||
28 | } | ||
29 | |||
30 | $this->dispatcher = $this->getMock('Symfony\Component\EventDispatcher\EventDispatcherInterface'); | ||
31 | $this->factory = $this->getMock('Symfony\Component\Form\FormFactoryInterface'); | ||
32 | $this->csrfProvider = $this->getMock('Symfony\Component\Form\Extension\Csrf\CsrfProvider\CsrfProviderInterface'); | ||
33 | $this->form = $this->getBuilder('post') | ||
34 | ->setDataMapper($this->getDataMapper()) | ||
35 | ->getForm(); | ||
36 | } | ||
37 | |||
38 | protected function tearDown() | ||
39 | { | ||
40 | $this->dispatcher = null; | ||
41 | $this->factory = null; | ||
42 | $this->csrfProvider = null; | ||
43 | $this->form = null; | ||
44 | } | ||
45 | |||
46 | protected function getBuilder($name = 'name') | ||
47 | { | ||
48 | return new FormBuilder($name, null, $this->dispatcher, $this->factory, array('compound' => true)); | ||
49 | } | ||
50 | |||
51 | protected function getForm($name = 'name') | ||
52 | { | ||
53 | return $this->getBuilder($name)->getForm(); | ||
54 | } | ||
55 | |||
56 | protected function getDataMapper() | ||
57 | { | ||
58 | return $this->getMock('Symfony\Component\Form\DataMapperInterface'); | ||
59 | } | ||
60 | |||
61 | protected function getMockForm() | ||
62 | { | ||
63 | return $this->getMock('Symfony\Component\Form\Test\FormInterface'); | ||
64 | } | ||
65 | |||
66 | // https://github.com/symfony/symfony/pull/5838 | ||
67 | public function testStringFormData() | ||
68 | { | ||
69 | $data = "XP4HUzmHPi"; | ||
70 | $event = new FormEvent($this->form, $data); | ||
71 | |||
72 | $validation = new CsrfValidationListener('csrf', $this->csrfProvider, 'unknown', 'Invalid.'); | ||
73 | $validation->preSubmit($event); | ||
74 | |||
75 | // Validate accordingly | ||
76 | $this->assertSame($data, $event->getData()); | ||
77 | } | ||
78 | } | ||
diff --git a/vendor/symfony/form/Symfony/Component/Form/Tests/Extension/Csrf/Type/FormTypeCsrfExtensionTest.php b/vendor/symfony/form/Symfony/Component/Form/Tests/Extension/Csrf/Type/FormTypeCsrfExtensionTest.php new file mode 100644 index 00000000..0a1f0dc4 --- /dev/null +++ b/vendor/symfony/form/Symfony/Component/Form/Tests/Extension/Csrf/Type/FormTypeCsrfExtensionTest.php | |||
@@ -0,0 +1,301 @@ | |||
1 | <?php | ||
2 | |||
3 | /* | ||
4 | * This file is part of the Symfony package. | ||
5 | * | ||
6 | * (c) Fabien Potencier <fabien@symfony.com> | ||
7 | * | ||
8 | * For the full copyright and license information, please view the LICENSE | ||
9 | * file that was distributed with this source code. | ||
10 | */ | ||
11 | |||
12 | namespace Symfony\Component\Form\Tests\Extension\Csrf\Type; | ||
13 | |||
14 | use Symfony\Component\Form\AbstractType; | ||
15 | use Symfony\Component\Form\FormBuilderInterface; | ||
16 | use Symfony\Component\Form\FormError; | ||
17 | use Symfony\Component\Form\Test\TypeTestCase; | ||
18 | use Symfony\Component\Form\Extension\Csrf\CsrfExtension; | ||
19 | |||
20 | class FormTypeCsrfExtensionTest_ChildType extends AbstractType | ||
21 | { | ||
22 | public function buildForm(FormBuilderInterface $builder, array $options) | ||
23 | { | ||
24 | // The form needs a child in order to trigger CSRF protection by | ||
25 | // default | ||
26 | $builder->add('name', 'text'); | ||
27 | } | ||
28 | |||
29 | public function getName() | ||
30 | { | ||
31 | return 'csrf_collection_test'; | ||
32 | } | ||
33 | } | ||
34 | |||
35 | class FormTypeCsrfExtensionTest extends TypeTestCase | ||
36 | { | ||
37 | /** | ||
38 | * @var \PHPUnit_Framework_MockObject_MockObject | ||
39 | */ | ||
40 | protected $csrfProvider; | ||
41 | |||
42 | /** | ||
43 | * @var \PHPUnit_Framework_MockObject_MockObject | ||
44 | */ | ||
45 | protected $translator; | ||
46 | |||
47 | protected function setUp() | ||
48 | { | ||
49 | $this->csrfProvider = $this->getMock('Symfony\Component\Form\Extension\Csrf\CsrfProvider\CsrfProviderInterface'); | ||
50 | $this->translator = $this->getMock('Symfony\Component\Translation\TranslatorInterface'); | ||
51 | |||
52 | parent::setUp(); | ||
53 | } | ||
54 | |||
55 | protected function tearDown() | ||
56 | { | ||
57 | $this->csrfProvider = null; | ||
58 | $this->translator = null; | ||
59 | |||
60 | parent::tearDown(); | ||
61 | } | ||
62 | |||
63 | protected function getExtensions() | ||
64 | { | ||
65 | return array_merge(parent::getExtensions(), array( | ||
66 | new CsrfExtension($this->csrfProvider, $this->translator), | ||
67 | )); | ||
68 | } | ||
69 | |||
70 | public function testCsrfProtectionByDefaultIfRootAndCompound() | ||
71 | { | ||
72 | $view = $this->factory | ||
73 | ->create('form', null, array( | ||
74 | 'csrf_field_name' => 'csrf', | ||
75 | 'compound' => true, | ||
76 | )) | ||
77 | ->createView(); | ||
78 | |||
79 | $this->assertTrue(isset($view['csrf'])); | ||
80 | } | ||
81 | |||
82 | public function testNoCsrfProtectionByDefaultIfCompoundButNotRoot() | ||
83 | { | ||
84 | $view = $this->factory | ||
85 | ->createNamedBuilder('root', 'form') | ||
86 | ->add($this->factory | ||
87 | ->createNamedBuilder('form', 'form', null, array( | ||
88 | 'csrf_field_name' => 'csrf', | ||
89 | 'compound' => true, | ||
90 | )) | ||
91 | ) | ||
92 | ->getForm() | ||
93 | ->get('form') | ||
94 | ->createView(); | ||
95 | |||
96 | $this->assertFalse(isset($view['csrf'])); | ||
97 | } | ||
98 | |||
99 | public function testNoCsrfProtectionByDefaultIfRootButNotCompound() | ||
100 | { | ||
101 | $view = $this->factory | ||
102 | ->create('form', null, array( | ||
103 | 'csrf_field_name' => 'csrf', | ||
104 | 'compound' => false, | ||
105 | )) | ||
106 | ->createView(); | ||
107 | |||
108 | $this->assertFalse(isset($view['csrf'])); | ||
109 | } | ||
110 | |||
111 | public function testCsrfProtectionCanBeDisabled() | ||
112 | { | ||
113 | $view = $this->factory | ||
114 | ->create('form', null, array( | ||
115 | 'csrf_field_name' => 'csrf', | ||
116 | 'csrf_protection' => false, | ||
117 | 'compound' => true, | ||
118 | )) | ||
119 | ->createView(); | ||
120 | |||
121 | $this->assertFalse(isset($view['csrf'])); | ||
122 | } | ||
123 | |||
124 | public function testGenerateCsrfToken() | ||
125 | { | ||
126 | $this->csrfProvider->expects($this->once()) | ||
127 | ->method('generateCsrfToken') | ||
128 | ->with('%INTENTION%') | ||
129 | ->will($this->returnValue('token')); | ||
130 | |||
131 | $view = $this->factory | ||
132 | ->create('form', null, array( | ||
133 | 'csrf_field_name' => 'csrf', | ||
134 | 'csrf_provider' => $this->csrfProvider, | ||
135 | 'intention' => '%INTENTION%', | ||
136 | 'compound' => true, | ||
137 | )) | ||
138 | ->createView(); | ||
139 | |||
140 | $this->assertEquals('token', $view['csrf']->vars['value']); | ||
141 | } | ||
142 | |||
143 | public function provideBoolean() | ||
144 | { | ||
145 | return array( | ||
146 | array(true), | ||
147 | array(false), | ||
148 | ); | ||
149 | } | ||
150 | |||
151 | /** | ||
152 | * @dataProvider provideBoolean | ||
153 | */ | ||
154 | public function testValidateTokenOnSubmitIfRootAndCompound($valid) | ||
155 | { | ||
156 | $this->csrfProvider->expects($this->once()) | ||
157 | ->method('isCsrfTokenValid') | ||
158 | ->with('%INTENTION%', 'token') | ||
159 | ->will($this->returnValue($valid)); | ||
160 | |||
161 | $form = $this->factory | ||
162 | ->createBuilder('form', null, array( | ||
163 | 'csrf_field_name' => 'csrf', | ||
164 | 'csrf_provider' => $this->csrfProvider, | ||
165 | 'intention' => '%INTENTION%', | ||
166 | 'compound' => true, | ||
167 | )) | ||
168 | ->add('child', 'text') | ||
169 | ->getForm(); | ||
170 | |||
171 | $form->submit(array( | ||
172 | 'child' => 'foobar', | ||
173 | 'csrf' => 'token', | ||
174 | )); | ||
175 | |||
176 | // Remove token from data | ||
177 | $this->assertSame(array('child' => 'foobar'), $form->getData()); | ||
178 | |||
179 | // Validate accordingly | ||
180 | $this->assertSame($valid, $form->isValid()); | ||
181 | } | ||
182 | |||
183 | public function testFailIfRootAndCompoundAndTokenMissing() | ||
184 | { | ||
185 | $this->csrfProvider->expects($this->never()) | ||
186 | ->method('isCsrfTokenValid'); | ||
187 | |||
188 | $form = $this->factory | ||
189 | ->createBuilder('form', null, array( | ||
190 | 'csrf_field_name' => 'csrf', | ||
191 | 'csrf_provider' => $this->csrfProvider, | ||
192 | 'intention' => '%INTENTION%', | ||
193 | 'compound' => true, | ||
194 | )) | ||
195 | ->add('child', 'text') | ||
196 | ->getForm(); | ||
197 | |||
198 | $form->submit(array( | ||
199 | 'child' => 'foobar', | ||
200 | // token is missing | ||
201 | )); | ||
202 | |||
203 | // Remove token from data | ||
204 | $this->assertSame(array('child' => 'foobar'), $form->getData()); | ||
205 | |||
206 | // Validate accordingly | ||
207 | $this->assertFalse($form->isValid()); | ||
208 | } | ||
209 | |||
210 | public function testDontValidateTokenIfCompoundButNoRoot() | ||
211 | { | ||
212 | $this->csrfProvider->expects($this->never()) | ||
213 | ->method('isCsrfTokenValid'); | ||
214 | |||
215 | $form = $this->factory | ||
216 | ->createNamedBuilder('root', 'form') | ||
217 | ->add($this->factory | ||
218 | ->createNamedBuilder('form', 'form', null, array( | ||
219 | 'csrf_field_name' => 'csrf', | ||
220 | 'csrf_provider' => $this->csrfProvider, | ||
221 | 'intention' => '%INTENTION%', | ||
222 | 'compound' => true, | ||
223 | )) | ||
224 | ) | ||
225 | ->getForm() | ||
226 | ->get('form'); | ||
227 | |||
228 | $form->submit(array( | ||
229 | 'child' => 'foobar', | ||
230 | 'csrf' => 'token', | ||
231 | )); | ||
232 | } | ||
233 | |||
234 | public function testDontValidateTokenIfRootButNotCompound() | ||
235 | { | ||
236 | $this->csrfProvider->expects($this->never()) | ||
237 | ->method('isCsrfTokenValid'); | ||
238 | |||
239 | $form = $this->factory | ||
240 | ->create('form', null, array( | ||
241 | 'csrf_field_name' => 'csrf', | ||
242 | 'csrf_provider' => $this->csrfProvider, | ||
243 | 'intention' => '%INTENTION%', | ||
244 | 'compound' => false, | ||
245 | )); | ||
246 | |||
247 | $form->submit(array( | ||
248 | 'csrf' => 'token', | ||
249 | )); | ||
250 | } | ||
251 | |||
252 | public function testNoCsrfProtectionOnPrototype() | ||
253 | { | ||
254 | $prototypeView = $this->factory | ||
255 | ->create('collection', null, array( | ||
256 | 'type' => new FormTypeCsrfExtensionTest_ChildType(), | ||
257 | 'options' => array( | ||
258 | 'csrf_field_name' => 'csrf', | ||
259 | ), | ||
260 | 'prototype' => true, | ||
261 | 'allow_add' => true, | ||
262 | )) | ||
263 | ->createView() | ||
264 | ->vars['prototype']; | ||
265 | |||
266 | $this->assertFalse(isset($prototypeView['csrf'])); | ||
267 | $this->assertCount(1, $prototypeView); | ||
268 | } | ||
269 | |||
270 | public function testsTranslateCustomErrorMessage() | ||
271 | { | ||
272 | $this->csrfProvider->expects($this->once()) | ||
273 | ->method('isCsrfTokenValid') | ||
274 | ->with('%INTENTION%', 'token') | ||
275 | ->will($this->returnValue(false)); | ||
276 | |||
277 | $this->translator->expects($this->once()) | ||
278 | ->method('trans') | ||
279 | ->with('Foobar') | ||
280 | ->will($this->returnValue('[trans]Foobar[/trans]')); | ||
281 | |||
282 | $form = $this->factory | ||
283 | ->createBuilder('form', null, array( | ||
284 | 'csrf_field_name' => 'csrf', | ||
285 | 'csrf_provider' => $this->csrfProvider, | ||
286 | 'csrf_message' => 'Foobar', | ||
287 | 'intention' => '%INTENTION%', | ||
288 | 'compound' => true, | ||
289 | )) | ||
290 | ->getForm(); | ||
291 | |||
292 | $form->submit(array( | ||
293 | 'csrf' => 'token', | ||
294 | )); | ||
295 | |||
296 | $errors = $form->getErrors(); | ||
297 | |||
298 | $this->assertGreaterThan(0, count($errors)); | ||
299 | $this->assertEquals(new FormError('[trans]Foobar[/trans]'), $errors[0]); | ||
300 | } | ||
301 | } | ||