7c158be6b07d9207f679c6e0743ceebfb02d63f1
[Packages/TYPO3.CMS.git] / tests / t3lib / formprotection / class.t3lib_formprotection_BackendFormProtectionTest.php
1 <?php
2 /***************************************************************
3 * Copyright notice
4 *
5 * (c) 2010-2011 Oliver Klee (typo3-coding@oliverklee.de)
6 * All rights reserved
7 *
8 * This script is part of the TYPO3 project. The TYPO3 project is
9 * free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
13 *
14 * The GNU General Public License can be found at
15 * http://www.gnu.org/copyleft/gpl.html.
16 *
17 * This script is distributed in the hope that it will be useful,
18 * but WITHOUT ANY WARRANTY; without even the implied warranty of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 * GNU General Public License for more details.
21 *
22 * This copyright notice MUST APPEAR in all copies of the script!
23 ***************************************************************/
24
25 /**
26 * Testcase for the t3lib_formprotection_BackendFormProtection class.
27 *
28 * @package TYPO3
29 * @subpackage t3lib
30 *
31 * @author Oliver Klee <typo3-coding@oliverklee.de>
32 */
33 class t3lib_formprotection_BackendFormProtectionTest extends tx_phpunit_testcase {
34 /**
35 * a backup of the current BE user
36 *
37 * @var t3lib_beUserAuth
38 */
39 private $backEndUserBackup = NULL;
40
41 /**
42 * @var t3lib_formprotection_BackendFormProtection
43 */
44 private $fixture;
45
46 public function setUp() {
47 $this->backEndUserBackup = $GLOBALS['BE_USER'];
48 $GLOBALS['BE_USER'] = $this->getMock(
49 't3lib_beUserAuth',
50 array('getSessionData', 'setAndSaveSessionData')
51 );
52 $GLOBALS['BE_USER']->user['uid'] = 1;
53
54 $className = $this->createAccessibleProxyClass();
55 $this->fixture = $this->getMock($className, array('acquireLock', 'releaseLock'));
56 }
57
58 public function tearDown() {
59 $this->fixture->__destruct();
60 unset($this->fixture);
61
62 $GLOBALS['BE_USER'] = $this->backEndUserBackup;
63
64 t3lib_FlashMessageQueue::getAllMessagesAndFlush();
65 }
66
67
68 //////////////////////
69 // Utility functions
70 //////////////////////
71
72 /**
73 * Creates a subclass t3lib_formprotection_BackendFormProtection with retrieveTokens made
74 * public.
75 *
76 * @return string the name of the created class, will not be empty
77 */
78 private function createAccessibleProxyClass() {
79 $className = 't3lib_formprotection_BackendFormProtectionAccessibleProxy';
80 if (!class_exists($className)) {
81 eval(
82 'class ' . $className . ' extends t3lib_formprotection_BackendFormProtection {' .
83 ' public function createValidationErrorMessage() {' .
84 ' parent::createValidationErrorMessage();' .
85 ' }' .
86 ' public function retrieveSessionToken() {' .
87 ' return parent::retrieveSessionToken();' .
88 ' }' .
89 ' public function setSessionToken($sessionToken) {' .
90 ' $this->sessionToken = $sessionToken;' .
91 ' }' .
92 '}'
93 );
94 }
95
96 return $className;
97 }
98
99 /**
100 * Mock session methods in t3lib_beUserAuth
101 *
102 * @return t3lib_beUserAuth Instance of BE_USER object with mocked session storage methods
103 */
104 private function createBackendUserSessionStorageStub() {
105 $className = 't3lib_beUserAuthMocked';
106 if (!class_exists($className)) {
107 eval(
108 'class ' . $className . ' extends t3lib_beUserAuth {' .
109 ' protected $session=array();' .
110 ' public function getSessionData($key) {' .
111 ' return $this->session[$key];' .
112 ' }' .
113 ' public function setAndSaveSessionData($key,$data) {' .
114 ' $this->session[$key] = $data;' .
115 ' }' .
116 '}'
117 );
118 }
119
120 return $this->getMock($className, array('foo'));// $className;
121 }
122
123 ////////////////////////////////////
124 // Tests for the utility functions
125 ////////////////////////////////////
126
127 /**
128 * @test
129 */
130 public function createAccessibleProxyCreatesBackendFormProtectionSubclass() {
131 $className = $this->createAccessibleProxyClass();
132
133 $this->assertTrue(
134 (new $className()) instanceof t3lib_formprotection_BackendFormProtection
135 );
136 }
137
138 /**
139 * @test
140 */
141 public function createBackendUserSessionStorageStubWorkProperly() {
142 $GLOBALS['BE_USER'] = $this->createBackendUserSessionStorageStub();
143
144 $allTokens = array(
145 '12345678' => array(
146 'formName' => 'foo',
147 'action' => 'edit',
148 'formInstanceName' => '42'
149 ),
150 );
151
152 $GLOBALS['BE_USER']->setAndSaveSessionData('tokens', $allTokens);
153
154 $this->assertEquals($GLOBALS['BE_USER']->getSessionData('tokens'), $allTokens);
155 }
156
157
158 //////////////////////////////////////////////////////////
159 // Tests concerning the reading and saving of the tokens
160 //////////////////////////////////////////////////////////
161
162 /**
163 * @test
164 */
165 public function retrieveTokenReadsTokenFromSessionData() {
166 $GLOBALS['BE_USER']->expects($this->once())->method('getSessionData')
167 ->with('formSessionToken')->will($this->returnValue(array()));
168
169 $this->fixture->retrieveSessionToken();
170 }
171
172 /**
173 * @test
174 */
175 public function tokenFromSessionDataIsAvailableForValidateToken() {
176 $sessionToken = '881ffea2159ac72182557b79dc0c723f5a8d20136f9fab56cdd4f8b3a1dbcfcd';
177 $formName = 'foo';
178 $action = 'edit';
179 $formInstanceName = '42';
180
181 $tokenId = t3lib_div::hmac($formName . $action . $formInstanceName . $sessionToken);
182
183 $GLOBALS['BE_USER']->expects($this->atLeastOnce())->method('getSessionData')
184 ->with('formSessionToken')
185 ->will($this->returnValue($sessionToken));
186
187 $this->fixture->retrieveSessionToken();
188
189 $this->assertTrue(
190 $this->fixture->validateToken($tokenId, $formName, $action, $formInstanceName)
191 );
192 }
193
194 /**
195 * @expectedException UnexpectedValueException
196 * @test
197 */
198 public function restoreSessionTokenFromRegistryThrowsExceptionIfSessionTokenIsEmpty() {
199 $this->fixture->injectRegistry(
200 $this->getMock('t3lib_Registry')
201 );
202 $this->fixture->setSessionTokenFromRegistry();
203 }
204
205 /**
206 * @test
207 */
208 public function persistSessionTokenWritesTokenToSession() {
209 $sessionToken = '881ffea2159ac72182557b79dc0c723f5a8d20136f9fab56cdd4f8b3a1dbcfcd';
210 $this->fixture->setSessionToken($sessionToken);
211
212 $GLOBALS['BE_USER']->expects($this->once())
213 ->method('setAndSaveSessionData')->with('formSessionToken', $sessionToken);
214
215 $this->fixture->persistSessionToken();
216 }
217
218
219 //////////////////////////////////////////////////
220 // Tests concerning createValidationErrorMessage
221 //////////////////////////////////////////////////
222
223 /**
224 * @test
225 */
226 public function createValidationErrorMessageAddsErrorFlashMessage() {
227 $GLOBALS['BE_USER'] = $this->createBackendUserSessionStorageStub();
228 $this->fixture->createValidationErrorMessage();
229
230 $messages = t3lib_FlashMessageQueue::getAllMessagesAndFlush();
231 $this->assertContains(
232 $GLOBALS['LANG']->sL(
233 'LLL:EXT:lang/locallang_core.xml:error.formProtection.tokenInvalid'
234 ),
235 $messages[0]->render()
236 );
237 }
238 }
239 ?>