2 /***************************************************************
5 * (c) 2010-2011 Oliver Klee (typo3-coding@oliverklee.de)
8 * This script is part of the TYPO3 project. The TYPO3 project is
9 * free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
14 * The GNU General Public License can be found at
15 * http://www.gnu.org/copyleft/gpl.html.
17 * This script is distributed in the hope that it will be useful,
18 * but WITHOUT ANY WARRANTY; without even the implied warranty of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 * GNU General Public License for more details.
22 * This copyright notice MUST APPEAR in all copies of the script!
23 ***************************************************************/
26 * Testcase for the t3lib_formprotection_BackendFormProtection class.
31 * @author Oliver Klee <typo3-coding@oliverklee.de>
33 class t3lib_formprotection_BackendFormProtectionTest
extends tx_phpunit_testcase
{
35 * a backup of the current BE user
37 * @var t3lib_beUserAuth
39 private $backEndUserBackup = NULL;
42 * @var t3lib_formprotection_BackendFormProtection
46 public function setUp() {
47 $this->backEndUserBackup
= $GLOBALS['BE_USER'];
48 $GLOBALS['BE_USER'] = $this->getMock(
50 array('getSessionData', 'setAndSaveSessionData')
52 $GLOBALS['BE_USER']->user
['uid'] = 1;
54 $className = $this->createAccessibleProxyClass();
55 $this->fixture
= $this->getMock($className, array('acquireLock', 'releaseLock'));
58 public function tearDown() {
59 $this->fixture
->__destruct();
60 unset($this->fixture
);
62 $GLOBALS['BE_USER'] = $this->backEndUserBackup
;
64 t3lib_FlashMessageQueue
::getAllMessagesAndFlush();
68 //////////////////////
70 //////////////////////
73 * Creates a subclass t3lib_formprotection_BackendFormProtection with retrieveTokens made
76 * @return string the name of the created class, will not be empty
78 private function createAccessibleProxyClass() {
79 $className = 't3lib_formprotection_BackendFormProtectionAccessibleProxy';
80 if (!class_exists($className)) {
82 'class ' . $className . ' extends t3lib_formprotection_BackendFormProtection {' .
83 ' public function createValidationErrorMessage() {' .
84 ' parent::createValidationErrorMessage();' .
86 ' public function retrieveSessionToken() {' .
87 ' return parent::retrieveSessionToken();' .
89 ' public function setSessionToken($sessionToken) {' .
90 ' $this->sessionToken = $sessionToken;' .
100 * Mock session methods in t3lib_beUserAuth
102 * @return t3lib_beUserAuth Instance of BE_USER object with mocked session storage methods
104 private function createBackendUserSessionStorageStub() {
105 $className = 't3lib_beUserAuthMocked';
106 if (!class_exists($className)) {
108 'class ' . $className . ' extends t3lib_beUserAuth {' .
109 ' protected $session=array();' .
110 ' public function getSessionData($key) {' .
111 ' return $this->session[$key];' .
113 ' public function setAndSaveSessionData($key,$data) {' .
114 ' $this->session[$key] = $data;' .
120 return $this->getMock($className, array('foo'));// $className;
123 ////////////////////////////////////
124 // Tests for the utility functions
125 ////////////////////////////////////
130 public function createAccessibleProxyCreatesBackendFormProtectionSubclass() {
131 $className = $this->createAccessibleProxyClass();
134 (new $className()) instanceof t3lib_formprotection_BackendFormProtection
141 public function createBackendUserSessionStorageStubWorkProperly() {
142 $GLOBALS['BE_USER'] = $this->createBackendUserSessionStorageStub();
148 'formInstanceName' => '42'
152 $GLOBALS['BE_USER']->setAndSaveSessionData('tokens', $allTokens);
154 $this->assertEquals($GLOBALS['BE_USER']->getSessionData('tokens'), $allTokens);
158 //////////////////////////////////////////////////////////
159 // Tests concerning the reading and saving of the tokens
160 //////////////////////////////////////////////////////////
165 public function retrieveTokenReadsTokenFromSessionData() {
166 $GLOBALS['BE_USER']->expects($this->once())->method('getSessionData')
167 ->with('formSessionToken')->will($this->returnValue(array()));
169 $this->fixture
->retrieveSessionToken();
175 public function tokenFromSessionDataIsAvailableForValidateToken() {
176 $sessionToken = '881ffea2159ac72182557b79dc0c723f5a8d20136f9fab56cdd4f8b3a1dbcfcd';
179 $formInstanceName = '42';
181 $tokenId = t3lib_div
::hmac($formName . $action . $formInstanceName . $sessionToken);
183 $GLOBALS['BE_USER']->expects($this->atLeastOnce())->method('getSessionData')
184 ->with('formSessionToken')
185 ->will($this->returnValue($sessionToken));
187 $this->fixture
->retrieveSessionToken();
190 $this->fixture
->validateToken($tokenId, $formName, $action, $formInstanceName)
195 * @expectedException UnexpectedValueException
198 public function restoreSessionTokenFromRegistryThrowsExceptionIfSessionTokenIsEmpty() {
199 $this->fixture
->injectRegistry(
200 $this->getMock('t3lib_Registry')
202 $this->fixture
->setSessionTokenFromRegistry();
208 public function persistSessionTokenWritesTokenToSession() {
209 $sessionToken = '881ffea2159ac72182557b79dc0c723f5a8d20136f9fab56cdd4f8b3a1dbcfcd';
210 $this->fixture
->setSessionToken($sessionToken);
212 $GLOBALS['BE_USER']->expects($this->once())
213 ->method('setAndSaveSessionData')->with('formSessionToken', $sessionToken);
215 $this->fixture
->persistSessionToken();
219 //////////////////////////////////////////////////
220 // Tests concerning createValidationErrorMessage
221 //////////////////////////////////////////////////
226 public function createValidationErrorMessageAddsErrorFlashMessage() {
227 $GLOBALS['BE_USER'] = $this->createBackendUserSessionStorageStub();
228 $this->fixture
->createValidationErrorMessage();
230 $messages = t3lib_FlashMessageQueue
::getAllMessagesAndFlush();
231 $this->assertContains(
232 $GLOBALS['LANG']->sL(
233 'LLL:EXT:lang/locallang_core.xml:error.formProtection.tokenInvalid'
235 $messages[0]->render()