[TASK] Namespace and move t3lib unit tests - 3
[Packages/TYPO3.CMS.git] / typo3 / sysext / core / Tests / Unit / FormProtection / BackendFormProtectionTest.php
1 <?php
2 namespace TYPO3\CMS\Core\Tests\Unit\FormProtection;
3
4 /***************************************************************
5 * Copyright notice
6 *
7 * (c) 2010-2011 Oliver Klee (typo3-coding@oliverklee.de)
8 * All rights reserved
9 *
10 * This script is part of the TYPO3 project. The TYPO3 project is
11 * free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 2 of the License, or
14 * (at your option) any later version.
15 *
16 * The GNU General Public License can be found at
17 * http://www.gnu.org/copyleft/gpl.html.
18 *
19 * This script is distributed in the hope that it will be useful,
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22 * GNU General Public License for more details.
23 *
24 * This copyright notice MUST APPEAR in all copies of the script!
25 ***************************************************************/
26
27 /**
28 * Testcase for the \TYPO3\CMS\Core\FormProtection\BackendFormProtection class.
29 *
30 * @package TYPO3
31 * @subpackage t3lib
32 *
33 * @author Oliver Klee <typo3-coding@oliverklee.de>
34 */
35 class BackendFormProtectionTest extends \tx_phpunit_testcase {
36 /**
37 * Enable backup of global and system variables
38 *
39 * @var boolean
40 */
41 protected $backupGlobals = TRUE;
42
43 /**
44 * Exclude TYPO3_DB from backup/ restore of $GLOBALS
45 * because resource types cannot be handled during serializing
46 *
47 * @var array
48 */
49 protected $backupGlobalsBlacklist = array('TYPO3_DB');
50
51
52 /**
53 * @var \TYPO3\CMS\Core\FormProtection\BackendFormProtection
54 */
55 private $fixture;
56
57 public function setUp() {
58 $GLOBALS['BE_USER'] = $this->getMock(
59 't3lib_beUserAuth',
60 array('getSessionData', 'setAndSaveSessionData')
61 );
62 $GLOBALS['BE_USER']->user['uid'] = 1;
63
64 $className = $this->createAccessibleProxyClass();
65 $this->fixture = $this->getMock($className, array('acquireLock', 'releaseLock'));
66 }
67
68 public function tearDown() {
69 $this->fixture->__destruct();
70 unset($this->fixture);
71 \TYPO3\CMS\Core\Messaging\FlashMessageQueue::getAllMessagesAndFlush();
72 }
73
74
75 //////////////////////
76 // Utility functions
77 //////////////////////
78
79 /**
80 * Creates a subclass \TYPO3\CMS\Core\FormProtection\BackendFormProtection with retrieveTokens made
81 * public.
82 *
83 * @return string the name of the created class, will not be empty
84 */
85 private function createAccessibleProxyClass() {
86 $namespace = 'TYPO3\\CMS\\Core\\FormProtection';
87 $className = 'BackendFormProtectionAccessibleProxy';
88 if (!class_exists($namespace . '\\' .$className)) {
89 eval(
90 'namespace ' . $namespace . ';' .
91 'class ' . $className . ' extends \\TYPO3\\CMS\\Core\\FormProtection\\BackendFormProtection {' .
92 ' public function createValidationErrorMessage() {' .
93 ' parent::createValidationErrorMessage();' .
94 ' }' .
95 ' public function retrieveSessionToken() {' .
96 ' return parent::retrieveSessionToken();' .
97 ' }' .
98 ' public function setSessionToken($sessionToken) {' .
99 ' $this->sessionToken = $sessionToken;' .
100 ' }' .
101 '}'
102 );
103 }
104 $className = $namespace . '\\' . $className;
105 return $className;
106 }
107
108 /**
109 * Mock session methods in t3lib_beUserAuth
110 *
111 * @return \TYPO3\CMS\Core\Authentication\BackendUserAuthentication Instance of BE_USER object with mocked session storage methods
112 */
113 private function createBackendUserSessionStorageStub() {
114 $namespace = 'TYPO3\\CMS\\Core\\Authentication';
115 $className = 'BackendUserAuthenticationMocked';
116 if (!class_exists($namespace . '\\' .$className)) {
117 eval(
118 'namespace ' . $namespace . ';' .
119 'class ' . $className . ' extends \\TYPO3\\CMS\\Core\\Authentication\\BackendUserAuthentication {' .
120 ' protected $session=array();' .
121 ' public function getSessionData($key) {' .
122 ' return $this->session[$key];' .
123 ' }' .
124 ' public function setAndSaveSessionData($key, $data) {' .
125 ' $this->session[$key] = $data;' .
126 ' }' .
127 '}'
128 );
129 }
130 $className = $namespace . '\\' . $className;
131 return $this->getMock($className, array('foo'));// $className;
132 }
133
134 ////////////////////////////////////
135 // Tests for the utility functions
136 ////////////////////////////////////
137
138 /**
139 * @test
140 */
141 public function createAccessibleProxyCreatesBackendFormProtectionSubclass() {
142 $className = $this->createAccessibleProxyClass();
143
144 $this->assertTrue(
145 (new $className()) instanceof \TYPO3\CMS\Core\FormProtection\BackendFormProtection
146 );
147 }
148
149 /**
150 * @test
151 */
152 public function createBackendUserSessionStorageStubWorkProperly() {
153 $GLOBALS['BE_USER'] = $this->createBackendUserSessionStorageStub();
154
155 $allTokens = array(
156 '12345678' => array(
157 'formName' => 'foo',
158 'action' => 'edit',
159 'formInstanceName' => '42'
160 ),
161 );
162
163 $GLOBALS['BE_USER']->setAndSaveSessionData('tokens', $allTokens);
164
165 $this->assertEquals($GLOBALS['BE_USER']->getSessionData('tokens'), $allTokens);
166 }
167
168
169 //////////////////////////////////////////////////////////
170 // Tests concerning the reading and saving of the tokens
171 //////////////////////////////////////////////////////////
172
173 /**
174 * @test
175 */
176 public function retrieveTokenReadsTokenFromSessionData() {
177 $GLOBALS['BE_USER']->expects($this->once())->method('getSessionData')
178 ->with('formSessionToken')->will($this->returnValue(array()));
179
180 $this->fixture->retrieveSessionToken();
181 }
182
183 /**
184 * @test
185 */
186 public function tokenFromSessionDataIsAvailableForValidateToken() {
187 $sessionToken = '881ffea2159ac72182557b79dc0c723f5a8d20136f9fab56cdd4f8b3a1dbcfcd';
188 $formName = 'foo';
189 $action = 'edit';
190 $formInstanceName = '42';
191
192 $tokenId = \TYPO3\CMS\Core\Utility\GeneralUtility::hmac($formName . $action . $formInstanceName . $sessionToken);
193
194 $GLOBALS['BE_USER']->expects($this->atLeastOnce())->method('getSessionData')
195 ->with('formSessionToken')
196 ->will($this->returnValue($sessionToken));
197
198 $this->fixture->retrieveSessionToken();
199
200 $this->assertTrue(
201 $this->fixture->validateToken($tokenId, $formName, $action, $formInstanceName)
202 );
203 }
204
205 /**
206 * @expectedException UnexpectedValueException
207 * @test
208 */
209 public function restoreSessionTokenFromRegistryThrowsExceptionIfSessionTokenIsEmpty() {
210 $this->fixture->injectRegistry(
211 $this->getMock('t3lib_Registry')
212 );
213 $this->fixture->setSessionTokenFromRegistry();
214 }
215
216 /**
217 * @test
218 */
219 public function persistSessionTokenWritesTokenToSession() {
220 $sessionToken = '881ffea2159ac72182557b79dc0c723f5a8d20136f9fab56cdd4f8b3a1dbcfcd';
221 $this->fixture->setSessionToken($sessionToken);
222
223 $GLOBALS['BE_USER']->expects($this->once())
224 ->method('setAndSaveSessionData')->with('formSessionToken', $sessionToken);
225
226 $this->fixture->persistSessionToken();
227 }
228
229
230 //////////////////////////////////////////////////
231 // Tests concerning createValidationErrorMessage
232 //////////////////////////////////////////////////
233
234 /**
235 * @test
236 */
237 public function createValidationErrorMessageAddsErrorFlashMessage() {
238 $GLOBALS['BE_USER'] = $this->createBackendUserSessionStorageStub();
239 $this->fixture->createValidationErrorMessage();
240
241 $messages = \TYPO3\CMS\Core\Messaging\FlashMessageQueue::getAllMessagesAndFlush();
242
243 $this->assertNotEmpty($messages);
244 $this->assertContains(
245 $GLOBALS['LANG']->sL(
246 'LLL:EXT:lang/locallang_core.xml:error.formProtection.tokenInvalid'
247 ),
248 $messages[0]->render()
249 );
250 }
251
252 /**
253 * @test
254 */
255 public function createValidationErrorMessageAddsErrorFlashMessageButNotInSessionInAjaxRequest() {
256 $GLOBALS['BE_USER'] = $this->createBackendUserSessionStorageStub();
257 $GLOBALS['TYPO3_AJAX'] = TRUE;
258 $this->fixture->createValidationErrorMessage();
259
260 $messages = \TYPO3\CMS\Core\Messaging\FlashMessageQueue::$messages;
261
262 $this->assertNotEmpty($messages);
263 $this->assertContains(
264 $GLOBALS['LANG']->sL(
265 'LLL:EXT:lang/locallang_core.xml:error.formProtection.tokenInvalid'
266 ),
267 $messages[0]->render()
268 );
269 }
270 }
271 ?>