[!!!][TASK] Extract testing framework for TYPO3
[Packages/TYPO3.CMS.git] / typo3 / sysext / core / Tests / Unit / FormProtection / AbstractFormProtectionTest.php
1 <?php
2 namespace TYPO3\CMS\Core\Tests\Unit\FormProtection;
3
4 /*
5 * This file is part of the TYPO3 CMS project.
6 *
7 * It is free software; you can redistribute it and/or modify it under
8 * the terms of the GNU General Public License, either version 2
9 * of the License, or any later version.
10 *
11 * For the full copyright and license information, please read the
12 * LICENSE.txt file that was distributed with this source code.
13 *
14 * The TYPO3 project - inspiring people to share!
15 */
16
17 /**
18 * Testcase
19 */
20 class AbstractFormProtectionTest extends \TYPO3\CMS\Components\TestingFramework\Core\UnitTestCase
21 {
22 /**
23 * @var \TYPO3\CMS\Core\Tests\Unit\FormProtection\Fixtures\FormProtectionTesting
24 */
25 protected $subject;
26
27 protected function setUp()
28 {
29 $this->subject = new \TYPO3\CMS\Core\Tests\Unit\FormProtection\Fixtures\FormProtectionTesting();
30 }
31
32 /////////////////////////////////////////
33 // Tests concerning the basic functions
34 /////////////////////////////////////////
35 /**
36 * @test
37 */
38 public function generateTokenRetrievesTokenOnce()
39 {
40 $subject = $this->getMockBuilder(\TYPO3\CMS\Core\Tests\Unit\FormProtection\Fixtures\FormProtectionTesting::class)
41 ->setMethods(['retrieveSessionToken'])
42 ->getMock();
43 $subject->expects($this->once())->method('retrieveSessionToken')->will($this->returnValue('token'));
44 $subject->generateToken('foo');
45 $subject->generateToken('foo');
46 }
47
48 /**
49 * @test
50 */
51 public function validateTokenRetrievesTokenOnce()
52 {
53 $subject = $this->getMockBuilder(\TYPO3\CMS\Core\Tests\Unit\FormProtection\Fixtures\FormProtectionTesting::class)
54 ->setMethods(['retrieveSessionToken'])
55 ->getMock();
56 $subject->expects($this->once())->method('retrieveSessionToken')->will($this->returnValue('token'));
57 $subject->validateToken('foo', 'bar');
58 $subject->validateToken('foo', 'bar');
59 }
60
61 /**
62 * @test
63 */
64 public function cleanMakesTokenInvalid()
65 {
66 $formName = 'foo';
67 $tokenId = $this->subject->generateToken($formName);
68 $this->subject->clean();
69 $this->assertFalse($this->subject->validateToken($tokenId, $formName));
70 }
71
72 /**
73 * @test
74 */
75 public function cleanPersistsToken()
76 {
77 $subject = $this->getMockBuilder(\TYPO3\CMS\Core\Tests\Unit\FormProtection\Fixtures\FormProtectionTesting::class)
78 ->setMethods(['persistSessionToken'])
79 ->getMock();
80 $subject->expects($this->once())->method('persistSessionToken');
81 $subject->clean();
82 }
83
84 ///////////////////////////////////
85 // Tests concerning generateToken
86 ///////////////////////////////////
87 /**
88 * @test
89 */
90 public function generateTokenFormForEmptyFormNameThrowsException()
91 {
92 $this->expectException(\InvalidArgumentException::class);
93 $this->expectExceptionCode(1294586643);
94 $this->subject->generateToken('', 'edit', 'bar');
95 }
96
97 /**
98 * @test
99 */
100 public function generateTokenFormForEmptyActionNotThrowsException()
101 {
102 $this->subject->generateToken('foo', '', '42');
103 }
104
105 /**
106 * @test
107 */
108 public function generateTokenFormForEmptyFormInstanceNameNotThrowsException()
109 {
110 $this->subject->generateToken('foo', 'edit', '');
111 }
112
113 /**
114 * @test
115 */
116 public function generateTokenFormForOmittedActionAndFormInstanceNameNotThrowsException()
117 {
118 $this->subject->generateToken('foo');
119 }
120
121 /**
122 * @test
123 */
124 public function generateTokenReturns32CharacterHexToken()
125 {
126 $this->assertRegExp('/^[0-9a-f]{40}$/', $this->subject->generateToken('foo'));
127 }
128
129 /**
130 * @test
131 */
132 public function generateTokenCalledTwoTimesWithSameParametersReturnsSameTokens()
133 {
134 $this->assertEquals($this->subject->generateToken('foo', 'edit', 'bar'), $this->subject->generateToken('foo', 'edit', 'bar'));
135 }
136
137 ///////////////////////////////////
138 // Tests concerning validateToken
139 ///////////////////////////////////
140 /**
141 * @test
142 */
143 public function validateTokenWithFourEmptyParametersNotThrowsException()
144 {
145 $this->subject->validateToken('', '', '', '');
146 }
147
148 /**
149 * @test
150 */
151 public function validateTokenWithTwoEmptyAndTwoMissingParametersNotThrowsException()
152 {
153 $this->subject->validateToken('', '');
154 }
155
156 /**
157 * @test
158 */
159 public function validateTokenWithDataFromGenerateTokenWithFormInstanceNameReturnsTrue()
160 {
161 $formName = 'foo';
162 $action = 'edit';
163 $formInstanceName = 'bar';
164 $this->assertTrue($this->subject->validateToken($this->subject->generateToken($formName, $action, $formInstanceName), $formName, $action, $formInstanceName));
165 }
166
167 /**
168 * @test
169 */
170 public function validateTokenWithDataFromGenerateTokenWithMissingActionAndFormInstanceNameReturnsTrue()
171 {
172 $formName = 'foo';
173 $this->assertTrue($this->subject->validateToken($this->subject->generateToken($formName), $formName));
174 }
175
176 /**
177 * @test
178 */
179 public function validateTokenWithValidDataCalledTwoTimesReturnsTrueOnSecondCall()
180 {
181 $formName = 'foo';
182 $action = 'edit';
183 $formInstanceName = 'bar';
184 $tokenId = $this->subject->generateToken($formName, $action, $formInstanceName);
185 $this->subject->validateToken($tokenId, $formName, $action, $formInstanceName);
186 $this->assertTrue($this->subject->validateToken($tokenId, $formName, $action, $formInstanceName));
187 }
188
189 /**
190 * @test
191 */
192 public function validateTokenWithMismatchingTokenIdReturnsFalse()
193 {
194 $formName = 'foo';
195 $action = 'edit';
196 $formInstanceName = 'bar';
197 $this->subject->generateToken($formName, $action, $formInstanceName);
198 $this->assertFalse($this->subject->validateToken('Hello world!', $formName, $action, $formInstanceName));
199 }
200
201 /**
202 * @test
203 */
204 public function validateTokenWithMismatchingFormNameReturnsFalse()
205 {
206 $formName = 'foo';
207 $action = 'edit';
208 $formInstanceName = 'bar';
209 $tokenId = $this->subject->generateToken($formName, $action, $formInstanceName);
210 $this->assertFalse($this->subject->validateToken($tokenId, 'espresso', $action, $formInstanceName));
211 }
212
213 /**
214 * @test
215 */
216 public function validateTokenWithMismatchingActionReturnsFalse()
217 {
218 $formName = 'foo';
219 $action = 'edit';
220 $formInstanceName = 'bar';
221 $tokenId = $this->subject->generateToken($formName, $action, $formInstanceName);
222 $this->assertFalse($this->subject->validateToken($tokenId, $formName, 'delete', $formInstanceName));
223 }
224
225 /**
226 * @test
227 */
228 public function validateTokenWithMismatchingFormInstanceNameReturnsFalse()
229 {
230 $formName = 'foo';
231 $action = 'edit';
232 $formInstanceName = 'bar';
233 $tokenId = $this->subject->generateToken($formName, $action, $formInstanceName);
234 $this->assertFalse($this->subject->validateToken($tokenId, $formName, $action, 'beer'));
235 }
236
237 /**
238 * @test
239 */
240 public function validateTokenForValidTokenNotCallsCreateValidationErrorMessage()
241 {
242 /** @var \PHPUnit_Framework_MockObject_MockObject|\TYPO3\CMS\Core\Tests\Unit\FormProtection\Fixtures\FormProtectionTesting $subject */
243 $subject = $this->getMockBuilder(\TYPO3\CMS\Core\Tests\Unit\FormProtection\Fixtures\FormProtectionTesting::class)
244 ->setMethods(['createValidationErrorMessage'])
245 ->getMock();
246 $subject->expects($this->never())->method('createValidationErrorMessage');
247 $formName = 'foo';
248 $action = 'edit';
249 $formInstanceName = 'bar';
250 $token = $subject->generateToken($formName, $action, $formInstanceName);
251 $subject->validateToken($token, $formName, $action, $formInstanceName);
252 $subject->__destruct();
253 }
254
255 /**
256 * @test
257 */
258 public function validateTokenForInvalidTokenCallsCreateValidationErrorMessage()
259 {
260 /** @var \PHPUnit_Framework_MockObject_MockObject|\TYPO3\CMS\Core\Tests\Unit\FormProtection\Fixtures\FormProtectionTesting $subject */
261 $subject = $this->getMockBuilder(\TYPO3\CMS\Core\Tests\Unit\FormProtection\Fixtures\FormProtectionTesting::class)
262 ->setMethods(['createValidationErrorMessage'])
263 ->getMock();
264 $subject->expects($this->once())->method('createValidationErrorMessage');
265 $formName = 'foo';
266 $action = 'edit';
267 $formInstanceName = 'bar';
268 $subject->generateToken($formName, $action, $formInstanceName);
269 $subject->validateToken('an invalid token ...', $formName, $action, $formInstanceName);
270 $subject->__destruct();
271 }
272
273 /**
274 * @test
275 */
276 public function validateTokenForInvalidFormNameCallsCreateValidationErrorMessage()
277 {
278 /** @var \PHPUnit_Framework_MockObject_MockObject|\TYPO3\CMS\Core\Tests\Unit\FormProtection\Fixtures\FormProtectionTesting $subject */
279 $subject = $this->getMockBuilder(\TYPO3\CMS\Core\Tests\Unit\FormProtection\Fixtures\FormProtectionTesting::class)
280 ->setMethods(['createValidationErrorMessage'])
281 ->getMock();
282 $subject->expects($this->once())->method('createValidationErrorMessage');
283 $formName = 'foo';
284 $action = 'edit';
285 $formInstanceName = 'bar';
286 $token = $subject->generateToken($formName, $action, $formInstanceName);
287 $subject->validateToken($token, 'another form name', $action, $formInstanceName);
288 $subject->__destruct();
289 }
290 }