Added feature #16437: Introduce a form protection API (Thanks to the Security Team...
[Packages/TYPO3.CMS.git] / tests / t3lib / formprotection / t3lib_formprotection_BackendFormProtectionTest.php
1 <?php
2 /***************************************************************
3 * Copyright notice
4 *
5 * (c) 2010 Oliver Klee (typo3-coding@oliverklee.de)
6 * All rights reserved
7 *
8 * This script is part of the TYPO3 project. The TYPO3 project is
9 * free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
13 *
14 * The GNU General Public License can be found at
15 * http://www.gnu.org/copyleft/gpl.html.
16 *
17 * This script is distributed in the hope that it will be useful,
18 * but WITHOUT ANY WARRANTY; without even the implied warranty of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 * GNU General Public License for more details.
21 *
22 * This copyright notice MUST APPEAR in all copies of the script!
23 ***************************************************************/
24
25 /**
26 * Testcase for the t3lib_formprotection_BackendFormProtection class.
27 *
28 * $Id$
29 *
30 * @package TYPO3
31 * @subpackage t3lib
32 *
33 * @author Oliver Klee <typo3-coding@oliverklee.de>
34 */
35 class t3lib_formprotection_BackendFormProtectionTest extends tx_phpunit_testcase {
36 /**
37 * a backup of the current BE user
38 *
39 * @var t3lib_beUserAuth
40 */
41 private $backEndUserBackup = NULL;
42
43 /**
44 * @var t3lib_formprotection_BackendFormProtection
45 */
46 private $fixture;
47
48 public function setUp() {
49 $this->backEndUserBackup = $GLOBALS['BE_USER'];
50 $GLOBALS['BE_USER'] = $this->getMock(
51 't3lib_beUserAuth',
52 array('getSessionData', 'setAndSaveSessionData')
53 );
54
55 $className = $this->createAccessibleProxyClass();
56 $this->fixture = new $className;
57 }
58
59 public function tearDown() {
60 $this->fixture->__destruct();
61 unset($this->fixture);
62
63 $GLOBALS['BE_USER'] = $this->backEndUserBackup;
64
65 t3lib_FlashMessageQueue::getAllMessagesAndFlush();
66 }
67
68
69 //////////////////////
70 // Utility functions
71 //////////////////////
72
73 /**
74 * Creates a subclass t3lib_formprotection_BackendFormProtection with retrieveTokens made
75 * public.
76 *
77 * @return string the name of the created class, will not be empty
78 */
79 private function createAccessibleProxyClass() {
80 $className = 't3lib_formprotection_BackendFormProtectionAccessibleProxy';
81 if (!class_exists($className)) {
82 eval(
83 'class ' . $className . ' extends t3lib_formprotection_BackendFormProtection {' .
84 ' public function createValidationErrorMessage() {' .
85 ' parent::createValidationErrorMessage();' .
86 ' }' .
87 ' public function retrieveTokens() {' .
88 ' return parent::retrieveTokens();' .
89 ' }' .
90 '}'
91 );
92 }
93
94 return $className;
95 }
96
97
98 ////////////////////////////////////
99 // Tests for the utility functions
100 ////////////////////////////////////
101
102 /**
103 * @test
104 */
105 public function createAccessibleProxyCreatesBackendFormProtectionSubclass() {
106 $className = $this->createAccessibleProxyClass();
107
108 $this->assertTrue(
109 (new $className()) instanceof t3lib_formprotection_BackendFormProtection
110 );
111 }
112
113
114 //////////////////////////////////////////////////////////
115 // Tests concerning the reading and saving of the tokens
116 //////////////////////////////////////////////////////////
117
118 /**
119 * @test
120 */
121 public function retrieveTokensReadsTokensFromSessionData() {
122 $GLOBALS['BE_USER']->expects($this->once())->method('getSessionData')
123 ->with('formTokens')->will($this->returnValue(array()));
124
125 $this->fixture->retrieveTokens();
126 }
127
128 /**
129 * @test
130 */
131 public function tokensFromSessionDataAreAvailableForValidateToken() {
132 $tokenId = '51a655b55c54d54e5454c5f521f6552a';
133 $formName = 'foo';
134 $action = 'edit';
135 $formInstanceName = '42';
136
137 $GLOBALS['BE_USER']->expects($this->once())->method('getSessionData')
138 ->with('formTokens')->will($this->returnValue(array(
139 $tokenId => array(
140 'formName' => $formName,
141 'action' => $action,
142 'formInstanceName' => $formInstanceName,
143 ),
144 )));
145
146 $this->fixture->retrieveTokens();
147
148 $this->assertTrue(
149 $this->fixture->validateToken($tokenId, $formName, $action, $formInstanceName)
150 );
151 }
152
153 /**
154 * @test
155 */
156 public function persistTokensWritesTokensToSession() {
157 $formName = 'foo';
158 $action = 'edit';
159 $formInstanceName = '42';
160
161 $tokenId = $this->fixture->generateToken(
162 $formName, $action, $formInstanceName
163 );
164 $allTokens = array(
165 $tokenId => array(
166 'formName' => $formName,
167 'action' => $action,
168 'formInstanceName' => $formInstanceName,
169 ),
170 );
171
172 $GLOBALS['BE_USER']->expects($this->once())
173 ->method('setAndSaveSessionData')->with('formTokens', $allTokens);
174
175 $this->fixture->persistTokens();
176 }
177
178
179 //////////////////////////////////////////////////
180 // Tests concerning createValidationErrorMessage
181 //////////////////////////////////////////////////
182
183 /**
184 * @test
185 */
186 public function createValidationErrorMessageAddsErrorFlashMessage() {
187 $this->fixture->createValidationErrorMessage();
188
189 $messages = t3lib_FlashMessageQueue::getAllMessagesAndFlush();
190 $this->assertContains(
191 $GLOBALS['LANG']->sL(
192 'LLL:EXT:lang/locallang_core.xml:error.formProtection.tokenInvalid'
193 ),
194 $messages[0]->render()
195 );
196 }
197 }
198 ?>