Added feature #16437: Introduce a form protection API (Thanks to the Security Team...
[Packages/TYPO3.CMS.git] / tests / t3lib / formprotection / t3lib_formprotection_InstallToolFormProtectionTest.php
1 <?php
2 /***************************************************************
3 * Copyright notice
4 *
5 * (c) 2010 Oliver Klee (typo3-coding@oliverklee.de)
6 * All rights reserved
7 *
8 * This script is part of the TYPO3 project. The TYPO3 project is
9 * free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
13 *
14 * The GNU General Public License can be found at
15 * http://www.gnu.org/copyleft/gpl.html.
16 *
17 * This script is distributed in the hope that it will be useful,
18 * but WITHOUT ANY WARRANTY; without even the implied warranty of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 * GNU General Public License for more details.
21 *
22 * This copyright notice MUST APPEAR in all copies of the script!
23 ***************************************************************/
24
25 require_once(t3lib_extMgm::extPath('install') . 'mod/class.tx_install.php');
26
27 /**
28 * Testcase for the t3lib_formprotection_InstallToolFormProtection class.
29 *
30 * $Id$
31 *
32 * @package TYPO3
33 * @subpackage t3lib
34 *
35 * @author Oliver Klee <typo3-coding@oliverklee.de>
36 */
37 class t3lib_formprotection_InstallToolFormProtectionTest extends tx_phpunit_testcase {
38 /**
39 * @var t3lib_formprotection_InstallToolFormProtection
40 */
41 private $fixture;
42
43 /**
44 * backup of $_SESSION
45 *
46 * @var array
47 */
48 private $sessionBackup;
49
50 public function setUp() {
51 $this->sessionBackup = $_SESSION;
52
53 $className = $this->createAccessibleProxyClass();
54 $this->fixture = new $className();
55 }
56
57 public function tearDown() {
58 $this->fixture->__destruct();
59 unset($this->fixture);
60
61 t3lib_FlashMessageQueue::getAllMessagesAndFlush();
62
63 $_SESSION = $this->sessionBackup;
64 }
65
66
67 //////////////////////
68 // Utility functions
69 //////////////////////
70
71 /**
72 * Creates a subclass t3lib_formprotection_InstallToolFormProtection with retrieveTokens made
73 * public.
74 *
75 * @return string the name of the created class, will not be empty
76 */
77 private function createAccessibleProxyClass() {
78 $className = 't3lib_formprotection_InstallToolFormProtectionAccessibleProxy';
79 if (!class_exists($className)) {
80 eval(
81 'class ' . $className . ' extends t3lib_formprotection_InstallToolFormProtection {' .
82 ' public function createValidationErrorMessage() {' .
83 ' parent::createValidationErrorMessage();' .
84 ' }' .
85 ' public function retrieveTokens() {' .
86 ' return parent::retrieveTokens();' .
87 ' }' .
88 '}'
89 );
90 }
91
92 return $className;
93 }
94
95
96 ////////////////////////////////////
97 // Tests for the utility functions
98 ////////////////////////////////////
99
100 /**
101 * @test
102 */
103 public function createAccessibleProxyCreatesInstallToolFormProtectionSubclass() {
104 $className = $this->createAccessibleProxyClass();
105
106 $this->assertTrue(
107 (new $className()) instanceof t3lib_formprotection_InstallToolFormProtection
108 );
109 }
110
111
112 //////////////////////////////////////////////////////////
113 // Tests concerning the reading and saving of the tokens
114 //////////////////////////////////////////////////////////
115
116 /**
117 * @test
118 */
119 public function tokensFromSessionDataAreAvailableForValidateToken() {
120 $tokenId = '51a655b55c54d54e5454c5f521f6552a';
121 $formName = 'foo';
122 $action = 'edit';
123 $formInstanceName = '42';
124
125 $_SESSION['installToolFormTokens'] = array(
126 $tokenId => array(
127 'formName' => $formName,
128 'action' => $action,
129 'formInstanceName' => $formInstanceName,
130 ),
131 );
132
133 $this->fixture->retrieveTokens();
134
135 $this->assertTrue(
136 $this->fixture->validateToken(
137 $tokenId, $formName, $action, $formInstanceName
138 )
139 );
140 }
141
142 /**
143 * @test
144 */
145 public function persistTokensWritesTokensToSession() {
146 $formName = 'foo';
147 $action = 'edit';
148 $formInstanceName = '42';
149
150 $tokenId = $this->fixture->generateToken(
151 $formName, $action, $formInstanceName
152 );
153
154 $this->fixture->persistTokens();
155
156 $this->assertEquals(
157 array(
158 $tokenId => array(
159 'formName' => $formName,
160 'action' => $action,
161 'formInstanceName' => $formInstanceName,
162 ),
163 ),
164 $_SESSION['installToolFormTokens']
165 );
166 }
167
168
169 //////////////////////////////////////////////////
170 // Tests concerning createValidationErrorMessage
171 //////////////////////////////////////////////////
172
173 /**
174 * @test
175 */
176 public function createValidationErrorMessageAddsErrorMessage() {
177 $installTool = $this->getMock(
178 'tx_install', array('addErrorMessage'), array(), '', FALSE
179 );
180 $installTool->expects($this->once())->method('addErrorMessage')
181 ->with(
182 'Validating the security token of this form has failed. ' .
183 'Please reload the form and submit it again.'
184 );
185 $this->fixture->injectInstallTool($installTool);
186
187 $this->fixture->createValidationErrorMessage();
188 }
189 }
190 ?>