[BUGFIX] Don't save form protection error messages in session
[Packages/TYPO3.CMS.git] / tests / t3lib / formprotection / class.t3lib_formprotection_BackendFormProtectionTest.php
index 38374f4..c4d5884 100644 (file)
  */
 class t3lib_formprotection_BackendFormProtectionTest extends tx_phpunit_testcase {
        /**
-        * a backup of the current BE user
+        * Enable backup of global and system variables
         *
-        * @var t3lib_beUserAuth
+        * @var boolean
         */
-       private $backEndUserBackup = NULL;
+       protected $backupGlobals = TRUE;
+
+       /**
+        * Exclude TYPO3_DB from backup/ restore of $GLOBALS
+        * because resource types cannot be handled during serializing
+        *
+        * @var array
+        */
+       protected $backupGlobalsBlacklist = array('TYPO3_DB');
+
 
        /**
         * @var t3lib_formprotection_BackendFormProtection
@@ -44,7 +53,6 @@ class t3lib_formprotection_BackendFormProtectionTest extends tx_phpunit_testcase
        private $fixture;
 
        public function setUp() {
-               $this->backEndUserBackup = $GLOBALS['BE_USER'];
                $GLOBALS['BE_USER'] = $this->getMock(
                        't3lib_beUserAuth',
                        array('getSessionData', 'setAndSaveSessionData')
@@ -58,9 +66,6 @@ class t3lib_formprotection_BackendFormProtectionTest extends tx_phpunit_testcase
        public function tearDown() {
                $this->fixture->__destruct();
                unset($this->fixture);
-
-               $GLOBALS['BE_USER'] = $this->backEndUserBackup;
-
                t3lib_FlashMessageQueue::getAllMessagesAndFlush();
        }
 
@@ -83,11 +88,11 @@ class t3lib_formprotection_BackendFormProtectionTest extends tx_phpunit_testcase
                                '  public function createValidationErrorMessage() {' .
                                '    parent::createValidationErrorMessage();' .
                                '  }' .
-                               '  public function updateTokens() {' .
-                               '    return parent::updateTokens();' .
+                               '  public function retrieveSessionToken() {' .
+                               '    return parent::retrieveSessionToken();' .
                                '  }' .
-                               '  public function retrieveTokens() {' .
-                               '    return parent::retrieveTokens();' .
+                               '  public function setSessionToken($sessionToken) {' .
+                               '    $this->sessionToken = $sessionToken;' .
                                '  }' .
                                '}'
                        );
@@ -162,93 +167,57 @@ class t3lib_formprotection_BackendFormProtectionTest extends tx_phpunit_testcase
        /**
         * @test
         */
-       public function retrieveTokensReadsTokensFromSessionData() {
+       public function retrieveTokenReadsTokenFromSessionData() {
                $GLOBALS['BE_USER']->expects($this->once())->method('getSessionData')
-                       ->with('formTokens')->will($this->returnValue(array()));
+                       ->with('formSessionToken')->will($this->returnValue(array()));
 
-               $this->fixture->retrieveTokens();
+               $this->fixture->retrieveSessionToken();
        }
 
        /**
         * @test
         */
-       public function tokensFromSessionDataAreAvailableForValidateToken() {
-               $tokenId = '51a655b55c54d54e5454c5f521f6552a';
+       public function tokenFromSessionDataIsAvailableForValidateToken() {
+               $sessionToken = '881ffea2159ac72182557b79dc0c723f5a8d20136f9fab56cdd4f8b3a1dbcfcd';
                $formName = 'foo';
                $action = 'edit';
                $formInstanceName = '42';
 
+               $tokenId = t3lib_div::hmac($formName . $action . $formInstanceName . $sessionToken);
+
                $GLOBALS['BE_USER']->expects($this->atLeastOnce())->method('getSessionData')
-                       ->with('formTokens')
-                       ->will($this->returnValue(array(
-                               $tokenId => array(
-                                       'formName' => $formName,
-                                       'action' => $action,
-                                       'formInstanceName' => $formInstanceName,
-                               ),
-                       )));
+                       ->with('formSessionToken')
+                       ->will($this->returnValue($sessionToken));
 
-               $this->fixture->updateTokens();
+               $this->fixture->retrieveSessionToken();
 
                $this->assertTrue(
-                       $this->fixture->validateToken($tokenId, $formName, $action,  $formInstanceName)
+                       $this->fixture->validateToken($tokenId, $formName, $action, $formInstanceName)
                );
        }
 
        /**
+        * @expectedException UnexpectedValueException
         * @test
         */
-       public function tokensStayDroppedAfterPersistingTokens() {
-               $tokenId = '51a655b55c54d54e5454c5f521f6552a';
-               $formName = 'foo';
-               $action = 'edit';
-               $formInstanceName = '42';
-
-               $GLOBALS['BE_USER']->expects($this->atLeastOnce())->method('getSessionData')
-                       ->will($this->returnValue(array(
-                               $tokenId => array(
-                                       'formName' => $formName,
-                                       'action' => $action,
-                                       'formInstanceName' => $formInstanceName,
-                               ),
-                       )));
-
-               $className = $this->createAccessibleProxyClass();
-
-               $this->fixture->updateTokens();
-
-               $this->fixture->validateToken($tokenId, $formName, $action,  $formInstanceName);
-
-               $this->fixture->persistTokens();
-
-               $this->assertFalse(
-                       $this->fixture->validateToken($tokenId, $formName, $action,  $formInstanceName)
+       public function restoreSessionTokenFromRegistryThrowsExceptionIfSessionTokenIsEmpty() {
+               $this->fixture->injectRegistry(
+                       $this->getMock('t3lib_Registry')
                );
+               $this->fixture->setSessionTokenFromRegistry();
        }
 
        /**
         * @test
         */
-       public function persistTokensWritesTokensToSession() {
-               $formName = 'foo';
-               $action = 'edit';
-               $formInstanceName = '42';
-
-               $tokenId = $this->fixture->generateToken(
-                       $formName, $action, $formInstanceName
-               );
-               $allTokens = array(
-                       $tokenId => array(
-                                       'formName' => $formName,
-                                       'action' => $action,
-                                       'formInstanceName' => $formInstanceName,
-                               ),
-               );
+       public function persistSessionTokenWritesTokenToSession() {
+               $sessionToken = '881ffea2159ac72182557b79dc0c723f5a8d20136f9fab56cdd4f8b3a1dbcfcd';
+               $this->fixture->setSessionToken($sessionToken);
 
                $GLOBALS['BE_USER']->expects($this->once())
-                       ->method('setAndSaveSessionData')->with('formTokens', $allTokens);
+                       ->method('setAndSaveSessionData')->with('formSessionToken', $sessionToken);
 
-               $this->fixture->persistTokens();
+               $this->fixture->persistSessionToken();
        }
 
 
@@ -264,6 +233,27 @@ class t3lib_formprotection_BackendFormProtectionTest extends tx_phpunit_testcase
                $this->fixture->createValidationErrorMessage();
 
                $messages = t3lib_FlashMessageQueue::getAllMessagesAndFlush();
+
+               $this->assertNotEmpty($messages);
+               $this->assertContains(
+                       $GLOBALS['LANG']->sL(
+                               'LLL:EXT:lang/locallang_core.xml:error.formProtection.tokenInvalid'
+                       ),
+                       $messages[0]->render()
+               );
+       }
+
+       /**
+        * @test
+        */
+       public function createValidationErrorMessageAddsErrorFlashMessageButNotInSessionInAjaxRequest() {
+               $GLOBALS['BE_USER'] = $this->createBackendUserSessionStorageStub();
+               $GLOBALS['TYPO3_AJAX'] = TRUE;
+               $this->fixture->createValidationErrorMessage();
+
+               $messages = t3lib_FlashMessageQueue::$messages;
+
+               $this->assertNotEmpty($messages);
                $this->assertContains(
                        $GLOBALS['LANG']->sL(
                                'LLL:EXT:lang/locallang_core.xml:error.formProtection.tokenInvalid'