[FOLLOWUP][SECURITY] Disallow unauthorized module access 89/41489/3
authorNicole Cordes <typo3@cordes.co>
Thu, 16 Jul 2015 16:21:03 +0000 (18:21 +0200)
committerNicole Cordes <typo3@cordes.co>
Thu, 16 Jul 2015 16:27:49 +0000 (18:27 +0200)
Fixes unit tests.

Resolves: #68232
Related: #68183
Releases: master
Change-Id: I5144b87a24a8e0452f3976510f219381c76e4d59
Reviewed-on: http://review.typo3.org/41489
Reviewed-by: Helmut Hummel <helmut.hummel@typo3.org>
Tested-by: Helmut Hummel <helmut.hummel@typo3.org>
Reviewed-by: Nicole Cordes <typo3@cordes.co>
Tested-by: Nicole Cordes <typo3@cordes.co>
typo3/sysext/backend/Tests/Unit/Http/BackendModuleRequestHandlerTest.php

index 9c7d054..e6fef09 100644 (file)
@@ -16,7 +16,7 @@ namespace TYPO3\CMS\Backend\Tests\Unit\Http;
 
 use PHPUnit_Framework_MockObject_MockObject;
 use TYPO3\CMS\Backend\Http\BackendModuleRequestHandler;
-use TYPO3\CMS\Core\FormProtection\AbstractFormProtection;
+use TYPO3\CMS\Core\FormProtection\BackendFormProtection;
 use TYPO3\CMS\Core\Tests\AccessibleObjectInterface;
 use TYPO3\CMS\Core\Tests\UnitTestCase;
 
@@ -42,7 +42,7 @@ class BackendModuleRequestHandlerTest extends UnitTestCase {
 
        public function setUp() {
                $this->requestMock = $this->getAccessibleMock(\TYPO3\CMS\Core\Http\ServerRequest::class, array(), array(), '', FALSE);
-               $this->formProtectionMock = $this->getMockForAbstractClass(AbstractFormProtection::class, array(), '', TRUE, TRUE, TRUE, array('validateToken'));
+               $this->formProtectionMock = $this->getMockForAbstractClass(BackendFormProtection::class, array(), '', FALSE, TRUE, TRUE, array('validateToken'));
                $this->subject = $this->getAccessibleMock(BackendModuleRequestHandler::class, array('boot', 'getFormProtection'), array(\TYPO3\CMS\Core\Core\Bootstrap::getInstance()), '', TRUE);
        }
 
@@ -61,7 +61,7 @@ class BackendModuleRequestHandlerTest extends UnitTestCase {
                $this->requestMock->expects($this->any())->method('getQueryParams')->will($this->returnValue(array('M' => 'module_fixture')));
                $this->formProtectionMock->expects($this->once())->method('validateToken')->will($this->returnValue(TRUE));
                $this->subject->expects($this->once())->method('boot');
-               $this->subject->expects($this->once())->method('getFormProtection')->will($this->returnValue($this->formProtectionMock));
+               $this->subject->expects($this->atLeastOnce())->method('getFormProtection')->will($this->returnValue($this->formProtectionMock));
 
                $this->subject->handleRequest($this->requestMock);
        }
@@ -74,7 +74,7 @@ class BackendModuleRequestHandlerTest extends UnitTestCase {
        public function throwsExceptionIfTokenIsInvalid() {
                $this->formProtectionMock->expects($this->once())->method('validateToken')->will($this->returnValue(FALSE));
                $this->subject->expects($this->once())->method('boot');
-               $this->subject->expects($this->once())->method('getFormProtection')->will($this->returnValue($this->formProtectionMock));
+               $this->subject->expects($this->atLeastOnce())->method('getFormProtection')->will($this->returnValue($this->formProtectionMock));
 
                $this->subject->handleRequest($this->requestMock);
        }
@@ -94,7 +94,7 @@ class BackendModuleRequestHandlerTest extends UnitTestCase {
                $this->requestMock->expects($this->any())->method('getQueryParams')->will($this->returnValue(array('M' => 'module_fixture')));
                $this->formProtectionMock->expects($this->once())->method('validateToken')->will($this->returnValue(TRUE));
                $this->subject->expects($this->once())->method('boot');
-               $this->subject->expects($this->once())->method('getFormProtection')->will($this->returnValue($this->formProtectionMock));
+               $this->subject->expects($this->atLeastOnce())->method('getFormProtection')->will($this->returnValue($this->formProtectionMock));
 
                $this->subject->handleRequest($this->requestMock);
        }