[BUGFIX] Fix failing unit tests for HTTP host check in CLI mode 23/30323/4
authorHelmut Hummel <helmut.hummel@typo3.org>
Thu, 22 May 2014 09:33:09 +0000 (11:33 +0200)
committerHelmut Hummel <helmut.hummel@typo3.org>
Thu, 22 May 2014 11:43:44 +0000 (13:43 +0200)
The unit tests for the recent HTTP host fix are failing
if executed in CLI mode.
In CLI mode no server environments and HTTP headers are available,
that's why the behavior needs to know about the
test execution process.

We solve this by mocking allowed request types.

Resolves: #59022
Releases: 6.2, 6.1, 6.0
Change-Id: I3c93d181dcec5f34064798e7c31240877fde610d
Reviewed-on: https://review.typo3.org/30323
Reviewed-by: Nicole Cordes
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel
typo3/sysext/core/Classes/Utility/GeneralUtility.php
typo3/sysext/core/Tests/Unit/Utility/Fixtures/GeneralUtilityFixture.php
typo3/sysext/core/Tests/Unit/Utility/GeneralUtilityTest.php

index a7f4278..9225194 100644 (file)
@@ -3564,10 +3564,7 @@ Connection: close
                        return TRUE;
                }
 
-               // Allow all install tool requests
-               // We accept this risk to have the install tool always available
-               // Also CLI needs to be allowed as unfortunately AbstractUserAuthentication::getAuthInfoArray() accesses HTTP_HOST without reason on CLI
-               if (defined('TYPO3_REQUESTTYPE') && (TYPO3_REQUESTTYPE & TYPO3_REQUESTTYPE_INSTALL) || (TYPO3_REQUESTTYPE & TYPO3_REQUESTTYPE_CLI)) {
+               if (static::isInternalRequestType()) {
                        return static::$allowHostHeaderValue = TRUE;
                }
 
@@ -3598,6 +3595,18 @@ Connection: close
        }
 
        /**
+        * Allows internal requests to the install tool and from the command line.
+        * We accept this risk to have the install tool always available.
+        * Also CLI needs to be allowed as unfortunately AbstractUserAuthentication::getAuthInfoArray()
+        * accesses HTTP_HOST without reason on CLI
+        *
+        * @return bool
+        */
+       static protected function isInternalRequestType() {
+               return (defined('TYPO3_REQUESTTYPE') && TYPO3_REQUESTTYPE & (TYPO3_REQUESTTYPE_INSTALL | TYPO3_REQUESTTYPE_CLI));
+       }
+
+       /**
         * Gets the unixtime as milliseconds.
         *
         * @return integer The unixtime as milliseconds
index 4ebc2a5..20b57a2 100644 (file)
@@ -47,7 +47,7 @@ class GeneralUtilityFixture extends GeneralUtility {
         */
        static public function isAllowedHostHeaderValue($hostHeaderValue) {
                self::$isAllowedHostHeaderValueCallCount++;
-               return TRUE;
+               return parent::isAllowedHostHeaderValue($hostHeaderValue);
        }
 
        /**
@@ -57,5 +57,14 @@ class GeneralUtilityFixture extends GeneralUtility {
                static::$allowHostHeaderValue = $allowHostHeaderValue;
        }
 
+       /**
+        * For testing we must not generally allow HTTP Host headers
+        *
+        * @return bool
+        */
+       static protected function isInternalRequestType() {
+               return FALSE;
+       }
+
 
 }
\ No newline at end of file
index 7de13aa..925645e 100644 (file)
@@ -1592,7 +1592,7 @@ class GeneralUtilityTest extends \TYPO3\CMS\Core\Tests\UnitTestCase {
         */
        public function isAllowedHostHeaderValueReturnsFalseIfTrusedHostsIsNotConfigured() {
                unset($GLOBALS['TYPO3_CONF_VARS']['SYS']['trustedHostsPattern']);
-               $this->assertFalse(Utility\GeneralUtility::isAllowedHostHeaderValue('evil.foo.bar'));
+               $this->assertFalse(GeneralUtilityFixture::isAllowedHostHeaderValue('evil.foo.bar'));
        }
 
        /**
@@ -1630,7 +1630,7 @@ class GeneralUtilityTest extends \TYPO3\CMS\Core\Tests\UnitTestCase {
         */
        public function isAllowedHostHeaderValueReturnsTrueIfHostValueMatches($httpHost, $hostNamePattern) {
                $GLOBALS['TYPO3_CONF_VARS']['SYS']['trustedHostsPattern'] = $hostNamePattern;
-               $this->assertTrue(Utility\GeneralUtility::isAllowedHostHeaderValue($httpHost));
+               $this->assertTrue(GeneralUtilityFixture::isAllowedHostHeaderValue($httpHost));
        }
 
        /**
@@ -1641,7 +1641,7 @@ class GeneralUtilityTest extends \TYPO3\CMS\Core\Tests\UnitTestCase {
         */
        public function isAllowedHostHeaderValueReturnsFalseIfHostValueMatches($httpHost, $hostNamePattern) {
                $GLOBALS['TYPO3_CONF_VARS']['SYS']['trustedHostsPattern'] = $hostNamePattern;
-               $this->assertFalse(Utility\GeneralUtility::isAllowedHostHeaderValue($httpHost));
+               $this->assertFalse(GeneralUtilityFixture::isAllowedHostHeaderValue($httpHost));
        }
 
        public function serverNamePatternDataProvider() {
@@ -1715,7 +1715,7 @@ class GeneralUtilityTest extends \TYPO3\CMS\Core\Tests\UnitTestCase {
                $_SERVER['SERVER_NAME'] = $serverName;
                $_SERVER['SERVER_PORT'] = $serverPort;
                $_SERVER['HTTPS'] = $ssl;
-               $this->assertSame($isAllowed, Utility\GeneralUtility::isAllowedHostHeaderValue($httpHost));
+               $this->assertSame($isAllowed, GeneralUtilityFixture::isAllowedHostHeaderValue($httpHost));
        }
 
        /**
@@ -1740,7 +1740,7 @@ class GeneralUtilityTest extends \TYPO3\CMS\Core\Tests\UnitTestCase {
        public function getIndpEnvForHostThrowsExceptionForNotAllowedHostnameValues($httpHost, $hostNamePattern) {
                $_SERVER['HTTP_HOST'] = $httpHost;
                $GLOBALS['TYPO3_CONF_VARS']['SYS']['trustedHostsPattern'] = $hostNamePattern;
-               Utility\GeneralUtility::getIndpEnv('HTTP_HOST');
+               GeneralUtilityFixture::getIndpEnv('HTTP_HOST');
        }
 
        /**