/
EncryptedCookieMiddlewareTest.php
126 lines (115 loc) · 4.13 KB
/
EncryptedCookieMiddlewareTest.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
<?php
/**
* CakePHP(tm) : Rapid Development Framework (http://cakephp.org)
* Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
*
* Licensed under The MIT License
* For full copyright and license information, please see the LICENSE.txt
* Redistributions of files must retain the above copyright notice.
*
* @copyright Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
* @link http://cakephp.org CakePHP(tm) Project
* @since 3.3.0
* @license http://www.opensource.org/licenses/mit-license.php MIT License
*/
namespace Cake\Test\TestCase\Http\Middleware;
use Cake\Http\Cookie\Cookie;
use Cake\Http\Cookie\CookieCollection;
use Cake\Http\Middleware\EncryptedCookieMiddleware;
use Cake\Http\Response;
use Cake\Http\ServerRequest;
use Cake\TestSuite\TestCase;
use Cake\Utility\CookieCryptTrait;
/**
* Test for EncryptedCookieMiddleware
*/
class EncryptedCookieMiddlewareTest extends TestCase
{
use CookieCryptTrait;
protected $middleware;
protected function _getCookieEncryptionKey()
{
return 'super secret key that no one can guess';
}
/**
* Setup
*/
public function setUp()
{
$this->middleware = new EncryptedCookieMiddleware(
['secret', 'ninja'],
$this->_getCookieEncryptionKey(),
'aes'
);
}
/**
* Test decoding request cookies
*
* @return void
*/
public function testDecodeRequestCookies()
{
$request = new ServerRequest(['url' => '/cookies/nom']);
$request = $request->withCookieParams([
'plain' => 'always plain',
'secret' => $this->_encrypt('decoded', 'aes')
]);
$this->assertNotEquals('decoded', $request->getCookie('decoded'));
$response = new Response();
$next = function ($req, $res) {
$this->assertSame('decoded', $req->getCookie('secret'));
$this->assertSame('always plain', $req->getCookie('plain'));
return $res->withHeader('called', 'yes');
};
$middleware = $this->middleware;
$response = $middleware($request, $response, $next);
$this->assertSame('yes', $response->getHeaderLine('called'), 'Inner middleware not invoked');
}
/**
* Test encoding cookies in the set-cookie header.
*
* @return void
*/
public function testEncodeResponseSetCookieHeader()
{
$request = new ServerRequest(['url' => '/cookies/nom']);
$response = new Response();
$next = function ($req, $res) {
return $res->withAddedHeader('Set-Cookie', 'secret=be%20quiet')
->withAddedHeader('Set-Cookie', 'plain=in%20clear')
->withAddedHeader('Set-Cookie', 'ninja=shuriken');
};
$middleware = $this->middleware;
$response = $middleware($request, $response, $next);
$this->assertNotContains('ninja=shuriken', $response->getHeaderLine('Set-Cookie'));
$this->assertContains('plain=in%20clear', $response->getHeaderLine('Set-Cookie'));
$cookies = CookieCollection::createFromHeader($response->getHeader('Set-Cookie'));
$this->assertTrue($cookies->has('ninja'));
$this->assertEquals(
'shuriken',
$this->_decrypt($cookies->get('ninja')->getValue(), 'aes')
);
}
/**
* Test encoding cookies in the cookie collection.
*
* @return void
*/
public function testEncodeResponseCookieData()
{
$request = new ServerRequest(['url' => '/cookies/nom']);
$response = new Response();
$next = function ($req, $res) {
return $res->withCookie(new Cookie('secret', 'be quiet'))
->withCookie(new Cookie('plain', 'in clear'))
->withCookie(new Cookie('ninja', 'shuriken'));
};
$middleware = $this->middleware;
$response = $middleware($request, $response, $next);
$this->assertNotSame('shuriken', $response->getCookie('ninja'));
$this->assertEquals(
'shuriken',
$this->_decrypt($response->getCookie('ninja')['value'], 'aes')
);
}
}