Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Fix integration test case with form tampering.
IntegrationTestCase form tamper token generation was not the same as
FormHelpers, and had issues with nested fields always triggering
a blackhole. This builds upon the work done in #7717 and fixes issues
introduced there.
  • Loading branch information
markstory committed Jan 1, 2016
1 parent 6d6c449 commit f55b44a
Show file tree
Hide file tree
Showing 2 changed files with 25 additions and 3 deletions.
6 changes: 4 additions & 2 deletions src/TestSuite/IntegrationTestCase.php
Expand Up @@ -467,8 +467,10 @@ protected function _buildRequest($url, $method, $data)
protected function _addTokens($url, $data)
{
if ($this->_securityToken === true) {
$keys = Hash::flatten($data);
$tokenData = $this->_buildFieldToken($url, array_keys($keys));
$keys = array_map(function ($field) {
return preg_replace('/(\.\d+)+$/', '', $field);
}, array_keys(Hash::flatten($data)));
$tokenData = $this->_buildFieldToken($url, array_unique($keys));
$data['_Token'] = $tokenData;
}

Expand Down
22 changes: 21 additions & 1 deletion tests/TestCase/TestSuite/IntegrationTestCaseTest.php
Expand Up @@ -240,7 +240,7 @@ public function testPostAndErrorHandling()
}

/**
* Test posting to a secured form action action.
* Test posting to a secured form action.
*
* @return void
*/
Expand All @@ -256,6 +256,26 @@ public function testPostSecuredForm()
$this->assertResponseContains('Request was accepted');
}

/**
* Test posting to a secured form action with nested data.
*
* @return void
*/
public function testPostSecuredFormNestedData()
{
$this->enableSecurityToken();
$data = [
'title' => 'New post',
'comments' => [
['comment' => 'A new comment']
],
'tags' => ['_ids' => [1, 2, 3, 4]]
];
$this->post('/posts/securePost', $data);
$this->assertResponseOk();
$this->assertResponseContains('Request was accepted');
}

/**
* Test posting to a secured form action action.
*
Expand Down

0 comments on commit f55b44a

Please sign in to comment.