Permalink
Browse files

Updating SecurityComponent tests to include the disabled field.

  • Loading branch information...
1 parent be6a2e0 commit 046ddceb9aa623294bd51772ba09044a9f061f93 @markstory markstory committed Jun 10, 2011
Showing with 44 additions and 27 deletions.
  1. +44 −27 lib/Cake/Test/Case/Controller/Component/SecurityComponentTest.php
@@ -471,10 +471,11 @@ public function testValidatePost() {
$key = $this->Controller->request->params['_Token']['key'];
$fields = 'a5475372b40f6e3ccbf9f8af191f20e1642fd877%3AModel.valid';
+ $disabled = '';
$this->Controller->request->data = array(
'Model' => array('username' => 'nate', 'password' => 'foo', 'valid' => '0'),
- '_Token' => compact('key', 'fields')
+ '_Token' => compact('key', 'fields', 'disabled')
);
$this->assertTrue($this->Controller->Security->validatePost($this->Controller));
}
@@ -488,10 +489,11 @@ public function testValidatePostFormHacking() {
$this->Controller->Security->startup($this->Controller);
$key = $this->Controller->params['_Token']['key'];
$fields = 'a5475372b40f6e3ccbf9f8af191f20e1642fd877%3AModel.valid';
+ $disabled = '';
$this->Controller->request->data = array(
'Model' => array('username' => 'nate', 'password' => 'foo', 'valid' => '0'),
- '_Token' => compact('key')
+ '_Token' => compact('key', 'disabled')
);
$result = $this->Controller->Security->validatePost($this->Controller);
$this->assertFalse($result, 'validatePost passed when fields were missing. %s');
@@ -507,14 +509,15 @@ public function testValidatePostObjectDeserialize() {
$this->Controller->Security->startup($this->Controller);
$key = $this->Controller->request->params['_Token']['key'];
$fields = 'a5475372b40f6e3ccbf9f8af191f20e1642fd877';
+ $disabled = '';
// a corrupted serialized object, so we can see if it ever gets to deserialize
$attack = 'O:3:"App":1:{s:5:"__map";a:1:{s:3:"foo";s:7:"Hacked!";s:1:"fail"}}';
$fields .= urlencode(':' . str_rot13($attack));
$this->Controller->request->data = array(
'Model' => array('username' => 'mark', 'password' => 'foo', 'valid' => '0'),
- '_Token' => compact('key', 'fields')
+ '_Token' => compact('key', 'fields', 'disabled')
);
$result = $this->Controller->Security->validatePost($this->Controller);
$this->assertFalse($result, 'validatePost passed when key was missing. %s');
@@ -531,10 +534,11 @@ public function testValidatePostArray() {
$key = $this->Controller->request->params['_Token']['key'];
$fields = 'f7d573650a295b94e0938d32b323fde775e5f32b%3A';
+ $disabled = '';
$this->Controller->request->data = array(
'Model' => array('multi_field' => array('1', '3')),
- '_Token' => compact('key', 'fields')
+ '_Token' => compact('key', 'fields', 'disabled')
);
$this->assertTrue($this->Controller->Security->validatePost($this->Controller));
}
@@ -550,10 +554,11 @@ public function testValidatePostNoModel() {
$key = $this->Controller->request->params['_Token']['key'];
$fields = '540ac9c60d323c22bafe997b72c0790f39a8bdef%3A';
+ $disabled = '';
$this->Controller->request->data = array(
'anything' => 'some_data',
- '_Token' => compact('key', 'fields')
+ '_Token' => compact('key', 'fields', 'disabled')
);
$result = $this->Controller->Security->validatePost($this->Controller);
@@ -571,10 +576,11 @@ public function testValidatePostSimple() {
$key = $this->Controller->request->params['_Token']['key'];
$fields = '69f493434187b867ea14b901fdf58b55d27c935d%3A';
+ $disabled = '';
$this->Controller->request->data = $data = array(
'Model' => array('username' => '', 'password' => ''),
- '_Token' => compact('key', 'fields')
+ '_Token' => compact('key', 'fields', 'disabled')
);
$result = $this->Controller->Security->validatePost($this->Controller);
@@ -592,6 +598,7 @@ public function testValidatePostComplex() {
$key = $this->Controller->request->params['_Token']['key'];
$fields = 'c9118120e680a7201b543f562e5301006ccfcbe2%3AAddresses.0.id%7CAddresses.1.id';
+ $disabled = '';
$this->Controller->request->data = array(
'Addresses' => array(
@@ -604,7 +611,7 @@ public function testValidatePostComplex() {
'address' => '', 'city' => '', 'phone' => '', 'primary' => ''
)
),
- '_Token' => compact('key', 'fields')
+ '_Token' => compact('key', 'fields', 'disabled')
);
$result = $this->Controller->Security->validatePost($this->Controller);
$this->assertTrue($result);
@@ -620,32 +627,34 @@ public function testValidatePostMultipleSelect() {
$key = $this->Controller->request->params['_Token']['key'];
$fields = '422cde416475abc171568be690a98cad20e66079%3A';
+ $disabled = '';
$this->Controller->request->data = array(
'Tag' => array('Tag' => array(1, 2)),
- '_Token' => compact('key', 'fields'),
+ '_Token' => compact('key', 'fields', 'disabled'),
);
$result = $this->Controller->Security->validatePost($this->Controller);
$this->assertTrue($result);
$this->Controller->request->data = array(
'Tag' => array('Tag' => array(1, 2, 3)),
- '_Token' => compact('key', 'fields'),
+ '_Token' => compact('key', 'fields', 'disabled'),
);
$result = $this->Controller->Security->validatePost($this->Controller);
$this->assertTrue($result);
$this->Controller->request->data = array(
'Tag' => array('Tag' => array(1, 2, 3, 4)),
- '_Token' => compact('key', 'fields'),
+ '_Token' => compact('key', 'fields', 'disabled'),
);
$result = $this->Controller->Security->validatePost($this->Controller);
$this->assertTrue($result);
$fields = '19464422eafe977ee729c59222af07f983010c5f%3A';
$this->Controller->request->data = array(
'User.password' => 'bar', 'User.name' => 'foo', 'User.is_valid' => '1',
- 'Tag' => array('Tag' => array(1)), '_Token' => compact('key', 'fields'),
+ 'Tag' => array('Tag' => array(1)),
+ '_Token' => compact('key', 'fields', 'disabled'),
);
$result = $this->Controller->Security->validatePost($this->Controller);
$this->assertTrue($result);
@@ -664,10 +673,11 @@ public function testValidatePostCheckbox() {
$this->Controller->Security->startup($this->Controller);
$key = $this->Controller->request->params['_Token']['key'];
$fields = 'a5475372b40f6e3ccbf9f8af191f20e1642fd877%3AModel.valid';
+ $disabled = '';
$this->Controller->request->data = array(
'Model' => array('username' => '', 'password' => '', 'valid' => '0'),
- '_Token' => compact('key', 'fields')
+ '_Token' => compact('key', 'fields', 'disabled')
);
$result = $this->Controller->Security->validatePost($this->Controller);
@@ -677,7 +687,7 @@ public function testValidatePostCheckbox() {
$this->Controller->request->data = array(
'Model' => array('username' => '', 'password' => '', 'valid' => '0'),
- '_Token' => compact('key', 'fields')
+ '_Token' => compact('key', 'fields', 'disabled')
);
$result = $this->Controller->Security->validatePost($this->Controller);
@@ -690,7 +700,7 @@ public function testValidatePostCheckbox() {
$this->Controller->request->data = $data = array(
'Model' => array('username' => '', 'password' => '', 'valid' => '0'),
- '_Token' => compact('key', 'fields')
+ '_Token' => compact('key', 'fields', 'disabled')
);
$result = $this->Controller->Security->validatePost($this->Controller);
@@ -707,14 +717,14 @@ public function testValidatePostHidden() {
$this->Controller->Security->startup($this->Controller);
$key = $this->Controller->request->params['_Token']['key'];
$fields = '51ccd8cb0997c7b3d4523ecde5a109318405ef8c%3AModel.hidden%7CModel.other_hidden';
- $fields .= '';
+ $disabled = '';
$this->Controller->request->data = array(
'Model' => array(
'username' => '', 'password' => '', 'hidden' => '0',
'other_hidden' => 'some hidden value'
),
- '_Token' => compact('key', 'fields')
+ '_Token' => compact('key', 'fields', 'disabled')
);
$result = $this->Controller->Security->validatePost($this->Controller);
$this->assertTrue($result);
@@ -731,12 +741,13 @@ public function testValidatePostWithDisabledFields() {
$this->Controller->Security->startup($this->Controller);
$key = $this->Controller->request->params['_Token']['key'];
$fields = 'ef1082968c449397bcd849f963636864383278b1%3AModel.hidden';
+ $disabled = '';
$this->Controller->request->data = array(
'Model' => array(
'username' => '', 'password' => '', 'hidden' => '0'
),
- '_Token' => compact('fields', 'key')
+ '_Token' => compact('fields', 'key', 'disabled')
);
$result = $this->Controller->Security->validatePost($this->Controller);
@@ -753,12 +764,13 @@ public function testValidateHiddenMultipleModel() {
$this->Controller->Security->startup($this->Controller);
$key = $this->Controller->request->params['_Token']['key'];
$fields = 'a2d01072dc4660eea9d15007025f35a7a5b58e18%3AModel.valid%7CModel2.valid%7CModel3.valid';
+ $disabled = '';
$this->Controller->request->data = array(
'Model' => array('username' => '', 'password' => '', 'valid' => '0'),
'Model2' => array('valid' => '0'),
'Model3' => array('valid' => '0'),
- '_Token' => compact('key', 'fields')
+ '_Token' => compact('key', 'fields', 'disabled')
);
$result = $this->Controller->Security->validatePost($this->Controller);
$this->assertTrue($result);
@@ -775,6 +787,7 @@ public function testValidateHasManyModel() {
$key = $this->Controller->request->params['_Token']['key'];
$fields = '51e3b55a6edd82020b3f29c9ae200e14bbeb7ee5%3AModel.0.hidden%7CModel.0.valid';
$fields .= '%7CModel.1.hidden%7CModel.1.valid';
+ $disabled = '';
$this->Controller->request->data = array(
'Model' => array(
@@ -787,7 +800,7 @@ public function testValidateHasManyModel() {
'hidden' => 'value', 'valid' => '0'
)
),
- '_Token' => compact('key', 'fields')
+ '_Token' => compact('key', 'fields', 'disabled')
);
$result = $this->Controller->Security->validatePost($this->Controller);
@@ -805,6 +818,7 @@ public function testValidateHasManyRecordsPass() {
$key = $this->Controller->request->params['_Token']['key'];
$fields = '7a203edb3d345bbf38fe0dccae960da8842e11d7%3AAddress.0.id%7CAddress.0.primary%7C';
$fields .= 'Address.1.id%7CAddress.1.primary';
+ $disabled = '';
$this->Controller->request->data = array(
'Address' => array(
@@ -829,7 +843,7 @@ public function testValidateHasManyRecordsPass() {
'primary' => '1'
)
),
- '_Token' => compact('key', 'fields')
+ '_Token' => compact('key', 'fields', 'disabled')
);
$result = $this->Controller->Security->validatePost($this->Controller);
@@ -849,6 +863,7 @@ public function testValidateHasManyRecordsFail() {
$key = $this->Controller->request->params['_Token']['key'];
$fields = '7a203edb3d345bbf38fe0dccae960da8842e11d7%3AAddress.0.id%7CAddress.0.primary%7C';
$fields .= 'Address.1.id%7CAddress.1.primary';
+ $disabled = '';
$this->Controller->request->data = array(
'Address' => array(
@@ -873,7 +888,7 @@ public function testValidateHasManyRecordsFail() {
'primary' => '1'
)
),
- '_Token' => compact('key', 'fields')
+ '_Token' => compact('key', 'fields', 'disabled')
);
$result = $this->Controller->Security->validatePost($this->Controller);
@@ -890,10 +905,11 @@ public function testFormDisabledFields() {
$this->Controller->Security->startup($this->Controller);
$key = $this->Controller->request->params['_Token']['key'];
$fields = '11842060341b9d0fc3808b90ba29fdea7054d6ad%3An%3A0%3A%7B%7D';
+ $disabled = '';
$this->Controller->request->data = array(
'MyModel' => array('name' => 'some data'),
- '_Token' => compact('key', 'fields')
+ '_Token' => compact('key', 'fields', 'disabled')
);
$result = $this->Controller->Security->validatePost($this->Controller);
$this->assertFalse($result);
@@ -904,7 +920,7 @@ public function testFormDisabledFields() {
$this->Controller->request->data = array(
'MyModel' => array('name' => 'some data'),
- '_Token' => compact('key', 'fields')
+ '_Token' => compact('key', 'fields', 'disabled')
);
$result = $this->Controller->Security->validatePost($this->Controller);
@@ -921,29 +937,30 @@ public function testRadio() {
$this->Controller->Security->startup($this->Controller);
$key = $this->Controller->request->params['_Token']['key'];
$fields = '575ef54ca4fc8cab468d6d898e9acd3a9671c17e%3An%3A0%3A%7B%7D';
+ $disabled = '';
$this->Controller->request->data = array(
- '_Token' => compact('key', 'fields')
+ '_Token' => compact('key', 'fields', 'disabled')
);
$result = $this->Controller->Security->validatePost($this->Controller);
$this->assertFalse($result);
$this->Controller->request->data = array(
- '_Token' => compact('key', 'fields'),
+ '_Token' => compact('key', 'fields', 'disabled'),
'Test' => array('test' => '')
);
$result = $this->Controller->Security->validatePost($this->Controller);
$this->assertTrue($result);
$this->Controller->request->data = array(
- '_Token' => compact('key', 'fields'),
+ '_Token' => compact('key', 'fields', 'disabled'),
'Test' => array('test' => '1')
);
$result = $this->Controller->Security->validatePost($this->Controller);
$this->assertTrue($result);
$this->Controller->request->data = array(
- '_Token' => compact('key', 'fields'),
+ '_Token' => compact('key', 'fields', 'disabled'),
'Test' => array('test' => '2')
);
$result = $this->Controller->Security->validatePost($this->Controller);

0 comments on commit 046ddce

Please sign in to comment.