Skip to content
Permalink
Browse files

Add more tests

  • Loading branch information...
chinpei215 committed Oct 16, 2016
1 parent d7ae1c9 commit 739664d6c7846bcc36fa2a9a10ecdff5e0c6376c
Showing with 117 additions and 2 deletions.
  1. +117 −2 lib/Cake/Test/Case/Controller/Component/SecurityComponentTest.php
@@ -46,6 +46,16 @@ public function authRequired(Controller $controller) {
return $this->_authRequired($controller);
}
/**
* methodRequired method
*
* @param Controller $controller
* @return bool
*/
public function methodsRequired(Controller $controller) {
return $this->_methodsRequired($controller);
}
}
/**
@@ -1453,7 +1463,28 @@ public function testCsrfNonceVacuum() {
}
/**
* test that when the key is missing the request is blackHoled
* test that blackhole throws an exception when the key is missing and balckHoleCallback is not set.
*
* @return void
* @expectedException SecurityException
* @expectedExceptionMessage Missing CSRF token
*/
public function testCsrfExceptionOnMissingKey() {
$this->Security->validatePost = false;
$this->Security->csrfCheck = true;
$this->Security->blackHoleCallback = '';
$this->Controller->request->params['action'] = 'index';
$this->Controller->request->data = array(
'Post' => array(
'title' => 'Woot'
)
);
$this->Security->startup($this->Controller);
}
/**
* test that when the keys are mismatched the request is blackHoled
*
* @return void
*/
@@ -1478,7 +1509,34 @@ public function testCsrfBlackHoleOnKeyMismatch() {
}
/**
* test that when the key is missing the request is blackHoled
* test that blackhole throws an exception when the keys are mismatched and balckHoleCallback is not set.
*
* @return void
* @expectedException SecurityException
* @expectedExceptionMessage CSRF token mismatch
*/
public function testCsrfExceptionOnKeyMismatch() {
$this->Security->validatePost = false;
$this->Security->csrfCheck = true;
$this->Security->csrfExpires = '+10 minutes';
$this->Security->blackHoleCallback = '';
$this->Security->Session->write('_Token.csrfTokens', array('nonce1' => strtotime('+10 minutes')));
$this->Controller->request->params['action'] = 'index';
$this->Controller->request->data = array(
'_Token' => array(
'key' => 'not the right value'
),
'Post' => array(
'title' => 'Woot'
)
);
$this->Security->startup($this->Controller);
}
/**
* test that when the key is expried the request is blackHoled
*
* @return void
*/
@@ -1502,6 +1560,33 @@ public function testCsrfBlackHoleOnExpiredKey() {
$this->assertTrue($this->Controller->failed, 'fail() was not called.');
}
/**
* test that blackhole throws an exception when the key is expired and balckHoleCallback is not set
*
* @return void
* @expectedException SecurityException
* @expectedExceptionMessage CSRF token expired
*/
public function testCsrfExceptionOnExpiredKey() {
$this->Security->validatePost = false;
$this->Security->csrfCheck = true;
$this->Security->csrfExpires = '+10 minutes';
$this->Security->blackHoleCallback = '';
$this->Security->Session->write('_Token.csrfTokens', array('nonce1' => strtotime('-5 minutes')));
$this->Controller->request->params['action'] = 'index';
$this->Controller->request->data = array(
'_Token' => array(
'key' => 'nonce1'
),
'Post' => array(
'title' => 'Woot'
)
);
$this->Security->startup($this->Controller);
}
/**
* test that csrfUseOnce = false works.
*
@@ -1840,4 +1925,34 @@ public function testAuthRequired() {
$this->assertTrue($this->Controller->Security->authRequired($this->Controller));
}
/**
* Auth required throws exception controller not allowed
*
* @return void
* @expectedException SecurityException
* @expectedExceptionMessage The request method must be POST
*/
public function testMethodsRequiredThrowsExceptionMethodNotAllowed() {
$_SERVER['REQUEST_METHOD'] = 'GET';
$this->Controller->Security->requirePost = array('delete');
$this->Controller->request->params['controller'] = 'Test';
$this->Controller->request->params['action'] = 'delete';
$this->Controller->Security->startup($this->Controller);
$this->Controller->Security->methodsRequired($this->Controller);
}
/**
* Auth required throws exception controller not allowed
*
* @return void
*/
public function testMethodsRequired() {
$_SERVER['REQUEST_METHOD'] = 'POST';
$this->Controller->Security->requirePost = array('delete');
$this->Controller->request->params['controller'] = 'Test';
$this->Controller->request->params['action'] = 'delete';
$this->Controller->Security->startup($this->Controller);
$this->assertTrue($this->Controller->Security->methodsRequired($this->Controller));
}
}

0 comments on commit 739664d

Please sign in to comment.
You can’t perform that action at this time.