Skip to content
Permalink
Browse files

Adding another test for csrfUseOnce.

  • Loading branch information...
markstory committed Oct 25, 2010
1 parent 22239b4 commit a57f8d3851abcf2ca669d62188083321fc115108
Showing with 32 additions and 0 deletions.
  1. +32 −0 cake/tests/cases/libs/controller/components/security.test.php
@@ -1429,4 +1429,36 @@ function testCsrfNotUseOnce() {
$this->assertEquals(1, count($token2), 'Should only be one token.');
$this->assertEquals($token, $token2, 'Tokens should not be different.');
}
/**
* ensure that longer session tokens are not consumed
*
* @return void
*/
function testCsrfNotUseOnceValidationLeavingToken() {
$this->Security->validatePost = false;
$this->Security->csrfCheck = true;
$this->Security->csrfUseOnce = false;
$this->Security->csrfExpires = '+10 minutes';
$this->Security->Session->write('_Token.csrfTokens', array('nonce1' => strtotime('+10 minutes')));
$this->Controller->request = $this->getMock('CakeRequest', array('is'));
$this->Controller->request->expects($this->once())->method('is')
->with('post')
->will($this->returnValue(true));
$this->Controller->request->params['action'] = 'index';
$this->Controller->request->data = array(
'_Token' => array(
'key' => 'nonce1'
),
'Post' => array(
'title' => 'Woot'
)
);
$this->Security->startup($this->Controller);
$token = $this->Security->Session->read('_Token');
$this->assertTrue(isset($token['csrfTokens']['nonce1']), 'Token was consumed');
}
}

0 comments on commit a57f8d3

Please sign in to comment.
You can’t perform that action at this time.