Skip to content
Permalink
Browse files

Adding tests for csrf feature separation.

Removing serialize() calls as they didn't really add anything.
  • Loading branch information...
markstory committed Sep 30, 2010
1 parent 72a1c95 commit b088daf045a19c818d427e28d752566f3e7044e8
@@ -580,7 +580,7 @@ protected function _validatePost(&$controller) {
$token = $data['_Token']['key'];
if ($this->Session->check('_Token')) {
$tokenData = unserialize($this->Session->read('_Token'));
$tokenData = $this->Session->read('_Token');
if ($tokenData['expires'] < time() || $tokenData['key'] !== $token) {
return false;
@@ -651,7 +651,7 @@ protected function _validatePost(&$controller) {
protected function _generateToken(&$controller) {
if (isset($controller->params['requested']) && $controller->params['requested'] === 1) {
if ($this->Session->check('_Token')) {
$tokenData = unserialize($this->Session->read('_Token'));
$tokenData = $this->Session->read('_Token');
$controller->params['_Token'] = $tokenData;
}
return false;
@@ -671,7 +671,7 @@ protected function _generateToken(&$controller) {
}
if ($this->Session->check('_Token')) {
$tokenData = unserialize($this->Session->read('_Token'));
$tokenData = $this->Session->read('_Token');
$valid = (
isset($tokenData['expires']) &&
$tokenData['expires'] > time() &&
@@ -683,7 +683,7 @@ protected function _generateToken(&$controller) {
}
}
$controller->request->params['_Token'] = $token;
$this->Session->write('_Token', serialize($token));
$this->Session->write('_Token', $token);
return true;
}
@@ -152,6 +152,7 @@ function setUp() {
$this->Controller->Components->init($this->Controller);
$this->Controller->Security = $this->Controller->TestSecurity;
$this->Controller->Security->blackHoleCallback = 'fail';
$this->Security = $this->Controller->Security;
Configure::write('Security.salt', 'foo!');
}
@@ -856,16 +857,6 @@ function testValidateHiddenMultipleModel() {
$this->assertTrue($result);
}
/**
* testLoginValidation method
*
* @access public
* @return void
*/
function testLoginValidation() {
}
/**
* testValidateHasManyModel method
*
@@ -1238,4 +1229,19 @@ function testBlackHoleNotDeletingSessionInformation() {
$this->Controller->Security->blackHole($this->Controller, 'auth');
$this->assertTrue($this->Controller->Security->Session->check('_Token'), '_Token was deleted by blackHole %s');
}
/**
* test setting
*
* @return void
*/
function testCsrfSettings() {
$this->Security->validatePost = false;
$this->Security->enableCsrf = true;
$this->Security->csrfExpires = '+10 minutes';
$this->Security->startup($this->Controller);
$token = $this->Security->Session->read('_Token');
$this->assertEquals(count($token['csrf']), 1, 'Missing the csrf token.');
}
}

0 comments on commit b088daf

Please sign in to comment.
You can’t perform that action at this time.