Skip to content
Permalink
Browse files

Keep CSRF tokens consistent across all requests in a test case.

Keep the CSRF token consistent across all the requests in a single test
case method. This saves regenerating the token and even lets people
pre-configure the token if they really want to.

Refs #7828
  • Loading branch information...
markstory committed Dec 12, 2015
1 parent 1404250 commit cf833c7843261d4a897f4a923ae192a0aef94849
Showing with 37 additions and 5 deletions.
  1. +4 −5 src/TestSuite/IntegrationTestCase.php
  2. +33 −0 tests/TestCase/TestSuite/IntegrationTestCaseTest.php
@@ -430,12 +430,11 @@ protected function _addTokens($url, $data)
}
if ($this->_csrfToken === true) {
$csrfToken = Text::uuid();
if (!isset($data['_csrfToken'])) {
$data['_csrfToken'] = $csrfToken;
}
if (!isset($this->_cookie['csrfToken'])) {
$this->_cookie['csrfToken'] = $csrfToken;
$this->_cookie['csrfToken'] = Text::uuid();
}
if (!isset($data['_csrfToken'])) {
$data['_csrfToken'] = $this->_cookie['csrfToken'];
}
}
return $data;
@@ -97,6 +97,39 @@ public function testRequestBuildingCsrfTokens()
$this->assertSame('fale', $request->data['_csrfToken']);
}
/**
* Test multiple actions using CSRF tokens don't fail
*
* @return void
*/
public function testEnableCsrfMultipleRequests()
{
$this->enableCsrfToken();
$first = $this->_buildRequest('/tasks/add', 'POST', ['title' => 'First post']);
$second = $this->_buildRequest('/tasks/add', 'POST', ['title' => 'Second post']);
$this->assertSame($first->cookies['csrfToken'], $second->data['_csrfToken'], 'Csrf token should match cookie');
$this->assertSame(
$first->data['_csrfToken'],
$second->data['_csrfToken'],
'Tokens should be consistent per test method'
);
}
/**
* Test pre-determined CSRF tokens.
*
* @return void
*/
public function testEnableCsrfPredeterminedCookie()
{
$this->enableCsrfToken();
$value = 'I am a teapot';
$this->cookie('csrfToken', $value);
$request = $this->_buildRequest('/tasks/add', 'POST', ['title' => 'First post']);
$this->assertSame($value, $request->cookies['csrfToken'], 'Csrf token should match cookie');
$this->assertSame($value, $request->data['_csrfToken'], 'Tokens should match');
}
/**
* Test building a request, with query parameters
*

0 comments on commit cf833c7

Please sign in to comment.
You can’t perform that action at this time.