Skip to content
This repository has been archived by the owner on Jun 29, 2022. It is now read-only.

Commit

Permalink
Merge 9cce1ec into 5c5c2bc
Browse files Browse the repository at this point in the history
  • Loading branch information
@romkatsu
romkatsu committed Sep 6, 2019
2 parents 5c5c2bc + 9cce1ec commit d9612c8
Showing 1 changed file with 131 additions and 0 deletions.
131 changes: 131 additions & 0 deletions tests/Middleware/CsrfTest.php
View file
@@ -0,0 +1,131 @@
<?php


namespace Yiisoft\Yii\Web\Tests\Middleware;

use Nyholm\Psr7\Factory\Psr17Factory;
use Nyholm\Psr7\Response;
use Nyholm\Psr7\ServerRequest;
use PHPUnit\Framework\MockObject\MockObject;
use PHPUnit\Framework\TestCase;
use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\ServerRequestInterface;
use Psr\Http\Server\RequestHandlerInterface;
use Yiisoft\Router\Method;
use Yiisoft\Security\Random;
use Yiisoft\Security\TokenMasker;
use Yiisoft\Yii\Web\Middleware\Csrf;
use Yiisoft\Yii\Web\Session\SessionInterface;

final class CsrfTest extends TestCase
{
private const PARAM_NAME = 'csrf';

public function testProcessIsValidTokenWithRequest()
{
$token = $this->generateToken();
$middleware = $this->createCsrfMiddlewareWithToken($token);
$response = $middleware->process($this->createPostServerRequestWithBodyToken($token), $this->createRequestHandler());
$this->assertEquals(200, $response->getStatusCode());
}


public function testProcessIsValidTokenWithHeaders()
{
$token = $this->generateToken();
$middleware = $this->createCsrfMiddlewareWithToken($token);
$response = $middleware->process($this->createPostServerRequestWithHeaderToken($token), $this->createRequestHandler());
$this->assertEquals(200, $response->getStatusCode());
}

public function testProcessIsAllowMethod()
{
$middleware = $this->createCsrfMiddlewareWithToken('');
$response = $middleware->process($this->createServerRequest(Method::GET), $this->createRequestHandler());
$this->assertEquals(200, $response->getStatusCode());
}

public function testProcessInvalidToken()
{
$middleware = $this->createCsrfMiddlewareWithToken($this->generateToken());
$response = $middleware->process($this->createPostServerRequestWithBodyToken($this->generateToken()), $this->createRequestHandler());
$this->assertEquals(400, $response->getStatusCode());
}


public function testProcessEmptyTokenInSession()
{
$middleware = $this->createCsrfMiddlewareWithToken('');
$response = $middleware->process($this->createPostServerRequestWithBodyToken($this->generateToken()), $this->createRequestHandler());
$this->assertEquals(400, $response->getStatusCode());
}


public function testProcessEmptyTokenInRequest()
{
$middleware = $this->createCsrfMiddlewareWithToken($this->generateToken());
$response = $middleware->process($this->createServerRequest(), $this->createRequestHandler());
$this->assertEquals(400, $response->getStatusCode());
}


private function createServerRequest(string $method = Method::POST, array $bodyParams = [], array $headParams = []): ServerRequestInterface
{
$request = new ServerRequest($method, '/', $headParams);
return $request->withParsedBody($bodyParams);
}

private function createPostServerRequestWithBodyToken(string $token): ServerRequestInterface
{
return $this->createServerRequest(Method::POST, [
self::PARAM_NAME => TokenMasker::mask($token),
]);
}

private function createPostServerRequestWithHeaderToken(string $token): ServerRequestInterface
{
return $this->createServerRequest(Method::POST, [], [
Csrf::HEADER_NAME => TokenMasker::mask($token),
]);
}

private function createRequestHandler(): RequestHandlerInterface
{
return new class implements RequestHandlerInterface
{
public function handle(ServerRequestInterface $request): ResponseInterface
{
return new Response(200);
}
};
}

private function createSessionMock(string $returnToken)
{
/**
* @var SessionInterface|MockObject $sessionMock
*/
$sessionMock = $this->createMock(SessionInterface::class);

$sessionMock
->expects($this->once())
->method('get')
->willReturn($returnToken);

return $sessionMock;
}


private function createCsrfMiddlewareWithToken(string $token): Csrf
{
$middleware = new Csrf(new Psr17Factory(), $this->createSessionMock($token));
$middleware->setName(self::PARAM_NAME);

return $middleware;
}

private function generateToken(): string
{
return Random::string();
}
}

0 comments on commit d9612c8

Please sign in to comment.