Skip to content
This repository has been archived by the owner on Jun 29, 2022. It is now read-only.

unit tests for csrf middleware #112

Merged
merged 5 commits into from Sep 12, 2019
Merged

unit tests for csrf middleware #112

Changes from 2 commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
9cce1ec
add unit tests for csrf middleware
romkatsu Sep 6, 2019
905b204
fix code style
romkatsu Sep 6, 2019
4e5faf3
fix name tests and add dock blocks
romkatsu Sep 6, 2019
bee9fe1
add tests for put and delete requests
romkatsu Sep 6, 2019
b14e0e2
fix code styles
romkatsu Sep 6, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
130 changes: 130 additions & 0 deletions tests/Middleware/CsrfTest.php
View file
Open in desktop
@@ -0,0 +1,130 @@
<?php


namespace Yiisoft\Yii\Web\Tests\Middleware;

use Nyholm\Psr7\Factory\Psr17Factory;
use Nyholm\Psr7\Response;
use Nyholm\Psr7\ServerRequest;
use PHPUnit\Framework\MockObject\MockObject;
use PHPUnit\Framework\TestCase;
use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\ServerRequestInterface;
use Psr\Http\Server\RequestHandlerInterface;
use Yiisoft\Router\Method;
use Yiisoft\Security\Random;
use Yiisoft\Security\TokenMasker;
use Yiisoft\Yii\Web\Middleware\Csrf;
use Yiisoft\Yii\Web\Session\SessionInterface;

final class CsrfTest extends TestCase
{
private const PARAM_NAME = 'csrf';

public function testProcessIsValidTokenWithRequest()
romkatsu marked this conversation as resolved.
Show resolved Hide resolved
{
$token = $this->generateToken();
$middleware = $this->createCsrfMiddlewareWithToken($token);
$response = $middleware->process($this->createPostServerRequestWithBodyToken($token), $this->createRequestHandler());
$this->assertEquals(200, $response->getStatusCode());
}


public function testProcessIsValidTokenWithHeaders()
romkatsu marked this conversation as resolved.
Show resolved Hide resolved
{
$token = $this->generateToken();
$middleware = $this->createCsrfMiddlewareWithToken($token);
$response = $middleware->process($this->createPostServerRequestWithHeaderToken($token), $this->createRequestHandler());
$this->assertEquals(200, $response->getStatusCode());
}

public function testProcessIsAllowMethod()
romkatsu marked this conversation as resolved.
Show resolved Hide resolved
{
$middleware = $this->createCsrfMiddlewareWithToken('');
$response = $middleware->process($this->createServerRequest(Method::GET), $this->createRequestHandler());
$this->assertEquals(200, $response->getStatusCode());
}

public function testProcessInvalidToken()
romkatsu marked this conversation as resolved.
Show resolved Hide resolved
{
$middleware = $this->createCsrfMiddlewareWithToken($this->generateToken());
$response = $middleware->process($this->createPostServerRequestWithBodyToken($this->generateToken()), $this->createRequestHandler());
$this->assertEquals(400, $response->getStatusCode());
}


public function testProcessEmptyTokenInSession()
romkatsu marked this conversation as resolved.
Show resolved Hide resolved
{
$middleware = $this->createCsrfMiddlewareWithToken('');
$response = $middleware->process($this->createPostServerRequestWithBodyToken($this->generateToken()), $this->createRequestHandler());
$this->assertEquals(400, $response->getStatusCode());
}


public function testProcessEmptyTokenInRequest()
romkatsu marked this conversation as resolved.
Show resolved Hide resolved
{
$middleware = $this->createCsrfMiddlewareWithToken($this->generateToken());
$response = $middleware->process($this->createServerRequest(), $this->createRequestHandler());
$this->assertEquals(400, $response->getStatusCode());
}


private function createServerRequest(string $method = Method::POST, array $bodyParams = [], array $headParams = []): ServerRequestInterface
romkatsu marked this conversation as resolved.
Show resolved Hide resolved
{
$request = new ServerRequest($method, '/', $headParams);
return $request->withParsedBody($bodyParams);
}

private function createPostServerRequestWithBodyToken(string $token): ServerRequestInterface
{
return $this->createServerRequest(Method::POST, [
self::PARAM_NAME => TokenMasker::mask($token),
]);
}

private function createPostServerRequestWithHeaderToken(string $token): ServerRequestInterface
{
return $this->createServerRequest(Method::POST, [], [
Csrf::HEADER_NAME => TokenMasker::mask($token),
]);
}

private function createRequestHandler(): RequestHandlerInterface
{
return new class implements RequestHandlerInterface {
public function handle(ServerRequestInterface $request): ResponseInterface
{
return new Response(200);
}
};
}

private function createSessionMock(string $returnToken)
{
/**
* @var SessionInterface|MockObject $sessionMock
*/
$sessionMock = $this->createMock(SessionInterface::class);

$sessionMock
->expects($this->once())
->method('get')
->willReturn($returnToken);

return $sessionMock;
}


private function createCsrfMiddlewareWithToken(string $token): Csrf
{
$middleware = new Csrf(new Psr17Factory(), $this->createSessionMock($token));
$middleware->setName(self::PARAM_NAME);

return $middleware;
}

private function generateToken(): string
{
return Random::string();
}
}