|
|
|
|
@ -4,6 +4,7 @@ use PHPUnit\Framework\TestCase;
|
|
|
|
|
|
|
|
|
|
use BradyMcD\TAATP\AntiCSRF\Base as BaseAntiCSRF;
|
|
|
|
|
use BradyMcD\TAATP\Session\Base as BaseSession;
|
|
|
|
|
use DateTimeImmutable;
|
|
|
|
|
|
|
|
|
|
final class TestClock implements \Psr\Clock\ClockInterface
|
|
|
|
|
{
|
|
|
|
|
@ -14,9 +15,9 @@ final class TestClock implements \Psr\Clock\ClockInterface
|
|
|
|
|
self::$time = 42;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
function setTime(int $t): void
|
|
|
|
|
function setTime(int $time): void
|
|
|
|
|
{
|
|
|
|
|
self::$time = $t;
|
|
|
|
|
self::$time = $time;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
function now(): DateTimeImmutable
|
|
|
|
|
@ -25,18 +26,22 @@ final class TestClock implements \Psr\Clock\ClockInterface
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/** @SuppressWarnings(PHPMD.StaticAccess)*/
|
|
|
|
|
/**
|
|
|
|
|
* @SuppressWarnings(PHPMD.StaticAccess)
|
|
|
|
|
* @SuppressWarnings(PHPMD.Superglobals)
|
|
|
|
|
*/
|
|
|
|
|
final class AntiCSRFTest extends TestCase
|
|
|
|
|
{
|
|
|
|
|
private static $clock;
|
|
|
|
|
private static $AntiCSRF;
|
|
|
|
|
private static $antiCSRF;
|
|
|
|
|
private static $session;
|
|
|
|
|
|
|
|
|
|
/** @SuppressWarnings(PHPMD.MissingImport) */
|
|
|
|
|
public static function setUpBeforeClass(): void
|
|
|
|
|
{
|
|
|
|
|
self::$session = new BaseSession();
|
|
|
|
|
self::$clock = new TestClock();
|
|
|
|
|
self::$AntiCSRF = new BaseAntiCSRF(self::$session, self::$clock);
|
|
|
|
|
self::$antiCSRF = new BaseAntiCSRF(self::$session, self::$clock);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function testRAIITokenGeneration(): void
|
|
|
|
|
@ -48,27 +53,27 @@ final class AntiCSRFTest extends TestCase
|
|
|
|
|
public function testTokenRegeneration(): void
|
|
|
|
|
{
|
|
|
|
|
$currToken = self::$session->get(BaseAntiCSRF::CSRF_TOKEN_IDX);
|
|
|
|
|
self::$AntiCSRF->regenerate();
|
|
|
|
|
self::$antiCSRF->regenerate();
|
|
|
|
|
$this->assertNotEquals($currToken, self::$session->get(BaseAntiCSRF::CSRF_TOKEN_IDX));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function testMatchRejectsMissingToken(): void
|
|
|
|
|
{
|
|
|
|
|
$this->assertFalse(self::$AntiCSRF->match());
|
|
|
|
|
$this->assertFalse(self::$antiCSRF->match());
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function testMatchRejectsWrongToken(): void
|
|
|
|
|
{
|
|
|
|
|
$_REQUEST[BaseAntiCSRF::CSRF_TOKEN_IDX] = "Not a token";
|
|
|
|
|
|
|
|
|
|
$this->assertFalse(self::$AntiCSRF->match());
|
|
|
|
|
$this->assertFalse(self::$antiCSRF->match());
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function testMatchAcceptsToken(): void
|
|
|
|
|
{
|
|
|
|
|
$_REQUEST[BaseAntiCSRF::CSRF_TOKEN_IDX] = self::$session->get(BaseAntiCSRF::CSRF_TOKEN_IDX);
|
|
|
|
|
|
|
|
|
|
$this->assertTrue(self::$AntiCSRF->match());
|
|
|
|
|
$this->assertTrue(self::$antiCSRF->match());
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function testMatchRejectsExpired(): void
|
|
|
|
|
|
