setTimestamp(self::$time); } } /** * @SuppressWarnings(PHPMD.StaticAccess) * @SuppressWarnings(PHPMD.Superglobals) */ final class AntiCSRFTest extends TestCase { private static $clock; private static $antiCSRF; private static $session; /** @SuppressWarnings(PHPMD.MissingImport) */ public static function setUpBeforeClass(): void { self::$session = new BaseSession(); self::$clock = new TestClock(); self::$antiCSRF = new BaseAntiCSRF(self::$session, self::$clock); } public function testRAIITokenGeneration(): void { $this->assertIsString(self::$session->get(BaseAntiCSRF::CSRF_TOKEN_IDX)); $this->assertIsInt(self::$session->get(BaseAntiCSRF::CSRF_EXPIRY_IDX)); } public function testTokenRegeneration(): void { $currToken = self::$session->get(BaseAntiCSRF::CSRF_TOKEN_IDX); self::$antiCSRF->regenerate(); $this->assertNotEquals($currToken, self::$session->get(BaseAntiCSRF::CSRF_TOKEN_IDX)); } public function testMatchRejectsMissingToken(): void { $this->assertFalse(self::$antiCSRF->match()); } public function testMatchRejectsWrongToken(): void { $_REQUEST[BaseAntiCSRF::CSRF_TOKEN_IDX] = "Not a token"; $this->assertFalse(self::$antiCSRF->match()); } public function testMatchAcceptsToken(): void { $_REQUEST[BaseAntiCSRF::CSRF_TOKEN_IDX] = self::$session->get(BaseAntiCSRF::CSRF_TOKEN_IDX); $this->assertTrue(self::$antiCSRF->match()); } public function testMatchRejectsExpired(): void { self::$clock->setTime(self::$clock->now()->getTimestamp() + 3600); $this->assertFalse(self::$antiCSRF->match()); } }