setTimestamp(self::$time); } } /** @SuppressWarnings(PHPMD.StaticAccess)*/ final class AntiCSRFTest extends TestCase { private static $clock; private static $AntiCSRF; private static $session; public static function setUpBeforeClass(): void { self::$session = new BaseSession(); self::$clock = new TestClock(); self::$AntiCSRF = new BaseAntiCSRF(self::$session, self::$clock); } public function testRAIITokenGeneration(): void { $this->assertIsString(self::$session->get(BaseAntiCSRF::CSRF_TOKEN_IDX)); $this->assertIsInt(self::$session->get(BaseAntiCSRF::CSRF_EXPIRY_IDX)); } public function testTokenRegeneration(): void { $currToken = self::$session->get(BaseAntiCSRF::CSRF_TOKEN_IDX); self::$AntiCSRF->regenerate(); $this->assertNotEquals($currToken, self::$session->get(BaseAntiCSRF::CSRF_TOKEN_IDX)); } public function testMatchRejectsMissingToken(): void { $this->assertFalse(self::$AntiCSRF->match()); } public function testMatchRejectsWrongToken(): void { $_REQUEST[BaseAntiCSRF::CSRF_TOKEN_IDX] = "Not a token"; $this->assertFalse(self::$AntiCSRF->match()); } public function testMatchAcceptsToken(): void { $_REQUEST[BaseAntiCSRF::CSRF_TOKEN_IDX] = self::$session->get(BaseAntiCSRF::CSRF_TOKEN_IDX); $this->assertTrue(self::$AntiCSRF->match()); } public function testMatchRejectsExpired(): void { self::$clock->setTime(self::$clock->now()->getTimestamp() + 3600); $this->assertFalse(self::$AntiCSRF->match()); } }