You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
82 lines
2.1 KiB
82 lines
2.1 KiB
<?php declare(strict_types=1);
|
|
|
|
use PHPUnit\Framework\TestCase;
|
|
|
|
use BradyMcD\TAATP\AntiCSRF\Base as BaseAntiCSRF;
|
|
use BradyMcD\TAATP\Session\Base as BaseSession;
|
|
|
|
final class TestClock implements \Psr\Clock\ClockInterface
|
|
{
|
|
private static $time;
|
|
|
|
public function __construct()
|
|
{
|
|
self::$time = 42;
|
|
}
|
|
|
|
function setTime(int $t): void
|
|
{
|
|
self::$time = $t;
|
|
}
|
|
|
|
function now(): DateTimeImmutable
|
|
{
|
|
return (new DateTimeImmutable())->setTimestamp(self::$time);
|
|
}
|
|
}
|
|
|
|
/** @SuppressWarnings(PHPMD.StaticAccess)*/
|
|
final class AntiCSRFTest extends TestCase
|
|
{
|
|
private static $clock;
|
|
private static $AntiCSRF;
|
|
private static $session;
|
|
|
|
public static function setUpBeforeClass(): void
|
|
{
|
|
self::$session = new BaseSession();
|
|
self::$clock = new TestClock();
|
|
self::$AntiCSRF = new BaseAntiCSRF(self::$session, self::$clock);
|
|
}
|
|
|
|
public function testRAIITokenGeneration(): void
|
|
{
|
|
$this->assertIsString(self::$session->get(BaseAntiCSRF::CSRF_TOKEN_IDX));
|
|
$this->assertIsInt(self::$session->get(BaseAntiCSRF::CSRF_EXPIRY_IDX));
|
|
}
|
|
|
|
public function testTokenRegeneration(): void
|
|
{
|
|
$currToken = self::$session->get(BaseAntiCSRF::CSRF_TOKEN_IDX);
|
|
self::$AntiCSRF->regenerate();
|
|
$this->assertNotEquals($currToken, self::$session->get(BaseAntiCSRF::CSRF_TOKEN_IDX));
|
|
}
|
|
|
|
public function testMatchRejectsMissingToken(): void
|
|
{
|
|
$this->assertFalse(self::$AntiCSRF->match());
|
|
}
|
|
|
|
public function testMatchRejectsWrongToken(): void
|
|
{
|
|
$_REQUEST[BaseAntiCSRF::CSRF_TOKEN_IDX] = "Not a token";
|
|
|
|
$this->assertFalse(self::$AntiCSRF->match());
|
|
}
|
|
|
|
public function testMatchAcceptsToken(): void
|
|
{
|
|
$_REQUEST[BaseAntiCSRF::CSRF_TOKEN_IDX] = self::$session->get(BaseAntiCSRF::CSRF_TOKEN_IDX);
|
|
|
|
$this->assertTrue(self::$AntiCSRF->match());
|
|
}
|
|
|
|
public function testMatchRejectsExpired(): void
|
|
{
|
|
self::$clock->setTime(self::$clock->now()->getTimestamp() + 3600);
|
|
|
|
$this->assertFalse(self::$AntiCSRF->match());
|
|
}
|
|
|
|
}
|