brady
/
TAATP
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '3078c0501a'
${ noResults }
TAATP/tests/AntiCSRFTest.php

87 lines
2.2 KiB
Raw Blame History

<?php declare(strict_types=1);
use PHPUnit\Framework\TestCase;
use BradyMcD\TAATP\AntiCSRF\Base as BaseAntiCSRF;
use BradyMcD\TAATP\Session\Base as BaseSession;
final class TestClock implements \Psr\Clock\ClockInterface
{
private static $time;
public function __construct()
{
self::$time = 42;
}
function setTime(int $time): void
{
self::$time = $time;
}
/** @SuppressWarnings(PHPMD.MissingImport) */
function now(): \DateTimeImmutable
{
return (new \DateTimeImmutable())->setTimestamp(self::$time);
}
}
/**
* @SuppressWarnings(PHPMD.StaticAccess)
* @SuppressWarnings(PHPMD.Superglobals)
*/
final class AntiCSRFTest extends TestCase
{
private static $clock;
private static $antiCSRF;
private static $session;
/** @SuppressWarnings(PHPMD.MissingImport) */
public static function setUpBeforeClass(): void
{
self::$session = new BaseSession();
self::$clock = new TestClock();
self::$antiCSRF = new BaseAntiCSRF(self::$session, self::$clock);
}
public function testRAIITokenGeneration(): void
{
$this->assertIsString(self::$session->get(BaseAntiCSRF::CSRF_TOKEN_IDX));
$this->assertIsInt(self::$session->get(BaseAntiCSRF::CSRF_EXPIRY_IDX));
}
public function testTokenRegeneration(): void
{
$currToken = self::$session->get(BaseAntiCSRF::CSRF_TOKEN_IDX);
self::$antiCSRF->regenerate();
$this->assertNotEquals($currToken, self::$session->get(BaseAntiCSRF::CSRF_TOKEN_IDX));
}
public function testMatchRejectsMissingToken(): void
{
$this->assertFalse(self::$antiCSRF->match());
}
public function testMatchRejectsWrongToken(): void
{
$_REQUEST[BaseAntiCSRF::CSRF_TOKEN_IDX] = "Not a token";
$this->assertFalse(self::$antiCSRF->match());
}
public function testMatchAcceptsToken(): void
{
$_REQUEST[BaseAntiCSRF::CSRF_TOKEN_IDX] = self::$session->get(BaseAntiCSRF::CSRF_TOKEN_IDX);
$this->assertTrue(self::$antiCSRF->match());
}
public function testMatchRejectsExpired(): void
{
self::$clock->setTime(self::$clock->now()->getTimestamp() + 3600);
$this->assertFalse(self::$antiCSRF->match());
}
}
Reference in new issue View Git Blame Copy Permalink