View source
<?php
namespace Drupal\Tests\Core\Access;
use Drupal\Core\Site\Settings;
use Drupal\Tests\UnitTestCase;
use Drupal\Core\Access\CsrfTokenGenerator;
use Drupal\Component\Utility\Crypt;
class CsrfTokenGeneratorTest extends UnitTestCase {
protected $generator;
protected $privateKey;
protected $sessionMetadata;
protected function setUp() {
parent::setUp();
$this->privateKey = $this
->getMockBuilder('Drupal\\Core\\PrivateKey')
->disableOriginalConstructor()
->setMethods([
'get',
])
->getMock();
$this->sessionMetadata = $this
->getMockBuilder('Drupal\\Core\\Session\\MetadataBag')
->disableOriginalConstructor()
->getMock();
$settings = [
'hash_salt' => $this
->randomMachineName(),
];
new Settings($settings);
$this->generator = new CsrfTokenGenerator($this->privateKey, $this->sessionMetadata);
}
protected function setupDefaultExpectations() {
$key = Crypt::randomBytesBase64();
$this->privateKey
->expects($this
->any())
->method('get')
->will($this
->returnValue($key));
$seed = Crypt::randomBytesBase64();
$this->sessionMetadata
->expects($this
->any())
->method('getCsrfTokenSeed')
->will($this
->returnValue($seed));
}
public function testGet() {
$this
->setupDefaultExpectations();
$this
->assertIsString($this->generator
->get());
$this
->assertNotSame($this->generator
->get(), $this->generator
->get($this
->randomMachineName()));
$this
->assertNotSame($this->generator
->get($this
->randomMachineName()), $this->generator
->get($this
->randomMachineName()));
}
public function testGenerateSeedOnGet() {
$key = Crypt::randomBytesBase64();
$this->privateKey
->expects($this
->any())
->method('get')
->will($this
->returnValue($key));
$this->sessionMetadata
->expects($this
->once())
->method('getCsrfTokenSeed')
->will($this
->returnValue(NULL));
$this->sessionMetadata
->expects($this
->once())
->method('setCsrfTokenSeed')
->with($this
->isType('string'));
$this
->assertIsString($this->generator
->get());
}
public function testValidate() {
$this
->setupDefaultExpectations();
$token = $this->generator
->get();
$this
->assertTrue($this->generator
->validate($token));
$this
->assertFalse($this->generator
->validate($token, 'foo'));
$token = $this->generator
->get('bar');
$this
->assertTrue($this->generator
->validate($token, 'bar'));
}
public function testValidateParameterTypes($token, $value) {
$this
->setupDefaultExpectations();
set_error_handler(function () {
return TRUE;
});
$this
->assertFalse($this->generator
->validate($token, $value));
restore_error_handler();
}
public function providerTestValidateParameterTypes() {
return [
[
[],
'',
],
[
TRUE,
'foo',
],
[
0,
'foo',
],
];
}
public function testInvalidParameterTypes($token, $value = '') {
$this
->setupDefaultExpectations();
$this
->expectException(\InvalidArgumentException::class);
$this->generator
->validate($token, $value);
}
public function providerTestInvalidParameterTypes() {
return [
[
NULL,
new \stdClass(),
],
[
0,
[],
],
[
'',
[],
],
[
[],
[],
],
];
}
public function testGetWithNoHashSalt() {
new Settings([]);
$generator = new CsrfTokenGenerator($this->privateKey, $this->sessionMetadata);
$this
->expectException(\RuntimeException::class);
$generator
->get();
}
}