public function ServicesSecurityTests::testSessionCSRF in Services 7.3
File
- tests/
functional/ ServicesSecurityTests.test, line 37
Class
Code
public function testSessionCSRF() {
$variable_name = $this
->randomName();
$variable_value = $this
->randomString();
$default_variable_value = $this
->randomString();
$this
->servicesPost($this->endpoint->path . '/system/set_variable', array(
'name' => $variable_name,
'value' => $variable_value,
));
$get_variable_args = array(
'name' => $variable_name,
'default' => $default_variable_value,
);
$response = $this
->servicesPostNoCSRFHeader($this->endpoint->path . '/system/get_variable', $get_variable_args);
$this
->assertEqual($response['status'], 'HTTP/1.1 401 Unauthorized : CSRF validation failed');
$bad_csrf_token_headers = array(
'X-CSRF-Token: ' . $this
->randomString(),
);
$response = $this
->servicesPostNoCSRFHeader($this->endpoint->path . '/system/get_variable', $get_variable_args, $bad_csrf_token_headers);
$this
->assertEqual($response['status'], 'HTTP/1.1 401 Unauthorized : CSRF validation failed');
$csrf_token = $this
->drupalGet('services/session/token');
$good_csrf_token_headers = array(
'X-CSRF-Token: ' . $csrf_token,
);
$response = $this
->servicesPostNoCSRFHeader($this->endpoint->path . '/system/get_variable', $get_variable_args, $good_csrf_token_headers);
$this
->assertEqual($response['body'], $variable_value, 'Value of variable retrieved.');
}