You are here

Home » API reference » Services 7.3 » ServicesSecurityTests.test » ServicesSecurityTests

public function ServicesSecurityTests::testSessionCSRF in Services 7.3

File

tests/functional/ServicesSecurityTests.test, line 37

Class

ServicesSecurityTests

Code

public function testSessionCSRF() {
  $variable_name = $this
    ->randomName();
  $variable_value = $this
    ->randomString();
  $default_variable_value = $this
    ->randomString();
  $this
    ->servicesPost($this->endpoint->path . '/system/set_variable', array(
    'name' => $variable_name,
    'value' => $variable_value,
  ));
  $get_variable_args = array(
    'name' => $variable_name,
    'default' => $default_variable_value,
  );
  $response = $this
    ->servicesPostNoCSRFHeader($this->endpoint->path . '/system/get_variable', $get_variable_args);
  $this
    ->assertEqual($response['status'], 'HTTP/1.1 401 Unauthorized : CSRF validation failed');
  $bad_csrf_token_headers = array(
    'X-CSRF-Token: ' . $this
      ->randomString(),
  );
  $response = $this
    ->servicesPostNoCSRFHeader($this->endpoint->path . '/system/get_variable', $get_variable_args, $bad_csrf_token_headers);
  $this
    ->assertEqual($response['status'], 'HTTP/1.1 401 Unauthorized : CSRF validation failed');
  $csrf_token = $this
    ->drupalGet('services/session/token');
  $good_csrf_token_headers = array(
    'X-CSRF-Token: ' . $csrf_token,
  );
  $response = $this
    ->servicesPostNoCSRFHeader($this->endpoint->path . '/system/get_variable', $get_variable_args, $good_csrf_token_headers);
  $this
    ->assertEqual($response['body'], $variable_value, 'Value of variable retrieved.');
}