CsrfTokenRaceTest.php

Same filename in other branches
  1. 9 core/tests/Drupal/FunctionalJavascriptTests/Core/CsrfTokenRaceTest.php
  2. 8.9.x core/tests/Drupal/FunctionalJavascriptTests/Core/CsrfTokenRaceTest.php
  3. 10 core/tests/Drupal/FunctionalJavascriptTests/Core/CsrfTokenRaceTest.php

Namespace

Drupal\FunctionalJavascriptTests\Core

File

core/tests/Drupal/FunctionalJavascriptTests/Core/CsrfTokenRaceTest.php

View source
<?php

declare (strict_types=1);
namespace Drupal\FunctionalJavascriptTests\Core;

use Drupal\FunctionalJavascriptTests\WebDriverTestBase;

/**
 * Test race condition for CSRF tokens for simultaneous requests.
 *
 * @group Session
 */
class CsrfTokenRaceTest extends WebDriverTestBase {
    
    /**
     * {@inheritdoc}
     */
    protected static $modules = [
        'csrf_race_test',
    ];
    
    /**
     * {@inheritdoc}
     */
    protected $defaultTheme = 'stark';
    
    /**
     * Tests race condition for CSRF tokens for simultaneous requests.
     */
    public function testCsrfRace() : void {
        $user = $this->createUser([
            'access content',
        ]);
        $this->drupalLogin($user);
        $this->drupalGet('/csrf_race/test');
        $script = '';
        // Delay the request processing of the first request by one second through
        // the request parameter, which will simulate the concurrent processing
        // of both requests.
        foreach ([
            1,
            0,
        ] as $i) {
            $script .= <<<EOT
      jQuery.ajax({
        url: "{<span class="php-variable">$this</span>-&gt;<span class="php-function-or-constant property member-of-self">baseUrl</span>}/csrf_race/get_csrf_token/{<span class="php-variable">$i</span>}",
        method: "GET",
        headers: {
          "Content-Type": "application/json"
        },
        success: function(response) {
          jQuery('body').append("<p class='csrf{<span class="php-variable">$i</span>}'></p>");
          jQuery('.csrf{<span class="php-variable">$i</span>}').html(response);
        },
        error: function() {
          jQuery('body').append('Nothing');
        }
      });
EOT;
        }
        $this->getSession()
            ->getDriver()
            ->executeScript($script);
        $token0 = $this->assertSession()
            ->waitForElement('css', '.csrf0')
            ->getHtml();
        $token1 = $this->assertSession()
            ->waitForElement('css', '.csrf1')
            ->getHtml();
        $this->assertNotNull($token0);
        $this->assertNotNull($token1);
        $this->assertEquals($token0, $token1);
    }

}

Classes

Title Deprecated Summary
CsrfTokenRaceTest Test race condition for CSRF tokens for simultaneous requests.

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.