class CsrfTokenRaceTest
Same name and namespace in other branches
- 11.x core/tests/Drupal/FunctionalJavascriptTests/Core/CsrfTokenRaceTest.php \Drupal\FunctionalJavascriptTests\Core\CsrfTokenRaceTest
Test race condition for CSRF tokens for simultaneous requests.
@group Session
Hierarchy
- class \Drupal\Tests\BrowserTestBase uses \Drupal\Core\Test\FunctionalTestSetupTrait, \Drupal\Tests\UiHelperTrait, \Drupal\Core\Test\TestSetupTrait, \Drupal\Tests\block\Traits\BlockCreationTrait, \Drupal\FunctionalTests\AssertLegacyTrait, \Drupal\Tests\RandomGeneratorTrait, \Drupal\Tests\node\Traits\NodeCreationTrait, \Drupal\Tests\node\Traits\ContentTypeCreationTrait, \Drupal\Tests\ConfigTestTrait, \Drupal\Tests\TestRequirementsTrait, \Drupal\Tests\user\Traits\UserCreationTrait, \Drupal\Tests\XdebugRequestTrait, \Drupal\Tests\Traits\PhpUnitWarnings, \Drupal\Tests\PhpUnitCompatibilityTrait, \Symfony\Bridge\PhpUnit\ExpectDeprecationTrait, \Drupal\Tests\ExtensionListTestTrait implements \PHPUnit\Framework\TestCase
- class \Drupal\FunctionalJavascriptTests\WebDriverTestBase implements \Drupal\Tests\BrowserTestBase
- class \Drupal\FunctionalJavascriptTests\Core\CsrfTokenRaceTest implements \Drupal\FunctionalJavascriptTests\WebDriverTestBase
- class \Drupal\FunctionalJavascriptTests\WebDriverTestBase implements \Drupal\Tests\BrowserTestBase
Expanded class hierarchy of CsrfTokenRaceTest
File
-
core/
tests/ Drupal/ FunctionalJavascriptTests/ Core/ CsrfTokenRaceTest.php, line 12
Namespace
Drupal\FunctionalJavascriptTests\CoreView source
class CsrfTokenRaceTest extends WebDriverTestBase {
/**
* {@inheritdoc}
*/
protected static $modules = [
'csrf_race_test',
];
/**
* {@inheritdoc}
*/
protected $defaultTheme = 'stark';
/**
* Tests race condition for CSRF tokens for simultaneous requests.
*/
public function testCsrfRace() {
$user = $this->createUser([
'access content',
]);
$this->drupalLogin($user);
$this->drupalGet('/csrf_race/test');
$script = '';
// Delay the request processing of the first request by one second through
// the request parameter, which will simulate the concurrent processing
// of both requests.
foreach ([
1,
0,
] as $i) {
$script .= <<<EOT
jQuery.ajax({
url: "{<span class="php-variable">$this</span>-><span class="php-function-or-constant property member-of-self">baseUrl</span>}/csrf_race/get_csrf_token/{<span class="php-variable">$i</span>}",
method: "GET",
headers: {
"Content-Type": "application/json"
},
success: function(response) {
jQuery('body').append("<p class='csrf{<span class="php-variable">$i</span>}'></p>");
jQuery('.csrf{<span class="php-variable">$i</span>}').html(response);
},
error: function() {
jQuery('body').append('Nothing');
}
});
EOT;
}
$this->getSession()
->getDriver()
->executeScript($script);
$token0 = $this->assertSession()
->waitForElement('css', '.csrf0')
->getHtml();
$token1 = $this->assertSession()
->waitForElement('css', '.csrf1')
->getHtml();
$this->assertNotNull($token0);
$this->assertNotNull($token1);
$this->assertEquals($token0, $token1);
}
}Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.