class CsrfTokenGeneratorTest
Same name in other branches
- 9 core/tests/Drupal/Tests/Core/Access/CsrfTokenGeneratorTest.php \Drupal\Tests\Core\Access\CsrfTokenGeneratorTest
- 8.9.x core/tests/Drupal/Tests/Core/Access/CsrfTokenGeneratorTest.php \Drupal\Tests\Core\Access\CsrfTokenGeneratorTest
- 11.x core/tests/Drupal/Tests/Core/Access/CsrfTokenGeneratorTest.php \Drupal\Tests\Core\Access\CsrfTokenGeneratorTest
Tests the CsrfTokenGenerator class.
@group Access @coversDefaultClass \Drupal\Core\Access\CsrfTokenGenerator
Hierarchy
- class \Drupal\Tests\UnitTestCase extends \PHPUnit\Framework\TestCase uses \Drupal\Tests\Traits\PhpUnitWarnings, \Drupal\Tests\PhpUnitCompatibilityTrait, \Prophecy\PhpUnit\ProphecyTrait, \Symfony\Bridge\PhpUnit\ExpectDeprecationTrait, \Drupal\Tests\RandomGeneratorTrait
- class \Drupal\Tests\Core\Access\CsrfTokenGeneratorTest extends \Drupal\Tests\UnitTestCase
Expanded class hierarchy of CsrfTokenGeneratorTest
File
-
core/
tests/ Drupal/ Tests/ Core/ Access/ CsrfTokenGeneratorTest.php, line 18
Namespace
Drupal\Tests\Core\AccessView source
class CsrfTokenGeneratorTest extends UnitTestCase {
/**
* The CSRF token generator.
*
* @var \Drupal\Core\Access\CsrfTokenGenerator
*/
protected $generator;
/**
* The mock private key instance.
*
* @var \Drupal\Core\PrivateKey|\PHPUnit\Framework\MockObject\MockObject
*/
protected $privateKey;
/**
* The mock session metadata bag.
*
* @var \Drupal\Core\Session\MetadataBag|\PHPUnit\Framework\MockObject\MockObject
*/
protected $sessionMetadata;
/**
* {@inheritdoc}
*/
protected function setUp() : void {
parent::setUp();
$this->privateKey = $this->getMockBuilder('Drupal\\Core\\PrivateKey')
->disableOriginalConstructor()
->onlyMethods([
'get',
])
->getMock();
$this->sessionMetadata = $this->getMockBuilder('Drupal\\Core\\Session\\MetadataBag')
->disableOriginalConstructor()
->getMock();
$settings = [
'hash_salt' => $this->randomMachineName(),
];
new Settings($settings);
$this->generator = new CsrfTokenGenerator($this->privateKey, $this->sessionMetadata);
}
/**
* Set up default expectations on the mocks.
*/
protected function setupDefaultExpectations() {
$key = Crypt::randomBytesBase64();
$this->privateKey
->expects($this->any())
->method('get')
->willReturn($key);
$seed = Crypt::randomBytesBase64();
$this->sessionMetadata
->expects($this->any())
->method('getCsrfTokenSeed')
->willReturn($seed);
}
/**
* Tests CsrfTokenGenerator::get().
*
* @covers ::get
*/
public function testGet() : void {
$this->setupDefaultExpectations();
$this->assertIsString($this->generator
->get());
$this->assertNotSame($this->generator
->get(), $this->generator
->get($this->randomMachineName()));
$this->assertNotSame($this->generator
->get($this->randomMachineName()), $this->generator
->get($this->randomMachineName()));
}
/**
* Tests that a new token seed is generated upon first use.
*
* @covers ::get
*/
public function testGenerateSeedOnGet() : void {
$key = Crypt::randomBytesBase64();
$this->privateKey
->expects($this->any())
->method('get')
->willReturn($key);
$this->sessionMetadata
->expects($this->once())
->method('getCsrfTokenSeed')
->willReturn(NULL);
$this->sessionMetadata
->expects($this->once())
->method('setCsrfTokenSeed')
->with($this->isType('string'));
$this->assertIsString($this->generator
->get());
}
/**
* Tests CsrfTokenGenerator::validate().
*
* @covers ::validate
*/
public function testValidate() : void {
$this->setupDefaultExpectations();
$token = $this->generator
->get();
$this->assertTrue($this->generator
->validate($token));
$this->assertFalse($this->generator
->validate($token, 'foo'));
$token = $this->generator
->get('bar');
$this->assertTrue($this->generator
->validate($token, 'bar'));
}
/**
* Tests CsrfTokenGenerator::validate() with different parameter types.
*
* @param mixed $token
* The token to be validated.
* @param mixed $value
* (optional) An additional value to base the token on.
*
* @covers ::validate
* @dataProvider providerTestValidateParameterTypes
*/
public function testValidateParameterTypes($token, $value) : void {
$this->setupDefaultExpectations();
// The following check might throw PHP fatal errors and notices, so we
// disable error assertions.
set_error_handler(function () {
return TRUE;
});
$this->assertFalse($this->generator
->validate($token, $value));
restore_error_handler();
}
/**
* Provides data for testValidateParameterTypes.
*
* @return array
* An array of data used by the test.
*/
public static function providerTestValidateParameterTypes() {
return [
[
[],
'',
],
[
TRUE,
'foo',
],
[
0,
'foo',
],
];
}
/**
* Tests CsrfTokenGenerator::validate() with invalid parameter types.
*
* @param mixed $token
* The token to be validated.
* @param mixed $value
* (optional) An additional value to base the token on.
*
* @covers ::validate
* @dataProvider providerTestInvalidParameterTypes
*/
public function testInvalidParameterTypes($token, $value = '') : void {
$this->setupDefaultExpectations();
$this->expectException(\InvalidArgumentException::class);
$this->generator
->validate($token, $value);
}
/**
* Provides data for testInvalidParameterTypes.
*
* @return array
* An array of data used by the test.
*/
public static function providerTestInvalidParameterTypes() {
return [
[
NULL,
new \stdClass(),
],
[
0,
[],
],
[
'',
[],
],
[
[],
[],
],
];
}
/**
* Tests the exception thrown when no 'hash_salt' is provided in settings.
*
* @covers ::get
*/
public function testGetWithNoHashSalt() : void {
// Update settings with no hash salt.
new Settings([]);
$generator = new CsrfTokenGenerator($this->privateKey, $this->sessionMetadata);
$this->expectException(\RuntimeException::class);
$generator->get();
}
}
Members
Title Sort descending | Deprecated | Modifiers | Object type | Summary | Overriden Title | Overrides |
---|---|---|---|---|---|---|
CsrfTokenGeneratorTest::$generator | protected | property | The CSRF token generator. | |||
CsrfTokenGeneratorTest::$privateKey | protected | property | The mock private key instance. | |||
CsrfTokenGeneratorTest::$sessionMetadata | protected | property | The mock session metadata bag. | |||
CsrfTokenGeneratorTest::providerTestInvalidParameterTypes | public static | function | Provides data for testInvalidParameterTypes. | |||
CsrfTokenGeneratorTest::providerTestValidateParameterTypes | public static | function | Provides data for testValidateParameterTypes. | |||
CsrfTokenGeneratorTest::setUp | protected | function | Overrides UnitTestCase::setUp | |||
CsrfTokenGeneratorTest::setupDefaultExpectations | protected | function | Set up default expectations on the mocks. | |||
CsrfTokenGeneratorTest::testGenerateSeedOnGet | public | function | Tests that a new token seed is generated upon first use. | |||
CsrfTokenGeneratorTest::testGet | public | function | Tests CsrfTokenGenerator::get(). | |||
CsrfTokenGeneratorTest::testGetWithNoHashSalt | public | function | Tests the exception thrown when no 'hash_salt' is provided in settings. | |||
CsrfTokenGeneratorTest::testInvalidParameterTypes | public | function | Tests CsrfTokenGenerator::validate() with invalid parameter types. | |||
CsrfTokenGeneratorTest::testValidate | public | function | Tests CsrfTokenGenerator::validate(). | |||
CsrfTokenGeneratorTest::testValidateParameterTypes | public | function | Tests CsrfTokenGenerator::validate() with different parameter types. | |||
PhpUnitWarnings::$deprecationWarnings | private static | property | Deprecation warnings from PHPUnit to raise with @trigger_error(). | |||
PhpUnitWarnings::addWarning | public | function | Converts PHPUnit deprecation warnings to E_USER_DEPRECATED. | |||
RandomGeneratorTrait::getRandomGenerator | protected | function | Gets the random generator for the utility methods. | |||
RandomGeneratorTrait::randomMachineName | protected | function | Generates a unique random string containing letters and numbers. | |||
RandomGeneratorTrait::randomObject | public | function | Generates a random PHP object. | |||
RandomGeneratorTrait::randomString | public | function | Generates a pseudo-random string of ASCII characters of codes 32 to 126. | |||
RandomGeneratorTrait::randomStringValidate | Deprecated | public | function | Callback for random string validation. | ||
UnitTestCase::$root | protected | property | The app root. | 1 | ||
UnitTestCase::getClassResolverStub | protected | function | Returns a stub class resolver. | |||
UnitTestCase::getConfigFactoryStub | public | function | Returns a stub config factory that behaves according to the passed array. | |||
UnitTestCase::getConfigStorageStub | public | function | Returns a stub config storage that returns the supplied configuration. | |||
UnitTestCase::getContainerWithCacheTagsInvalidator | protected | function | Sets up a container with a cache tags invalidator. | |||
UnitTestCase::getStringTranslationStub | public | function | Returns a stub translation manager that just returns the passed string. | |||
UnitTestCase::setUpBeforeClass | public static | function | ||||
UnitTestCase::__get | public | function |
Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.