PHP SilverStripe\Security SecurityToken::enable Beispiele

Programmiersprache: PHP

Namespace / Paketname: SilverStripe\Security

Klasse / Typ: SecurityToken

Methode / Funktion: enable

Beispiele auf hotexamples.com: 5

PHP SilverStripe\Security SecurityToken::enable - 5 Beispiele gefunden. Dies sind die am besten bewerteten PHP Beispiele für die SilverStripe\Security\SecurityToken::enable, die aus Open Source-Projekten extrahiert wurden. Sie können Beispiele bewerten, um die Qualität der Beispiele zu verbessern.

Häufig verwendete Methoden

Anzeigen Verbergen

inst(8)

enable(5)

disable(4)

is_enabled(2)

addToUrl(1)

check(1)

checkRequest(1)

getName(1)

getSecurityID(1)

getValue(1)

get_default_name(1)

reset(1)

setValue(1)

updateFieldSet(1)

Beispiel #1

Datei anzeigen

Datei: SecurityTokenTest.php Projekt: jacobbuck/silverstripe-framework

 public function testIsEnabledStatic()
 {
     $this->assertTrue(SecurityToken::is_enabled());
     SecurityToken::disable();
     $this->assertFalse(SecurityToken::is_enabled());
     SecurityToken::enable();
     $this->assertTrue(SecurityToken::is_enabled());
 }

Beispiel #2

Datei anzeigen

Datei: RequestHandlingTest.php Projekt: jacobbuck/silverstripe-framework

 public function testFormActionsCanBypassAllowedActions()
 {
     SecurityToken::enable();
     $response = $this->get('RequestHandlingTest_FormActionController');
     $this->assertEquals(200, $response->getStatusCode());
     $tokenEls = $this->cssParser()->getBySelector('#Form_Form_SecurityID');
     $securityId = (string) $tokenEls[0]['value'];
     $data = array('action_formaction' => 1);
     $response = $this->post('RequestHandlingTest_FormActionController/Form', $data);
     $this->assertEquals(400, $response->getStatusCode(), 'Should fail: Invocation through POST form handler, not contained in $allowed_actions, without CSRF token');
     $data = array('action_disallowedcontrollermethod' => 1, 'SecurityID' => $securityId);
     $response = $this->post('RequestHandlingTest_FormActionController/Form', $data);
     $this->assertEquals(403, $response->getStatusCode(), 'Should fail: Invocation through POST form handler, controller action instead of form action,' . ' not contained in $allowed_actions, with CSRF token');
     $data = array('action_formaction' => 1, 'SecurityID' => $securityId);
     $response = $this->post('RequestHandlingTest_FormActionController/Form', $data);
     $this->assertEquals(200, $response->getStatusCode());
     $this->assertEquals('formaction', $response->getBody(), 'Should pass: Invocation through POST form handler, not contained in $allowed_actions, with CSRF token');
     $data = array('action_controlleraction' => 1, 'SecurityID' => $securityId);
     $response = $this->post('RequestHandlingTest_FormActionController/Form', $data);
     $this->assertEquals(200, $response->getStatusCode(), 'Should pass: Invocation through POST form handler, controller action instead of form action, contained in' . ' $allowed_actions, with CSRF token');
     $data = array('action_formactionInAllowedActions' => 1);
     $response = $this->post('RequestHandlingTest_FormActionController/Form', $data);
     $this->assertEquals(400, $response->getStatusCode(), 'Should fail: Invocation through POST form handler, contained in $allowed_actions, without CSRF token');
     $data = array('action_formactionInAllowedActions' => 1, 'SecurityID' => $securityId);
     $response = $this->post('RequestHandlingTest_FormActionController/Form', $data);
     $this->assertEquals(200, $response->getStatusCode(), 'Should pass: Invocation through POST form handler, contained in $allowed_actions, with CSRF token');
     $data = array();
     $response = $this->post('RequestHandlingTest_FormActionController/formaction', $data);
     $this->assertEquals(404, $response->getStatusCode(), 'Should fail: Invocation through POST URL, not contained in $allowed_actions, without CSRF token');
     $data = array();
     $response = $this->post('RequestHandlingTest_FormActionController/formactionInAllowedActions', $data);
     $this->assertEquals(200, $response->getStatusCode(), 'Should pass: Invocation of form action through POST URL, contained in $allowed_actions, without CSRF token');
     $data = array('SecurityID' => $securityId);
     $response = $this->post('RequestHandlingTest_FormActionController/formactionInAllowedActions', $data);
     $this->assertEquals(200, $response->getStatusCode(), 'Should pass: Invocation of form action through POST URL, contained in $allowed_actions, with CSRF token');
     $data = array();
     // CSRF protection doesnt kick in for direct requests
     $response = $this->post('RequestHandlingTest_FormActionController/formactionInAllowedActions', $data);
     $this->assertEquals(200, $response->getStatusCode(), 'Should pass: Invocation of form action through POST URL, contained in $allowed_actions, without CSRF token');
     SecurityToken::disable();
 }

Beispiel #3

Datei anzeigen

Datei: FunctionalTest.php Projekt: SpiritLevel/silverstripe-framework

 public function tearDown()
 {
     SecurityToken::enable();
     parent::tearDown();
     unset($this->mainSession);
 }

Beispiel #4

Datei anzeigen

Datei: FormTest.php Projekt: SpiritLevel/silverstripe-framework

 public function testDisableSecurityToken()
 {
     SecurityToken::enable();
     $form = $this->getStubForm();
     $this->assertTrue($form->getSecurityToken()->isEnabled());
     $form->disableSecurityToken();
     $this->assertFalse($form->getSecurityToken()->isEnabled());
     SecurityToken::disable();
     // restore original
 }

Beispiel #5

Datei anzeigen

Datei: FunctionalTest.php Projekt: jacobbuck/silverstripe-framework

 public function tearDown()
 {
     SecurityToken::enable();
     parent::tearDown();
     unset($this->mainSession);
     if (static::get_disable_themes()) {
         Config::inst()->update('SSViewer', 'theme', $this->originalTheme);
     }
 }