Ejemplo n.º 1
0
 public function testIdentifiers()
 {
     $token1 = Csrf::getToken();
     $token2 = Csrf::getToken("foo");
     $token2a = Csrf::getToken("foo");
     $token2b = Csrf::getToken("foo");
     $token3 = Csrf::getToken(15);
     $_POST[Csrf::POST_KEY] = $token2;
     $this->assertTrue(Csrf::isValidToken($token1));
     $this->assertFalse(Csrf::isValidToken($token2));
     $this->assertFalse(Csrf::isValidToken($token3));
     $this->assertFalse(Csrf::isValidToken($token1, "foo"));
     $this->assertTrue(Csrf::isValidToken($token2, "foo"));
     $this->assertFalse(Csrf::isValidToken($token3, "foo"));
     $this->assertFalse(Csrf::isValidToken($token1, 15));
     $this->assertFalse(Csrf::isValidToken($token2, 15));
     $this->assertTrue(Csrf::isValidToken($token3, 15));
     $this->assertFalse(Csrf::isValidToken($token1, "bar"));
     $this->assertFalse(Csrf::isValidToken($token2, "bar"));
     $this->assertFalse(Csrf::isValidToken($token3, "bar"));
     $this->assertFalse(Csrf::checkPostToken());
     $this->assertTrue(Csrf::checkPostToken("foo"));
     $this->assertFalse(Csrf::checkPostToken("foo"));
     $this->assertFalse(Csrf::checkPostToken(15));
     $_POST[Csrf::POST_KEY] = $token2a;
     $this->assertTrue($token2a !== $token2);
     $this->assertFalse(Csrf::checkPostToken(''));
     $this->assertTrue(Csrf::checkPostToken('foo'));
     $this->assertTrue($token2b !== $token2);
     $this->assertFalse(Csrf::checkToken($token2b, 15));
     $this->assertTrue(Csrf::checkToken($token2b, 'foo'));
     $this->assertFalse(Csrf::checkToken($token2b, 'foo'));
 }
Ejemplo n.º 2
0
$falses = array();
session_destroy();
$trues[] = !session_id();
Csrf::getTokenIndex();
$falses[] = !session_id();
session_destroy();
$trues[] = !session_id();
Csrf::getToken();
$falses[] = !session_id();
session_destroy();
$trues[] = !session_id();
Csrf::getTag();
$falses[] = !session_id();
session_destroy();
$trues[] = !session_id();
Csrf::checkToken();
$falses[] = !session_id();
session_destroy();
$trues[] = !session_id();
Csrf::checkPostToken();
$trues[] = !session_id();
$_POST[Csrf::POST_KEY] = '-';
Csrf::checkPostToken();
$falses[] = !session_id();
session_destroy();
$trues[] = !session_id();
Csrf::isValidToken();
$falses[] = !session_id();
session_destroy();
$trues[] = !session_id();
Csrf::isValidToken();