/**
* @expectedException Hyperframework\Web\ForbiddenException
*/
public function testInvalidToken()
{
$engine2 = $this->getMock('Hyperframework\\Web\\ResponseEngine');
$engine2->expects($this->once())->method('setCookie');
Response::setEngine($engine2);
$engine = new CsrfProtectionEngine();
$_SERVER['REQUEST_METHOD'] = 'POST';
Request::setBody(['_csrf_token' => 'invalid']);
$_COOKIE['_csrf_token'] = 'token';
$engine->run();
}
