/** * @expectedException Hyperframework\Web\ForbiddenException */ public function testInvalidToken() { $engine2 = $this->getMock('Hyperframework\\Web\\ResponseEngine'); $engine2->expects($this->once())->method('setCookie'); Response::setEngine($engine2); $engine = new CsrfProtectionEngine(); $_SERVER['REQUEST_METHOD'] = 'POST'; Request::setBody(['_csrf_token' => 'invalid']); $_COOKIE['_csrf_token'] = 'token'; $engine->run(); }