public function testIsTokenValidWithValidToken() { $this->storageInterface->expects($this->once())->method('hasToken')->willReturn(true); $token = new \OC\Security\CSRF\CsrfToken('XlQhHjgWCgBXAEI0Khl+IQEiCXN2LUcDHAQTQAc1HQs=:qgkUlg8l3m8WnkOG4XM9Az33pAt1vSVMx4hcJFsxdqc='); $this->storageInterface->expects($this->once())->method('getToken')->willReturn('/3JKTq2ldmzcDr1f5zDJ7Wt0lEgqqfKF'); $this->assertSame(true, $this->csrfTokenManager->isTokenValid($token)); }
/** * @dataProvider invalidTokenDataProvider * @param string $invalidToken */ public function testPassesCSRFCheckWithInvalidToken($invalidToken) { /** @var Request $request */ $request = $this->getMockBuilder('\\OC\\AppFramework\\Http\\Request')->setMethods(['getScriptName'])->setConstructorArgs([['server' => ['HTTP_REQUESTTOKEN' => $invalidToken]], $this->secureRandom, $this->config, $this->csrfTokenManager, $this->stream])->getMock(); $token = new CsrfToken($invalidToken); $this->csrfTokenManager->expects($this->any())->method('isTokenValid')->with($token)->willReturn(false); $this->assertFalse($request->passesCSRFCheck()); }
/** * Checks if the CSRF check was correct * @return bool true if CSRF check passed */ public function passesCSRFCheck() { if ($this->csrfTokenManager === null) { return false; } if (isset($this->items['get']['requesttoken'])) { $token = $this->items['get']['requesttoken']; } elseif (isset($this->items['post']['requesttoken'])) { $token = $this->items['post']['requesttoken']; } elseif (isset($this->items['server']['HTTP_REQUESTTOKEN'])) { $token = $this->items['server']['HTTP_REQUESTTOKEN']; } else { //no token found. return false; } $token = new CsrfToken($token); return $this->csrfTokenManager->isTokenValid($token); }