public function testSpentToken()
{
$tokenStore = new ArrayTokenStore();
$token = $tokenStore->generateNewToken();
$tokenStore->saveToken($token);
$tokenStore->consumeToken($token);
$_POST["doink"] = "binky";
// add the token as if it were from a previous page
$_POST[HTMLDocumentProtector::$TOKEN_NAME] = $token;
$this->expectException("\\Gt\\Csrf\\exception\\CSRFTokenSpentException");
$tokenStore->processAndVerify();
}
public function testConsumeAToken()
{
$sut = new ArrayTokenStore();
// generate a token
$token = $sut->generateNewToken();
$sut->saveToken($token);
// now consume it
$sut->consumeToken($token);
// and make sure it no longer passes verification
$this->expectException("\\Gt\\Csrf\\exception\\CSRFTokenSpentException");
$sut->verifyToken($token);
}
