Esempio n. 1
0
 public function testGetCodeWithMissingCSRFState()
 {
     $facebook = new FBCode(array('appId' => self::APP_ID, 'secret' => self::SECRET));
     $code = $_REQUEST['code'] = $this->generateMD5HashOfRandomValue();
     // intentionally don't set CSRF token at all
     $this->assertFalse($facebook->publicGetCode(), 'Expect getCode to fail, CSRF state not sent back.');
 }
Esempio n. 2
0
 public function testPersistentCSRFStateWithSharedSession()
 {
     $_SERVER['HTTP_HOST'] = 'fbrell.com';
     $facebook = new FBCode(array('appId' => self::APP_ID, 'secret' => self::SECRET, 'sharedSession' => true));
     $facebook->setCSRFStateToken();
     $code = $facebook->getCSRFStateToken();
     $facebook = new FBCode(array('appId' => self::APP_ID, 'secret' => self::SECRET, 'sharedSession' => true));
     $this->assertEquals($code, $facebook->publicGetState(), 'Persisted CSRF state token not loaded correctly with shared session');
 }