public function testSpentToken() { $tokenStore = new ArrayTokenStore(); $token = $tokenStore->generateNewToken(); $tokenStore->saveToken($token); $tokenStore->consumeToken($token); $_POST["doink"] = "binky"; // add the token as if it were from a previous page $_POST[HTMLDocumentProtector::$TOKEN_NAME] = $token; $this->expectException("\\Gt\\Csrf\\exception\\CSRFTokenSpentException"); $tokenStore->processAndVerify(); }
public function testConsumeAToken() { $sut = new ArrayTokenStore(); // generate a token $token = $sut->generateNewToken(); $sut->saveToken($token); // now consume it $sut->consumeToken($token); // and make sure it no longer passes verification $this->expectException("\\Gt\\Csrf\\exception\\CSRFTokenSpentException"); $sut->verifyToken($token); }