public function testIdentifiers()
{
$token1 = Csrf::getToken();
$token2 = Csrf::getToken("foo");
$token2a = Csrf::getToken("foo");
$token2b = Csrf::getToken("foo");
$token3 = Csrf::getToken(15);
$_POST[Csrf::POST_KEY] = $token2;
$this->assertTrue(Csrf::isValidToken($token1));
$this->assertFalse(Csrf::isValidToken($token2));
$this->assertFalse(Csrf::isValidToken($token3));
$this->assertFalse(Csrf::isValidToken($token1, "foo"));
$this->assertTrue(Csrf::isValidToken($token2, "foo"));
$this->assertFalse(Csrf::isValidToken($token3, "foo"));
$this->assertFalse(Csrf::isValidToken($token1, 15));
$this->assertFalse(Csrf::isValidToken($token2, 15));
$this->assertTrue(Csrf::isValidToken($token3, 15));
$this->assertFalse(Csrf::isValidToken($token1, "bar"));
$this->assertFalse(Csrf::isValidToken($token2, "bar"));
$this->assertFalse(Csrf::isValidToken($token3, "bar"));
$this->assertFalse(Csrf::checkPostToken());
$this->assertTrue(Csrf::checkPostToken("foo"));
$this->assertFalse(Csrf::checkPostToken("foo"));
$this->assertFalse(Csrf::checkPostToken(15));
$_POST[Csrf::POST_KEY] = $token2a;
$this->assertTrue($token2a !== $token2);
$this->assertFalse(Csrf::checkPostToken(''));
$this->assertTrue(Csrf::checkPostToken('foo'));
$this->assertTrue($token2b !== $token2);
$this->assertFalse(Csrf::checkToken($token2b, 15));
$this->assertTrue(Csrf::checkToken($token2b, 'foo'));
$this->assertFalse(Csrf::checkToken($token2b, 'foo'));
}
public function testTagNameAndValue()
{
$tag = Csrf::getTag();
$tag = preg_replace('`\\s+`', '', strtr($tag, '\'', '"'));
$this->assertContains('name="' . Csrf::POST_KEY . '"', $tag, 'The CSRF tag name should be Csrf::POST_KEY');
$this->assertTrue(preg_match('`value="([^"]*)"`', $tag, $value) > 0, 'The CSRF tag value should be catchable');
$value = $value[1];
$this->assertTrue(preg_match('`^[' . preg_quote(Csrf::TOKEN_CHARS) . ']+$`', $value) > 0, 'The CSRF tag value should only use chars in Csrf::TOKEN_CHARS');
$this->assertSame(strlen($value), Csrf::TOKEN_LENGTH, 'The CSRF tag value length should be Csrf::TOKEN_LENGTH');
}
$trues[] = !session_id();
Csrf::getToken();
$falses[] = !session_id();
session_destroy();
$trues[] = !session_id();
Csrf::getTag();
$falses[] = !session_id();
session_destroy();
$trues[] = !session_id();
Csrf::checkToken();
$falses[] = !session_id();
session_destroy();
$trues[] = !session_id();
Csrf::checkPostToken();
$trues[] = !session_id();
$_POST[Csrf::POST_KEY] = '-';
Csrf::checkPostToken();
$falses[] = !session_id();
session_destroy();
$trues[] = !session_id();
Csrf::isValidToken();
$falses[] = !session_id();
session_destroy();
$trues[] = !session_id();
Csrf::isValidToken();
$falses[] = !session_id();
session_destroy();
$trues[] = !session_id();
$_sessionTestsResults = (object) array('trues' => $trues, 'falses' => $falses);
unset($trues);
unset($falses);
