/** * Render the request hash field * * @return string the hmac field * @author Sebastian Kurfürst <*****@*****.**> */ protected function renderRequestHashField() { $formFieldNames = $this->viewHelperVariableContainer->get('F3\\Fluid\\ViewHelpers\\FormViewHelper', 'formFieldNames'); $this->postProcessUriArgumentsForRequesthash($this->controllerContext->getUriBuilder()->getLastArguments(), $formFieldNames); $requestHash = $this->requestHashService->generateRequestHash($formFieldNames); return '<input type="hidden" name="__hmac" value="' . htmlspecialchars($requestHash) . '" />'; }
/** * @test * @author Sebastian Kurfürst */ public function verifyRequestHashValidatesTheHashAndSetsHmacVerifiedToFalseIfHashCouldNotBeVerified() { $request = $this->getMock($this->buildAccessibleProxy('F3\\FLOW3\\MVC\\Web\\Request'), array('hasArgument', 'getArgument', 'setHmacVerified')); $request->expects($this->once())->method('hasArgument')->with('__hmac')->will($this->returnValue(TRUE)); $request->expects($this->once())->method('getArgument')->with('__hmac')->will($this->returnValue('11111' . '0000000000000000000000000000000000000000')); $request->expects($this->once())->method('setHmacVerified')->with(FALSE); $hashService = $this->getMock('F3\\FLOW3\\Security\\Cryptography\\HashService', array('validateHmac')); $hashService->expects($this->once())->method('validateHmac')->with('11111', '0000000000000000000000000000000000000000')->will($this->returnValue(FALSE)); $requestHashService = new \F3\FLOW3\Security\Channel\RequestHashService(); $requestHashService->injectHashService($hashService); $requestHashService->verifyRequest($request); }