public function setUp() { parent::setUp(); Config::nest(); Injector::nest(); $this->securityWasEnabled = SecurityToken::is_enabled(); // Check dependencies if (!class_exists('Phockito')) { $this->skipTest = true; return $this->markTestSkipped("These tests need the Phockito module installed to run"); } // Reset config Config::inst()->update('SpellController', 'required_permission', 'CMS_ACCESS_CMSMain'); Config::inst()->remove('SpellController', 'locales'); Config::inst()->update('SpellController', 'locales', array('en_US', 'en_NZ', 'fr_FR')); Config::inst()->update('SpellController', 'enable_security_token', true); SecurityToken::enable(); // Setup mock for testing provider $spellChecker = Phockito::mock('SpellProvider'); Phockito::when($spellChecker)->checkWords('en_NZ', array('collor', 'colour', 'color', 'onee', 'correct'))->return(array('collor', 'color', 'onee')); Phockito::when($spellChecker)->checkWords('en_US', array('collor', 'colour', 'color', 'onee', 'correct'))->return(array('collor', 'colour', 'onee')); Phockito::when($spellChecker)->getSuggestions('en_NZ', 'collor')->return(array('collar', 'colour')); Phockito::when($spellChecker)->getSuggestions('en_US', 'collor')->return(array('collar', 'color')); Injector::inst()->registerService($spellChecker, 'SpellProvider'); }
public function testIsEnabledStatic() { $this->assertTrue(SecurityToken::is_enabled()); SecurityToken::disable(); $this->assertFalse(SecurityToken::is_enabled()); SecurityToken::enable(); $this->assertTrue(SecurityToken::is_enabled()); }
public function setUp() { parent::setUp(); $this->securityEnabled = SecurityToken::is_enabled(); }
/** * Create a new form, with the given fields an action buttons. * * @param Controller $controller The parent controller, necessary to create the appropriate form action tag. * @param String $name The method on the controller that will return this form object. * @param FieldList $fields All of the fields in the form - a {@link FieldList} of {@link FormField} objects. * @param FieldList $actions All of the action buttons in the form - a {@link FieldLis} of * {@link FormAction} objects * @param Validator $validator Override the default validator instance (Default: {@link RequiredFields}) */ public function __construct($controller, $name, FieldList $fields, FieldList $actions, $validator = null) { parent::__construct(); if (!$fields instanceof FieldList) { throw new InvalidArgumentException('$fields must be a valid FieldList instance'); } if (!$actions instanceof FieldList) { throw new InvalidArgumentException('$actions must be a valid FieldList instance'); } if ($validator && !$validator instanceof Validator) { throw new InvalidArgumentException('$validator must be a Validator instance'); } $fields->setForm($this); $actions->setForm($this); $this->fields = $fields; $this->actions = $actions; $this->controller = $controller; $this->name = $name; if (!$this->controller) { user_error("{$this->class} form created without a controller", E_USER_ERROR); } // Form validation $this->validator = $validator ? $validator : new RequiredFields(); $this->validator->setForm($this); // Form error controls $this->setupFormErrors(); // Check if CSRF protection is enabled, either on the parent controller or from the default setting. Note that // method_exists() is used as some controllers (e.g. GroupTest) do not always extend from Object. if (method_exists($controller, 'securityTokenEnabled') || method_exists($controller, 'hasMethod') && $controller->hasMethod('securityTokenEnabled')) { $securityEnabled = $controller->securityTokenEnabled(); } else { $securityEnabled = SecurityToken::is_enabled(); } $this->securityToken = $securityEnabled ? new SecurityToken() : new NullSecurityToken(); }
/** * @return Product|ProductVariation|Buyable */ protected function buyableFromRequest() { $request = $this->getRequest(); if (SecurityToken::is_enabled() && !SecurityToken::inst()->checkRequest($request)) { return $this->httpError(400, _t("ShoppingCart.CSRF", "Invalid security token, possible CSRF attack.")); } $id = (int) $request->param('ID'); if (empty($id)) { //TODO: store error message return null; } $buyableclass = "Product"; if ($class = $request->param('Buyable')) { $buyableclass = Convert::raw2sql($class); } if (!ClassInfo::exists($buyableclass)) { //TODO: store error message return null; } //ensure only live products are returned, if they are versioned $buyable = Object::has_extension($buyableclass, 'Versioned') ? Versioned::get_by_stage($buyableclass, 'Live')->byID($id) : DataObject::get($buyableclass)->byID($id); if (!$buyable || !$buyable instanceof Buyable) { //TODO: store error message return null; } return $buyable; }
public function testSecurityToken() { $enabled = SecurityToken::is_enabled(); // enable security tokens SecurityToken::enable(); $productId = $this->mp3player->ID; // link should contain the security-token $link = ShoppingCart_Controller::add_item_link($this->mp3player); $this->assertRegExp('{^shoppingcart/add/Product/' . $productId . '\\?SecurityID=[a-f0-9]+$}', $link); // should redirect back to the shop $response = $this->get($link); $this->assertEquals($response->getStatusCode(), 302); // disable security token for cart-links Config::inst()->update('ShoppingCart_Controller', 'disable_security_token', true); $link = ShoppingCart_Controller::add_item_link($this->mp3player); $this->assertEquals('shoppingcart/add/Product/' . $productId, $link); // should redirect back to the shop $response = $this->get($link); $this->assertEquals($response->getStatusCode(), 302); SecurityToken::disable(); Config::inst()->update('ShoppingCart_Controller', 'disable_security_token', false); $link = ShoppingCart_Controller::add_item_link($this->mp3player); $this->assertEquals('shoppingcart/add/Product/' . $productId, $link); // should redirect back to the shop $response = $this->get($link); $this->assertEquals($response->getStatusCode(), 302); SecurityToken::enable(); // should now return a 400 status $response = $this->get($link); $this->assertEquals($response->getStatusCode(), 400); // restore previous setting if (!$enabled) { SecurityToken::disable(); } }
/** * Builds the cache key of this form * * @return void * * @author Sebastian Diel <*****@*****.**> * @since 26.11.2014 */ public function buildCacheKey() { $customParameters = $this->getCustomParameters(); $request = $this->controller->getRequest(); $requestString = ''; $formFieldString = ''; $formFields = $this->getFormFields(); $this->cacheKey = $this->name; if (count($customParameters) > 0) { $customParameterString = ''; foreach ($customParameters as $parameterName => $parameterValue) { $customParameterString .= $parameterName . ':' . $parameterValue . ';'; } $this->cacheKey .= sha1($customParameterString); } if (!is_null($request)) { foreach ($formFields as $fieldName => $fieldDefinition) { $this->addRequiredFieldParams($fieldDefinition, $fieldDefinition); $requestString .= $fieldName . ':' . $request[$fieldName] . ';'; $fieldDefinitionValue = $fieldDefinition['value']; if (is_string($fieldDefinitionValue)) { $formFieldString .= $fieldName . ':' . $fieldDefinitionValue . ';'; } elseif (is_array($fieldDefinitionValue)) { $formFieldString .= $fieldName . ':' . implode('-', $fieldDefinitionValue) . ';'; } } } if (class_exists('Translatable')) { $requestString .= '_' . Translatable::get_current_locale(); } $this->cacheKey .= sha1($requestString); $this->cacheKey .= sha1($formFieldString); $this->cacheKey .= md5($formFieldString); if (SecurityToken::is_enabled()) { $this->cacheKey .= $this->getSecurityID(); } if ($this->hasCacheKeyExtension()) { $this->cacheKey .= $this->getCacheKeyExtension(); } }
public function setUp() { parent::setUp(); //track the default state of tokens $this->useToken = SecurityToken::is_enabled(); }