/** * Render the request hash field * * @return string the hmac field * @author Sebastian Kurfürst <*****@*****.**> */ protected function renderRequestHashField() { $formFieldNames = $this->viewHelperVariableContainer->get('Tx_Fluid_ViewHelpers_FormViewHelper', 'formFieldNames'); $this->postProcessUriArgumentsForRequesthash($this->formActionUriArguments, $formFieldNames); $requestHash = $this->requestHashService->generateRequestHash($formFieldNames, $this->getFieldNamePrefix()); // in v4, we need to prefix __hmac as well to make it show up in the request object. return '<input type="hidden" name="' . $this->prefixFieldName('__hmac') . '" value="' . htmlspecialchars($requestHash) . '" />'; }
/** * @test * @expectedException Tx_Extbase_Security_Exception_SyntacticallyWrongRequestHash * @author Sebastian Kurfürst */ public function verifyRequestHashThrowsExceptionIfHmacIsShortherThan40Characters() { $request = $this->getMock($this->buildAccessibleProxy('Tx_Extbase_MVC_Web_Request'), array('hasArgument', 'getArgument', 'setHmacVerified')); $request->expects($this->once())->method('hasArgument')->with('__hmac')->will($this->returnValue(TRUE)); $request->expects($this->once())->method('getArgument')->with('__hmac')->will($this->returnValue('abc')); $requestHashService = new Tx_Extbase_Security_Channel_RequestHashService(); $requestHashService->verifyRequest($request); }