/** * Tests Security::checkToken */ public function testCheckToken() { $this->specify('The Security::checkToken works incorrectly', function () { $di = $this->setupDI(); $s = new Security(); $s->setDI($di); // Random token and token key check $tokenKey = $s->getTokenKey(); $token = $s->getToken(); $_POST = [$tokenKey => $token]; expect($s->checkToken(null, null, false))->true(); expect($s->checkToken())->true(); expect($s->checkToken())->false(); // Destroy token check $tokenKey = $s->getTokenKey(); $token = $s->getToken(); $s->destroyToken(); $_POST = [$tokenKey => $token]; expect($s->checkToken())->false(); // Custom token key check $token = $s->getToken(); $_POST = ['custom_key' => $token]; expect($s->checkToken(null, null, false))->false(); expect($s->checkToken('other_custom_key', null, false))->false(); expect($s->checkToken('custom_key'))->true(); // Custom token value check $token = $s->getToken(); $_POST = []; expect($s->checkToken(null, null, false))->false(); expect($s->checkToken('some_random_key', 'some_random_value', false))->false(); expect($s->checkToken('custom_key', $token))->true(); }); }