public function testGetCodeWithMissingCSRFState()
{
$facebook = new FBCode(array('appId' => self::APP_ID, 'secret' => self::SECRET));
$code = $_REQUEST['code'] = $this->generateMD5HashOfRandomValue();
// intentionally don't set CSRF token at all
$this->assertFalse($facebook->publicGetCode(), 'Expect getCode to fail, CSRF state not sent back.');
}
public function testPersistentCSRFStateWithSharedSession()
{
$_SERVER['HTTP_HOST'] = 'fbrell.com';
$facebook = new FBCode(array('appId' => self::APP_ID, 'secret' => self::SECRET, 'sharedSession' => true));
$facebook->setCSRFStateToken();
$code = $facebook->getCSRFStateToken();
$facebook = new FBCode(array('appId' => self::APP_ID, 'secret' => self::SECRET, 'sharedSession' => true));
$this->assertEquals($code, $facebook->publicGetState(), 'Persisted CSRF state token not loaded correctly with shared session');
}