public function testIsTokenValidWithValidToken()
{
$this->storageInterface->expects($this->once())->method('hasToken')->willReturn(true);
$token = new \OC\Security\CSRF\CsrfToken('XlQhHjgWCgBXAEI0Khl+IQEiCXN2LUcDHAQTQAc1HQs=:qgkUlg8l3m8WnkOG4XM9Az33pAt1vSVMx4hcJFsxdqc=');
$this->storageInterface->expects($this->once())->method('getToken')->willReturn('/3JKTq2ldmzcDr1f5zDJ7Wt0lEgqqfKF');
$this->assertSame(true, $this->csrfTokenManager->isTokenValid($token));
}
/**
* @dataProvider invalidTokenDataProvider
* @param string $invalidToken
*/
public function testPassesCSRFCheckWithInvalidToken($invalidToken)
{
/** @var Request $request */
$request = $this->getMockBuilder('\\OC\\AppFramework\\Http\\Request')->setMethods(['getScriptName'])->setConstructorArgs([['server' => ['HTTP_REQUESTTOKEN' => $invalidToken]], $this->secureRandom, $this->config, $this->csrfTokenManager, $this->stream])->getMock();
$token = new CsrfToken($invalidToken);
$this->csrfTokenManager->expects($this->any())->method('isTokenValid')->with($token)->willReturn(false);
$this->assertFalse($request->passesCSRFCheck());
}
/**
* Checks if the CSRF check was correct
* @return bool true if CSRF check passed
*/
public function passesCSRFCheck()
{
if ($this->csrfTokenManager === null) {
return false;
}
if (isset($this->items['get']['requesttoken'])) {
$token = $this->items['get']['requesttoken'];
} elseif (isset($this->items['post']['requesttoken'])) {
$token = $this->items['post']['requesttoken'];
} elseif (isset($this->items['server']['HTTP_REQUESTTOKEN'])) {
$token = $this->items['server']['HTTP_REQUESTTOKEN'];
} else {
//no token found.
return false;
}
$token = new CsrfToken($token);
return $this->csrfTokenManager->isTokenValid($token);
}