public function testIdentifiers() { $token1 = Csrf::getToken(); $token2 = Csrf::getToken("foo"); $token2a = Csrf::getToken("foo"); $token2b = Csrf::getToken("foo"); $token3 = Csrf::getToken(15); $_POST[Csrf::POST_KEY] = $token2; $this->assertTrue(Csrf::isValidToken($token1)); $this->assertFalse(Csrf::isValidToken($token2)); $this->assertFalse(Csrf::isValidToken($token3)); $this->assertFalse(Csrf::isValidToken($token1, "foo")); $this->assertTrue(Csrf::isValidToken($token2, "foo")); $this->assertFalse(Csrf::isValidToken($token3, "foo")); $this->assertFalse(Csrf::isValidToken($token1, 15)); $this->assertFalse(Csrf::isValidToken($token2, 15)); $this->assertTrue(Csrf::isValidToken($token3, 15)); $this->assertFalse(Csrf::isValidToken($token1, "bar")); $this->assertFalse(Csrf::isValidToken($token2, "bar")); $this->assertFalse(Csrf::isValidToken($token3, "bar")); $this->assertFalse(Csrf::checkPostToken()); $this->assertTrue(Csrf::checkPostToken("foo")); $this->assertFalse(Csrf::checkPostToken("foo")); $this->assertFalse(Csrf::checkPostToken(15)); $_POST[Csrf::POST_KEY] = $token2a; $this->assertTrue($token2a !== $token2); $this->assertFalse(Csrf::checkPostToken('')); $this->assertTrue(Csrf::checkPostToken('foo')); $this->assertTrue($token2b !== $token2); $this->assertFalse(Csrf::checkToken($token2b, 15)); $this->assertTrue(Csrf::checkToken($token2b, 'foo')); $this->assertFalse(Csrf::checkToken($token2b, 'foo')); }
public function testTagNameAndValue() { $tag = Csrf::getTag(); $tag = preg_replace('`\\s+`', '', strtr($tag, '\'', '"')); $this->assertContains('name="' . Csrf::POST_KEY . '"', $tag, 'The CSRF tag name should be Csrf::POST_KEY'); $this->assertTrue(preg_match('`value="([^"]*)"`', $tag, $value) > 0, 'The CSRF tag value should be catchable'); $value = $value[1]; $this->assertTrue(preg_match('`^[' . preg_quote(Csrf::TOKEN_CHARS) . ']+$`', $value) > 0, 'The CSRF tag value should only use chars in Csrf::TOKEN_CHARS'); $this->assertSame(strlen($value), Csrf::TOKEN_LENGTH, 'The CSRF tag value length should be Csrf::TOKEN_LENGTH'); }
$trues[] = !session_id(); Csrf::getToken(); $falses[] = !session_id(); session_destroy(); $trues[] = !session_id(); Csrf::getTag(); $falses[] = !session_id(); session_destroy(); $trues[] = !session_id(); Csrf::checkToken(); $falses[] = !session_id(); session_destroy(); $trues[] = !session_id(); Csrf::checkPostToken(); $trues[] = !session_id(); $_POST[Csrf::POST_KEY] = '-'; Csrf::checkPostToken(); $falses[] = !session_id(); session_destroy(); $trues[] = !session_id(); Csrf::isValidToken(); $falses[] = !session_id(); session_destroy(); $trues[] = !session_id(); Csrf::isValidToken(); $falses[] = !session_id(); session_destroy(); $trues[] = !session_id(); $_sessionTestsResults = (object) array('trues' => $trues, 'falses' => $falses); unset($trues); unset($falses);