public function testIdentifiers() { $token1 = Csrf::getToken(); $token2 = Csrf::getToken("foo"); $token2a = Csrf::getToken("foo"); $token2b = Csrf::getToken("foo"); $token3 = Csrf::getToken(15); $_POST[Csrf::POST_KEY] = $token2; $this->assertTrue(Csrf::isValidToken($token1)); $this->assertFalse(Csrf::isValidToken($token2)); $this->assertFalse(Csrf::isValidToken($token3)); $this->assertFalse(Csrf::isValidToken($token1, "foo")); $this->assertTrue(Csrf::isValidToken($token2, "foo")); $this->assertFalse(Csrf::isValidToken($token3, "foo")); $this->assertFalse(Csrf::isValidToken($token1, 15)); $this->assertFalse(Csrf::isValidToken($token2, 15)); $this->assertTrue(Csrf::isValidToken($token3, 15)); $this->assertFalse(Csrf::isValidToken($token1, "bar")); $this->assertFalse(Csrf::isValidToken($token2, "bar")); $this->assertFalse(Csrf::isValidToken($token3, "bar")); $this->assertFalse(Csrf::checkPostToken()); $this->assertTrue(Csrf::checkPostToken("foo")); $this->assertFalse(Csrf::checkPostToken("foo")); $this->assertFalse(Csrf::checkPostToken(15)); $_POST[Csrf::POST_KEY] = $token2a; $this->assertTrue($token2a !== $token2); $this->assertFalse(Csrf::checkPostToken('')); $this->assertTrue(Csrf::checkPostToken('foo')); $this->assertTrue($token2b !== $token2); $this->assertFalse(Csrf::checkToken($token2b, 15)); $this->assertTrue(Csrf::checkToken($token2b, 'foo')); $this->assertFalse(Csrf::checkToken($token2b, 'foo')); }
$falses = array(); session_destroy(); $trues[] = !session_id(); Csrf::getTokenIndex(); $falses[] = !session_id(); session_destroy(); $trues[] = !session_id(); Csrf::getToken(); $falses[] = !session_id(); session_destroy(); $trues[] = !session_id(); Csrf::getTag(); $falses[] = !session_id(); session_destroy(); $trues[] = !session_id(); Csrf::checkToken(); $falses[] = !session_id(); session_destroy(); $trues[] = !session_id(); Csrf::checkPostToken(); $trues[] = !session_id(); $_POST[Csrf::POST_KEY] = '-'; Csrf::checkPostToken(); $falses[] = !session_id(); session_destroy(); $trues[] = !session_id(); Csrf::isValidToken(); $falses[] = !session_id(); session_destroy(); $trues[] = !session_id(); Csrf::isValidToken();