/** * Tests Security::checkPrefixedToken method */ public function testCheckPrefixedToken() { $this->specify('The Security::checkPrefixedToken works incorrectly', function () { $di = $this->setupDI(); $s = new Security(); $s->setDI($di); // Random token and token key check $tokenKey = $s->getPrefixedTokenKey('y'); $token = $s->getPrefixedToken('y'); $_POST = [$tokenKey => $token]; expect($s->checkPrefixedToken('y', null, null, false))->true(); expect($s->checkPrefixedToken('y'))->true(); expect($s->checkPrefixedToken('y'))->false(); // Destroy token check $tokenKey = $s->getPrefixedToken('z'); $token = $s->getPrefixedToken('z'); $s->destroyPrefixedToken('z'); $_POST = [$tokenKey => $token]; expect($s->checkPrefixedToken('z'))->false(); // Custom token key check $token = $s->getPrefixedToken('abc'); $_POST = ['custom_key' => $token]; expect($s->checkPrefixedToken('abc', null, null, false))->false(); expect($s->checkPrefixedToken('abc', 'other_custom_key', null, false))->false(); expect($s->checkPrefixedToken('abc', 'custom_key'))->true(); // Custom token value check $token = $s->getPrefixedToken('xyz'); $_POST = []; expect($s->checkPrefixedToken('xyz', null, null, false))->false(); expect($s->checkPrefixedToken('xyz', 'some_random_key', 'some_random_value', false))->false(); expect($s->checkPrefixedToken('xyz', 'custom_key', $token))->true(); }); }