Note: Will ignore any other data inside security.*.
/** * Tests that `FormSignature` correctly ignores other fields in the `'security'` array when * generating signatures. */ public function testIgnoreSecurityFields() { $components = array('a%3A1%3A%7Bs%3A6%3A%22active%22%3Bs%3A4%3A%22true%22%3B%7D', 'a%3A0%3A%7B%7D', '$2a$10$NuNTOeXv4OHpPJtbdAmfReFiSmFw5hmc6sSy8qwns6/DWNSSOjR1y'); $signature = join('::', $components); $request = new Request(array('data' => array('email' => 'foo@baz', 'pass' => 'whatever', 'active' => 'true', 'security' => compact('signature') + array('foo' => 'bar')))); $this->assertTrue(FormSignature::check($request)); }
/** * Tests that the `Security` helper correctly binds to the `Form` helper to collect field * information and generate a signature. */ public function testFormSignatureGeneration() { $form = new Form(array('context' => $this->context)); $this->subject->sign($form); ob_start(); $content = array($form->create(null, array('url' => 'http:///')), $form->text('email', array('value' => 'foo@bar')), $form->password('pass'), $form->hidden('active', array('value' => 'true')), $form->end()); $signature = ob_get_clean(); preg_match('/value="([^"]+)"/', $signature, $match); list(, $signature) = $match; $expected = array('a%3A1%3A%7Bs%3A6%3A%22active%22%3Bs%3A4%3A%22true%22%3B%7D', 'a%3A0%3A%7B%7D', '$2a$10$NuNTOeXv4OHpPJtbdAmfReFiSmFw5hmc6sSy8qwns6/DWNSSOjR1y'); $this->assertEqual(join('::', $expected), $signature); $request = new Request(array('data' => array('email' => 'foo@baz', 'pass' => 'whatever', 'active' => 'true', 'security' => compact('signature')))); $this->assertTrue(FormSignature::check($request)); }
public function testFormSignatureWithMethodPUT() { $form = new Form(array('context' => $this->context)); $this->subject->sign($form); ob_start(); $content = array($form->create(null, array('url' => 'http:///', 'method' => 'PUT')), $form->text('email', array('value' => 'foo@bar')), $form->end()); $signature = ob_get_clean(); preg_match('/value="([^"]+)"/', $signature, $match); list(, $signature) = $match; $request = new Request(array('data' => array('_method' => 'PUT', 'email' => 'foo@baz', 'security' => compact('signature')))); $this->assertTrue(FormSignature::check($request)); }
/** * Tests that `FormSignature` correctly ignores other fields in the `'security'` array when * generating signatures. */ public function testIgnoreSecurityFields() { $signature = FormSignature::key(array('fields' => array('email' => 'foo@baz', 'pass' => 'whatever'), 'locked' => array('active' => 'true'))); $request = new Request(array('data' => array('email' => 'foo@baz', 'pass' => 'whatever', 'active' => 'true', 'security' => compact('signature') + array('foo' => 'bar')))); $this->assertTrue(FormSignature::check($request)); }