Merge pull request #114 from tractorcow/pulls/1.0/respect-csrf

API Respect CSRF on login form
This commit is contained in:
Ingo Schommer 2016-04-20 14:03:19 +12:00
commit 30f944c917
3 changed files with 33 additions and 24 deletions

18
.editorconfig Normal file
View File

@ -0,0 +1,18 @@
# For more information about the properties used in this file,
# please see the EditorConfig documentation:
# http://editorconfig.org
[*]
charset = utf-8
end_of_line = lf
indent_size = 4
indent_style = space
insert_final_newline = true
trim_trailing_whitespace = true
[{*.yml,package.json}]
indent_size = 2
# The indent size used in the package.json file cannot be changed:
# https://github.com/npm/npm/pull/3180#issuecomment-16336516

View File

@ -68,7 +68,7 @@ class LoginContext extends BehatContext
/**
* Creates a member in a group with the correct permissions.
* Example: Given I am logged in with "ADMIN" permissions
*
*
* @Given /^I am logged in with "([^"]*)" permissions$/
*/
function iAmLoggedInWithPermissions($permCode)
@ -78,7 +78,7 @@ class LoginContext extends BehatContext
if (!$group) {
$group = \Injector::inst()->create('Group');
}
$group->Title = "$permCode group";
$group->write();
@ -123,29 +123,14 @@ class LoginContext extends BehatContext
* @When /^I log in with "(?<username>[^"]*)" and "(?<password>[^"]*)"$/
*/
public function stepILogInWith($email, $password)
{
{
$c = $this->getMainContext();
$loginUrl = $c->joinUrlParts($c->getBaseUrl(), $c->getLoginUrl());
$this->getSession()->visit($loginUrl);
$page = $this->getSession()->getPage();
$forms = $page->findAll('xpath', '//form[contains(@action, "Security/LoginForm")]');
assertNotNull($forms, 'Login form not found');
// Try to find visible forms on current page
// Allow multiple login forms (e.g. social login) by filering for "Email" field
$visibleForm = null;
foreach($forms as $form) {
if($form->isVisible() && $form->find('css', '[name=Email]')) {
$visibleForm = $form;
}
}
// If no login form, go to /security/login page
if(!$visibleForm) {
$c = $this->getMainContext();
$loginUrl = $c->joinUrlParts($c->getBaseUrl(), $c->getLoginUrl());
$this->getSession()->visit($loginUrl);
$page = $this->getSession()->getPage();
$forms = $page->findAll('xpath', '//form[contains(@action, "Security/LoginForm")]');
}
// Try to find visible forms again on login page.
$visibleForm = null;
foreach($forms as $form) {
@ -155,18 +140,21 @@ class LoginContext extends BehatContext
}
assertNotNull($visibleForm, 'Could not find login form');
$emailField = $visibleForm->find('css', '[name=Email]');
$passwordField = $visibleForm->find('css', '[name=Password]');
$submitButton = $visibleForm->find('css', '[type=submit]');
$securityID = $visibleForm->find('css', '[name=SecurityID]');
assertNotNull($emailField, 'Email field on login form not found');
assertNotNull($passwordField, 'Password field on login form not found');
assertNotNull($submitButton, 'Submit button on login form not found');
// @todo Once CSRF is mandatory, uncomment this
// assertNotNull($securityID, 'CSRF token not found');
$emailField->setValue($email);
$passwordField->setValue($password);
$submitButton->press();
$submitButton->press();
}
/**

View File

@ -4,6 +4,9 @@ namespace SilverStripe\BehatExtension\Tests;
use SilverStripe\BehatExtension\Context\SilverStripeContext,
Behat\Mink\Mink;
require_once 'PHPUnit/Autoload.php';
require_once 'PHPUnit/Framework/TestCase.php';
class SilverStripeContextTest extends \PHPUnit_Framework_TestCase {
/**
@ -78,4 +81,4 @@ class SilverStripeContextTest extends \PHPUnit_Framework_TestCase {
->disableOriginalConstructor()
->getMock();
}
}
}