Merge pull request #114 from tractorcow/pulls/1.0/respect-csrf

API Respect CSRF on login form
This commit is contained in:
Ingo Schommer 2016-04-20 14:03:19 +12:00
commit 30f944c917
3 changed files with 33 additions and 24 deletions

18
.editorconfig Normal file
View File

@ -0,0 +1,18 @@
# For more information about the properties used in this file,
# please see the EditorConfig documentation:
# http://editorconfig.org
[*]
charset = utf-8
end_of_line = lf
indent_size = 4
indent_style = space
insert_final_newline = true
trim_trailing_whitespace = true
[{*.yml,package.json}]
indent_size = 2
# The indent size used in the package.json file cannot be changed:
# https://github.com/npm/npm/pull/3180#issuecomment-16336516

View File

@ -124,27 +124,12 @@ class LoginContext extends BehatContext
*/
public function stepILogInWith($email, $password)
{
$page = $this->getSession()->getPage();
$forms = $page->findAll('xpath', '//form[contains(@action, "Security/LoginForm")]');
assertNotNull($forms, 'Login form not found');
// Try to find visible forms on current page
// Allow multiple login forms (e.g. social login) by filering for "Email" field
$visibleForm = null;
foreach($forms as $form) {
if($form->isVisible() && $form->find('css', '[name=Email]')) {
$visibleForm = $form;
}
}
// If no login form, go to /security/login page
if(!$visibleForm) {
$c = $this->getMainContext();
$loginUrl = $c->joinUrlParts($c->getBaseUrl(), $c->getLoginUrl());
$this->getSession()->visit($loginUrl);
$page = $this->getSession()->getPage();
$forms = $page->findAll('xpath', '//form[contains(@action, "Security/LoginForm")]');
}
assertNotNull($forms, 'Login form not found');
// Try to find visible forms again on login page.
$visibleForm = null;
@ -159,10 +144,13 @@ class LoginContext extends BehatContext
$emailField = $visibleForm->find('css', '[name=Email]');
$passwordField = $visibleForm->find('css', '[name=Password]');
$submitButton = $visibleForm->find('css', '[type=submit]');
$securityID = $visibleForm->find('css', '[name=SecurityID]');
assertNotNull($emailField, 'Email field on login form not found');
assertNotNull($passwordField, 'Password field on login form not found');
assertNotNull($submitButton, 'Submit button on login form not found');
// @todo Once CSRF is mandatory, uncomment this
// assertNotNull($securityID, 'CSRF token not found');
$emailField->setValue($email);
$passwordField->setValue($password);

View File

@ -4,6 +4,9 @@ namespace SilverStripe\BehatExtension\Tests;
use SilverStripe\BehatExtension\Context\SilverStripeContext,
Behat\Mink\Mink;
require_once 'PHPUnit/Autoload.php';
require_once 'PHPUnit/Framework/TestCase.php';
class SilverStripeContextTest extends \PHPUnit_Framework_TestCase {
/**