Merge pull request #114 from tractorcow/pulls/1.0/respect-csrf

API Respect CSRF on login form
2016-04-20 14:03:19 +12:00 · 2016-04-20 14:03:19 +12:00 · 30f944c917
parent 4297f56352 207984e7af
commit 30f944c917
3 changed files with 33 additions and 24 deletions
--- a/.editorconfig
+++ b/.editorconfig
@ -0,0 +1,18 @@
+# For more information about the properties used in this file,
+# please see the EditorConfig documentation:
+# http://editorconfig.org
+
+[*]
+charset = utf-8
+end_of_line = lf
+indent_size = 4
+indent_style = space
+insert_final_newline = true
+trim_trailing_whitespace = true
+
+[{*.yml,package.json}]
+indent_size = 2
+
+# The indent size used in the package.json file cannot be changed:
+# https://github.com/npm/npm/pull/3180#issuecomment-16336516
+
--- a/src/SilverStripe/BehatExtension/Context/LoginContext.php
+++ b/src/SilverStripe/BehatExtension/Context/LoginContext.php
@ -124,28 +124,13 @@ class LoginContext extends BehatContext
     */
    public function stepILogInWith($email, $password)
    {
+        $c = $this->getMainContext();
+        $loginUrl = $c->joinUrlParts($c->getBaseUrl(), $c->getLoginUrl());
+        $this->getSession()->visit($loginUrl);
        $page = $this->getSession()->getPage();
        $forms = $page->findAll('xpath', '//form[contains(@action, "Security/LoginForm")]');
        assertNotNull($forms, 'Login form not found');

-        // Try to find visible forms on current page
-        // Allow multiple login forms (e.g. social login) by filering for "Email" field
-        $visibleForm = null;
-        foreach($forms as $form) {
-            if($form->isVisible() && $form->find('css', '[name=Email]')) {
-                $visibleForm = $form;
-            }
-        }
-    
-        // If no login form, go to /security/login page
-        if(!$visibleForm) {
-            $c = $this->getMainContext();
-            $loginUrl = $c->joinUrlParts($c->getBaseUrl(), $c->getLoginUrl());
-            $this->getSession()->visit($loginUrl);
-            $page = $this->getSession()->getPage();
-            $forms = $page->findAll('xpath', '//form[contains(@action, "Security/LoginForm")]');
-        }
-
        // Try to find visible forms again on login page.
        $visibleForm = null;
        foreach($forms as $form) {
@ -159,10 +144,13 @@ class LoginContext extends BehatContext
        $emailField = $visibleForm->find('css', '[name=Email]');
        $passwordField = $visibleForm->find('css', '[name=Password]');
        $submitButton = $visibleForm->find('css', '[type=submit]');
+        $securityID = $visibleForm->find('css', '[name=SecurityID]');

        assertNotNull($emailField, 'Email field on login form not found');
        assertNotNull($passwordField, 'Password field on login form not found');
        assertNotNull($submitButton, 'Submit button on login form not found');
+        // @todo Once CSRF is mandatory, uncomment this
+        // assertNotNull($securityID, 'CSRF token not found');

        $emailField->setValue($email);
        $passwordField->setValue($password);
--- a/tests/Context/SilverStripeContextTest.php
+++ b/tests/Context/SilverStripeContextTest.php
@ -4,6 +4,9 @@ namespace SilverStripe\BehatExtension\Tests;
 use SilverStripe\BehatExtension\Context\SilverStripeContext,
 	Behat\Mink\Mink;

+require_once 'PHPUnit/Autoload.php';
+require_once 'PHPUnit/Framework/TestCase.php';
+
 class SilverStripeContextTest extends \PHPUnit_Framework_TestCase {

 	/**