mirror of
https://github.com/silverstripe/silverstripe-behat-extension
synced 2024-10-22 15:05:32 +00:00
API Respect CSRF on login form
This commit is contained in:
parent
4297f56352
commit
d6016d4b7a
18
.editorconfig
Normal file
18
.editorconfig
Normal file
@ -0,0 +1,18 @@
|
||||
# For more information about the properties used in this file,
|
||||
# please see the EditorConfig documentation:
|
||||
# http://editorconfig.org
|
||||
|
||||
[*]
|
||||
charset = utf-8
|
||||
end_of_line = lf
|
||||
indent_size = 4
|
||||
indent_style = space
|
||||
insert_final_newline = true
|
||||
trim_trailing_whitespace = true
|
||||
|
||||
[{*.yml,package.json}]
|
||||
indent_size = 2
|
||||
|
||||
# The indent size used in the package.json file cannot be changed:
|
||||
# https://github.com/npm/npm/pull/3180#issuecomment-16336516
|
||||
|
@ -68,7 +68,7 @@ class LoginContext extends BehatContext
|
||||
/**
|
||||
* Creates a member in a group with the correct permissions.
|
||||
* Example: Given I am logged in with "ADMIN" permissions
|
||||
*
|
||||
*
|
||||
* @Given /^I am logged in with "([^"]*)" permissions$/
|
||||
*/
|
||||
function iAmLoggedInWithPermissions($permCode)
|
||||
@ -78,7 +78,7 @@ class LoginContext extends BehatContext
|
||||
if (!$group) {
|
||||
$group = \Injector::inst()->create('Group');
|
||||
}
|
||||
|
||||
|
||||
$group->Title = "$permCode group";
|
||||
$group->write();
|
||||
|
||||
@ -123,29 +123,14 @@ class LoginContext extends BehatContext
|
||||
* @When /^I log in with "(?<username>[^"]*)" and "(?<password>[^"]*)"$/
|
||||
*/
|
||||
public function stepILogInWith($email, $password)
|
||||
{
|
||||
{
|
||||
$c = $this->getMainContext();
|
||||
$loginUrl = $c->joinUrlParts($c->getBaseUrl(), $c->getLoginUrl());
|
||||
$this->getSession()->visit($loginUrl);
|
||||
$page = $this->getSession()->getPage();
|
||||
$forms = $page->findAll('xpath', '//form[contains(@action, "Security/LoginForm")]');
|
||||
assertNotNull($forms, 'Login form not found');
|
||||
|
||||
// Try to find visible forms on current page
|
||||
// Allow multiple login forms (e.g. social login) by filering for "Email" field
|
||||
$visibleForm = null;
|
||||
foreach($forms as $form) {
|
||||
if($form->isVisible() && $form->find('css', '[name=Email]')) {
|
||||
$visibleForm = $form;
|
||||
}
|
||||
}
|
||||
|
||||
// If no login form, go to /security/login page
|
||||
if(!$visibleForm) {
|
||||
$c = $this->getMainContext();
|
||||
$loginUrl = $c->joinUrlParts($c->getBaseUrl(), $c->getLoginUrl());
|
||||
$this->getSession()->visit($loginUrl);
|
||||
$page = $this->getSession()->getPage();
|
||||
$forms = $page->findAll('xpath', '//form[contains(@action, "Security/LoginForm")]');
|
||||
}
|
||||
|
||||
// Try to find visible forms again on login page.
|
||||
$visibleForm = null;
|
||||
foreach($forms as $form) {
|
||||
@ -155,18 +140,21 @@ class LoginContext extends BehatContext
|
||||
}
|
||||
|
||||
assertNotNull($visibleForm, 'Could not find login form');
|
||||
|
||||
|
||||
$emailField = $visibleForm->find('css', '[name=Email]');
|
||||
$passwordField = $visibleForm->find('css', '[name=Password]');
|
||||
$submitButton = $visibleForm->find('css', '[type=submit]');
|
||||
$securityID = $visibleForm->find('css', '[name=SecurityID]');
|
||||
|
||||
assertNotNull($emailField, 'Email field on login form not found');
|
||||
assertNotNull($passwordField, 'Password field on login form not found');
|
||||
assertNotNull($submitButton, 'Submit button on login form not found');
|
||||
// @todo Once CSRF is mandatory, uncomment this
|
||||
// assertNotNull($securityID, 'CSRF token not found');
|
||||
|
||||
$emailField->setValue($email);
|
||||
$passwordField->setValue($password);
|
||||
$submitButton->press();
|
||||
$submitButton->press();
|
||||
}
|
||||
|
||||
/**
|
||||
|
Loading…
x
Reference in New Issue
Block a user