2013-08-19 01:35:34 +02:00
|
|
|
<?php
|
|
|
|
|
2016-12-16 05:34:21 +01:00
|
|
|
namespace SilverStripe\Core\Tests\Startup;
|
|
|
|
|
2017-06-22 12:50:45 +02:00
|
|
|
use SilverStripe\Control\Controller;
|
|
|
|
use SilverStripe\Control\HTTPRequest;
|
|
|
|
use SilverStripe\Control\Session;
|
2016-08-19 00:51:35 +02:00
|
|
|
use SilverStripe\Core\Startup\ParameterConfirmationToken;
|
2016-12-16 05:34:21 +01:00
|
|
|
use SilverStripe\Core\Tests\Startup\ParameterConfirmationTokenTest\ParameterConfirmationTokenTest_Token;
|
|
|
|
use SilverStripe\Core\Tests\Startup\ParameterConfirmationTokenTest\ParameterConfirmationTokenTest_ValidToken;
|
2016-08-19 00:51:35 +02:00
|
|
|
use SilverStripe\Dev\SapphireTest;
|
|
|
|
|
2016-12-16 05:34:21 +01:00
|
|
|
class ParameterConfirmationTokenTest extends SapphireTest
|
|
|
|
{
|
2017-06-22 12:50:45 +02:00
|
|
|
/**
|
|
|
|
* @var HTTPRequest
|
|
|
|
*/
|
|
|
|
protected $request = null;
|
2016-12-16 05:34:21 +01:00
|
|
|
|
2017-03-24 04:00:54 +01:00
|
|
|
protected function setUp()
|
2016-12-16 05:34:21 +01:00
|
|
|
{
|
|
|
|
parent::setUp();
|
2018-04-09 01:06:05 +02:00
|
|
|
$_GET = [];
|
|
|
|
$_GET['parameterconfirmationtokentest_notoken'] = 'value';
|
|
|
|
$_GET['parameterconfirmationtokentest_empty'] = '';
|
|
|
|
$_GET['parameterconfirmationtokentest_withtoken'] = '1';
|
|
|
|
$_GET['parameterconfirmationtokentest_withtokentoken'] = 'dummy';
|
|
|
|
$_GET['parameterconfirmationtokentest_nulltoken'] = '1';
|
|
|
|
$_GET['parameterconfirmationtokentest_nulltokentoken'] = null;
|
|
|
|
$_GET['parameterconfirmationtokentest_emptytoken'] = '1';
|
|
|
|
$_GET['parameterconfirmationtokentest_emptytokentoken'] = '';
|
|
|
|
$_GET['BackURL'] = 'page?parameterconfirmationtokentest_backtoken=1';
|
|
|
|
$this->request = new HTTPRequest('GET', 'anotherpage', $_GET);
|
2017-06-22 12:50:45 +02:00
|
|
|
$this->request->setSession(new Session([]));
|
2016-12-16 05:34:21 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
public function testParameterDetectsParameters()
|
|
|
|
{
|
2017-06-22 12:50:45 +02:00
|
|
|
$withoutToken = new ParameterConfirmationTokenTest_Token('parameterconfirmationtokentest_notoken', $this->request);
|
|
|
|
$emptyParameter = new ParameterConfirmationTokenTest_Token('parameterconfirmationtokentest_empty', $this->request);
|
|
|
|
$withToken = new ParameterConfirmationTokenTest_ValidToken('parameterconfirmationtokentest_withtoken', $this->request);
|
|
|
|
$withoutParameter = new ParameterConfirmationTokenTest_Token('parameterconfirmationtokentest_noparam', $this->request);
|
|
|
|
$nullToken = new ParameterConfirmationTokenTest_Token('parameterconfirmationtokentest_nulltoken', $this->request);
|
|
|
|
$emptyToken = new ParameterConfirmationTokenTest_Token('parameterconfirmationtokentest_emptytoken', $this->request);
|
2017-08-23 01:58:57 +02:00
|
|
|
$backToken = new ParameterConfirmationTokenTest_Token('parameterconfirmationtokentest_backtoken', $this->request);
|
2016-12-16 05:34:21 +01:00
|
|
|
|
|
|
|
// Check parameter
|
|
|
|
$this->assertTrue($withoutToken->parameterProvided());
|
|
|
|
$this->assertTrue($emptyParameter->parameterProvided()); // even if empty, it's still provided
|
|
|
|
$this->assertTrue($withToken->parameterProvided());
|
|
|
|
$this->assertFalse($withoutParameter->parameterProvided());
|
|
|
|
$this->assertTrue($nullToken->parameterProvided());
|
|
|
|
$this->assertTrue($emptyToken->parameterProvided());
|
2017-08-23 01:58:57 +02:00
|
|
|
$this->assertFalse($backToken->parameterProvided());
|
|
|
|
|
|
|
|
// Check backurl
|
|
|
|
$this->assertFalse($withoutToken->existsInReferer());
|
|
|
|
$this->assertFalse($emptyParameter->existsInReferer()); // even if empty, it's still provided
|
|
|
|
$this->assertFalse($withToken->existsInReferer());
|
|
|
|
$this->assertFalse($withoutParameter->existsInReferer());
|
|
|
|
$this->assertFalse($nullToken->existsInReferer());
|
|
|
|
$this->assertFalse($emptyToken->existsInReferer());
|
|
|
|
$this->assertTrue($backToken->existsInReferer());
|
2016-12-16 05:34:21 +01:00
|
|
|
|
|
|
|
// Check token
|
|
|
|
$this->assertFalse($withoutToken->tokenProvided());
|
|
|
|
$this->assertFalse($emptyParameter->tokenProvided());
|
|
|
|
$this->assertTrue($withToken->tokenProvided()); // Actually forced to true for this test
|
|
|
|
$this->assertFalse($withoutParameter->tokenProvided());
|
|
|
|
$this->assertFalse($nullToken->tokenProvided());
|
|
|
|
$this->assertFalse($emptyToken->tokenProvided());
|
2017-08-23 01:58:57 +02:00
|
|
|
$this->assertFalse($backToken->tokenProvided());
|
2016-12-16 05:34:21 +01:00
|
|
|
|
|
|
|
// Check if reload is required
|
|
|
|
$this->assertTrue($withoutToken->reloadRequired());
|
|
|
|
$this->assertTrue($emptyParameter->reloadRequired());
|
|
|
|
$this->assertFalse($withToken->reloadRequired());
|
|
|
|
$this->assertFalse($withoutParameter->reloadRequired());
|
|
|
|
$this->assertTrue($nullToken->reloadRequired());
|
|
|
|
$this->assertTrue($emptyToken->reloadRequired());
|
2017-08-23 01:58:57 +02:00
|
|
|
$this->assertFalse($backToken->reloadRequired());
|
|
|
|
|
|
|
|
// Check if a reload is required in case of error
|
|
|
|
$this->assertTrue($withoutToken->reloadRequiredIfError());
|
|
|
|
$this->assertTrue($emptyParameter->reloadRequiredIfError());
|
|
|
|
$this->assertFalse($withToken->reloadRequiredIfError());
|
|
|
|
$this->assertFalse($withoutParameter->reloadRequiredIfError());
|
|
|
|
$this->assertTrue($nullToken->reloadRequiredIfError());
|
|
|
|
$this->assertTrue($emptyToken->reloadRequiredIfError());
|
|
|
|
$this->assertTrue($backToken->reloadRequiredIfError());
|
|
|
|
|
|
|
|
// Check redirect url
|
|
|
|
$home = (BASE_URL ?: '/') . '?';
|
2018-01-16 19:39:30 +01:00
|
|
|
$current = Controller::join_links(BASE_URL, '/', 'anotherpage') . '?';
|
2017-08-23 01:58:57 +02:00
|
|
|
$this->assertStringStartsWith($current, $withoutToken->redirectURL());
|
|
|
|
$this->assertStringStartsWith($current, $emptyParameter->redirectURL());
|
|
|
|
$this->assertStringStartsWith($current, $nullToken->redirectURL());
|
|
|
|
$this->assertStringStartsWith($current, $emptyToken->redirectURL());
|
|
|
|
$this->assertStringStartsWith($home, $backToken->redirectURL());
|
2016-12-16 05:34:21 +01:00
|
|
|
|
|
|
|
// Check suppression
|
2017-06-22 12:50:45 +02:00
|
|
|
$this->assertEquals('value', $this->request->getVar('parameterconfirmationtokentest_notoken'));
|
2016-12-16 05:34:21 +01:00
|
|
|
$withoutToken->suppress();
|
2017-06-22 12:50:45 +02:00
|
|
|
$this->assertNull($this->request->getVar('parameterconfirmationtokentest_notoken'));
|
2016-12-16 05:34:21 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
public function testPrepareTokens()
|
|
|
|
{
|
|
|
|
// Test priority ordering
|
|
|
|
$token = ParameterConfirmationToken::prepare_tokens(
|
2017-06-22 12:50:45 +02:00
|
|
|
[
|
|
|
|
'parameterconfirmationtokentest_notoken',
|
|
|
|
'parameterconfirmationtokentest_empty',
|
|
|
|
'parameterconfirmationtokentest_noparam'
|
|
|
|
],
|
|
|
|
$this->request
|
2016-12-16 05:34:21 +01:00
|
|
|
);
|
|
|
|
// Test no invalid tokens
|
|
|
|
$this->assertEquals('parameterconfirmationtokentest_empty', $token->getName());
|
|
|
|
$token = ParameterConfirmationToken::prepare_tokens(
|
2017-06-22 12:50:45 +02:00
|
|
|
[ 'parameterconfirmationtokentest_noparam' ],
|
|
|
|
$this->request
|
2016-12-16 05:34:21 +01:00
|
|
|
);
|
|
|
|
$this->assertEmpty($token);
|
2017-08-23 01:58:57 +02:00
|
|
|
|
|
|
|
// Test backurl token
|
|
|
|
$token = ParameterConfirmationToken::prepare_tokens(
|
|
|
|
[ 'parameterconfirmationtokentest_backtoken' ],
|
|
|
|
$this->request
|
|
|
|
);
|
|
|
|
$this->assertEquals('parameterconfirmationtokentest_backtoken', $token->getName());
|
2018-04-09 01:06:05 +02:00
|
|
|
|
|
|
|
// Test prepare_tokens() unsets $_GET vars
|
|
|
|
$this->assertArrayNotHasKey('parameterconfirmationtokentest_notoken', $_GET);
|
|
|
|
$this->assertArrayNotHasKey('parameterconfirmationtokentest_empty', $_GET);
|
|
|
|
$this->assertArrayNotHasKey('parameterconfirmationtokentest_noparam', $_GET);
|
2017-08-23 01:58:57 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
public function dataProviderURLs()
|
|
|
|
{
|
|
|
|
return [
|
|
|
|
[''],
|
|
|
|
['/'],
|
|
|
|
['bar'],
|
|
|
|
['bar/'],
|
|
|
|
['/bar'],
|
|
|
|
['/bar/'],
|
|
|
|
];
|
2016-12-16 05:34:21 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
2018-08-21 12:20:15 +02:00
|
|
|
* currentURL needs to handle base or url being missing, or any combination of slashes.
|
2016-12-16 05:34:21 +01:00
|
|
|
*
|
|
|
|
* There should always be exactly one slash between each part in the result, and any trailing slash
|
|
|
|
* should be preserved.
|
2017-08-23 01:58:57 +02:00
|
|
|
*
|
|
|
|
* @dataProvider dataProviderURLs
|
2016-12-16 05:34:21 +01:00
|
|
|
*/
|
2018-08-21 12:20:15 +02:00
|
|
|
public function testCurrentURLHandlesSlashes($url)
|
2016-12-16 05:34:21 +01:00
|
|
|
{
|
2017-08-23 01:58:57 +02:00
|
|
|
$this->request->setUrl($url);
|
|
|
|
|
2017-06-22 12:50:45 +02:00
|
|
|
$token = new ParameterConfirmationTokenTest_Token(
|
|
|
|
'parameterconfirmationtokentest_parameter',
|
|
|
|
$this->request
|
|
|
|
);
|
2017-08-23 01:58:57 +02:00
|
|
|
$expected = rtrim(Controller::join_links(BASE_URL, '/', $url), '/') ?: '/';
|
|
|
|
$this->assertEquals($expected, $token->currentURL(), "Invalid redirect for request url $url");
|
2016-12-16 05:34:21 +01:00
|
|
|
}
|
2016-01-06 00:34:58 +01:00
|
|
|
}
|