2010-12-05 09:41:38 +01:00
|
|
|
<?php
|
2016-06-23 01:37:22 +02:00
|
|
|
|
2016-10-14 03:30:05 +02:00
|
|
|
namespace SilverStripe\Security\Tests;
|
|
|
|
|
|
|
|
use SilverStripe\Forms\HiddenField;
|
2016-06-23 01:37:22 +02:00
|
|
|
use SilverStripe\Security\SecurityToken;
|
2016-08-19 00:51:35 +02:00
|
|
|
use SilverStripe\Dev\SapphireTest;
|
2016-09-09 08:43:05 +02:00
|
|
|
use SilverStripe\Control\HTTPRequest;
|
2016-08-19 00:51:35 +02:00
|
|
|
use SilverStripe\Forms\FieldList;
|
|
|
|
|
2010-12-05 09:22:57 +01:00
|
|
|
class SecurityTokenTest extends SapphireTest {
|
2014-08-15 08:53:05 +02:00
|
|
|
|
2012-09-19 12:07:39 +02:00
|
|
|
public function testIsEnabled() {
|
2010-12-05 09:22:57 +01:00
|
|
|
$inst1 = SecurityToken::inst();
|
|
|
|
$this->assertTrue($inst1->isEnabled());
|
2014-08-15 08:53:05 +02:00
|
|
|
|
2010-12-05 09:22:57 +01:00
|
|
|
SecurityToken::disable();
|
|
|
|
$inst2 = SecurityToken::inst();
|
|
|
|
$this->assertFalse($inst2->isEnabled());
|
2014-08-15 08:53:05 +02:00
|
|
|
|
2010-12-05 09:22:57 +01:00
|
|
|
SecurityToken::enable();
|
|
|
|
}
|
|
|
|
|
2012-09-19 12:07:39 +02:00
|
|
|
public function testEnableAndDisable() {
|
2010-12-05 09:22:57 +01:00
|
|
|
$inst = SecurityToken::inst();
|
|
|
|
$this->assertFalse($inst->check('randomvalue'));
|
|
|
|
|
|
|
|
SecurityToken::disable();
|
|
|
|
$inst = SecurityToken::inst();
|
|
|
|
$this->assertTrue($inst->check('randomvalue'));
|
2014-08-15 08:53:05 +02:00
|
|
|
|
2010-12-05 09:22:57 +01:00
|
|
|
SecurityToken::enable();
|
|
|
|
$inst = SecurityToken::inst();
|
|
|
|
$this->assertFalse($inst->check('randomvalue'));
|
|
|
|
}
|
2014-08-15 08:53:05 +02:00
|
|
|
|
2012-09-19 12:07:39 +02:00
|
|
|
public function testIsEnabledStatic() {
|
2010-12-05 09:22:57 +01:00
|
|
|
$this->assertTrue(SecurityToken::is_enabled());
|
|
|
|
|
|
|
|
SecurityToken::disable();
|
|
|
|
$this->assertFalse(SecurityToken::is_enabled());
|
2014-08-15 08:53:05 +02:00
|
|
|
|
2010-12-05 09:22:57 +01:00
|
|
|
SecurityToken::enable();
|
|
|
|
$this->assertTrue(SecurityToken::is_enabled());
|
|
|
|
}
|
|
|
|
|
2012-09-19 12:07:39 +02:00
|
|
|
public function testInst() {
|
2010-12-05 09:22:57 +01:00
|
|
|
$inst1 = SecurityToken::inst();
|
2016-06-23 01:37:22 +02:00
|
|
|
$this->assertInstanceOf('SilverStripe\\Security\\SecurityToken', $inst1);
|
2010-12-05 09:22:57 +01:00
|
|
|
}
|
2014-08-15 08:53:05 +02:00
|
|
|
|
2012-09-19 12:07:39 +02:00
|
|
|
public function testInstReturnsSingleton() {
|
2010-12-05 09:22:57 +01:00
|
|
|
$inst1 = SecurityToken::inst();
|
|
|
|
$inst2 = SecurityToken::inst();
|
|
|
|
$this->assertEquals($inst1, $inst2);
|
|
|
|
}
|
|
|
|
|
2012-09-19 12:07:39 +02:00
|
|
|
public function testCheck() {
|
2010-12-05 09:22:57 +01:00
|
|
|
$t = new SecurityToken();
|
|
|
|
|
|
|
|
$t->setValue(null);
|
|
|
|
$this->assertFalse($t->check('invalidtoken'), 'Any token is invalid if no token is stored');
|
|
|
|
|
|
|
|
$t->setValue(null);
|
|
|
|
$this->assertFalse($t->check(null), 'NULL token is invalid if no token is stored');
|
2014-08-15 08:53:05 +02:00
|
|
|
|
2010-12-05 09:22:57 +01:00
|
|
|
$t->setValue('mytoken');
|
|
|
|
$this->assertFalse($t->check('invalidtoken'), 'Invalid token returns false');
|
2014-08-15 08:53:05 +02:00
|
|
|
|
2010-12-05 09:22:57 +01:00
|
|
|
$t->setValue('mytoken');
|
|
|
|
$this->assertTrue($t->check('mytoken'), 'Valid token returns true');
|
|
|
|
}
|
2012-07-01 10:53:58 +02:00
|
|
|
|
2012-09-19 12:07:39 +02:00
|
|
|
public function testReset() {
|
2012-07-01 10:53:58 +02:00
|
|
|
$t = new SecurityToken();
|
|
|
|
$initialValue = $t->getValue();
|
2014-08-15 08:53:05 +02:00
|
|
|
$t->reset();
|
2012-07-01 10:53:58 +02:00
|
|
|
|
|
|
|
$this->assertNotEquals($t->getValue(), $initialValue);
|
|
|
|
}
|
2014-08-15 08:53:05 +02:00
|
|
|
|
2012-09-19 12:07:39 +02:00
|
|
|
public function testCheckRequest() {
|
2010-12-05 09:22:57 +01:00
|
|
|
$t = new SecurityToken();
|
|
|
|
$n = $t->getName();
|
|
|
|
|
|
|
|
$t->setValue(null);
|
2016-09-09 08:43:05 +02:00
|
|
|
$r = new HTTPRequest('GET', 'dummy', array($n => 'invalidtoken'));
|
2010-12-05 09:22:57 +01:00
|
|
|
$this->assertFalse($t->checkRequest($r), 'Any token is invalid if no token is stored');
|
|
|
|
|
|
|
|
$t->setValue(null);
|
2016-09-09 08:43:05 +02:00
|
|
|
$r = new HTTPRequest('GET', 'dummy', array($n => null));
|
2010-12-05 09:22:57 +01:00
|
|
|
$this->assertFalse($t->checkRequest($r), 'NULL token is invalid if no token is stored');
|
2014-08-15 08:53:05 +02:00
|
|
|
|
2010-12-05 09:22:57 +01:00
|
|
|
$t->setValue('mytoken');
|
2016-09-09 08:43:05 +02:00
|
|
|
$r = new HTTPRequest('GET', 'dummy', array($n => 'invalidtoken'));
|
2010-12-05 09:22:57 +01:00
|
|
|
$this->assertFalse($t->checkRequest($r), 'Invalid token returns false');
|
2014-08-15 08:53:05 +02:00
|
|
|
|
2010-12-05 09:22:57 +01:00
|
|
|
$t->setValue('mytoken');
|
2016-09-09 08:43:05 +02:00
|
|
|
$r = new HTTPRequest('GET', 'dummy', array($n => 'mytoken'));
|
2010-12-05 09:22:57 +01:00
|
|
|
$this->assertTrue($t->checkRequest($r), 'Valid token returns true');
|
2016-05-09 06:00:43 +02:00
|
|
|
|
|
|
|
$t->setValue('mytoken');
|
2016-09-09 08:43:05 +02:00
|
|
|
$r = new HTTPRequest('GET', 'dummy');
|
2016-05-09 06:00:43 +02:00
|
|
|
$r->addHeader('X-Securityid', 'mytoken');
|
|
|
|
$this->assertTrue($t->checkRequest($r), 'Valid token returns true');
|
|
|
|
|
|
|
|
$t->setValue('mytoken');
|
2016-09-09 08:43:05 +02:00
|
|
|
$r = new HTTPRequest('GET', 'dummy');
|
2016-05-09 06:00:43 +02:00
|
|
|
$r->addHeader('X-Securityid', 'wrongtoken');
|
|
|
|
$this->assertFalse($t->checkRequest($r), 'Valid token returns true');
|
2010-12-05 09:22:57 +01:00
|
|
|
}
|
2014-08-15 08:53:05 +02:00
|
|
|
|
2012-09-19 12:07:39 +02:00
|
|
|
public function testAddToUrl() {
|
2010-12-05 09:22:57 +01:00
|
|
|
$t = new SecurityToken();
|
|
|
|
|
|
|
|
$url = 'http://absolute.tld/action/';
|
|
|
|
$this->assertEquals(
|
2014-08-15 08:53:05 +02:00
|
|
|
sprintf('%s?%s=%s', $url, $t->getName(), $t->getValue()),
|
2010-12-05 09:22:57 +01:00
|
|
|
$t->addToUrl($url),
|
|
|
|
'Urls without existing GET parameters'
|
|
|
|
);
|
2014-08-15 08:53:05 +02:00
|
|
|
|
2010-12-05 09:22:57 +01:00
|
|
|
$url = 'http://absolute.tld/?getparam=1';
|
|
|
|
$this->assertEquals(
|
2014-08-15 08:53:05 +02:00
|
|
|
sprintf('%s&%s=%s', $url, $t->getName(), $t->getValue()),
|
2010-12-05 09:22:57 +01:00
|
|
|
$t->addToUrl($url),
|
|
|
|
'Urls with existing GET parameters'
|
|
|
|
);
|
|
|
|
}
|
2014-08-15 08:53:05 +02:00
|
|
|
|
2012-09-19 12:07:39 +02:00
|
|
|
public function testUpdateFieldSet() {
|
2011-05-11 09:51:54 +02:00
|
|
|
$fs = new FieldList();
|
2014-08-15 08:53:05 +02:00
|
|
|
$t = new SecurityToken();
|
2010-12-05 09:22:57 +01:00
|
|
|
$t->updateFieldSet($fs);
|
|
|
|
$f = $fs->dataFieldByName($t->getName());
|
2014-08-15 08:53:05 +02:00
|
|
|
|
2016-10-14 03:30:05 +02:00
|
|
|
$this->assertInstanceOf(HiddenField::class, $f);
|
2011-10-29 06:01:52 +02:00
|
|
|
$this->assertEquals($f->getName(), $t->getName(), 'Name matches');
|
2010-12-05 09:22:57 +01:00
|
|
|
$this->assertEquals($f->Value(), $t->getValue(), 'Value matches');
|
|
|
|
}
|
2014-08-15 08:53:05 +02:00
|
|
|
|
2012-09-19 12:07:39 +02:00
|
|
|
public function testUpdateFieldSetDoesntAddTwice() {
|
2011-05-11 09:51:54 +02:00
|
|
|
$fs = new FieldList();
|
2014-08-15 08:53:05 +02:00
|
|
|
$t = new SecurityToken();
|
2010-12-05 09:22:57 +01:00
|
|
|
$t->updateFieldSet($fs); // first
|
|
|
|
$t->updateFieldSet($fs); // second
|
|
|
|
$f = $fs->dataFieldByName($t->getName());
|
2014-08-15 08:53:05 +02:00
|
|
|
|
2016-10-14 03:30:05 +02:00
|
|
|
$this->assertInstanceOf(HiddenField::class, $f);
|
|
|
|
$this->assertEquals(1, $fs->count());
|
2010-12-05 09:22:57 +01:00
|
|
|
}
|
2014-08-15 08:53:05 +02:00
|
|
|
|
2012-09-19 12:07:39 +02:00
|
|
|
public function testUnnamedTokensCarrySameValue() {
|
2010-12-05 09:22:57 +01:00
|
|
|
$t1 = new SecurityToken();
|
|
|
|
$t2 = new SecurityToken();
|
2014-08-15 08:53:05 +02:00
|
|
|
|
2010-12-05 09:22:57 +01:00
|
|
|
$this->assertEquals($t1->getName(), $t2->getName());
|
|
|
|
$this->assertEquals($t1->getValue(), $t2->getValue());
|
|
|
|
}
|
2014-08-15 08:53:05 +02:00
|
|
|
|
2012-09-19 12:07:39 +02:00
|
|
|
public function testNamedTokensCarryDifferentValues() {
|
2010-12-05 09:22:57 +01:00
|
|
|
$t1 = new SecurityToken('one');
|
|
|
|
$t2 = new SecurityToken('two');
|
2014-08-15 08:53:05 +02:00
|
|
|
|
2010-12-05 09:22:57 +01:00
|
|
|
$this->assertNotEquals($t1->getName(), $t2->getName());
|
|
|
|
$this->assertNotEquals($t1->getValue(), $t2->getValue());
|
|
|
|
}
|
2012-03-24 04:04:52 +01:00
|
|
|
}
|