1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
|
<?php
namespace Aura\Session;
/**
* @runTestsInSeparateProcesses
*/
class CsrfTokenTest extends \PHPUnit_Framework_TestCase
{
protected $session;
protected $csrf_token;
protected $name = __CLASS__;
protected $phpfunc;
protected function setUp()
{
$this->phpfunc = new FakePhpfunc;
$this->session = new Session(
new SegmentFactory,
new CsrfTokenFactory(new Randval($this->phpfunc)),
$this->phpfunc,
$_COOKIE
);
}
public function teardown()
{
session_unset();
if (session_id() !== '') {
session_destroy();
}
}
public function testLaziness()
{
$this->assertFalse($this->session->isStarted());
$token = $this->session->getCsrfToken();
$this->assertTrue($this->session->isStarted());
}
public function testGetAndRegenerateValue()
{
$token = $this->session->getCsrfToken();
$old = $token->getValue();
$this->assertTrue($old != '');
// with openssl
$this->phpfunc->extensions = array('openssl');
$token->regenerateValue();
$openssl = $token->getValue();
$this->assertTrue($old != $openssl);
// with mcrypt
$this->phpfunc->extensions = array('mcrypt');
$token->regenerateValue();
$mcrypt = $token->getValue();
$this->assertTrue($old != $openssl && $old != $mcrypt);
// with nothing
$this->phpfunc->extensions = array();
$this->setExpectedException('Aura\Session\Exception');
$token->regenerateValue();
}
public function testIsValid()
{
$token = $this->session->getCsrfToken();
$value = $token->getValue();
$this->assertTrue($token->isValid($value));
$token->regenerateValue();
$this->assertFalse($token->isValid($value));
}
}
|