Magento Extensions Rating 2024
Magento 2 Documentation  2.3
Documentation for Magento 2 CMS v2.3 (December 2018)
CsrfValidatorTest.php
Go to the documentation of this file.
1 <?php
7 declare(strict_types=1);
8 
9 namespace Magento\Framework\App\Request;
10 
11 use Magento\Framework\App\ActionInterface;
12 use Magento\Framework\App\CsrfAwareActionInterface;
13 use Magento\Framework\App\RequestInterface;
14 use Magento\Framework\Controller\Result\Redirect;
15 use Magento\Framework\Controller\Result\RedirectFactory;
16 use Magento\Framework\Data\Form\FormKey;
17 use Magento\Framework\Exception\NotFoundException;
18 use Magento\Framework\Phrase;
19 use PHPUnit\Framework\TestCase;
20 use Magento\TestFramework\Helper\Bootstrap;
21 use Magento\Framework\App\Request\Http as HttpRequest;
22 use Zend\Stdlib\Parameters;
23 use Magento\Framework\App\Response\Http as HttpResponse;
24 use Magento\Framework\App\Response\HttpFactory as HttpResponseFactory;
25 
29 class CsrfValidatorTest extends TestCase
30 {
31  private const AWARE_URL = 'test/1';
32 
33  private const AWARE_VALIDATION_PARAM = 'test_param';
34 
35  private const AWARE_MESSAGE = 'custom validation failed';
36 
40  private $mockUnawareAction;
41 
45  private $mockAwareAction;
46 
50  private $validator;
51 
55  private $request;
56 
60  private $formKey;
61 
65  private $httpResponseFactory;
66 
70  private function createUnawareAction(): ActionInterface
71  {
72  return new class implements ActionInterface {
76  public function execute()
77  {
78  throw new NotFoundException(new Phrase('Not implemented'));
79  }
80  };
81  }
82 
86  private function createAwareAction(): ActionInterface
87  {
88  $u = self::AWARE_URL;
89  $m = self::AWARE_MESSAGE;
90  $p = self::AWARE_VALIDATION_PARAM;
91 
92  return new class($u, $m, $p) implements CsrfAwareActionInterface {
96  private $url;
97 
101  private $message;
102 
106  private $param;
107 
113  public function __construct(
114  string $url,
115  string $message,
116  string $param
117  ) {
118  $this->url = $url;
119  $this->message = $message;
120  $this->param = $param;
121  }
122 
126  public function execute()
127  {
128  throw new NotFoundException(new Phrase('Not implemented'));
129  }
130 
134  public function createCsrfValidationException(
135  RequestInterface $request
136  ): ?InvalidRequestException {
138  $redirectFactory = Bootstrap::getObjectManager()
139  ->get(RedirectFactory::class);
140  $redirect = $redirectFactory->create();
141  $redirect->setUrl($this->url);
142 
143  return new InvalidRequestException(
144  $redirect,
145  [new Phrase($this->message)]
146  );
147  }
148 
152  public function validateForCsrf(RequestInterface $request): ?bool
153  {
154  return (bool)$request->getParam($this->param);
155  }
156  };
157  }
158 
162  protected function setUp()
163  {
164  $objectManager = Bootstrap::getObjectManager();
165  $this->request = $objectManager->get(HttpRequest::class);
166  $this->validator = $objectManager->get(CsrfValidator::class);
167  $this->mockUnawareAction = $this->createUnawareAction();
168  $this->mockAwareAction = $this->createAwareAction();
169  $this->formKey = $objectManager->get(FormKey::class);
170  $this->httpResponseFactory = $objectManager->get(
171  HttpResponseFactory::class
172  );
173  }
174 
178  public function testValidateInWrongArea()
179  {
180  $this->request->setMethod(HttpRequest::METHOD_POST);
181  $this->validator->validate(
182  $this->request,
183  $this->mockUnawareAction
184  );
185  }
186 
190  public function testValidateWithValidKey()
191  {
192  $this->request->setPost(
193  new Parameters(['form_key' => $this->formKey->getFormKey()])
194  );
195  $this->request->setMethod(HttpRequest::METHOD_POST);
196 
197  $this->validator->validate(
198  $this->request,
199  $this->mockUnawareAction
200  );
201  }
202 
207  public function testValidateWithInvalidKey()
208  {
209  $this->request->setPost(
210  new Parameters(['form_key' => $this->formKey->getFormKey() .'1'])
211  );
212  $this->request->setMethod(HttpRequest::METHOD_POST);
213 
214  $this->validator->validate(
215  $this->request,
216  $this->mockUnawareAction
217  );
218  }
219 
223  public function testValidateInvalidWithAwareAction()
224  {
225  $this->request->setMethod(HttpRequest::METHOD_POST);
226 
228  $caught = null;
229  try {
230  $this->validator->validate(
231  $this->request,
232  $this->mockAwareAction
233  );
234  } catch (InvalidRequestException $exception) {
235  $caught = $exception;
236  }
237 
238  $this->assertNotNull($caught);
239  $this->assertInstanceOf(Redirect::class, $caught->getReplaceResult());
241  $response = $this->httpResponseFactory->create();
242  $caught->getReplaceResult()->renderResult($response);
243  $this->assertContains(
244  self::AWARE_URL,
245  $response->getHeaders()->toString()
246  );
247  $this->assertCount(1, $caught->getMessages());
248  $this->assertEquals(
249  self::AWARE_MESSAGE,
250  $caught->getMessages()[0]->getText()
251  );
252  }
253 
257  public function testValidateValidWithAwareAction()
258  {
259  $this->request->setMethod(HttpRequest::METHOD_POST);
260  $this->request->setPost(
261  new Parameters([self::AWARE_VALIDATION_PARAM => '1'])
262  );
263 
264  $this->validator->validate(
265  $this->request,
266  $this->mockAwareAction
267  );
268  }
269 }
$response
$response
Definition: 404.php:11
$url
$url
Definition: query_redirect.php:14
$objectManager
$objectManager
Definition: bootstrap.php:17
$message
$message
Definition: notifications.php:7
$request
$request
Definition: quote_with_configurable_product_last_variation.php:22