Skip to content

Commit

Permalink
add tests
Browse files Browse the repository at this point in the history
  • Loading branch information
@datlechin
datlechin committed Jan 4, 2025
1 parent fa35799 commit 246c279
Showing 1 changed file with 44 additions and 0 deletions.
44 changes: 44 additions & 0 deletions tests/system/Security/SecurityTest.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@
use Config\Security as SecurityConfig;
use PHPUnit\Framework\Attributes\BackupGlobals;
use PHPUnit\Framework\Attributes\Group;
use ReflectionClass;

/**
* @internal
Expand All @@ -49,6 +50,16 @@ private function createMockSecurity(?SecurityConfig $config = null): MockSecurit
return new MockSecurity($config);
}

private function getPostedTokenMethod(): \ReflectionMethod
{
$reflection = new ReflectionClass(Security::class);
$method = $reflection->getMethod('getPostedToken');

$method->setAccessible(true);

return $method;
}

public function testBasicConfigIsSaved(): void
{
$security = $this->createMockSecurity();
Expand Down Expand Up @@ -315,4 +326,37 @@ public function testGetters(): void
$this->assertIsString($security->getCookieName());
$this->assertIsBool($security->shouldRedirect());
}

public function testGetPostedTokenReturnsTokenWhenValid(): void
{
$method = $this->getPostedTokenMethod();
$security = $this->createMockSecurity();

$_POST['csrf_test_name'] = '8b9218a55906f9dcc1dc263dce7f005a';
$request = $this->createIncomingRequest();

$this->assertSame('8b9218a55906f9dcc1dc263dce7f005a', $method->invoke($security, $request));
}

public function testGetPostedTokenReturnsNullWhenEmpty(): void
{
$method = $this->getPostedTokenMethod();
$security = $this->createMockSecurity();

$_POST = [];
$request = $this->createIncomingRequest();

$this->assertNull($method->invoke($security, $request));
}

public function testGetPostedTokenReturnsNullWhenMaliciousData(): void
{
$method = $this->getPostedTokenMethod();
$security = $this->createMockSecurity();

$_POST['csrf_test_name'] = ['malicious' => 'data'];
$request = $this->createIncomingRequest();

$this->assertNull($method->invoke($security, $request));
}
}

0 comments on commit 246c279

Please sign in to comment.