fix: ensure csrf token is string

codeigniter4 · Jan 14, 2025 · 65c7240 · 65c7240
1 parent 3284730
commit 65c7240
Showing 1 changed file with 6 additions and 24 deletions.
diff --git a/tests/system/Security/SecurityTest.php b/tests/system/Security/SecurityTest.php
@@ -25,8 +25,6 @@
 use Config\Security as SecurityConfig;
 use PHPUnit\Framework\Attributes\BackupGlobals;
 use PHPUnit\Framework\Attributes\Group;
-use ReflectionClass;
-use ReflectionMethod;
 
 /**
  * @internal
@@ -51,16 +49,6 @@ private function createMockSecurity(?SecurityConfig $config = null): MockSecurit
         return new MockSecurity($config);
     }
 
-    private function getPostedTokenMethod(): ReflectionMethod
-    {
-        $reflection = new ReflectionClass(Security::class);
-        $method     = $reflection->getMethod('getPostedToken');
-
-        $method->setAccessible(true);
-
-        return $method;
-    }
-
     public function testBasicConfigIsSaved(): void
     {
         $security = $this->createMockSecurity();
@@ -330,34 +318,28 @@ public function testGetters(): void
 
     public function testGetPostedTokenReturnsTokenWhenValid(): void
     {
-        $method   = $this->getPostedTokenMethod();
-        $security = $this->createMockSecurity();
-
         $_POST['csrf_test_name'] = '8b9218a55906f9dcc1dc263dce7f005a';
         $request                 = $this->createIncomingRequest();
+        $method                  = $this->getPrivateMethodInvoker($this->createMockSecurity(), 'getPostedToken');
 
-        $this->assertSame('8b9218a55906f9dcc1dc263dce7f005a', $method->invoke($security, $request));
+        $this->assertSame('8b9218a55906f9dcc1dc263dce7f005a', $method($request));
     }
 
     public function testGetPostedTokenReturnsNullWhenEmpty(): void
     {
-        $method   = $this->getPostedTokenMethod();
-        $security = $this->createMockSecurity();
-
         $_POST   = [];
         $request = $this->createIncomingRequest();
+        $method  = $this->getPrivateMethodInvoker($this->createMockSecurity(), 'getPostedToken');
 
-        $this->assertNull($method->invoke($security, $request));
+        $this->assertNull($method($request));
     }
 
     public function testGetPostedTokenReturnsNullWhenMaliciousData(): void
     {
-        $method   = $this->getPostedTokenMethod();
-        $security = $this->createMockSecurity();
-
         $_POST['csrf_test_name'] = ['malicious' => 'data'];
         $request                 = $this->createIncomingRequest();
+        $method                  = $this->getPrivateMethodInvoker($this->createMockSecurity(), 'getPostedToken');
 
-        $this->assertNull($method->invoke($security, $request));
+        $this->assertNull($method($request));
     }
 }