Skip to content

Commit 246c279

Browse files
datlechindatlechin
committed
add tests
1 parent fa35799 commit 246c279

File tree

1 file changed

+44
-0
lines changed

1 file changed

+44
-0
lines changed

tests/system/Security/SecurityTest.php

+44
Original file line numberDiff line numberDiff line change
@@ -25,6 +25,7 @@
2525
use Config\Security as SecurityConfig;
2626
use PHPUnit\Framework\Attributes\BackupGlobals;
2727
use PHPUnit\Framework\Attributes\Group;
28+
use ReflectionClass;
2829

2930
/**
3031
* @internal
@@ -49,6 +50,16 @@ private function createMockSecurity(?SecurityConfig $config = null): MockSecurit
4950
return new MockSecurity($config);
5051
}
5152

53+
private function getPostedTokenMethod(): \ReflectionMethod
54+
{
55+
$reflection = new ReflectionClass(Security::class);
56+
$method = $reflection->getMethod('getPostedToken');
57+
58+
$method->setAccessible(true);
59+
60+
return $method;
61+
}
62+
5263
public function testBasicConfigIsSaved(): void
5364
{
5465
$security = $this->createMockSecurity();
@@ -315,4 +326,37 @@ public function testGetters(): void
315326
$this->assertIsString($security->getCookieName());
316327
$this->assertIsBool($security->shouldRedirect());
317328
}
329+
330+
public function testGetPostedTokenReturnsTokenWhenValid(): void
331+
{
332+
$method = $this->getPostedTokenMethod();
333+
$security = $this->createMockSecurity();
334+
335+
$_POST['csrf_test_name'] = '8b9218a55906f9dcc1dc263dce7f005a';
336+
$request = $this->createIncomingRequest();
337+
338+
$this->assertSame('8b9218a55906f9dcc1dc263dce7f005a', $method->invoke($security, $request));
339+
}
340+
341+
public function testGetPostedTokenReturnsNullWhenEmpty(): void
342+
{
343+
$method = $this->getPostedTokenMethod();
344+
$security = $this->createMockSecurity();
345+
346+
$_POST = [];
347+
$request = $this->createIncomingRequest();
348+
349+
$this->assertNull($method->invoke($security, $request));
350+
}
351+
352+
public function testGetPostedTokenReturnsNullWhenMaliciousData(): void
353+
{
354+
$method = $this->getPostedTokenMethod();
355+
$security = $this->createMockSecurity();
356+
357+
$_POST['csrf_test_name'] = ['malicious' => 'data'];
358+
$request = $this->createIncomingRequest();
359+
360+
$this->assertNull($method->invoke($security, $request));
361+
}
318362
}

0 commit comments

Comments
 (0)