7 declare(strict_types=1);
25 use PHPUnit\Framework\TestCase;
30 use Zend\Stdlib\Parameters;
32 use Magento\Framework\App\Response\HttpFactory as HttpResponseFactory;
39 private const AWARE_VALIDATION_PARAM =
'test_param';
41 private const AWARE_LOCATION_VALUE =
'test1';
43 private const CSRF_AWARE_MESSAGE =
'csrf_aware';
48 private $mockUnawareAction;
53 private $mockAwareAction;
83 private $mockCsrfAwareAction;
88 private $httpResponseFactory;
99 public function execute()
111 $l = self::AWARE_LOCATION_VALUE;
112 $p = self::AWARE_VALIDATION_PARAM;
119 private $locationValue;
130 public function __construct(
131 string $locationValue,
137 $this->locationValue= $locationValue;
138 $this->param = $param;
144 public function execute()
152 public function _processUrlKeys()
154 if ($this->_request->getParam($this->param)) {
159 $response->setHeader(
'Location', $this->locationValue);
173 ->get(ResponseInterface::class);
174 $m = self::CSRF_AWARE_MESSAGE;
192 public function __construct(
203 public function execute()
211 public function createCsrfValidationException(
216 [
new Phrase($this->message)]
239 $this->mockUnawareAction = $this->createUnawareAction();
240 $this->mockAwareAction = $this->createAwareAction();
244 $this->mockCsrfAwareAction = $this->createCsrfAwareAction();
246 HttpResponseFactory::class
256 $this->request->setMethod(HttpRequest::METHOD_GET);
258 TestBootstrap::ADMIN_NAME,
259 TestBootstrap::ADMIN_PASSWORD
261 $this->request->setParams([
262 BackendUrl::SECRET_KEY_PARAM_NAME => $this->url->getSecretKey(),
265 $this->validator->validate(
267 $this->mockUnawareAction
279 $invalidKey = $this->url->getSecretKey() .
'Invalid';
280 $this->request->setParams([
281 BackendUrl::SECRET_KEY_PARAM_NAME => $invalidKey,
283 $this->request->setMethod(HttpRequest::METHOD_GET);
285 TestBootstrap::ADMIN_NAME,
286 TestBootstrap::ADMIN_PASSWORD
289 $this->validator->validate(
291 $this->mockUnawareAction
303 $this->request->setPost(
304 new Parameters([
'form_key' => $this->formKey->getFormKey() .
'1'])
306 $this->request->setMethod(HttpRequest::METHOD_POST);
308 $this->validator->validate(
310 $this->mockUnawareAction
318 public function testValidateInvalidWithAwareAction()
320 $this->request->setParams([self::AWARE_VALIDATION_PARAM =>
'']);
325 $this->validator->validate(
327 $this->mockAwareAction
329 }
catch (InvalidRequestException $exception) {
330 $caught = $exception;
333 $this->assertNotNull($caught);
336 $this->assertInstanceOf(Response::class,
$response);
338 self::AWARE_LOCATION_VALUE,
339 $response->getHeader(
'Location')->getFieldValue()
341 $this->assertNull($caught->getMessages());
349 $this->request->setParams(
350 [self::AWARE_VALIDATION_PARAM =>
'1']
353 $this->validator->validate(
355 $this->mockAwareAction
363 public function testValidateWithCsrfAwareAction()
366 $this->request->setMethod(HttpRequest::METHOD_GET);
368 TestBootstrap::ADMIN_NAME,
369 TestBootstrap::ADMIN_PASSWORD
371 $this->request->setParams([
372 BackendUrl::SECRET_KEY_PARAM_NAME => $this->url->getSecretKey(),
378 $this->validator->validate(
380 $this->mockCsrfAwareAction
382 }
catch (InvalidRequestException $exception) {
383 $caught = $exception;
388 $this->assertNotNull($caught);
389 $this->assertCount(1, $caught->getMessages());
391 self::CSRF_AWARE_MESSAGE,
392 $caught->getMessages()[0]->getText()
396 public function testInvalidAjaxRequest()
399 $this->request->setMethod(HttpRequest::METHOD_GET);
401 TestBootstrap::ADMIN_NAME,
402 TestBootstrap::ADMIN_PASSWORD
404 $this->request->setParams([
405 BackendUrl::SECRET_KEY_PARAM_NAME =>
'invalid',
412 $this->validator->validate(
414 $this->mockUnawareAction
416 }
catch (InvalidRequestException $exception) {
417 $caught = $exception;
420 $this->assertNotNull($caught);
421 $this->assertInstanceOf(
422 ResultInterface::class,
423 $caught->getReplaceResult()
426 $result = $caught->getReplaceResult();
428 $response = $this->httpResponseFactory->create();
430 $this->assertEmpty(
$response->getBody());
431 $this->assertEquals(401,
$response->getHttpResponseCode());
testValidateValidWithAwareAction()
testValidateWithValidKey()
testValidateWithInvalidKey()
testValidateWithInvalidFormKey()
if(isset($opts->o)) if(! $usingStdout) $l
static getObjectManager()