engelsystem/tests/Unit/Middleware/VerifyCsrfTokenTest.php

<?php

declare(strict_types=1);

namespace Engelsystem\Test\Unit\Middleware;

use Engelsystem\Http\Exceptions\HttpAuthExpired;
use Engelsystem\Middleware\VerifyCsrfToken;
use PHPUnit\Framework\MockObject\MockObject;
use PHPUnit\Framework\TestCase;
use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\ServerRequestInterface;
use Psr\Http\Server\RequestHandlerInterface;
use Symfony\Component\HttpFoundation\Session\SessionInterface;

class VerifyCsrfTokenTest extends TestCase
{
    /**
     * @covers \Engelsystem\Middleware\VerifyCsrfToken::isReading
     * @covers \Engelsystem\Middleware\VerifyCsrfToken::process
     */
    public function testProcess(): void
    {
        /** @var ServerRequestInterface|MockObject $request */
        $request = $this->getMockForAbstractClass(ServerRequestInterface::class);
        /** @var RequestHandlerInterface|MockObject $handler */
        $handler = $this->getMockForAbstractClass(RequestHandlerInterface::class);
        /** @var ResponseInterface|MockObject $response */
        $response = $this->getMockForAbstractClass(ResponseInterface::class);

        $handler->expects($this->exactly(2))
            ->method('handle')
            ->with($request)
            ->willReturn($response);

        /** @var VerifyCsrfToken|MockObject $middleware */
        $middleware = $this->getMockBuilder(VerifyCsrfToken::class)
            ->disableOriginalConstructor()
            ->onlyMethods(['tokensMatch'])
            ->getMock();

        $middleware->expects($this->exactly(2))
            ->method('tokensMatch')
            ->willReturnOnConsecutiveCalls(true, false);

        // Results in true, false, false
        $request->expects($this->exactly(3))
            ->method('getMethod')
            ->willReturnOnConsecutiveCalls('GET', 'DELETE', 'POST');

        // Is reading
        $middleware->process($request, $handler);
        // Tokens match
        $middleware->process($request, $handler);

        // No match
        $this->expectException(HttpAuthExpired::class);
        $middleware->process($request, $handler);
    }

    /**
     * @covers \Engelsystem\Middleware\VerifyCsrfToken::__construct
     * @covers \Engelsystem\Middleware\VerifyCsrfToken::tokensMatch
     */
    public function testTokensMatch(): void
    {
        /** @var ServerRequestInterface|MockObject $request */
        $request = $this->getMockForAbstractClass(ServerRequestInterface::class);
        /** @var RequestHandlerInterface|MockObject $handler */
        $handler = $this->getMockForAbstractClass(RequestHandlerInterface::class);
        /** @var ResponseInterface|MockObject $response */
        $response = $this->getMockForAbstractClass(ResponseInterface::class);
        /** @var SessionInterface|MockObject $session */
        $session = $this->getMockForAbstractClass(SessionInterface::class);

        /** @var VerifyCsrfToken|MockObject $middleware */
        $middleware = $this->getMockBuilder(VerifyCsrfToken::class)
            ->setConstructorArgs([$session])
            ->onlyMethods(['isReading'])
            ->getMock();

        $middleware->expects($this->atLeastOnce())
            ->method('isReading')
            ->willReturn(false);

        $handler->expects($this->exactly(3))
            ->method('handle')
            ->willReturn($response);

        $request->expects($this->exactly(4))
            ->method('getParsedBody')
            ->willReturnOnConsecutiveCalls(
                null,
                ['_token' => 'PostFooToken'],
                ['_token' => 'PostBarToken'],
                null
            );
        $request->expects($this->exactly(4))
            ->method('getHeader')
            ->with('X-CSRF-TOKEN')
            ->willReturnOnConsecutiveCalls(
                ['HeaderFooToken'],
                [],
                ['HeaderBarToken'],
                []
            );

        $session->expects($this->exactly(4))
            ->method('get')
            ->with('_token')
            ->willReturnOnConsecutiveCalls(
                'HeaderFooToken',
                'PostFooToken',
                'PostBarToken',
                'NotAvailableToken'
            );

        // Header token
        $middleware->process($request, $handler);
        // POST token
        $middleware->process($request, $handler);
        // Header and POST tokens
        $middleware->process($request, $handler);
        // No tokens
        $this->expectException(HttpAuthExpired::class);
        $middleware->process($request, $handler);
    }
}
Added csrf middleware 2018-09-03 16:33:13 +02:00			`<?php`

Set strict types everywhere (except includes) 2023-02-03 20:41:59 +01:00			`declare(strict_types=1);`

Added csrf middleware 2018-09-03 16:33:13 +02:00			`namespace Engelsystem\Test\Unit\Middleware;`

Refactoring: Throw HttpAuthExpired on csrf token mismatch 2018-11-27 13:34:55 +01:00			`use Engelsystem\Http\Exceptions\HttpAuthExpired;`
Added csrf middleware 2018-09-03 16:33:13 +02:00			`use Engelsystem\Middleware\VerifyCsrfToken;`
			`use PHPUnit\Framework\MockObject\MockObject;`
			`use PHPUnit\Framework\TestCase;`
			`use Psr\Http\Message\ResponseInterface;`
			`use Psr\Http\Message\ServerRequestInterface;`
			`use Psr\Http\Server\RequestHandlerInterface;`
			`use Symfony\Component\HttpFoundation\Session\SessionInterface;`

			`class VerifyCsrfTokenTest extends TestCase`
			`{`
			`/**`
			`* @covers \Engelsystem\Middleware\VerifyCsrfToken::isReading`
Formatting ```bash php-cs-fixer fix --allow-risky=yes --rules=@PSR2,psr4,mb_str_functions.php_unit_construct,php_unit_ordered_covers,trailing_comma_in_multiline_array --rules='{"array_syntax": {"syntax":"short"}}' [tests/\|src/] ``` 2019-04-24 11:01:37 +02:00			`* @covers \Engelsystem\Middleware\VerifyCsrfToken::process`
Added csrf middleware 2018-09-03 16:33:13 +02:00			`*/`
Set native return types Signed-off-by: Michael Weimann <mail@michael-weimann.eu> 2022-12-14 19:15:20 +01:00			`public function testProcess(): void`
Added csrf middleware 2018-09-03 16:33:13 +02:00			`{`
			`/** @var ServerRequestInterface\|MockObject $request */`
			`$request = $this->getMockForAbstractClass(ServerRequestInterface::class);`
			`/** @var RequestHandlerInterface\|MockObject $handler */`
			`$handler = $this->getMockForAbstractClass(RequestHandlerInterface::class);`
			`/** @var ResponseInterface\|MockObject $response */`
			`$response = $this->getMockForAbstractClass(ResponseInterface::class);`

			`$handler->expects($this->exactly(2))`
			`->method('handle')`
			`->with($request)`
			`->willReturn($response);`

			`/** @var VerifyCsrfToken\|MockObject $middleware */`
			`$middleware = $this->getMockBuilder(VerifyCsrfToken::class)`
			`->disableOriginalConstructor()`
Tests: Replaced setMethods as it is deprecated 2019-11-06 12:29:58 +01:00			`->onlyMethods(['tokensMatch'])`
Added csrf middleware 2018-09-03 16:33:13 +02:00			`->getMock();`

			`$middleware->expects($this->exactly(2))`
			`->method('tokensMatch')`
			`->willReturnOnConsecutiveCalls(true, false);`

			`// Results in true, false, false`
			`$request->expects($this->exactly(3))`
			`->method('getMethod')`
Refactoring: Throw HttpAuthExpired on csrf token mismatch 2018-11-27 13:34:55 +01:00			`->willReturnOnConsecutiveCalls('GET', 'DELETE', 'POST');`
Added csrf middleware 2018-09-03 16:33:13 +02:00
Refactoring: Throw HttpAuthExpired on csrf token mismatch 2018-11-27 13:34:55 +01:00			`// Is reading`
Added csrf middleware 2018-09-03 16:33:13 +02:00			`$middleware->process($request, $handler);`
Refactoring: Throw HttpAuthExpired on csrf token mismatch 2018-11-27 13:34:55 +01:00			`// Tokens match`
Added csrf middleware 2018-09-03 16:33:13 +02:00			`$middleware->process($request, $handler);`
Refactoring: Throw HttpAuthExpired on csrf token mismatch 2018-11-27 13:34:55 +01:00
			`// No match`
			`$this->expectException(HttpAuthExpired::class);`
Added csrf middleware 2018-09-03 16:33:13 +02:00			`$middleware->process($request, $handler);`
			`}`

			`/**`
			`* @covers \Engelsystem\Middleware\VerifyCsrfToken::__construct`
			`* @covers \Engelsystem\Middleware\VerifyCsrfToken::tokensMatch`
			`*/`
Set native return types Signed-off-by: Michael Weimann <mail@michael-weimann.eu> 2022-12-14 19:15:20 +01:00			`public function testTokensMatch(): void`
Added csrf middleware 2018-09-03 16:33:13 +02:00			`{`
			`/** @var ServerRequestInterface\|MockObject $request */`
			`$request = $this->getMockForAbstractClass(ServerRequestInterface::class);`
			`/** @var RequestHandlerInterface\|MockObject $handler */`
			`$handler = $this->getMockForAbstractClass(RequestHandlerInterface::class);`
			`/** @var ResponseInterface\|MockObject $response */`
			`$response = $this->getMockForAbstractClass(ResponseInterface::class);`
			`/** @var SessionInterface\|MockObject $session */`
			`$session = $this->getMockForAbstractClass(SessionInterface::class);`

			`/** @var VerifyCsrfToken\|MockObject $middleware */`
			`$middleware = $this->getMockBuilder(VerifyCsrfToken::class)`
			`->setConstructorArgs([$session])`
Tests: Replaced setMethods as it is deprecated 2019-11-06 12:29:58 +01:00			`->onlyMethods(['isReading'])`
Added csrf middleware 2018-09-03 16:33:13 +02:00			`->getMock();`

			`$middleware->expects($this->atLeastOnce())`
			`->method('isReading')`
			`->willReturn(false);`

			`$handler->expects($this->exactly(3))`
			`->method('handle')`
			`->willReturn($response);`

			`$request->expects($this->exactly(4))`
			`->method('getParsedBody')`
			`->willReturnOnConsecutiveCalls(`
			`null,`
			`['_token' => 'PostFooToken'],`
Refactoring: Throw HttpAuthExpired on csrf token mismatch 2018-11-27 13:34:55 +01:00			`['_token' => 'PostBarToken'],`
			`null`
Added csrf middleware 2018-09-03 16:33:13 +02:00			`);`
			`$request->expects($this->exactly(4))`
			`->method('getHeader')`
			`->with('X-CSRF-TOKEN')`
			`->willReturnOnConsecutiveCalls(`
			`['HeaderFooToken'],`
			`[],`
Refactoring: Throw HttpAuthExpired on csrf token mismatch 2018-11-27 13:34:55 +01:00			`['HeaderBarToken'],`
			`[]`
Added csrf middleware 2018-09-03 16:33:13 +02:00			`);`

			`$session->expects($this->exactly(4))`
			`->method('get')`
			`->with('_token')`
			`->willReturnOnConsecutiveCalls(`
			`'HeaderFooToken',`
			`'PostFooToken',`
Refactoring: Throw HttpAuthExpired on csrf token mismatch 2018-11-27 13:34:55 +01:00			`'PostBarToken',`
			`'NotAvailableToken'`
Added csrf middleware 2018-09-03 16:33:13 +02:00			`);`

			`// Header token`
Refactoring: Throw HttpAuthExpired on csrf token mismatch 2018-11-27 13:34:55 +01:00			`$middleware->process($request, $handler);`
Added csrf middleware 2018-09-03 16:33:13 +02:00			`// POST token`
Refactoring: Throw HttpAuthExpired on csrf token mismatch 2018-11-27 13:34:55 +01:00			`$middleware->process($request, $handler);`
Added csrf middleware 2018-09-03 16:33:13 +02:00			`// Header and POST tokens`
Refactoring: Throw HttpAuthExpired on csrf token mismatch 2018-11-27 13:34:55 +01:00			`$middleware->process($request, $handler);`
			`// No tokens`
			`$this->expectException(HttpAuthExpired::class);`
			`$middleware->process($request, $handler);`
Added csrf middleware 2018-09-03 16:33:13 +02:00			`}`
			`}`