engelsystem/tests/Unit/Middleware/VerifyCsrfTokenTest.php

<?php

namespace Engelsystem\Test\Unit\Middleware;

use Engelsystem\Http\Exceptions\HttpAuthExpired;
use Engelsystem\Middleware\VerifyCsrfToken;
use PHPUnit\Framework\MockObject\MockObject;
use PHPUnit\Framework\TestCase;
use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\ServerRequestInterface;
use Psr\Http\Server\RequestHandlerInterface;
use Symfony\Component\HttpFoundation\Session\SessionInterface;

class VerifyCsrfTokenTest extends TestCase
{
    /**
     * @covers \Engelsystem\Middleware\VerifyCsrfToken::isReading
     * @covers \Engelsystem\Middleware\VerifyCsrfToken::process
     */
    public function testProcess()
    {
        /** @var ServerRequestInterface|MockObject $request */
        $request = $this->getMockForAbstractClass(ServerRequestInterface::class);
        /** @var RequestHandlerInterface|MockObject $handler */
        $handler = $this->getMockForAbstractClass(RequestHandlerInterface::class);
        /** @var ResponseInterface|MockObject $response */
        $response = $this->getMockForAbstractClass(ResponseInterface::class);

        $handler->expects($this->exactly(2))
            ->method('handle')
            ->with($request)
            ->willReturn($response);

        /** @var VerifyCsrfToken|MockObject $middleware */
        $middleware = $this->getMockBuilder(VerifyCsrfToken::class)
            ->disableOriginalConstructor()
            ->setMethods(['tokensMatch'])
            ->getMock();

        $middleware->expects($this->exactly(2))
            ->method('tokensMatch')
            ->willReturnOnConsecutiveCalls(true, false);

        // Results in true, false, false
        $request->expects($this->exactly(3))
            ->method('getMethod')
            ->willReturnOnConsecutiveCalls('GET', 'DELETE', 'POST');

        // Is reading
        $middleware->process($request, $handler);
        // Tokens match
        $middleware->process($request, $handler);

        // No match
        $this->expectException(HttpAuthExpired::class);
        $middleware->process($request, $handler);
    }

    /**
     * @covers \Engelsystem\Middleware\VerifyCsrfToken::__construct
     * @covers \Engelsystem\Middleware\VerifyCsrfToken::tokensMatch
     */
    public function testTokensMatch()
    {
        /** @var ServerRequestInterface|MockObject $request */
        $request = $this->getMockForAbstractClass(ServerRequestInterface::class);
        /** @var RequestHandlerInterface|MockObject $handler */
        $handler = $this->getMockForAbstractClass(RequestHandlerInterface::class);
        /** @var ResponseInterface|MockObject $response */
        $response = $this->getMockForAbstractClass(ResponseInterface::class);
        /** @var SessionInterface|MockObject $session */
        $session = $this->getMockForAbstractClass(SessionInterface::class);

        /** @var VerifyCsrfToken|MockObject $middleware */
        $middleware = $this->getMockBuilder(VerifyCsrfToken::class)
            ->setConstructorArgs([$session])
            ->setMethods(['isReading'])
            ->getMock();

        $middleware->expects($this->atLeastOnce())
            ->method('isReading')
            ->willReturn(false);

        $handler->expects($this->exactly(3))
            ->method('handle')
            ->willReturn($response);

        $request->expects($this->exactly(4))
            ->method('getParsedBody')
            ->willReturnOnConsecutiveCalls(
                null,
                ['_token' => 'PostFooToken'],
                ['_token' => 'PostBarToken'],
                null
            );
        $request->expects($this->exactly(4))
            ->method('getHeader')
            ->with('X-CSRF-TOKEN')
            ->willReturnOnConsecutiveCalls(
                ['HeaderFooToken'],
                [],
                ['HeaderBarToken'],
                []
            );

        $session->expects($this->exactly(4))
            ->method('get')
            ->with('_token')
            ->willReturnOnConsecutiveCalls(
                'HeaderFooToken',
                'PostFooToken',
                'PostBarToken',
                'NotAvailableToken'
            );

        // Header token
        $middleware->process($request, $handler);
        // POST token
        $middleware->process($request, $handler);
        // Header and POST tokens
        $middleware->process($request, $handler);
        // No tokens
        $this->expectException(HttpAuthExpired::class);
        $middleware->process($request, $handler);
    }
}
Added csrf middleware 6 years ago			`<?php`

			`namespace Engelsystem\Test\Unit\Middleware;`

Refactoring: Throw HttpAuthExpired on csrf token mismatch 6 years ago			`use Engelsystem\Http\Exceptions\HttpAuthExpired;`
Added csrf middleware 6 years ago			`use Engelsystem\Middleware\VerifyCsrfToken;`
			`use PHPUnit\Framework\MockObject\MockObject;`
			`use PHPUnit\Framework\TestCase;`
			`use Psr\Http\Message\ResponseInterface;`
			`use Psr\Http\Message\ServerRequestInterface;`
			`use Psr\Http\Server\RequestHandlerInterface;`
			`use Symfony\Component\HttpFoundation\Session\SessionInterface;`

			`class VerifyCsrfTokenTest extends TestCase`
			`{`
			`/**`
			`* @covers \Engelsystem\Middleware\VerifyCsrfToken::isReading`
Formatting ```bash php-cs-fixer fix --allow-risky=yes --rules=@PSR2,psr4,mb_str_functions.php_unit_construct,php_unit_ordered_covers,trailing_comma_in_multiline_array --rules='{"array_syntax": {"syntax":"short"}}' [tests/\|src/] ``` 6 years ago			`* @covers \Engelsystem\Middleware\VerifyCsrfToken::process`
Added csrf middleware 6 years ago			`*/`
			`public function testProcess()`
			`{`
			`/** @var ServerRequestInterface\|MockObject $request */`
			`$request = $this->getMockForAbstractClass(ServerRequestInterface::class);`
			`/** @var RequestHandlerInterface\|MockObject $handler */`
			`$handler = $this->getMockForAbstractClass(RequestHandlerInterface::class);`
			`/** @var ResponseInterface\|MockObject $response */`
			`$response = $this->getMockForAbstractClass(ResponseInterface::class);`

			`$handler->expects($this->exactly(2))`
			`->method('handle')`
			`->with($request)`
			`->willReturn($response);`

			`/** @var VerifyCsrfToken\|MockObject $middleware */`
			`$middleware = $this->getMockBuilder(VerifyCsrfToken::class)`
			`->disableOriginalConstructor()`
Refactoring: Throw HttpAuthExpired on csrf token mismatch 6 years ago			`->setMethods(['tokensMatch'])`
Added csrf middleware 6 years ago			`->getMock();`

			`$middleware->expects($this->exactly(2))`
			`->method('tokensMatch')`
			`->willReturnOnConsecutiveCalls(true, false);`

			`// Results in true, false, false`
			`$request->expects($this->exactly(3))`
			`->method('getMethod')`
Refactoring: Throw HttpAuthExpired on csrf token mismatch 6 years ago			`->willReturnOnConsecutiveCalls('GET', 'DELETE', 'POST');`
Added csrf middleware 6 years ago
Refactoring: Throw HttpAuthExpired on csrf token mismatch 6 years ago			`// Is reading`
Added csrf middleware 6 years ago			`$middleware->process($request, $handler);`
Refactoring: Throw HttpAuthExpired on csrf token mismatch 6 years ago			`// Tokens match`
Added csrf middleware 6 years ago			`$middleware->process($request, $handler);`
Refactoring: Throw HttpAuthExpired on csrf token mismatch 6 years ago
			`// No match`
			`$this->expectException(HttpAuthExpired::class);`
Added csrf middleware 6 years ago			`$middleware->process($request, $handler);`
			`}`

			`/**`
			`* @covers \Engelsystem\Middleware\VerifyCsrfToken::__construct`
			`* @covers \Engelsystem\Middleware\VerifyCsrfToken::tokensMatch`
			`*/`
			`public function testTokensMatch()`
			`{`
			`/** @var ServerRequestInterface\|MockObject $request */`
			`$request = $this->getMockForAbstractClass(ServerRequestInterface::class);`
			`/** @var RequestHandlerInterface\|MockObject $handler */`
			`$handler = $this->getMockForAbstractClass(RequestHandlerInterface::class);`
			`/** @var ResponseInterface\|MockObject $response */`
			`$response = $this->getMockForAbstractClass(ResponseInterface::class);`
			`/** @var SessionInterface\|MockObject $session */`
			`$session = $this->getMockForAbstractClass(SessionInterface::class);`

			`/** @var VerifyCsrfToken\|MockObject $middleware */`
			`$middleware = $this->getMockBuilder(VerifyCsrfToken::class)`
			`->setConstructorArgs([$session])`
Refactoring: Throw HttpAuthExpired on csrf token mismatch 6 years ago			`->setMethods(['isReading'])`
Added csrf middleware 6 years ago			`->getMock();`

			`$middleware->expects($this->atLeastOnce())`
			`->method('isReading')`
			`->willReturn(false);`

			`$handler->expects($this->exactly(3))`
			`->method('handle')`
			`->willReturn($response);`

			`$request->expects($this->exactly(4))`
			`->method('getParsedBody')`
			`->willReturnOnConsecutiveCalls(`
			`null,`
			`['_token' => 'PostFooToken'],`
Refactoring: Throw HttpAuthExpired on csrf token mismatch 6 years ago			`['_token' => 'PostBarToken'],`
			`null`
Added csrf middleware 6 years ago			`);`
			`$request->expects($this->exactly(4))`
			`->method('getHeader')`
			`->with('X-CSRF-TOKEN')`
			`->willReturnOnConsecutiveCalls(`
			`['HeaderFooToken'],`
			`[],`
Refactoring: Throw HttpAuthExpired on csrf token mismatch 6 years ago			`['HeaderBarToken'],`
			`[]`
Added csrf middleware 6 years ago			`);`

			`$session->expects($this->exactly(4))`
			`->method('get')`
			`->with('_token')`
			`->willReturnOnConsecutiveCalls(`
			`'HeaderFooToken',`
			`'PostFooToken',`
Refactoring: Throw HttpAuthExpired on csrf token mismatch 6 years ago			`'PostBarToken',`
			`'NotAvailableToken'`
Added csrf middleware 6 years ago			`);`

			`// Header token`
Refactoring: Throw HttpAuthExpired on csrf token mismatch 6 years ago			`$middleware->process($request, $handler);`
Added csrf middleware 6 years ago			`// POST token`
Refactoring: Throw HttpAuthExpired on csrf token mismatch 6 years ago			`$middleware->process($request, $handler);`
Added csrf middleware 6 years ago			`// Header and POST tokens`
Refactoring: Throw HttpAuthExpired on csrf token mismatch 6 years ago			`$middleware->process($request, $handler);`
			`// No tokens`
			`$this->expectException(HttpAuthExpired::class);`
			`$middleware->process($request, $handler);`
Added csrf middleware 6 years ago			`}`
			`}`