public function postRequestOnRestrictedActionWithoutCsrfTokenCausesAccessDeniedException()
{
$this->markTestIncomplete('Needs to be implemented');
$arguments = [];
$arguments['__authentication']['TYPO3']['Flow']['Security']['Authentication']['Token']['UsernamePassword']['username'] = 'admin';
$arguments['__authentication']['TYPO3']['Flow']['Security']['Authentication']['Token']['UsernamePassword']['password'] = 'password';
$request = Request::create(new Uri('http://localhost/test/security/authentication/usernamepassword/authenticate'), 'POST', $arguments);
$response = $this->browser->sendRequest($request);
$sessionCookie = $response->getCookie('TYPO3_Flow_Session');
$request = Request::create(new Uri('http://localhost/test/security/restricted/admin'));
$request->setCookie($sessionCookie);
$response = $this->browser->sendRequest($request);
// Expect an exception because no account is authenticated:
$response = $this->browser->request(new Uri('http://localhost/test/security/restricted/customer'), 'POST');
// ...
// Expect an different exception because although an account is authenticated, the request lacks a CSRF token:
$response = $this->browser->request(new Uri('http://localhost/test/security/restricted/customer'), 'POST', $arguments);
// ...
// Expect that it works after you logged in
$csrfToken = $this->securityContext->getCsrfProtectionToken();
$request = Request::create(new Uri('http://localhost/test/security/restricted/customer'), 'POST');
// ...
}