Neos\Flow\Tests\Unit\Security\RequestPattern\CsrfProtectionTest::matchRequestReturnsFalseIfAuthorizationChecksAreDisabled PHP Method

CsrfProtectionTest Class Documentation Show file Open project: neos/flow-development-collection

matchRequestReturnsFalseIfAuthorizationChecksAreDisabled() public method

public matchRequestReturnsFalseIfAuthorizationChecksAreDisabled ( ) 
    public function matchRequestReturnsFalseIfAuthorizationChecksAreDisabled()
    {
        $httpRequest = Request::create(new Uri('http://localhost'), 'POST');
        $this->mockActionRequest->expects($this->any())->method('getHttpRequest')->will($this->returnValue($httpRequest));
        $mockAuthenticationManager = $this->getMockBuilder(AuthenticationManagerInterface::class)->disableOriginalConstructor()->getMock();
        $mockAuthenticationManager->expects($this->any())->method('isAuthenticated')->will($this->returnValue(true));
        $mockSecurityContext = $this->createMock(Security\Context::class);
        $mockSecurityContext->expects($this->atLeastOnce())->method('areAuthorizationChecksDisabled')->will($this->returnValue(true));
        $mockCsrfProtectionPattern = $this->getAccessibleMock(Security\RequestPattern\CsrfProtection::class, ['dummy']);
        $mockCsrfProtectionPattern->_set('authenticationManager', $mockAuthenticationManager);
        $mockCsrfProtectionPattern->_set('systemLogger', $this->mockSystemLogger);
        $mockCsrfProtectionPattern->_set('securityContext', $mockSecurityContext);
        $this->assertFalse($mockCsrfProtectionPattern->matchRequest($this->mockActionRequest));
    }
CsrfProtectionTest
matchRequestReturnsFalseIfAuthorizationChecksAreDisabled
matchRequestReturnsFalseIfNobodyIsAuthenticated
matchRequestReturnsFalseIfRequestIsNoActionRequest
matchRequestReturnsFalseIfRequestMethodIsSafe
matchRequestReturnsFalseIfTheCsrfTokenIsPassedThroughAnHttpHeader
matchRequestReturnsFalseIfTheTargetActionIsMentionedInThePolicyAndTheCsrfTokenIsValid
matchRequestReturnsFalseIfTheTargetActionIsNotMentionedInThePolicy
matchRequestReturnsFalseIfTheTargetActionIsTaggedWithSkipCsrfProtection
matchRequestReturnsTrueIfTheTargetActionIsMentionedInThePolicyButNoCsrfTokenHasBeenSent
matchRequestReturnsTrueIfTheTargetActionIsMentionedInThePolicyButTheCsrfTokenIsInvalid
setUp