Neos\Flow\Tests\Unit\Security\RequestPattern\CsrfProtectionTest::matchRequestReturnsFalseIfRequestMethodIsSafe PHP Method

CsrfProtectionTest Class Documentation Show file Open project: neos/flow-development-collection

matchRequestReturnsFalseIfRequestMethodIsSafe() public method

public matchRequestReturnsFalseIfRequestMethodIsSafe ( )

    public function matchRequestReturnsFalseIfRequestMethodIsSafe()
    {
        $httpRequest = Request::create(new Uri('http://localhost'), 'GET');
        $this->mockActionRequest->expects($this->any())->method('getHttpRequest')->will($this->returnValue($httpRequest));
        $mockCsrfProtectionPattern = $this->getAccessibleMock(Security\RequestPattern\CsrfProtection::class, ['dummy']);
        $mockCsrfProtectionPattern->_set('systemLogger', $this->mockSystemLogger);
        $this->assertFalse($mockCsrfProtectionPattern->matchRequest($this->mockActionRequest));
    }

CsrfProtectionTest

matchRequestReturnsFalseIfAuthorizationChecksAreDisabled

matchRequestReturnsFalseIfNobodyIsAuthenticated

matchRequestReturnsFalseIfRequestIsNoActionRequest

matchRequestReturnsFalseIfRequestMethodIsSafe

matchRequestReturnsFalseIfTheCsrfTokenIsPassedThroughAnHttpHeader

matchRequestReturnsFalseIfTheTargetActionIsMentionedInThePolicyAndTheCsrfTokenIsValid

matchRequestReturnsFalseIfTheTargetActionIsNotMentionedInThePolicy

matchRequestReturnsFalseIfTheTargetActionIsTaggedWithSkipCsrfProtection

matchRequestReturnsTrueIfTheTargetActionIsMentionedInThePolicyButNoCsrfTokenHasBeenSent

matchRequestReturnsTrueIfTheTargetActionIsMentionedInThePolicyButTheCsrfTokenIsInvalid

setUp