public function matchRequestReturnsFalseIfTheTargetActionIsMentionedInThePolicyAndTheCsrfTokenIsValid()
{
$controllerObjectName = 'SomeControllerObjectName';
$controllerActionName = 'list';
$httpRequest = Request::create(new Uri('http://localhost'), 'POST');
$this->mockActionRequest->expects($this->atLeastOnce())->method('getControllerObjectName')->will($this->returnValue($controllerObjectName));
$this->mockActionRequest->expects($this->any())->method('getControllerActionName')->will($this->returnValue($controllerActionName));
$this->mockActionRequest->expects($this->any())->method('getInternalArguments')->will($this->returnValue(['__csrfToken' => 'validToken']));
$this->mockActionRequest->expects($this->any())->method('getMainRequest')->will($this->returnValue($this->mockActionRequest));
$this->mockActionRequest->expects($this->any())->method('getHttpRequest')->will($this->returnValue($httpRequest));
$mockAuthenticationManager = $this->getMockBuilder(AuthenticationManagerInterface::class)->disableOriginalConstructor()->getMock();
$mockAuthenticationManager->expects($this->any())->method('isAuthenticated')->will($this->returnValue(true));
$mockObjectManager = $this->createMock(ObjectManagerInterface::class);
$mockObjectManager->expects($this->once())->method('getClassNameByObjectName')->with($controllerObjectName)->will($this->returnValue($controllerObjectName));
$mockReflectionService = $this->createMock(ReflectionService::class);
$mockReflectionService->expects($this->once())->method('isMethodTaggedWith')->with($controllerObjectName, $controllerActionName . 'Action', 'skipcsrfprotection')->will($this->returnValue(false));
$mockPrivilege = $this->createMock(MethodPrivilegeInterface::class);
$mockPrivilege->expects($this->once())->method('matchesMethod')->with($controllerObjectName, $controllerActionName . 'Action')->will($this->returnValue(true));
$mockPolicyService = $this->createMock(Security\Policy\PolicyService::class);
$mockPolicyService->expects($this->once())->method('getAllPrivilegesByType')->will($this->returnValue([$mockPrivilege]));
$mockSecurityContext = $this->createMock(Security\Context::class);
$mockSecurityContext->expects($this->any())->method('isCsrfProtectionTokenValid')->with('validToken')->will($this->returnValue(true));
$mockSecurityContext->expects($this->any())->method('hasCsrfProtectionTokens')->will($this->returnValue(true));
$mockCsrfProtectionPattern = $this->getAccessibleMock(Security\RequestPattern\CsrfProtection::class, ['dummy']);
$mockCsrfProtectionPattern->_set('authenticationManager', $mockAuthenticationManager);
$mockCsrfProtectionPattern->_set('objectManager', $mockObjectManager);
$mockCsrfProtectionPattern->_set('reflectionService', $mockReflectionService);
$mockCsrfProtectionPattern->_set('policyService', $mockPolicyService);
$mockCsrfProtectionPattern->_set('securityContext', $mockSecurityContext);
$mockCsrfProtectionPattern->_set('systemLogger', $this->mockSystemLogger);
$this->assertFalse($mockCsrfProtectionPattern->matchRequest($this->mockActionRequest));
}
