Neos\Flow\Tests\Unit\Security\ContextTest::isCsrfProtectionTokenValidChecksIfTheGivenTokenIsExistingInTheContextAndUnsetsItIfTheCsrfStrategyIsOnePerUri PHP Метод

Документация по классу ContextTest Показать файл Открыть проект

isCsrfProtectionTokenValidChecksIfTheGivenTokenIsExistingInTheContextAndUnsetsItIfTheCsrfStrategyIsOnePerUri() публичный Метод

public isCsrfProtectionTokenValidChecksIfTheGivenTokenIsExistingInTheContextAndUnsetsItIfTheCsrfStrategyIsOnePerUri ( ) 
    public function isCsrfProtectionTokenValidChecksIfTheGivenTokenIsExistingInTheContextAndUnsetsItIfTheCsrfStrategyIsOnePerUri()
    {
        $mockAuthenticationManager = $this->createMock(AuthenticationManagerInterface::class);
        $existingTokens = ['csrfToken12345' => true];
        /** @var Context $securityContext */
        $securityContext = $this->getAccessibleMock(Context::class, ['initialize']);
        $securityContext->setRequest($this->mockActionRequest);
        $securityContext->_set('authenticationManager', $mockAuthenticationManager);
        $securityContext->_set('csrfProtectionTokens', $existingTokens);
        $securityContext->_set('csrfProtectionStrategy', Context::CSRF_ONE_PER_URI);
        $this->assertTrue($securityContext->isCsrfProtectionTokenValid('csrfToken12345'));
        $this->assertFalse($securityContext->isCsrfProtectionTokenValid('csrfToken12345'));
    }
ContextTest
authenticationStrategies
authenticationStrategyIsSetCorrectlyFromConfiguration
authorizationChecksAreEnabledByDefault
csrfProtectionStrategies
csrfProtectionStrategyIsSetCorrectlyFromConfiguration
currentRequestIsSetInTheSecurityContext
getAccountByAuthenticationProviderNameReturnsNullIfNoAccountFound
getAccountByAuthenticationProviderNameReturnsTheAuthenticatedAccountWithGivenProviderName
getAccountReturnsTheAccountAttachedToTheFirstAuthenticatedToken
getContextHashInitializesSecurityContext
getContextHashReturnsAHashOverAllAuthenticatedRoles
getContextHashReturnsStaticStringIfAuthorizationChecksAreDisabled
getContextHashReturnsStaticStringIfSecurityContextCantBeInitialized
getCsrfProtectionTokenReturnsANewTokenIfNoneIsPresentInTheContext
getCsrfProtectionTokenReturnsANewTokenIfTheCsrfStrategyIsOnePerUri
getRolesReturnsTheAnonymousRoleIfNoTokenIsAuthenticated
getRolesReturnsTheAuthenticatedUserRoleIfATokenIsAuthenticated
getRolesReturnsTheCorrectRoles
getRolesReturnsTheEverybodyRoleEvenIfNoTokenIsAuthenticated
getRolesTakesInheritanceOfRolesIntoAccount
hasRoleReturnsFalseForAnonymousRoleIfAuthenticated
hasRoleReturnsTrueForAnonymousRoleIfNotAuthenticated
hasRoleReturnsTrueForEverybodyRole
hasRoleWorks
hasRoleWorksWithRecursiveRoles
initializeCallsUpdateCredentialsOnAllActiveTokens
initializeSeparatesActiveAndInactiveTokens
initializeUpdatesAndSeparatesActiveAndInactiveTokensCorrectly
injectAuthenticationManagerSetsAReferenceToTheSecurityContextInTheAuthenticationManager
invalidAuthenticationStrategyFromConfigurationThrowsException
invalidCsrfProtectionStrategyFromConfigurationThrowsException
isCsrfProtectionTokenValidChecksIfTheGivenTokenIsExistingInTheContext
isCsrfProtectionTokenValidChecksIfTheGivenTokenIsExistingInTheContextAndUnsetsItIfTheCsrfStrategyIsOnePerUri
securityContextCallsTheAuthenticationManagerToSetItsTokens
securityContextIsNotInitializedAgainIfItHasBeenInitializedAlready
securityContextIsSetToInitialized
separateActiveAndInactiveTokensDataProvider
separateActiveAndInactiveTokensTests
setUp
tokenFromAnAuthenticationManagerIsReplacedIfThereIsOneOfTheSameTypeInTheSession
withoutAuthorizationChecksDisabledAuthorizationChecks
withoutAuthorizationChecksReactivatesAuthorizationCheckCorrectlyWhenCalledNested
withoutAuthorizationChecksReactivatesAuthorizationChecksAfterClosureInvocation
withoutAuthorizationChecksReactivatesAuthorizationChecksAfterClosureInvocationIfClosureThrowsException