|
33 | 33 | use Enlight_Controller_Front; |
34 | 34 | use Enlight_Controller_Request_Request; |
35 | 35 | use Enlight_Controller_Request_RequestHttp; |
| 36 | +use Enlight_Controller_Request_RequestTestCase; |
| 37 | +use Enlight_Controller_Response_ResponseTestCase; |
36 | 38 | use Generator; |
37 | 39 | use PHPUnit\Framework\TestCase; |
38 | 40 | use sAdmin; |
|
52 | 54 | use Shopware_Components_Config; |
53 | 55 | use Shopware_Components_Snippet_Manager; |
54 | 56 | use ShopwarePlugin\PaymentMethods\Components\BasePaymentMethod; |
| 57 | +use Symfony\Component\HttpFoundation\Cookie; |
| 58 | +use Symfony\Component\HttpFoundation\Response; |
55 | 59 |
|
56 | 60 | class AdminTest extends TestCase |
57 | 61 | { |
@@ -80,7 +84,8 @@ public function setUp(): void |
80 | 84 | parent::setUp(); |
81 | 85 |
|
82 | 86 | $this->getContainer()->get(ModelManager::class)->clear(); |
83 | | - $this->getContainer()->get('front')->setRequest(new Enlight_Controller_Request_RequestHttp()); |
| 87 | + $this->getContainer()->get('front')->setRequest(new Enlight_Controller_Request_RequestTestCase()); |
| 88 | + $this->getContainer()->get('front')->setResponse(new Enlight_Controller_Response_ResponseTestCase()); |
84 | 89 |
|
85 | 90 | $this->module = $this->getContainer()->get('modules')->Admin(); |
86 | 91 | $this->config = $this->getContainer()->get('config'); |
@@ -2365,6 +2370,46 @@ public function testsGetPremiumShippingcostsWithCountryTaxRule(): void |
2365 | 2370 | static::assertSame($expectedTaxValue, $result['tax']); |
2366 | 2371 | } |
2367 | 2372 |
|
| 2373 | + public function testCsrfTokenAreUpdatedLogout(): void |
| 2374 | + { |
| 2375 | + static::assertCount(0, $this->getResponse()->headers->getCookies()); |
| 2376 | + |
| 2377 | + $customer = $this->createDummyCustomer(); |
| 2378 | + |
| 2379 | + // Test successful login |
| 2380 | + $this->getRequest()->setPost([ |
| 2381 | + 'email' => $customer->getEmail(), |
| 2382 | + 'password' => 'fooobar', |
| 2383 | + ]); |
| 2384 | + $this->module->sLogin(); |
| 2385 | + |
| 2386 | + $csrfCookies = array_filter($this->getResponse()->headers->getCookies(), function ($cookie) { |
| 2387 | + if ($cookie->getName() === '__csrf_token-1') { |
| 2388 | + return $cookie; |
| 2389 | + } |
| 2390 | + }); |
| 2391 | + $cookie = array_pop($csrfCookies); |
| 2392 | + static::assertInstanceOf(Cookie::class, $cookie); |
| 2393 | + $token = $cookie->getValue(); |
| 2394 | + static::assertIsString($token); |
| 2395 | + |
| 2396 | + $this->getContainer()->get('front')->setResponse(new Enlight_Controller_Response_ResponseTestCase()); |
| 2397 | + |
| 2398 | + $this->module->logout(); |
| 2399 | + |
| 2400 | + $csrfCookies = array_filter($this->getResponse()->headers->getCookies(), function ($cookie) { |
| 2401 | + if ($cookie->getName() === '__csrf_token-1') { |
| 2402 | + return $cookie; |
| 2403 | + } |
| 2404 | + }); |
| 2405 | + $cookie = array_pop($csrfCookies); |
| 2406 | + static::assertInstanceOf(Cookie::class, $cookie); |
| 2407 | + $newToken = $cookie->getValue(); |
| 2408 | + static::assertIsString($newToken); |
| 2409 | + |
| 2410 | + static::assertNotEquals($token, $newToken); |
| 2411 | + } |
| 2412 | + |
2368 | 2413 | /** |
2369 | 2414 | * @param array<string, array<string, mixed>> $userData |
2370 | 2415 | * |
@@ -2544,8 +2589,16 @@ private function deleteDummyCustomer(Customer $customer): void |
2544 | 2589 | private function getRequest(): Enlight_Controller_Request_Request |
2545 | 2590 | { |
2546 | 2591 | $request = $this->front->Request(); |
2547 | | - static::assertNotNull($request); |
| 2592 | + static::assertInstanceOf(Enlight_Controller_Request_Request::class, $request); |
2548 | 2593 |
|
2549 | 2594 | return $request; |
2550 | 2595 | } |
| 2596 | + |
| 2597 | + private function getResponse(): Response |
| 2598 | + { |
| 2599 | + $response = $this->front->Response(); |
| 2600 | + static::assertInstanceOf(Response::class, $response); |
| 2601 | + |
| 2602 | + return $response; |
| 2603 | + } |
2551 | 2604 | } |
0 commit comments