3 namespace MediaWiki\Tests\Session
;
5 use MediaWiki\Request\WebRequest
;
6 use MediaWiki\Session\CsrfTokenSet
;
7 use MediaWiki\Session\SessionManager
;
8 use MediaWiki\User\User
;
9 use MediaWikiIntegrationTestCase
;
12 * @covers \MediaWiki\Session\CsrfTokenSet
15 class CsrfTokenSetTest
extends MediaWikiIntegrationTestCase
{
17 private function makeRequest( bool $userRegistered ): WebRequest
{
18 $webRequest = new WebRequest();
19 $session1 = SessionManager
::singleton()->getEmptySession( $webRequest );
20 $session1->setUser( $userRegistered ?
$this->getTestUser()->getUser() : new User() );
24 public function testCSRFTokens_anon() {
25 $webRequest1 = $this->makeRequest( false );
26 $tokenRepo1 = new CsrfTokenSet( $webRequest1 );
27 $token = $tokenRepo1->getToken()->toString();
28 $webRequest2 = $this->makeRequest( false );
29 $tokenRepo2 = new CsrfTokenSet( $webRequest2 );
30 $this->assertTrue( $tokenRepo2->matchToken( $token ) );
31 $webRequest2->setVal( 'wpBlabla', $token );
32 $this->assertTrue( $tokenRepo2->matchTokenField( 'wpBlabla' ) );
35 public function testCSRFTokens_registered() {
36 $webRequest1 = $this->makeRequest( true );
37 $tokenRepo1 = new CsrfTokenSet( $webRequest1 );
38 $token = $tokenRepo1->getToken()->toString();
39 $this->assertTrue( $tokenRepo1->matchToken( $token ) );
40 $this->assertFalse( $tokenRepo1->matchTokenField( 'wpBlabla' ) );
41 $webRequest1->setVal( 'wpBlabla', $token );
42 $this->assertTrue( $tokenRepo1->matchTokenField( 'wpBlabla' ) );
43 $webRequest2 = $this->makeRequest( true );
44 $webRequest2->setVal( 'wpBlabla', $token );
45 $tokenRepo2 = new CsrfTokenSet( $webRequest2 );
46 $this->assertFalse( $tokenRepo2->matchTokenField( 'wpBlabla' ) );
47 $this->assertFalse( $tokenRepo2->matchToken( $token ) );
