framework/tests/integration/extenders/CsrfTest.php
Alexander Skvortsov ae280016e7 Tests: remove prepDb workaround
Previously, the `prepareDatabase` method would directly modify the database, booting the app in the process. This would prevent any extenders from being applied, since `->extend()` has no effect once the app is booted.

Since the new implementation of `prepareDatabase` simply registers seed data to be applied during app boot, the workaround of sticking this seed data into `prepDb` is no longer necessary, and seed data common to all test cases in a class can be provided in `setUp`.

When needed, app boot is explicitly triggered in individual test cases by calling `$this->app()`.
2021-01-09 00:35:55 -05:00

119 lines
3.0 KiB
PHP

<?php
/*
* This file is part of Flarum.
*
* For detailed copyright and license information, please view the
* LICENSE file that was distributed with this source code.
*/
namespace Flarum\Tests\integration\extenders;
use Flarum\Extend;
use Flarum\Tests\integration\TestCase;
use Flarum\User\User;
class CsrfTest extends TestCase
{
protected $testUser = [
'username' => 'test',
'password' => 'too-obscure',
'email' => 'test@machine.local',
];
/**
* @test
*/
public function create_user_post_needs_csrf_token_by_default()
{
$response = $this->send(
$this->request('POST', '/api/users', [
'json' => [
'data' => [
'attributes' => $this->testUser
]
],
])
);
$this->assertEquals(400, $response->getStatusCode());
}
/**
* @test
* @deprecated
*/
public function create_user_post_doesnt_need_csrf_token_if_whitelisted()
{
$this->extend(
(new Extend\Csrf)
->exemptPath('/api/users')
);
$response = $this->send(
$this->request('POST', '/api/users', [
'json' => [
'data' => [
'attributes' => $this->testUser
]
],
])
);
$this->assertEquals(201, $response->getStatusCode());
$user = User::where('username', $this->testUser['username'])->firstOrFail();
$this->assertEquals(0, $user->is_email_confirmed);
$this->assertEquals($this->testUser['username'], $user->username);
$this->assertEquals($this->testUser['email'], $user->email);
}
/**
* @test
*/
public function create_user_post_doesnt_need_csrf_token_if_whitelisted_via_routename()
{
$this->extend(
(new Extend\Csrf)
->exemptRoute('users.create')
);
$response = $this->send(
$this->request('POST', '/api/users', [
'json' => [
'data' => [
'attributes' => $this->testUser
]
],
])
);
$this->assertEquals(201, $response->getStatusCode());
$user = User::where('username', $this->testUser['username'])->firstOrFail();
$this->assertEquals(0, $user->is_email_confirmed);
$this->assertEquals($this->testUser['username'], $user->username);
$this->assertEquals($this->testUser['email'], $user->email);
}
/**
* @test
* @deprecated
*/
public function csrf_matches_wildcards_properly()
{
$this->extend(
(new Extend\Csrf)
->exemptPath('/api/fake/*/up')
);
$response = $this->send(
$this->request('POST', '/api/fake/route/i/made/up')
);
$this->assertEquals(404, $response->getStatusCode());
}
}