2021-06-02 22:13:53 +00:00
|
|
|
<?php
|
|
|
|
|
|
|
|
|
|
namespace MediaWiki\Tests\Session;
|
|
|
|
|
|
2023-09-07 11:46:15 +00:00
|
|
|
use MediaWiki\Request\WebRequest;
|
2021-06-02 22:13:53 +00:00
|
|
|
use MediaWiki\Session\CsrfTokenSet;
|
|
|
|
|
use MediaWiki\Session\SessionManager;
|
2023-09-19 12:13:45 +00:00
|
|
|
use MediaWiki\User\User;
|
2021-06-02 22:13:53 +00:00
|
|
|
use MediaWikiIntegrationTestCase;
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @covers \MediaWiki\Session\CsrfTokenSet
|
2023-07-16 00:16:45 +00:00
|
|
|
* @group Database
|
2021-06-02 22:13:53 +00:00
|
|
|
*/
|
|
|
|
|
class CsrfTokenSetTest extends MediaWikiIntegrationTestCase {
|
|
|
|
|
|
|
|
|
|
private function makeRequest( bool $userRegistered ): WebRequest {
|
|
|
|
|
$webRequest = new WebRequest();
|
|
|
|
|
$session1 = SessionManager::singleton()->getEmptySession( $webRequest );
|
|
|
|
|
$session1->setUser( $userRegistered ? $this->getTestUser()->getUser() : new User() );
|
|
|
|
|
return $webRequest;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function testCSRFTokens_anon() {
|
|
|
|
|
$webRequest1 = $this->makeRequest( false );
|
|
|
|
|
$tokenRepo1 = new CsrfTokenSet( $webRequest1 );
|
|
|
|
|
$token = $tokenRepo1->getToken()->toString();
|
|
|
|
|
$webRequest2 = $this->makeRequest( false );
|
|
|
|
|
$tokenRepo2 = new CsrfTokenSet( $webRequest2 );
|
|
|
|
|
$this->assertTrue( $tokenRepo2->matchToken( $token ) );
|
|
|
|
|
$webRequest2->setVal( 'wpBlabla', $token );
|
|
|
|
|
$this->assertTrue( $tokenRepo2->matchTokenField( 'wpBlabla' ) );
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function testCSRFTokens_registered() {
|
|
|
|
|
$webRequest1 = $this->makeRequest( true );
|
|
|
|
|
$tokenRepo1 = new CsrfTokenSet( $webRequest1 );
|
|
|
|
|
$token = $tokenRepo1->getToken()->toString();
|
|
|
|
|
$this->assertTrue( $tokenRepo1->matchToken( $token ) );
|
|
|
|
|
$this->assertFalse( $tokenRepo1->matchTokenField( 'wpBlabla' ) );
|
|
|
|
|
$webRequest1->setVal( 'wpBlabla', $token );
|
|
|
|
|
$this->assertTrue( $tokenRepo1->matchTokenField( 'wpBlabla' ) );
|
|
|
|
|
$webRequest2 = $this->makeRequest( true );
|
|
|
|
|
$webRequest2->setVal( 'wpBlabla', $token );
|
|
|
|
|
$tokenRepo2 = new CsrfTokenSet( $webRequest2 );
|
|
|
|
|
$this->assertFalse( $tokenRepo2->matchTokenField( 'wpBlabla' ) );
|
|
|
|
|
$this->assertFalse( $tokenRepo2->matchToken( $token ) );
|
|
|
|
|
}
|
|
|
|
|
}
|
