|
@@ 59-67 (lines=9) @@
|
| 56 |
|
self::assertHttpResponseDeletesSessionCookie($session, $response); |
| 57 |
|
} |
| 58 |
|
|
| 59 |
|
public function testRefreshSessionMissingCsrfToken() |
| 60 |
|
{ |
| 61 |
|
$session = $this->login(); |
| 62 |
|
|
| 63 |
|
$refreshRequest = $this->createRefreshRequest($session); |
| 64 |
|
$this->removeCsrfHeader($refreshRequest); |
| 65 |
|
$response = $this->sendHttpRequest($refreshRequest); |
| 66 |
|
self::assertHttpResponseCodeEquals($response, 401); |
| 67 |
|
} |
| 68 |
|
|
| 69 |
|
public function testDeleteSession() |
| 70 |
|
{ |
|
@@ 69-77 (lines=9) @@
|
| 66 |
|
self::assertHttpResponseCodeEquals($response, 401); |
| 67 |
|
} |
| 68 |
|
|
| 69 |
|
public function testDeleteSession() |
| 70 |
|
{ |
| 71 |
|
$session = $this->login(); |
| 72 |
|
$response = $this->sendHttpRequest($this->createDeleteRequest($session)); |
| 73 |
|
self::assertHttpResponseCodeEquals($response, 204); |
| 74 |
|
self::assertHttpResponseDeletesSessionCookie($session, $response); |
| 75 |
|
|
| 76 |
|
return $session; |
| 77 |
|
} |
| 78 |
|
|
| 79 |
|
/** |
| 80 |
|
* CSRF needs to be tested as session handling bypasses the CsrfListener. |
|
@@ 82-89 (lines=8) @@
|
| 79 |
|
/** |
| 80 |
|
* CSRF needs to be tested as session handling bypasses the CsrfListener. |
| 81 |
|
*/ |
| 82 |
|
public function testDeleteSessionMissingCsrfToken() |
| 83 |
|
{ |
| 84 |
|
$session = $this->login(); |
| 85 |
|
$request = $this->createDeleteRequest($session); |
| 86 |
|
$this->removeCsrfHeader($request); |
| 87 |
|
$response = $this->sendHttpRequest($request); |
| 88 |
|
self::assertHttpResponseCodeEquals($response, 401); |
| 89 |
|
} |
| 90 |
|
|
| 91 |
|
public function testLoginWithExistingFrontendSession() |
| 92 |
|
{ |
ezsystems /
ezpublish-kernel
