CsrfTest::validTokenInBodyResultIn200() - Code Metrics - Inspection of "unit tests for csrf middleware" - yiisoft/yii-web - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Pull Request — master (#112)

unknown

created 2019-09-06 21:01 UTC

CsrfTest::validTokenInBodyResultIn200() A

↳ Parent: CsrfTest

Complexity

Conditions	1
Paths	1

Size

Total Lines	6
Code Lines	4

Duplication

Lines	0
Ratio	0 %

Importance

Changes

Metric	Value
cc	1
eloc	4
nc	1
nop	0
dl	0
loc	6
rs	10
c	0
b	0
f	0

<?php


namespace Yiisoft\Yii\Web\Tests\Middleware;

use Nyholm\Psr7\Factory\Psr17Factory;
use Nyholm\Psr7\Response;
use Nyholm\Psr7\ServerRequest;
use PHPUnit\Framework\MockObject\MockObject;
use PHPUnit\Framework\TestCase;
use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\ServerRequestInterface;
use Psr\Http\Server\RequestHandlerInterface;
use Yiisoft\Router\Method;
use Yiisoft\Security\Random;
use Yiisoft\Security\TokenMasker;
use Yiisoft\Yii\Web\Middleware\Csrf;
use Yiisoft\Yii\Web\Session\SessionInterface;

final class CsrfTest extends TestCase
{
    private const PARAM_NAME = 'csrf';

    /**
     * @test
     */
    public function validTokenInBodyResultIn200()
    {
        $token = $this->generateToken();
        $middleware = $this->createCsrfMiddlewareWithToken($token);
        $response = $middleware->process($this->createPostServerRequestWithBodyToken($token), $this->createRequestHandler());
        $this->assertEquals(200, $response->getStatusCode());
    }

    /**
     * @test
     */
    public function validTokenInHeaderResultIn200()
    {
        $token = $this->generateToken();
        $middleware = $this->createCsrfMiddlewareWithToken($token);
        $response = $middleware->process($this->createPostServerRequestWithHeaderToken($token), $this->createRequestHandler());
        $this->assertEquals(200, $response->getStatusCode());
    }

    /**
     * @test
     */
    public function getIsAlwaysAllowed()
    {
        $middleware = $this->createCsrfMiddlewareWithToken('');
        $response = $middleware->process($this->createServerRequest(Method::GET), $this->createRequestHandler());
        $this->assertEquals(200, $response->getStatusCode());
    }

    /**
     * @test
     */
    public function invalidTokenResultIn400()
    {
        $middleware = $this->createCsrfMiddlewareWithToken($this->generateToken());
        $response = $middleware->process($this->createPostServerRequestWithBodyToken($this->generateToken()), $this->createRequestHandler());
        $this->assertEquals(400, $response->getStatusCode());
    }

    /**
     * @test
     */
    public function emptyTokenInSessionResultIn400()
    {
        $middleware = $this->createCsrfMiddlewareWithToken('');
        $response = $middleware->process($this->createPostServerRequestWithBodyToken($this->generateToken()), $this->createRequestHandler());
        $this->assertEquals(400, $response->getStatusCode());
    }

    /**
     * @test
     */
    public function emptyTokenInRequestResultIn400()
    {
        $middleware = $this->createCsrfMiddlewareWithToken($this->generateToken());
        $response = $middleware->process($this->createServerRequest(), $this->createRequestHandler());
        $this->assertEquals(400, $response->getStatusCode());
    }


    private function createServerRequest(string $method = Method::POST, array $bodyParams = [], array $headParams = []): ServerRequestInterface
    {
        $request = new ServerRequest($method, '/', $headParams);
        return $request->withParsedBody($bodyParams);
    }

    private function createPostServerRequestWithBodyToken(string $token): ServerRequestInterface
    {
        return $this->createServerRequest(Method::POST, [
            self::PARAM_NAME => TokenMasker::mask($token),
        ]);
    }

    private function createPostServerRequestWithHeaderToken(string $token): ServerRequestInterface
    {
        return $this->createServerRequest(Method::POST, [], [
            Csrf::HEADER_NAME => TokenMasker::mask($token),
        ]);
    }

    private function createRequestHandler(): RequestHandlerInterface
    {
        return new class implements RequestHandlerInterface {
            public function handle(ServerRequestInterface $request): ResponseInterface
            {
                return new Response(200);
            }
        };
    }

    private function createSessionMock(string $returnToken)
    {
        /**
         * @var SessionInterface|MockObject $sessionMock
         */
        $sessionMock = $this->createMock(SessionInterface::class);

        $sessionMock
            ->expects($this->once())
            ->method('get')
            ->willReturn($returnToken);

        return $sessionMock;
    }


    private function createCsrfMiddlewareWithToken(string $token): Csrf
    {
        $middleware = new Csrf(new Psr17Factory(), $this->createSessionMock($token));
        $middleware->setName(self::PARAM_NAME);

        return $middleware;
    }

    private function generateToken(): string
    {
        return Random::string();
    }
}


1			<?php
2
3
4			namespace Yiisoft\Yii\Web\Tests\Middleware;
5
6			use Nyholm\Psr7\Factory\Psr17Factory;
7			use Nyholm\Psr7\Response;
8			use Nyholm\Psr7\ServerRequest;
9			use PHPUnit\Framework\MockObject\MockObject;
10			use PHPUnit\Framework\TestCase;
11			use Psr\Http\Message\ResponseInterface;
12			use Psr\Http\Message\ServerRequestInterface;
13			use Psr\Http\Server\RequestHandlerInterface;
14			use Yiisoft\Router\Method;
15			use Yiisoft\Security\Random;
16			use Yiisoft\Security\TokenMasker;
17			use Yiisoft\Yii\Web\Middleware\Csrf;
18			use Yiisoft\Yii\Web\Session\SessionInterface;
19
20			final class CsrfTest extends TestCase
21			{
22			private const PARAM_NAME = 'csrf';
23
24			/**
25			* @test
26			*/
27			public function validTokenInBodyResultIn200()
28			{
29			$token = $this->generateToken();
30			$middleware = $this->createCsrfMiddlewareWithToken($token);
31			$response = $middleware->process($this->createPostServerRequestWithBodyToken($token), $this->createRequestHandler());
32			$this->assertEquals(200, $response->getStatusCode());
33			}
34
35			/**
36			* @test
37			*/
38			public function validTokenInHeaderResultIn200()
39			{
40			$token = $this->generateToken();
41			$middleware = $this->createCsrfMiddlewareWithToken($token);
42			$response = $middleware->process($this->createPostServerRequestWithHeaderToken($token), $this->createRequestHandler());
43			$this->assertEquals(200, $response->getStatusCode());
44			}
45
46			/**
47			* @test
48			*/
49			public function getIsAlwaysAllowed()
50			{
51			$middleware = $this->createCsrfMiddlewareWithToken('');
52			$response = $middleware->process($this->createServerRequest(Method::GET), $this->createRequestHandler());
53			$this->assertEquals(200, $response->getStatusCode());
54			}
55
56			/**
57			* @test
58			*/
59			public function invalidTokenResultIn400()
60			{
61			$middleware = $this->createCsrfMiddlewareWithToken($this->generateToken());
62			$response = $middleware->process($this->createPostServerRequestWithBodyToken($this->generateToken()), $this->createRequestHandler());
63			$this->assertEquals(400, $response->getStatusCode());
64			}
65
66			/**
67			* @test
68			*/
69			public function emptyTokenInSessionResultIn400()
70			{
71			$middleware = $this->createCsrfMiddlewareWithToken('');
72			$response = $middleware->process($this->createPostServerRequestWithBodyToken($this->generateToken()), $this->createRequestHandler());
73			$this->assertEquals(400, $response->getStatusCode());
74			}
75
76			/**
77			* @test
78			*/
79			public function emptyTokenInRequestResultIn400()
80			{
81			$middleware = $this->createCsrfMiddlewareWithToken($this->generateToken());
82			$response = $middleware->process($this->createServerRequest(), $this->createRequestHandler());
83			$this->assertEquals(400, $response->getStatusCode());
84			}
85
86
87			private function createServerRequest(string $method = Method::POST, array $bodyParams = [], array $headParams = []): ServerRequestInterface
88			{
89			$request = new ServerRequest($method, '/', $headParams);
90			return $request->withParsedBody($bodyParams);
91			}
92
93			private function createPostServerRequestWithBodyToken(string $token): ServerRequestInterface
94			{
95			return $this->createServerRequest(Method::POST, [
96			self::PARAM_NAME => TokenMasker::mask($token),
97			]);
98			}
99
100			private function createPostServerRequestWithHeaderToken(string $token): ServerRequestInterface
101			{
102			return $this->createServerRequest(Method::POST, [], [
103			Csrf::HEADER_NAME => TokenMasker::mask($token),
104			]);
105			}
106
107			private function createRequestHandler(): RequestHandlerInterface
108			{
109			return new class implements RequestHandlerInterface {
110			public function handle(ServerRequestInterface $request): ResponseInterface
111			{
112			return new Response(200);
113			}
114			};
115			}
116
117			private function createSessionMock(string $returnToken)
118			{
119			/**
120			* @var SessionInterface\|MockObject $sessionMock
121			*/
122			$sessionMock = $this->createMock(SessionInterface::class);
123
124			$sessionMock
125			->expects($this->once())
126			->method('get')
127			->willReturn($returnToken);
128
129			return $sessionMock;
130			}
131
132
133			private function createCsrfMiddlewareWithToken(string $token): Csrf
134			{
135			$middleware = new Csrf(new Psr17Factory(), $this->createSessionMock($token));
136			$middleware->setName(self::PARAM_NAME);
137
138			return $middleware;
139			}
140
141			private function generateToken(): string
142			{
143			return Random::string();
144			}
145			}
146

yiisoft / yii-web

Pull Request — master (#112)

CsrfTest::validTokenInBodyResultIn200() A

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like