2007-07-09 20:07:38 +00:00
|
|
|
<?php
|
|
|
|
|
/* SVN FILE: $Id$ */
|
|
|
|
|
/**
|
2007-07-09 20:45:29 +00:00
|
|
|
* Short description for file.
|
2007-07-09 20:07:38 +00:00
|
|
|
*
|
|
|
|
|
* Long description for file
|
|
|
|
|
*
|
|
|
|
|
* PHP versions 4 and 5
|
|
|
|
|
*
|
|
|
|
|
* CakePHP(tm) Tests <https://trac.cakephp.org/wiki/Developement/TestSuite>
|
2008-01-01 22:18:17 +00:00
|
|
|
* Copyright 2005-2008, Cake Software Foundation, Inc.
|
2007-07-09 20:07:38 +00:00
|
|
|
* 1785 E. Sahara Avenue, Suite 490-204
|
|
|
|
|
* Las Vegas, Nevada 89104
|
|
|
|
|
*
|
|
|
|
|
* Licensed under The Open Group Test Suite License
|
|
|
|
|
* Redistributions of files must retain the above copyright notice.
|
|
|
|
|
*
|
|
|
|
|
* @filesource
|
2008-01-01 22:18:17 +00:00
|
|
|
* @copyright Copyright 2005-2008, Cake Software Foundation, Inc.
|
2007-07-09 20:07:38 +00:00
|
|
|
* @link https://trac.cakephp.org/wiki/Developement/TestSuite CakePHP(tm) Tests
|
|
|
|
|
* @package cake.tests
|
|
|
|
|
* @subpackage cake.tests.cases.libs.controller.components
|
|
|
|
|
* @since CakePHP(tm) v 1.2.0.5435
|
|
|
|
|
* @version $Revision$
|
|
|
|
|
* @modifiedby $LastChangedBy$
|
|
|
|
|
* @lastmodified $Date$
|
|
|
|
|
* @license http://www.opensource.org/licenses/opengroup.php The Open Group Test Suite License
|
|
|
|
|
*/
|
|
|
|
|
uses('controller' . DS . 'components' . DS .'security');
|
2007-10-16 09:05:25 +00:00
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Short description for class.
|
|
|
|
|
*
|
|
|
|
|
* @package cake.tests
|
|
|
|
|
* @subpackage cake.tests.cases.libs.controller.components
|
|
|
|
|
*/
|
|
|
|
|
class SecurityTestController extends Controller {
|
|
|
|
|
var $name = 'SecurityTest';
|
|
|
|
|
var $components = array('Security');
|
|
|
|
|
|
|
|
|
|
function redirect($option, $code, $exit) {
|
|
|
|
|
return $code;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2007-07-09 20:07:38 +00:00
|
|
|
/**
|
|
|
|
|
* Short description for class.
|
|
|
|
|
*
|
2007-10-16 09:05:25 +00:00
|
|
|
* @package cake.tests
|
|
|
|
|
* @subpackage cake.tests.cases.libs.controller.components
|
2007-07-09 20:07:38 +00:00
|
|
|
*/
|
|
|
|
|
class SecurityComponentTest extends CakeTestCase {
|
|
|
|
|
|
2007-10-16 09:05:25 +00:00
|
|
|
function setUp() {
|
|
|
|
|
$this->Controller =& new SecurityTestController();
|
|
|
|
|
restore_error_handler();
|
|
|
|
|
@$this->Controller->_initComponents();
|
|
|
|
|
set_error_handler('simpleTestErrorHandler');
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
function testStartup() {
|
|
|
|
|
$this->Controller->Security->startup($this->Controller);
|
|
|
|
|
$result = $this->Controller->params['_Token']['key'];
|
|
|
|
|
$this->assertNotNull($result);
|
|
|
|
|
$this->assertTrue($this->Controller->Session->check('_Token'));
|
|
|
|
|
}
|
2008-04-17 22:51:40 +00:00
|
|
|
|
2008-04-18 13:25:47 +00:00
|
|
|
function testRequirePost()
|
|
|
|
|
{
|
|
|
|
|
$this->Controller->action = 'posted';
|
|
|
|
|
$this->Controller->Security->startup($this->Controller);
|
|
|
|
|
$this->Controller->Security->requirePost('posted');
|
2008-04-18 18:16:20 +00:00
|
|
|
$this->assertNull($this->Controller->Security->__methodsRequired($this->Controller));
|
2008-04-18 13:25:47 +00:00
|
|
|
$_SERVER['REQUEST_METHOD'] = 'POST';
|
2008-04-18 18:16:20 +00:00
|
|
|
$this->assertTrue($this->Controller->Security->__methodsRequired($this->Controller));
|
2008-04-18 13:25:47 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
function testRequireGet()
|
|
|
|
|
{
|
|
|
|
|
$this->Controller->action = 'getted';
|
|
|
|
|
$this->Controller->Security->startup($this->Controller);
|
|
|
|
|
$this->Controller->Security->requireGet('getted');
|
2008-04-18 18:16:20 +00:00
|
|
|
$this->assertNull($this->Controller->Security->__methodsRequired($this->Controller));
|
2008-04-18 13:25:47 +00:00
|
|
|
$_SERVER['REQUEST_METHOD'] = 'GET';
|
2008-04-18 18:16:20 +00:00
|
|
|
$this->assertTrue($this->Controller->Security->__methodsRequired($this->Controller));
|
2008-04-18 13:25:47 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
function testRequirePut()
|
|
|
|
|
{
|
|
|
|
|
$this->Controller->action = 'putted';
|
|
|
|
|
$this->Controller->Security->startup($this->Controller);
|
|
|
|
|
$this->Controller->Security->requirePut('putted');
|
2008-04-18 18:16:20 +00:00
|
|
|
$this->assertNull($this->Controller->Security->__methodsRequired($this->Controller));
|
2008-04-18 13:25:47 +00:00
|
|
|
$_SERVER['REQUEST_METHOD'] = 'PUT';
|
2008-04-18 18:16:20 +00:00
|
|
|
$this->assertTrue($this->Controller->Security->__methodsRequired($this->Controller));
|
2008-04-18 13:25:47 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
function testRequireDelete()
|
|
|
|
|
{
|
|
|
|
|
$this->Controller->action = 'deleted';
|
|
|
|
|
$this->Controller->Security->startup($this->Controller);
|
|
|
|
|
$this->Controller->Security->requireDelete('deleted');
|
2008-04-18 18:16:20 +00:00
|
|
|
$this->assertNull($this->Controller->Security->__methodsRequired($this->Controller));
|
2008-04-18 13:25:47 +00:00
|
|
|
$_SERVER['REQUEST_METHOD'] = 'DELETE';
|
2008-04-18 18:16:20 +00:00
|
|
|
$this->assertTrue($this->Controller->Security->__methodsRequired($this->Controller));
|
2008-04-18 13:25:47 +00:00
|
|
|
}
|
|
|
|
|
|
2008-04-17 22:51:40 +00:00
|
|
|
function testValidatePostNoModel() {
|
|
|
|
|
$this->Controller->Security->startup($this->Controller);
|
|
|
|
|
$key = $this->Controller->params['_Token']['key'];
|
|
|
|
|
|
|
|
|
|
$data['anything'] = 'some_data';
|
|
|
|
|
$data['__Token']['key'] = $key;
|
|
|
|
|
|
|
|
|
|
$fields = array('anything',
|
|
|
|
|
'__Token' => array('key' => $key));
|
|
|
|
|
|
|
|
|
|
$fields = $this->__sortFields($fields);
|
|
|
|
|
|
|
|
|
|
$fields = urlencode(Security::hash(serialize($fields) . Configure::read('Security.salt')));
|
|
|
|
|
$data['__Token']['fields'] = $fields;
|
|
|
|
|
$this->Controller->data = $data;
|
|
|
|
|
$result = $this->Controller->Security->__validatePost($this->Controller);
|
|
|
|
|
$this->assertTrue($result);
|
|
|
|
|
$this->assertTrue($this->Controller->data == $data);
|
|
|
|
|
}
|
2007-10-16 09:05:25 +00:00
|
|
|
|
|
|
|
|
function testValidatePostSimple() {
|
|
|
|
|
$this->Controller->Security->startup($this->Controller);
|
|
|
|
|
$key = $this->Controller->params['_Token']['key'];
|
|
|
|
|
|
|
|
|
|
$data['Model']['username'] = '';
|
|
|
|
|
$data['Model']['password'] = '';
|
|
|
|
|
$data['__Token']['key'] = $key;
|
|
|
|
|
|
|
|
|
|
$fields = array('Model' => array('username','password'),
|
|
|
|
|
'__Token' => array('key' => $key));
|
|
|
|
|
|
|
|
|
|
$fields = $this->__sortFields($fields);
|
|
|
|
|
|
|
|
|
|
$fields = urlencode(Security::hash(serialize($fields) . Configure::read('Security.salt')));
|
|
|
|
|
$data['__Token']['fields'] = $fields;
|
|
|
|
|
$this->Controller->data = $data;
|
|
|
|
|
$result = $this->Controller->Security->__validatePost($this->Controller);
|
|
|
|
|
$this->assertTrue($result);
|
2008-04-03 02:29:17 +00:00
|
|
|
$this->assertTrue($this->Controller->data == $data);
|
2007-10-16 09:05:25 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
function testValidatePostCheckbox() {
|
|
|
|
|
|
|
|
|
|
$this->Controller->Security->startup($this->Controller);
|
|
|
|
|
$key = $this->Controller->params['_Token']['key'];
|
|
|
|
|
|
|
|
|
|
$data['Model']['username'] = '';
|
|
|
|
|
$data['Model']['password'] = '';
|
|
|
|
|
$data['_Model']['valid'] = '0';
|
|
|
|
|
$data['__Token']['key'] = $key;
|
|
|
|
|
|
|
|
|
|
$fields = array('Model' => array('username', 'password', 'valid'),
|
|
|
|
|
'_Model' => array('valid' => '0'),
|
|
|
|
|
'__Token' => array('key' => $key));
|
|
|
|
|
|
|
|
|
|
$fields = $this->__sortFields($fields);
|
|
|
|
|
|
|
|
|
|
$fields = urlencode(Security::hash(serialize($fields) . Configure::read('Security.salt')));
|
|
|
|
|
$data['__Token']['fields'] = $fields;
|
|
|
|
|
|
|
|
|
|
$this->Controller->data = $data;
|
|
|
|
|
$result = $this->Controller->Security->__validatePost($this->Controller);
|
|
|
|
|
$this->assertTrue($result);
|
2008-04-03 02:29:17 +00:00
|
|
|
|
|
|
|
|
unset($data['_Model']);
|
|
|
|
|
$data['Model']['valid'] = '0';
|
|
|
|
|
$this->assertTrue($this->Controller->data == $data);
|
2007-10-16 09:05:25 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
function testValidatePostHidden() {
|
|
|
|
|
$this->Controller->Security->startup($this->Controller);
|
|
|
|
|
$key = $this->Controller->params['_Token']['key'];
|
|
|
|
|
|
|
|
|
|
$data['Model']['username'] = '';
|
|
|
|
|
$data['Model']['password'] = '';
|
|
|
|
|
$data['_Model']['hidden'] = '0';
|
|
|
|
|
$data['__Token']['key'] = $key;
|
|
|
|
|
|
|
|
|
|
$fields = array('Model' => array('username', 'password', 'hidden'),
|
|
|
|
|
'_Model' => array('hidden' => '0'),
|
|
|
|
|
'__Token' => array('key' => $key));
|
|
|
|
|
|
|
|
|
|
$fields = $this->__sortFields($fields);
|
|
|
|
|
|
|
|
|
|
$fields = urlencode(Security::hash(serialize($fields) . Configure::read('Security.salt')));
|
|
|
|
|
$data['__Token']['fields'] = $fields;
|
|
|
|
|
|
|
|
|
|
$this->Controller->data = $data;
|
|
|
|
|
$result = $this->Controller->Security->__validatePost($this->Controller);
|
|
|
|
|
$this->assertTrue($result);
|
2008-04-03 02:29:17 +00:00
|
|
|
|
|
|
|
|
unset($data['_Model']);
|
|
|
|
|
$data['Model']['hidden'] = '0';
|
|
|
|
|
$this->assertTrue($this->Controller->data == $data);
|
2007-10-16 09:05:25 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
function testValidateHiddenMultipleModel() {
|
|
|
|
|
$this->Controller->Security->startup($this->Controller);
|
|
|
|
|
$key = $this->Controller->params['_Token']['key'];
|
|
|
|
|
|
|
|
|
|
$data['Model']['username'] = '';
|
|
|
|
|
$data['Model']['password'] = '';
|
|
|
|
|
$data['_Model']['valid'] = '0';
|
|
|
|
|
$data['_Model2']['valid'] = '0';
|
|
|
|
|
$data['_Model3']['valid'] = '0';
|
|
|
|
|
$data['__Token']['key'] = $key;
|
|
|
|
|
|
|
|
|
|
$fields = array('Model' => array('username', 'password', 'valid'),
|
|
|
|
|
'Model2'=> array('valid'),
|
|
|
|
|
'Model3'=> array('valid'),
|
|
|
|
|
'_Model2'=> array('valid' => '0'),
|
|
|
|
|
'_Model3'=> array('valid' => '0'),
|
|
|
|
|
'_Model' => array('valid' => '0'),
|
|
|
|
|
'__Token' => array('key' => $key));
|
|
|
|
|
|
|
|
|
|
$fields = $this->__sortFields($fields);
|
|
|
|
|
|
|
|
|
|
$fields = urlencode(Security::hash(serialize($fields) . Configure::read('Security.salt')));
|
|
|
|
|
$data['__Token']['fields'] = $fields;
|
|
|
|
|
|
|
|
|
|
$this->Controller->data = $data;
|
|
|
|
|
$result = $this->Controller->Security->__validatePost($this->Controller);
|
|
|
|
|
$this->assertTrue($result);
|
2008-04-03 02:29:17 +00:00
|
|
|
|
|
|
|
|
unset($data['_Model'], $data['_Model2'], $data['_Model3']);
|
|
|
|
|
$data['Model']['valid'] = '0';
|
|
|
|
|
$data['Model2']['valid'] = '0';
|
|
|
|
|
$data['Model3']['valid'] = '0';
|
|
|
|
|
$this->assertTrue($this->Controller->data == $data);
|
2007-10-16 09:05:25 +00:00
|
|
|
}
|
|
|
|
|
|
2008-04-02 06:08:55 +00:00
|
|
|
function testValidateHasManyModel() {
|
2008-04-03 02:29:17 +00:00
|
|
|
$this->Controller->Security->startup($this->Controller);
|
2008-04-02 06:08:55 +00:00
|
|
|
$key = $this->Controller->params['_Token']['key'];
|
|
|
|
|
|
2008-04-03 06:48:56 +00:00
|
|
|
$data['Model'][0]['username'] = 'username';
|
|
|
|
|
$data['Model'][0]['password'] = 'password';
|
|
|
|
|
$data['Model'][1]['username'] = 'username';
|
|
|
|
|
$data['Model'][1]['password'] = 'password';
|
2008-04-03 02:29:17 +00:00
|
|
|
$data['_Model'][0]['hidden'] = 'value';
|
|
|
|
|
$data['_Model'][1]['hidden'] = 'value';
|
2008-04-03 06:48:56 +00:00
|
|
|
$data['_Model'][0]['valid'] = '0';
|
|
|
|
|
$data['_Model'][1]['valid'] = '0';
|
2008-04-02 06:08:55 +00:00
|
|
|
$data['__Token']['key'] = $key;
|
|
|
|
|
|
|
|
|
|
$fields = array(
|
2008-04-03 02:29:17 +00:00
|
|
|
'Model' => array(
|
2008-04-03 06:48:56 +00:00
|
|
|
0 => array('username', 'password', 'valid'),
|
|
|
|
|
1 => array('username', 'password', 'valid')),
|
2008-04-03 02:29:17 +00:00
|
|
|
'_Model' => array(
|
2008-04-03 06:48:56 +00:00
|
|
|
0 => array('hidden' => 'value', 'valid' => '0'),
|
|
|
|
|
1 => array('hidden' => 'value', 'valid' => '0')),
|
2008-04-03 02:29:17 +00:00
|
|
|
'__Token' => array('key' => $key));
|
2008-04-02 06:08:55 +00:00
|
|
|
|
|
|
|
|
$fields = $this->__sortFields($fields);
|
2008-04-03 06:48:56 +00:00
|
|
|
|
2008-04-02 06:08:55 +00:00
|
|
|
$fields = urlencode(Security::hash(serialize($fields) . Configure::read('Security.salt')));
|
|
|
|
|
$data['__Token']['fields'] = $fields;
|
|
|
|
|
|
|
|
|
|
$this->Controller->data = $data;
|
|
|
|
|
$result = $this->Controller->Security->__validatePost($this->Controller);
|
|
|
|
|
$this->assertTrue($result);
|
2008-04-03 02:29:17 +00:00
|
|
|
|
|
|
|
|
unset($data['_Model']);
|
|
|
|
|
$data['Model'][0]['hidden'] = 'value';
|
|
|
|
|
$data['Model'][1]['hidden'] = 'value';
|
2008-04-03 06:48:56 +00:00
|
|
|
$data['Model'][0]['valid'] = '0';
|
|
|
|
|
$data['Model'][1]['valid'] = '0';
|
|
|
|
|
|
2008-04-03 02:29:17 +00:00
|
|
|
$this->assertTrue($this->Controller->data == $data);
|
2008-04-02 06:08:55 +00:00
|
|
|
}
|
|
|
|
|
|
2007-10-16 09:05:25 +00:00
|
|
|
function __sortFields($fields) {
|
|
|
|
|
foreach ($fields as $key => $value) {
|
2008-04-17 22:51:40 +00:00
|
|
|
if(strpos($key, '_') !== 0 && is_array($fields[$key])) {
|
2007-10-16 09:05:25 +00:00
|
|
|
sort($fields[$key]);
|
|
|
|
|
}
|
|
|
|
|
}
|
2008-04-17 22:51:40 +00:00
|
|
|
ksort($fields, SORT_STRING);
|
2007-10-16 09:05:25 +00:00
|
|
|
return $fields;
|
2007-07-09 20:07:38 +00:00
|
|
|
}
|
|
|
|
|
}
|
2008-04-17 22:51:40 +00:00
|
|
|
?>
|
