adulau/cakephp2-php8
1
0
Fork 0
mirror of https://github.com/kamilwylegala/cakephp2-php8.git synced 2025-01-31 17:16:18 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Adding test cases for disableFields being part of the POST data.

Browse source
This commit is contained in:
mark_story 2011-06-09 22:48:47 -04:00
parent 046ddceb9a
commit 338957936b
1 changed files with 77 additions and 40 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

117
lib/Cake/Test/Case/Controller/Component/SecurityComponentTest.php
View file

@ -51,7 +51,6 @@ class SecurityTestController extends Controller {
* name property * name property
* *
* @var string 'SecurityTest' * @var string 'SecurityTest'
* @access public
*/ */
public $name = 'SecurityTest'; public $name = 'SecurityTest';
@ -59,7 +58,6 @@ class SecurityTestController extends Controller {
* components property * components property
* *
* @var array * @var array
* @access public
*/ */
public $components = array('Session', 'TestSecurity'); public $components = array('Session', 'TestSecurity');
@ -67,7 +65,6 @@ class SecurityTestController extends Controller {
* failed property * failed property
* *
* @var bool false * @var bool false
* @access public
*/ */
public $failed = false; public $failed = false;
@ -75,14 +72,12 @@ class SecurityTestController extends Controller {
* Used for keeping track of headers in test * Used for keeping track of headers in test
* *
* @var array * @var array
* @access public
*/ */
public $testHeaders = array(); public $testHeaders = array();
/** /**
* fail method * fail method
* *
* @access public
* @return void * @return void
*/ */
public function fail() { public function fail() {
@ -95,7 +90,6 @@ class SecurityTestController extends Controller {
* @param mixed $option * @param mixed $option
* @param mixed $code * @param mixed $code
* @param mixed $exit * @param mixed $exit
* @access public
* @return void * @return void
*/ */
public function redirect($url, $status = null, $exit = true) { public function redirect($url, $status = null, $exit = true) {
@ -124,7 +118,6 @@ class SecurityComponentTest extends CakeTestCase {
* Controller property * Controller property
* *
* @var SecurityTestController * @var SecurityTestController
* @access public
*/ */
public $Controller; public $Controller;
@ -132,14 +125,12 @@ class SecurityComponentTest extends CakeTestCase {
* oldSalt property * oldSalt property
* *
* @var string * @var string
* @access public
*/ */
public $oldSalt; public $oldSalt;
/** /**
* setUp method * setUp method
* *
* @access public
* @return void * @return void
*/ */
public function setUp() { public function setUp() {
@ -193,7 +184,6 @@ class SecurityComponentTest extends CakeTestCase {
/** /**
* testStartup method * testStartup method
* *
* @access public
* @return void * @return void
*/ */
public function testStartup() { public function testStartup() {
@ -206,7 +196,6 @@ class SecurityComponentTest extends CakeTestCase {
/** /**
* testRequirePostFail method * testRequirePostFail method
* *
* @access public
* @return void * @return void
*/ */
public function testRequirePostFail() { public function testRequirePostFail() {
@ -220,7 +209,6 @@ class SecurityComponentTest extends CakeTestCase {
/** /**
* testRequirePostSucceed method * testRequirePostSucceed method
* *
* @access public
* @return void * @return void
*/ */
public function testRequirePostSucceed() { public function testRequirePostSucceed() {
@ -234,7 +222,6 @@ class SecurityComponentTest extends CakeTestCase {
/** /**
* testRequireSecureFail method * testRequireSecureFail method
* *
* @access public
* @return void * @return void
*/ */
public function testRequireSecureFail() { public function testRequireSecureFail() {
@ -249,7 +236,6 @@ class SecurityComponentTest extends CakeTestCase {
/** /**
* testRequireSecureSucceed method * testRequireSecureSucceed method
* *
* @access public
* @return void * @return void
*/ */
public function testRequireSecureSucceed() { public function testRequireSecureSucceed() {
@ -264,7 +250,6 @@ class SecurityComponentTest extends CakeTestCase {
/** /**
* testRequireAuthFail method * testRequireAuthFail method
* *
* @access public
* @return void * @return void
*/ */
public function testRequireAuthFail() { public function testRequireAuthFail() {
@ -295,7 +280,6 @@ class SecurityComponentTest extends CakeTestCase {
/** /**
* testRequireAuthSucceed method * testRequireAuthSucceed method
* *
* @access public
* @return void * @return void
*/ */
public function testRequireAuthSucceed() { public function testRequireAuthSucceed() {
@ -323,7 +307,6 @@ class SecurityComponentTest extends CakeTestCase {
/** /**
* testRequirePostSucceedWrongMethod method * testRequirePostSucceedWrongMethod method
* *
* @access public
* @return void * @return void
*/ */
public function testRequirePostSucceedWrongMethod() { public function testRequirePostSucceedWrongMethod() {
@ -337,7 +320,6 @@ class SecurityComponentTest extends CakeTestCase {
/** /**
* testRequireGetFail method * testRequireGetFail method
* *
* @access public
* @return void * @return void
*/ */
public function testRequireGetFail() { public function testRequireGetFail() {
@ -351,7 +333,6 @@ class SecurityComponentTest extends CakeTestCase {
/** /**
* testRequireGetSucceed method * testRequireGetSucceed method
* *
* @access public
* @return void * @return void
*/ */
public function testRequireGetSucceed() { public function testRequireGetSucceed() {
@ -365,7 +346,6 @@ class SecurityComponentTest extends CakeTestCase {
/** /**
* testRequireGetSucceedWrongMethod method * testRequireGetSucceedWrongMethod method
* *
* @access public
* @return void * @return void
*/ */
public function testRequireGetSucceedWrongMethod() { public function testRequireGetSucceedWrongMethod() {
@ -379,7 +359,6 @@ class SecurityComponentTest extends CakeTestCase {
/** /**
* testRequirePutFail method * testRequirePutFail method
* *
* @access public
* @return void * @return void
*/ */
public function testRequirePutFail() { public function testRequirePutFail() {
@ -393,7 +372,6 @@ class SecurityComponentTest extends CakeTestCase {
/** /**
* testRequirePutSucceed method * testRequirePutSucceed method
* *
* @access public
* @return void * @return void
*/ */
public function testRequirePutSucceed() { public function testRequirePutSucceed() {
@ -407,7 +385,6 @@ class SecurityComponentTest extends CakeTestCase {
/** /**
* testRequirePutSucceedWrongMethod method * testRequirePutSucceedWrongMethod method
* *
* @access public
* @return void * @return void
*/ */
public function testRequirePutSucceedWrongMethod() { public function testRequirePutSucceedWrongMethod() {
@ -421,7 +398,6 @@ class SecurityComponentTest extends CakeTestCase {
/** /**
* testRequireDeleteFail method * testRequireDeleteFail method
* *
* @access public
* @return void * @return void
*/ */
public function testRequireDeleteFail() { public function testRequireDeleteFail() {
@ -435,7 +411,6 @@ class SecurityComponentTest extends CakeTestCase {
/** /**
* testRequireDeleteSucceed method * testRequireDeleteSucceed method
* *
* @access public
* @return void * @return void
*/ */
public function testRequireDeleteSucceed() { public function testRequireDeleteSucceed() {
@ -449,7 +424,6 @@ class SecurityComponentTest extends CakeTestCase {
/** /**
* testRequireDeleteSucceedWrongMethod method * testRequireDeleteSucceedWrongMethod method
* *
* @access public
* @return void * @return void
*/ */
public function testRequireDeleteSucceedWrongMethod() { public function testRequireDeleteSucceedWrongMethod() {
@ -463,7 +437,6 @@ class SecurityComponentTest extends CakeTestCase {
/** /**
* Simple hash validation test * Simple hash validation test
* *
* @access public
* @return void * @return void
*/ */
public function testValidatePost() { public function testValidatePost() {
@ -526,7 +499,6 @@ class SecurityComponentTest extends CakeTestCase {
/** /**
* Tests validation of checkbox arrays * Tests validation of checkbox arrays
* *
* @access public
* @return void * @return void
*/ */
public function testValidatePostArray() { public function testValidatePostArray() {
@ -546,7 +518,6 @@ class SecurityComponentTest extends CakeTestCase {
/** /**
* testValidatePostNoModel method * testValidatePostNoModel method
* *
* @access public
* @return void * @return void
*/ */
public function testValidatePostNoModel() { public function testValidatePostNoModel() {
@ -568,7 +539,6 @@ class SecurityComponentTest extends CakeTestCase {
/** /**
* testValidatePostSimple method * testValidatePostSimple method
* *
* @access public
* @return void * @return void
*/ */
public function testValidatePostSimple() { public function testValidatePostSimple() {
@ -590,7 +560,6 @@ class SecurityComponentTest extends CakeTestCase {
/** /**
* Tests hash validation for multiple records, including locked fields * Tests hash validation for multiple records, including locked fields
* *
* @access public
* @return void * @return void
*/ */
public function testValidatePostComplex() { public function testValidatePostComplex() {
@ -666,7 +635,6 @@ class SecurityComponentTest extends CakeTestCase {
* First block tests un-checked checkbox * First block tests un-checked checkbox
* Second block tests checked checkbox * Second block tests checked checkbox
* *
* @access public
* @return void * @return void
*/ */
public function testValidatePostCheckbox() { public function testValidatePostCheckbox() {
@ -710,7 +678,6 @@ class SecurityComponentTest extends CakeTestCase {
/** /**
* testValidatePostHidden method * testValidatePostHidden method
* *
* @access public
* @return void * @return void
*/ */
public function testValidatePostHidden() { public function testValidatePostHidden() {
@ -733,7 +700,6 @@ class SecurityComponentTest extends CakeTestCase {
/** /**
* testValidatePostWithDisabledFields method * testValidatePostWithDisabledFields method
* *
* @access public
* @return void * @return void
*/ */
public function testValidatePostWithDisabledFields() { public function testValidatePostWithDisabledFields() {
@ -754,10 +720,86 @@ class SecurityComponentTest extends CakeTestCase {
$this->assertTrue($result); $this->assertTrue($result);
} }
/**
* test validating post data with posted disabled fields.
*
* @return void
*/
public function testValidatePostDisabledFieldsInData() {
$this->Controller->Security->startup($this->Controller);
$key = $this->Controller->request->params['_Token']['key'];
$disabled = 'Model.username';
$fields = array('Model.hidden', 'Model.password');
$fields = urlencode(Security::hash(serialize($fields) . $disabled . Configure::read('Security.salt')));
$this->Controller->request->data = array(
'Model' => array(
'username' => 'mark',
'password' => 'sekret',
'hidden' => '0'
),
'_Token' => compact('fields', 'key', 'disabled')
);
$result = $this->Controller->Security->validatePost($this->Controller);
$this->assertTrue($result);
}
/**
* test that missing 'disabled' input causes failure
*
* @return void
*/
public function testValidatePostFailNoDisabled() {
$this->Controller->Security->startup($this->Controller);
$key = $this->Controller->request->params['_Token']['key'];
$fields = array('Model.hidden', 'Model.password', 'Model.username');
$fields = urlencode(Security::hash(serialize($fields) . Configure::read('Security.salt')));
$this->Controller->request->data = array(
'Model' => array(
'username' => 'mark',
'password' => 'sekret',
'hidden' => '0'
),
'_Token' => compact('fields', 'key')
);
$result = $this->Controller->Security->validatePost($this->Controller);
$this->assertFalse($result);
}
/**
* Test that validatePost fails when disabled fields are changed.
*
* @return
*/
public function testValidatePostFailDisabledFieldTampering() {
$this->Controller->Security->startup($this->Controller);
$key = $this->Controller->request->params['_Token']['key'];
$disabled = 'Model.username';
$fields = array('Model.hidden', 'Model.password');
$fields = urlencode(Security::hash(serialize($fields) . $disabled . Configure::read('Security.salt')));
// Tamper the values.
$disabled = 'Model.username|Model.password';
$this->Controller->request->data = array(
'Model' => array(
'username' => 'mark',
'password' => 'sekret',
'hidden' => '0'
),
'_Token' => compact('fields', 'key', 'disabled')
);
$result = $this->Controller->Security->validatePost($this->Controller);
$this->assertFalse($result);
}
/** /**
* testValidateHiddenMultipleModel method * testValidateHiddenMultipleModel method
* *
* @access public
* @return void * @return void
*/ */
public function testValidateHiddenMultipleModel() { public function testValidateHiddenMultipleModel() {
@ -779,7 +821,6 @@ class SecurityComponentTest extends CakeTestCase {
/** /**
* testValidateHasManyModel method * testValidateHasManyModel method
* *
* @access public
* @return void * @return void
*/ */
public function testValidateHasManyModel() { public function testValidateHasManyModel() {
@ -810,7 +851,6 @@ class SecurityComponentTest extends CakeTestCase {
/** /**
* testValidateHasManyRecordsPass method * testValidateHasManyRecordsPass method
* *
* @access public
* @return void * @return void
*/ */
public function testValidateHasManyRecordsPass() { public function testValidateHasManyRecordsPass() {
@ -855,7 +895,6 @@ class SecurityComponentTest extends CakeTestCase {
* *
* validatePost should fail, hidden fields have been changed. * validatePost should fail, hidden fields have been changed.
* *
* @access public
* @return void * @return void
*/ */
public function testValidateHasManyRecordsFail() { public function testValidateHasManyRecordsFail() {
@ -898,7 +937,6 @@ class SecurityComponentTest extends CakeTestCase {
/** /**
* testFormDisabledFields method * testFormDisabledFields method
* *
* @access public
* @return void * @return void
*/ */
public function testFormDisabledFields() { public function testFormDisabledFields() {
@ -930,7 +968,6 @@ class SecurityComponentTest extends CakeTestCase {
/** /**
* testRadio method * testRadio method
* *
* @access public
* @return void * @return void
*/ */
public function testRadio() { public function testRadio() {