From a57f8d3851abcf2ca669d62188083321fc115108 Mon Sep 17 00:00:00 2001
From: mark_story <mark@mark-story.com>
Date: Sun, 24 Oct 2010 20:57:12 -0400
Subject: [PATCH] Adding another test for csrfUseOnce.

---
 .../controller/components/security.test.php   | 32 +++++++++++++++++++
 1 file changed, 32 insertions(+)

diff --git a/cake/tests/cases/libs/controller/components/security.test.php b/cake/tests/cases/libs/controller/components/security.test.php
index 71b7e51a1..b338217ef 100644
--- a/cake/tests/cases/libs/controller/components/security.test.php
+++ b/cake/tests/cases/libs/controller/components/security.test.php
@@ -1429,4 +1429,36 @@ DIGEST;
 		$this->assertEquals(1, count($token2), 'Should only be one token.');
 		$this->assertEquals($token, $token2, 'Tokens should not be different.');
 	}
+
+/**
+ * ensure that longer session tokens are not consumed
+ *
+ * @return void
+ */
+	function testCsrfNotUseOnceValidationLeavingToken() {
+		$this->Security->validatePost = false;
+		$this->Security->csrfCheck = true;
+		$this->Security->csrfUseOnce = false;
+		$this->Security->csrfExpires = '+10 minutes';
+
+		$this->Security->Session->write('_Token.csrfTokens', array('nonce1' => strtotime('+10 minutes')));
+
+		$this->Controller->request = $this->getMock('CakeRequest', array('is'));
+		$this->Controller->request->expects($this->once())->method('is')
+			->with('post')
+			->will($this->returnValue(true));
+
+		$this->Controller->request->params['action'] = 'index';
+		$this->Controller->request->data = array(
+			'_Token' => array(
+				'key' => 'nonce1'
+			),
+			'Post' => array(
+				'title' => 'Woot'
+			)
+		);
+		$this->Security->startup($this->Controller);
+		$token = $this->Security->Session->read('_Token');
+		$this->assertTrue(isset($token['csrfTokens']['nonce1']), 'Token was consumed');
+	}
 }