mirror of
https://github.com/kamilwylegala/cakephp2-php8.git
synced 2025-01-19 19:16:16 +00:00
4f67f84ff8
Conflicts: app/config/acl.ini.php app/config/bootstrap.php app/config/core.php app/config/database.php.default app/config/inflections.php app/config/routes.php app/config/schema/db_acl.php app/config/schema/i18n.php app/config/schema/sessions.php app/config/sql/db_acl.sql app/config/sql/i18n.sql app/index.php app/webroot/css.php app/webroot/css/cake.generic.css app/webroot/index.php app/webroot/js/vendors.php app/webroot/test.php cake/LICENSE.txt cake/basics.php cake/bootstrap.php cake/config/config.php cake/config/paths.php cake/config/unicode/casefolding/0080_00ff.php cake/config/unicode/casefolding/0100_017f.php cake/config/unicode/casefolding/0180_024F.php cake/config/unicode/casefolding/0250_02af.php cake/config/unicode/casefolding/0370_03ff.php cake/config/unicode/casefolding/0400_04ff.php cake/config/unicode/casefolding/0500_052f.php cake/config/unicode/casefolding/0530_058f.php cake/config/unicode/casefolding/1e00_1eff.php cake/config/unicode/casefolding/1f00_1fff.php cake/config/unicode/casefolding/2100_214f.php cake/config/unicode/casefolding/2150_218f.php cake/config/unicode/casefolding/2460_24ff.php cake/config/unicode/casefolding/2c00_2c5f.php cake/config/unicode/casefolding/2c60_2c7f.php cake/config/unicode/casefolding/2c80_2cff.php cake/config/unicode/casefolding/ff00_ffef.php cake/console/cake cake/console/cake.bat cake/console/cake.php cake/console/error.php cake/console/libs/acl.php cake/console/libs/api.php cake/console/libs/bake.php cake/console/libs/console.php cake/console/libs/i18n.php cake/console/libs/schema.php cake/console/libs/shell.php cake/console/libs/tasks/controller.php cake/console/libs/tasks/db_config.php cake/console/libs/tasks/extract.php cake/console/libs/tasks/model.php cake/console/libs/tasks/plugin.php cake/console/libs/tasks/project.php cake/console/libs/tasks/test.php cake/console/libs/tasks/view.php cake/console/libs/templates/skel/config/bootstrap.php cake/console/libs/templates/skel/config/inflections.php cake/console/libs/templates/skel/config/sql/sessions.sql cake/console/libs/templates/skel/index.php cake/console/libs/templates/skel/views/elements/email/html/default.ctp cake/console/libs/templates/skel/views/elements/email/text/default.ctp cake/console/libs/templates/skel/views/layouts/ajax.ctp cake/console/libs/templates/skel/views/layouts/default.ctp cake/console/libs/templates/skel/views/layouts/email/html/default.ctp cake/console/libs/templates/skel/views/layouts/email/text/default.ctp cake/console/libs/templates/skel/webroot/js/vendors.php cake/console/libs/templates/skel/webroot/test.php cake/console/libs/templates/views/form.ctp cake/console/libs/templates/views/index.ctp cake/console/libs/testsuite.php cake/console/templates/default/views/view.ctp cake/console/templates/skel/app_controller.php cake/console/templates/skel/app_helper.php cake/console/templates/skel/app_model.php cake/console/templates/skel/config/acl.ini.php cake/console/templates/skel/config/core.php cake/console/templates/skel/config/database.php.default cake/console/templates/skel/config/routes.php cake/console/templates/skel/config/schema/db_acl.php cake/console/templates/skel/config/schema/db_acl.sql cake/console/templates/skel/config/schema/i18n.php cake/console/templates/skel/config/schema/i18n.sql cake/console/templates/skel/config/schema/sessions.php cake/console/templates/skel/config/schema/sessions.sql cake/console/templates/skel/controllers/pages_controller.php cake/console/templates/skel/views/layouts/flash.ctp cake/console/templates/skel/webroot/css.php cake/console/templates/skel/webroot/css/cake.generic.css cake/console/templates/skel/webroot/index.php cake/dispatcher.php cake/libs/cache.php cake/libs/cache/apc.php cake/libs/cache/file.php cake/libs/cache/memcache.php cake/libs/cache/xcache.php cake/libs/cake_log.php cake/libs/cake_session.php cake/libs/cake_socket.php cake/libs/class_registry.php cake/libs/configure.php cake/libs/controller/app_controller.php cake/libs/controller/component.php cake/libs/controller/components/acl.php cake/libs/controller/components/auth.php cake/libs/controller/components/cookie.php cake/libs/controller/components/email.php cake/libs/controller/components/request_handler.php cake/libs/controller/components/security.php cake/libs/controller/components/session.php cake/libs/controller/controller.php cake/libs/controller/pages_controller.php cake/libs/controller/scaffold.php cake/libs/debugger.php cake/libs/error.php cake/libs/file.php cake/libs/flay.php cake/libs/folder.php cake/libs/http_socket.php cake/libs/i18n.php cake/libs/inflector.php cake/libs/l10n.php cake/libs/magic_db.php cake/libs/model/app_model.php cake/libs/model/behaviors/acl.php cake/libs/model/behaviors/containable.php cake/libs/model/behaviors/translate.php cake/libs/model/behaviors/tree.php cake/libs/model/cake_schema.php cake/libs/model/connection_manager.php cake/libs/model/datasources/datasource.php cake/libs/model/datasources/dbo/dbo_adodb.php cake/libs/model/datasources/dbo/dbo_db2.php cake/libs/model/datasources/dbo/dbo_firebird.php cake/libs/model/datasources/dbo/dbo_mssql.php cake/libs/model/datasources/dbo/dbo_mysql.php cake/libs/model/datasources/dbo/dbo_mysqli.php cake/libs/model/datasources/dbo/dbo_odbc.php cake/libs/model/datasources/dbo/dbo_oracle.php cake/libs/model/datasources/dbo/dbo_postgres.php cake/libs/model/datasources/dbo/dbo_sqlite.php cake/libs/model/datasources/dbo/dbo_sybase.php cake/libs/model/datasources/dbo_source.php cake/libs/model/db_acl.php cake/libs/model/model.php cake/libs/model/model_behavior.php cake/libs/multibyte.php cake/libs/object.php cake/libs/overloadable.php cake/libs/overloadable_php4.php cake/libs/overloadable_php5.php cake/libs/router.php cake/libs/sanitize.php cake/libs/security.php cake/libs/set.php cake/libs/string.php cake/libs/validation.php cake/libs/view/elements/dump.ctp cake/libs/view/elements/email/html/default.ctp cake/libs/view/elements/email/text/default.ctp cake/libs/view/errors/error404.ctp cake/libs/view/errors/missing_action.ctp cake/libs/view/errors/missing_component_class.ctp cake/libs/view/errors/missing_component_file.ctp cake/libs/view/errors/missing_connection.ctp cake/libs/view/errors/missing_controller.ctp cake/libs/view/errors/missing_helper_class.ctp cake/libs/view/errors/missing_helper_file.ctp cake/libs/view/errors/missing_layout.ctp cake/libs/view/errors/missing_model.ctp cake/libs/view/errors/missing_scaffolddb.ctp cake/libs/view/errors/missing_table.ctp cake/libs/view/errors/missing_view.ctp cake/libs/view/errors/private_action.ctp cake/libs/view/errors/scaffold_error.ctp cake/libs/view/helper.php cake/libs/view/helpers/ajax.php cake/libs/view/helpers/app_helper.php cake/libs/view/helpers/cache.php cake/libs/view/helpers/form.php cake/libs/view/helpers/html.php cake/libs/view/helpers/javascript.php cake/libs/view/helpers/js.php cake/libs/view/helpers/number.php cake/libs/view/helpers/paginator.php cake/libs/view/helpers/rss.php cake/libs/view/helpers/session.php cake/libs/view/helpers/text.php cake/libs/view/helpers/time.php cake/libs/view/helpers/xml.php cake/libs/view/layouts/ajax.ctp cake/libs/view/layouts/default.ctp cake/libs/view/layouts/email/html/default.ctp cake/libs/view/layouts/email/text/default.ctp cake/libs/view/layouts/flash.ctp cake/libs/view/media.php cake/libs/view/pages/home.ctp cake/libs/view/scaffolds/edit.ctp cake/libs/view/scaffolds/index.ctp cake/libs/view/scaffolds/view.ctp cake/libs/view/theme.php cake/libs/view/view.php cake/libs/xml.php cake/tests/cases/basics.test.php cake/tests/cases/console/cake.test.php cake/tests/cases/console/libs/acl.test.php cake/tests/cases/console/libs/api.test.php cake/tests/cases/console/libs/schema.test.php cake/tests/cases/console/libs/shell.test.php cake/tests/cases/console/libs/tasks/extract.test.php cake/tests/cases/console/libs/tasks/model.test.php cake/tests/cases/console/libs/tasks/test.test.php cake/tests/cases/dispatcher.test.php cake/tests/cases/libs/cache.test.php cake/tests/cases/libs/cache/apc.test.php cake/tests/cases/libs/cache/file.test.php cake/tests/cases/libs/cache/memcache.test.php cake/tests/cases/libs/cache/xcache.test.php cake/tests/cases/libs/cake_log.test.php cake/tests/cases/libs/cake_session.test.php cake/tests/cases/libs/cake_socket.test.php cake/tests/cases/libs/cake_test_case.test.php cake/tests/cases/libs/cake_test_fixture.test.php cake/tests/cases/libs/class_registry.test.php cake/tests/cases/libs/code_coverage_manager.test.php cake/tests/cases/libs/configure.test.php cake/tests/cases/libs/controller/component.test.php cake/tests/cases/libs/controller/components/acl.test.php cake/tests/cases/libs/controller/components/auth.test.php cake/tests/cases/libs/controller/components/cookie.test.php cake/tests/cases/libs/controller/components/email.test.php cake/tests/cases/libs/controller/components/request_handler.test.php cake/tests/cases/libs/controller/components/security.test.php cake/tests/cases/libs/controller/components/session.test.php cake/tests/cases/libs/controller/controller.test.php cake/tests/cases/libs/controller/controller_merge_vars.test.php cake/tests/cases/libs/controller/pages_controller.test.php cake/tests/cases/libs/controller/scaffold.test.php cake/tests/cases/libs/debugger.test.php cake/tests/cases/libs/error.test.php cake/tests/cases/libs/file.test.php cake/tests/cases/libs/flay.test.php cake/tests/cases/libs/folder.test.php cake/tests/cases/libs/http_socket.test.php cake/tests/cases/libs/i18n.test.php cake/tests/cases/libs/inflector.test.php cake/tests/cases/libs/l10n.test.php cake/tests/cases/libs/magic_db.test.php cake/tests/cases/libs/model/behaviors/acl.test.php cake/tests/cases/libs/model/behaviors/containable.test.php cake/tests/cases/libs/model/behaviors/translate.test.php cake/tests/cases/libs/model/behaviors/tree.test.php cake/tests/cases/libs/model/cake_schema.test.php cake/tests/cases/libs/model/connection_manager.test.php cake/tests/cases/libs/model/datasources/dbo/dbo_adodb.test.php cake/tests/cases/libs/model/datasources/dbo/dbo_mssql.test.php cake/tests/cases/libs/model/datasources/dbo/dbo_mysql.test.php cake/tests/cases/libs/model/datasources/dbo/dbo_mysqli.test.php cake/tests/cases/libs/model/datasources/dbo/dbo_oracle.test.php cake/tests/cases/libs/model/datasources/dbo/dbo_postgres.test.php cake/tests/cases/libs/model/datasources/dbo/dbo_sqlite.test.php cake/tests/cases/libs/model/datasources/dbo_source.test.php cake/tests/cases/libs/model/db_acl.test.php cake/tests/cases/libs/model/model.test.php cake/tests/cases/libs/model/model_behavior.test.php cake/tests/cases/libs/model/model_delete.test.php cake/tests/cases/libs/model/model_integration.test.php cake/tests/cases/libs/model/model_read.test.php cake/tests/cases/libs/model/model_validation.test.php cake/tests/cases/libs/model/model_write.test.php cake/tests/cases/libs/model/models.php cake/tests/cases/libs/multibyte.test.php cake/tests/cases/libs/object.test.php cake/tests/cases/libs/overloadable.test.php cake/tests/cases/libs/router.test.php cake/tests/cases/libs/sanitize.test.php cake/tests/cases/libs/security.test.php cake/tests/cases/libs/set.test.php cake/tests/cases/libs/string.test.php cake/tests/cases/libs/test_manager.test.php cake/tests/cases/libs/validation.test.php cake/tests/cases/libs/view/helper.test.php cake/tests/cases/libs/view/helpers/ajax.test.php cake/tests/cases/libs/view/helpers/cache.test.php cake/tests/cases/libs/view/helpers/form.test.php cake/tests/cases/libs/view/helpers/html.test.php cake/tests/cases/libs/view/helpers/javascript.test.php cake/tests/cases/libs/view/helpers/js.test.php cake/tests/cases/libs/view/helpers/number.test.php cake/tests/cases/libs/view/helpers/paginator.test.php cake/tests/cases/libs/view/helpers/rss.test.php cake/tests/cases/libs/view/helpers/session.test.php cake/tests/cases/libs/view/helpers/text.test.php cake/tests/cases/libs/view/helpers/time.test.php cake/tests/cases/libs/view/helpers/xml.test.php cake/tests/cases/libs/view/theme.test.php cake/tests/cases/libs/view/view.test.php cake/tests/cases/libs/xml.test.php cake/tests/fixtures/account_fixture.php cake/tests/fixtures/aco_action_fixture.php cake/tests/fixtures/aco_fixture.php cake/tests/fixtures/aco_two_fixture.php cake/tests/fixtures/advertisement_fixture.php cake/tests/fixtures/another_article_fixture.php cake/tests/fixtures/apple_fixture.php cake/tests/fixtures/aro_fixture.php cake/tests/fixtures/aro_two_fixture.php cake/tests/fixtures/aros_aco_fixture.php cake/tests/fixtures/aros_aco_two_fixture.php cake/tests/fixtures/article_featured_fixture.php cake/tests/fixtures/article_featureds_tags_fixture.php cake/tests/fixtures/article_fixture.php cake/tests/fixtures/articles_tag_fixture.php cake/tests/fixtures/attachment_fixture.php cake/tests/fixtures/auth_user_custom_field_fixture.php cake/tests/fixtures/auth_user_fixture.php cake/tests/fixtures/author_fixture.php cake/tests/fixtures/basket_fixture.php cake/tests/fixtures/bid_fixture.php cake/tests/fixtures/binary_test_fixture.php cake/tests/fixtures/book_fixture.php cake/tests/fixtures/cache_test_model_fixture.php cake/tests/fixtures/callback_fixture.php cake/tests/fixtures/category_fixture.php cake/tests/fixtures/category_thread_fixture.php cake/tests/fixtures/cd_fixture.php cake/tests/fixtures/comment_fixture.php cake/tests/fixtures/content_account_fixture.php cake/tests/fixtures/content_fixture.php cake/tests/fixtures/counter_cache_post_fixture.php cake/tests/fixtures/counter_cache_post_nonstandard_primary_key_fixture.php cake/tests/fixtures/counter_cache_user_fixture.php cake/tests/fixtures/counter_cache_user_nonstandard_primary_key_fixture.php cake/tests/fixtures/data_test_fixture.php cake/tests/fixtures/datatype_fixture.php cake/tests/fixtures/dependency_fixture.php cake/tests/fixtures/device_fixture.php cake/tests/fixtures/device_type_category_fixture.php cake/tests/fixtures/device_type_fixture.php cake/tests/fixtures/document_directory_fixture.php cake/tests/fixtures/document_fixture.php cake/tests/fixtures/exterior_type_category_fixture.php cake/tests/fixtures/feature_set_fixture.php cake/tests/fixtures/featured_fixture.php cake/tests/fixtures/film_file_fixture.php cake/tests/fixtures/flag_tree_fixture.php cake/tests/fixtures/fruit_fixture.php cake/tests/fixtures/fruits_uuid_tag_fixture.php cake/tests/fixtures/home_fixture.php cake/tests/fixtures/image_fixture.php cake/tests/fixtures/item_fixture.php cake/tests/fixtures/items_portfolio_fixture.php cake/tests/fixtures/join_a_b_fixture.php cake/tests/fixtures/join_a_c_fixture.php cake/tests/fixtures/join_a_fixture.php cake/tests/fixtures/join_b_fixture.php cake/tests/fixtures/join_c_fixture.php cake/tests/fixtures/join_thing_fixture.php cake/tests/fixtures/message_fixture.php cake/tests/fixtures/my_categories_my_products_fixture.php cake/tests/fixtures/my_categories_my_users_fixture.php cake/tests/fixtures/my_category_fixture.php cake/tests/fixtures/my_product_fixture.php cake/tests/fixtures/my_user_fixture.php cake/tests/fixtures/node_fixture.php cake/tests/fixtures/number_tree_fixture.php cake/tests/fixtures/number_tree_two_fixture.php cake/tests/fixtures/numeric_article_fixture.php cake/tests/fixtures/overall_favorite_fixture.php cake/tests/fixtures/person_fixture.php cake/tests/fixtures/portfolio_fixture.php cake/tests/fixtures/post_fixture.php cake/tests/fixtures/posts_tag_fixture.php cake/tests/fixtures/primary_model_fixture.php cake/tests/fixtures/product_fixture.php cake/tests/fixtures/project_fixture.php cake/tests/fixtures/sample_fixture.php cake/tests/fixtures/secondary_model_fixture.php cake/tests/fixtures/session_fixture.php cake/tests/fixtures/something_else_fixture.php cake/tests/fixtures/something_fixture.php cake/tests/fixtures/stories_tag_fixture.php cake/tests/fixtures/story_fixture.php cake/tests/fixtures/syfile_fixture.php cake/tests/fixtures/tag_fixture.php cake/tests/fixtures/test_plugin_article_fixture.php cake/tests/fixtures/test_plugin_comment_fixture.php cake/tests/fixtures/the_paper_monkies_fixture.php cake/tests/fixtures/thread_fixture.php cake/tests/fixtures/translate_article_fixture.php cake/tests/fixtures/translate_fixture.php cake/tests/fixtures/translate_table_fixture.php cake/tests/fixtures/translated_article_fixture.php cake/tests/fixtures/translated_item_fixture.php cake/tests/fixtures/unconventional_tree_fixture.php cake/tests/fixtures/underscore_field_fixture.php cake/tests/fixtures/user_fixture.php cake/tests/fixtures/uuid_fixture.php cake/tests/fixtures/uuid_tag_fixture.php cake/tests/fixtures/uuid_tree_fixture.php cake/tests/fixtures/uuiditem_fixture.php cake/tests/fixtures/uuiditems_uuidportfolio_fixture.php cake/tests/fixtures/uuiditems_uuidportfolio_numericid_fixture.php cake/tests/fixtures/uuidportfolio_fixture.php cake/tests/groups/acl.group.php cake/tests/groups/cache.group.php cake/tests/groups/components.group.php cake/tests/groups/configure.group.php cake/tests/groups/console.group.php cake/tests/groups/controller.group.php cake/tests/groups/database.group.php cake/tests/groups/helpers.group.php cake/tests/groups/lib.group.php cake/tests/groups/model.group.php cake/tests/groups/no_cross_contamination.group.php cake/tests/groups/routing_system.group.php cake/tests/groups/socket.group.php cake/tests/groups/test_suite.group.php cake/tests/groups/view.group.php cake/tests/groups/xml.group.php cake/tests/lib/cake_reporter.php cake/tests/lib/cake_test_case.php cake/tests/lib/cake_test_fixture.php cake/tests/lib/cake_test_model.php cake/tests/lib/cake_web_test_case.php cake/tests/lib/cli_reporter.php cake/tests/lib/code_coverage_manager.php cake/tests/lib/templates/footer.php cake/tests/lib/templates/header.php cake/tests/lib/templates/menu.php cake/tests/lib/templates/simpletest.php cake/tests/lib/test_manager.php cake/tests/lib/xdebug.php cake/tests/test_app/config/acl.ini.php cake/tests/test_app/controllers/tests_apps_controller.php cake/tests/test_app/controllers/tests_apps_posts_controller.php cake/tests/test_app/models/behaviors/persister_one_behavior.php cake/tests/test_app/models/behaviors/persister_two_behavior.php cake/tests/test_app/models/comment.php cake/tests/test_app/models/persister_one.php cake/tests/test_app/models/persister_two.php cake/tests/test_app/models/post.php cake/tests/test_app/plugins/test_plugin/controllers/components/other_component.php cake/tests/test_app/plugins/test_plugin/controllers/components/plugins_component.php cake/tests/test_app/plugins/test_plugin/controllers/components/test_plugin_component.php cake/tests/test_app/plugins/test_plugin/controllers/components/test_plugin_other_component.php cake/tests/test_app/plugins/test_plugin/controllers/tests_controller.php cake/tests/test_app/plugins/test_plugin/models/test_plugin_post.php cake/tests/test_app/plugins/test_plugin/test_plugin_app_controller.php cake/tests/test_app/plugins/test_plugin/test_plugin_app_model.php cake/tests/test_app/plugins/test_plugin/vendors/sample/sample_plugin.php cake/tests/test_app/plugins/test_plugin/vendors/shells/example.php cake/tests/test_app/plugins/test_plugin/vendors/welcome.php cake/tests/test_app/plugins/test_plugin/views/helpers/other_helper.php cake/tests/test_app/plugins/test_plugin/views/helpers/plugged_helper.php cake/tests/test_app/plugins/test_plugin_two/vendors/shells/example.php cake/tests/test_app/plugins/test_plugin_two/vendors/shells/welcome.php cake/tests/test_app/vendors/Test/MyTest.php cake/tests/test_app/vendors/Test/hello.php cake/tests/test_app/vendors/sample/configure_test_vendor_sample.php cake/tests/test_app/vendors/shells/sample.php cake/tests/test_app/vendors/somename/some.name.php cake/tests/test_app/vendors/welcome.php cake/tests/test_app/views/elements/email/html/default.ctp cake/tests/test_app/views/elements/email/text/default.ctp cake/tests/test_app/views/elements/email/text/wide.ctp cake/tests/test_app/views/layouts/ajax.ctp cake/tests/test_app/views/layouts/ajax2.ctp cake/tests/test_app/views/layouts/cache_layout.ctp cake/tests/test_app/views/layouts/default.ctp cake/tests/test_app/views/layouts/email/html/default.ctp cake/tests/test_app/views/layouts/email/html/thin.ctp cake/tests/test_app/views/layouts/email/text/default.ctp cake/tests/test_app/views/layouts/flash.ctp cake/tests/test_app/views/layouts/multi_cache.ctp cake/tests/test_app/views/posts/sequencial_nocache.ctp cake/tests/test_app/views/posts/test_nocache_tags.ctp index.php
1238 lines
No EOL
35 KiB
PHP
1238 lines
No EOL
35 KiB
PHP
<?php
|
|
/**
|
|
* SecurityComponentTest file
|
|
*
|
|
* PHP versions 4 and 5
|
|
*
|
|
* CakePHP(tm) Tests <https://trac.cakephp.org/wiki/Developement/TestSuite>
|
|
* Copyright 2005-2010, Cake Software Foundation, Inc. (http://cakefoundation.org)
|
|
*
|
|
* Licensed under The Open Group Test Suite License
|
|
* Redistributions of files must retain the above copyright notice.
|
|
*
|
|
* @copyright Copyright 2005-2010, Cake Software Foundation, Inc. (http://cakefoundation.org)
|
|
* @link https://trac.cakephp.org/wiki/Developement/TestSuite CakePHP(tm) Tests
|
|
* @package cake
|
|
* @subpackage cake.tests.cases.libs.controller.components
|
|
* @since CakePHP(tm) v 1.2.0.5435
|
|
* @license http://www.opensource.org/licenses/opengroup.php The Open Group Test Suite License
|
|
*/
|
|
App::import('Component', 'Security');
|
|
|
|
/**
|
|
* TestSecurityComponent
|
|
*
|
|
* @package cake
|
|
* @subpackage cake.tests.cases.libs.controller.components
|
|
*/
|
|
class TestSecurityComponent extends SecurityComponent {
|
|
|
|
/**
|
|
* validatePost method
|
|
*
|
|
* @param Controller $controller
|
|
* @return unknown
|
|
*/
|
|
function validatePost(&$controller) {
|
|
return $this->_validatePost($controller);
|
|
}
|
|
}
|
|
|
|
/**
|
|
* SecurityTestController
|
|
*
|
|
* @package cake
|
|
* @subpackage cake.tests.cases.libs.controller.components
|
|
*/
|
|
class SecurityTestController extends Controller {
|
|
|
|
/**
|
|
* name property
|
|
*
|
|
* @var string 'SecurityTest'
|
|
* @access public
|
|
*/
|
|
var $name = 'SecurityTest';
|
|
|
|
/**
|
|
* components property
|
|
*
|
|
* @var array
|
|
* @access public
|
|
*/
|
|
var $components = array('Session', 'TestSecurity');
|
|
|
|
/**
|
|
* failed property
|
|
*
|
|
* @var bool false
|
|
* @access public
|
|
*/
|
|
var $failed = false;
|
|
|
|
/**
|
|
* Used for keeping track of headers in test
|
|
*
|
|
* @var array
|
|
* @access public
|
|
*/
|
|
var $testHeaders = array();
|
|
|
|
/**
|
|
* fail method
|
|
*
|
|
* @access public
|
|
* @return void
|
|
*/
|
|
function fail() {
|
|
$this->failed = true;
|
|
}
|
|
|
|
/**
|
|
* redirect method
|
|
*
|
|
* @param mixed $option
|
|
* @param mixed $code
|
|
* @param mixed $exit
|
|
* @access public
|
|
* @return void
|
|
*/
|
|
function redirect($option, $code, $exit) {
|
|
return $code;
|
|
}
|
|
|
|
/**
|
|
* Conveinence method for header()
|
|
*
|
|
* @param string $status
|
|
* @return void
|
|
* @access public
|
|
*/
|
|
function header($status) {
|
|
$this->testHeaders[] = $status;
|
|
}
|
|
}
|
|
|
|
/**
|
|
* SecurityComponentTest class
|
|
*
|
|
* @package cake
|
|
* @subpackage cake.tests.cases.libs.controller.components
|
|
*/
|
|
class SecurityComponentTest extends CakeTestCase {
|
|
|
|
/**
|
|
* Controller property
|
|
*
|
|
* @var SecurityTestController
|
|
* @access public
|
|
*/
|
|
var $Controller;
|
|
|
|
/**
|
|
* oldSalt property
|
|
*
|
|
* @var string
|
|
* @access public
|
|
*/
|
|
var $oldSalt;
|
|
|
|
/**
|
|
* setUp method
|
|
*
|
|
* @access public
|
|
* @return void
|
|
*/
|
|
function startTest() {
|
|
$this->Controller =& new SecurityTestController();
|
|
$this->Controller->Component->init($this->Controller);
|
|
$this->Controller->Security =& $this->Controller->TestSecurity;
|
|
$this->Controller->Security->blackHoleCallback = 'fail';
|
|
$this->oldSalt = Configure::read('Security.salt');
|
|
Configure::write('Security.salt', 'foo!');
|
|
}
|
|
|
|
/**
|
|
* Tear-down method. Resets environment state.
|
|
*
|
|
* @access public
|
|
* @return void
|
|
*/
|
|
function endTest() {
|
|
Configure::write('Security.salt', $this->oldSalt);
|
|
$this->Controller->Session->delete('_Token');
|
|
unset($this->Controller->Security);
|
|
unset($this->Controller->Component);
|
|
unset($this->Controller);
|
|
}
|
|
|
|
/**
|
|
* test that initalize can set properties.
|
|
*
|
|
* @return void
|
|
*/
|
|
function testInitialize() {
|
|
$settings = array(
|
|
'requirePost' => array('edit', 'update'),
|
|
'requireSecure' => array('update_account'),
|
|
'requireGet' => array('index'),
|
|
'validatePost' => false,
|
|
'loginUsers' => array(
|
|
'mark' => 'password'
|
|
),
|
|
'requireLogin' => array('login'),
|
|
);
|
|
$this->Controller->Security->initialize($this->Controller, $settings);
|
|
$this->assertEqual($this->Controller->Security->requirePost, $settings['requirePost']);
|
|
$this->assertEqual($this->Controller->Security->requireSecure, $settings['requireSecure']);
|
|
$this->assertEqual($this->Controller->Security->requireGet, $settings['requireGet']);
|
|
$this->assertEqual($this->Controller->Security->validatePost, $settings['validatePost']);
|
|
$this->assertEqual($this->Controller->Security->loginUsers, $settings['loginUsers']);
|
|
$this->assertEqual($this->Controller->Security->requireLogin, $settings['requireLogin']);
|
|
}
|
|
|
|
/**
|
|
* testStartup method
|
|
*
|
|
* @access public
|
|
* @return void
|
|
*/
|
|
function testStartup() {
|
|
$this->Controller->Security->startup($this->Controller);
|
|
$result = $this->Controller->params['_Token']['key'];
|
|
$this->assertNotNull($result);
|
|
$this->assertTrue($this->Controller->Session->check('_Token'));
|
|
}
|
|
|
|
/**
|
|
* testRequirePostFail method
|
|
*
|
|
* @access public
|
|
* @return void
|
|
*/
|
|
function testRequirePostFail() {
|
|
$_SERVER['REQUEST_METHOD'] = 'GET';
|
|
$this->Controller->action = 'posted';
|
|
$this->Controller->Security->requirePost(array('posted'));
|
|
$this->Controller->Security->startup($this->Controller);
|
|
$this->assertTrue($this->Controller->failed);
|
|
}
|
|
|
|
/**
|
|
* testRequirePostSucceed method
|
|
*
|
|
* @access public
|
|
* @return void
|
|
*/
|
|
function testRequirePostSucceed() {
|
|
$_SERVER['REQUEST_METHOD'] = 'POST';
|
|
$this->Controller->action = 'posted';
|
|
$this->Controller->Security->requirePost('posted');
|
|
$this->Controller->Security->startup($this->Controller);
|
|
$this->assertFalse($this->Controller->failed);
|
|
}
|
|
|
|
/**
|
|
* testRequireSecureFail method
|
|
*
|
|
* @access public
|
|
* @return void
|
|
*/
|
|
function testRequireSecureFail() {
|
|
$_SERVER['HTTPS'] = 'off';
|
|
$_SERVER['REQUEST_METHOD'] = 'POST';
|
|
$this->Controller->action = 'posted';
|
|
$this->Controller->Security->requireSecure(array('posted'));
|
|
$this->Controller->Security->startup($this->Controller);
|
|
$this->assertTrue($this->Controller->failed);
|
|
}
|
|
|
|
/**
|
|
* testRequireSecureSucceed method
|
|
*
|
|
* @access public
|
|
* @return void
|
|
*/
|
|
function testRequireSecureSucceed() {
|
|
$_SERVER['REQUEST_METHOD'] = 'Secure';
|
|
$this->Controller->action = 'posted';
|
|
$_SERVER['HTTPS'] = 'on';
|
|
$this->Controller->Security->requireSecure('posted');
|
|
$this->Controller->Security->startup($this->Controller);
|
|
$this->assertFalse($this->Controller->failed);
|
|
}
|
|
|
|
/**
|
|
* testRequireAuthFail method
|
|
*
|
|
* @access public
|
|
* @return void
|
|
*/
|
|
function testRequireAuthFail() {
|
|
$_SERVER['REQUEST_METHOD'] = 'AUTH';
|
|
$this->Controller->action = 'posted';
|
|
$this->Controller->data = array('username' => 'willy', 'password' => 'somePass');
|
|
$this->Controller->Security->requireAuth(array('posted'));
|
|
$this->Controller->Security->startup($this->Controller);
|
|
$this->assertTrue($this->Controller->failed);
|
|
|
|
$this->Controller->Session->write('_Token', serialize(array('allowedControllers' => array())));
|
|
$this->Controller->data = array('username' => 'willy', 'password' => 'somePass');
|
|
$this->Controller->action = 'posted';
|
|
$this->Controller->Security->requireAuth('posted');
|
|
$this->Controller->Security->startup($this->Controller);
|
|
$this->assertTrue($this->Controller->failed);
|
|
|
|
$this->Controller->Session->write('_Token', serialize(array(
|
|
'allowedControllers' => array('SecurityTest'), 'allowedActions' => array('posted2')
|
|
)));
|
|
$this->Controller->data = array('username' => 'willy', 'password' => 'somePass');
|
|
$this->Controller->action = 'posted';
|
|
$this->Controller->Security->requireAuth('posted');
|
|
$this->Controller->Security->startup($this->Controller);
|
|
$this->assertTrue($this->Controller->failed);
|
|
}
|
|
|
|
/**
|
|
* testRequireAuthSucceed method
|
|
*
|
|
* @access public
|
|
* @return void
|
|
*/
|
|
function testRequireAuthSucceed() {
|
|
$_SERVER['REQUEST_METHOD'] = 'AUTH';
|
|
$this->Controller->action = 'posted';
|
|
$this->Controller->Security->requireAuth('posted');
|
|
$this->Controller->Security->startup($this->Controller);
|
|
$this->assertFalse($this->Controller->failed);
|
|
|
|
$this->Controller->Security->Session->write('_Token', serialize(array(
|
|
'allowedControllers' => array('SecurityTest'), 'allowedActions' => array('posted')
|
|
)));
|
|
$this->Controller->params['controller'] = 'SecurityTest';
|
|
$this->Controller->params['action'] = 'posted';
|
|
|
|
$this->Controller->data = array(
|
|
'username' => 'willy', 'password' => 'somePass', '_Token' => ''
|
|
);
|
|
$this->Controller->action = 'posted';
|
|
$this->Controller->Security->requireAuth('posted');
|
|
$this->Controller->Security->startup($this->Controller);
|
|
$this->assertFalse($this->Controller->failed);
|
|
}
|
|
|
|
/**
|
|
* testRequirePostSucceedWrongMethod method
|
|
*
|
|
* @access public
|
|
* @return void
|
|
*/
|
|
function testRequirePostSucceedWrongMethod() {
|
|
$_SERVER['REQUEST_METHOD'] = 'GET';
|
|
$this->Controller->action = 'getted';
|
|
$this->Controller->Security->requirePost('posted');
|
|
$this->Controller->Security->startup($this->Controller);
|
|
$this->assertFalse($this->Controller->failed);
|
|
}
|
|
|
|
/**
|
|
* testRequireGetFail method
|
|
*
|
|
* @access public
|
|
* @return void
|
|
*/
|
|
function testRequireGetFail() {
|
|
$_SERVER['REQUEST_METHOD'] = 'POST';
|
|
$this->Controller->action = 'getted';
|
|
$this->Controller->Security->requireGet(array('getted'));
|
|
$this->Controller->Security->startup($this->Controller);
|
|
$this->assertTrue($this->Controller->failed);
|
|
}
|
|
|
|
/**
|
|
* testRequireGetSucceed method
|
|
*
|
|
* @access public
|
|
* @return void
|
|
*/
|
|
function testRequireGetSucceed() {
|
|
$_SERVER['REQUEST_METHOD'] = 'GET';
|
|
$this->Controller->action = 'getted';
|
|
$this->Controller->Security->requireGet('getted');
|
|
$this->Controller->Security->startup($this->Controller);
|
|
$this->assertFalse($this->Controller->failed);
|
|
}
|
|
|
|
/**
|
|
* testRequireLogin method
|
|
*
|
|
* @access public
|
|
* @return void
|
|
*/
|
|
function testRequireLogin() {
|
|
$this->Controller->action = 'posted';
|
|
$this->Controller->Security->requireLogin(
|
|
'posted',
|
|
array('type' => 'basic', 'users' => array('admin' => 'password'))
|
|
);
|
|
$_SERVER['PHP_AUTH_USER'] = 'admin';
|
|
$_SERVER['PHP_AUTH_PW'] = 'password';
|
|
$this->Controller->Security->startup($this->Controller);
|
|
$this->assertFalse($this->Controller->failed);
|
|
|
|
|
|
$this->Controller->action = 'posted';
|
|
$this->Controller->Security->requireLogin(
|
|
array('posted'),
|
|
array('type' => 'basic', 'users' => array('admin' => 'password'))
|
|
);
|
|
$_SERVER['PHP_AUTH_USER'] = 'admin2';
|
|
$_SERVER['PHP_AUTH_PW'] = 'password';
|
|
$this->Controller->Security->startup($this->Controller);
|
|
$this->assertTrue($this->Controller->failed);
|
|
|
|
$this->Controller->action = 'posted';
|
|
$this->Controller->Security->requireLogin(
|
|
'posted',
|
|
array('type' => 'basic', 'users' => array('admin' => 'password'))
|
|
);
|
|
$_SERVER['PHP_AUTH_USER'] = 'admin';
|
|
$_SERVER['PHP_AUTH_PW'] = 'password2';
|
|
$this->Controller->Security->startup($this->Controller);
|
|
$this->assertTrue($this->Controller->failed);
|
|
}
|
|
|
|
/**
|
|
* testDigestAuth method
|
|
*
|
|
* @access public
|
|
* @return void
|
|
*/
|
|
function testDigestAuth() {
|
|
$skip = $this->skipIf((version_compare(PHP_VERSION, '5.1') == -1) XOR (!function_exists('apache_request_headers')),
|
|
"%s Cannot run Digest Auth test for PHP versions < 5.1"
|
|
);
|
|
|
|
if ($skip) {
|
|
return;
|
|
}
|
|
|
|
$this->Controller->action = 'posted';
|
|
$_SERVER['PHP_AUTH_DIGEST'] = $digest = <<<DIGEST
|
|
Digest username="Mufasa",
|
|
realm="testrealm@host.com",
|
|
nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093",
|
|
uri="/dir/index.html",
|
|
qop=auth,
|
|
nc=00000001,
|
|
cnonce="0a4f113b",
|
|
response="460d0d3c6867c2f1ab85b1ada1aece48",
|
|
opaque="5ccc069c403ebaf9f0171e9517f40e41"
|
|
DIGEST;
|
|
$this->Controller->Security->requireLogin('posted', array(
|
|
'type' => 'digest', 'users' => array('Mufasa' => 'password'),
|
|
'realm' => 'testrealm@host.com'
|
|
));
|
|
$this->Controller->Security->startup($this->Controller);
|
|
$this->assertFalse($this->Controller->failed);
|
|
}
|
|
|
|
/**
|
|
* testRequireGetSucceedWrongMethod method
|
|
*
|
|
* @access public
|
|
* @return void
|
|
*/
|
|
function testRequireGetSucceedWrongMethod() {
|
|
$_SERVER['REQUEST_METHOD'] = 'POST';
|
|
$this->Controller->action = 'posted';
|
|
$this->Controller->Security->requireGet('getted');
|
|
$this->Controller->Security->startup($this->Controller);
|
|
$this->assertFalse($this->Controller->failed);
|
|
}
|
|
|
|
/**
|
|
* testRequirePutFail method
|
|
*
|
|
* @access public
|
|
* @return void
|
|
*/
|
|
function testRequirePutFail() {
|
|
$_SERVER['REQUEST_METHOD'] = 'POST';
|
|
$this->Controller->action = 'putted';
|
|
$this->Controller->Security->requirePut(array('putted'));
|
|
$this->Controller->Security->startup($this->Controller);
|
|
$this->assertTrue($this->Controller->failed);
|
|
}
|
|
|
|
/**
|
|
* testRequirePutSucceed method
|
|
*
|
|
* @access public
|
|
* @return void
|
|
*/
|
|
function testRequirePutSucceed() {
|
|
$_SERVER['REQUEST_METHOD'] = 'PUT';
|
|
$this->Controller->action = 'putted';
|
|
$this->Controller->Security->requirePut('putted');
|
|
$this->Controller->Security->startup($this->Controller);
|
|
$this->assertFalse($this->Controller->failed);
|
|
}
|
|
|
|
/**
|
|
* testRequirePutSucceedWrongMethod method
|
|
*
|
|
* @access public
|
|
* @return void
|
|
*/
|
|
function testRequirePutSucceedWrongMethod() {
|
|
$_SERVER['REQUEST_METHOD'] = 'POST';
|
|
$this->Controller->action = 'posted';
|
|
$this->Controller->Security->requirePut('putted');
|
|
$this->Controller->Security->startup($this->Controller);
|
|
$this->assertFalse($this->Controller->failed);
|
|
}
|
|
|
|
/**
|
|
* testRequireDeleteFail method
|
|
*
|
|
* @access public
|
|
* @return void
|
|
*/
|
|
function testRequireDeleteFail() {
|
|
$_SERVER['REQUEST_METHOD'] = 'POST';
|
|
$this->Controller->action = 'deleted';
|
|
$this->Controller->Security->requireDelete(array('deleted', 'other_method'));
|
|
$this->Controller->Security->startup($this->Controller);
|
|
$this->assertTrue($this->Controller->failed);
|
|
}
|
|
|
|
/**
|
|
* testRequireDeleteSucceed method
|
|
*
|
|
* @access public
|
|
* @return void
|
|
*/
|
|
function testRequireDeleteSucceed() {
|
|
$_SERVER['REQUEST_METHOD'] = 'DELETE';
|
|
$this->Controller->action = 'deleted';
|
|
$this->Controller->Security->requireDelete('deleted');
|
|
$this->Controller->Security->startup($this->Controller);
|
|
$this->assertFalse($this->Controller->failed);
|
|
}
|
|
|
|
/**
|
|
* testRequireDeleteSucceedWrongMethod method
|
|
*
|
|
* @access public
|
|
* @return void
|
|
*/
|
|
function testRequireDeleteSucceedWrongMethod() {
|
|
$_SERVER['REQUEST_METHOD'] = 'POST';
|
|
$this->Controller->action = 'posted';
|
|
$this->Controller->Security->requireDelete('deleted');
|
|
$this->Controller->Security->startup($this->Controller);
|
|
$this->assertFalse($this->Controller->failed);
|
|
}
|
|
|
|
/**
|
|
* testRequireLoginSettings method
|
|
*
|
|
* @access public
|
|
* @return void
|
|
*/
|
|
function testRequireLoginSettings() {
|
|
$this->Controller->Security->requireLogin(
|
|
'add', 'edit',
|
|
array('type' => 'basic', 'users' => array('admin' => 'password'))
|
|
);
|
|
$this->assertEqual($this->Controller->Security->requireLogin, array('add', 'edit'));
|
|
$this->assertEqual($this->Controller->Security->loginUsers, array('admin' => 'password'));
|
|
}
|
|
|
|
/**
|
|
* testRequireLoginAllActions method
|
|
*
|
|
* @access public
|
|
* @return void
|
|
*/
|
|
function testRequireLoginAllActions() {
|
|
$this->Controller->Security->requireLogin(
|
|
array('type' => 'basic', 'users' => array('admin' => 'password'))
|
|
);
|
|
$this->assertEqual($this->Controller->Security->requireLogin, array('*'));
|
|
$this->assertEqual($this->Controller->Security->loginUsers, array('admin' => 'password'));
|
|
}
|
|
|
|
/**
|
|
* Simple hash validation test
|
|
*
|
|
* @access public
|
|
* @return void
|
|
*/
|
|
function testValidatePost() {
|
|
$this->Controller->Security->startup($this->Controller);
|
|
$key = $this->Controller->params['_Token']['key'];
|
|
$fields = 'a5475372b40f6e3ccbf9f8af191f20e1642fd877%3An%3A1%3A%7Bv%3A0%3B';
|
|
$fields .= 'f%3A11%3A%22Zbqry.inyvq%22%3B%7D';
|
|
|
|
$this->Controller->data = array(
|
|
'Model' => array('username' => 'nate', 'password' => 'foo', 'valid' => '0'),
|
|
'_Token' => compact('key', 'fields')
|
|
);
|
|
$this->assertTrue($this->Controller->Security->validatePost($this->Controller));
|
|
}
|
|
|
|
/**
|
|
* test that validatePost fails if any of its required fields are missing.
|
|
*
|
|
* @return void
|
|
*/
|
|
function testValidatePostFormHacking() {
|
|
$this->Controller->Security->startup($this->Controller);
|
|
$key = $this->Controller->params['_Token']['key'];
|
|
$fields = 'a5475372b40f6e3ccbf9f8af191f20e1642fd877%3An%3A1%3A%7Bv%3A0%3B';
|
|
$fields .= 'f%3A11%3A%22Zbqry.inyvq%22%3B%7D';
|
|
|
|
$this->Controller->data = array(
|
|
'Model' => array('username' => 'nate', 'password' => 'foo', 'valid' => '0'),
|
|
'_Token' => compact('key')
|
|
);
|
|
$result = $this->Controller->Security->validatePost($this->Controller);
|
|
$this->assertFalse($result, 'validatePost passed when fields were missing. %s');
|
|
|
|
$this->Controller->data = array(
|
|
'Model' => array('username' => 'nate', 'password' => 'foo', 'valid' => '0'),
|
|
'_Token' => compact('fields')
|
|
);
|
|
$result = $this->Controller->Security->validatePost($this->Controller);
|
|
$this->assertFalse($result, 'validatePost passed when key was missing. %s');
|
|
}
|
|
/**
|
|
* Tests validation of checkbox arrays
|
|
*
|
|
* @access public
|
|
* @return void
|
|
*/
|
|
function testValidatePostArray() {
|
|
$this->Controller->Security->startup($this->Controller);
|
|
$key = $this->Controller->params['_Token']['key'];
|
|
$fields = 'f7d573650a295b94e0938d32b323fde775e5f32b%3An%3A0%3A%7B%7D';
|
|
|
|
$this->Controller->data = array(
|
|
'Model' => array('multi_field' => array('1', '3')),
|
|
'_Token' => compact('key', 'fields')
|
|
);
|
|
$this->assertTrue($this->Controller->Security->validatePost($this->Controller));
|
|
}
|
|
|
|
/**
|
|
* testValidatePostNoModel method
|
|
*
|
|
* @access public
|
|
* @return void
|
|
*/
|
|
function testValidatePostNoModel() {
|
|
$this->Controller->Security->startup($this->Controller);
|
|
$key = $this->Controller->params['_Token']['key'];
|
|
$fields = '540ac9c60d323c22bafe997b72c0790f39a8bdef%3An%3A0%3A%7B%7D';
|
|
|
|
$this->Controller->data = array(
|
|
'anything' => 'some_data',
|
|
'_Token' => compact('key', 'fields')
|
|
);
|
|
|
|
$result = $this->Controller->Security->validatePost($this->Controller);
|
|
$this->assertTrue($result);
|
|
}
|
|
|
|
/**
|
|
* testValidatePostSimple method
|
|
*
|
|
* @access public
|
|
* @return void
|
|
*/
|
|
function testValidatePostSimple() {
|
|
$this->Controller->Security->startup($this->Controller);
|
|
$key = $this->Controller->params['_Token']['key'];
|
|
$fields = '69f493434187b867ea14b901fdf58b55d27c935d%3An%3A0%3A%7B%7D';
|
|
|
|
$this->Controller->data = $data = array(
|
|
'Model' => array('username' => '', 'password' => ''),
|
|
'_Token' => compact('key', 'fields')
|
|
);
|
|
|
|
$result = $this->Controller->Security->validatePost($this->Controller);
|
|
$this->assertTrue($result);
|
|
}
|
|
|
|
/**
|
|
* Tests hash validation for multiple records, including locked fields
|
|
*
|
|
* @access public
|
|
* @return void
|
|
*/
|
|
function testValidatePostComplex() {
|
|
$this->Controller->Security->startup($this->Controller);
|
|
$key = $this->Controller->params['_Token']['key'];
|
|
$fields = 'c9118120e680a7201b543f562e5301006ccfcbe2%3An%3A2%3A%7Bv%3A0%3Bf%3A14%3A%';
|
|
$fields .= '22Nqqerffrf.0.vq%22%3Bv%3A1%3Bf%3A14%3A%22Nqqerffrf.1.vq%22%3B%7D';
|
|
|
|
$this->Controller->data = array(
|
|
'Addresses' => array(
|
|
'0' => array(
|
|
'id' => '123456', 'title' => '', 'first_name' => '', 'last_name' => '',
|
|
'address' => '', 'city' => '', 'phone' => '', 'primary' => ''
|
|
),
|
|
'1' => array(
|
|
'id' => '654321', 'title' => '', 'first_name' => '', 'last_name' => '',
|
|
'address' => '', 'city' => '', 'phone' => '', 'primary' => ''
|
|
)
|
|
),
|
|
'_Token' => compact('key', 'fields')
|
|
);
|
|
$result = $this->Controller->Security->validatePost($this->Controller);
|
|
$this->assertTrue($result);
|
|
}
|
|
|
|
/**
|
|
* test ValidatePost with multiple select elements.
|
|
*
|
|
* @return void
|
|
*/
|
|
function testValidatePostMultipleSelect() {
|
|
$this->Controller->Security->startup($this->Controller);
|
|
$key = $this->Controller->params['_Token']['key'];
|
|
$fields = '422cde416475abc171568be690a98cad20e66079%3An%3A0%3A%7B%7D';
|
|
|
|
$this->Controller->data = array(
|
|
'Tag' => array('Tag' => array(1, 2)),
|
|
'_Token' => compact('key', 'fields'),
|
|
);
|
|
$result = $this->Controller->Security->validatePost($this->Controller);
|
|
$this->assertTrue($result);
|
|
|
|
$this->Controller->data = array(
|
|
'Tag' => array('Tag' => array(1, 2, 3)),
|
|
'_Token' => compact('key', 'fields'),
|
|
);
|
|
$result = $this->Controller->Security->validatePost($this->Controller);
|
|
$this->assertTrue($result);
|
|
|
|
$this->Controller->data = array(
|
|
'Tag' => array('Tag' => array(1, 2, 3, 4)),
|
|
'_Token' => compact('key', 'fields'),
|
|
);
|
|
$result = $this->Controller->Security->validatePost($this->Controller);
|
|
$this->assertTrue($result);
|
|
|
|
$fields = '19464422eafe977ee729c59222af07f983010c5f%3An%3A0%3A%7B%7D';
|
|
$this->Controller->data = array(
|
|
'User.password' => 'bar', 'User.name' => 'foo', 'User.is_valid' => '1',
|
|
'Tag' => array('Tag' => array(1)), '_Token' => compact('key', 'fields'),
|
|
);
|
|
$result = $this->Controller->Security->validatePost($this->Controller);
|
|
$this->assertTrue($result);
|
|
}
|
|
|
|
/**
|
|
* testValidatePostCheckbox method
|
|
*
|
|
* First block tests un-checked checkbox
|
|
* Second block tests checked checkbox
|
|
*
|
|
* @access public
|
|
* @return void
|
|
*/
|
|
function testValidatePostCheckbox() {
|
|
$this->Controller->Security->startup($this->Controller);
|
|
$key = $this->Controller->params['_Token']['key'];
|
|
$fields = 'a5475372b40f6e3ccbf9f8af191f20e1642fd877%3An%3A1%3A%7Bv%3A0%';
|
|
$fields .= '3Bf%3A11%3A%22Zbqry.inyvq%22%3B%7D';
|
|
|
|
$this->Controller->data = array(
|
|
'Model' => array('username' => '', 'password' => '', 'valid' => '0'),
|
|
'_Token' => compact('key', 'fields')
|
|
);
|
|
|
|
$result = $this->Controller->Security->validatePost($this->Controller);
|
|
$this->assertTrue($result);
|
|
|
|
$fields = '874439ca69f89b4c4a5f50fb9c36ff56a28f5d42%3An%3A0%3A%7B%7D';
|
|
|
|
$this->Controller->data = array(
|
|
'Model' => array('username' => '', 'password' => '', 'valid' => '0'),
|
|
'_Token' => compact('key', 'fields')
|
|
);
|
|
|
|
$result = $this->Controller->Security->validatePost($this->Controller);
|
|
$this->assertTrue($result);
|
|
|
|
|
|
$this->Controller->data = array();
|
|
$this->Controller->Security->startup($this->Controller);
|
|
$key = $this->Controller->params['_Token']['key'];
|
|
|
|
$this->Controller->data = $data = array(
|
|
'Model' => array('username' => '', 'password' => '', 'valid' => '0'),
|
|
'_Token' => compact('key', 'fields')
|
|
);
|
|
|
|
$result = $this->Controller->Security->validatePost($this->Controller);
|
|
$this->assertTrue($result);
|
|
}
|
|
|
|
/**
|
|
* testValidatePostHidden method
|
|
*
|
|
* @access public
|
|
* @return void
|
|
*/
|
|
function testValidatePostHidden() {
|
|
$this->Controller->Security->startup($this->Controller);
|
|
$key = $this->Controller->params['_Token']['key'];
|
|
$fields = '51ccd8cb0997c7b3d4523ecde5a109318405ef8c%3An%3A2%3A%7Bv%3A0%3Bf%3A12%3A';
|
|
$fields .= '%22Zbqry.uvqqra%22%3Bv%3A1%3Bf%3A18%3A%22Zbqry.bgure_uvqqra%22%3B%7D';
|
|
|
|
$this->Controller->data = array(
|
|
'Model' => array(
|
|
'username' => '', 'password' => '', 'hidden' => '0',
|
|
'other_hidden' => 'some hidden value'
|
|
),
|
|
'_Token' => compact('key', 'fields')
|
|
);
|
|
$result = $this->Controller->Security->validatePost($this->Controller);
|
|
$this->assertTrue($result);
|
|
}
|
|
|
|
/**
|
|
* testValidatePostWithDisabledFields method
|
|
*
|
|
* @access public
|
|
* @return void
|
|
*/
|
|
function testValidatePostWithDisabledFields() {
|
|
$this->Controller->Security->disabledFields = array('Model.username', 'Model.password');
|
|
$this->Controller->Security->startup($this->Controller);
|
|
$key = $this->Controller->params['_Token']['key'];
|
|
$fields = 'ef1082968c449397bcd849f963636864383278b1%3An%3A1%3A%7Bv%';
|
|
$fields .= '3A0%3Bf%3A12%3A%22Zbqry.uvqqra%22%3B%7D';
|
|
|
|
$this->Controller->data = array(
|
|
'Model' => array(
|
|
'username' => '', 'password' => '', 'hidden' => '0'
|
|
),
|
|
'_Token' => compact('fields', 'key')
|
|
);
|
|
|
|
$result = $this->Controller->Security->validatePost($this->Controller);
|
|
$this->assertTrue($result);
|
|
}
|
|
|
|
/**
|
|
* testValidateHiddenMultipleModel method
|
|
*
|
|
* @access public
|
|
* @return void
|
|
*/
|
|
function testValidateHiddenMultipleModel() {
|
|
$this->Controller->Security->startup($this->Controller);
|
|
$key = $this->Controller->params['_Token']['key'];
|
|
$fields = 'a2d01072dc4660eea9d15007025f35a7a5b58e18%3An%3A3%3A%7Bv%3A0%3Bf%3A11';
|
|
$fields .= '%3A%22Zbqry.inyvq%22%3Bv%3A1%3Bf%3A12%3A%22Zbqry2.inyvq%22%3Bv%3A2%';
|
|
$fields .= '3Bf%3A12%3A%22Zbqry3.inyvq%22%3B%7D';
|
|
|
|
$this->Controller->data = array(
|
|
'Model' => array('username' => '', 'password' => '', 'valid' => '0'),
|
|
'Model2' => array('valid' => '0'),
|
|
'Model3' => array('valid' => '0'),
|
|
'_Token' => compact('key', 'fields')
|
|
);
|
|
$result = $this->Controller->Security->validatePost($this->Controller);
|
|
$this->assertTrue($result);
|
|
}
|
|
|
|
/**
|
|
* testLoginValidation method
|
|
*
|
|
* @access public
|
|
* @return void
|
|
*/
|
|
function testLoginValidation() {
|
|
|
|
}
|
|
|
|
/**
|
|
* testValidateHasManyModel method
|
|
*
|
|
* @access public
|
|
* @return void
|
|
*/
|
|
function testValidateHasManyModel() {
|
|
$this->Controller->Security->startup($this->Controller);
|
|
$key = $this->Controller->params['_Token']['key'];
|
|
$fields = '51e3b55a6edd82020b3f29c9ae200e14bbeb7ee5%3An%3A4%3A%7Bv%3A0%3Bf%3A14%3A%2';
|
|
$fields .= '2Zbqry.0.uvqqra%22%3Bv%3A1%3Bf%3A13%3A%22Zbqry.0.inyvq%22%3Bv%3A2%3Bf%3';
|
|
$fields .= 'A14%3A%22Zbqry.1.uvqqra%22%3Bv%3A3%3Bf%3A13%3A%22Zbqry.1.inyvq%22%3B%7D';
|
|
|
|
$this->Controller->data = array(
|
|
'Model' => array(
|
|
array(
|
|
'username' => 'username', 'password' => 'password',
|
|
'hidden' => 'value', 'valid' => '0'
|
|
),
|
|
array(
|
|
'username' => 'username', 'password' => 'password',
|
|
'hidden' => 'value', 'valid' => '0'
|
|
)
|
|
),
|
|
'_Token' => compact('key', 'fields')
|
|
);
|
|
|
|
$result = $this->Controller->Security->validatePost($this->Controller);
|
|
$this->assertTrue($result);
|
|
}
|
|
|
|
/**
|
|
* testValidateHasManyRecordsPass method
|
|
*
|
|
* @access public
|
|
* @return void
|
|
*/
|
|
function testValidateHasManyRecordsPass() {
|
|
$this->Controller->Security->startup($this->Controller);
|
|
$key = $this->Controller->params['_Token']['key'];
|
|
$fields = '7a203edb3d345bbf38fe0dccae960da8842e11d7%3An%3A4%3A%7Bv%3A0%3Bf%3A12%3A%2';
|
|
$fields .= '2Nqqerff.0.vq%22%3Bv%3A1%3Bf%3A17%3A%22Nqqerff.0.cevznel%22%3Bv%3A2%3Bf%';
|
|
$fields .= '3A12%3A%22Nqqerff.1.vq%22%3Bv%3A3%3Bf%3A17%3A%22Nqqerff.1.cevznel%22%3B%7D';
|
|
|
|
$this->Controller->data = array(
|
|
'Address' => array(
|
|
0 => array(
|
|
'id' => '123',
|
|
'title' => 'home',
|
|
'first_name' => 'Bilbo',
|
|
'last_name' => 'Baggins',
|
|
'address' => '23 Bag end way',
|
|
'city' => 'the shire',
|
|
'phone' => 'N/A',
|
|
'primary' => '1',
|
|
),
|
|
1 => array(
|
|
'id' => '124',
|
|
'title' => 'home',
|
|
'first_name' => 'Frodo',
|
|
'last_name' => 'Baggins',
|
|
'address' => '50 Bag end way',
|
|
'city' => 'the shire',
|
|
'phone' => 'N/A',
|
|
'primary' => '1'
|
|
)
|
|
),
|
|
'_Token' => compact('key', 'fields')
|
|
);
|
|
|
|
$result = $this->Controller->Security->validatePost($this->Controller);
|
|
$this->assertTrue($result);
|
|
}
|
|
|
|
/**
|
|
* testValidateHasManyRecords method
|
|
*
|
|
* validatePost should fail, hidden fields have been changed.
|
|
*
|
|
* @access public
|
|
* @return void
|
|
*/
|
|
function testValidateHasManyRecordsFail() {
|
|
$this->Controller->Security->startup($this->Controller);
|
|
$key = $this->Controller->params['_Token']['key'];
|
|
$fields = '7a203edb3d345bbf38fe0dccae960da8842e11d7%3An%3A4%3A%7Bv%3A0%3Bf%3A12%3A%2';
|
|
$fields .= '2Nqqerff.0.vq%22%3Bv%3A1%3Bf%3A17%3A%22Nqqerff.0.cevznel%22%3Bv%3A2%3Bf%';
|
|
$fields .= '3A12%3A%22Nqqerff.1.vq%22%3Bv%3A3%3Bf%3A17%3A%22Nqqerff.1.cevznel%22%3B%7D';
|
|
|
|
$this->Controller->data = array(
|
|
'Address' => array(
|
|
0 => array(
|
|
'id' => '123',
|
|
'title' => 'home',
|
|
'first_name' => 'Bilbo',
|
|
'last_name' => 'Baggins',
|
|
'address' => '23 Bag end way',
|
|
'city' => 'the shire',
|
|
'phone' => 'N/A',
|
|
'primary' => '5',
|
|
),
|
|
1 => array(
|
|
'id' => '124',
|
|
'title' => 'home',
|
|
'first_name' => 'Frodo',
|
|
'last_name' => 'Baggins',
|
|
'address' => '50 Bag end way',
|
|
'city' => 'the shire',
|
|
'phone' => 'N/A',
|
|
'primary' => '1'
|
|
)
|
|
),
|
|
'_Token' => compact('key', 'fields')
|
|
);
|
|
|
|
$result = $this->Controller->Security->validatePost($this->Controller);
|
|
$this->assertFalse($result);
|
|
}
|
|
|
|
/**
|
|
* testLoginRequest method
|
|
*
|
|
* @access public
|
|
* @return void
|
|
*/
|
|
function testLoginRequest() {
|
|
$this->Controller->Security->startup($this->Controller);
|
|
$realm = 'cakephp.org';
|
|
$options = array('realm' => $realm, 'type' => 'basic');
|
|
$result = $this->Controller->Security->loginRequest($options);
|
|
$expected = 'WWW-Authenticate: Basic realm="'.$realm.'"';
|
|
$this->assertEqual($result, $expected);
|
|
|
|
$this->Controller->Security->startup($this->Controller);
|
|
$options = array('realm' => $realm, 'type' => 'digest');
|
|
$result = $this->Controller->Security->loginRequest($options);
|
|
$this->assertPattern('/realm="'.$realm.'"/', $result);
|
|
$this->assertPattern('/qop="auth"/', $result);
|
|
}
|
|
|
|
/**
|
|
* testGenerateDigestResponseHash method
|
|
*
|
|
* @access public
|
|
* @return void
|
|
*/
|
|
function testGenerateDigestResponseHash() {
|
|
$this->Controller->Security->startup($this->Controller);
|
|
$realm = 'cakephp.org';
|
|
$loginData = array('realm' => $realm, 'users' => array('Willy Smith' => 'password'));
|
|
$this->Controller->Security->requireLogin($loginData);
|
|
|
|
$data = array(
|
|
'username' => 'Willy Smith',
|
|
'password' => 'password',
|
|
'nonce' => String::uuid(),
|
|
'nc' => 1,
|
|
'cnonce' => 1,
|
|
'realm' => $realm,
|
|
'uri' => 'path_to_identifier',
|
|
'qop' => 'testme'
|
|
);
|
|
$_SERVER['REQUEST_METHOD'] = 'POST';
|
|
|
|
$result = $this->Controller->Security->generateDigestResponseHash($data);
|
|
$expected = md5(
|
|
md5($data['username'] . ':' . $loginData['realm'] . ':' . $data['password']) . ':' .
|
|
$data['nonce'] . ':' . $data['nc'] . ':' . $data['cnonce'] . ':' . $data['qop'] . ':' .
|
|
md5(env('REQUEST_METHOD') . ':' . $data['uri'])
|
|
);
|
|
$this->assertIdentical($result, $expected);
|
|
}
|
|
|
|
/**
|
|
* testLoginCredentials method
|
|
*
|
|
* @access public
|
|
* @return void
|
|
*/
|
|
function testLoginCredentials() {
|
|
$this->Controller->Security->startup($this->Controller);
|
|
$_SERVER['PHP_AUTH_USER'] = $user = 'Willy Test';
|
|
$_SERVER['PHP_AUTH_PW'] = $pw = 'some password for the nice test';
|
|
|
|
$result = $this->Controller->Security->loginCredentials('basic');
|
|
$expected = array('username' => $user, 'password' => $pw);
|
|
$this->assertIdentical($result, $expected);
|
|
|
|
if (version_compare(PHP_VERSION, '5.1') != -1) {
|
|
$_SERVER['PHP_AUTH_DIGEST'] = $digest = <<<DIGEST
|
|
Digest username="Mufasa",
|
|
realm="testrealm@host.com",
|
|
nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093",
|
|
uri="/dir/index.html",
|
|
qop=auth,
|
|
nc=00000001,
|
|
cnonce="0a4f113b",
|
|
response="6629fae49393a05397450978507c4ef1",
|
|
opaque="5ccc069c403ebaf9f0171e9517f40e41"
|
|
DIGEST;
|
|
$expected = array(
|
|
'username' => 'Mufasa',
|
|
'nonce' => 'dcd98b7102dd2f0e8b11d0f600bfb0c093',
|
|
'uri' => '/dir/index.html',
|
|
'qop' => 'auth',
|
|
'nc' => '00000001',
|
|
'cnonce' => '0a4f113b',
|
|
'response' => '6629fae49393a05397450978507c4ef1',
|
|
'opaque' => '5ccc069c403ebaf9f0171e9517f40e41'
|
|
);
|
|
$result = $this->Controller->Security->loginCredentials('digest');
|
|
$this->assertIdentical($result, $expected);
|
|
}
|
|
}
|
|
|
|
/**
|
|
* testParseDigestAuthData method
|
|
*
|
|
* @access public
|
|
* @return void
|
|
*/
|
|
function testParseDigestAuthData() {
|
|
$this->Controller->Security->startup($this->Controller);
|
|
$digest = <<<DIGEST
|
|
Digest username="Mufasa",
|
|
realm="testrealm@host.com",
|
|
nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093",
|
|
uri="/dir/index.html",
|
|
qop=auth,
|
|
nc=00000001,
|
|
cnonce="0a4f113b",
|
|
response="6629fae49393a05397450978507c4ef1",
|
|
opaque="5ccc069c403ebaf9f0171e9517f40e41"
|
|
DIGEST;
|
|
$expected = array(
|
|
'username' => 'Mufasa',
|
|
'nonce' => 'dcd98b7102dd2f0e8b11d0f600bfb0c093',
|
|
'uri' => '/dir/index.html',
|
|
'qop' => 'auth',
|
|
'nc' => '00000001',
|
|
'cnonce' => '0a4f113b',
|
|
'response' => '6629fae49393a05397450978507c4ef1',
|
|
'opaque' => '5ccc069c403ebaf9f0171e9517f40e41'
|
|
);
|
|
$result = $this->Controller->Security->parseDigestAuthData($digest);
|
|
$this->assertIdentical($result, $expected);
|
|
|
|
$result = $this->Controller->Security->parseDigestAuthData('');
|
|
$this->assertNull($result);
|
|
}
|
|
|
|
/**
|
|
* testFormDisabledFields method
|
|
*
|
|
* @access public
|
|
* @return void
|
|
*/
|
|
function testFormDisabledFields() {
|
|
$this->Controller->Security->startup($this->Controller);
|
|
$key = $this->Controller->params['_Token']['key'];
|
|
$fields = '11842060341b9d0fc3808b90ba29fdea7054d6ad%3An%3A0%3A%7B%7D';
|
|
|
|
$this->Controller->data = array(
|
|
'MyModel' => array('name' => 'some data'),
|
|
'_Token' => compact('key', 'fields')
|
|
);
|
|
$result = $this->Controller->Security->validatePost($this->Controller);
|
|
$this->assertFalse($result);
|
|
|
|
$this->Controller->Security->startup($this->Controller);
|
|
$this->Controller->Security->disabledFields = array('MyModel.name');
|
|
$key = $this->Controller->params['_Token']['key'];
|
|
|
|
$this->Controller->data = array(
|
|
'MyModel' => array('name' => 'some data'),
|
|
'_Token' => compact('key', 'fields')
|
|
);
|
|
|
|
$result = $this->Controller->Security->validatePost($this->Controller);
|
|
$this->assertTrue($result);
|
|
}
|
|
|
|
/**
|
|
* testRadio method
|
|
*
|
|
* @access public
|
|
* @return void
|
|
*/
|
|
function testRadio() {
|
|
$this->Controller->Security->startup($this->Controller);
|
|
$key = $this->Controller->params['_Token']['key'];
|
|
$fields = '575ef54ca4fc8cab468d6d898e9acd3a9671c17e%3An%3A0%3A%7B%7D';
|
|
|
|
$this->Controller->data = array(
|
|
'_Token' => compact('key', 'fields')
|
|
);
|
|
$result = $this->Controller->Security->validatePost($this->Controller);
|
|
$this->assertFalse($result);
|
|
|
|
$this->Controller->data = array(
|
|
'_Token' => compact('key', 'fields'),
|
|
'Test' => array('test' => '')
|
|
);
|
|
$result = $this->Controller->Security->validatePost($this->Controller);
|
|
$this->assertTrue($result);
|
|
|
|
$this->Controller->data = array(
|
|
'_Token' => compact('key', 'fields'),
|
|
'Test' => array('test' => '1')
|
|
);
|
|
$result = $this->Controller->Security->validatePost($this->Controller);
|
|
$this->assertTrue($result);
|
|
|
|
$this->Controller->data = array(
|
|
'_Token' => compact('key', 'fields'),
|
|
'Test' => array('test' => '2')
|
|
);
|
|
$result = $this->Controller->Security->validatePost($this->Controller);
|
|
$this->assertTrue($result);
|
|
}
|
|
|
|
/**
|
|
* testInvalidAuthHeaders method
|
|
*
|
|
* @access public
|
|
* @return void
|
|
*/
|
|
function testInvalidAuthHeaders() {
|
|
$this->Controller->Security->blackHoleCallback = null;
|
|
$_SERVER['PHP_AUTH_USER'] = 'admin';
|
|
$_SERVER['PHP_AUTH_PW'] = 'password';
|
|
$realm = 'cakephp.org';
|
|
$loginData = array('type' => 'basic', 'realm' => $realm);
|
|
$this->Controller->Security->requireLogin($loginData);
|
|
$this->Controller->Security->startup($this->Controller);
|
|
|
|
$expected = 'WWW-Authenticate: Basic realm="'.$realm.'"';
|
|
$this->assertEqual(count($this->Controller->testHeaders), 1);
|
|
$this->assertEqual(current($this->Controller->testHeaders), $expected);
|
|
}
|
|
|
|
/**
|
|
* test that a requestAction's controller will have the _Token appended to
|
|
* the params.
|
|
*
|
|
* @return void
|
|
* @see http://cakephp.lighthouseapp.com/projects/42648/tickets/68
|
|
*/
|
|
function testSettingTokenForRequestAction() {
|
|
$this->Controller->Security->startup($this->Controller);
|
|
$key = $this->Controller->params['_Token']['key'];
|
|
|
|
$this->Controller->params['requested'] = 1;
|
|
unset($this->Controller->params['_Token']);
|
|
|
|
$this->Controller->Security->startup($this->Controller);
|
|
$this->assertEqual($this->Controller->params['_Token']['key'], $key);
|
|
}
|
|
|
|
/**
|
|
* test that blackhole doesn't delete the _Token session key so repeat data submissions
|
|
* stay blackholed.
|
|
*
|
|
* @link http://cakephp.lighthouseapp.com/projects/42648/tickets/214
|
|
* @return void
|
|
*/
|
|
function testBlackHoleNotDeletingSessionInformation() {
|
|
$this->Controller->Security->startup($this->Controller);
|
|
|
|
$this->Controller->Security->blackHole($this->Controller, 'auth');
|
|
$this->assertTrue($this->Controller->Security->Session->check('_Token'), '_Token was deleted by blackHole %s');
|
|
}
|
|
}
|
|
?>
|