brmlab/brmsklad
9
0
Fork 0
mirror of https://github.com/brmlab/brmsklad.git synced 2025-10-31 08:13:58 +01:00
Code Issues Projects Releases Packages Wiki Activity

Upgrade CakePHP from 2.2.5 to 2.9.5

Browse source
This commit is contained in:
Brm Ko 2017-02-26 15:29:44 +01:00
parent 5a580df460
commit 235a541597
793 changed files with 60746 additions and 23753 deletions
Download patch file Download diff file Expand all files Collapse all files

201
lib/Cake/Test/Case/Controller/Component/SecurityComponentTest.php
View file

@ -2,19 +2,18 @@
/**
* SecurityComponentTest file
*
* PHP 5
*
* CakePHP(tm) Tests <http://book.cakephp.org/2.0/en/development/testing.html>
* Copyright 2005-2012, Cake Software Foundation, Inc. (http://cakefoundation.org)
* Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
*
* Licensed under The MIT License
* For full copyright and license information, please see the LICENSE.txt
* Redistributions of files must retain the above copyright notice
*
* @copyright Copyright 2005-2012, Cake Software Foundation, Inc. (http://cakefoundation.org)
* @copyright Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
* @link http://book.cakephp.org/2.0/en/development/testing.html CakePHP(tm) Tests
* @package Cake.Test.Case.Controller.Component
* @since CakePHP(tm) v 1.2.0.5435
* @license MIT License (http://www.opensource.org/licenses/mit-license.php)
* @license http://www.opensource.org/licenses/mit-license.php MIT License
*/
App::uses('SecurityComponent', 'Controller/Component');
@ -31,7 +30,7 @@ class TestSecurityComponent extends SecurityComponent {
* validatePost method
*
* @param Controller $controller
* @return boolean
* @return bool
*/
public function validatePost(Controller $controller) {
return $this->_validatePost($controller);
@ -46,13 +45,6 @@ class TestSecurityComponent extends SecurityComponent {
*/
class SecurityTestController extends Controller {
/**
* name property
*
* @var string 'SecurityTest'
*/
public $name = 'SecurityTest';
/**
* components property
*
@ -63,7 +55,7 @@ class SecurityTestController extends Controller {
/**
* failed property
*
* @var boolean false
* @var bool
*/
public $failed = false;
@ -150,8 +142,12 @@ class SecurityComponentTest extends CakeTestCase {
public function setUp() {
parent::setUp();
$request = new CakeRequest('posts/index', false);
$request = $this->getMock('CakeRequest', array('here'), array('posts/index', false));
$request->addParams(array('controller' => 'posts', 'action' => 'index'));
$request->expects($this->any())
->method('here')
->will($this->returnValue('/posts/index'));
$this->Controller = new SecurityTestController($request);
$this->Controller->Components->init($this->Controller);
$this->Controller->Security = $this->Controller->TestSecurity;
@ -180,6 +176,7 @@ class SecurityComponentTest extends CakeTestCase {
* visibility keyword in the blackhole callback
*
* @expectedException BadRequestException
* @return void
*/
public function testBlackholeWithBrokenCallback() {
$request = new CakeRequest('posts/index', false);
@ -333,19 +330,23 @@ class SecurityComponentTest extends CakeTestCase {
*/
public function testRequireAuthSucceed() {
$_SERVER['REQUEST_METHOD'] = 'AUTH';
$this->Controller->Security->unlockedActions = array('posted');
$this->Controller->request['action'] = 'posted';
$this->Controller->Security->requireAuth('posted');
$this->Controller->Security->startup($this->Controller);
$this->assertFalse($this->Controller->failed);
$this->Controller->Security->Session->write('_Token', array(
'allowedControllers' => array('SecurityTest'), 'allowedActions' => array('posted')
'allowedControllers' => array('SecurityTest'),
'allowedActions' => array('posted')
));
$this->Controller->request['controller'] = 'SecurityTest';
$this->Controller->request['action'] = 'posted';
$this->Controller->request->data = array(
'username' => 'willy', 'password' => 'somePass', '_Token' => ''
'username' => 'willy',
'password' => 'somePass',
'_Token' => ''
);
$this->Controller->action = 'posted';
$this->Controller->Security->requireAuth('posted');
@ -483,6 +484,29 @@ class SecurityComponentTest extends CakeTestCase {
$this->assertFalse($this->Controller->failed);
}
/**
* Test that validatePost fires on GET with request data.
* This could happen when method overriding is used.
*
* @return void
* @triggers Controller.startup $this->Controller
*/
public function testValidatePostOnGetWithData() {
$_SERVER['REQUEST_METHOD'] = 'GET';
$this->Controller->Security->startup($this->Controller);
$fields = 'an-invalid-token';
$unlocked = '';
$this->Controller->request->data = array(
'Model' => array('username' => 'nate', 'password' => 'foo', 'valid' => '0'),
'_Token' => compact('fields', 'unlocked')
);
$this->assertFalse($this->Controller->failed, 'Should not be failed yet');
$this->Controller->Security->startup($this->Controller);
$this->assertTrue($this->Controller->failed, 'Should fail because of validatePost.');
}
/**
* Simple hash validation test
*
@ -492,7 +516,7 @@ class SecurityComponentTest extends CakeTestCase {
$this->Controller->Security->startup($this->Controller);
$key = $this->Controller->request->params['_Token']['key'];
$fields = 'a5475372b40f6e3ccbf9f8af191f20e1642fd877%3AModel.valid';
$fields = '01c1f6dbba02ac6f21b229eab1cc666839b14303%3AModel.valid';
$unlocked = '';
$this->Controller->request->data = array(
@ -572,7 +596,7 @@ class SecurityComponentTest extends CakeTestCase {
$this->Controller->Security->startup($this->Controller);
$key = $this->Controller->request->params['_Token']['key'];
$fields = 'f7d573650a295b94e0938d32b323fde775e5f32b%3A';
$fields = '38504e4a341d4e6eadb437217efd91270e558d55%3A';
$unlocked = '';
$this->Controller->request->data = array(
@ -591,7 +615,7 @@ class SecurityComponentTest extends CakeTestCase {
$this->Controller->Security->startup($this->Controller);
$key = $this->Controller->request->params['_Token']['key'];
$fields = '540ac9c60d323c22bafe997b72c0790f39a8bdef%3A';
$fields = 'c5bc49a6c938c820e7e538df3d8ab7bffbc97ef9%3A';
$unlocked = '';
$this->Controller->request->data = array(
@ -612,10 +636,10 @@ class SecurityComponentTest extends CakeTestCase {
$this->Controller->Security->startup($this->Controller);
$key = $this->Controller->request->params['_Token']['key'];
$fields = '69f493434187b867ea14b901fdf58b55d27c935d%3A';
$fields = '5415d31b4483c1e09ddb58d2a91ba9650b12aa83%3A';
$unlocked = '';
$this->Controller->request->data = $data = array(
$this->Controller->request->data = array(
'Model' => array('username' => '', 'password' => ''),
'_Token' => compact('key', 'fields', 'unlocked')
);
@ -633,7 +657,7 @@ class SecurityComponentTest extends CakeTestCase {
$this->Controller->Security->startup($this->Controller);
$key = $this->Controller->request->params['_Token']['key'];
$fields = 'c9118120e680a7201b543f562e5301006ccfcbe2%3AAddresses.0.id%7CAddresses.1.id';
$fields = 'b72a99e923687687bb5e64025d3cc65e1cecced4%3AAddresses.0.id%7CAddresses.1.id';
$unlocked = '';
$this->Controller->request->data = array(
@ -662,7 +686,7 @@ class SecurityComponentTest extends CakeTestCase {
$this->Controller->Security->startup($this->Controller);
$key = $this->Controller->request->params['_Token']['key'];
$fields = '422cde416475abc171568be690a98cad20e66079%3A';
$fields = '8a764bdb989132c1d46f9a45f64ce2da5f9eebb9%3A';
$unlocked = '';
$this->Controller->request->data = array(
@ -686,7 +710,7 @@ class SecurityComponentTest extends CakeTestCase {
$result = $this->Controller->Security->validatePost($this->Controller);
$this->assertTrue($result);
$fields = '19464422eafe977ee729c59222af07f983010c5f%3A';
$fields = '722de3615e63fdff899e86e85e6498b11c50bb66%3A';
$this->Controller->request->data = array(
'User.password' => 'bar', 'User.name' => 'foo', 'User.is_valid' => '1',
'Tag' => array('Tag' => array(1)),
@ -707,7 +731,7 @@ class SecurityComponentTest extends CakeTestCase {
public function testValidatePostCheckbox() {
$this->Controller->Security->startup($this->Controller);
$key = $this->Controller->request->params['_Token']['key'];
$fields = 'a5475372b40f6e3ccbf9f8af191f20e1642fd877%3AModel.valid';
$fields = '01c1f6dbba02ac6f21b229eab1cc666839b14303%3AModel.valid';
$unlocked = '';
$this->Controller->request->data = array(
@ -718,7 +742,7 @@ class SecurityComponentTest extends CakeTestCase {
$result = $this->Controller->Security->validatePost($this->Controller);
$this->assertTrue($result);
$fields = '874439ca69f89b4c4a5f50fb9c36ff56a28f5d42%3A';
$fields = 'efbcf463a2c31e97c85d95eedc41dff9e9c6a026%3A';
$this->Controller->request->data = array(
'Model' => array('username' => '', 'password' => '', 'valid' => '0'),
@ -732,7 +756,7 @@ class SecurityComponentTest extends CakeTestCase {
$this->Controller->Security->startup($this->Controller);
$key = $this->Controller->request->params['_Token']['key'];
$this->Controller->request->data = $data = array(
$this->Controller->request->data = array(
'Model' => array('username' => '', 'password' => '', 'valid' => '0'),
'_Token' => compact('key', 'fields', 'unlocked')
);
@ -749,7 +773,7 @@ class SecurityComponentTest extends CakeTestCase {
public function testValidatePostHidden() {
$this->Controller->Security->startup($this->Controller);
$key = $this->Controller->request->params['_Token']['key'];
$fields = '51ccd8cb0997c7b3d4523ecde5a109318405ef8c%3AModel.hidden%7CModel.other_hidden';
$fields = 'baaf832a714b39a0618238ac89c7065fc8ec853e%3AModel.hidden%7CModel.other_hidden';
$unlocked = '';
$this->Controller->request->data = array(
@ -772,7 +796,7 @@ class SecurityComponentTest extends CakeTestCase {
$this->Controller->Security->disabledFields = array('Model.username', 'Model.password');
$this->Controller->Security->startup($this->Controller);
$key = $this->Controller->request->params['_Token']['key'];
$fields = 'ef1082968c449397bcd849f963636864383278b1%3AModel.hidden';
$fields = 'aa7f254ebd8bf2ef118bc5ca1e191d1ae96857f5%3AModel.hidden';
$unlocked = '';
$this->Controller->request->data = array(
@ -796,7 +820,12 @@ class SecurityComponentTest extends CakeTestCase {
$key = $this->Controller->request->params['_Token']['key'];
$unlocked = 'Model.username';
$fields = array('Model.hidden', 'Model.password');
$fields = urlencode(Security::hash(serialize($fields) . $unlocked . Configure::read('Security.salt')));
$fields = urlencode(Security::hash(
'/posts/index' .
serialize($fields) .
$unlocked .
Configure::read('Security.salt'))
);
$this->Controller->request->data = array(
'Model' => array(
@ -838,7 +867,7 @@ class SecurityComponentTest extends CakeTestCase {
/**
* Test that validatePost fails when unlocked fields are changed.
*
* @return
* @return void
*/
public function testValidatePostFailDisabledFieldTampering() {
$this->Controller->Security->startup($this->Controller);
@ -871,7 +900,7 @@ class SecurityComponentTest extends CakeTestCase {
public function testValidateHiddenMultipleModel() {
$this->Controller->Security->startup($this->Controller);
$key = $this->Controller->request->params['_Token']['key'];
$fields = 'a2d01072dc4660eea9d15007025f35a7a5b58e18%3AModel.valid%7CModel2.valid%7CModel3.valid';
$fields = '38dd8a37bbb52e67ee4eb812bf1725a6a18b989b%3AModel.valid%7CModel2.valid%7CModel3.valid';
$unlocked = '';
$this->Controller->request->data = array(
@ -892,7 +921,7 @@ class SecurityComponentTest extends CakeTestCase {
public function testValidateHasManyModel() {
$this->Controller->Security->startup($this->Controller);
$key = $this->Controller->request->params['_Token']['key'];
$fields = '51e3b55a6edd82020b3f29c9ae200e14bbeb7ee5%3AModel.0.hidden%7CModel.0.valid';
$fields = 'dcef68de6634c60d2e60484ad0e2faec003456e6%3AModel.0.hidden%7CModel.0.valid';
$fields .= '%7CModel.1.hidden%7CModel.1.valid';
$unlocked = '';
@ -922,7 +951,7 @@ class SecurityComponentTest extends CakeTestCase {
public function testValidateHasManyRecordsPass() {
$this->Controller->Security->startup($this->Controller);
$key = $this->Controller->request->params['_Token']['key'];
$fields = '7a203edb3d345bbf38fe0dccae960da8842e11d7%3AAddress.0.id%7CAddress.0.primary%7C';
$fields = '8b6880fbbd4b69279155f899652ecffdd9b4c5a1%3AAddress.0.id%7CAddress.0.primary%7C';
$fields .= 'Address.1.id%7CAddress.1.primary';
$unlocked = '';
@ -966,7 +995,13 @@ class SecurityComponentTest extends CakeTestCase {
$key = $this->Controller->request->params['_Token']['key'];
$unlocked = '';
$hashFields = array('TaxonomyData');
$fields = urlencode(Security::hash(serialize($hashFields) . $unlocked . Configure::read('Security.salt')));
$fields = urlencode(
Security::hash(
'/posts/index' .
serialize($hashFields) .
$unlocked .
Configure::read('Security.salt'), 'sha1')
);
$this->Controller->request->data = array(
'TaxonomyData' => array(
@ -1031,7 +1066,7 @@ class SecurityComponentTest extends CakeTestCase {
public function testFormDisabledFields() {
$this->Controller->Security->startup($this->Controller);
$key = $this->Controller->request->params['_Token']['key'];
$fields = '11842060341b9d0fc3808b90ba29fdea7054d6ad%3An%3A0%3A%7B%7D';
$fields = '216ee717efd1a251a6d6e9efbb96005a9d09f1eb%3An%3A0%3A%7B%7D';
$unlocked = '';
$this->Controller->request->data = array(
@ -1059,10 +1094,10 @@ class SecurityComponentTest extends CakeTestCase {
*
* @return void
*/
public function testRadio() {
public function testValidatePostRadio() {
$this->Controller->Security->startup($this->Controller);
$key = $this->Controller->request->params['_Token']['key'];
$fields = '575ef54ca4fc8cab468d6d898e9acd3a9671c17e%3An%3A0%3A%7B%7D';
$fields = '3be63770e7953c6d2119f5377a9303372040f66f%3An%3A0%3A%7B%7D';
$unlocked = '';
$this->Controller->request->data = array(
@ -1093,12 +1128,42 @@ class SecurityComponentTest extends CakeTestCase {
$this->assertTrue($result);
}
/**
* test validatePost uses here() as a hash input.
*
* @return void
*/
public function testValidatePostUrlAsHashInput() {
$this->Controller->Security->startup($this->Controller);
$key = $this->Controller->request->params['_Token']['key'];
$fields = '5415d31b4483c1e09ddb58d2a91ba9650b12aa83%3A';
$unlocked = '';
$this->Controller->request->data = array(
'Model' => array('username' => '', 'password' => ''),
'_Token' => compact('key', 'fields', 'unlocked')
);
$this->assertTrue($this->Controller->Security->validatePost($this->Controller));
$request = $this->getMock('CakeRequest', array('here'), array('articles/edit/1', false));
$request->expects($this->at(0))
->method('here')
->will($this->returnValue('/posts/index?page=1'));
$request->expects($this->at(1))
->method('here')
->will($this->returnValue('/posts/edit/1'));
$this->Controller->Security->request = $request;
$this->assertFalse($this->Controller->Security->validatePost($this->Controller));
$this->assertFalse($this->Controller->Security->validatePost($this->Controller));
}
/**
* test that a requestAction's controller will have the _Token appended to
* the params.
*
* @return void
* @see http://cakephp.lighthouseapp.com/projects/42648/tickets/68
*/
public function testSettingTokenForRequestAction() {
$this->Controller->Security->startup($this->Controller);
@ -1115,7 +1180,6 @@ class SecurityComponentTest extends CakeTestCase {
* test that blackhole doesn't delete the _Token session key so repeat data submissions
* stay blackholed.
*
* @link http://cakephp.lighthouseapp.com/projects/42648/tickets/214
* @return void
*/
public function testBlackHoleNotDeletingSessionInformation() {
@ -1174,9 +1238,8 @@ class SecurityComponentTest extends CakeTestCase {
$token = $this->Security->Session->read('_Token');
$this->assertEquals(2, count($token['csrfTokens']), 'Missing the csrf token.');
foreach ($token['csrfTokens'] as $key => $expires) {
$diff = $csrfExpires - $expires;
$this->assertTrue($diff === 0 || $diff === 1, 'Token expiry does not match');
foreach ($token['csrfTokens'] as $expires) {
$this->assertWithinMargin($expires, $csrfExpires, 2, 'Token expiry does not match');
}
}
@ -1192,11 +1255,6 @@ class SecurityComponentTest extends CakeTestCase {
$this->Security->Session->write('_Token.csrfTokens', array('nonce1' => strtotime('+10 minutes')));
$this->Controller->request = $this->getMock('CakeRequest', array('is'));
$this->Controller->request->expects($this->once())->method('is')
->with('post')
->will($this->returnValue(true));
$this->Controller->request->params['action'] = 'index';
$this->Controller->request->data = array(
'_Token' => array(
@ -1211,6 +1269,23 @@ class SecurityComponentTest extends CakeTestCase {
$this->assertFalse(isset($token['csrfTokens']['nonce1']), 'Token was not consumed');
}
/**
* tests that reusable CSRF-token expiry is renewed
*/
public function testCsrfReusableTokenRenewal() {
$this->Security->validatePost = false;
$this->Security->csrfCheck = true;
$this->Security->csrfUseOnce = false;
$csrfExpires = '+10 minutes';
$this->Security->csrfExpires = $csrfExpires;
$this->Security->Session->write('_Token.csrfTokens', array('token' => strtotime('+1 minutes')));
$this->Security->startup($this->Controller);
$tokens = $this->Security->Session->read('_Token.csrfTokens');
$this->assertWithinMargin($tokens['token'], strtotime($csrfExpires), 2, 'Token expiry was not renewed');
}
/**
* test that expired values in the csrfTokens are cleaned up.
*
@ -1244,11 +1319,6 @@ class SecurityComponentTest extends CakeTestCase {
$this->Security->Session->write('_Token.csrfTokens', array('nonce1' => strtotime('+10 minutes')));
$this->Controller->request = $this->getMock('CakeRequest', array('is'));
$this->Controller->request->expects($this->once())->method('is')
->with('post')
->will($this->returnValue(true));
$this->Controller->request->params['action'] = 'index';
$this->Controller->request->data = array(
'_Token' => array(
@ -1274,11 +1344,6 @@ class SecurityComponentTest extends CakeTestCase {
$this->Security->Session->write('_Token.csrfTokens', array('nonce1' => strtotime('-5 minutes')));
$this->Controller->request = $this->getMock('CakeRequest', array('is'));
$this->Controller->request->expects($this->once())->method('is')
->with('post')
->will($this->returnValue(true));
$this->Controller->request->params['action'] = 'index';
$this->Controller->request->data = array(
'_Token' => array(
@ -1331,10 +1396,6 @@ class SecurityComponentTest extends CakeTestCase {
$this->Security->Session->write('_Token.csrfTokens', array('nonce1' => strtotime('+10 minutes')));
$this->Controller->request = $this->getMock('CakeRequest', array('is'));
$this->Controller->request->expects($this->once())->method('is')
->with('post')
->will($this->returnValue(true));
$this->Controller->request->params['action'] = 'index';
$this->Controller->request->data = array(
'_Token' => array(
@ -1388,4 +1449,18 @@ class SecurityComponentTest extends CakeTestCase {
$this->assertTrue(isset($result['4']));
$this->assertTrue(isset($result['5']));
}
/**
* Test unlocked actions
*
* @return void
*/
public function testUnlockedActions() {
$_SERVER['REQUEST_METHOD'] = 'POST';
$this->Controller->request->data = array('data');
$this->Controller->Security->unlockedActions = 'index';
$this->Controller->Security->blackHoleCallback = null;
$result = $this->Controller->Security->startup($this->Controller);
$this->assertNull($result);
}
}