diff --git a/tests/Alchemy/Tests/Phrasea/Controller/Prod/BasketTest.php b/tests/Alchemy/Tests/Phrasea/Controller/Prod/BasketTest.php index 5a01263b20..3d1f79d574 100644 --- a/tests/Alchemy/Tests/Phrasea/Controller/Prod/BasketTest.php +++ b/tests/Alchemy/Tests/Phrasea/Controller/Prod/BasketTest.php @@ -20,6 +20,8 @@ public function testRootPost() self::$DI['record_2']; $route = '/prod/baskets/'; + $randomValue = $this->setSessionFormToken('prodCreateBasket'); + $records = [ self::$DI['record_1']->get_serialize_key(), self::$DI['record_2']->get_serialize_key(), @@ -34,7 +36,9 @@ public function testRootPost() 'POST', $route, [ 'name' => 'panier', 'desc' => 'mon beau panier', - 'lst' => $lst] + 'lst' => $lst, + 'prodCreateBasket_token' => $randomValue + ] ); $response = self::$DI['client']->getResponse(); @@ -60,6 +64,8 @@ public function testRootPostJSON() $query = $entityManager->createQuery('SELECT COUNT(b.id) FROM Phraseanet:Basket b'); $count = $query->getSingleScalarResult(); + $randomValue = $this->setSessionFormToken('prodCreateBasket'); + $route = '/prod/baskets/'; $client = $this->getClient(); @@ -69,6 +75,7 @@ public function testRootPostJSON() [ 'name' => 'panier', 'desc' => 'mon beau panier', + 'prodCreateBasket_token' => $randomValue ], [], [ @@ -200,10 +207,14 @@ public function testBasketUpdatePost() $basket = self::$DI['app']['orm.em']->find('Phraseanet:Basket', 1); $route = sprintf('/prod/baskets/%s/update/', $basket->getId()); + $randomValue = $this->setSessionFormToken('prodBasketRename'); + self::$DI['client']->request( 'POST', $route, [ 'name' => 'new_name', - 'description' => 'new_desc'] + 'description' => 'new_desc', + 'prodBasketRename_token' => $randomValue + ] ); $response = self::$DI['client']->getResponse(); @@ -217,10 +228,13 @@ public function testBasketUpdatePostJSON() $basket = self::$DI['app']['orm.em']->find('Phraseanet:Basket', 1); $route = sprintf('/prod/baskets/%s/update/', $basket->getId()); + $randomValue = $this->setSessionFormToken('prodBasketRename'); + self::$DI['client']->request( 'POST', $route, [ 'name' => 'new_name', - 'description' => 'new_desc' + 'description' => 'new_desc', + 'prodBasketRename_token' => $randomValue ], [], [ "HTTP_ACCEPT" => "application/json"] ); diff --git a/tests/Alchemy/Tests/Phrasea/Controller/Prod/DownloadTest.php b/tests/Alchemy/Tests/Phrasea/Controller/Prod/DownloadTest.php index a3909c95e9..58848c7072 100644 --- a/tests/Alchemy/Tests/Phrasea/Controller/Prod/DownloadTest.php +++ b/tests/Alchemy/Tests/Phrasea/Controller/Prod/DownloadTest.php @@ -22,6 +22,8 @@ class DownloadTest extends \PhraseanetAuthenticatedWebTestCase public function testDownloadRecords() { $triggered = false; + $randomValue = $this->setSessionFormToken('prodExportDownload'); + self::$DI['app']['dispatcher']->addListener(PhraseaEvents::EXPORT_CREATE, function (Event $event) use (&$triggered) { $triggered = true; }); @@ -30,7 +32,8 @@ public function testDownloadRecords() 'ssttid' => '', 'obj' => ['preview', 'document'], 'title' => 'export_title_test', - 'businessfields' => '1' + 'businessfields' => '1', + 'prodExportDownload_token' => $randomValue ]); $response = self::$DI['client']->getResponse(); @@ -46,6 +49,8 @@ public function testDownloadRecords() public function testDownloadRestricted() { $triggered = false; + $randomValue = $this->setSessionFormToken('prodExportDownload'); + self::$DI['app']['dispatcher']->addListener(PhraseaEvents::EXPORT_CREATE, function (Event $event) use (&$triggered) { $triggered = true; }); @@ -84,7 +89,8 @@ public function testDownloadRestricted() 'ssttid' => '', 'obj' => ['preview', 'document'], 'title' => 'export_title_test', - 'businessfields' => '1' + 'businessfields' => '1', + 'prodExportDownload_token' => $randomValue ]); $response = self::$DI['client']->getResponse(); @@ -100,6 +106,7 @@ public function testDownloadRestricted() public function testDownloadBasket() { $basket = self::$DI['app']['orm.em']->find('Phraseanet:Basket', 4); + $randomValue = $this->setSessionFormToken('prodExportDownload'); $triggered = false; self::$DI['app']['dispatcher']->addListener(PhraseaEvents::EXPORT_CREATE, function (Event $event) use (&$triggered) { @@ -111,7 +118,8 @@ public function testDownloadBasket() 'ssttid' => $basket->getId(), 'obj' => ['preview', 'document'], 'title' => 'export_title_test', - 'businessfields' => '1' + 'businessfields' => '1', + 'prodExportDownload_token' => $randomValue ]); $response = self::$DI['client']->getResponse(); @@ -127,6 +135,7 @@ public function testDownloadBasket() public function testDownloadBasketValidation() { $basket = self::$DI['app']['orm.em']->find('Phraseanet:Basket', 4); + $randomValue = $this->setSessionFormToken('prodExportDownload'); $triggered = false; self::$DI['app']['dispatcher']->addListener(PhraseaEvents::EXPORT_CREATE, function (Event $event) use (&$triggered) { @@ -138,7 +147,8 @@ public function testDownloadBasketValidation() 'ssttid' => $basket->getId(), 'obj' => ['preview', 'document'], 'title' => 'export_title_test', - 'businessfields' => '1' + 'businessfields' => '1', + 'prodExportDownload_token' => $randomValue ]); $response = self::$DI['client']->getResponse(); diff --git a/tests/Alchemy/Tests/Phrasea/Controller/Prod/ExportTest.php b/tests/Alchemy/Tests/Phrasea/Controller/Prod/ExportTest.php index e49a967d0c..e2b9816c9b 100644 --- a/tests/Alchemy/Tests/Phrasea/Controller/Prod/ExportTest.php +++ b/tests/Alchemy/Tests/Phrasea/Controller/Prod/ExportTest.php @@ -87,13 +87,17 @@ public function testFtpConnexionNoXMLHTTPRequests() */ public function testExportFtpNoDocs() { + $randomValue = $this->setSessionFormToken('prodExportFTP'); + self::$DI['client']->request('POST', '/prod/export/ftp/', [ 'address' => 'test.ftp', 'login' => 'login', 'dest_folder' => 'documents', 'prefix_folder' => 'documents', - 'obj' => ['preview'] + 'obj' => ['preview'], + 'prodExportFTP_token' => $randomValue ]); + $response = self::$DI['client']->getResponse(); $this->assertTrue($response->isOk()); $datas = (array) json_decode($response->getContent()); @@ -116,12 +120,14 @@ public function testExportFtpBadRequest($params) public function getMissingArguments() { + $randomValue = $this->setSessionFormToken('prodExportFTP'); + return [ - [[]], - [['address' => '']], - [['address' => '', 'login' => '']], - [['address' => '', 'login' => '', 'dest_folder' => '']], - [['address' => '', 'login' => '', 'dest_folder' => '', 'prefix_folder' => '']], + [['prodExportFTP_token' => $randomValue]], + [['address' => '', 'prodExportFTP_token' => $randomValue]], + [['address' => '', 'login' => '', 'prodExportFTP_token' => $randomValue]], + [['address' => '', 'login' => '', 'dest_folder' => '', 'prodExportFTP_token' => $randomValue]], + [['address' => '', 'login' => '', 'dest_folder' => '', 'prefix_folder' => '', 'prodExportFTP_token' => $randomValue]], ]; } @@ -131,6 +137,7 @@ public function getMissingArguments() public function testExportFtp() { $app = $this->getApplication(); + $randomValue = $this->setSessionFormToken('prodExportFTP'); $bkp = $app['conf']->get('registry'); @@ -150,7 +157,8 @@ public function testExportFtp() 'login' => $user->getEmail(), 'dest_folder' => '/home/test/', 'prefix_folder' => 'test2/', - 'obj' => ['preview'] + 'obj' => ['preview'], + 'prodExportFTP_token' => $randomValue ]); $response = $this->getClient()->getResponse(); @@ -172,10 +180,13 @@ public function testExportMail() // deliver method removed in the listener // $this->mockNotificationDeliverer('Alchemy\Phrasea\Notification\Mail\MailRecordsExport'); + $randomValue = $this->setSessionFormToken('prodExportEmail'); + $this->getClient()->request('POST', '/prod/export/mail/', [ 'lst' => $this->getRecord1()->getId(), 'destmail' => 'user@example.com', 'obj' => ['preview'], + 'prodExportEmail_token' => $randomValue ]); $response = $this->getClient()->getResponse(); diff --git a/tests/Alchemy/Tests/Phrasea/Controller/Prod/OrderTest.php b/tests/Alchemy/Tests/Phrasea/Controller/Prod/OrderTest.php index e4205b7c28..fdc68df288 100644 --- a/tests/Alchemy/Tests/Phrasea/Controller/Prod/OrderTest.php +++ b/tests/Alchemy/Tests/Phrasea/Controller/Prod/OrderTest.php @@ -19,6 +19,7 @@ class OrderTest extends \PhraseanetAuthenticatedWebTestCase public function testCreateOrder() { $app = $this->getApplication(); + $randomValue = $this->setSessionFormToken('prodExportOrder'); $triggered = false; $app['dispatcher']->addListener(PhraseaEvents::ORDER_CREATE, function () use (&$triggered) { @@ -27,7 +28,8 @@ public function testCreateOrder() $response = $this->request('POST', '/prod/order/', [ 'lst' => $this->getRecord1()->getId(), - 'deadline' => '+10 minutes' + 'deadline' => '+10 minutes', + 'prodExportOrder_token' => $randomValue ]); $this->assertTrue($response->isRedirect(), 'Response should be redirect'); @@ -41,6 +43,7 @@ public function testCreateOrder() public function testCreateOrderJson() { $app = $this->getApplication(); + $randomValue = $this->setSessionFormToken('prodExportOrder'); $triggered = false; $app['dispatcher']->addListener(PhraseaEvents::ORDER_CREATE, function (Event $event) use (&$triggered) { @@ -49,7 +52,8 @@ public function testCreateOrderJson() $response = $this->XMLHTTPRequest('POST', '/prod/order/', [ 'lst' => $this->getRecord1()->getId(), - 'deadline' => '+10 minutes' + 'deadline' => '+10 minutes', + 'prodExportOrder_token' => $randomValue ]); $this->assertTrue($response->isOk(), 'Invalid response from create order'); diff --git a/tests/Alchemy/Tests/Phrasea/Controller/Prod/PrinterTest.php b/tests/Alchemy/Tests/Phrasea/Controller/Prod/PrinterTest.php index c99084431e..fab6fd5d7f 100644 --- a/tests/Alchemy/Tests/Phrasea/Controller/Prod/PrinterTest.php +++ b/tests/Alchemy/Tests/Phrasea/Controller/Prod/PrinterTest.php @@ -33,6 +33,8 @@ public function testRouteSlash() public function testRoutePrintPdf() { + $randomValue = $this->setSessionFormToken('prodPrint'); + $records = [ self::$DI['record_1']->get_serialize_key(), self::$DI['record_2']->get_serialize_key(), @@ -53,7 +55,8 @@ public function testRoutePrintPdf() foreach ($layouts as $layout) { self::$DI['client']->request('POST', '/prod/printer/print.pdf', [ 'lst' => $lst, - 'lay' => $layout + 'lay' => $layout, + 'prodPrint_token' => $randomValue ] ); diff --git a/tests/Alchemy/Tests/Phrasea/Controller/Prod/PropertyTest.php b/tests/Alchemy/Tests/Phrasea/Controller/Prod/PropertyTest.php index 7dbfa21760..96afb9fd47 100644 --- a/tests/Alchemy/Tests/Phrasea/Controller/Prod/PropertyTest.php +++ b/tests/Alchemy/Tests/Phrasea/Controller/Prod/PropertyTest.php @@ -100,6 +100,7 @@ public function testChangeStatus() ->will($this->returnValue($acl)); self::$DI['app']['acl'] = $aclProvider; + $randomValue = $this->setSessionFormToken('prodPropertyStatus'); self::$DI['client']->request('POST', '/prod/records/property/status/', [ 'apply_to_children' => [$story->getDataboxId() => true], @@ -108,8 +109,10 @@ public function testChangeStatus() ], 'lst' => implode(';', [ $record->getId(),$story->getId() - ]) + ]), + 'prodPropertyStatus_token' => $randomValue ]); + $response = self::$DI['client']->getResponse(); $datas = (array) json_decode($response->getContent()); $this->assertArrayHasKey('success', $datas); @@ -152,6 +155,7 @@ public function testChangeType() $file = new File(self::$DI['app'], self::$DI['app']['mediavorus']->guess(__DIR__ . '/../../../../../files/cestlafete.jpg'), self::$DI['collection']); $record = \record_adapter::createFromFile($file, self::$DI['app']); $record2 = \record_adapter::createFromFile($file, self::$DI['app']); + $randomValue = $this->setSessionFormToken('prodPropertyType'); self::$DI['client']->request('POST', '/prod/records/property/type/', [ 'lst' => implode(';', [ @@ -160,7 +164,8 @@ public function testChangeType() 'types' => [ $record->getId() => 'document', $record2->getId() => 'flash', - ] + ], + 'prodPropertyType_token' => $randomValue ]); $response = self::$DI['client']->getResponse(); $datas = (array) json_decode($response->getContent()); diff --git a/tests/Alchemy/Tests/Phrasea/Controller/Prod/QueryTest.php b/tests/Alchemy/Tests/Phrasea/Controller/Prod/QueryTest.php index 5de67bd775..8d3b3851c3 100644 --- a/tests/Alchemy/Tests/Phrasea/Controller/Prod/QueryTest.php +++ b/tests/Alchemy/Tests/Phrasea/Controller/Prod/QueryTest.php @@ -29,11 +29,12 @@ public function testQuery() ->getMock(); self::$DI['app']['manipulator.user'] = $userManipulator; + $randomValue = $this->setSessionFormToken('searchForm'); $userManipulator->expects($this->once())->method('logQuery'); $client = $this->getClient(); - $client->request('POST', $route); + $client->request('POST', $route, ['searchForm_token' => $randomValue]); $response = $client->getResponse(); $this->assertEquals('application/json', $response->headers->get('Content-type')); diff --git a/tests/Alchemy/Tests/Phrasea/Controller/Prod/StoryTest.php b/tests/Alchemy/Tests/Phrasea/Controller/Prod/StoryTest.php index bb09193b93..30724943db 100644 --- a/tests/Alchemy/Tests/Phrasea/Controller/Prod/StoryTest.php +++ b/tests/Alchemy/Tests/Phrasea/Controller/Prod/StoryTest.php @@ -15,6 +15,8 @@ class StoryTest extends \PhraseanetAuthenticatedWebTestCase public function testRootPost() { self::$DI['app']['phraseanet.SE'] = $this->createSearchEngineMock(); + $randomValue = $this->setSessionFormToken('prodCreateStory'); + $route = "/prod/story/"; $collections = self::$DI['app']->getAclForUser(self::$DI['app']->getAuthenticatedUser()) @@ -25,7 +27,8 @@ public function testRootPost() self::$DI['client']->request( 'POST', $route, [ 'base_id' => $collection->get_base_id(), - 'name' => ['1-1' => 'test story'] //db-metastructId => storyname + 'name' => ['1-1' => 'test story'], //db-metastructId => storyname + 'prodCreateStory_token' => $randomValue ] ); @@ -44,6 +47,7 @@ public function testRootPost() public function testRootPostJSON() { + $randomValue = $this->setSessionFormToken('prodCreateStory'); $route = "/prod/story/"; $collections = self::$DI['app']->getAclForUser(self::$DI['app']->getAuthenticatedUser()) @@ -52,10 +56,17 @@ public function testRootPostJSON() $collection = array_shift($collections); $crawler = self::$DI['client']->request( - 'POST', $route, [ - 'base_id' => $collection->get_base_id(), - 'name' => 'test story'], [], [ - "HTTP_ACCEPT" => "application/json"] + 'POST', + $route, + [ + 'base_id' => $collection->get_base_id(), + 'name' => 'test story', + 'prodCreateStory_token' => $randomValue + ], + [], + [ + "HTTP_ACCEPT" => "application/json" + ] ); $response = self::$DI['client']->getResponse(); diff --git a/tests/Alchemy/Tests/Phrasea/Controller/Prod/ToolsTest.php b/tests/Alchemy/Tests/Phrasea/Controller/Prod/ToolsTest.php index 33ed490c28..a573c23f81 100644 --- a/tests/Alchemy/Tests/Phrasea/Controller/Prod/ToolsTest.php +++ b/tests/Alchemy/Tests/Phrasea/Controller/Prod/ToolsTest.php @@ -35,9 +35,13 @@ public function testRouteChangeDoc() self::$DI['app']['phraseanet.SE'] = $this->createSearchEngineMock(); $record = self::$DI['record_1']; + $randomValue = bin2hex(random_bytes(35)); + self::$DI['app']['session']->set('prodToolsHDSubstitution_token', $randomValue); + $crawler = self::$DI['client']->request('POST', '/prod/tools/hddoc/', [ 'sbas_id' => $record->get_sbas_id(), 'record_id' => $record->get_record_id(), + 'prodToolsHDSubstitution_token' => $randomValue ], [ 'newHD' => new UploadedFile( $this->tmpFile, 'KIKOO.JPG', 'image/jpg', 2000 @@ -53,10 +57,13 @@ public function testRouteChangeDoc() public function testRouteChangeThumb() { $record = self::$DI['record_1']; + $randomValue = bin2hex(random_bytes(35)); + self::$DI['app']['session']->set('prodToolsThumbSubstitution_token', $randomValue); $crawler = self::$DI['client']->request('POST', '/prod/tools/chgthumb/', [ 'sbas_id' => $record->get_sbas_id(), 'record_id' => $record->get_record_id(), + 'prodToolsThumbSubstitution_token' => $randomValue ], [ 'newThumb' => new UploadedFile( $this->tmpFile, 'KIKOO.JPG', 'image/jpg', 2000 diff --git a/tests/classes/PhraseanetTestCase.php b/tests/classes/PhraseanetTestCase.php index 836f74af48..c6d7afb8ef 100644 --- a/tests/classes/PhraseanetTestCase.php +++ b/tests/classes/PhraseanetTestCase.php @@ -811,4 +811,12 @@ protected function createSearchEngineMock() return $mock; } + + protected function setSessionFormToken($formName) + { + $randomValue = bin2hex(random_bytes(35)); + self::$DI['app']['session']->set($formName.'_token', $randomValue); + + return $randomValue; + } }