diff --git a/tests/system/Security/SecurityTest.php b/tests/system/Security/SecurityTest.php index 835f982d4b0c..2f3aea06470b 100644 --- a/tests/system/Security/SecurityTest.php +++ b/tests/system/Security/SecurityTest.php @@ -24,6 +24,7 @@ use CodeIgniter\Test\Mock\MockSecurity; use Config\Security as SecurityConfig; use PHPUnit\Framework\Attributes\BackupGlobals; +use PHPUnit\Framework\Attributes\DataProvider; use PHPUnit\Framework\Attributes\Group; /** @@ -42,13 +43,23 @@ protected function setUp(): void $this->resetServices(); } - private function createMockSecurity(?SecurityConfig $config = null): MockSecurity + private static function createMockSecurity(SecurityConfig $config = new SecurityConfig()): MockSecurity { - $config ??= new SecurityConfig(); - return new MockSecurity($config); } + private static function createIncomingRequest(): IncomingRequest + { + $config = new MockAppConfig(); + + return new IncomingRequest( + $config, + new SiteURI($config), + null, + new UserAgent(), + ); + } + public function testBasicConfigIsSaved(): void { $security = $this->createMockSecurity(); @@ -108,18 +119,6 @@ public function testCSRFVerifyPostThrowsExceptionOnNoMatch(): void $security->verify($request); } - private function createIncomingRequest(): IncomingRequest - { - $config = new MockAppConfig(); - - return new IncomingRequest( - $config, - new SiteURI($config), - null, - new UserAgent(), - ); - } - public function testCSRFVerifyPostReturnsSelfOnMatch(): void { $_SERVER['REQUEST_METHOD'] = 'POST'; @@ -354,24 +353,34 @@ public function testGetPostedTokenReturnsTokenFromFormBody(): void $this->assertSame('8b9218a55906f9dcc1dc263dce7f005a', $method($request)); } - public function testGetPostedTokenReturnsNullForInvalidInputs(): void + #[DataProvider('provideGetPostedTokenReturnsNullForInvalidInputs')] + public function testGetPostedTokenReturnsNullForInvalidInputs(string $case, IncomingRequest $request): void + { + $method = $this->getPrivateMethodInvoker($this->createMockSecurity(), 'getPostedToken'); + + $this->assertNull( + $method($request), + sprintf('Failed asserting that %s returns null on invalid input.', $case), + ); + } + + /** + * @return iterable + */ + public static function provideGetPostedTokenReturnsNullForInvalidInputs(): iterable { - $method = $this->getPrivateMethodInvoker($this->createMockSecurity(), 'getPostedToken'); $testCases = [ - 'empty_post' => $this->createIncomingRequest(), - 'invalid_post_data' => $this->createIncomingRequest()->setGlobal('post', ['csrf_test_name' => ['invalid' => 'data']]), - 'empty_header' => $this->createIncomingRequest()->setHeader('X-CSRF-TOKEN', ''), - 'invalid_json_data' => $this->createIncomingRequest()->setBody(json_encode(['csrf_test_name' => ['invalid' => 'data']])), - 'invalid_json' => $this->createIncomingRequest()->setBody('{invalid json}'), - 'missing_token_in_body' => $this->createIncomingRequest()->setBody('other=value&another=test'), - 'invalid_form_data' => $this->createIncomingRequest()->setBody('csrf_test_name[]=invalid'), + 'empty_post' => self::createIncomingRequest(), + 'invalid_post_data' => self::createIncomingRequest()->setGlobal('post', ['csrf_test_name' => ['invalid' => 'data']]), + 'empty_header' => self::createIncomingRequest()->setHeader('X-CSRF-TOKEN', ''), + 'invalid_json_data' => self::createIncomingRequest()->setBody(json_encode(['csrf_test_name' => ['invalid' => 'data']])), + 'invalid_json' => self::createIncomingRequest()->setBody('{invalid json}'), + 'missing_token_in_body' => self::createIncomingRequest()->setBody('other=value&another=test'), + 'invalid_form_data' => self::createIncomingRequest()->setBody('csrf_test_name[]=invalid'), ]; foreach ($testCases as $case => $request) { - $this->assertNull( - $method($request), - "Failed asserting that {$case} returns null" - ); + yield $case => [$case, $request]; } } }