From 91e682181ad793c2320492269e205ed8d4442205 Mon Sep 17 00:00:00 2001
From: hacan359 <05hacan@gmail.com>
Date: Wed, 7 Feb 2024 18:11:41 +0300
Subject: [PATCH] Add stubcsrf

---
 README.md                   | 11 ++++++++---
 src/StubCsrfToken.php       | 36 ++++++++++++++++++++++++++++++++++++
 tests/StubCsrfTokenTest.php | 35 +++++++++++++++++++++++++++++++++++
 3 files changed, 79 insertions(+), 3 deletions(-)
 create mode 100644 src/StubCsrfToken.php
 create mode 100644 tests/StubCsrfTokenTest.php

diff --git a/README.md b/README.md
index b6c8be9..94d99c5 100644
--- a/README.md
+++ b/README.md
@@ -18,7 +18,8 @@
 The package provides [PSR-15](https://www.php-fig.org/psr/psr-15/) middleware for CSRF protection:
 
 - It supports two algorithms out of the box:
-    - Synchronizer CSRF token with customizable token generation and storage. By default, it uses random data and session.
+    - Synchronizer CSRF token with customizable token generation and storage. By default, it uses random data and
+      session.
     - HMAC based token with customizable identity generation. Uses session by default.
 - It has ability to apply masking to CSRF token string to make [BREACH attack](https://breachattack.com/) impossible.
 
@@ -122,7 +123,7 @@ token that came from the form is compared against the token stored.
 Package provides `RandomCsrfTokenGenerator` that generates a random token and
 `SessionCsrfTokenStorage` that persists a token between requests in a user session.
 
-To learn more about the synchronizer token pattern, 
+To learn more about the synchronizer token pattern,
 [check OWASP CSRF cheat sheet](https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html#synchronizer-token-pattern).
 
 ### HMAC based token
@@ -154,6 +155,9 @@ It is recommended to always use this decorator.
 
 ## Testing
 
+The `StubCsrfToken` class can be useful when mocking CSRF token behavior during unit testing or when providing
+placeholder functionality in temporary solutions.
+
 ### Unit testing
 
 The package is tested with [PHPUnit](https://phpunit.de/). To run tests:
@@ -181,7 +185,8 @@ The code is statically analyzed with [Psalm](https://psalm.dev/). To run static
 
 ## License
 
-The Yii CSRF Protection Library is free software. It is released under the terms of the BSD License. Please see [`LICENSE`](./LICENSE.md) for more information.
+The Yii CSRF Protection Library is free software. It is released under the terms of the BSD License. Please
+see [`LICENSE`](./LICENSE.md) for more information.
 
 Maintained by [Yii Software](https://www.yiiframework.com/).
 
diff --git a/src/StubCsrfToken.php b/src/StubCsrfToken.php
new file mode 100644
index 0000000..4c55aa8
--- /dev/null
+++ b/src/StubCsrfToken.php
@@ -0,0 +1,36 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Yiisoft\Csrf;
+
+use Yiisoft\Security\Random;
+
+/**
+ * StubCsrfToken represents a simple implementation of CsrfTokenInterface.
+ *
+ * This implementation simply stores and returns a token string. It does not perform any additional validation.
+ * It is primarily used for testing or as a placeholder implementation.
+ */
+final class StubCsrfToken implements CsrfTokenInterface
+{
+    private ?string $token;
+
+    public function __construct(?string $token = null)
+    {
+        $this->token = $token;
+        if (null === $token) {
+            $this->token = Random::string();
+        }
+    }
+
+    public function getValue(): string
+    {
+        return $this->token;
+    }
+
+    public function validate(string $token): bool
+    {
+        return $this->token === $token;
+    }
+}
diff --git a/tests/StubCsrfTokenTest.php b/tests/StubCsrfTokenTest.php
new file mode 100644
index 0000000..66969b3
--- /dev/null
+++ b/tests/StubCsrfTokenTest.php
@@ -0,0 +1,35 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Yiisoft\Csrf\Tests;
+
+use PHPUnit\Framework\TestCase;
+use Yiisoft\Csrf\StubCsrfToken;
+use Yiisoft\Security\Random;
+
+final class StubCsrfTokenTest extends TestCase
+{
+    public function testValue(): void
+    {
+        $csrfToken = Random::string();
+        $stubToken = new StubCsrfToken($csrfToken);
+        $this->assertSame($csrfToken, $stubToken->getValue());
+    }
+
+    public function testValidate(): void
+    {
+        $csrfToken = Random::string();
+        $stubToken = new StubCsrfToken($csrfToken);
+        $this->assertTrue($stubToken->validate($csrfToken));
+        $this->assertFalse($stubToken->validate(Random::string()));
+    }
+
+    public function testEmptyToken(): void
+    {
+        $stubToken = new StubCsrfToken();
+        $token = $stubToken->getValue();
+        $this->assertNotEmpty($token);
+        $this->assertTrue($stubToken->validate($token));
+    }
+}