update deprecated tests

yiisoft · Nov 8, 2024 · 9e56915 · 9e56915
1 parent 7e15fee
commit 9e56915
Show file tree

Hide file tree

Showing 2 changed files with 59 additions and 7 deletions.
diff --git a/tests/DeprecatedCsrfMiddlewareTest.php b/tests/DeprecatedCsrfMiddlewareTest.php
@@ -10,6 +10,7 @@
 use Yiisoft\Csrf\Synchronizer\Generator\RandomCsrfTokenGenerator;
 use Yiisoft\Csrf\Synchronizer\SynchronizerCsrfToken;
 use Yiisoft\Csrf\Tests\Synchronizer\Storage\MockCsrfTokenStorage;
+use Yiisoft\Http\Method;
 
 final class DeprecatedCsrfMiddlewareTest extends TestCase
 {
@@ -46,6 +47,7 @@ public function testImmutability(): void
         $original = $this->createMiddleware();
         $this->assertNotSame($original, $original->withHeaderName('csrf'));
         $this->assertNotSame($original, $original->withParameterName('csrf'));
+        $this->assertNotSame($original, $original->withSafeMethods([Method::HEAD]));
     }
 
     private function createMiddleware(): CsrfMiddleware

diff --git a/tests/DeprecatedTokenCsrfMiddlewareTest.php b/tests/DeprecatedTokenCsrfMiddlewareTest.php
@@ -24,6 +24,27 @@ abstract class DeprecatedTokenCsrfMiddlewareTest extends TestCase
 
     private string $token;
 
+    public function testGetIsAlwaysAllowed(): void
+    {
+        $middleware = $this->createCsrfMiddleware();
+        $response = $middleware->process($this->createServerRequest(Method::GET), $this->createRequestHandler());
+        $this->assertEquals(200, $response->getStatusCode());
+    }
+
+    public function testHeadIsAlwaysAllowed(): void
+    {
+        $middleware = $this->createCsrfMiddleware();
+        $response = $middleware->process($this->createServerRequest(Method::HEAD), $this->createRequestHandler());
+        $this->assertEquals(200, $response->getStatusCode());
+    }
+
+    public function testOptionsIsAlwaysAllowed(): void
+    {
+        $middleware = $this->createCsrfMiddleware();
+        $response = $middleware->process($this->createServerRequest(Method::OPTIONS), $this->createRequestHandler());
+        $this->assertEquals(200, $response->getStatusCode());
+    }
+
     public function testValidTokenInBodyPostRequestResultIn200(): void
     {
         $middleware = $this->createCsrfMiddleware();
@@ -79,13 +100,6 @@ public function testValidTokenInCustomHeaderResultIn200(): void
         $this->assertEquals(200, $response->getStatusCode());
     }
 
-    public function testGetIsAlwaysAllowed(): void
-    {
-        $middleware = $this->createCsrfMiddleware();
-        $response = $middleware->process($this->createServerRequest(Method::GET), $this->createRequestHandler());
-        $this->assertEquals(200, $response->getStatusCode());
-    }
-
     public function testInvalidTokenResultIn422(): void
     {
         $middleware = $this->createCsrfMiddleware();
@@ -130,6 +144,42 @@ public function testEmptyTokenInRequestResultIn422(): void
         $this->assertEquals(Status::UNPROCESSABLE_ENTITY, $response->getStatusCode());
     }
 
+    public function testUnsafeMethodPostRequestResultIn422(): void
+    {
+        $middleware = $this->createCsrfMiddleware();
+        $response = $middleware->process(
+            $this->createServerRequest(Method::POST),
+            $this->createRequestHandler()
+        );
+        $this->assertEquals(Status::TEXTS[Status::UNPROCESSABLE_ENTITY], $response->getBody());
+        $this->assertEquals(Status::UNPROCESSABLE_ENTITY, $response->getStatusCode());
+    }
+
+    public function testCustomSafeOptionsRequestResultIn200(): void
+    {
+        $middleware = $this
+            ->createCsrfMiddleware()
+            ->withSafeMethods([Method::OPTIONS]);
+        $response = $middleware->process(
+            $this->createServerRequest(Method::OPTIONS),
+            $this->createRequestHandler()
+        );
+        $this->assertEquals(200, $response->getStatusCode());
+    }
+
+    public function testCustomUnsafeMethodGetRequestResultIn422(): void
+    {
+        $middleware = $this
+            ->createCsrfMiddleware()
+            ->withSafeMethods([Method::OPTIONS]);
+        $response = $middleware->process(
+            $this->createServerRequest(Method::GET),
+            $this->createRequestHandler()
+        );
+        $this->assertEquals(Status::TEXTS[Status::UNPROCESSABLE_ENTITY], $response->getBody());
+        $this->assertEquals(Status::UNPROCESSABLE_ENTITY, $response->getStatusCode());
+    }
+
     private function createServerRequest(
         string $method = Method::POST,
         array $bodyParams = [],