-
Notifications
You must be signed in to change notification settings - Fork 26
Expand file tree
/
Copy pathClientFormTest.php
More file actions
104 lines (92 loc) · 3.37 KB
/
ClientFormTest.php
File metadata and controls
104 lines (92 loc) · 3.37 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
<?php
declare(strict_types=1);
namespace SimpleSAML\Test\Module\oidc\unit\Forms;
use Laminas\Diactoros\ServerRequest;
use PHPUnit\Framework\Attributes\DataProvider;
use PHPUnit\Framework\Attributes\TestDox;
use PHPUnit\Framework\MockObject\MockObject;
use PHPUnit\Framework\TestCase;
use SimpleSAML\Configuration;
use SimpleSAML\Module\oidc\Forms\ClientForm;
use SimpleSAML\Module\oidc\Forms\Controls\CsrfProtection;
use SimpleSAML\Module\oidc\ModuleConfig;
/**
* @covers \SimpleSAML\Module\oidc\Forms\ClientForm
*/
class ClientFormTest extends TestCase
{
/** @var \PHPUnit\Framework\MockObject\MockObject */
protected MockObject $csrfProtection;
/** @var \PHPUnit\Framework\MockObject\MockObject */
protected MockObject $moduleConfig;
/** @var \PHPUnit\Framework\MockObject\MockObject */
protected MockObject $serverRequestMock;
/**
* @throws \Exception
*/
public function setUp(): void
{
parent::setUp();
Configuration::clearInternalState();
$this->csrfProtection = $this->createMock(CsrfProtection::class);
$this->moduleConfig = $this->createMock(ModuleConfig::class);
$this->serverRequestMock = $this->createMock(ServerRequest::class);
}
public static function validateOriginProvider(): array
{
return [
['example.com', false],
['https://example.com.', true],
['http://example.com.', true],
['http://foo.', true],
['http://foo', true],
['https://user:pass@example.com', false],
['http://example.com', true],
['https://example.com:2020', true],
['https://localhost:2020', true],
['http://localhost:2020', true],
['http://localhost', true],
['https://example.com/path', false],
['https://example.com:8080/path', false],
['http://*.example.com', false],
['http://*.example.com.', false],
['https://foo.example.com:80', true],
['http://*.example', false],
['http://foo.*.test.com', false],
['http://*', false],
['http://*.com', false],
['https://test........', false],
['https://developer.mozilla.org:80', true],
['http://attacker.bar/test.php', false],
['https://cors-test.codehappy.dev', true],
['http://80.345.28.123', true],
['https://127.0.0.1:8080', true],
['https://127.0.0.1:8080/path', false],
['https://user:pass@127.0.0.1:8080/path', false],
];
}
/**
* @param string $url
* @param bool $isValid
*
* @return void
* @throws \Exception
*/
#[DataProvider('validateOriginProvider')]
#[TestDox('Allowed Origin URL: $url is expected to be $isValid')]
public function testValidateOrigin(string $url, bool $isValid): void
{
$clientForm = $this->prepareMockedInstance();
$clientForm->setValues(['allowed_origin' => $url]);
$clientForm->validateAllowedOrigin($clientForm);
$this->assertEquals(!$isValid, $clientForm->hasErrors(), $url);
}
/**
* @return \SimpleSAML\Module\oidc\Forms\ClientForm
* @throws \Exception
*/
protected function prepareMockedInstance(): ClientForm
{
return new ClientForm($this->moduleConfig, $this->csrfProtection);
}
}