Files
breadcrumb-the-shire/tests/Architecture/AuthLogoutCsrfContractTest.php

40 lines
1.7 KiB
PHP
Raw Normal View History

<?php
namespace MintyPHP\Tests\Architecture;
use PHPUnit\Framework\TestCase;
class AuthLogoutCsrfContractTest extends TestCase
{
use ProjectFileAssertionSupport;
public function testLogoutActionRequiresPostAndCsrf(): void
{
$content = $this->readProjectFile('pages/auth/logout().php');
$this->assertStringContainsString("actionRequirePost('login')", $content);
$this->assertStringContainsString("actionRequireCsrf('login', 'login', 'logout_csrf')", $content);
}
public function testTopbarLogoutUsesPostFormSubmitInsteadOfGetLink(): void
{
$content = $this->readProjectFile('templates/partials/app-topbar.phtml');
$this->assertStringNotContainsString('href="logout"', $content);
$this->assertStringContainsString('type="submit"', $content);
$this->assertStringContainsString('form="<?php e($logoutFormId); ?>"', $content);
}
public function testLayoutAndSessionWarningUseLogoutFormContract(): void
{
$layoutContent = $this->readProjectFile('templates/default.phtml');
$sessionWarningJs = $this->readProjectFile('web/js/components/app-session-warning.js');
$this->assertStringContainsString('\'logoutFormId\' => $sessionLogoutFormId', $layoutContent);
$this->assertStringContainsString('data-session-logout-form-id="<?php e($sessionLogoutFormId); ?>"', $layoutContent);
$this->assertStringContainsString('<form id="<?php e($sessionLogoutFormId); ?>" method="post" action="<?php e($sessionLogoutUrl); ?>" hidden>', $layoutContent);
$this->assertStringContainsString('requestSubmitWithFallback(form)', $sessionWarningJs);
$this->assertStringNotContainsString('window.location.href = config.logoutUrl', $sessionWarningJs);
}
}