feat(auth): harden login flows and finalize quality-check coverage
This commit is contained in:
23
tests/Architecture/AuthRegisterSecurityContractTest.php
Normal file
23
tests/Architecture/AuthRegisterSecurityContractTest.php
Normal file
@@ -0,0 +1,23 @@
|
||||
<?php
|
||||
|
||||
namespace MintyPHP\Tests\Architecture;
|
||||
|
||||
use PHPUnit\Framework\TestCase;
|
||||
|
||||
class AuthRegisterSecurityContractTest extends TestCase
|
||||
{
|
||||
use ProjectFileAssertionSupport;
|
||||
|
||||
public function testRegisterPageVerifiesCsrfBeforeHandlingPostPayload(): void
|
||||
{
|
||||
$content = $this->readProjectFile('pages/auth/register().php');
|
||||
|
||||
$this->assertStringContainsString("if (\$request->isMethod('POST')) {", $content);
|
||||
$this->assertStringContainsString("if (!Session::checkCsrfToken()) {", $content);
|
||||
$this->assertStringContainsString("t('Form expired, please try again')", $content);
|
||||
$this->assertMatchesRegularExpression(
|
||||
'/if \(\$request->isMethod\(\'POST\'\)\) \{\s*if \(!Session::checkCsrfToken\(\)\) \{/s',
|
||||
$content
|
||||
);
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user