forked from fa/breadcrumb-the-shire
40 lines
1.7 KiB
PHP
40 lines
1.7 KiB
PHP
<?php
|
|
|
|
namespace MintyPHP\Tests\Architecture;
|
|
|
|
use PHPUnit\Framework\TestCase;
|
|
|
|
class AuthLogoutCsrfContractTest extends TestCase
|
|
{
|
|
use ProjectFileAssertionSupport;
|
|
|
|
public function testLogoutActionRequiresPostAndCsrf(): void
|
|
{
|
|
$content = $this->readProjectFile('pages/auth/logout().php');
|
|
|
|
$this->assertStringContainsString("actionRequirePost('login')", $content);
|
|
$this->assertStringContainsString("actionRequireCsrf('login', 'login', 'logout_csrf')", $content);
|
|
}
|
|
|
|
public function testTopbarLogoutUsesPostFormSubmitInsteadOfGetLink(): void
|
|
{
|
|
$content = $this->readProjectFile('templates/partials/app-topbar.phtml');
|
|
|
|
$this->assertStringNotContainsString('href="logout"', $content);
|
|
$this->assertStringContainsString('type="submit"', $content);
|
|
$this->assertStringContainsString('form="<?php e($logoutFormId); ?>"', $content);
|
|
}
|
|
|
|
public function testLayoutAndSessionWarningUseLogoutFormContract(): void
|
|
{
|
|
$layoutContent = $this->readProjectFile('templates/default.phtml');
|
|
$sessionWarningJs = $this->readProjectFile('web/js/components/app-session-warning.js');
|
|
|
|
$this->assertStringContainsString('\'logoutFormId\' => $sessionLogoutFormId', $layoutContent);
|
|
$this->assertStringContainsString('data-session-logout-form-id="<?php e($sessionLogoutFormId); ?>"', $layoutContent);
|
|
$this->assertStringContainsString('<form id="<?php e($sessionLogoutFormId); ?>" method="post" action="<?php e($sessionLogoutUrl); ?>" hidden>', $layoutContent);
|
|
$this->assertStringContainsString('requestSubmitWithFallback(form)', $sessionWarningJs);
|
|
$this->assertStringNotContainsString('window.location.href = config.logoutUrl', $sessionWarningJs);
|
|
}
|
|
}
|