Home Explore Help
Sign In
kevin
/
Popsu-coloque
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: c11935cb48
Branches Tags
Popsu-coloque
/
web
/
core
/
tests
/
Drupal
/
FunctionalJavascriptTests
/
Core
/
CsrfTokenRaceTest.php

CsrfTokenRaceTest.php 1.6 KB
History Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061 
  1. <?php
    2. 

  2. 

  3. namespace Drupal\FunctionalJavascriptTests\Core;
    4. 

  4. 

  5. use Drupal\FunctionalJavascriptTests\WebDriverTestBase;
    6. 

  6. 

  7. /**
    8. 

  8.  * Test race condition for CSRF tokens for simultaneous requests.
    9. 

  9.  *
    10. 

  10.  * @group Session
    11. 

  11.  */
    12. 

  12. class CsrfTokenRaceTest extends WebDriverTestBase {
    13. 

  13. 

  14.   /**
    15. 

  15.    * {@inheritdoc}
    16. 

  16.    */
    17. 

  17.   protected static $modules = ['csrf_race_test'];
    18. 

  18. 

  19.   /**
    20. 

  20.    * {@inheritdoc}
    21. 

  21.    */
    22. 

  22.   protected $defaultTheme = 'stark';
    23. 

  23. 

  24.   /**
    25. 

  25.    * Test race condition for CSRF tokens for simultaneous requests.
    26. 

  26.    */
    27. 

  27.   public function testCsrfRace() {
    28. 

  28.     $user = $this->createUser(['access content']);
    29. 

  29.     $this->drupalLogin($user);
    30. 

  30.     $this->drupalGet('/csrf_race/test');
    31. 

  31.     $script = '';
    32. 

  32.     // Delay the request processing of the first request by one second through
    33. 

  33.     // the request parameter, which will simulate the concurrent processing
    34. 

  34.     // of both requests.
    35. 

  35.     foreach ([1, 0] as $i) {
    36. 

  36.       $script .= <<<EOT
    37. 

  37.       jQuery.ajax({
    38. 

  38.         url: "$this->baseUrl/csrf_race/get_csrf_token/$i",
    39. 

  39.         method: "GET",
    40. 

  40.         headers: {
    41. 

  41.           "Content-Type": "application/json"
    42. 

  42.         },
    43. 

  43.         success: function(response) {
    44. 

  44.           jQuery('body').append("<p class='csrf$i'></p>");
    45. 

  45.           jQuery('.csrf$i').html(response);
    46. 

  46.         },
    47. 

  47.         error: function() {
    48. 

  48.           jQuery('body').append('Nothing');
    49. 

  49.         }
    50. 

  50.       });
    51. 

  51. EOT;
    52. 

  52.     }
    53. 

  53.     $this->getSession()->getDriver()->executeScript($script);
    54. 

  54.     $token0 = $this->assertSession()->waitForElement('css', '.csrf0')->getHtml();
    55. 

  55.     $token1 = $this->assertSession()->waitForElement('css', '.csrf1')->getHtml();
    56. 

  56.     $this->assertNotNull($token0);
    57. 

  57.     $this->assertNotNull($token1);
    58. 

  58.     $this->assertEqual($token0, $token1);
    59. 

  59.   }
    60. 

  60. 

  61. }
    62.