groove/Part-DB-server
1
0
Fork 0
mirror of https://github.com/Part-DB/Part-DB-server.git synced 2026-05-20 18:31:33 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 5

Fix CSRF tests: initialize session before getting tokens

Browse source
This commit is contained in:
Sebastian Almberg 2026-03-04 11:58:12 +01:00
parent 61f54d359e
commit 095f3ae776
1 changed files with 17 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

25
tests/Controller/UpdateManagerControllerTest.php
View file

@ -45,6 +45,18 @@ final class UpdateManagerControllerTest extends WebTestCase
$client->loginUser($user); $client->loginUser($user);
} }
/**
* Get a valid CSRF token by first making a request to initialize the session.
*/
private function getCsrfToken($client, string $tokenId): string
{
// Make a GET request first to initialize the session
$client->request('GET', '/en/system/update-manager');
return $client->getContainer()->get('security.csrf.token_manager')
->getToken($tokenId)->getValue();
}
public function testIndexPageRequiresAuth(): void public function testIndexPageRequiresAuth(): void
{ {
$client = static::createClient(); $client = static::createClient();
@ -83,9 +95,7 @@ final class UpdateManagerControllerTest extends WebTestCase
$client = static::createClient(); $client = static::createClient();
$this->loginAsAdmin($client); $this->loginAsAdmin($client);
// Get a valid CSRF token $csrfToken = $this->getCsrfToken($client, 'update_manager_backup');
$csrfToken = $client->getContainer()->get('security.csrf.token_manager')
->getToken('update_manager_backup')->getValue();
$client->request('POST', '/en/system/update-manager/backup', [ $client->request('POST', '/en/system/update-manager/backup', [
'_token' => $csrfToken, '_token' => $csrfToken,
@ -130,8 +140,7 @@ final class UpdateManagerControllerTest extends WebTestCase
$testFile = 'test-delete-' . uniqid() . '.zip'; $testFile = 'test-delete-' . uniqid() . '.zip';
file_put_contents($backupDir . '/' . $testFile, 'test'); file_put_contents($backupDir . '/' . $testFile, 'test');
$csrfToken = $client->getContainer()->get('security.csrf.token_manager') $csrfToken = $this->getCsrfToken($client, 'update_manager_delete');
->getToken('update_manager_delete')->getValue();
$client->request('POST', '/en/system/update-manager/backup/delete', [ $client->request('POST', '/en/system/update-manager/backup/delete', [
'_token' => $csrfToken, '_token' => $csrfToken,
@ -169,8 +178,7 @@ final class UpdateManagerControllerTest extends WebTestCase
$testFile = 'update-test-delete-' . uniqid() . '.log'; $testFile = 'update-test-delete-' . uniqid() . '.log';
file_put_contents($logDir . '/' . $testFile, 'test log content'); file_put_contents($logDir . '/' . $testFile, 'test log content');
$csrfToken = $client->getContainer()->get('security.csrf.token_manager') $csrfToken = $this->getCsrfToken($client, 'update_manager_delete');
->getToken('update_manager_delete')->getValue();
$client->request('POST', '/en/system/update-manager/log/delete', [ $client->request('POST', '/en/system/update-manager/log/delete', [
'_token' => $csrfToken, '_token' => $csrfToken,
@ -248,8 +256,7 @@ final class UpdateManagerControllerTest extends WebTestCase
$updateExecutor->acquireLock(); $updateExecutor->acquireLock();
try { try {
$csrfToken = $client->getContainer()->get('security.csrf.token_manager') $csrfToken = $this->getCsrfToken($client, 'update_manager_backup');
->getToken('update_manager_backup')->getValue();
$client->request('POST', '/en/system/update-manager/backup', [ $client->request('POST', '/en/system/update-manager/backup', [
'_token' => $csrfToken, '_token' => $csrfToken,