feat: Add generateCsrfToken() for generating csrf tokens in request builder

Stephan Wentz · pl-github · commit 62d1e92d7753 · 2023-03-10T11:04:17.000+01:00
diff --git a/composer.json b/composer.json
@@ -37,7 +37,9 @@
         "symfony/framework-bundle": "^5.4|^6.0",
         "symfony/http-client": "^6.0",
         "symfony/http-foundation": "^5.3.7|^6.0",
+        "symfony/mime": "^6.2",
         "symfony/security-core": "^5.3|^6.0",
+        "symfony/security-csrf": "^6.2",
         "thecodingmachine/phpstan-safe-rule": "^1.1",
         "thecodingmachine/phpstan-strict-rules": "^1.0"
     },
diff --git a/phpstan.neon.dist b/phpstan.neon.dist
@@ -18,7 +18,8 @@ parameters:
         - '#Method .* has parameter .* with null as default value#'
         - '#Method Brainbits\\FunctionalTestHelpers\\Tests\\.*Test::assertMatches.*Snapshot\(\) is protected, but since the containing class is final, it can be private.#'
         - '#Method Brainbits\\FunctionalTestHelpers\\Tests\\.*Test::setUpSnapshot\(\) is protected, but since the containing class is final, it can be private.#'
-        - '#Method Brainbits\\FunctionalTestHelpers\\Tests\\ZipContents\\ZipContentsTraitTest::.* is protected, but since the containing class is final, it can be private#'
+        - '#Method Brainbits\\FunctionalTestHelpers\\Tests\\Request\\RequestTraitTest::.*\(\) is protected, but since the containing class is final, it can be private#'
+        - '#Method Brainbits\\FunctionalTestHelpers\\Tests\\ZipContents\\ZipContentsTraitTest::.*\(\) is protected, but since the containing class is final, it can be private#'
     ergebnis:
         classesAllowedToBeExtended:
             - Monolog\Handler\AbstractProcessingHandler
diff --git a/src/Request/RequestTrait.php b/src/Request/RequestTrait.php
@@ -6,7 +6,9 @@
 
 use PHPUnit\Framework\TestCase;
 use Symfony\Component\BrowserKit\AbstractBrowser;
+use Symfony\Component\BrowserKit\Cookie;
 use Symfony\Component\HttpFoundation\Response;
+use Symfony\Component\Security\Csrf\TokenStorage\SessionTokenStorage;
 
 use function method_exists;
 use function Safe\sprintf;
@@ -50,6 +52,44 @@ protected static function getRequestClient(): AbstractBrowser
         ));
     }
 
+    final public function generateCsrfToken(string $tokenId): string
+    {
+        $client = self::getRequestClient();
+
+        $cookie = $client->getCookieJar()->get('MOCKSESSID');
+
+        // create a new session object
+        $container = $client->getContainer();
+        $session = $container->get('session.factory')->createSession();
+
+        if ($cookie) {
+            // get the session id from the session cookie if it exists
+            $session->setId($cookie->getValue());
+            $session->start();
+        } else {
+            // or create a new session id and a session cookie
+            $session->start();
+            $session->save();
+
+            $sessionCookie = new Cookie(
+                $session->getName(),
+                $session->getId(),
+                null,
+                null,
+                'localhost',
+            );
+            $client->getCookieJar()->set($sessionCookie);
+        }
+
+        $container = $client->getContainer();
+        $tokenGenerator = $container->get('security.csrf.token_generator');
+        $csrfToken = $tokenGenerator->generateToken();
+        $session->set(SessionTokenStorage::SESSION_NAMESPACE . '/' . $tokenId, $csrfToken);
+        $session->save();
+
+        return $csrfToken;
+    }
+
     final protected function build(string $method, string $uri): RequestBuilder
     {
         if (method_exists($this, 'findUser')) {
diff --git a/tests/Request/RequestTraitTest.php b/tests/Request/RequestTraitTest.php
@@ -0,0 +1,32 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Brainbits\FunctionalTestHelpers\Tests\Request;
+
+use Brainbits\FunctionalTestHelpers\Request\RequestBuilder;
+use Brainbits\FunctionalTestHelpers\Request\RequestTrait;
+use PHPUnit\Framework\TestCase;
+use Symfony\Component\BrowserKit\HttpBrowser;
+use Symfony\Component\HttpClient\MockHttpClient;
+use Symfony\Component\HttpClient\Response\MockResponse;
+
+/** @covers \Brainbits\FunctionalTestHelpers\Request\RequestBuilder */
+final class RequestTraitTest extends TestCase
+{
+    use RequestTrait;
+
+    public function testBuildCreatesBuilder(): void
+    {
+        $builder = $this->build('POST', 'http://foo');
+
+        $this->assertInstanceOf(RequestBuilder::class, $builder);
+        $this->assertSame('POST', $builder->getMethod());
+        $this->assertSame('http://foo', $builder->getUri());
+    }
+
+    public static function createClient(): HttpBrowser
+    {
+        return new HttpBrowser(new MockHttpClient([new MockResponse('foo')]));
+    }
+}
