测试/TestCase/Controller/FeedbackControllerTest.php:45
public function testAdd()
{
$this->enableCsrfToken();
$this->enableSecurityToken();
$this->session([
'Auth' => [
'User' => [
'id' => 1,
'role' => 'REPR',
]
]
]);
$this->configRequest([
'headers' => ['Accept' => 'application/json']
]);
$_data = [
'crash' => 1,
'details' => 'Lorem ipsum dolor sit amet'
];
$_data = json_encode($_data, JSON_PRETTY_PRINT);
$this->post('/feedback/add', $_data); // <---- 45
$expected = [
'status' => 'success'
];
$expected = json_encode($expected, JSON_PRETTY_PRINT);
$this->assertEquals($expected, (string)$this->_response->getBody());
}
PHPUnit输出:
1) App\Test\TestCase\Controller\FeedbackControllerTest::testAdd
Cake\Http\Exception\InvalidCsrfTokenException: Missing CSRF token cookie
/vagrant/vendor/cakephp/cakephp/src/Http/Middleware/CsrfProtectionMiddleware.php:196
/vagrant/vendor/cakephp/cakephp/src/Http/Middleware/CsrfProtectionMiddleware.php:120
/vagrant/vendor/cakephp/cakephp/src/Http/Middleware/CsrfProtectionMiddleware.php:106
/vagrant/vendor/cakephp/cakephp/src/Http/Runner.php:65
/vagrant/vendor/cakephp/cakephp/src/Http/Runner.php:51
/vagrant/vendor/cakephp/cakephp/src/Routing/Middleware/RoutingMiddleware.php:168
/vagrant/vendor/cakephp/cakephp/src/Http/Runner.php:65
/vagrant/vendor/cakephp/cakephp/src/Routing/Middleware/AssetMiddleware.php:88
/vagrant/vendor/cakephp/cakephp/src/Http/Runner.php:65
/vagrant/vendor/cakephp/cakephp/src/Error/Middleware/ErrorHandlerMiddleware.php:96
/vagrant/vendor/cakephp/cakephp/src/Http/Runner.php:65
/vagrant/vendor/cakephp/cakephp/src/Http/Runner.php:51
/vagrant/vendor/cakephp/cakephp/src/Http/Server.php:98
/vagrant/vendor/cakephp/cakephp/src/TestSuite/MiddlewareDispatcher.php:201
/vagrant/vendor/cakephp/cakephp/src/TestSuite/IntegrationTestTrait.php:516
/vagrant/vendor/cakephp/cakephp/src/TestSuite/IntegrationTestTrait.php:413
/vagrant/tests/TestCase/Controller/FeedbackControllerTest.php:45
我已经阅读并尝试了答案中的解决方案:
How to create CSRF token for Cakephp 3 PHPunit testing?
如果我添加类似@ndm的话:
$token = 'my-csrf-token';
$this->cookie('csrfToken', $token);
$data = [
'email' => 'info@example.com',
'password' => 'secret',
'_csrfToken' => $token
];
然后:
Cake \ Http \ Exception \ InvalidCsrfTokenException:CSRF令牌不匹配。
如何解决?
答案 0 :(得分:1)
当将字符串作为POST数据传递时,集成测试用例不会自动设置令牌,CSRF令牌和安全令牌都不会设置,因为它无法在不知道数据格式的情况下向字符串中注入任何内容。因此,它也不会设置cookie。
因此,在传递字符串数据的情况下,您必须手动设置cookie和令牌,类似于链接的答案中所述。但是,当使用application/x-www-form-urlencoded数据以外的其他任何数据(即PHP将解码并放入$_POST超全局数据)时,在示例JSON数据中,您必须将令牌作为标头传递,因为JSON输入数据将由请求处理程序组件解码(有计划将其移入中间件层IIRC),该组件在CSRF中间件之后运行 ,因此看不到任何发布数据。
示例:
$token = 'my-csrf-token';
$this->cookie('csrfToken', $token);
$this->configRequest([
'headers' => [
'X-CSRF-Token' => $token,
// ...
]
]);
安全性组件令牌将必须放入POST数据中,安全性组件将不会查找标头,并且在请求处理程序组件运行后,它将有权访问解码后的数据(请确保您在安全组件之前 加载请求处理程序组件!)。您可以参考\Cake\TestSuite\IntegrationTestTrait::_addTokens()资料以了解安全令牌的构建方式,您可以这样做:
$url = '/feedback/add';
$_data = [
'crash' => 1,
'details' => 'Lorem ipsum dolor sit amet'
];
$keys = array_map(
function ($field) {
return preg_replace('/(\.\d+)+$/', '', $field);
},
array_keys(Hash::flatten($_data))
);
$tokenData = $this->_buildFieldToken($url, array_unique($keys));
$_data['_Token'] = $tokenData;
$_data['_Token']['debug'] = 'SecurityComponent debug data would be added here';
请注意,传递给_buildFieldToken()的URL还必须包含可能的查询字符串数据!
答案 1 :(得分:-1)
能否请您在jquery ajax函数中尝试使用此代码,
beforeSend: function (xhr)
{
xhr.setRequestHeader('X-CSRF-Token', $('[name="_csrfToken"]').val());
},
将代码放在成功功能之前