blob: f16b300441de5a5413e5971bc1287f54eae1b930 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
|
<?php
declare(strict_types=1);
namespace Drupal\FunctionalJavascriptTests\Core;
use Drupal\FunctionalJavascriptTests\WebDriverTestBase;
/**
* Test race condition for CSRF tokens for simultaneous requests.
*
* @group Session
*/
class CsrfTokenRaceTest extends WebDriverTestBase {
/**
* {@inheritdoc}
*/
protected static $modules = ['csrf_race_test'];
/**
* {@inheritdoc}
*/
protected $defaultTheme = 'stark';
/**
* Tests race condition for CSRF tokens for simultaneous requests.
*/
public function testCsrfRace(): void {
$user = $this->createUser(['access content']);
$this->drupalLogin($user);
$this->drupalGet('/csrf_race/test');
$script = '';
// Delay the request processing of the first request by one second through
// the request parameter, which will simulate the concurrent processing
// of both requests.
foreach ([1, 0] as $i) {
$script .= <<<EOT
jQuery.ajax({
url: "$this->baseUrl/csrf_race/get_csrf_token/$i",
method: "GET",
headers: {
"Content-Type": "application/json"
},
success: function(response) {
jQuery('body').append("<p class='csrf$i'></p>");
jQuery('.csrf$i').html(response);
},
error: function() {
jQuery('body').append('Nothing');
}
});
EOT;
}
$this->getSession()->getDriver()->executeScript($script);
$token0 = $this->assertSession()->waitForElement('css', '.csrf0')->getHtml();
$token1 = $this->assertSession()->waitForElement('css', '.csrf1')->getHtml();
$this->assertNotNull($token0);
$this->assertNotNull($token1);
$this->assertEquals($token0, $token1);
}
}
|
