1

测试/TestCase/Controller/FeedbackControllerTest.php:45

public function testAdd()
{
    $this->enableCsrfToken();
    $this->enableSecurityToken();
    $this->session([
        'Auth' => [
            'User' => [
                'id' => 1,
                'role' => 'REPR',
            ]
        ]
    ]);
    $this->configRequest([
        'headers' => ['Accept' => 'application/json']
    ]);
    $_data = [
        'crash' => 1,
        'details' => 'Lorem ipsum dolor sit amet'
    ];
    $_data = json_encode($_data, JSON_PRETTY_PRINT);
    $this->post('/feedback/add', $_data); // <---- 45
    $expected = [
        'status' => 'success'
    ];
    $expected = json_encode($expected, JSON_PRETTY_PRINT);
    $this->assertEquals($expected, (string)$this->_response->getBody());
}

PHPUnit 输出:

1) App\Test\TestCase\Controller\FeedbackControllerTest::testAdd
Cake\Http\Exception\InvalidCsrfTokenException: Missing CSRF token cookie

/vagrant/vendor/cakephp/cakephp/src/Http/Middleware/CsrfProtectionMiddleware.php:196
/vagrant/vendor/cakephp/cakephp/src/Http/Middleware/CsrfProtectionMiddleware.php:120
/vagrant/vendor/cakephp/cakephp/src/Http/Middleware/CsrfProtectionMiddleware.php:106
/vagrant/vendor/cakephp/cakephp/src/Http/Runner.php:65
/vagrant/vendor/cakephp/cakephp/src/Http/Runner.php:51
/vagrant/vendor/cakephp/cakephp/src/Routing/Middleware/RoutingMiddleware.php:168
/vagrant/vendor/cakephp/cakephp/src/Http/Runner.php:65
/vagrant/vendor/cakephp/cakephp/src/Routing/Middleware/AssetMiddleware.php:88
/vagrant/vendor/cakephp/cakephp/src/Http/Runner.php:65
/vagrant/vendor/cakephp/cakephp/src/Error/Middleware/ErrorHandlerMiddleware.php:96
/vagrant/vendor/cakephp/cakephp/src/Http/Runner.php:65
/vagrant/vendor/cakephp/cakephp/src/Http/Runner.php:51
/vagrant/vendor/cakephp/cakephp/src/Http/Server.php:98
/vagrant/vendor/cakephp/cakephp/src/TestSuite/MiddlewareDispatcher.php:201
/vagrant/vendor/cakephp/cakephp/src/TestSuite/IntegrationTestTrait.php:516
/vagrant/vendor/cakephp/cakephp/src/TestSuite/IntegrationTestTrait.php:413
/vagrant/tests/TestCase/Controller/FeedbackControllerTest.php:45

我已经阅读并尝试了答案中的解决方案:

如何为 Cakephp 3 PHPunit 测试创建 CSRF 令牌?

如果我像@ndm 一样添加说:

$token = 'my-csrf-token';

$this->cookie('csrfToken', $token);

$data = [
    'email' => 'info@example.com',
    'password' => 'secret',
    '_csrfToken' => $token
];

然后:

Cake\Http\Exception\InvalidCsrfTokenException:CSRF 令牌不匹配。

怎么修 ?

4

2 回答 2

1

当将字符串作为 POST 数据传递时,集成测试用例不会自动设置令牌,CSRF 令牌和安全令牌都不会,因为它无法在不知道数据格式的情况下将任何内容注入字符串。因此它也不会设置cookie。

因此,在您传递字符串数据的情况下,您必须手动设置 cookie 和令牌,类似于您已链接的答案中的描述。但是,当使用数据以外的任何内容application/x-www-form-urlencoded(即 PHP 将解码并放入$_POST超全局的数据)时,在您的示例 JSON 数据中,您必须将令牌作为标头传递,因为 JSON 输入数据将由请求处理程序组件解码(有计划将其移至中间件层 IIRC),它在 CSRF 中间件之后运行,因此不会看到任何发布数据。

例子:

$token = 'my-csrf-token';
$this->cookie('csrfToken', $token);

$this->configRequest([
    'headers' => [
        'X-CSRF-Token' => $token,
        // ...
    ]
]);

另一方面,安全组件令牌必须进入 POST 数据,安全组件不会查找标头,并且在请求处理程序组件运行后它可以访问解码的数据(确保加载请求安全组件之前的处理程序组件!)。您可以参考\Cake\TestSuite\IntegrationTestTrait::_addTokens()源代码来了解如何构建安全令牌,您可以这样做:

$url = '/feedback/add';

$_data = [
    'crash' => 1,
    'details' => 'Lorem ipsum dolor sit amet'
];

$keys = array_map(
    function ($field) {
        return preg_replace('/(\.\d+)+$/', '', $field);
    },
    array_keys(Hash::flatten($_data))
);

$tokenData = $this->_buildFieldToken($url, array_unique($keys));

$_data['_Token'] = $tokenData;
$_data['_Token']['debug'] = 'SecurityComponent debug data would be added here';

请注意,传递给的 URL_buildFieldToken()还必须包含可能的查询字符串数据!

于 2019-05-17T11:26:10.313 回答
-1

你能在你的jquery ajax函数中试试这个代码吗?

beforeSend: function (xhr) 
{
    xhr.setRequestHeader('X-CSRF-Token', $('[name="_csrfToken"]').val());
},

将代码放在成功函数之前

于 2019-05-17T07:42:17.110 回答