feat: implement global autoresponder plugin
This commit is contained in:
@@ -0,0 +1,15 @@
|
||||
<?php
|
||||
declare(strict_types=1);
|
||||
|
||||
require_once PLUGIN_ROOT . '/exec/lib/CsrfGuard.php';
|
||||
|
||||
test('csrf token is bound to user session action and time', function (): void {
|
||||
$guard = new CsrfGuard('secret', 'alice', 'session-1');
|
||||
$issued = $guard->issue('create');
|
||||
|
||||
assert_true($guard->validate('create', (string)$issued['ts'], $issued['token'], 3600, 'session-1'));
|
||||
assert_false((new CsrfGuard('secret', 'bob', 'session-1'))->validate('create', (string)$issued['ts'], $issued['token'], 3600, 'session-1'));
|
||||
assert_false($guard->validate('delete', (string)$issued['ts'], $issued['token'], 3600, 'session-1'));
|
||||
assert_false($guard->validate('create', (string)($issued['ts'] - 7200), $issued['token'], 3600, 'session-1'));
|
||||
assert_false($guard->validate('create', 'bad', $issued['token'], 3600, 'session-1'));
|
||||
});
|
||||
Reference in New Issue
Block a user