Issues

ZF-3869: Document how to test forms which use Zend_Form_Element_Hash

Issue Type: Docs: Improvement Created: 2008-08-06T05:19:51.000+0000 Last Updated: 2012-05-05T02:53:07.000+0000 Status: Resolved Fix version(s): - 1.11.12 (22/Jun/12)

  • 1.12.0 (27/Aug/12)

Reporter: Tobias Schifftner (milchbazi) Assignee: Adam Lundrigan (adamlundrigan) Tags: - Zend_Test_PHPUnit

  • state:patch-ready-for-review
  • zf-caretaker-adamlundrigan
  • zf-crteam-padraic
  • zf-crteam-priority
  • zf-crteam-review

Related issues: Attachments: - ZF-3869.patch

Description

Zend_Forms containing a Zend_Form_Element_Hash are not supported by Zend_Test_PHPUnit. The form will not pass as long as you do not send the token as well generated by Zend_Form_Element_Hash. See discussion at [http://nabble.com/Zend_Test_PHPUnit-and-hashed-for…]

A solution might be to retrieve the name of the hash element as well as the hash from Zend_Session and add it by default as $_POST variables:


 

 

### Comments

Posted by Stanislav Malyshev (stas) on 2008-11-25T10:02:09.000+0000

Matthew, what do you think is the best way to handle it?

 

 

Posted by Daniel Getelman (dget) on 2010-05-17T09:04:12.000+0000

Sorry for poor formatting, first time commenting. I was able to solve this by creating a new Zend\_Form\_Element\_Hash object in the test.

Example:

$csrf = new Zend\_Form\_Element\_Hash("csrf"); $this->request->setMethod('POST')->setPost( array( ... 'csrf' => $csrf->getHash(), ));

 

 

Posted by Daniel Getelman (dget) on 2010-05-17T09:30:10.000+0000

As it turns out, the above didn't actually solve it. I just had another error that masked it.

For reference, the discussion link doesn't work, but [http://zend-framework-community.634137.n4.nabble.com/…](http://zend-framework-community.634137.n4.nabble.com/Zend-Test-PHPUnit-and-hashed-form-elements-td652290.html) does.

 

 

Posted by julien PAULI (doctorrock83) on 2011-01-07T05:30:34.000+0000

 
    <pre class="highlight">
    $csrf = new Zend_Form_Element_Hash("csrf");
    
    $hash = $csrf->getHash();
    $csrf->initCsrfToken();
    $csrf->initCsrfValidator();
    
    $this->request->setMethod('POST')->setPost(
    array(
    ...
    'csrf' => $hash,
    ));


That would work

 

 

Posted by Adam Lundrigan (adamlundrigan) on 2011-10-18T23:27:13.000+0000

This is more of a documentation/awareness issue than an issue with Zend\_Form\_Element\_Hash itself. I suggest updating the manual entry for that component to outline how forms which use it can be unit tested. Example:

 
    <pre class="highlight">
    Index: documentation/manual/en/module_specs/Zend_Form-StandardElements.xml
    ===================================================================
    --- documentation/manual/en/module_specs/Zend_Form-StandardElements.xml (revision 24514)
    +++ documentation/manual/en/module_specs/Zend_Form-StandardElements.xml (working copy)
    @@ -522,6 +522,37 @@
                 The 'formHidden' view helper is used to render the element in the
                 form.
             
    +
    +        
    +            Testing forms containing Zend_Form_Element_Hash
    +            
    +                When unit testing a form containing a Zend_Form_Element_Hash 
    +                it is necessary to call initCsrfToken and 
    +                initCsrfValidator before attempting to
    +                validate the form.  The hash value of the Zend_Form_Element_Hash 
    +                element must also be injected into the array of values passed as the
    +                argument to Zend_Form::isValid
    +            
    +            
    +                Simple example of testing a CSRF-protected form
    +                
    +public function testCsrfProtectedForm() 
    +{
    +    $form = new Zend_Form();
    +    $form->addElement(new Zend_Form_Element_Hash('csrf'));
    +
    +    $csrf = $form->getElement('csrf');
    +    $csrf->initCsrfToken();
    +    $csrf->initCsrfValidator();
    +
    +    $this->assertTrue($form->isValid(array(
    +        'csrf' => $csrf->getHash()
    +    )));
    +}
    +
    +            
    +        
    +        
         
     


Thoughts?

 

 

Posted by Adam Lundrigan (adamlundrigan) on 2012-03-10T01:18:39.000+0000

Attached patch

 

 

Posted by Adam Lundrigan (adamlundrigan) on 2012-05-05T02:53:07.000+0000

Fixed in trunk (1.12.0): r24757 Fixed in release-1.11 (1.11.12): r24758

Not applicable to ZF2

 

 

Have you found an issue?

See the Overview section for more details.

Copyright

© 2006-2016 by Zend, a Rogue Wave Company. Made with by awesome contributors.

This website is built using zend-expressive and it runs on PHP 7.

Contacts