Add StubCsrfToken (#53)

Co-authored-by: Sergei Predvoditelev <[email protected]>
yiisoft · Feb 8, 2024 · 2ea4c93 · 2ea4c93
1 parent 96f602a
commit 2ea4c93
Show file tree

Hide file tree

Showing 4 changed files with 81 additions and 4 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,7 @@
 
 ## 2.0.1 under development
 
+- New #53: Add `StubCsrfToken` (@hacan359)
 - Bug #36: Explicitly add transitive dependencies `yiisoft/strings`, `psr/http-server-handler`
   and `ext-hash` (@vjik, @xepozz)
 

diff --git a/README.md b/README.md
@@ -18,7 +18,8 @@
 The package provides [PSR-15](https://www.php-fig.org/psr/psr-15/) middleware for CSRF protection:
 
 - It supports two algorithms out of the box:
-    - Synchronizer CSRF token with customizable token generation and storage. By default, it uses random data and session.
+    - Synchronizer CSRF token with customizable token generation and storage. By default, it uses random data and
+      session.
     - HMAC based token with customizable identity generation. Uses session by default.
 - It has ability to apply masking to CSRF token string to make [BREACH attack](https://breachattack.com/) impossible.
 
@@ -31,7 +32,7 @@ The package provides [PSR-15](https://www.php-fig.org/psr/psr-15/) middleware fo
 The package could be installed with composer:
 
 ```shell
-composer require yiisoft/csrf --prefer-dist
+composer require yiisoft/csrf
 ```
 
 ## General usage
@@ -122,7 +123,7 @@ token that came from the form is compared against the token stored.
 Package provides `RandomCsrfTokenGenerator` that generates a random token and
 `SessionCsrfTokenStorage` that persists a token between requests in a user session.
 
-To learn more about the synchronizer token pattern, 
+To learn more about the synchronizer token pattern,
 [check OWASP CSRF cheat sheet](https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html#synchronizer-token-pattern).
 
 ### HMAC based token
@@ -144,6 +145,12 @@ Parameters set via the `HmacCsrfToken` constructor are:
 To learn more about HMAC based token pattern
 [check OWASP CSRF cheat sheet](https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html#hmac-based-token-pattern).
 
+### Stub CSRF token
+
+The `StubCsrfToken` simply stores and returns a token string. It does not perform any additional validation.
+This implementation can be useful when mocking CSRF token behavior during unit testing or when providing
+placeholder functionality in temporary solutions.
+
 ### Masked CSRF token
 
 `MaskedCsrfToken` is a decorator for `CsrfTokenInterface` that applies masking to a token string.
@@ -181,7 +188,8 @@ The code is statically analyzed with [Psalm](https://psalm.dev/). To run static
 
 ## License
 
-The Yii CSRF Protection Library is free software. It is released under the terms of the BSD License. Please see [`LICENSE`](./LICENSE.md) for more information.
+The Yii CSRF Protection Library is free software. It is released under the terms of the BSD License. Please
+see [`LICENSE`](./LICENSE.md) for more information.
 
 Maintained by [Yii Software](https://www.yiiframework.com/).
 

diff --git a/src/StubCsrfToken.php b/src/StubCsrfToken.php
@@ -0,0 +1,36 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Yiisoft\Csrf;
+
+use Yiisoft\Security\Random;
+
+/**
+ * `StubCsrfToken` represents a simple implementation of `CsrfTokenInterface`.
+ *
+ * This implementation simply stores and returns a token string. It does not perform any additional validation.
+ * It is primarily used for testing or as a placeholder implementation.
+ */
+final class StubCsrfToken implements CsrfTokenInterface
+{
+    private string $token;
+
+    public function __construct(?string $token = null)
+    {
+        if (null === $token) {
+            $token = Random::string();
+        }
+        $this->token = $token;
+    }
+
+    public function getValue(): string
+    {
+        return $this->token;
+    }
+
+    public function validate(string $token): bool
+    {
+        return $this->token === $token;
+    }
+}
diff --git a/tests/StubCsrfTokenTest.php b/tests/StubCsrfTokenTest.php
@@ -0,0 +1,32 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Yiisoft\Csrf\Tests;
+
+use PHPUnit\Framework\TestCase;
+use Yiisoft\Csrf\StubCsrfToken;
+
+final class StubCsrfTokenTest extends TestCase
+{
+    public function testValue(): void
+    {
+        $stubToken = new StubCsrfToken('test');
+        $this->assertSame('test', $stubToken->getValue());
+    }
+
+    public function testValidate(): void
+    {
+        $stubToken = new StubCsrfToken('test');
+        $this->assertTrue($stubToken->validate('test'));
+        $this->assertFalse($stubToken->validate('other'));
+    }
+
+    public function testEmptyToken(): void
+    {
+        $stubToken = new StubCsrfToken();
+        $token = $stubToken->getValue();
+        $this->assertNotEmpty($token);
+        $this->assertTrue($stubToken->validate($token));
+    }
+}