Bug #36659

Functional test sees account roles from previous test

Added by Robert Lemke about 9 years ago. Updated about 9 years ago.

Status:
Resolved
Priority:
Must have
Assignee:
Category:
Security
Start date:
2012-04-27
Due date:
% Done:

100%

Estimated time:
PHP Version:
5.3
Has patch:
No
Complexity:
medium

Description

If testable security is used in a functional test case, a user is still authenticated with the roles of a previous test if the current test doesn't do any new authentication. This is due to a session being kept across test boundaries.

    /**
     * @test
     */
    public function publicActionIsGrantedForAdministrator() {
        $this->authenticateRoles(array('Administrator'));
        $this->restrictedController->publicAction();
    }

    /**
     * @test
     * @expectedException \TYPO3\FLOW3\Security\Exception\AuthenticationRequiredException
     */
    public function customerActionIsDeniedForEverybody() {
        $this->restrictedController->customerAction();
    }

The second test will fail because the role "Administrator" is still active. If the second test called $this->autenticateRoles(array()); it would actually work.

#1

Updated by Gerrit Code Review about 9 years ago

  • Status changed from Accepted to Under Review

Patch set 1 for branch master has been pushed to the review server.
It is available at http://review.typo3.org/10825

#2

Updated by Gerrit Code Review about 9 years ago

Patch set 2 for branch master has been pushed to the review server.
It is available at http://review.typo3.org/10825

#3

Updated by Robert Lemke about 9 years ago

  • Status changed from Under Review to Resolved
  • % Done changed from 0 to 100

Also available in: Atom PDF