Bug #36684: Fixes for functional security tests break custom tests - TYPO3.Flow - TYPO3 Forge

Bug #36684

Fixes for functional security tests break custom tests

Added by Karsten Dambekalns over 8 years ago. Updated over 8 years ago.

Status:

Closed

Priority:

Should have

Assignee:

Karsten Dambekalns

Category:

- Testing -

Target version:

TYPO3 Flow Base Distribution - 1.1

Start date:

2012-04-28

Due date:

% Done:

Estimated time:

PHP Version:

Has patch:

Complexity:

Description

In FunctionalTestCase.php the line $this->securityContext->refreshTokens(); causes severe problems for Christopher Hlubek's tests that deal with security. That line was added in https://review.typo3.org/9676 to fix #34466.

I tested without that line and indeed all functional security tests in FLOW3 still pass, if the exception expectation in MethodSecurityTest is again changed from AuthenticationRequiredException to AuthenticationRequiredException.

Christopher: how do your tests fail? Maybe you also have the same wrong expectation?

Updated by Karsten Dambekalns over 8 years ago

Christopher, we decided to submit that change and rather fix this (small) issue separately instead of further working on that huge stack of changes… so please give feedback :)

Updated by Christopher Hlubek over 8 years ago

I'm debugging it right now. It seems that "$this->disableAuthorization()" doesn't do that with the fix for #34466 in place. Since no tokens are authenticated anymore, any code that needs authentication throws an AuthenticationRequiredException. So we need to authenticate a token here to disable authorization (sounds funny).

I'll try to create a functional test in FLOW3 that tests this behavior.