Bug Report #4435
Kohana_SecurityTest: test_csrf_token() relies on session data which may be overwritten by other tests
| Status: | New | Start date: | 02/08/2012 | |
|---|---|---|---|---|
| Priority: | Normal | Due date: | ||
| Assignee: | - | % Done: | 0% |
|
| Category: | - | |||
| Target version: | - | |||
| Points: | 1 |
Description
As per this discussion: http://forum.kohanaframework.org/discussion/comment/69697
test_csrf_token() in the Kohana_SecurityTest class uses a dataProvider called provider_csrf_token(). The dataProvider sets data in a session (via Security::token()), which the test_csrf_token() asserts. The problem is, all the dataProviders in the entire test suite run before ANY of the tests are run, which means that any other test that modifies the session data has the potential to wipe out the data that this test relies on; which is exactly the issue I experienced while running multiple test suites.
I propose that the provider_csrf_token() dataProvider be removed entirely, and that the test_csrf_token() should set and assert the session data in the same test, so that the test remains isolated.
P.S. should I have filed this issue under Core, since the UnitTest itself is part of the core?