Bug Report #4435

Kohana_SecurityTest: test_csrf_token() relies on session data which may be overwritten by other tests

Added by Matt Lyon over 2 years ago.

Status:NewStart date:02/08/2012
Priority:NormalDue date:
Assignee:-% Done:


Target version:-
Resolution: Points:1


As per this discussion: http://forum.kohanaframework.org/discussion/comment/69697

test_csrf_token() in the Kohana_SecurityTest class uses a dataProvider called provider_csrf_token(). The dataProvider sets data in a session (via Security::token()), which the test_csrf_token() asserts. The problem is, all the dataProviders in the entire test suite run before ANY of the tests are run, which means that any other test that modifies the session data has the potential to wipe out the data that this test relies on; which is exactly the issue I experienced while running multiple test suites.

I propose that the provider_csrf_token() dataProvider be removed entirely, and that the test_csrf_token() should set and assert the session data in the same test, so that the test remains isolated.

P.S. should I have filed this issue under Core, since the UnitTest itself is part of the core?

Also available in: Atom PDF