CSRFTokenManager = $this->createMock(CsrfTokenManager::class); $this->request = $this->createMock(Request::class); $this->nonceManager = new ContentSecurityPolicyNonceManager( $this->CSRFTokenManager, $this->request ); } public function testGetNonce(): void { $secret = base64_encode('secret'); $tokenValue = base64_encode('secret' ^ 'value_') . ':' . $secret; $token = $this->createMock(CsrfToken::class); $token ->expects($this->once()) ->method('getEncryptedValue') ->willReturn($tokenValue); $this->CSRFTokenManager ->expects($this->once()) ->method('getToken') ->willReturn($token); $this->assertSame($secret, $this->nonceManager->getNonce()); // call it twice but `getEncryptedValue` is expected to be called only once $this->assertSame($secret, $this->nonceManager->getNonce()); } public function testGetNonceServerVar(): void { $token = 'SERVERNONCE'; $this->request ->method('__isset') ->with('server') ->willReturn(true); $this->request ->method('__get') ->with('server') ->willReturn(['CSP_NONCE' => $token]); $this->assertSame($token, $this->nonceManager->getNonce()); // call it twice but `CSP_NONCE` variable is expected to be loaded only once $this->assertSame($token, $this->nonceManager->getNonce()); } }