request = $this->createMock(IRequest::class); $this->tokenManager = $this->createMock(CsrfTokenManager::class); $this->controller = new CSRFTokenController('core', $this->request, $this->tokenManager); } public function testGetToken(): void { $this->request->method('passesStrictCookieCheck')->willReturn(true); $token = $this->createMock(CsrfToken::class); $this->tokenManager->method('getToken')->willReturn($token); $token->method('getEncryptedValue')->willReturn('toktok123'); $response = $this->controller->index(); $this->assertInstanceOf(JSONResponse::class, $response); $this->assertSame(Http::STATUS_OK, $response->getStatus()); $this->assertEquals([ 'token' => 'toktok123' ], $response->getData()); } public function testGetTokenNoStrictSameSiteCookie(): void { $this->request->method('passesStrictCookieCheck')->willReturn(false); $response = $this->controller->index(); $this->assertInstanceOf(JSONResponse::class, $response); $this->assertSame(Http::STATUS_FORBIDDEN, $response->getStatus()); } }