My application on symfony 6.3.x and the tests were OK. After just upgrading form symfony 6.3 to 6.4, my application still work (normal) but my tests were broken ??.
The CSRF token is invalid.
In the test, i get the form, extract the token and send it with the data. i don't find why my test were broken regarding the changelog from 6.3 to 6.4.
It's like the token is reset between the form and the submit.
Test exemple :
/**
*
* @test
*/
public function foo(): void
{
$client = static::createClient();
$usersRepository = static::getContainer()->get(UsersRepository::class);
$userAdmin = $usersRepository->findOneBy(['username'=>'Admin']);
$client->loginUser($userAdmin);
$formName ='Means';
$this->controllerName='Means';
$client->xmlHttpRequest('POST', '/datagridFormAdd/Means');
$this->assertResponseIsSuccessful('Add Form: Status code 2xx ');
//*****************************
$responseData = json_decode($client->getResponse()->getContent(),true);
$pos = strpos($responseData['form'], 'name="'.$this->camelCaseToSnakeCase($formName).'"');
$this->assertNotFalse($pos, 'Formulaire Add non trouvé pour '.$formName);
//token Csrf
$pos1 = strpos($responseData['form'], '[_token]" value="');
$rest = substr($responseData['form'], $pos1+17);
$tokenCsrf= substr($rest, 0,-11);
var_dump($tokenCsrf);
$dataArray['_token'] = $tokenCsrf;
// Request a specific page
$client->xmlHttpRequest('POST', '/datagridAddUpdate/'.$this->controllerName,$dataArray,[]);
$this->assertResponseIsSuccessful('Status code 2xx pour datagridAdd : '.$this->controllerName);
// Validate a successful response and some content
$this->assertResponseIsSuccessful();
}
the token in the form isn't the same than in the request dump. form token :
"_token" => "11f391.ZfAYEklbDgUUoSZE3pVHNCfKgYs6WXSguehy-p_xB_g.NMNeIzkRY3JVwxYWteZ1DUj7yO1LLEX22oE3s_GoMq49qVBNLT9ibkTL"
request dump :
#storage: Symfony\Component\HttpFoundation\Session\Storage\MockFileSessionStorage
//...
"_csrf/MeansToken_item" => "Q3F1pJmwAb0Rks29o1Ifqu1VciEInY5VXYH_ddlkPjk"
I have try to disable the kernel.reset but it doesn't work. (https://symfony.com/doc/current/testing.html#multiple-requests-in-one-test )
class Kernel extends BaseKernel implements CompilerPassInterface
{
use MicroKernelTrait;
public function process(ContainerBuilder $container): void
{
//Pour les tests, sinon le token CRSF est effacé entre les request du client
if ('test' === $this->environment) {
// prevents the security token to be cleared
$container->getDefinition('security.token_storage')->clearTag('kernel.reset');
// prevents Doctrine entities to be detached
$container->getDefinition('doctrine')->clearTag('kernel.reset');
}
}
}
My questions :
- I don't understand why my tests were broken in regards of the changelog from 6.3 to 6.4
- How to correct it ?