<?php
error_reporting(E_ALL | E_STRICT);
ini_set("track_errors", "On");

$rg_cache_debug = TRUE;
$test_normal = TRUE;

$INC = dirname(__FILE__) . "/../inc";
require_once(dirname(__FILE__) . "/config.php");
require_once($INC . "/init.inc.php");
require_once($INC . "/util.inc.php");
require_once("helpers.inc.php");
require_once("http.inc.php");

rg_log_set_file("http_csrf.log");

require_once("common.php");

$_testns = 'http_csrf';

rg_test_create_user($db, $rg_ui);
$info = array('id' => $rg_ui['username'], 'ua' => 'user-agent-1');
prepare_http($info);

$r = test_login($test_url, $rg_ui);
if ($r === FALSE) {
	rg_log("Cannot login!");
	exit(1);
}

rg_log_enter("Loading suggestion form (referer test)");
$info['ua'] = 'user-agent-1';
$info['referer'] = $test_url;
$data = array();
$headers = array();
$r = do_req($info, $test_url . "/op/suggestion?t=load_suggestion_form_referer", $data, $headers);
if (!stristr($r['body'], "action=\"/op/suggestion\"")) {
	rg_log("Cannot load form! See above.");
	exit(1);
}
$good_token = $r['tokens']['suggestion'];
$good_logout_token = $r['tokens']['logout'];
rg_log_exit();

rg_log_enter("Try posting with different referer: should not work");
$info['ua'] = 'user-agent-1';
$info['referer'] = 'http://attacker.com:4000/bla';
$data = array(
	"doit" => 1,
	"token" => $good_token,
	"suggestion" => "bla bla bla"
	);
$headers = array();
$r = do_req($info, $test_url . "/op/suggestion?t=post_suggestion_form_diff_referer", $data, $headers);
if (!stristr($r['body'], "invalid referer")) {
	rg_log_ml("Seems I could add a suggestion bypassing CSRF"
		. " protection based on referer! See above.");
	exit(1);
}
rg_log_exit();


rg_log_enter("Testing logout CSRF (wrong token)...");
$info['ua'] = 'user-agent-1';
$info['referer'] = $test_url;
$data['token'] = strtoupper($good_token);
$headers = array();
$r = do_req($info, $test_url . "/op/logout?t=wrong_token", $data, $headers);
if (stristr($r['body'], "You are now logged out")) {
	rg_log("No error on logout with wrong token?! See above.");
	exit(1);
}
rg_log_exit();


/* TODO setting cookie does not work!
rg_log_enter("Testing logout CSRF (token passed in cookie)...");
$info['ua'] = 'user-agent-1';
$info['referer'] = $test_url;
$headers = array('Cookie: token=' . $good_logout_token);
$data = array('doit' => 1);
$r = do_req($info, $test_url . "/op/logout?t=token_passed_by_cookie", $data, $headers);
if (stristr($r['body'], "You are now logged out")) {
	rg_log("No error on logout with token passed by cookie?! See above.");
	exit(1);
}
rg_log_exit();
*/


rg_log_enter("Testing logout CSRF (good token)...");
$info['ua'] = 'user-agent-1';
$url = $test_url . "/op/logout?t=good_token&token=" . $good_logout_token;
$data = array(); $headers = array();
$r = do_req($info, $url, $data, $headers);
if (!stristr($r['body'], "You are now logged out")) {
	rg_log("Seems I cannot logout with a good token! See above.");
	exit(1);
}
rg_log_exit();

rg_log('OK!');