MAGETWO-45465: CSRF not validated or regenerated in Magento

- fixed integration test

Author: eddielau

dev/tests/integration/testsuite/Magento/Backend/Controller/Adminhtml/AuthTest.php

@@ -5,6 +5,8 @@
  */
 namespace Magento\Backend\Controller\Adminhtml;
 
+use Magento\Framework\Message\MessageInterface;
+
 /**
  * Test class for \Magento\Backend\Controller\Adminhtml\Auth
  * @magentoAppArea adminhtml
@@ -63,11 +65,13 @@ protected function _logout()
     public function testNotLoggedLoginAction()
     {
         $this->dispatch('backend/admin/auth/login');
-        $this->assertFalse($this->getResponse()->isRedirect());
-
-        $body = $this->getResponse()->getBody();
-        $this->assertSelectCount('form#login-form input#username[type=text]', true, $body);
-        $this->assertSelectCount('form#login-form input#login[type=password]', true, $body);
+        /** @var $backendUrlModel \Magento\Backend\Model\UrlInterface */
+        $backendUrlModel = \Magento\TestFramework\Helper\Bootstrap::getObjectManager()->get(
+            'Magento\Backend\Model\UrlInterface'
+        );
+        $backendUrlModel->turnOffSecretKey();
+        $url = $backendUrlModel->getUrl('admin');
+        $this->assertRedirect($this->stringStartsWith($url));
     }
 
     /**
@@ -192,10 +196,16 @@ public function testIncorrectLogin($params)
         $params['form_key'] = $formKey->getFormKey();
         $this->getRequest()->setPostValue($params);
         $this->dispatch('backend/admin/auth/login');
-        $this->assertContains(
-            'You did not sign in correctly or your account is temporarily disabled.',
-            $this->getResponse()->getBody()
+        $this->assertSessionMessages(
+            $this->equalTo(['You did not sign in correctly or your account is temporarily disabled.']),
+            MessageInterface::TYPE_ERROR
+        );
+        $backendUrlModel = \Magento\TestFramework\Helper\Bootstrap::getObjectManager()->get(
+            'Magento\Backend\Model\UrlInterface'
         );
+        $backendUrlModel->turnOffSecretKey();
+        $url = $backendUrlModel->getUrl('admin');
+        $this->assertRedirect($this->stringStartsWith($url));
     }
 
     public function incorrectLoginDataProvider()

dev/tests/integration/testsuite/Magento/Backend/Controller/Adminhtml/IndexTest.php

@@ -18,11 +18,13 @@ public function testNotLoggedIndexAction()
     {
         $this->_auth->logout();
         $this->dispatch('backend/admin/index/index');
-        $this->assertFalse($this->getResponse()->isRedirect());
-
-        $body = $this->getResponse()->getBody();
-        $this->assertSelectCount('form#login-form input#username[type=text]', true, $body);
-        $this->assertSelectCount('form#login-form input#login[type=password]', true, $body);
+        /** @var $backendUrlModel \Magento\Backend\Model\UrlInterface */
+        $backendUrlModel = \Magento\TestFramework\Helper\Bootstrap::getObjectManager()->get(
+            'Magento\Backend\Model\UrlInterface'
+        );
+        $backendUrlModel->turnOffSecretKey();
+        $url = $backendUrlModel->getUrl('admin');
+        $this->assertRedirect($this->stringStartsWith($url));
     }
 
     /**

dev/tests/integration/testsuite/Magento/Captcha/Observer/CaseBackendLoginActionWithInvalidCaptchaReturnsErrorTest.php

@@ -5,6 +5,7 @@
  */
 namespace Magento\Captcha\Observer;
 
+use Magento\Framework\Message\MessageInterface;
 use Magento\TestFramework\TestCase\AbstractController;
 
 /**
@@ -37,6 +38,12 @@ public function testBackendLoginActionWithInvalidCaptchaReturnsError()
         ];
         $this->getRequest()->setPostValue($post);
         $this->dispatch('backend/admin');
-        $this->assertContains((string)__('Incorrect CAPTCHA'), $this->getResponse()->getBody());
+        $this->assertSessionMessages($this->equalTo([(string)__('Incorrect CAPTCHA.')]), MessageInterface::TYPE_ERROR);
+        $backendUrlModel = \Magento\TestFramework\Helper\Bootstrap::getObjectManager()->get(
+            'Magento\Backend\Model\UrlInterface'
+        );
+        $backendUrlModel->turnOffSecretKey();
+        $url = $backendUrlModel->getUrl('admin');
+        $this->assertRedirect($this->stringStartsWith($url));
     }
 }

dev/tests/integration/testsuite/Magento/Captcha/Observer/CaseCaptchaIsRequiredAfterFailedLoginAttemptsTest.php

@@ -5,6 +5,8 @@
  */
 namespace Magento\Captcha\Observer;
 
+use Magento\Framework\Message\MessageInterface;
+
 class CaseCaptchaIsRequiredAfterFailedLoginAttemptsTest extends \Magento\TestFramework\TestCase\AbstractController
 {
     /**
@@ -30,6 +32,12 @@ public function testBackendLoginActionWithInvalidCaptchaReturnsError()
         ];
         $this->getRequest()->setPostValue($post);
         $this->dispatch('backend/admin');
-        $this->assertContains((string)__('Incorrect CAPTCHA'), $this->getResponse()->getBody());
+        $this->assertSessionMessages($this->equalTo([(string)__('Incorrect CAPTCHA.')]), MessageInterface::TYPE_ERROR);
+        $backendUrlModel = \Magento\TestFramework\Helper\Bootstrap::getObjectManager()->get(
+            'Magento\Backend\Model\UrlInterface'
+        );
+        $backendUrlModel->turnOffSecretKey();
+        $url = $backendUrlModel->getUrl('admin');
+        $this->assertRedirect($this->stringStartsWith($url));
     }
 }