]>
Commit | Line | Data |
---|---|---|
ebd650c0 | 1 | <?php |
fd7d8461 V |
2 | // Initialize reference data _before_ PHPUnit starts a session |
3 | require_once 'tests/utils/ReferenceSessionIdHashes.php'; | |
4 | ReferenceSessionIdHashes::genAllHashes(); | |
ebd650c0 | 5 | |
fd7d8461 | 6 | use \Shaarli\SessionManager; |
ebd650c0 V |
7 | use \PHPUnit\Framework\TestCase; |
8 | ||
fd7d8461 | 9 | |
ebd650c0 V |
10 | /** |
11 | * Fake ConfigManager | |
12 | */ | |
13 | class FakeConfigManager | |
14 | { | |
15 | public static function get($key) | |
16 | { | |
17 | return $key; | |
18 | } | |
19 | } | |
20 | ||
21 | ||
22 | /** | |
23 | * Test coverage for SessionManager | |
24 | */ | |
25 | class SessionManagerTest extends TestCase | |
26 | { | |
fd7d8461 V |
27 | // Session ID hashes |
28 | protected static $sidHashes = null; | |
29 | ||
30 | /** | |
31 | * Assign reference data | |
32 | */ | |
33 | public static function setUpBeforeClass() | |
34 | { | |
35 | self::$sidHashes = ReferenceSessionIdHashes::getHashes(); | |
36 | } | |
37 | ||
ebd650c0 V |
38 | /** |
39 | * Generate a session token | |
40 | */ | |
41 | public function testGenerateToken() | |
42 | { | |
43 | $session = []; | |
44 | $conf = new FakeConfigManager(); | |
45 | $sessionManager = new SessionManager($session, $conf); | |
46 | ||
47 | $token = $sessionManager->generateToken(); | |
48 | ||
49 | $this->assertEquals(1, $session['tokens'][$token]); | |
50 | $this->assertEquals(40, strlen($token)); | |
51 | } | |
52 | ||
ae7c954b V |
53 | /** |
54 | * Check a session token | |
55 | */ | |
56 | public function testCheckToken() | |
57 | { | |
58 | $token = '4dccc3a45ad9d03e5542b90c37d8db6d10f2b38b'; | |
59 | $session = [ | |
60 | 'tokens' => [ | |
61 | $token => 1, | |
62 | ], | |
63 | ]; | |
64 | $conf = new FakeConfigManager(); | |
65 | $sessionManager = new SessionManager($session, $conf); | |
66 | ||
67 | ||
68 | // check and destroy the token | |
69 | $this->assertTrue($sessionManager->checkToken($token)); | |
70 | $this->assertFalse(isset($session['tokens'][$token])); | |
71 | ||
72 | // ensure the token has been destroyed | |
73 | $this->assertFalse($sessionManager->checkToken($token)); | |
74 | } | |
75 | ||
ebd650c0 V |
76 | /** |
77 | * Generate and check a session token | |
78 | */ | |
79 | public function testGenerateAndCheckToken() | |
80 | { | |
81 | $session = []; | |
82 | $conf = new FakeConfigManager(); | |
83 | $sessionManager = new SessionManager($session, $conf); | |
84 | ||
85 | $token = $sessionManager->generateToken(); | |
86 | ||
87 | // ensure a token has been generated | |
88 | $this->assertEquals(1, $session['tokens'][$token]); | |
89 | $this->assertEquals(40, strlen($token)); | |
90 | ||
91 | // check and destroy the token | |
92 | $this->assertTrue($sessionManager->checkToken($token)); | |
93 | $this->assertFalse(isset($session['tokens'][$token])); | |
94 | ||
95 | // ensure the token has been destroyed | |
96 | $this->assertFalse($sessionManager->checkToken($token)); | |
97 | } | |
98 | ||
99 | /** | |
100 | * Check an invalid session token | |
101 | */ | |
102 | public function testCheckInvalidToken() | |
103 | { | |
104 | $session = []; | |
105 | $conf = new FakeConfigManager(); | |
106 | $sessionManager = new SessionManager($session, $conf); | |
107 | ||
108 | $this->assertFalse($sessionManager->checkToken('4dccc3a45ad9d03e5542b90c37d8db6d10f2b38b')); | |
109 | } | |
fd7d8461 V |
110 | |
111 | /** | |
112 | * Test SessionManager::checkId with a valid ID - TEST ALL THE HASHES! | |
113 | * | |
114 | * This tests extensively covers all hash algorithms / bit representations | |
115 | */ | |
116 | public function testIsAnyHashSessionIdValid() | |
117 | { | |
118 | foreach (self::$sidHashes as $algo => $bpcs) { | |
119 | foreach ($bpcs as $bpc => $hash) { | |
120 | $this->assertTrue(SessionManager::checkId($hash)); | |
121 | } | |
122 | } | |
123 | } | |
124 | ||
125 | /** | |
126 | * Test checkId with a valid ID - SHA-1 hashes | |
127 | */ | |
128 | public function testIsSha1SessionIdValid() | |
129 | { | |
130 | $this->assertTrue(SessionManager::checkId(sha1('shaarli'))); | |
131 | } | |
132 | ||
133 | /** | |
134 | * Test checkId with a valid ID - SHA-256 hashes | |
135 | */ | |
136 | public function testIsSha256SessionIdValid() | |
137 | { | |
138 | $this->assertTrue(SessionManager::checkId(hash('sha256', 'shaarli'))); | |
139 | } | |
140 | ||
141 | /** | |
142 | * Test checkId with a valid ID - SHA-512 hashes | |
143 | */ | |
144 | public function testIsSha512SessionIdValid() | |
145 | { | |
146 | $this->assertTrue(SessionManager::checkId(hash('sha512', 'shaarli'))); | |
147 | } | |
148 | ||
149 | /** | |
150 | * Test checkId with invalid IDs. | |
151 | */ | |
152 | public function testIsSessionIdInvalid() | |
153 | { | |
154 | $this->assertFalse(SessionManager::checkId('')); | |
155 | $this->assertFalse(SessionManager::checkId([])); | |
156 | $this->assertFalse( | |
157 | SessionManager::checkId('c0ZqcWF3VFE2NmJBdm1HMVQ0ZHJ3UmZPbTFsNGhkNHI=') | |
158 | ); | |
159 | } | |
ebd650c0 | 160 | } |