4 require_once 'tests/utils/FakeConfigManager.php';
5 use \PHPUnit\Framework\TestCase
;
8 * Test coverage for LoginManager
10 class LoginManagerTest
extends TestCase
12 protected $configManager = null;
13 protected $loginManager = null;
14 protected $banFile = 'sandbox/ipbans.php';
15 protected $logFile = 'sandbox/shaarli.log';
16 protected $globals = [];
17 protected $ipAddr = '127.0.0.1';
18 protected $server = [];
19 protected $trustedProxy = '10.1.1.100';
22 * Prepare or reset test resources
24 public function setUp()
26 if (file_exists($this->banFile
)) {
27 unlink($this->banFile
);
30 $this->configManager
= new \
FakeConfigManager([
31 'resource.ban_file' => $this->banFile
,
32 'resource.log' => $this->logFile
,
33 'security.ban_after' => 4,
34 'security.ban_duration' => 3600,
35 'security.trusted_proxies' => [$this->trustedProxy
],
38 $this->globals
= &$GLOBALS;
39 unset($this->globals
['IPBANS']);
41 $this->loginManager
= new LoginManager($this->globals
, $this->configManager
, null);
42 $this->server
['REMOTE_ADDR'] = $this->ipAddr
;
48 public function tearDown()
50 unset($this->globals
['IPBANS']);
54 * Instantiate a LoginManager and load ban records
56 public function testReadBanFile()
60 "<?php\n\$GLOBALS['IPBANS']=array('FAILURES' => array('127.0.0.1' => 99));\n?>"
62 new LoginManager($this->globals
, $this->configManager
, null);
63 $this->assertEquals(99, $this->globals
['IPBANS']['FAILURES']['127.0.0.1']);
67 * Record a failed login attempt
69 public function testHandleFailedLogin()
71 $this->loginManager
->handleFailedLogin($this->server
);
72 $this->assertEquals(1, $this->globals
['IPBANS']['FAILURES'][$this->ipAddr
]);
74 $this->loginManager
->handleFailedLogin($this->server
);
75 $this->assertEquals(2, $this->globals
['IPBANS']['FAILURES'][$this->ipAddr
]);
79 * Record a failed login attempt - IP behind a trusted proxy
81 public function testHandleFailedLoginBehindTrustedProxy()
84 'REMOTE_ADDR' => $this->trustedProxy
,
85 'HTTP_X_FORWARDED_FOR' => $this->ipAddr
,
87 $this->loginManager
->handleFailedLogin($server);
88 $this->assertEquals(1, $this->globals
['IPBANS']['FAILURES'][$this->ipAddr
]);
90 $this->loginManager
->handleFailedLogin($server);
91 $this->assertEquals(2, $this->globals
['IPBANS']['FAILURES'][$this->ipAddr
]);
95 * Record a failed login attempt - IP behind a trusted proxy but not forwarded
97 public function testHandleFailedLoginBehindTrustedProxyNoIp()
100 'REMOTE_ADDR' => $this->trustedProxy
,
102 $this->loginManager
->handleFailedLogin($server);
103 $this->assertFalse(isset($this->globals
['IPBANS']['FAILURES'][$this->ipAddr
]));
105 $this->loginManager
->handleFailedLogin($server);
106 $this->assertFalse(isset($this->globals
['IPBANS']['FAILURES'][$this->ipAddr
]));
110 * Record a failed login attempt and ban the IP after too many failures
112 public function testHandleFailedLoginBanIp()
114 $this->loginManager
->handleFailedLogin($this->server
);
115 $this->assertEquals(1, $this->globals
['IPBANS']['FAILURES'][$this->ipAddr
]);
116 $this->assertTrue($this->loginManager
->canLogin($this->server
));
118 $this->loginManager
->handleFailedLogin($this->server
);
119 $this->assertEquals(2, $this->globals
['IPBANS']['FAILURES'][$this->ipAddr
]);
120 $this->assertTrue($this->loginManager
->canLogin($this->server
));
122 $this->loginManager
->handleFailedLogin($this->server
);
123 $this->assertEquals(3, $this->globals
['IPBANS']['FAILURES'][$this->ipAddr
]);
124 $this->assertTrue($this->loginManager
->canLogin($this->server
));
126 $this->loginManager
->handleFailedLogin($this->server
);
127 $this->assertEquals(4, $this->globals
['IPBANS']['FAILURES'][$this->ipAddr
]);
128 $this->assertFalse($this->loginManager
->canLogin($this->server
));
130 // handleFailedLogin is not supposed to be called at this point:
131 // - no login form should be displayed once an IP has been banned
132 // - yet this could happen when using custom templates / scripts
133 $this->loginManager
->handleFailedLogin($this->server
);
134 $this->assertEquals(5, $this->globals
['IPBANS']['FAILURES'][$this->ipAddr
]);
135 $this->assertFalse($this->loginManager
->canLogin($this->server
));
141 public function testHandleSuccessfulLogin()
143 $this->assertTrue($this->loginManager
->canLogin($this->server
));
145 $this->loginManager
->handleSuccessfulLogin($this->server
);
146 $this->assertTrue($this->loginManager
->canLogin($this->server
));
150 * Erase failure records after successfully logging in from this IP
152 public function testHandleSuccessfulLoginAfterFailure()
154 $this->loginManager
->handleFailedLogin($this->server
);
155 $this->loginManager
->handleFailedLogin($this->server
);
156 $this->assertEquals(2, $this->globals
['IPBANS']['FAILURES'][$this->ipAddr
]);
157 $this->assertTrue($this->loginManager
->canLogin($this->server
));
159 $this->loginManager
->handleSuccessfulLogin($this->server
);
160 $this->assertTrue($this->loginManager
->canLogin($this->server
));
161 $this->assertFalse(isset($this->globals
['IPBANS']['FAILURES'][$this->ipAddr
]));
162 $this->assertFalse(isset($this->globals
['IPBANS']['BANS'][$this->ipAddr
]));
166 * The IP is not banned
168 public function testCanLoginIpNotBanned()
170 $this->assertTrue($this->loginManager
->canLogin($this->server
));
176 public function testCanLoginIpBanned()
178 // ban the IP for an hour
179 $this->globals
['IPBANS']['FAILURES'][$this->ipAddr
] = 10;
180 $this->globals
['IPBANS']['BANS'][$this->ipAddr
] = time() +
3600;
182 $this->assertFalse($this->loginManager
->canLogin($this->server
));
186 * The IP is banned, and the ban duration is over
188 public function testCanLoginIpBanExpired()
190 // ban the IP for an hour
191 $this->globals
['IPBANS']['FAILURES'][$this->ipAddr
] = 10;
192 $this->globals
['IPBANS']['BANS'][$this->ipAddr
] = time() +
3600;
193 $this->assertFalse($this->loginManager
->canLogin($this->server
));
196 $this->globals
['IPBANS']['BANS'][$this->ipAddr
] = time() - 3600;
197 $this->assertTrue($this->loginManager
->canLogin($this->server
));