namespace Shaarli\Security;
require_once 'tests/utils/FakeConfigManager.php';
-use \PHPUnit\Framework\TestCase;
+
+use PHPUnit\Framework\TestCase;
/**
* Test coverage for LoginManager
$this->globals = &$GLOBALS;
unset($this->globals['IPBANS']);
- $this->session = [
- 'expires_on' => time() + 100,
- 'ip' => $this->clientIpAddress,
- ];
+ $this->session = [];
$this->sessionManager = new SessionManager($this->session, $this->configManager);
$this->loginManager = new LoginManager($this->globals, $this->configManager, $this->sessionManager);
);
}
+ /**
+ * Generate a token depending on the user credentials with session protected disabled
+ */
+ public function testGenerateStaySignedInTokenSessionProtectionDisabled()
+ {
+ $this->configManager->set('security.session_protection_disabled', true);
+ $this->loginManager->generateStaySignedInToken($this->clientIpAddress);
+
+ $this->assertEquals(
+ sha1($this->passwordHash . $this->salt),
+ $this->loginManager->getStaySignedInToken()
+ );
+ }
+
/**
* Check user login - Shaarli has not yet been configured
*/
*/
public function testCheckLoginStateStaySignedInWithInvalidToken()
{
+ // simulate a previous login
+ $this->session = [
+ 'ip' => $this->clientIpAddress,
+ 'expires_on' => time() + 100,
+ ];
$this->loginManager->generateStaySignedInToken($this->clientIpAddress);
$this->cookie[LoginManager::$STAY_SIGNED_IN_COOKIE] = 'nope';
$this->loginManager->checkLoginState($this->cookie, $this->clientIpAddress);
- $this->assertFalse($this->loginManager->isLoggedIn());
+ $this->assertTrue($this->loginManager->isLoggedIn());
+ $this->assertTrue(empty($this->session['username']));
}
/**
$this->loginManager->checkLoginState($this->cookie, $this->clientIpAddress);
$this->assertTrue($this->loginManager->isLoggedIn());
+ $this->assertEquals($this->login, $this->session['username']);
+ $this->assertEquals($this->clientIpAddress, $this->session['ip']);
}
/**
projects / github / shaarli / Shaarli.git / blobdiff