X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=tests%2FSessionManagerTest.php;h=aa75962a4994929155c8da5ee2e48e85bb07fc18;hb=ed6d1a7b80283b41bb61f44b543ea8d96172f045;hp=3a2703034f3bb2828202fd7950c8a977876beca2;hpb=ebd650c06c67a67da2a0d099f625b6a7ec62ab2b;p=github%2Fshaarli%2FShaarli.git

diff --git a/tests/SessionManagerTest.php b/tests/SessionManagerTest.php
index 3a270303..aa75962a 100644
--- a/tests/SessionManagerTest.php
+++ b/tests/SessionManagerTest.php
@@ -1,18 +1,12 @@
 <?php
-namespace Shaarli;
+require_once 'tests/utils/FakeConfigManager.php';
 
-use \PHPUnit\Framework\TestCase;
+// Initialize reference data _before_ PHPUnit starts a session
+require_once 'tests/utils/ReferenceSessionIdHashes.php';
+ReferenceSessionIdHashes::genAllHashes();
 
-/**
- * Fake ConfigManager
- */
-class FakeConfigManager
-{
-    public static function get($key)
-    {
-        return $key;
-    }
-}
+use \Shaarli\SessionManager;
+use \PHPUnit\Framework\TestCase;
 
 
 /**
@@ -20,14 +14,28 @@ class FakeConfigManager
  */
 class SessionManagerTest extends TestCase
 {
+    // Session ID hashes
+    protected static $sidHashes = null;
+
+    // Fake ConfigManager
+    protected static $conf = null;
+
+    /**
+     * Assign reference data
+     */
+    public static function setUpBeforeClass()
+    {
+        self::$sidHashes = ReferenceSessionIdHashes::getHashes();
+        self::$conf = new FakeConfigManager();
+    }
+
     /**
      * Generate a session token
      */
     public function testGenerateToken()
     {
         $session = [];
-        $conf = new FakeConfigManager();
-        $sessionManager = new SessionManager($session, $conf);
+        $sessionManager = new SessionManager($session, self::$conf);
 
         $token = $sessionManager->generateToken();
 
@@ -35,14 +43,34 @@ class SessionManagerTest extends TestCase
         $this->assertEquals(40, strlen($token));
     }
 
+    /**
+     * Check a session token
+     */
+    public function testCheckToken()
+    {
+        $token = '4dccc3a45ad9d03e5542b90c37d8db6d10f2b38b';
+        $session = [
+            'tokens' => [
+                $token => 1,
+            ],
+        ];
+        $sessionManager = new SessionManager($session, self::$conf);
+
+        // check and destroy the token
+        $this->assertTrue($sessionManager->checkToken($token));
+        $this->assertFalse(isset($session['tokens'][$token]));
+
+        // ensure the token has been destroyed
+        $this->assertFalse($sessionManager->checkToken($token));
+    }
+
     /**
      * Generate and check a session token
      */
     public function testGenerateAndCheckToken()
     {
         $session = [];
-        $conf = new FakeConfigManager();
-        $sessionManager = new SessionManager($session, $conf);
+        $sessionManager = new SessionManager($session, self::$conf);
 
         $token = $sessionManager->generateToken();
 
@@ -64,9 +92,58 @@ class SessionManagerTest extends TestCase
     public function testCheckInvalidToken()
     {
         $session = [];
-        $conf = new FakeConfigManager();
-        $sessionManager = new SessionManager($session, $conf);
+        $sessionManager = new SessionManager($session, self::$conf);
 
         $this->assertFalse($sessionManager->checkToken('4dccc3a45ad9d03e5542b90c37d8db6d10f2b38b'));
     }
+
+    /**
+     * Test SessionManager::checkId with a valid ID - TEST ALL THE HASHES!
+     *
+     * This tests extensively covers all hash algorithms / bit representations
+     */
+    public function testIsAnyHashSessionIdValid()
+    {
+        foreach (self::$sidHashes as $algo => $bpcs) {
+            foreach ($bpcs as $bpc => $hash) {
+                $this->assertTrue(SessionManager::checkId($hash));
+            }
+        }
+    }
+
+    /**
+     * Test checkId with a valid ID - SHA-1 hashes
+     */
+    public function testIsSha1SessionIdValid()
+    {
+        $this->assertTrue(SessionManager::checkId(sha1('shaarli')));
+    }
+
+    /**
+     * Test checkId with a valid ID - SHA-256 hashes
+     */
+    public function testIsSha256SessionIdValid()
+    {
+        $this->assertTrue(SessionManager::checkId(hash('sha256', 'shaarli')));
+    }
+
+    /**
+     * Test checkId with a valid ID - SHA-512 hashes
+     */
+    public function testIsSha512SessionIdValid()
+    {
+        $this->assertTrue(SessionManager::checkId(hash('sha512', 'shaarli')));
+    }
+
+    /**
+     * Test checkId with invalid IDs.
+     */
+    public function testIsSessionIdInvalid()
+    {
+        $this->assertFalse(SessionManager::checkId(''));
+        $this->assertFalse(SessionManager::checkId([]));
+        $this->assertFalse(
+            SessionManager::checkId('c0ZqcWF3VFE2NmJBdm1HMVQ0ZHJ3UmZPbTFsNGhkNHI=')
+        );
+    }
 }