X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=tests%2Fsecurity%2FLoginManagerTest.php;fp=tests%2Fsecurity%2FLoginManagerTest.php;h=eef0f22a38fac122fe4dd0ec78c63a6c45949612;hb=d9f6275ebca035fec8331652c677981056793ccc;hp=f26cd1eb8635c0bd21f8f4ab68043b7569562ddf;hpb=38672ba0d1c722e5d6d33a58255ceb55e9410e46;p=github%2Fshaarli%2FShaarli.git diff --git a/tests/security/LoginManagerTest.php b/tests/security/LoginManagerTest.php index f26cd1eb..eef0f22a 100644 --- a/tests/security/LoginManagerTest.php +++ b/tests/security/LoginManagerTest.php @@ -2,7 +2,8 @@ namespace Shaarli\Security; require_once 'tests/utils/FakeConfigManager.php'; -use \PHPUnit\Framework\TestCase; + +use PHPUnit\Framework\TestCase; /** * Test coverage for LoginManager @@ -74,54 +75,27 @@ class LoginManagerTest extends TestCase 'credentials.salt' => $this->salt, 'resource.ban_file' => $this->banFile, 'resource.log' => $this->logFile, - 'security.ban_after' => 4, + 'security.ban_after' => 2, 'security.ban_duration' => 3600, 'security.trusted_proxies' => [$this->trustedProxy], ]); $this->cookie = []; - - $this->globals = &$GLOBALS; - unset($this->globals['IPBANS']); - $this->session = []; $this->sessionManager = new SessionManager($this->session, $this->configManager); - $this->loginManager = new LoginManager($this->globals, $this->configManager, $this->sessionManager); + $this->loginManager = new LoginManager($this->configManager, $this->sessionManager); $this->server['REMOTE_ADDR'] = $this->ipAddr; } - /** - * Wipe test resources - */ - public function tearDown() - { - unset($this->globals['IPBANS']); - } - - /** - * Instantiate a LoginManager and load ban records - */ - public function testReadBanFile() - { - file_put_contents( - $this->banFile, - " array('127.0.0.1' => 99));\n?>" - ); - new LoginManager($this->globals, $this->configManager, null); - $this->assertEquals(99, $this->globals['IPBANS']['FAILURES']['127.0.0.1']); - } - /** * Record a failed login attempt */ public function testHandleFailedLogin() { $this->loginManager->handleFailedLogin($this->server); - $this->assertEquals(1, $this->globals['IPBANS']['FAILURES'][$this->ipAddr]); - $this->loginManager->handleFailedLogin($this->server); - $this->assertEquals(2, $this->globals['IPBANS']['FAILURES'][$this->ipAddr]); + $this->assertFalse($this->loginManager->canLogin($this->server)); } /** @@ -134,10 +108,8 @@ class LoginManagerTest extends TestCase 'HTTP_X_FORWARDED_FOR' => $this->ipAddr, ]; $this->loginManager->handleFailedLogin($server); - $this->assertEquals(1, $this->globals['IPBANS']['FAILURES'][$this->ipAddr]); - $this->loginManager->handleFailedLogin($server); - $this->assertEquals(2, $this->globals['IPBANS']['FAILURES'][$this->ipAddr]); + $this->assertFalse($this->loginManager->canLogin($server)); } /** @@ -149,39 +121,8 @@ class LoginManagerTest extends TestCase 'REMOTE_ADDR' => $this->trustedProxy, ]; $this->loginManager->handleFailedLogin($server); - $this->assertFalse(isset($this->globals['IPBANS']['FAILURES'][$this->ipAddr])); - $this->loginManager->handleFailedLogin($server); - $this->assertFalse(isset($this->globals['IPBANS']['FAILURES'][$this->ipAddr])); - } - - /** - * Record a failed login attempt and ban the IP after too many failures - */ - public function testHandleFailedLoginBanIp() - { - $this->loginManager->handleFailedLogin($this->server); - $this->assertEquals(1, $this->globals['IPBANS']['FAILURES'][$this->ipAddr]); - $this->assertTrue($this->loginManager->canLogin($this->server)); - - $this->loginManager->handleFailedLogin($this->server); - $this->assertEquals(2, $this->globals['IPBANS']['FAILURES'][$this->ipAddr]); - $this->assertTrue($this->loginManager->canLogin($this->server)); - - $this->loginManager->handleFailedLogin($this->server); - $this->assertEquals(3, $this->globals['IPBANS']['FAILURES'][$this->ipAddr]); - $this->assertTrue($this->loginManager->canLogin($this->server)); - - $this->loginManager->handleFailedLogin($this->server); - $this->assertEquals(4, $this->globals['IPBANS']['FAILURES'][$this->ipAddr]); - $this->assertFalse($this->loginManager->canLogin($this->server)); - - // handleFailedLogin is not supposed to be called at this point: - // - no login form should be displayed once an IP has been banned - // - yet this could happen when using custom templates / scripts - $this->loginManager->handleFailedLogin($this->server); - $this->assertEquals(5, $this->globals['IPBANS']['FAILURES'][$this->ipAddr]); - $this->assertFalse($this->loginManager->canLogin($this->server)); + $this->assertTrue($this->loginManager->canLogin($server)); } /** @@ -201,14 +142,11 @@ class LoginManagerTest extends TestCase public function testHandleSuccessfulLoginAfterFailure() { $this->loginManager->handleFailedLogin($this->server); - $this->loginManager->handleFailedLogin($this->server); - $this->assertEquals(2, $this->globals['IPBANS']['FAILURES'][$this->ipAddr]); $this->assertTrue($this->loginManager->canLogin($this->server)); $this->loginManager->handleSuccessfulLogin($this->server); + $this->loginManager->handleFailedLogin($this->server); $this->assertTrue($this->loginManager->canLogin($this->server)); - $this->assertFalse(isset($this->globals['IPBANS']['FAILURES'][$this->ipAddr])); - $this->assertFalse(isset($this->globals['IPBANS']['BANS'][$this->ipAddr])); } /** @@ -220,41 +158,28 @@ class LoginManagerTest extends TestCase } /** - * The IP is banned - */ - public function testCanLoginIpBanned() - { - // ban the IP for an hour - $this->globals['IPBANS']['FAILURES'][$this->ipAddr] = 10; - $this->globals['IPBANS']['BANS'][$this->ipAddr] = time() + 3600; - - $this->assertFalse($this->loginManager->canLogin($this->server)); - } - - /** - * The IP is banned, and the ban duration is over + * Generate a token depending on the user credentials and client IP */ - public function testCanLoginIpBanExpired() + public function testGenerateStaySignedInToken() { - // ban the IP for an hour - $this->globals['IPBANS']['FAILURES'][$this->ipAddr] = 10; - $this->globals['IPBANS']['BANS'][$this->ipAddr] = time() + 3600; - $this->assertFalse($this->loginManager->canLogin($this->server)); + $this->loginManager->generateStaySignedInToken($this->clientIpAddress); - // lift the ban - $this->globals['IPBANS']['BANS'][$this->ipAddr] = time() - 3600; - $this->assertTrue($this->loginManager->canLogin($this->server)); + $this->assertEquals( + sha1($this->passwordHash . $this->clientIpAddress . $this->salt), + $this->loginManager->getStaySignedInToken() + ); } /** - * Generate a token depending on the user credentials and client IP + * Generate a token depending on the user credentials with session protected disabled */ - public function testGenerateStaySignedInToken() + public function testGenerateStaySignedInTokenSessionProtectionDisabled() { + $this->configManager->set('security.session_protection_disabled', true); $this->loginManager->generateStaySignedInToken($this->clientIpAddress); $this->assertEquals( - sha1($this->passwordHash . $this->clientIpAddress . $this->salt), + sha1($this->passwordHash . $this->salt), $this->loginManager->getStaySignedInToken() ); } @@ -267,7 +192,7 @@ class LoginManagerTest extends TestCase $configManager = new \FakeConfigManager([ 'resource.ban_file' => $this->banFile, ]); - $loginManager = new LoginManager($this->globals, $configManager, null); + $loginManager = new LoginManager($configManager, null); $loginManager->checkLoginState([], ''); $this->assertFalse($loginManager->isLoggedIn());