X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=tests%2Fsecurity%2FLoginManagerTest.php;h=633f1bb9ea7e853c2e961f2c11ccc2f2ae81bb24;hb=c689e108639a4f6aa9e15928422e14db7cbe30ca;hp=b957abe3fcc7f1c25ae436b5e36c47e3a7aaf8a5;hpb=fab87c2696b9d6a26310f1bfc024b018ca5184fe;p=github%2Fshaarli%2FShaarli.git diff --git a/tests/security/LoginManagerTest.php b/tests/security/LoginManagerTest.php index b957abe3..633f1bb9 100644 --- a/tests/security/LoginManagerTest.php +++ b/tests/security/LoginManagerTest.php @@ -18,6 +18,18 @@ class LoginManagerTest extends TestCase protected $server = []; protected $trustedProxy = '10.1.1.100'; + /** @var string User login */ + protected $login = 'johndoe'; + + /** @var string User password */ + protected $password = 'IC4nHazL0g1n?'; + + /** @var string Hash of the salted user password */ + protected $passwordHash = ''; + + /** @var string Salt used by hash functions */ + protected $salt = '669e24fa9c5a59a613f98e8e38327384504a4af2'; + /** * Prepare or reset test resources */ @@ -27,7 +39,12 @@ class LoginManagerTest extends TestCase unlink($this->banFile); } + $this->passwordHash = sha1($this->password . $this->login . $this->salt); + $this->configManager = new \FakeConfigManager([ + 'credentials.login' => $this->login, + 'credentials.hash' => $this->passwordHash, + 'credentials.salt' => $this->salt, 'resource.ban_file' => $this->banFile, 'resource.log' => $this->logFile, 'security.ban_after' => 4, @@ -196,4 +213,18 @@ class LoginManagerTest extends TestCase $this->globals['IPBANS']['BANS'][$this->ipAddr] = time() - 3600; $this->assertTrue($this->loginManager->canLogin($this->server)); } + + /** + * Generate a token depending on the user credentials and client IP + */ + public function testGenerateStaySignedInToken() + { + $ipAddress = '10.1.47.179'; + $this->loginManager->generateStaySignedInToken($ipAddress); + + $this->assertEquals( + sha1($this->passwordHash . $ipAddress . $this->salt), + $this->loginManager->getStaySignedInToken() + ); + } }