tests/SessionManagerTest.php

   1 <?php
   2 // Initialize reference data _before_ PHPUnit starts a session
   3 require_once 'tests/utils/ReferenceSessionIdHashes.php';
   4 ReferenceSessionIdHashes::genAllHashes();
   5
   6 use \Shaarli\SessionManager;
   7 use \PHPUnit\Framework\TestCase;
   8
   9
  10 /**
  11  * Fake ConfigManager
  12  */
  13 class FakeConfigManager
  14 {
  15     public static function get($key)
  16     {
  17         return $key;
  18     }
  19 }
  20
  21
  22 /**
  23  * Test coverage for SessionManager
  24  */
  25 class SessionManagerTest extends TestCase
  26 {
  27     // Session ID hashes
  28     protected static $sidHashes = null;
  29
  30     /**
  31      * Assign reference data
  32      */
  33     public static function setUpBeforeClass()
  34     {
  35         self::$sidHashes = ReferenceSessionIdHashes::getHashes();
  36     }
  37
  38     /**
  39      * Generate a session token
  40      */
  41     public function testGenerateToken()
  42     {
  43         $session = [];
  44         $conf = new FakeConfigManager();
  45         $sessionManager = new SessionManager($session, $conf);
  46
  47         $token = $sessionManager->generateToken();
  48
  49         $this->assertEquals(1, $session['tokens'][$token]);
  50         $this->assertEquals(40, strlen($token));
  51     }
  52
  53     /**
  54      * Check a session token
  55      */
  56     public function testCheckToken()
  57     {
  58         $token = '4dccc3a45ad9d03e5542b90c37d8db6d10f2b38b';
  59         $session = [
  60             'tokens' => [
  61                 $token => 1,
  62             ],
  63         ];
  64         $conf = new FakeConfigManager();
  65         $sessionManager = new SessionManager($session, $conf);
  66
  67
  68         // check and destroy the token
  69         $this->assertTrue($sessionManager->checkToken($token));
  70         $this->assertFalse(isset($session['tokens'][$token]));
  71
  72         // ensure the token has been destroyed
  73         $this->assertFalse($sessionManager->checkToken($token));
  74     }
  75
  76     /**
  77      * Generate and check a session token
  78      */
  79     public function testGenerateAndCheckToken()
  80     {
  81         $session = [];
  82         $conf = new FakeConfigManager();
  83         $sessionManager = new SessionManager($session, $conf);
  84
  85         $token = $sessionManager->generateToken();
  86
  87         // ensure a token has been generated
  88         $this->assertEquals(1, $session['tokens'][$token]);
  89         $this->assertEquals(40, strlen($token));
  90
  91         // check and destroy the token
  92         $this->assertTrue($sessionManager->checkToken($token));
  93         $this->assertFalse(isset($session['tokens'][$token]));
  94
  95         // ensure the token has been destroyed
  96         $this->assertFalse($sessionManager->checkToken($token));
  97     }
  98
  99     /**
 100      * Check an invalid session token
 101      */
 102     public function testCheckInvalidToken()
 103     {
 104         $session = [];
 105         $conf = new FakeConfigManager();
 106         $sessionManager = new SessionManager($session, $conf);
 107
 108         $this->assertFalse($sessionManager->checkToken('4dccc3a45ad9d03e5542b90c37d8db6d10f2b38b'));
 109     }
 110
 111     /**
 112      * Test SessionManager::checkId with a valid ID - TEST ALL THE HASHES!
 113      *
 114      * This tests extensively covers all hash algorithms / bit representations
 115      */
 116     public function testIsAnyHashSessionIdValid()
 117     {
 118         foreach (self::$sidHashes as $algo => $bpcs) {
 119             foreach ($bpcs as $bpc => $hash) {
 120                 $this->assertTrue(SessionManager::checkId($hash));
 121             }
 122         }
 123     }
 124
 125     /**
 126      * Test checkId with a valid ID - SHA-1 hashes
 127      */
 128     public function testIsSha1SessionIdValid()
 129     {
 130         $this->assertTrue(SessionManager::checkId(sha1('shaarli')));
 131     }
 132
 133     /**
 134      * Test checkId with a valid ID - SHA-256 hashes
 135      */
 136     public function testIsSha256SessionIdValid()
 137     {
 138         $this->assertTrue(SessionManager::checkId(hash('sha256', 'shaarli')));
 139     }
 140
 141     /**
 142      * Test checkId with a valid ID - SHA-512 hashes
 143      */
 144     public function testIsSha512SessionIdValid()
 145     {
 146         $this->assertTrue(SessionManager::checkId(hash('sha512', 'shaarli')));
 147     }
 148
 149     /**
 150      * Test checkId with invalid IDs.
 151      */
 152     public function testIsSessionIdInvalid()
 153     {
 154         $this->assertFalse(SessionManager::checkId(''));
 155         $this->assertFalse(SessionManager::checkId([]));
 156         $this->assertFalse(
 157             SessionManager::checkId('c0ZqcWF3VFE2NmJBdm1HMVQ0ZHJ3UmZPbTFsNGhkNHI=')
 158         );
 159     }
 160 }