aboutsummaryrefslogblamecommitdiffhomepage
path: root/tests/SessionManagerTest.php
blob: 9fa60dc5f6a973293414d034a462c102ccfcbb99 (plain) (tree)
1
2
3
4
5
6
7
8
9
     


                                                              
 
                            

                                
 
















                                         










                                                                 
















































                                                                                                    

















































                                                                                   
 
<?php
// Initialize reference data _before_ PHPUnit starts a session
require_once 'tests/utils/ReferenceSessionIdHashes.php';
ReferenceSessionIdHashes::genAllHashes();

use \Shaarli\SessionManager;
use \PHPUnit\Framework\TestCase;


/**
 * Fake ConfigManager
 */
class FakeConfigManager
{
    public static function get($key)
    {
        return $key;
    }
}


/**
 * Test coverage for SessionManager
 */
class SessionManagerTest extends TestCase
{
    // Session ID hashes
    protected static $sidHashes = null;

    /**
     * Assign reference data
     */
    public static function setUpBeforeClass()
    {
        self::$sidHashes = ReferenceSessionIdHashes::getHashes();
    }

    /**
     * Generate a session token
     */
    public function testGenerateToken()
    {
        $session = [];
        $conf = new FakeConfigManager();
        $sessionManager = new SessionManager($session, $conf);

        $token = $sessionManager->generateToken();

        $this->assertEquals(1, $session['tokens'][$token]);
        $this->assertEquals(40, strlen($token));
    }

    /**
     * Generate and check a session token
     */
    public function testGenerateAndCheckToken()
    {
        $session = [];
        $conf = new FakeConfigManager();
        $sessionManager = new SessionManager($session, $conf);

        $token = $sessionManager->generateToken();

        // ensure a token has been generated
        $this->assertEquals(1, $session['tokens'][$token]);
        $this->assertEquals(40, strlen($token));

        // check and destroy the token
        $this->assertTrue($sessionManager->checkToken($token));
        $this->assertFalse(isset($session['tokens'][$token]));

        // ensure the token has been destroyed
        $this->assertFalse($sessionManager->checkToken($token));
    }

    /**
     * Check an invalid session token
     */
    public function testCheckInvalidToken()
    {
        $session = [];
        $conf = new FakeConfigManager();
        $sessionManager = new SessionManager($session, $conf);

        $this->assertFalse($sessionManager->checkToken('4dccc3a45ad9d03e5542b90c37d8db6d10f2b38b'));
    }

    /**
     * Test SessionManager::checkId with a valid ID - TEST ALL THE HASHES!
     *
     * This tests extensively covers all hash algorithms / bit representations
     */
    public function testIsAnyHashSessionIdValid()
    {
        foreach (self::$sidHashes as $algo => $bpcs) {
            foreach ($bpcs as $bpc => $hash) {
                $this->assertTrue(SessionManager::checkId($hash));
            }
        }
    }

    /**
     * Test checkId with a valid ID - SHA-1 hashes
     */
    public function testIsSha1SessionIdValid()
    {
        $this->assertTrue(SessionManager::checkId(sha1('shaarli')));
    }

    /**
     * Test checkId with a valid ID - SHA-256 hashes
     */
    public function testIsSha256SessionIdValid()
    {
        $this->assertTrue(SessionManager::checkId(hash('sha256', 'shaarli')));
    }

    /**
     * Test checkId with a valid ID - SHA-512 hashes
     */
    public function testIsSha512SessionIdValid()
    {
        $this->assertTrue(SessionManager::checkId(hash('sha512', 'shaarli')));
    }

    /**
     * Test checkId with invalid IDs.
     */
    public function testIsSessionIdInvalid()
    {
        $this->assertFalse(SessionManager::checkId(''));
        $this->assertFalse(SessionManager::checkId([]));
        $this->assertFalse(
            SessionManager::checkId('c0ZqcWF3VFE2NmJBdm1HMVQ0ZHJ3UmZPbTFsNGhkNHI=')
        );
    }
}