Merge pull request #1005 from virtualtam/refactor/authentication

Refactor session management utilities
author: VirtualTam <virtualtam+github@flibidi.net> 2017-10-25 22:49:22 +0200
committer: GitHub <noreply@github.com> 2017-10-25 22:49:22 +0200
commit: 88d38cb290aad669ad1406e2362d85c81e46d4f6 (patch)
tree: 9a0689e685ba42b44e507f2ae5e22595671b3bc4 /tests/SessionManagerTest.php
parent: 6bc7afab91c78b893da314220fe346a366aefb8f (diff)
parent: ae7c954b1279981cc23c9f67d88f55bfecc4d828 (diff)
download: Shaarli-88d38cb290aad669ad1406e2362d85c81e46d4f6.tar.gz
Shaarli-88d38cb290aad669ad1406e2362d85c81e46d4f6.tar.zst
Shaarli-88d38cb290aad669ad1406e2362d85c81e46d4f6.zip
1 files changed, 160 insertions, 0 deletions
diff --git a/tests/SessionManagerTest.php b/tests/SessionManagerTest.php
new file mode 100644
index 00000000..a92c3ccc
--- /dev/null
+++ b/tests/SessionManagerTest.php
@@ -0,0 +1,160 @@
+<?php
+// Initialize reference data _before_ PHPUnit starts a session
+require_once 'tests/utils/ReferenceSessionIdHashes.php';
+ReferenceSessionIdHashes::genAllHashes();
+use \Shaarli\SessionManager;
+use \PHPUnit\Framework\TestCase;
+/**
+ * Fake ConfigManager
+ */
+class FakeConfigManager
+{
+    public static function get($key)
+    {
+        return $key;
+    }
+}
+/**
+ * Test coverage for SessionManager
+ */
+class SessionManagerTest extends TestCase
+{
+    // Session ID hashes
+    protected static $sidHashes = null;
+    /**
+     * Assign reference data
+     */
+    public static function setUpBeforeClass()
+    {
+        self::$sidHashes = ReferenceSessionIdHashes::getHashes();
+    }
+    /**
+     * Generate a session token
+     */
+    public function testGenerateToken()
+    {
+        $session = [];
+        $conf = new FakeConfigManager();
+        $sessionManager = new SessionManager($session, $conf);
+        $token = $sessionManager->generateToken();
+        $this->assertEquals(1, $session['tokens'][$token]);
+        $this->assertEquals(40, strlen($token));
+    }
+    /**
+     * Check a session token
+     */
+    public function testCheckToken()
+    {
+        $token = '4dccc3a45ad9d03e5542b90c37d8db6d10f2b38b';
+        $session = [
+            'tokens' => [
+                $token => 1,
+            ],
+        ];
+        $conf = new FakeConfigManager();
+        $sessionManager = new SessionManager($session, $conf);
+        // check and destroy the token
+        $this->assertTrue($sessionManager->checkToken($token));
+        $this->assertFalse(isset($session['tokens'][$token]));
+        // ensure the token has been destroyed
+        $this->assertFalse($sessionManager->checkToken($token));
+    }
+    /**
+     * Generate and check a session token
+     */
+    public function testGenerateAndCheckToken()
+    {
+        $session = [];
+        $conf = new FakeConfigManager();
+        $sessionManager = new SessionManager($session, $conf);
+        $token = $sessionManager->generateToken();
+        // ensure a token has been generated
+        $this->assertEquals(1, $session['tokens'][$token]);
+        $this->assertEquals(40, strlen($token));
+        // check and destroy the token
+        $this->assertTrue($sessionManager->checkToken($token));
+        $this->assertFalse(isset($session['tokens'][$token]));
+        // ensure the token has been destroyed
+        $this->assertFalse($sessionManager->checkToken($token));
+    }
+    /**
+     * Check an invalid session token
+     */
+    public function testCheckInvalidToken()
+    {
+        $session = [];
+        $conf = new FakeConfigManager();
+        $sessionManager = new SessionManager($session, $conf);
+        $this->assertFalse($sessionManager->checkToken('4dccc3a45ad9d03e5542b90c37d8db6d10f2b38b'));
+    }
+    /**
+     * Test SessionManager::checkId with a valid ID - TEST ALL THE HASHES!
+     *
+     * This tests extensively covers all hash algorithms / bit representations
+     */
+    public function testIsAnyHashSessionIdValid()
+    {
+        foreach (self::$sidHashes as $algo => $bpcs) {
+            foreach ($bpcs as $bpc => $hash) {
+                $this->assertTrue(SessionManager::checkId($hash));
+            }
+        }
+    }
+    /**
+     * Test checkId with a valid ID - SHA-1 hashes
+     */
+    public function testIsSha1SessionIdValid()
+    {
+        $this->assertTrue(SessionManager::checkId(sha1('shaarli')));
+    }
+    /**
+     * Test checkId with a valid ID - SHA-256 hashes
+     */
+    public function testIsSha256SessionIdValid()
+    {
+        $this->assertTrue(SessionManager::checkId(hash('sha256', 'shaarli')));
+    }
+    /**
+     * Test checkId with a valid ID - SHA-512 hashes
+     */
+    public function testIsSha512SessionIdValid()
+    {
+        $this->assertTrue(SessionManager::checkId(hash('sha512', 'shaarli')));
+    }
+    /**
+     * Test checkId with invalid IDs.
+     */
+    public function testIsSessionIdInvalid()
+    {
+        $this->assertFalse(SessionManager::checkId(''));
+        $this->assertFalse(SessionManager::checkId([]));
+        $this->assertFalse(
+            SessionManager::checkId('c0ZqcWF3VFE2NmJBdm1HMVQ0ZHJ3UmZPbTFsNGhkNHI=')
+        );
+    }
+}
author	VirtualTam <virtualtam+github@flibidi.net>	2017-10-25 22:49:22 +0200
committer	GitHub <noreply@github.com>	2017-10-25 22:49:22 +0200
commit	88d38cb290aad669ad1406e2362d85c81e46d4f6 (patch)
tree	9a0689e685ba42b44e507f2ae5e22595671b3bc4 /tests/SessionManagerTest.php
parent	6bc7afab91c78b893da314220fe346a366aefb8f (diff)
parent	ae7c954b1279981cc23c9f67d88f55bfecc4d828 (diff)
download	Shaarli-88d38cb290aad669ad1406e2362d85c81e46d4f6.tar.gz Shaarli-88d38cb290aad669ad1406e2362d85c81e46d4f6.tar.zst Shaarli-88d38cb290aad669ad1406e2362d85c81e46d4f6.zip

diff --git a/tests/SessionManagerTest.php b/tests/SessionManagerTest.php new file mode 100644 index 00000000..a92c3ccc --- /dev/null +++ b/tests/SessionManagerTest.php
@@ -0,0 +1,160 @@
	1	<?php
	2	// Initialize reference data _before_ PHPUnit starts a session
	3	require_once 'tests/utils/ReferenceSessionIdHashes.php';
	4	ReferenceSessionIdHashes::genAllHashes();
	5
	6	use \Shaarli\SessionManager;
	7	use \PHPUnit\Framework\TestCase;
	8
	9
	10	/**
	11	* Fake ConfigManager
	12	*/
	13	class FakeConfigManager
	14	{
	15	public static function get($key)
	16	{
	17	return $key;
	18	}
	19	}
	20
	21
	22	/**
	23	* Test coverage for SessionManager
	24	*/
	25	class SessionManagerTest extends TestCase
	26	{
	27	// Session ID hashes
	28	protected static $sidHashes = null;
	29
	30	/**
	31	* Assign reference data
	32	*/
	33	public static function setUpBeforeClass()
	34	{
	35	self::$sidHashes = ReferenceSessionIdHashes::getHashes();
	36	}
	37
	38	/**
	39	* Generate a session token
	40	*/
	41	public function testGenerateToken()
	42	{
	43	$session = [];
	44	$conf = new FakeConfigManager();
	45	$sessionManager = new SessionManager($session, $conf);
	46
	47	$token = $sessionManager->generateToken();
	48
	49	$this->assertEquals(1, $session['tokens'][$token]);
	50	$this->assertEquals(40, strlen($token));
	51	}
	52
	53	/**
	54	* Check a session token
	55	*/
	56	public function testCheckToken()
	57	{
	58	$token = '4dccc3a45ad9d03e5542b90c37d8db6d10f2b38b';
	59	$session = [
	60	'tokens' => [
	61	$token => 1,
	62	],
	63	];
	64	$conf = new FakeConfigManager();
	65	$sessionManager = new SessionManager($session, $conf);
	66
	67
	68	// check and destroy the token
	69	$this->assertTrue($sessionManager->checkToken($token));
	70	$this->assertFalse(isset($session['tokens'][$token]));
	71
	72	// ensure the token has been destroyed
	73	$this->assertFalse($sessionManager->checkToken($token));
	74	}
	75
	76	/**
	77	* Generate and check a session token
	78	*/
	79	public function testGenerateAndCheckToken()
	80	{
	81	$session = [];
	82	$conf = new FakeConfigManager();
	83	$sessionManager = new SessionManager($session, $conf);
	84
	85	$token = $sessionManager->generateToken();
	86
	87	// ensure a token has been generated
	88	$this->assertEquals(1, $session['tokens'][$token]);
	89	$this->assertEquals(40, strlen($token));
	90
	91	// check and destroy the token
	92	$this->assertTrue($sessionManager->checkToken($token));
	93	$this->assertFalse(isset($session['tokens'][$token]));
	94
	95	// ensure the token has been destroyed
	96	$this->assertFalse($sessionManager->checkToken($token));
	97	}
	98
	99	/**
	100	* Check an invalid session token
	101	*/
	102	public function testCheckInvalidToken()
	103	{
	104	$session = [];
	105	$conf = new FakeConfigManager();
	106	$sessionManager = new SessionManager($session, $conf);
	107
	108	$this->assertFalse($sessionManager->checkToken('4dccc3a45ad9d03e5542b90c37d8db6d10f2b38b'));
	109	}
	110
	111	/**
	112	* Test SessionManager::checkId with a valid ID - TEST ALL THE HASHES!
	113	*
	114	* This tests extensively covers all hash algorithms / bit representations
	115	*/
	116	public function testIsAnyHashSessionIdValid()
	117	{
	118	foreach (self::$sidHashes as $algo => $bpcs) {
	119	foreach ($bpcs as $bpc => $hash) {
	120	$this->assertTrue(SessionManager::checkId($hash));
	121	}
	122	}
	123	}
	124
	125	/**
	126	* Test checkId with a valid ID - SHA-1 hashes
	127	*/
	128	public function testIsSha1SessionIdValid()
	129	{
	130	$this->assertTrue(SessionManager::checkId(sha1('shaarli')));
	131	}
	132
	133	/**
	134	* Test checkId with a valid ID - SHA-256 hashes
	135	*/
	136	public function testIsSha256SessionIdValid()
	137	{
	138	$this->assertTrue(SessionManager::checkId(hash('sha256', 'shaarli')));
	139	}
	140
	141	/**
	142	* Test checkId with a valid ID - SHA-512 hashes
	143	*/
	144	public function testIsSha512SessionIdValid()
	145	{
	146	$this->assertTrue(SessionManager::checkId(hash('sha512', 'shaarli')));
	147	}
	148
	149	/**
	150	* Test checkId with invalid IDs.
	151	*/
	152	public function testIsSessionIdInvalid()
	153	{
	154	$this->assertFalse(SessionManager::checkId(''));
	155	$this->assertFalse(SessionManager::checkId([]));
	156	$this->assertFalse(
	157	SessionManager::checkId('c0ZqcWF3VFE2NmJBdm1HMVQ0ZHJ3UmZPbTFsNGhkNHI=')
	158	);
	159	}
	160	}