aboutsummaryrefslogtreecommitdiffhomepage
path: root/tests/SessionManagerTest.php
diff options
context:
space:
mode:
authorVirtualTam <virtualtam+github@flibidi.net>2017-10-25 22:49:22 +0200
committerGitHub <noreply@github.com>2017-10-25 22:49:22 +0200
commit88d38cb290aad669ad1406e2362d85c81e46d4f6 (patch)
tree9a0689e685ba42b44e507f2ae5e22595671b3bc4 /tests/SessionManagerTest.php
parent6bc7afab91c78b893da314220fe346a366aefb8f (diff)
parentae7c954b1279981cc23c9f67d88f55bfecc4d828 (diff)
downloadShaarli-88d38cb290aad669ad1406e2362d85c81e46d4f6.tar.gz
Shaarli-88d38cb290aad669ad1406e2362d85c81e46d4f6.tar.zst
Shaarli-88d38cb290aad669ad1406e2362d85c81e46d4f6.zip
Merge pull request #1005 from virtualtam/refactor/authentication
Refactor session management utilities
Diffstat (limited to 'tests/SessionManagerTest.php')
-rw-r--r--tests/SessionManagerTest.php160
1 files changed, 160 insertions, 0 deletions
diff --git a/tests/SessionManagerTest.php b/tests/SessionManagerTest.php
new file mode 100644
index 00000000..a92c3ccc
--- /dev/null
+++ b/tests/SessionManagerTest.php
@@ -0,0 +1,160 @@
1<?php
2// Initialize reference data _before_ PHPUnit starts a session
3require_once 'tests/utils/ReferenceSessionIdHashes.php';
4ReferenceSessionIdHashes::genAllHashes();
5
6use \Shaarli\SessionManager;
7use \PHPUnit\Framework\TestCase;
8
9
10/**
11 * Fake ConfigManager
12 */
13class FakeConfigManager
14{
15 public static function get($key)
16 {
17 return $key;
18 }
19}
20
21
22/**
23 * Test coverage for SessionManager
24 */
25class SessionManagerTest extends TestCase
26{
27 // Session ID hashes
28 protected static $sidHashes = null;
29
30 /**
31 * Assign reference data
32 */
33 public static function setUpBeforeClass()
34 {
35 self::$sidHashes = ReferenceSessionIdHashes::getHashes();
36 }
37
38 /**
39 * Generate a session token
40 */
41 public function testGenerateToken()
42 {
43 $session = [];
44 $conf = new FakeConfigManager();
45 $sessionManager = new SessionManager($session, $conf);
46
47 $token = $sessionManager->generateToken();
48
49 $this->assertEquals(1, $session['tokens'][$token]);
50 $this->assertEquals(40, strlen($token));
51 }
52
53 /**
54 * Check a session token
55 */
56 public function testCheckToken()
57 {
58 $token = '4dccc3a45ad9d03e5542b90c37d8db6d10f2b38b';
59 $session = [
60 'tokens' => [
61 $token => 1,
62 ],
63 ];
64 $conf = new FakeConfigManager();
65 $sessionManager = new SessionManager($session, $conf);
66
67
68 // check and destroy the token
69 $this->assertTrue($sessionManager->checkToken($token));
70 $this->assertFalse(isset($session['tokens'][$token]));
71
72 // ensure the token has been destroyed
73 $this->assertFalse($sessionManager->checkToken($token));
74 }
75
76 /**
77 * Generate and check a session token
78 */
79 public function testGenerateAndCheckToken()
80 {
81 $session = [];
82 $conf = new FakeConfigManager();
83 $sessionManager = new SessionManager($session, $conf);
84
85 $token = $sessionManager->generateToken();
86
87 // ensure a token has been generated
88 $this->assertEquals(1, $session['tokens'][$token]);
89 $this->assertEquals(40, strlen($token));
90
91 // check and destroy the token
92 $this->assertTrue($sessionManager->checkToken($token));
93 $this->assertFalse(isset($session['tokens'][$token]));
94
95 // ensure the token has been destroyed
96 $this->assertFalse($sessionManager->checkToken($token));
97 }
98
99 /**
100 * Check an invalid session token
101 */
102 public function testCheckInvalidToken()
103 {
104 $session = [];
105 $conf = new FakeConfigManager();
106 $sessionManager = new SessionManager($session, $conf);
107
108 $this->assertFalse($sessionManager->checkToken('4dccc3a45ad9d03e5542b90c37d8db6d10f2b38b'));
109 }
110
111 /**
112 * Test SessionManager::checkId with a valid ID - TEST ALL THE HASHES!
113 *
114 * This tests extensively covers all hash algorithms / bit representations
115 */
116 public function testIsAnyHashSessionIdValid()
117 {
118 foreach (self::$sidHashes as $algo => $bpcs) {
119 foreach ($bpcs as $bpc => $hash) {
120 $this->assertTrue(SessionManager::checkId($hash));
121 }
122 }
123 }
124
125 /**
126 * Test checkId with a valid ID - SHA-1 hashes
127 */
128 public function testIsSha1SessionIdValid()
129 {
130 $this->assertTrue(SessionManager::checkId(sha1('shaarli')));
131 }
132
133 /**
134 * Test checkId with a valid ID - SHA-256 hashes
135 */
136 public function testIsSha256SessionIdValid()
137 {
138 $this->assertTrue(SessionManager::checkId(hash('sha256', 'shaarli')));
139 }
140
141 /**
142 * Test checkId with a valid ID - SHA-512 hashes
143 */
144 public function testIsSha512SessionIdValid()
145 {
146 $this->assertTrue(SessionManager::checkId(hash('sha512', 'shaarli')));
147 }
148
149 /**
150 * Test checkId with invalid IDs.
151 */
152 public function testIsSessionIdInvalid()
153 {
154 $this->assertFalse(SessionManager::checkId(''));
155 $this->assertFalse(SessionManager::checkId([]));
156 $this->assertFalse(
157 SessionManager::checkId('c0ZqcWF3VFE2NmJBdm1HMVQ0ZHJ3UmZPbTFsNGhkNHI=')
158 );
159 }
160}