aboutsummaryrefslogtreecommitdiffhomepage
path: root/tests/security
diff options
context:
space:
mode:
authorVirtualTam <virtualtam@flibidi.net>2018-05-06 17:06:36 +0200
committerVirtualTam <virtualtam@flibidi.net>2018-06-02 16:46:06 +0200
commitc689e108639a4f6aa9e15928422e14db7cbe30ca (patch)
tree4c118404cc33f2542c01787b638581ba02bbb8bb /tests/security
parent51f0128cdba52099c40693379e72f094b42a6f80 (diff)
downloadShaarli-c689e108639a4f6aa9e15928422e14db7cbe30ca.tar.gz
Shaarli-c689e108639a4f6aa9e15928422e14db7cbe30ca.tar.zst
Shaarli-c689e108639a4f6aa9e15928422e14db7cbe30ca.zip
Refactor LoginManager stay-signed-in token management
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
Diffstat (limited to 'tests/security')
-rw-r--r--tests/security/LoginManagerTest.php31
1 files changed, 31 insertions, 0 deletions
diff --git a/tests/security/LoginManagerTest.php b/tests/security/LoginManagerTest.php
index b957abe3..633f1bb9 100644
--- a/tests/security/LoginManagerTest.php
+++ b/tests/security/LoginManagerTest.php
@@ -18,6 +18,18 @@ class LoginManagerTest extends TestCase
18 protected $server = []; 18 protected $server = [];
19 protected $trustedProxy = '10.1.1.100'; 19 protected $trustedProxy = '10.1.1.100';
20 20
21 /** @var string User login */
22 protected $login = 'johndoe';
23
24 /** @var string User password */
25 protected $password = 'IC4nHazL0g1n?';
26
27 /** @var string Hash of the salted user password */
28 protected $passwordHash = '';
29
30 /** @var string Salt used by hash functions */
31 protected $salt = '669e24fa9c5a59a613f98e8e38327384504a4af2';
32
21 /** 33 /**
22 * Prepare or reset test resources 34 * Prepare or reset test resources
23 */ 35 */
@@ -27,7 +39,12 @@ class LoginManagerTest extends TestCase
27 unlink($this->banFile); 39 unlink($this->banFile);
28 } 40 }
29 41
42 $this->passwordHash = sha1($this->password . $this->login . $this->salt);
43
30 $this->configManager = new \FakeConfigManager([ 44 $this->configManager = new \FakeConfigManager([
45 'credentials.login' => $this->login,
46 'credentials.hash' => $this->passwordHash,
47 'credentials.salt' => $this->salt,
31 'resource.ban_file' => $this->banFile, 48 'resource.ban_file' => $this->banFile,
32 'resource.log' => $this->logFile, 49 'resource.log' => $this->logFile,
33 'security.ban_after' => 4, 50 'security.ban_after' => 4,
@@ -196,4 +213,18 @@ class LoginManagerTest extends TestCase
196 $this->globals['IPBANS']['BANS'][$this->ipAddr] = time() - 3600; 213 $this->globals['IPBANS']['BANS'][$this->ipAddr] = time() - 3600;
197 $this->assertTrue($this->loginManager->canLogin($this->server)); 214 $this->assertTrue($this->loginManager->canLogin($this->server));
198 } 215 }
216
217 /**
218 * Generate a token depending on the user credentials and client IP
219 */
220 public function testGenerateStaySignedInToken()
221 {
222 $ipAddress = '10.1.47.179';
223 $this->loginManager->generateStaySignedInToken($ipAddress);
224
225 $this->assertEquals(
226 sha1($this->passwordHash . $ipAddress . $this->salt),
227 $this->loginManager->getStaySignedInToken()
228 );
229 }
199} 230}