diff options
author | ArthurHoaro <arthur@hoa.ro> | 2020-08-27 10:27:34 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-08-27 10:27:34 +0200 |
commit | af41d5ab5d2bd3ba64d052c997bc6afa6966a63c (patch) | |
tree | 8fad2829c55f94022e359fa8914e11f80a2afc2a /tests/security | |
parent | b8e3630f2ecd142d397b1b062a346a667bb78595 (diff) | |
parent | 0c6fdbe12bbbb336348666b14b82096f24d5858b (diff) | |
download | Shaarli-af41d5ab5d2bd3ba64d052c997bc6afa6966a63c.tar.gz Shaarli-af41d5ab5d2bd3ba64d052c997bc6afa6966a63c.tar.zst Shaarli-af41d5ab5d2bd3ba64d052c997bc6afa6966a63c.zip |
Merge pull request #1511 from ArthurHoaro/wip-slim-routing
Diffstat (limited to 'tests/security')
-rw-r--r-- | tests/security/LoginManagerTest.php | 30 | ||||
-rw-r--r-- | tests/security/SessionManagerTest.php | 71 |
2 files changed, 80 insertions, 21 deletions
diff --git a/tests/security/LoginManagerTest.php b/tests/security/LoginManagerTest.php index 8fd1698c..f242be09 100644 --- a/tests/security/LoginManagerTest.php +++ b/tests/security/LoginManagerTest.php | |||
@@ -1,7 +1,6 @@ | |||
1 | <?php | 1 | <?php |
2 | namespace Shaarli\Security; | ||
3 | 2 | ||
4 | require_once 'tests/utils/FakeConfigManager.php'; | 3 | namespace Shaarli\Security; |
5 | 4 | ||
6 | use PHPUnit\Framework\TestCase; | 5 | use PHPUnit\Framework\TestCase; |
7 | 6 | ||
@@ -58,6 +57,9 @@ class LoginManagerTest extends TestCase | |||
58 | /** @var string Salt used by hash functions */ | 57 | /** @var string Salt used by hash functions */ |
59 | protected $salt = '669e24fa9c5a59a613f98e8e38327384504a4af2'; | 58 | protected $salt = '669e24fa9c5a59a613f98e8e38327384504a4af2'; |
60 | 59 | ||
60 | /** @var CookieManager */ | ||
61 | protected $cookieManager; | ||
62 | |||
61 | /** | 63 | /** |
62 | * Prepare or reset test resources | 64 | * Prepare or reset test resources |
63 | */ | 65 | */ |
@@ -84,8 +86,12 @@ class LoginManagerTest extends TestCase | |||
84 | $this->cookie = []; | 86 | $this->cookie = []; |
85 | $this->session = []; | 87 | $this->session = []; |
86 | 88 | ||
87 | $this->sessionManager = new SessionManager($this->session, $this->configManager); | 89 | $this->cookieManager = $this->createMock(CookieManager::class); |
88 | $this->loginManager = new LoginManager($this->configManager, $this->sessionManager); | 90 | $this->cookieManager->method('getCookieParameter')->willReturnCallback(function (string $key) { |
91 | return $this->cookie[$key] ?? null; | ||
92 | }); | ||
93 | $this->sessionManager = new SessionManager($this->session, $this->configManager, 'session_path'); | ||
94 | $this->loginManager = new LoginManager($this->configManager, $this->sessionManager, $this->cookieManager); | ||
89 | $this->server['REMOTE_ADDR'] = $this->ipAddr; | 95 | $this->server['REMOTE_ADDR'] = $this->ipAddr; |
90 | } | 96 | } |
91 | 97 | ||
@@ -193,8 +199,8 @@ class LoginManagerTest extends TestCase | |||
193 | $configManager = new \FakeConfigManager([ | 199 | $configManager = new \FakeConfigManager([ |
194 | 'resource.ban_file' => $this->banFile, | 200 | 'resource.ban_file' => $this->banFile, |
195 | ]); | 201 | ]); |
196 | $loginManager = new LoginManager($configManager, null); | 202 | $loginManager = new LoginManager($configManager, null, $this->cookieManager); |
197 | $loginManager->checkLoginState([], ''); | 203 | $loginManager->checkLoginState(''); |
198 | 204 | ||
199 | $this->assertFalse($loginManager->isLoggedIn()); | 205 | $this->assertFalse($loginManager->isLoggedIn()); |
200 | } | 206 | } |
@@ -210,9 +216,9 @@ class LoginManagerTest extends TestCase | |||
210 | 'expires_on' => time() + 100, | 216 | 'expires_on' => time() + 100, |
211 | ]; | 217 | ]; |
212 | $this->loginManager->generateStaySignedInToken($this->clientIpAddress); | 218 | $this->loginManager->generateStaySignedInToken($this->clientIpAddress); |
213 | $this->cookie[LoginManager::$STAY_SIGNED_IN_COOKIE] = 'nope'; | 219 | $this->cookie[CookieManager::STAY_SIGNED_IN] = 'nope'; |
214 | 220 | ||
215 | $this->loginManager->checkLoginState($this->cookie, $this->clientIpAddress); | 221 | $this->loginManager->checkLoginState($this->clientIpAddress); |
216 | 222 | ||
217 | $this->assertTrue($this->loginManager->isLoggedIn()); | 223 | $this->assertTrue($this->loginManager->isLoggedIn()); |
218 | $this->assertTrue(empty($this->session['username'])); | 224 | $this->assertTrue(empty($this->session['username'])); |
@@ -224,9 +230,9 @@ class LoginManagerTest extends TestCase | |||
224 | public function testCheckLoginStateStaySignedInWithValidToken() | 230 | public function testCheckLoginStateStaySignedInWithValidToken() |
225 | { | 231 | { |
226 | $this->loginManager->generateStaySignedInToken($this->clientIpAddress); | 232 | $this->loginManager->generateStaySignedInToken($this->clientIpAddress); |
227 | $this->cookie[LoginManager::$STAY_SIGNED_IN_COOKIE] = $this->loginManager->getStaySignedInToken(); | 233 | $this->cookie[CookieManager::STAY_SIGNED_IN] = $this->loginManager->getStaySignedInToken(); |
228 | 234 | ||
229 | $this->loginManager->checkLoginState($this->cookie, $this->clientIpAddress); | 235 | $this->loginManager->checkLoginState($this->clientIpAddress); |
230 | 236 | ||
231 | $this->assertTrue($this->loginManager->isLoggedIn()); | 237 | $this->assertTrue($this->loginManager->isLoggedIn()); |
232 | $this->assertEquals($this->login, $this->session['username']); | 238 | $this->assertEquals($this->login, $this->session['username']); |
@@ -241,7 +247,7 @@ class LoginManagerTest extends TestCase | |||
241 | $this->loginManager->generateStaySignedInToken($this->clientIpAddress); | 247 | $this->loginManager->generateStaySignedInToken($this->clientIpAddress); |
242 | $this->session['expires_on'] = time() - 100; | 248 | $this->session['expires_on'] = time() - 100; |
243 | 249 | ||
244 | $this->loginManager->checkLoginState($this->cookie, $this->clientIpAddress); | 250 | $this->loginManager->checkLoginState($this->clientIpAddress); |
245 | 251 | ||
246 | $this->assertFalse($this->loginManager->isLoggedIn()); | 252 | $this->assertFalse($this->loginManager->isLoggedIn()); |
247 | } | 253 | } |
@@ -253,7 +259,7 @@ class LoginManagerTest extends TestCase | |||
253 | { | 259 | { |
254 | $this->loginManager->generateStaySignedInToken($this->clientIpAddress); | 260 | $this->loginManager->generateStaySignedInToken($this->clientIpAddress); |
255 | 261 | ||
256 | $this->loginManager->checkLoginState($this->cookie, '10.7.157.98'); | 262 | $this->loginManager->checkLoginState('10.7.157.98'); |
257 | 263 | ||
258 | $this->assertFalse($this->loginManager->isLoggedIn()); | 264 | $this->assertFalse($this->loginManager->isLoggedIn()); |
259 | } | 265 | } |
diff --git a/tests/security/SessionManagerTest.php b/tests/security/SessionManagerTest.php index f264505e..60695dcf 100644 --- a/tests/security/SessionManagerTest.php +++ b/tests/security/SessionManagerTest.php | |||
@@ -1,12 +1,8 @@ | |||
1 | <?php | 1 | <?php |
2 | require_once 'tests/utils/FakeConfigManager.php'; | ||
3 | 2 | ||
4 | // Initialize reference data _before_ PHPUnit starts a session | 3 | namespace Shaarli\Security; |
5 | require_once 'tests/utils/ReferenceSessionIdHashes.php'; | ||
6 | ReferenceSessionIdHashes::genAllHashes(); | ||
7 | 4 | ||
8 | use PHPUnit\Framework\TestCase; | 5 | use PHPUnit\Framework\TestCase; |
9 | use Shaarli\Security\SessionManager; | ||
10 | 6 | ||
11 | /** | 7 | /** |
12 | * Test coverage for SessionManager | 8 | * Test coverage for SessionManager |
@@ -30,7 +26,7 @@ class SessionManagerTest extends TestCase | |||
30 | */ | 26 | */ |
31 | public static function setUpBeforeClass() | 27 | public static function setUpBeforeClass() |
32 | { | 28 | { |
33 | self::$sidHashes = ReferenceSessionIdHashes::getHashes(); | 29 | self::$sidHashes = \ReferenceSessionIdHashes::getHashes(); |
34 | } | 30 | } |
35 | 31 | ||
36 | /** | 32 | /** |
@@ -38,13 +34,13 @@ class SessionManagerTest extends TestCase | |||
38 | */ | 34 | */ |
39 | public function setUp() | 35 | public function setUp() |
40 | { | 36 | { |
41 | $this->conf = new FakeConfigManager([ | 37 | $this->conf = new \FakeConfigManager([ |
42 | 'credentials.login' => 'johndoe', | 38 | 'credentials.login' => 'johndoe', |
43 | 'credentials.salt' => 'salt', | 39 | 'credentials.salt' => 'salt', |
44 | 'security.session_protection_disabled' => false, | 40 | 'security.session_protection_disabled' => false, |
45 | ]); | 41 | ]); |
46 | $this->session = []; | 42 | $this->session = []; |
47 | $this->sessionManager = new SessionManager($this->session, $this->conf); | 43 | $this->sessionManager = new SessionManager($this->session, $this->conf, 'session_path'); |
48 | } | 44 | } |
49 | 45 | ||
50 | /** | 46 | /** |
@@ -69,7 +65,7 @@ class SessionManagerTest extends TestCase | |||
69 | $token => 1, | 65 | $token => 1, |
70 | ], | 66 | ], |
71 | ]; | 67 | ]; |
72 | $sessionManager = new SessionManager($session, $this->conf); | 68 | $sessionManager = new SessionManager($session, $this->conf, 'session_path'); |
73 | 69 | ||
74 | // check and destroy the token | 70 | // check and destroy the token |
75 | $this->assertTrue($sessionManager->checkToken($token)); | 71 | $this->assertTrue($sessionManager->checkToken($token)); |
@@ -269,4 +265,61 @@ class SessionManagerTest extends TestCase | |||
269 | $this->session['ip'] = 'ip_id_one'; | 265 | $this->session['ip'] = 'ip_id_one'; |
270 | $this->assertTrue($this->sessionManager->hasClientIpChanged('ip_id_two')); | 266 | $this->assertTrue($this->sessionManager->hasClientIpChanged('ip_id_two')); |
271 | } | 267 | } |
268 | |||
269 | /** | ||
270 | * Test creating an entry in the session array | ||
271 | */ | ||
272 | public function testSetSessionParameterCreate(): void | ||
273 | { | ||
274 | $this->sessionManager->setSessionParameter('abc', 'def'); | ||
275 | |||
276 | static::assertSame('def', $this->session['abc']); | ||
277 | } | ||
278 | |||
279 | /** | ||
280 | * Test updating an entry in the session array | ||
281 | */ | ||
282 | public function testSetSessionParameterUpdate(): void | ||
283 | { | ||
284 | $this->session['abc'] = 'ghi'; | ||
285 | |||
286 | $this->sessionManager->setSessionParameter('abc', 'def'); | ||
287 | |||
288 | static::assertSame('def', $this->session['abc']); | ||
289 | } | ||
290 | |||
291 | /** | ||
292 | * Test updating an entry in the session array with null value | ||
293 | */ | ||
294 | public function testSetSessionParameterUpdateNull(): void | ||
295 | { | ||
296 | $this->session['abc'] = 'ghi'; | ||
297 | |||
298 | $this->sessionManager->setSessionParameter('abc', null); | ||
299 | |||
300 | static::assertArrayHasKey('abc', $this->session); | ||
301 | static::assertNull($this->session['abc']); | ||
302 | } | ||
303 | |||
304 | /** | ||
305 | * Test deleting an existing entry in the session array | ||
306 | */ | ||
307 | public function testDeleteSessionParameter(): void | ||
308 | { | ||
309 | $this->session['abc'] = 'def'; | ||
310 | |||
311 | $this->sessionManager->deleteSessionParameter('abc'); | ||
312 | |||
313 | static::assertArrayNotHasKey('abc', $this->session); | ||
314 | } | ||
315 | |||
316 | /** | ||
317 | * Test deleting a non existent entry in the session array | ||
318 | */ | ||
319 | public function testDeleteSessionParameterNotExisting(): void | ||
320 | { | ||
321 | $this->sessionManager->deleteSessionParameter('abc'); | ||
322 | |||
323 | static::assertArrayNotHasKey('abc', $this->session); | ||
324 | } | ||
272 | } | 325 | } |