aboutsummaryrefslogtreecommitdiffhomepage
path: root/tests/security
diff options
context:
space:
mode:
authorArthurHoaro <arthur@hoa.ro>2020-08-27 10:27:34 +0200
committerGitHub <noreply@github.com>2020-08-27 10:27:34 +0200
commitaf41d5ab5d2bd3ba64d052c997bc6afa6966a63c (patch)
tree8fad2829c55f94022e359fa8914e11f80a2afc2a /tests/security
parentb8e3630f2ecd142d397b1b062a346a667bb78595 (diff)
parent0c6fdbe12bbbb336348666b14b82096f24d5858b (diff)
downloadShaarli-af41d5ab5d2bd3ba64d052c997bc6afa6966a63c.tar.gz
Shaarli-af41d5ab5d2bd3ba64d052c997bc6afa6966a63c.tar.zst
Shaarli-af41d5ab5d2bd3ba64d052c997bc6afa6966a63c.zip
Merge pull request #1511 from ArthurHoaro/wip-slim-routing
Diffstat (limited to 'tests/security')
-rw-r--r--tests/security/LoginManagerTest.php30
-rw-r--r--tests/security/SessionManagerTest.php71
2 files changed, 80 insertions, 21 deletions
diff --git a/tests/security/LoginManagerTest.php b/tests/security/LoginManagerTest.php
index 8fd1698c..f242be09 100644
--- a/tests/security/LoginManagerTest.php
+++ b/tests/security/LoginManagerTest.php
@@ -1,7 +1,6 @@
1<?php 1<?php
2namespace Shaarli\Security;
3 2
4require_once 'tests/utils/FakeConfigManager.php'; 3namespace Shaarli\Security;
5 4
6use PHPUnit\Framework\TestCase; 5use PHPUnit\Framework\TestCase;
7 6
@@ -58,6 +57,9 @@ class LoginManagerTest extends TestCase
58 /** @var string Salt used by hash functions */ 57 /** @var string Salt used by hash functions */
59 protected $salt = '669e24fa9c5a59a613f98e8e38327384504a4af2'; 58 protected $salt = '669e24fa9c5a59a613f98e8e38327384504a4af2';
60 59
60 /** @var CookieManager */
61 protected $cookieManager;
62
61 /** 63 /**
62 * Prepare or reset test resources 64 * Prepare or reset test resources
63 */ 65 */
@@ -84,8 +86,12 @@ class LoginManagerTest extends TestCase
84 $this->cookie = []; 86 $this->cookie = [];
85 $this->session = []; 87 $this->session = [];
86 88
87 $this->sessionManager = new SessionManager($this->session, $this->configManager); 89 $this->cookieManager = $this->createMock(CookieManager::class);
88 $this->loginManager = new LoginManager($this->configManager, $this->sessionManager); 90 $this->cookieManager->method('getCookieParameter')->willReturnCallback(function (string $key) {
91 return $this->cookie[$key] ?? null;
92 });
93 $this->sessionManager = new SessionManager($this->session, $this->configManager, 'session_path');
94 $this->loginManager = new LoginManager($this->configManager, $this->sessionManager, $this->cookieManager);
89 $this->server['REMOTE_ADDR'] = $this->ipAddr; 95 $this->server['REMOTE_ADDR'] = $this->ipAddr;
90 } 96 }
91 97
@@ -193,8 +199,8 @@ class LoginManagerTest extends TestCase
193 $configManager = new \FakeConfigManager([ 199 $configManager = new \FakeConfigManager([
194 'resource.ban_file' => $this->banFile, 200 'resource.ban_file' => $this->banFile,
195 ]); 201 ]);
196 $loginManager = new LoginManager($configManager, null); 202 $loginManager = new LoginManager($configManager, null, $this->cookieManager);
197 $loginManager->checkLoginState([], ''); 203 $loginManager->checkLoginState('');
198 204
199 $this->assertFalse($loginManager->isLoggedIn()); 205 $this->assertFalse($loginManager->isLoggedIn());
200 } 206 }
@@ -210,9 +216,9 @@ class LoginManagerTest extends TestCase
210 'expires_on' => time() + 100, 216 'expires_on' => time() + 100,
211 ]; 217 ];
212 $this->loginManager->generateStaySignedInToken($this->clientIpAddress); 218 $this->loginManager->generateStaySignedInToken($this->clientIpAddress);
213 $this->cookie[LoginManager::$STAY_SIGNED_IN_COOKIE] = 'nope'; 219 $this->cookie[CookieManager::STAY_SIGNED_IN] = 'nope';
214 220
215 $this->loginManager->checkLoginState($this->cookie, $this->clientIpAddress); 221 $this->loginManager->checkLoginState($this->clientIpAddress);
216 222
217 $this->assertTrue($this->loginManager->isLoggedIn()); 223 $this->assertTrue($this->loginManager->isLoggedIn());
218 $this->assertTrue(empty($this->session['username'])); 224 $this->assertTrue(empty($this->session['username']));
@@ -224,9 +230,9 @@ class LoginManagerTest extends TestCase
224 public function testCheckLoginStateStaySignedInWithValidToken() 230 public function testCheckLoginStateStaySignedInWithValidToken()
225 { 231 {
226 $this->loginManager->generateStaySignedInToken($this->clientIpAddress); 232 $this->loginManager->generateStaySignedInToken($this->clientIpAddress);
227 $this->cookie[LoginManager::$STAY_SIGNED_IN_COOKIE] = $this->loginManager->getStaySignedInToken(); 233 $this->cookie[CookieManager::STAY_SIGNED_IN] = $this->loginManager->getStaySignedInToken();
228 234
229 $this->loginManager->checkLoginState($this->cookie, $this->clientIpAddress); 235 $this->loginManager->checkLoginState($this->clientIpAddress);
230 236
231 $this->assertTrue($this->loginManager->isLoggedIn()); 237 $this->assertTrue($this->loginManager->isLoggedIn());
232 $this->assertEquals($this->login, $this->session['username']); 238 $this->assertEquals($this->login, $this->session['username']);
@@ -241,7 +247,7 @@ class LoginManagerTest extends TestCase
241 $this->loginManager->generateStaySignedInToken($this->clientIpAddress); 247 $this->loginManager->generateStaySignedInToken($this->clientIpAddress);
242 $this->session['expires_on'] = time() - 100; 248 $this->session['expires_on'] = time() - 100;
243 249
244 $this->loginManager->checkLoginState($this->cookie, $this->clientIpAddress); 250 $this->loginManager->checkLoginState($this->clientIpAddress);
245 251
246 $this->assertFalse($this->loginManager->isLoggedIn()); 252 $this->assertFalse($this->loginManager->isLoggedIn());
247 } 253 }
@@ -253,7 +259,7 @@ class LoginManagerTest extends TestCase
253 { 259 {
254 $this->loginManager->generateStaySignedInToken($this->clientIpAddress); 260 $this->loginManager->generateStaySignedInToken($this->clientIpAddress);
255 261
256 $this->loginManager->checkLoginState($this->cookie, '10.7.157.98'); 262 $this->loginManager->checkLoginState('10.7.157.98');
257 263
258 $this->assertFalse($this->loginManager->isLoggedIn()); 264 $this->assertFalse($this->loginManager->isLoggedIn());
259 } 265 }
diff --git a/tests/security/SessionManagerTest.php b/tests/security/SessionManagerTest.php
index f264505e..60695dcf 100644
--- a/tests/security/SessionManagerTest.php
+++ b/tests/security/SessionManagerTest.php
@@ -1,12 +1,8 @@
1<?php 1<?php
2require_once 'tests/utils/FakeConfigManager.php';
3 2
4// Initialize reference data _before_ PHPUnit starts a session 3namespace Shaarli\Security;
5require_once 'tests/utils/ReferenceSessionIdHashes.php';
6ReferenceSessionIdHashes::genAllHashes();
7 4
8use PHPUnit\Framework\TestCase; 5use PHPUnit\Framework\TestCase;
9use Shaarli\Security\SessionManager;
10 6
11/** 7/**
12 * Test coverage for SessionManager 8 * Test coverage for SessionManager
@@ -30,7 +26,7 @@ class SessionManagerTest extends TestCase
30 */ 26 */
31 public static function setUpBeforeClass() 27 public static function setUpBeforeClass()
32 { 28 {
33 self::$sidHashes = ReferenceSessionIdHashes::getHashes(); 29 self::$sidHashes = \ReferenceSessionIdHashes::getHashes();
34 } 30 }
35 31
36 /** 32 /**
@@ -38,13 +34,13 @@ class SessionManagerTest extends TestCase
38 */ 34 */
39 public function setUp() 35 public function setUp()
40 { 36 {
41 $this->conf = new FakeConfigManager([ 37 $this->conf = new \FakeConfigManager([
42 'credentials.login' => 'johndoe', 38 'credentials.login' => 'johndoe',
43 'credentials.salt' => 'salt', 39 'credentials.salt' => 'salt',
44 'security.session_protection_disabled' => false, 40 'security.session_protection_disabled' => false,
45 ]); 41 ]);
46 $this->session = []; 42 $this->session = [];
47 $this->sessionManager = new SessionManager($this->session, $this->conf); 43 $this->sessionManager = new SessionManager($this->session, $this->conf, 'session_path');
48 } 44 }
49 45
50 /** 46 /**
@@ -69,7 +65,7 @@ class SessionManagerTest extends TestCase
69 $token => 1, 65 $token => 1,
70 ], 66 ],
71 ]; 67 ];
72 $sessionManager = new SessionManager($session, $this->conf); 68 $sessionManager = new SessionManager($session, $this->conf, 'session_path');
73 69
74 // check and destroy the token 70 // check and destroy the token
75 $this->assertTrue($sessionManager->checkToken($token)); 71 $this->assertTrue($sessionManager->checkToken($token));
@@ -269,4 +265,61 @@ class SessionManagerTest extends TestCase
269 $this->session['ip'] = 'ip_id_one'; 265 $this->session['ip'] = 'ip_id_one';
270 $this->assertTrue($this->sessionManager->hasClientIpChanged('ip_id_two')); 266 $this->assertTrue($this->sessionManager->hasClientIpChanged('ip_id_two'));
271 } 267 }
268
269 /**
270 * Test creating an entry in the session array
271 */
272 public function testSetSessionParameterCreate(): void
273 {
274 $this->sessionManager->setSessionParameter('abc', 'def');
275
276 static::assertSame('def', $this->session['abc']);
277 }
278
279 /**
280 * Test updating an entry in the session array
281 */
282 public function testSetSessionParameterUpdate(): void
283 {
284 $this->session['abc'] = 'ghi';
285
286 $this->sessionManager->setSessionParameter('abc', 'def');
287
288 static::assertSame('def', $this->session['abc']);
289 }
290
291 /**
292 * Test updating an entry in the session array with null value
293 */
294 public function testSetSessionParameterUpdateNull(): void
295 {
296 $this->session['abc'] = 'ghi';
297
298 $this->sessionManager->setSessionParameter('abc', null);
299
300 static::assertArrayHasKey('abc', $this->session);
301 static::assertNull($this->session['abc']);
302 }
303
304 /**
305 * Test deleting an existing entry in the session array
306 */
307 public function testDeleteSessionParameter(): void
308 {
309 $this->session['abc'] = 'def';
310
311 $this->sessionManager->deleteSessionParameter('abc');
312
313 static::assertArrayNotHasKey('abc', $this->session);
314 }
315
316 /**
317 * Test deleting a non existent entry in the session array
318 */
319 public function testDeleteSessionParameterNotExisting(): void
320 {
321 $this->sessionManager->deleteSessionParameter('abc');
322
323 static::assertArrayNotHasKey('abc', $this->session);
324 }
272} 325}