Merge tag 'v0.10.0' into latest

Release v0.10.0

31 files changed, 2042 insertions, 184 deletions

diff --git a/tests/HttpUtils/ClientIpIdTest.php b/tests/HttpUtils/ClientIpIdTest.php
new file mode 100644
index 00000000..c15ac5cc
--- /dev/null
+++ b/tests/HttpUtils/ClientIpIdTest.php
@@ -0,0 +1,52 @@
+<?php
+/**
+ * HttpUtils' tests
+ */
+
+require_once 'application/HttpUtils.php';
+
+/**
+ * Unitary tests for client_ip_id()
+ */
+class ClientIpIdTest extends PHPUnit_Framework_TestCase
+{
+    /**
+     * Get a remote client ID based on its IP
+     */
+    public function testClientIpIdRemote()
+    {
+        $this->assertEquals(
+            '10.1.167.42',
+            client_ip_id(['REMOTE_ADDR' => '10.1.167.42'])
+        );
+    }
+
+    /**
+     * Get a remote client ID based on its IP and proxy information (1)
+     */
+    public function testClientIpIdRemoteForwarded()
+    {
+        $this->assertEquals(
+            '10.1.167.42_127.0.1.47',
+            client_ip_id([
+                'REMOTE_ADDR' => '10.1.167.42',
+                'HTTP_X_FORWARDED_FOR' => '127.0.1.47'
+            ])
+        );
+    }
+
+    /**
+     * Get a remote client ID based on its IP and proxy information (2)
+     */
+    public function testClientIpIdRemoteForwardedClient()
+    {
+        $this->assertEquals(
+            '10.1.167.42_10.1.167.56_127.0.1.47',
+            client_ip_id([
+                'REMOTE_ADDR' => '10.1.167.42',
+                'HTTP_X_FORWARDED_FOR' => '10.1.167.56',
+                'HTTP_CLIENT_IP' => '127.0.1.47'
+            ])
+        );
+    }
+}
diff --git a/tests/LanguagesTest.php b/tests/LanguagesTest.php
index 864ce630..4951e09a 100644
--- a/tests/LanguagesTest.php
+++ b/tests/LanguagesTest.php
@@ -176,6 +176,32 @@ class LanguagesTest extends \PHPUnit_Framework_TestCase
     }
 
     /**
+     * Test t() with an extension language file coming from the theme in gettext mode
+     */
+    public function testTranslationThemeExtensionGettext()
+    {
+        $this->conf->set('translation.mode', 'gettext');
+        $this->conf->set('raintpl_tpl', 'tests/utils/customtpl/');
+        $this->conf->set('theme', 'dummy');
+        new Languages('en', $this->conf);
+        $txt = 'rooster'; // ignore me poedit
+        $this->assertEquals('rooster', t($txt, $txt, 1, 'dummy'));
+    }
+
+    /**
+     * Test t() with an extension language file coming from the theme in PHP mode
+     */
+    public function testTranslationThemeExtensionPhp()
+    {
+        $this->conf->set('translation.mode', 'php');
+        $this->conf->set('raintpl_tpl', 'tests/utils/customtpl/');
+        $this->conf->set('theme', 'dummy');
+        new Languages('en', $this->conf);
+        $txt = 'rooster'; // ignore me poedit
+        $this->assertEquals('rooster', t($txt, $txt, 1, 'dummy'));
+    }
+
+    /**
      * Test t() with an extension language file in gettext mode
      */
     public function testTranslationExtensionGettext()
diff --git a/tests/LinkDBTest.php b/tests/LinkDBTest.php
index 5b2f3667..3b980878 100644
--- a/tests/LinkDBTest.php
+++ b/tests/LinkDBTest.php
@@ -542,4 +542,104 @@ class LinkDBTest extends PHPUnit_Framework_TestCase
         $this->assertEquals(3, count($res));
         $this->assertNotContains('cartoon', $linkDB[4]['tags']);
     }
+
+    /**
+     * Test linksCountPerTag all tags without filter.
+     * Equal occurrences should be sorted alphabetically.
+     */
+    public function testCountLinkPerTagAllNoFilter()
+    {
+        $expected = [
+            'web' => 4,
+            'cartoon' => 3,
+            'dev' => 2,
+            'gnu' => 2,
+            'hashtag' => 2,
+            'sTuff' => 2,
+            '-exclude' => 1,
+            '.hidden' => 1,
+            'Mercurial' => 1,
+            'css' => 1,
+            'free' => 1,
+            'html' => 1,
+            'media' => 1,
+            'samba' => 1,
+            'software' => 1,
+            'stallman' => 1,
+            'tag1' => 1,
+            'tag2' => 1,
+            'tag3' => 1,
+            'tag4' => 1,
+            'ut' => 1,
+            'w3c' => 1,
+        ];
+        $tags = self::$privateLinkDB->linksCountPerTag();
+
+        $this->assertEquals($expected, $tags, var_export($tags, true));
+    }
+
+    /**
+     * Test linksCountPerTag all tags with filter.
+     * Equal occurrences should be sorted alphabetically.
+     */
+    public function testCountLinkPerTagAllWithFilter()
+    {
+        $expected = [
+            'gnu' => 2,
+            'hashtag' => 2,
+            '-exclude' => 1,
+            '.hidden' => 1,
+            'free' => 1,
+            'media' => 1,
+            'software' => 1,
+            'stallman' => 1,
+            'stuff' => 1,
+            'web' => 1,
+        ];
+        $tags = self::$privateLinkDB->linksCountPerTag(['gnu']);
+
+        $this->assertEquals($expected, $tags, var_export($tags, true));
+    }
+
+    /**
+     * Test linksCountPerTag public tags with filter.
+     * Equal occurrences should be sorted alphabetically.
+     */
+    public function testCountLinkPerTagPublicWithFilter()
+    {
+        $expected = [
+            'gnu' => 2,
+            'hashtag' => 2,
+            '-exclude' => 1,
+            '.hidden' => 1,
+            'free' => 1,
+            'media' => 1,
+            'software' => 1,
+            'stallman' => 1,
+            'stuff' => 1,
+            'web' => 1,
+        ];
+        $tags = self::$privateLinkDB->linksCountPerTag(['gnu'], 'public');
+
+        $this->assertEquals($expected, $tags, var_export($tags, true));
+    }
+
+    /**
+     * Test linksCountPerTag public tags with filter.
+     * Equal occurrences should be sorted alphabetically.
+     */
+    public function testCountLinkPerTagPrivateWithFilter()
+    {
+        $expected = [
+            'cartoon' => 1,
+            'dev' => 1,
+            'tag1' => 1,
+            'tag2' => 1,
+            'tag3' => 1,
+            'tag4' => 1,
+        ];
+        $tags = self::$privateLinkDB->linksCountPerTag(['dev'], 'private');
+
+        $this->assertEquals($expected, $tags, var_export($tags, true));
+    }
 }
diff --git a/tests/NetscapeBookmarkUtils/BookmarkImportTest.php b/tests/NetscapeBookmarkUtils/BookmarkImportTest.php
index 4961aa2c..f0a958cb 100644
--- a/tests/NetscapeBookmarkUtils/BookmarkImportTest.php
+++ b/tests/NetscapeBookmarkUtils/BookmarkImportTest.php
@@ -127,6 +127,21 @@ class BookmarkImportTest extends PHPUnit_Framework_TestCase
     }
 
     /**
+     * Attempt to import bookmarks from a file with a lowercase Doctype
+     */
+    public function testImportLowecaseDoctype()
+    {
+        $files = file2array('lowercase_doctype.htm');
+        $this->assertStringMatchesFormat(
+            'File lowercase_doctype.htm (386 bytes) was successfully processed in %d seconds:'
+            .' 2 links imported, 0 links overwritten, 0 links skipped.',
+            NetscapeBookmarkUtils::import(null, $files, $this->linkDb, $this->conf, $this->history)
+        );
+        $this->assertEquals(2, count($this->linkDb));
+    }
+
+
+    /**
      * Ensure IE dumps are supported
      */
     public function testImportInternetExplorerEncoding()
diff --git a/tests/NetscapeBookmarkUtils/input/lowercase_doctype.htm b/tests/NetscapeBookmarkUtils/input/lowercase_doctype.htm
new file mode 100644
index 00000000..8911ad19
--- /dev/null
+++ b/tests/NetscapeBookmarkUtils/input/lowercase_doctype.htm
@@ -0,0 +1,8 @@
+<!DOCTYPE netscape-bookmark-file-1>
+<TITLE>Bookmarks</TITLE>
+<H1>Bookmarks</H1>
+<DL><p>
+<DT><A HREF="https://private.tld" ADD_DATE="10/Oct/2000:13:55:36 +0300" PRIVATE="1" TAGS="private secret">Secret stuff</A>
+<DD>Super-secret stuff you're not supposed to know about
+<DT><A HREF="http://public.tld" ADD_DATE="1456433748" PRIVATE="0" TAGS="public hello world">Public stuff</A>
+</DL><p>
diff --git a/tests/SessionManagerTest.php b/tests/SessionManagerTest.php
deleted file mode 100644
index aa75962a..00000000
--- a/tests/SessionManagerTest.php
+++ /dev/null
@@ -1,149 +0,0 @@
-<?php
-require_once 'tests/utils/FakeConfigManager.php';
-
-// Initialize reference data _before_ PHPUnit starts a session
-require_once 'tests/utils/ReferenceSessionIdHashes.php';
-ReferenceSessionIdHashes::genAllHashes();
-
-use \Shaarli\SessionManager;
-use \PHPUnit\Framework\TestCase;
-
-
-/**
- * Test coverage for SessionManager
- */
-class SessionManagerTest extends TestCase
-{
-    // Session ID hashes
-    protected static $sidHashes = null;
-
-    // Fake ConfigManager
-    protected static $conf = null;
-
-    /**
-     * Assign reference data
-     */
-    public static function setUpBeforeClass()
-    {
-        self::$sidHashes = ReferenceSessionIdHashes::getHashes();
-        self::$conf = new FakeConfigManager();
-    }
-
-    /**
-     * Generate a session token
-     */
-    public function testGenerateToken()
-    {
-        $session = [];
-        $sessionManager = new SessionManager($session, self::$conf);
-
-        $token = $sessionManager->generateToken();
-
-        $this->assertEquals(1, $session['tokens'][$token]);
-        $this->assertEquals(40, strlen($token));
-    }
-
-    /**
-     * Check a session token
-     */
-    public function testCheckToken()
-    {
-        $token = '4dccc3a45ad9d03e5542b90c37d8db6d10f2b38b';
-        $session = [
-            'tokens' => [
-                $token => 1,
-            ],
-        ];
-        $sessionManager = new SessionManager($session, self::$conf);
-
-        // check and destroy the token
-        $this->assertTrue($sessionManager->checkToken($token));
-        $this->assertFalse(isset($session['tokens'][$token]));
-
-        // ensure the token has been destroyed
-        $this->assertFalse($sessionManager->checkToken($token));
-    }
-
-    /**
-     * Generate and check a session token
-     */
-    public function testGenerateAndCheckToken()
-    {
-        $session = [];
-        $sessionManager = new SessionManager($session, self::$conf);
-
-        $token = $sessionManager->generateToken();
-
-        // ensure a token has been generated
-        $this->assertEquals(1, $session['tokens'][$token]);
-        $this->assertEquals(40, strlen($token));
-
-        // check and destroy the token
-        $this->assertTrue($sessionManager->checkToken($token));
-        $this->assertFalse(isset($session['tokens'][$token]));
-
-        // ensure the token has been destroyed
-        $this->assertFalse($sessionManager->checkToken($token));
-    }
-
-    /**
-     * Check an invalid session token
-     */
-    public function testCheckInvalidToken()
-    {
-        $session = [];
-        $sessionManager = new SessionManager($session, self::$conf);
-
-        $this->assertFalse($sessionManager->checkToken('4dccc3a45ad9d03e5542b90c37d8db6d10f2b38b'));
-    }
-
-    /**
-     * Test SessionManager::checkId with a valid ID - TEST ALL THE HASHES!
-     *
-     * This tests extensively covers all hash algorithms / bit representations
-     */
-    public function testIsAnyHashSessionIdValid()
-    {
-        foreach (self::$sidHashes as $algo => $bpcs) {
-            foreach ($bpcs as $bpc => $hash) {
-                $this->assertTrue(SessionManager::checkId($hash));
-            }
-        }
-    }
-
-    /**
-     * Test checkId with a valid ID - SHA-1 hashes
-     */
-    public function testIsSha1SessionIdValid()
-    {
-        $this->assertTrue(SessionManager::checkId(sha1('shaarli')));
-    }
-
-    /**
-     * Test checkId with a valid ID - SHA-256 hashes
-     */
-    public function testIsSha256SessionIdValid()
-    {
-        $this->assertTrue(SessionManager::checkId(hash('sha256', 'shaarli')));
-    }
-
-    /**
-     * Test checkId with a valid ID - SHA-512 hashes
-     */
-    public function testIsSha512SessionIdValid()
-    {
-        $this->assertTrue(SessionManager::checkId(hash('sha512', 'shaarli')));
-    }
-
-    /**
-     * Test checkId with invalid IDs.
-     */
-    public function testIsSessionIdInvalid()
-    {
-        $this->assertFalse(SessionManager::checkId(''));
-        $this->assertFalse(SessionManager::checkId([]));
-        $this->assertFalse(
-            SessionManager::checkId('c0ZqcWF3VFE2NmJBdm1HMVQ0ZHJ3UmZPbTFsNGhkNHI=')
-        );
-    }
-}
diff --git a/tests/ThumbnailerTest.php b/tests/ThumbnailerTest.php
new file mode 100644
index 00000000..08311545
--- /dev/null
+++ b/tests/ThumbnailerTest.php
@@ -0,0 +1,114 @@
+<?php
+
+namespace Shaarli;
+
+use PHPUnit\Framework\TestCase;
+use Shaarli\Config\ConfigManager;
+use WebThumbnailer\Application\ConfigManager as WTConfigManager;
+
+/**
+ * Class ThumbnailerTest
+ *
+ * We only make 1 thumb test because:
+ *
+ *   1. the thumbnailer library is itself tested
+ *   2. we don't want to make too many external requests during the tests
+ */
+class ThumbnailerTest extends TestCase
+{
+    const WIDTH = 190;
+
+    const HEIGHT = 210;
+
+    /**
+     * @var Thumbnailer;
+     */
+    protected $thumbnailer;
+
+    /**
+     * @var ConfigManager
+     */
+    protected $conf;
+
+    public function setUp()
+    {
+        $this->conf = new ConfigManager('tests/utils/config/configJson');
+        $this->conf->set('thumbnails.mode', Thumbnailer::MODE_ALL);
+        $this->conf->set('thumbnails.width', self::WIDTH);
+        $this->conf->set('thumbnails.height', self::HEIGHT);
+        $this->conf->set('dev.debug', true);
+
+        $this->thumbnailer = new Thumbnailer($this->conf);
+        // cache files in the sandbox
+        WTConfigManager::addFile('tests/utils/config/wt.json');
+    }
+
+    public function tearDown()
+    {
+        $this->rrmdirContent('sandbox/');
+    }
+
+    /**
+     * Test a thumbnail with a custom size in 'all' mode.
+     */
+    public function testThumbnailAllValid()
+    {
+        $thumb = $this->thumbnailer->get('https://github.com/shaarli/Shaarli/');
+        $this->assertNotFalse($thumb);
+        $image = imagecreatefromstring(file_get_contents($thumb));
+        $this->assertEquals(self::WIDTH, imagesx($image));
+        $this->assertEquals(self::HEIGHT, imagesy($image));
+    }
+
+    /**
+     * Test a thumbnail with a custom size in 'common' mode.
+     */
+    public function testThumbnailCommonValid()
+    {
+        $this->conf->set('thumbnails.mode', Thumbnailer::MODE_COMMON);
+        $thumb = $this->thumbnailer->get('https://imgur.com/jlFgGpe');
+        $this->assertNotFalse($thumb);
+        $image = imagecreatefromstring(file_get_contents($thumb));
+        $this->assertEquals(self::WIDTH, imagesx($image));
+        $this->assertEquals(self::HEIGHT, imagesy($image));
+    }
+
+    /**
+     * Test a thumbnail in 'common' mode which isn't include in common websites.
+     */
+    public function testThumbnailCommonInvalid()
+    {
+        $this->conf->set('thumbnails.mode', Thumbnailer::MODE_COMMON);
+        $thumb = $this->thumbnailer->get('https://github.com/shaarli/Shaarli/');
+        $this->assertFalse($thumb);
+    }
+
+    /**
+     * Test a thumbnail that can't be retrieved.
+     */
+    public function testThumbnailNotValid()
+    {
+        $oldlog = ini_get('error_log');
+        ini_set('error_log', '/dev/null');
+
+        $thumbnailer = new Thumbnailer(new ConfigManager());
+        $thumb = $thumbnailer->get('nope');
+        $this->assertFalse($thumb);
+
+        ini_set('error_log', $oldlog);
+    }
+
+    protected function rrmdirContent($dir) {
+        if (is_dir($dir)) {
+            $objects = scandir($dir);
+            foreach ($objects as $object) {
+                if ($object != "." && $object != "..") {
+                    if (is_dir($dir."/".$object))
+                        $this->rrmdirContent($dir."/".$object);
+                    else
+                        unlink($dir."/".$object);
+                }
+            }
+        }
+    }
+}
diff --git a/tests/Updater/UpdaterTest.php b/tests/Updater/UpdaterTest.php
index fed175df..cacee2d2 100644
--- a/tests/Updater/UpdaterTest.php
+++ b/tests/Updater/UpdaterTest.php
@@ -2,6 +2,7 @@
 use Shaarli\Config\ConfigJson;
 use Shaarli\Config\ConfigManager;
 use Shaarli\Config\ConfigPhp;
+use Shaarli\Thumbnailer;
 
 require_once 'tests/Updater/DummyUpdater.php';
 require_once 'inc/rain.tpl.class.php';
@@ -20,7 +21,7 @@ class UpdaterTest extends PHPUnit_Framework_TestCase
     /**
      * @var string Config file path (without extension).
      */
-    protected static $configFile = 'tests/utils/config/configJson';
+    protected static $configFile = 'sandbox/config';
 
     /**
      * @var ConfigManager
@@ -32,6 +33,7 @@ class UpdaterTest extends PHPUnit_Framework_TestCase
      */
     public function setUp()
     {
+        copy('tests/utils/config/configJson.json.php', self::$configFile .'.json.php');
         $this->conf = new ConfigManager(self::$configFile);
     }
 
@@ -620,4 +622,114 @@ $GLOBALS[\'privateLinkByDefault\'] = true;';
         $this->assertTrue($updater->updateMethodAtomDefault());
         $this->assertTrue($this->conf->get('feed.show_atom'));
     }
+
+    /**
+     * Test updateMethodDownloadSizeAndTimeoutConf, it should be set if none is already defined.
+     */
+    public function testUpdateMethodDownloadSizeAndTimeoutConf()
+    {
+        $sandboxConf = 'sandbox/config';
+        copy(self::$configFile . '.json.php', $sandboxConf . '.json.php');
+        $this->conf = new ConfigManager($sandboxConf);
+        $updater = new Updater([], [], $this->conf, true);
+        $this->assertTrue($updater->updateMethodDownloadSizeAndTimeoutConf());
+        $this->assertEquals(4194304, $this->conf->get('general.download_max_size'));
+        $this->assertEquals(30, $this->conf->get('general.download_timeout'));
+
+        $this->conf = new ConfigManager($sandboxConf);
+        $this->assertEquals(4194304, $this->conf->get('general.download_max_size'));
+        $this->assertEquals(30, $this->conf->get('general.download_timeout'));
+    }
+
+    /**
+     * Test updateMethodDownloadSizeAndTimeoutConf, it shouldn't be set if it is already defined.
+     */
+    public function testUpdateMethodDownloadSizeAndTimeoutConfIgnore()
+    {
+        $sandboxConf = 'sandbox/config';
+        copy(self::$configFile . '.json.php', $sandboxConf . '.json.php');
+        $this->conf = new ConfigManager($sandboxConf);
+        $this->conf->set('general.download_max_size', 38);
+        $this->conf->set('general.download_timeout', 70);
+        $updater = new Updater([], [], $this->conf, true);
+        $this->assertTrue($updater->updateMethodDownloadSizeAndTimeoutConf());
+        $this->assertEquals(38, $this->conf->get('general.download_max_size'));
+        $this->assertEquals(70, $this->conf->get('general.download_timeout'));
+    }
+
+    /**
+     * Test updateMethodDownloadSizeAndTimeoutConf, only the maz size should be set here.
+     */
+    public function testUpdateMethodDownloadSizeAndTimeoutConfOnlySize()
+    {
+        $sandboxConf = 'sandbox/config';
+        copy(self::$configFile . '.json.php', $sandboxConf . '.json.php');
+        $this->conf = new ConfigManager($sandboxConf);
+        $this->conf->set('general.download_max_size', 38);
+        $updater = new Updater([], [], $this->conf, true);
+        $this->assertTrue($updater->updateMethodDownloadSizeAndTimeoutConf());
+        $this->assertEquals(38, $this->conf->get('general.download_max_size'));
+        $this->assertEquals(30, $this->conf->get('general.download_timeout'));
+    }
+
+    /**
+     * Test updateMethodDownloadSizeAndTimeoutConf, only the time out should be set here.
+     */
+    public function testUpdateMethodDownloadSizeAndTimeoutConfOnlyTimeout()
+    {
+        $sandboxConf = 'sandbox/config';
+        copy(self::$configFile . '.json.php', $sandboxConf . '.json.php');
+        $this->conf = new ConfigManager($sandboxConf);
+        $this->conf->set('general.download_timeout', 3);
+        $updater = new Updater([], [], $this->conf, true);
+        $this->assertTrue($updater->updateMethodDownloadSizeAndTimeoutConf());
+        $this->assertEquals(4194304, $this->conf->get('general.download_max_size'));
+        $this->assertEquals(3, $this->conf->get('general.download_timeout'));
+    }
+
+    /**
+     * Test updateMethodWebThumbnailer with thumbnails enabled.
+     */
+    public function testUpdateMethodWebThumbnailerEnabled()
+    {
+        $this->conf->remove('thumbnails');
+        $this->conf->set('thumbnail.enable_thumbnails', true);
+        $updater = new Updater([], [], $this->conf, true, $_SESSION);
+        $this->assertTrue($updater->updateMethodWebThumbnailer());
+        $this->assertFalse($this->conf->exists('thumbnail'));
+        $this->assertEquals(\Shaarli\Thumbnailer::MODE_ALL, $this->conf->get('thumbnails.mode'));
+        $this->assertEquals(125, $this->conf->get('thumbnails.width'));
+        $this->assertEquals(90, $this->conf->get('thumbnails.height'));
+        $this->assertContains('You have enabled or changed thumbnails', $_SESSION['warnings'][0]);
+    }
+
+    /**
+     * Test updateMethodWebThumbnailer with thumbnails disabled.
+     */
+    public function testUpdateMethodWebThumbnailerDisabled()
+    {
+        $this->conf->remove('thumbnails');
+        $this->conf->set('thumbnail.enable_thumbnails', false);
+        $updater = new Updater([], [], $this->conf, true, $_SESSION);
+        $this->assertTrue($updater->updateMethodWebThumbnailer());
+        $this->assertFalse($this->conf->exists('thumbnail'));
+        $this->assertEquals(Thumbnailer::MODE_NONE, $this->conf->get('thumbnails.mode'));
+        $this->assertEquals(125, $this->conf->get('thumbnails.width'));
+        $this->assertEquals(90, $this->conf->get('thumbnails.height'));
+        $this->assertTrue(empty($_SESSION['warnings']));
+    }
+
+    /**
+     * Test updateMethodWebThumbnailer with thumbnails disabled.
+     */
+    public function testUpdateMethodWebThumbnailerNothingToDo()
+    {
+        $updater = new Updater([], [], $this->conf, true, $_SESSION);
+        $this->assertTrue($updater->updateMethodWebThumbnailer());
+        $this->assertFalse($this->conf->exists('thumbnail'));
+        $this->assertEquals(Thumbnailer::MODE_COMMON, $this->conf->get('thumbnails.mode'));
+        $this->assertEquals(90, $this->conf->get('thumbnails.width'));
+        $this->assertEquals(53, $this->conf->get('thumbnails.height'));
+        $this->assertTrue(empty($_SESSION['warnings']));
+    }
 }
diff --git a/tests/api/controllers/HistoryTest.php b/tests/api/controllers/history/HistoryTest.php
index 61046d97..61046d97 100644
--- a/tests/api/controllers/HistoryTest.php
+++ b/tests/api/controllers/history/HistoryTest.php
diff --git a/tests/api/controllers/InfoTest.php b/tests/api/controllers/info/InfoTest.php
index f7e63bfa..f7e63bfa 100644
--- a/tests/api/controllers/InfoTest.php
+++ b/tests/api/controllers/info/InfoTest.php
diff --git a/tests/api/controllers/DeleteLinkTest.php b/tests/api/controllers/links/DeleteLinkTest.php
index 7d797137..7d797137 100644
--- a/tests/api/controllers/DeleteLinkTest.php
+++ b/tests/api/controllers/links/DeleteLinkTest.php
diff --git a/tests/api/controllers/GetLinkIdTest.php b/tests/api/controllers/links/GetLinkIdTest.php
index 57528d5a..57528d5a 100644
--- a/tests/api/controllers/GetLinkIdTest.php
+++ b/tests/api/controllers/links/GetLinkIdTest.php
diff --git a/tests/api/controllers/GetLinksTest.php b/tests/api/controllers/links/GetLinksTest.php
index d22ed3bf..d22ed3bf 100644
--- a/tests/api/controllers/GetLinksTest.php
+++ b/tests/api/controllers/links/GetLinksTest.php
diff --git a/tests/api/controllers/PostLinkTest.php b/tests/api/controllers/links/PostLinkTest.php
index 31954e39..100a9170 100644
--- a/tests/api/controllers/PostLinkTest.php
+++ b/tests/api/controllers/links/PostLinkTest.php
@@ -3,11 +3,13 @@
 namespace Shaarli\Api\Controllers;
 
 
+use PHPUnit\Framework\TestCase;
 use Shaarli\Config\ConfigManager;
 use Slim\Container;
 use Slim\Http\Environment;
 use Slim\Http\Request;
 use Slim\Http\Response;
+use Slim\Router;
 
 /**
  * Class PostLinkTest
@@ -16,7 +18,7 @@ use Slim\Http\Response;
  *
  * @package Shaarli\Api\Controllers
  */
-class PostLinkTest extends \PHPUnit_Framework_TestCase
+class PostLinkTest extends TestCase
 {
     /**
      * @var string datastore to test write operations
@@ -78,7 +80,7 @@ class PostLinkTest extends \PHPUnit_Framework_TestCase
 
         $this->controller = new Links($this->container);
 
-        $mock = $this->getMock('\Slim\Router', ['relativePathFor']);
+        $mock = $this->createMock(Router::class);
         $mock->expects($this->any())
              ->method('relativePathFor')
              ->willReturn('api/v1/links/1');
diff --git a/tests/api/controllers/PutLinkTest.php b/tests/api/controllers/links/PutLinkTest.php
index 8a562571..8a562571 100644
--- a/tests/api/controllers/PutLinkTest.php
+++ b/tests/api/controllers/links/PutLinkTest.php
diff --git a/tests/api/controllers/tags/DeleteTagTest.php b/tests/api/controllers/tags/DeleteTagTest.php
new file mode 100644
index 00000000..e0787ce2
--- /dev/null
+++ b/tests/api/controllers/tags/DeleteTagTest.php
@@ -0,0 +1,164 @@
+<?php
+
+
+namespace Shaarli\Api\Controllers;
+
+use Shaarli\Config\ConfigManager;
+use Slim\Container;
+use Slim\Http\Environment;
+use Slim\Http\Request;
+use Slim\Http\Response;
+
+class DeleteTagTest extends \PHPUnit_Framework_TestCase
+{
+    /**
+     * @var string datastore to test write operations
+     */
+    protected static $testDatastore = 'sandbox/datastore.php';
+
+    /**
+     * @var string datastore to test write operations
+     */
+    protected static $testHistory = 'sandbox/history.php';
+
+    /**
+     * @var ConfigManager instance
+     */
+    protected $conf;
+
+    /**
+     * @var \ReferenceLinkDB instance.
+     */
+    protected $refDB = null;
+
+    /**
+     * @var \LinkDB instance.
+     */
+    protected $linkDB;
+
+    /**
+     * @var \History instance.
+     */
+    protected $history;
+
+    /**
+     * @var Container instance.
+     */
+    protected $container;
+
+    /**
+     * @var Tags controller instance.
+     */
+    protected $controller;
+
+    /**
+     * Before each test, instantiate a new Api with its config, plugins and links.
+     */
+    public function setUp()
+    {
+        $this->conf = new ConfigManager('tests/utils/config/configJson');
+        $this->refDB = new \ReferenceLinkDB();
+        $this->refDB->write(self::$testDatastore);
+        $this->linkDB = new \LinkDB(self::$testDatastore, true, false);
+        $refHistory = new \ReferenceHistory();
+        $refHistory->write(self::$testHistory);
+        $this->history = new \History(self::$testHistory);
+        $this->container = new Container();
+        $this->container['conf'] = $this->conf;
+        $this->container['db'] = $this->linkDB;
+        $this->container['history'] = $this->history;
+
+        $this->controller = new Tags($this->container);
+    }
+
+    /**
+     * After each test, remove the test datastore.
+     */
+    public function tearDown()
+    {
+        @unlink(self::$testDatastore);
+        @unlink(self::$testHistory);
+    }
+
+    /**
+     * Test DELETE tag endpoint: the tag should be removed.
+     */
+    public function testDeleteTagValid()
+    {
+        $tagName = 'gnu';
+        $tags = $this->linkDB->linksCountPerTag();
+        $this->assertTrue($tags[$tagName] > 0);
+        $env = Environment::mock([
+            'REQUEST_METHOD' => 'DELETE',
+        ]);
+        $request = Request::createFromEnvironment($env);
+
+        $response = $this->controller->deleteTag($request, new Response(), ['tagName' => $tagName]);
+        $this->assertEquals(204, $response->getStatusCode());
+        $this->assertEmpty((string) $response->getBody());
+
+        $this->linkDB = new \LinkDB(self::$testDatastore, true, false);
+        $tags = $this->linkDB->linksCountPerTag();
+        $this->assertFalse(isset($tags[$tagName]));
+
+        // 2 links affected
+        $historyEntry = $this->history->getHistory()[0];
+        $this->assertEquals(\History::UPDATED, $historyEntry['event']);
+        $this->assertTrue(
+            (new \DateTime())->add(\DateInterval::createFromDateString('-5 seconds')) < $historyEntry['datetime']
+        );
+        $historyEntry = $this->history->getHistory()[1];
+        $this->assertEquals(\History::UPDATED, $historyEntry['event']);
+        $this->assertTrue(
+            (new \DateTime())->add(\DateInterval::createFromDateString('-5 seconds')) < $historyEntry['datetime']
+        );
+    }
+
+    /**
+     * Test DELETE tag endpoint: the tag should be removed.
+     */
+    public function testDeleteTagCaseSensitivity()
+    {
+        $tagName = 'sTuff';
+        $tags = $this->linkDB->linksCountPerTag();
+        $this->assertTrue($tags[$tagName] > 0);
+        $env = Environment::mock([
+            'REQUEST_METHOD' => 'DELETE',
+        ]);
+        $request = Request::createFromEnvironment($env);
+
+        $response = $this->controller->deleteTag($request, new Response(), ['tagName' => $tagName]);
+        $this->assertEquals(204, $response->getStatusCode());
+        $this->assertEmpty((string) $response->getBody());
+
+        $this->linkDB = new \LinkDB(self::$testDatastore, true, false);
+        $tags = $this->linkDB->linksCountPerTag();
+        $this->assertFalse(isset($tags[$tagName]));
+        $this->assertTrue($tags[strtolower($tagName)] > 0);
+
+        $historyEntry = $this->history->getHistory()[0];
+        $this->assertEquals(\History::UPDATED, $historyEntry['event']);
+        $this->assertTrue(
+            (new \DateTime())->add(\DateInterval::createFromDateString('-5 seconds')) < $historyEntry['datetime']
+        );
+    }
+
+    /**
+     * Test DELETE tag endpoint: reach not existing tag.
+     *
+     * @expectedException Shaarli\Api\Exceptions\ApiTagNotFoundException
+     * @expectedExceptionMessage Tag not found
+     */
+    public function testDeleteLink404()
+    {
+        $tagName = 'nopenope';
+        $tags = $this->linkDB->linksCountPerTag();
+        $this->assertFalse(isset($tags[$tagName]));
+        $env = Environment::mock([
+            'REQUEST_METHOD' => 'DELETE',
+        ]);
+        $request = Request::createFromEnvironment($env);
+
+        $this->controller->deleteTag($request, new Response(), ['tagName' => $tagName]);
+    }
+}
diff --git a/tests/api/controllers/tags/GetTagNameTest.php b/tests/api/controllers/tags/GetTagNameTest.php
new file mode 100644
index 00000000..afac228e
--- /dev/null
+++ b/tests/api/controllers/tags/GetTagNameTest.php
@@ -0,0 +1,129 @@
+<?php
+
+namespace Shaarli\Api\Controllers;
+
+use Shaarli\Config\ConfigManager;
+
+use Slim\Container;
+use Slim\Http\Environment;
+use Slim\Http\Request;
+use Slim\Http\Response;
+
+/**
+ * Class GetTagNameTest
+ *
+ * Test getTag by tag name API service.
+ *
+ * @package Shaarli\Api\Controllers
+ */
+class GetTagNameTest extends \PHPUnit_Framework_TestCase
+{
+    /**
+     * @var string datastore to test write operations
+     */
+    protected static $testDatastore = 'sandbox/datastore.php';
+
+    /**
+     * @var ConfigManager instance
+     */
+    protected $conf;
+
+    /**
+     * @var \ReferenceLinkDB instance.
+     */
+    protected $refDB = null;
+
+    /**
+     * @var Container instance.
+     */
+    protected $container;
+
+    /**
+     * @var Tags controller instance.
+     */
+    protected $controller;
+
+    /**
+     * Number of JSON fields per link.
+     */
+    const NB_FIELDS_TAG = 2;
+
+    /**
+     * Before each test, instantiate a new Api with its config, plugins and links.
+     */
+    public function setUp()
+    {
+        $this->conf = new ConfigManager('tests/utils/config/configJson');
+        $this->refDB = new \ReferenceLinkDB();
+        $this->refDB->write(self::$testDatastore);
+
+        $this->container = new Container();
+        $this->container['conf'] = $this->conf;
+        $this->container['db'] = new \LinkDB(self::$testDatastore, true, false);
+        $this->container['history'] = null;
+
+        $this->controller = new Tags($this->container);
+    }
+
+    /**
+     * After each test, remove the test datastore.
+     */
+    public function tearDown()
+    {
+        @unlink(self::$testDatastore);
+    }
+
+    /**
+     * Test basic getTag service: return gnu tag with 2 occurrences.
+     */
+    public function testGetTag()
+    {
+        $tagName = 'gnu';
+        $env = Environment::mock([
+            'REQUEST_METHOD' => 'GET',
+        ]);
+        $request = Request::createFromEnvironment($env);
+
+        $response = $this->controller->getTag($request, new Response(), ['tagName' => $tagName]);
+        $this->assertEquals(200, $response->getStatusCode());
+        $data = json_decode((string) $response->getBody(), true);
+        $this->assertEquals(self::NB_FIELDS_TAG, count($data));
+        $this->assertEquals($tagName, $data['name']);
+        $this->assertEquals(2, $data['occurrences']);
+    }
+
+    /**
+     * Test getTag service which is not case sensitive: occurrences with both sTuff and stuff
+     */
+    public function testGetTagNotCaseSensitive()
+    {
+        $tagName = 'sTuff';
+        $env = Environment::mock([
+            'REQUEST_METHOD' => 'GET',
+        ]);
+        $request = Request::createFromEnvironment($env);
+
+        $response = $this->controller->getTag($request, new Response(), ['tagName' => $tagName]);
+        $this->assertEquals(200, $response->getStatusCode());
+        $data = json_decode((string) $response->getBody(), true);
+        $this->assertEquals(self::NB_FIELDS_TAG, count($data));
+        $this->assertEquals($tagName, $data['name']);
+        $this->assertEquals(2, $data['occurrences']);
+    }
+
+    /**
+     * Test basic getTag service: get non existent tag => ApiTagNotFoundException.
+     *
+     * @expectedException Shaarli\Api\Exceptions\ApiTagNotFoundException
+     * @expectedExceptionMessage Tag not found
+     */
+    public function testGetTag404()
+    {
+        $env = Environment::mock([
+            'REQUEST_METHOD' => 'GET',
+        ]);
+        $request = Request::createFromEnvironment($env);
+
+        $this->controller->getTag($request, new Response(), ['tagName' => 'nopenope']);
+    }
+}
diff --git a/tests/api/controllers/tags/GetTagsTest.php b/tests/api/controllers/tags/GetTagsTest.php
new file mode 100644
index 00000000..3fab31b0
--- /dev/null
+++ b/tests/api/controllers/tags/GetTagsTest.php
@@ -0,0 +1,209 @@
+<?php
+namespace Shaarli\Api\Controllers;
+
+use Shaarli\Config\ConfigManager;
+
+use Slim\Container;
+use Slim\Http\Environment;
+use Slim\Http\Request;
+use Slim\Http\Response;
+
+/**
+ * Class GetTagsTest
+ *
+ * Test get tag list REST API service.
+ *
+ * @package Shaarli\Api\Controllers
+ */
+class GetTagsTest extends \PHPUnit_Framework_TestCase
+{
+    /**
+     * @var string datastore to test write operations
+     */
+    protected static $testDatastore = 'sandbox/datastore.php';
+
+    /**
+     * @var ConfigManager instance
+     */
+    protected $conf;
+
+    /**
+     * @var \ReferenceLinkDB instance.
+     */
+    protected $refDB = null;
+
+    /**
+     * @var Container instance.
+     */
+    protected $container;
+
+    /**
+     * @var \LinkDB instance.
+     */
+    protected $linkDB;
+
+    /**
+     * @var Tags controller instance.
+     */
+    protected $controller;
+
+    /**
+     * Number of JSON field per link.
+     */
+    const NB_FIELDS_TAG = 2;
+
+    /**
+     * Before every test, instantiate a new Api with its config, plugins and links.
+     */
+    public function setUp()
+    {
+        $this->conf = new ConfigManager('tests/utils/config/configJson');
+        $this->refDB = new \ReferenceLinkDB();
+        $this->refDB->write(self::$testDatastore);
+
+        $this->container = new Container();
+        $this->container['conf'] = $this->conf;
+        $this->linkDB = new \LinkDB(self::$testDatastore, true, false);
+        $this->container['db'] = $this->linkDB;
+        $this->container['history'] = null;
+
+        $this->controller = new Tags($this->container);
+    }
+
+    /**
+     * After every test, remove the test datastore.
+     */
+    public function tearDown()
+    {
+        @unlink(self::$testDatastore);
+    }
+
+    /**
+     * Test basic getTags service: returns all tags.
+     */
+    public function testGetTagsAll()
+    {
+        $tags = $this->linkDB->linksCountPerTag();
+        $env = Environment::mock([
+            'REQUEST_METHOD' => 'GET',
+        ]);
+        $request = Request::createFromEnvironment($env);
+
+        $response = $this->controller->getTags($request, new Response());
+        $this->assertEquals(200, $response->getStatusCode());
+        $data = json_decode((string) $response->getBody(), true);
+        $this->assertEquals(count($tags), count($data));
+
+        // Check order
+        $this->assertEquals(self::NB_FIELDS_TAG, count($data[0]));
+        $this->assertEquals('web', $data[0]['name']);
+        $this->assertEquals(4, $data[0]['occurrences']);
+        $this->assertEquals(self::NB_FIELDS_TAG, count($data[1]));
+        $this->assertEquals('cartoon', $data[1]['name']);
+        $this->assertEquals(3, $data[1]['occurrences']);
+        // Case insensitive
+        $this->assertEquals(self::NB_FIELDS_TAG, count($data[5]));
+        $this->assertEquals('sTuff', $data[5]['name']);
+        $this->assertEquals(2, $data[5]['occurrences']);
+        // End
+        $this->assertEquals(self::NB_FIELDS_TAG, count($data[count($data) - 1]));
+        $this->assertEquals('w3c', $data[count($data) - 1]['name']);
+        $this->assertEquals(1, $data[count($data) - 1]['occurrences']);
+    }
+
+    /**
+     * Test getTags service with offset and limit parameter:
+     *   limit=1 and offset=1 should return only the second tag, cartoon with 3 occurrences
+     */
+    public function testGetTagsOffsetLimit()
+    {
+        $env = Environment::mock([
+            'REQUEST_METHOD' => 'GET',
+            'QUERY_STRING' => 'offset=1&limit=1'
+        ]);
+        $request = Request::createFromEnvironment($env);
+        $response = $this->controller->getTags($request, new Response());
+        $this->assertEquals(200, $response->getStatusCode());
+        $data = json_decode((string) $response->getBody(), true);
+        $this->assertEquals(1, count($data));
+        $this->assertEquals(self::NB_FIELDS_TAG, count($data[0]));
+        $this->assertEquals('cartoon', $data[0]['name']);
+        $this->assertEquals(3, $data[0]['occurrences']);
+    }
+
+    /**
+     * Test getTags with limit=all (return all tags).
+     */
+    public function testGetTagsLimitAll()
+    {
+        $tags = $this->linkDB->linksCountPerTag();
+        $env = Environment::mock([
+            'REQUEST_METHOD' => 'GET',
+            'QUERY_STRING' => 'limit=all'
+        ]);
+        $request = Request::createFromEnvironment($env);
+        $response = $this->controller->getTags($request, new Response());
+        $this->assertEquals(200, $response->getStatusCode());
+        $data = json_decode((string) $response->getBody(), true);
+        $this->assertEquals(count($tags), count($data));
+    }
+
+    /**
+     * Test getTags service with offset and limit parameter:
+     *   limit=1 and offset=1 should not return any tag
+     */
+    public function testGetTagsOffsetTooHigh()
+    {
+        $env = Environment::mock([
+            'REQUEST_METHOD' => 'GET',
+            'QUERY_STRING' => 'offset=100'
+        ]);
+        $request = Request::createFromEnvironment($env);
+        $response = $this->controller->getTags($request, new Response());
+        $this->assertEquals(200, $response->getStatusCode());
+        $data = json_decode((string) $response->getBody(), true);
+        $this->assertEmpty(count($data));
+    }
+
+    /**
+     * Test getTags with visibility parameter set to private
+     */
+    public function testGetTagsVisibilityPrivate()
+    {
+        $tags = $this->linkDB->linksCountPerTag([], 'private');
+        $env = Environment::mock([
+            'REQUEST_METHOD' => 'GET',
+            'QUERY_STRING' => 'visibility=private'
+        ]);
+        $request = Request::createFromEnvironment($env);
+        $response = $this->controller->getTags($request, new Response());
+        $this->assertEquals(200, $response->getStatusCode());
+        $data = json_decode((string) $response->getBody(), true);
+        $this->assertEquals(count($tags), count($data));
+        $this->assertEquals(self::NB_FIELDS_TAG, count($data[0]));
+        $this->assertEquals('Mercurial', $data[0]['name']);
+        $this->assertEquals(1, $data[0]['occurrences']);
+    }
+
+    /**
+     * Test getTags with visibility parameter set to public
+     */
+    public function testGetTagsVisibilityPublic()
+    {
+        $tags = $this->linkDB->linksCountPerTag([], 'public');
+        $env = Environment::mock(
+            [
+                'REQUEST_METHOD' => 'GET',
+                'QUERY_STRING' => 'visibility=public'
+            ]
+        );
+        $request = Request::createFromEnvironment($env);
+        $response = $this->controller->getTags($request, new Response());
+        $this->assertEquals(200, $response->getStatusCode());
+        $data = json_decode((string)$response->getBody(), true);
+        $this->assertEquals(count($tags), count($data));
+        $this->assertEquals(self::NB_FIELDS_TAG, count($data[0]));
+        $this->assertEquals('web', $data[0]['name']);
+        $this->assertEquals(3, $data[0]['occurrences']);
+    }
+}
diff --git a/tests/api/controllers/tags/PutTagTest.php b/tests/api/controllers/tags/PutTagTest.php
new file mode 100644
index 00000000..6f7dec22
--- /dev/null
+++ b/tests/api/controllers/tags/PutTagTest.php
@@ -0,0 +1,209 @@
+<?php
+
+
+namespace Shaarli\Api\Controllers;
+
+
+use Shaarli\Api\Exceptions\ApiBadParametersException;
+use Shaarli\Config\ConfigManager;
+use Slim\Container;
+use Slim\Http\Environment;
+use Slim\Http\Request;
+use Slim\Http\Response;
+
+class PutTagTest extends \PHPUnit_Framework_TestCase
+{
+    /**
+     * @var string datastore to test write operations
+     */
+    protected static $testDatastore = 'sandbox/datastore.php';
+
+    /**
+     * @var string datastore to test write operations
+     */
+    protected static $testHistory = 'sandbox/history.php';
+
+    /**
+     * @var ConfigManager instance
+     */
+    protected $conf;
+
+    /**
+     * @var \ReferenceLinkDB instance.
+     */
+    protected $refDB = null;
+
+    /**
+     * @var \History instance.
+     */
+    protected $history;
+
+    /**
+     * @var Container instance.
+     */
+    protected $container;
+
+    /**
+     * @var \LinkDB instance.
+     */
+    protected $linkDB;
+
+    /**
+     * @var Tags controller instance.
+     */
+    protected $controller;
+
+    /**
+     * Number of JSON field per link.
+     */
+    const NB_FIELDS_TAG = 2;
+
+    /**
+     * Before every test, instantiate a new Api with its config, plugins and links.
+     */
+    public function setUp()
+    {
+        $this->conf = new ConfigManager('tests/utils/config/configJson.json.php');
+        $this->refDB = new \ReferenceLinkDB();
+        $this->refDB->write(self::$testDatastore);
+
+        $refHistory = new \ReferenceHistory();
+        $refHistory->write(self::$testHistory);
+        $this->history = new \History(self::$testHistory);
+
+        $this->container = new Container();
+        $this->container['conf'] = $this->conf;
+        $this->linkDB = new \LinkDB(self::$testDatastore, true, false);
+        $this->container['db'] = $this->linkDB;
+        $this->container['history'] = $this->history;
+
+        $this->controller = new Tags($this->container);
+    }
+
+    /**
+     * After every test, remove the test datastore.
+     */
+    public function tearDown()
+    {
+        @unlink(self::$testDatastore);
+        @unlink(self::$testHistory);
+    }
+
+    /**
+     * Test tags update
+     */
+    public function testPutLinkValid()
+    {
+        $env = Environment::mock([
+            'REQUEST_METHOD' => 'PUT',
+        ]);
+        $tagName = 'gnu';
+        $update = ['name' => $newName = 'newtag'];
+        $request = Request::createFromEnvironment($env);
+        $request = $request->withParsedBody($update);
+
+        $response = $this->controller->putTag($request, new Response(), ['tagName' => $tagName]);
+        $this->assertEquals(200, $response->getStatusCode());
+        $data = json_decode((string) $response->getBody(), true);
+        $this->assertEquals(self::NB_FIELDS_TAG, count($data));
+        $this->assertEquals($newName, $data['name']);
+        $this->assertEquals(2, $data['occurrences']);
+
+        $tags = $this->linkDB->linksCountPerTag();
+        $this->assertNotTrue(isset($tags[$tagName]));
+        $this->assertEquals(2, $tags[$newName]);
+
+        $historyEntry = $this->history->getHistory()[0];
+        $this->assertEquals(\History::UPDATED, $historyEntry['event']);
+        $this->assertTrue(
+            (new \DateTime())->add(\DateInterval::createFromDateString('-5 seconds')) < $historyEntry['datetime']
+        );
+        $historyEntry = $this->history->getHistory()[1];
+        $this->assertEquals(\History::UPDATED, $historyEntry['event']);
+        $this->assertTrue(
+            (new \DateTime())->add(\DateInterval::createFromDateString('-5 seconds')) < $historyEntry['datetime']
+        );
+    }
+
+    /**
+     * Test tag update with an existing tag: they should be merged
+     */
+    public function testPutTagMerge()
+    {
+        $tagName = 'gnu';
+        $newName = 'w3c';
+
+        $tags = $this->linkDB->linksCountPerTag();
+        $this->assertEquals(1, $tags[$newName]);
+        $this->assertEquals(2, $tags[$tagName]);
+
+        $env = Environment::mock([
+            'REQUEST_METHOD' => 'PUT',
+        ]);
+        $update = ['name' => $newName];
+        $request = Request::createFromEnvironment($env);
+        $request = $request->withParsedBody($update);
+
+        $response = $this->controller->putTag($request, new Response(), ['tagName' => $tagName]);
+        $this->assertEquals(200, $response->getStatusCode());
+        $data = json_decode((string) $response->getBody(), true);
+        $this->assertEquals(self::NB_FIELDS_TAG, count($data));
+        $this->assertEquals($newName, $data['name']);
+        $this->assertEquals(3, $data['occurrences']);
+
+        $tags = $this->linkDB->linksCountPerTag();
+        $this->assertNotTrue(isset($tags[$tagName]));
+        $this->assertEquals(3, $tags[$newName]);
+    }
+
+    /**
+     * Test tag update with an empty new tag name => ApiBadParametersException
+     *
+     * @expectedException Shaarli\Api\Exceptions\ApiBadParametersException
+     * @expectedExceptionMessage New tag name is required in the request body
+     */
+    public function testPutTagEmpty()
+    {
+        $tagName = 'gnu';
+        $newName = '';
+
+        $tags = $this->linkDB->linksCountPerTag();
+        $this->assertEquals(2, $tags[$tagName]);
+
+        $env = Environment::mock([
+            'REQUEST_METHOD' => 'PUT',
+        ]);
+        $request = Request::createFromEnvironment($env);
+
+        $env = Environment::mock([
+            'REQUEST_METHOD' => 'PUT',
+        ]);
+        $update = ['name' => $newName];
+        $request = Request::createFromEnvironment($env);
+        $request = $request->withParsedBody($update);
+
+        try {
+            $this->controller->putTag($request, new Response(), ['tagName' => $tagName]);
+        } catch (ApiBadParametersException $e) {
+            $tags = $this->linkDB->linksCountPerTag();
+            $this->assertEquals(2, $tags[$tagName]);
+            throw $e;
+        }
+    }
+
+    /**
+     * Test tag update on non existent tag => ApiTagNotFoundException.
+     *
+     * @expectedException Shaarli\Api\Exceptions\ApiTagNotFoundException
+     * @expectedExceptionMessage Tag not found
+     */
+    public function testPutTag404()
+    {
+        $env = Environment::mock([
+            'REQUEST_METHOD' => 'PUT',
+        ]);
+        $request = Request::createFromEnvironment($env);
+
+        $this->controller->putTag($request, new Response(), ['tagName' => 'nopenope']);
+    }
+}
diff --git a/tests/config/ConfigManagerTest.php b/tests/config/ConfigManagerTest.php
index 1ec447b2..4a4e94ac 100644
--- a/tests/config/ConfigManagerTest.php
+++ b/tests/config/ConfigManagerTest.php
@@ -81,6 +81,18 @@ class ConfigManagerTest extends \PHPUnit_Framework_TestCase
         $this->assertEquals('testSetWriteGetNested', $this->conf->get('foo.bar.key.stuff'));
     }
 
+    public function testSetDeleteNested()
+    {
+        $this->conf->set('foo.bar.key.stuff', 'testSetDeleteNested');
+        $this->assertTrue($this->conf->exists('foo.bar'));
+        $this->assertTrue($this->conf->exists('foo.bar.key.stuff'));
+        $this->assertEquals('testSetDeleteNested', $this->conf->get('foo.bar.key.stuff'));
+
+        $this->conf->remove('foo.bar');
+        $this->assertFalse($this->conf->exists('foo.bar.key.stuff'));
+        $this->assertFalse($this->conf->exists('foo.bar'));
+    }
+
     /**
      * Set with an empty key.
      *
@@ -104,6 +116,17 @@ class ConfigManagerTest extends \PHPUnit_Framework_TestCase
     }
 
     /**
+     * Remove with an empty key.
+     *
+     * @expectedException \Exception
+     * @expectedExceptionMessageRegExp #^Invalid setting key parameter. String expected, got.*#
+     */
+    public function testRmoveEmptyKey()
+    {
+        $this->conf->remove('');
+    }
+
+    /**
      * Try to write the config without mandatory parameter (e.g. 'login').
      *
      * @expectedException Shaarli\Config\Exception\MissingFieldConfigException
diff --git a/tests/languages/fr/LanguagesFrTest.php b/tests/languages/fr/LanguagesFrTest.php
index 79d05172..0cf74891 100644
--- a/tests/languages/fr/LanguagesFrTest.php
+++ b/tests/languages/fr/LanguagesFrTest.php
@@ -172,4 +172,30 @@ class LanguagesFrTest extends \PHPUnit_Framework_TestCase
         $this->assertEquals('voiture', t($txt, $txt, 1, 'test'));
         $this->assertEquals('Fouille', t('Search', 'Search', 1, 'test'));
     }
+
+    /**
+     * Test t() with an extension language file coming from the theme in gettext mode
+     */
+    public function testTranslationThemeExtensionGettext()
+    {
+        $this->conf->set('translation.mode', 'gettext');
+        $this->conf->set('raintpl_tpl', 'tests/utils/customtpl/');
+        $this->conf->set('theme', 'dummy');
+        new Languages('en', $this->conf);
+        $txt = 'rooster'; // ignore me poedit
+        $this->assertEquals('coq', t($txt, $txt, 1, 'dummy'));
+    }
+
+    /**
+     * Test t() with an extension language file coming from the theme in PHP mode
+     */
+    public function testTranslationThemeExtensionPhp()
+    {
+        $this->conf->set('translation.mode', 'php');
+        $this->conf->set('raintpl_tpl', 'tests/utils/customtpl/');
+        $this->conf->set('theme', 'dummy');
+        new Languages('en', $this->conf);
+        $txt = 'rooster'; // ignore me poedit
+        $this->assertEquals('coq', t($txt, $txt, 1, 'dummy'));
+    }
 }
diff --git a/tests/plugins/PluginMarkdownTest.php b/tests/plugins/PluginMarkdownTest.php
index 96891f1f..b31e817f 100644
--- a/tests/plugins/PluginMarkdownTest.php
+++ b/tests/plugins/PluginMarkdownTest.php
@@ -50,6 +50,30 @@ class PluginMarkdownTest extends PHPUnit_Framework_TestCase
     }
 
     /**
+     * Test render_feed hook.
+     */
+    public function testMarkdownFeed()
+    {
+        $markdown = '# My title' . PHP_EOL . 'Very interesting content.';
+        $markdown .= '&#8212; <a href="http://domain.tld/?0oc_VQ" title="Permalien">Permalien</a>';
+        $data = array(
+            'links' => array(
+                0 => array(
+                    'description' => $markdown,
+                ),
+            ),
+        );
+
+        $data = hook_markdown_render_feed($data, $this->conf);
+        $this->assertNotFalse(strpos($data['links'][0]['description'], '<h1>'));
+        $this->assertNotFalse(strpos($data['links'][0]['description'], '<p>'));
+        $this->assertStringEndsWith(
+            '&#8212; <a href="http://domain.tld/?0oc_VQ">Permalien</a></p></div>',
+            $data['links'][0]['description']
+        );
+    }
+
+    /**
      * Test render_daily hook.
      * Only check that there is basic markdown rendering.
      */
@@ -58,20 +82,17 @@ class PluginMarkdownTest extends PHPUnit_Framework_TestCase
         $markdown = '# My title' . PHP_EOL . 'Very interesting content.';
         $data = array(
             // Columns data
-            'cols' => array(
-                // First, second, third.
+            'linksToDisplay' => array(
+                // nth link
                 0 => array(
-                    // nth link
-                    0 => array(
-                        'formatedDescription' => $markdown,
-                    ),
+                    'formatedDescription' => $markdown,
                 ),
             ),
         );
 
         $data = hook_markdown_render_daily($data, $this->conf);
-        $this->assertNotFalse(strpos($data['cols'][0][0]['formatedDescription'], '<h1>'));
-        $this->assertNotFalse(strpos($data['cols'][0][0]['formatedDescription'], '<p>'));
+        $this->assertNotFalse(strpos($data['linksToDisplay'][0]['formatedDescription'], '<h1>'));
+        $this->assertNotFalse(strpos($data['linksToDisplay'][0]['formatedDescription'], '<p>'));
     }
 
     /**
@@ -107,6 +128,37 @@ class PluginMarkdownTest extends PHPUnit_Framework_TestCase
         $this->assertEquals($text, $reversedText);
     }
 
+    public function testReverseFeedPermalink()
+    {
+        $text = 'Description... ';
+        $text .= '&#8212; <a href="http://domain.tld/?0oc_VQ" title="Permalien">Permalien</a>';
+        $expected = 'Description... &#8212; [Permalien](http://domain.tld/?0oc_VQ)';
+        $processedText = reverse_feed_permalink($text);
+
+        $this->assertEquals($expected, $processedText);
+    }
+
+    public function testReverseLastFeedPermalink()
+    {
+        $text = 'Description... ';
+        $text .= '<br>&#8212; <a href="http://domain.tld/?0oc_VQ" title="Permalien">Permalien</a>';
+        $expected = $text;
+        $text .= '<br>&#8212; <a href="http://domain.tld/?0oc_VQ" title="Permalien">Permalien</a>';
+        $expected .= '<br>&#8212; [Permalien](http://domain.tld/?0oc_VQ)';
+        $processedText = reverse_feed_permalink($text);
+
+        $this->assertEquals($expected, $processedText);
+    }
+
+    public function testReverseNoFeedPermalink()
+    {
+        $text = 'Hello! Where are you from?';
+        $expected = $text;
+        $processedText = reverse_feed_permalink($text);
+
+        $this->assertEquals($expected, $processedText);
+    }
+
     /**
      * Test sanitize_html().
      */
@@ -148,21 +200,18 @@ class PluginMarkdownTest extends PHPUnit_Framework_TestCase
 
         $data = array(
             // Columns data
-            'cols' => array(
-                // First, second, third.
+            'linksToDisplay' => array(
+                // nth link
                 0 => array(
-                    // nth link
-                    0 => array(
-                        'formatedDescription' => $str,
-                        'tags' => NO_MD_TAG,
-                        'taglist' => array(),
-                    ),
+                    'formatedDescription' => $str,
+                    'tags' => NO_MD_TAG,
+                    'taglist' => array(),
                 ),
             ),
         );
 
         $data = hook_markdown_render_daily($data, $this->conf);
-        $this->assertEquals($str, $data['cols'][0][0]['formatedDescription']);
+        $this->assertEquals($str, $data['linksToDisplay'][0]['formatedDescription']);
     }
 
     /**
diff --git a/tests/plugins/resources/markdown.html b/tests/plugins/resources/markdown.html
index 844a6f31..f1df4e7e 100644
--- a/tests/plugins/resources/markdown.html
+++ b/tests/plugins/resources/markdown.html
@@ -8,7 +8,7 @@
 </ul>
 <ol>
 <li><a href="http://link.tld">zero</a>
-<ol>
+<ol start="2">
 <li><a href="http://link.tld">two</a></li>
 <li><a href="http://link.tld">three</a></li>
 <li><a href="http://link.tld">four</a></li>
@@ -29,5 +29,5 @@ next #foo</code></pre>
 <a href="https://test.tld/path/?query=value#hash">link</a><br />
 <a href="ftp://test.tld/path/?query=value#hash">link</a><br />
 <a href="magnet:test.tld/path/?query=value#hash">link</a><br />
-<a href="http://alert('xss')">link</a><br />
+<a href="http://alert(&#039;xss&#039;)">link</a><br />
 <a href="http://test.tld/path/?query=value#hash">link</a></p></div>
\ No newline at end of file
diff --git a/tests/plugins/test/test.php b/tests/plugins/test/test.php
index 3d750c90..2aaf5122 100644
--- a/tests/plugins/test/test.php
+++ b/tests/plugins/test/test.php
@@ -11,7 +11,7 @@ function hook_test_random($data)
 {
     if (isset($data['_PAGE_']) && $data['_PAGE_'] == 'test') {
         $data[1] = 'page test';
-    } else if (isset($data['_LOGGEDIN_']) && $data['_LOGGEDIN_'] === true) {
+    } elseif (isset($data['_LOGGEDIN_']) && $data['_LOGGEDIN_'] === true) {
         $data[1] = 'loggedin';
     } else {
         $data[1] = $data[0];
diff --git a/tests/security/LoginManagerTest.php b/tests/security/LoginManagerTest.php
new file mode 100644
index 00000000..f26cd1eb
--- /dev/null
+++ b/tests/security/LoginManagerTest.php
@@ -0,0 +1,374 @@
+<?php
+namespace Shaarli\Security;
+
+require_once 'tests/utils/FakeConfigManager.php';
+use \PHPUnit\Framework\TestCase;
+
+/**
+ * Test coverage for LoginManager
+ */
+class LoginManagerTest extends TestCase
+{
+    /** @var \FakeConfigManager Configuration Manager instance */
+    protected $configManager = null;
+
+    /** @var LoginManager Login Manager instance */
+    protected $loginManager = null;
+
+    /** @var SessionManager Session Manager instance */
+    protected $sessionManager = null;
+
+    /** @var string Banned IP filename */
+    protected $banFile = 'sandbox/ipbans.php';
+
+    /** @var string Log filename */
+    protected $logFile = 'sandbox/shaarli.log';
+
+    /** @var array Simulates the $_COOKIE array */
+    protected $cookie = [];
+
+    /** @var array Simulates the $GLOBALS array */
+    protected $globals = [];
+
+    /** @var array Simulates the $_SERVER array */
+    protected $server = [];
+
+    /** @var array Simulates the $_SESSION array */
+    protected $session = [];
+
+    /** @var string Advertised client IP address */
+    protected $clientIpAddress = '10.1.47.179';
+
+    /** @var string Local client IP address */
+    protected $ipAddr = '127.0.0.1';
+
+    /** @var string Trusted proxy IP address */
+    protected $trustedProxy = '10.1.1.100';
+
+    /** @var string User login */
+    protected $login = 'johndoe';
+
+    /** @var string User password */
+    protected $password = 'IC4nHazL0g1n?';
+
+    /** @var string Hash of the salted user password */
+    protected $passwordHash = '';
+
+    /** @var string Salt used by hash functions */
+    protected $salt = '669e24fa9c5a59a613f98e8e38327384504a4af2';
+
+    /**
+     * Prepare or reset test resources
+     */
+    public function setUp()
+    {
+        if (file_exists($this->banFile)) {
+            unlink($this->banFile);
+        }
+
+        $this->passwordHash = sha1($this->password . $this->login . $this->salt);
+
+        $this->configManager = new \FakeConfigManager([
+            'credentials.login' => $this->login,
+            'credentials.hash' => $this->passwordHash,
+            'credentials.salt' => $this->salt,
+            'resource.ban_file' => $this->banFile,
+            'resource.log' => $this->logFile,
+            'security.ban_after' => 4,
+            'security.ban_duration' => 3600,
+            'security.trusted_proxies' => [$this->trustedProxy],
+        ]);
+
+        $this->cookie = [];
+
+        $this->globals = &$GLOBALS;
+        unset($this->globals['IPBANS']);
+
+        $this->session = [];
+
+        $this->sessionManager = new SessionManager($this->session, $this->configManager);
+        $this->loginManager = new LoginManager($this->globals, $this->configManager, $this->sessionManager);
+        $this->server['REMOTE_ADDR'] = $this->ipAddr;
+    }
+
+    /**
+     * Wipe test resources
+     */
+    public function tearDown()
+    {
+        unset($this->globals['IPBANS']);
+    }
+
+    /**
+     * Instantiate a LoginManager and load ban records
+     */
+    public function testReadBanFile()
+    {
+        file_put_contents(
+            $this->banFile,
+            "<?php\n\$GLOBALS['IPBANS']=array('FAILURES' => array('127.0.0.1' => 99));\n?>"
+        );
+        new LoginManager($this->globals, $this->configManager, null);
+        $this->assertEquals(99, $this->globals['IPBANS']['FAILURES']['127.0.0.1']);
+    }
+
+    /**
+     * Record a failed login attempt
+     */
+    public function testHandleFailedLogin()
+    {
+        $this->loginManager->handleFailedLogin($this->server);
+        $this->assertEquals(1, $this->globals['IPBANS']['FAILURES'][$this->ipAddr]);
+
+        $this->loginManager->handleFailedLogin($this->server);
+        $this->assertEquals(2, $this->globals['IPBANS']['FAILURES'][$this->ipAddr]);
+    }
+
+    /**
+     * Record a failed login attempt - IP behind a trusted proxy
+     */
+    public function testHandleFailedLoginBehindTrustedProxy()
+    {
+        $server = [
+            'REMOTE_ADDR' => $this->trustedProxy,
+            'HTTP_X_FORWARDED_FOR' => $this->ipAddr,
+        ];
+        $this->loginManager->handleFailedLogin($server);
+        $this->assertEquals(1, $this->globals['IPBANS']['FAILURES'][$this->ipAddr]);
+
+        $this->loginManager->handleFailedLogin($server);
+        $this->assertEquals(2, $this->globals['IPBANS']['FAILURES'][$this->ipAddr]);
+    }
+
+    /**
+     * Record a failed login attempt - IP behind a trusted proxy but not forwarded
+     */
+    public function testHandleFailedLoginBehindTrustedProxyNoIp()
+    {
+        $server = [
+            'REMOTE_ADDR' => $this->trustedProxy,
+        ];
+        $this->loginManager->handleFailedLogin($server);
+        $this->assertFalse(isset($this->globals['IPBANS']['FAILURES'][$this->ipAddr]));
+
+        $this->loginManager->handleFailedLogin($server);
+        $this->assertFalse(isset($this->globals['IPBANS']['FAILURES'][$this->ipAddr]));
+    }
+
+    /**
+     * Record a failed login attempt and ban the IP after too many failures
+     */
+    public function testHandleFailedLoginBanIp()
+    {
+        $this->loginManager->handleFailedLogin($this->server);
+        $this->assertEquals(1, $this->globals['IPBANS']['FAILURES'][$this->ipAddr]);
+        $this->assertTrue($this->loginManager->canLogin($this->server));
+
+        $this->loginManager->handleFailedLogin($this->server);
+        $this->assertEquals(2, $this->globals['IPBANS']['FAILURES'][$this->ipAddr]);
+        $this->assertTrue($this->loginManager->canLogin($this->server));
+
+        $this->loginManager->handleFailedLogin($this->server);
+        $this->assertEquals(3, $this->globals['IPBANS']['FAILURES'][$this->ipAddr]);
+        $this->assertTrue($this->loginManager->canLogin($this->server));
+
+        $this->loginManager->handleFailedLogin($this->server);
+        $this->assertEquals(4, $this->globals['IPBANS']['FAILURES'][$this->ipAddr]);
+        $this->assertFalse($this->loginManager->canLogin($this->server));
+
+        // handleFailedLogin is not supposed to be called at this point:
+        // - no login form should be displayed once an IP has been banned
+        // - yet this could happen when using custom templates / scripts
+        $this->loginManager->handleFailedLogin($this->server);
+        $this->assertEquals(5, $this->globals['IPBANS']['FAILURES'][$this->ipAddr]);
+        $this->assertFalse($this->loginManager->canLogin($this->server));
+    }
+
+    /**
+     * Nothing to do
+     */
+    public function testHandleSuccessfulLogin()
+    {
+        $this->assertTrue($this->loginManager->canLogin($this->server));
+
+        $this->loginManager->handleSuccessfulLogin($this->server);
+        $this->assertTrue($this->loginManager->canLogin($this->server));
+    }
+
+    /**
+     * Erase failure records after successfully logging in from this IP
+     */
+    public function testHandleSuccessfulLoginAfterFailure()
+    {
+        $this->loginManager->handleFailedLogin($this->server);
+        $this->loginManager->handleFailedLogin($this->server);
+        $this->assertEquals(2, $this->globals['IPBANS']['FAILURES'][$this->ipAddr]);
+        $this->assertTrue($this->loginManager->canLogin($this->server));
+
+        $this->loginManager->handleSuccessfulLogin($this->server);
+        $this->assertTrue($this->loginManager->canLogin($this->server));
+        $this->assertFalse(isset($this->globals['IPBANS']['FAILURES'][$this->ipAddr]));
+        $this->assertFalse(isset($this->globals['IPBANS']['BANS'][$this->ipAddr]));
+    }
+
+    /**
+     * The IP is not banned
+     */
+    public function testCanLoginIpNotBanned()
+    {
+        $this->assertTrue($this->loginManager->canLogin($this->server));
+    }
+
+    /**
+     * The IP is banned
+     */
+    public function testCanLoginIpBanned()
+    {
+        // ban the IP for an hour
+        $this->globals['IPBANS']['FAILURES'][$this->ipAddr] = 10;
+        $this->globals['IPBANS']['BANS'][$this->ipAddr] = time() + 3600;
+
+        $this->assertFalse($this->loginManager->canLogin($this->server));
+    }
+
+    /**
+     * The IP is banned, and the ban duration is over
+     */
+    public function testCanLoginIpBanExpired()
+    {
+        // ban the IP for an hour
+        $this->globals['IPBANS']['FAILURES'][$this->ipAddr] = 10;
+        $this->globals['IPBANS']['BANS'][$this->ipAddr] = time() + 3600;
+        $this->assertFalse($this->loginManager->canLogin($this->server));
+
+        // lift the ban
+        $this->globals['IPBANS']['BANS'][$this->ipAddr] = time() - 3600;
+        $this->assertTrue($this->loginManager->canLogin($this->server));
+    }
+
+    /**
+     * Generate a token depending on the user credentials and client IP
+     */
+    public function testGenerateStaySignedInToken()
+    {
+        $this->loginManager->generateStaySignedInToken($this->clientIpAddress);
+
+        $this->assertEquals(
+            sha1($this->passwordHash . $this->clientIpAddress . $this->salt),
+            $this->loginManager->getStaySignedInToken()
+        );
+    }
+
+    /**
+     * Check user login - Shaarli has not yet been configured
+     */
+    public function testCheckLoginStateNotConfigured()
+    {
+        $configManager = new \FakeConfigManager([
+            'resource.ban_file' => $this->banFile,
+        ]);
+        $loginManager = new LoginManager($this->globals, $configManager, null);
+        $loginManager->checkLoginState([], '');
+
+        $this->assertFalse($loginManager->isLoggedIn());
+    }
+
+    /**
+     * Check user login - the client cookie does not match the server token
+     */
+    public function testCheckLoginStateStaySignedInWithInvalidToken()
+    {
+        // simulate a previous login
+        $this->session = [
+            'ip' => $this->clientIpAddress,
+            'expires_on' => time() + 100,
+        ];
+        $this->loginManager->generateStaySignedInToken($this->clientIpAddress);
+        $this->cookie[LoginManager::$STAY_SIGNED_IN_COOKIE] = 'nope';
+
+        $this->loginManager->checkLoginState($this->cookie, $this->clientIpAddress);
+
+        $this->assertTrue($this->loginManager->isLoggedIn());
+        $this->assertTrue(empty($this->session['username']));
+    }
+
+    /**
+     * Check user login - the client cookie matches the server token
+     */
+    public function testCheckLoginStateStaySignedInWithValidToken()
+    {
+        $this->loginManager->generateStaySignedInToken($this->clientIpAddress);
+        $this->cookie[LoginManager::$STAY_SIGNED_IN_COOKIE] = $this->loginManager->getStaySignedInToken();
+
+        $this->loginManager->checkLoginState($this->cookie, $this->clientIpAddress);
+
+        $this->assertTrue($this->loginManager->isLoggedIn());
+        $this->assertEquals($this->login, $this->session['username']);
+        $this->assertEquals($this->clientIpAddress, $this->session['ip']);
+    }
+
+    /**
+     * Check user login - the session has expired
+     */
+    public function testCheckLoginStateSessionExpired()
+    {
+        $this->loginManager->generateStaySignedInToken($this->clientIpAddress);
+        $this->session['expires_on'] = time() - 100;
+
+        $this->loginManager->checkLoginState($this->cookie, $this->clientIpAddress);
+
+        $this->assertFalse($this->loginManager->isLoggedIn());
+    }
+
+    /**
+     * Check user login - the remote client IP has changed
+     */
+    public function testCheckLoginStateClientIpChanged()
+    {
+        $this->loginManager->generateStaySignedInToken($this->clientIpAddress);
+
+        $this->loginManager->checkLoginState($this->cookie, '10.7.157.98');
+
+        $this->assertFalse($this->loginManager->isLoggedIn());
+    }
+
+    /**
+     * Check user credentials - wrong login supplied
+     */
+    public function testCheckCredentialsWrongLogin()
+    {
+        $this->assertFalse(
+            $this->loginManager->checkCredentials('', '', 'b4dl0g1n', $this->password)
+        );
+    }
+
+    /**
+     * Check user credentials - wrong password supplied
+     */
+    public function testCheckCredentialsWrongPassword()
+    {
+        $this->assertFalse(
+            $this->loginManager->checkCredentials('', '', $this->login, 'b4dp455wd')
+        );
+    }
+
+    /**
+     * Check user credentials - wrong login and password supplied
+     */
+    public function testCheckCredentialsWrongLoginAndPassword()
+    {
+        $this->assertFalse(
+            $this->loginManager->checkCredentials('', '', 'b4dl0g1n', 'b4dp455wd')
+        );
+    }
+
+    /**
+     * Check user credentials - correct login and password supplied
+     */
+    public function testCheckCredentialsGoodLoginAndPassword()
+    {
+        $this->assertTrue(
+            $this->loginManager->checkCredentials('', '', $this->login, $this->password)
+        );
+    }
+}
diff --git a/tests/security/SessionManagerTest.php b/tests/security/SessionManagerTest.php
new file mode 100644
index 00000000..9bd868f8
--- /dev/null
+++ b/tests/security/SessionManagerTest.php
@@ -0,0 +1,273 @@
+<?php
+require_once 'tests/utils/FakeConfigManager.php';
+
+// Initialize reference data _before_ PHPUnit starts a session
+require_once 'tests/utils/ReferenceSessionIdHashes.php';
+ReferenceSessionIdHashes::genAllHashes();
+
+use \Shaarli\Security\SessionManager;
+use \PHPUnit\Framework\TestCase;
+
+
+/**
+ * Test coverage for SessionManager
+ */
+class SessionManagerTest extends TestCase
+{
+    /** @var array Session ID hashes */
+    protected static $sidHashes = null;
+
+    /** @var \FakeConfigManager ConfigManager substitute for testing */
+    protected $conf = null;
+
+    /** @var array $_SESSION array for testing */
+    protected $session = [];
+
+    /** @var SessionManager Server-side session management abstraction */
+    protected $sessionManager = null;
+
+    /**
+     * Assign reference data
+     */
+    public static function setUpBeforeClass()
+    {
+        self::$sidHashes = ReferenceSessionIdHashes::getHashes();
+    }
+
+    /**
+     * Initialize or reset test resources
+     */
+    public function setUp()
+    {
+        $this->conf = new FakeConfigManager([
+            'credentials.login' => 'johndoe',
+            'credentials.salt' => 'salt',
+            'security.session_protection_disabled' => false,
+        ]);
+        $this->session = [];
+        $this->sessionManager = new SessionManager($this->session, $this->conf);
+    }
+
+    /**
+     * Generate a session token
+     */
+    public function testGenerateToken()
+    {
+        $token = $this->sessionManager->generateToken();
+
+        $this->assertEquals(1, $this->session['tokens'][$token]);
+        $this->assertEquals(40, strlen($token));
+    }
+
+    /**
+     * Check a session token
+     */
+    public function testCheckToken()
+    {
+        $token = '4dccc3a45ad9d03e5542b90c37d8db6d10f2b38b';
+        $session = [
+            'tokens' => [
+                $token => 1,
+            ],
+        ];
+        $sessionManager = new SessionManager($session, $this->conf);
+
+        // check and destroy the token
+        $this->assertTrue($sessionManager->checkToken($token));
+        $this->assertFalse(isset($session['tokens'][$token]));
+
+        // ensure the token has been destroyed
+        $this->assertFalse($sessionManager->checkToken($token));
+    }
+
+    /**
+     * Generate and check a session token
+     */
+    public function testGenerateAndCheckToken()
+    {
+        $token = $this->sessionManager->generateToken();
+
+        // ensure a token has been generated
+        $this->assertEquals(1, $this->session['tokens'][$token]);
+        $this->assertEquals(40, strlen($token));
+
+        // check and destroy the token
+        $this->assertTrue($this->sessionManager->checkToken($token));
+        $this->assertFalse(isset($this->session['tokens'][$token]));
+
+        // ensure the token has been destroyed
+        $this->assertFalse($this->sessionManager->checkToken($token));
+    }
+
+    /**
+     * Check an invalid session token
+     */
+    public function testCheckInvalidToken()
+    {
+        $this->assertFalse($this->sessionManager->checkToken('4dccc3a45ad9d03e5542b90c37d8db6d10f2b38b'));
+    }
+
+    /**
+     * Test SessionManager::checkId with a valid ID - TEST ALL THE HASHES!
+     *
+     * This tests extensively covers all hash algorithms / bit representations
+     */
+    public function testIsAnyHashSessionIdValid()
+    {
+        foreach (self::$sidHashes as $algo => $bpcs) {
+            foreach ($bpcs as $bpc => $hash) {
+                $this->assertTrue(SessionManager::checkId($hash));
+            }
+        }
+    }
+
+    /**
+     * Test checkId with a valid ID - SHA-1 hashes
+     */
+    public function testIsSha1SessionIdValid()
+    {
+        $this->assertTrue(SessionManager::checkId(sha1('shaarli')));
+    }
+
+    /**
+     * Test checkId with a valid ID - SHA-256 hashes
+     */
+    public function testIsSha256SessionIdValid()
+    {
+        $this->assertTrue(SessionManager::checkId(hash('sha256', 'shaarli')));
+    }
+
+    /**
+     * Test checkId with a valid ID - SHA-512 hashes
+     */
+    public function testIsSha512SessionIdValid()
+    {
+        $this->assertTrue(SessionManager::checkId(hash('sha512', 'shaarli')));
+    }
+
+    /**
+     * Test checkId with invalid IDs.
+     */
+    public function testIsSessionIdInvalid()
+    {
+        $this->assertFalse(SessionManager::checkId(''));
+        $this->assertFalse(SessionManager::checkId([]));
+        $this->assertFalse(
+            SessionManager::checkId('c0ZqcWF3VFE2NmJBdm1HMVQ0ZHJ3UmZPbTFsNGhkNHI=')
+        );
+    }
+
+    /**
+     * Store login information after a successful login
+     */
+    public function testStoreLoginInfo()
+    {
+        $this->sessionManager->storeLoginInfo('ip_id');
+
+        $this->assertGreaterThan(time(), $this->session['expires_on']);
+        $this->assertEquals('ip_id', $this->session['ip']);
+        $this->assertEquals('johndoe', $this->session['username']);
+    }
+
+    /**
+     * Extend a server-side session by SessionManager::$SHORT_TIMEOUT
+     */
+    public function testExtendSession()
+    {
+        $this->sessionManager->extendSession();
+
+        $this->assertGreaterThan(time(), $this->session['expires_on']);
+        $this->assertLessThanOrEqual(
+            time() + SessionManager::$SHORT_TIMEOUT,
+            $this->session['expires_on']
+        );
+    }
+
+    /**
+     * Extend a server-side session by SessionManager::$LONG_TIMEOUT
+     */
+    public function testExtendSessionStaySignedIn()
+    {
+        $this->sessionManager->setStaySignedIn(true);
+        $this->sessionManager->extendSession();
+
+        $this->assertGreaterThan(time(), $this->session['expires_on']);
+        $this->assertGreaterThan(
+            time() + SessionManager::$LONG_TIMEOUT - 10,
+            $this->session['expires_on']
+        );
+        $this->assertLessThanOrEqual(
+            time() + SessionManager::$LONG_TIMEOUT,
+            $this->session['expires_on']
+        );
+    }
+
+    /**
+     * Unset session variables after logging out
+     */
+    public function testLogout()
+    {
+        $this->session = [
+            'ip' => 'ip_id',
+            'expires_on' => time() + 1000,
+            'username' => 'johndoe',
+            'visibility' => 'public',
+            'untaggedonly' => false,
+        ];
+        $this->sessionManager->logout();
+
+        $this->assertFalse(isset($this->session['ip']));
+        $this->assertFalse(isset($this->session['expires_on']));
+        $this->assertFalse(isset($this->session['username']));
+        $this->assertFalse(isset($this->session['visibility']));
+        $this->assertFalse(isset($this->session['untaggedonly']));
+    }
+
+    /**
+     * The session is active and expiration time has been reached
+     */
+    public function testHasExpiredTimeElapsed()
+    {
+        $this->session['expires_on'] = time() - 10;
+
+        $this->assertTrue($this->sessionManager->hasSessionExpired());
+    }
+
+    /**
+     * The session is active and expiration time has not been reached
+     */
+    public function testHasNotExpired()
+    {
+        $this->session['expires_on'] = time() + 1000;
+
+        $this->assertFalse($this->sessionManager->hasSessionExpired());
+    }
+
+    /**
+     * Session hijacking protection is disabled, we assume the IP has not changed
+     */
+    public function testHasClientIpChangedNoSessionProtection()
+    {
+        $this->conf->set('security.session_protection_disabled', true);
+
+        $this->assertFalse($this->sessionManager->hasClientIpChanged(''));
+    }
+
+    /**
+     * The client IP identifier has not changed
+     */
+    public function testHasClientIpChangedNope()
+    {
+        $this->session['ip'] = 'ip_id';
+        $this->assertFalse($this->sessionManager->hasClientIpChanged('ip_id'));
+    }
+
+    /**
+     * The client IP identifier has changed
+     */
+    public function testHasClientIpChanged()
+    {
+        $this->session['ip'] = 'ip_id_one';
+        $this->assertTrue($this->sessionManager->hasClientIpChanged('ip_id_two'));
+    }
+}
diff --git a/tests/utils/FakeConfigManager.php b/tests/utils/FakeConfigManager.php
index f29760cb..360b34a9 100644
--- a/tests/utils/FakeConfigManager.php
+++ b/tests/utils/FakeConfigManager.php
@@ -5,8 +5,53 @@
  */
 class FakeConfigManager
 {
-    public static function get($key)
+    protected $values = [];
+
+    /**
+     * Initialize with test values
+     *
+     * @param array $values Initial values
+     */
+    public function __construct($values = [])
+    {
+        $this->values = $values;
+    }
+
+    /**
+     * Set a given value
+     *
+     * @param string $key   Key of the value to set
+     * @param mixed  $value Value to set
+     */
+    public function set($key, $value)
+    {
+        $this->values[$key] = $value;
+    }
+
+    /**
+     * Get a given configuration value
+     *
+     * @param string $key Index of the value to retrieve
+     *
+     * @return mixed The value if set, else the name of the key
+     */
+    public function get($key)
     {
+        if (isset($this->values[$key])) {
+            return $this->values[$key];
+        }
         return $key;
     }
+
+    /**
+     * Check if a setting exists
+     *
+     * @param string $setting Asked setting, keys separated with dots
+     *
+     * @return bool true if the setting exists, false otherwise
+     */
+    public function exists($setting)
+    {
+        return array_key_exists($setting, $this->values);
+    }
 }
diff --git a/tests/utils/config/configJson.json.php b/tests/utils/config/configJson.json.php
index 9c9288f3..1549ddfc 100644
--- a/tests/utils/config/configJson.json.php
+++ b/tests/utils/config/configJson.json.php
@@ -1,35 +1,84 @@
 <?php /*
 {
     "credentials": {
-        "login":"root",
-        "hash":"hash",
-        "salt":"salt"
+        "login": "root",
+        "hash": "hash",
+        "salt": "salt"
     },
     "security": {
-        "session_protection_disabled":false
+        "session_protection_disabled": false,
+        "ban_after": 4,
+        "ban_duration": 1800,
+        "open_shaarli": false,
+        "allowed_protocols": [
+            "ftp",
+            "ftps",
+            "magnet"
+        ]
     },
     "general": {
-        "timezone":"Europe\/Paris",
+        "timezone": "Europe\/Paris",
         "title": "Shaarli",
-        "header_link": "?"
+        "header_link": "?",
+        "links_per_page": 20,
+        "enabled_plugins": [
+            "qrcode"
+        ],
+        "default_note_title": "Note: "
     },
     "privacy": {
-        "default_private_links":true
+        "default_private_links": true,
+        "hide_public_links": false,
+        "force_login": false,
+        "hide_timestamps": false,
+        "remember_user_default": true
     },
     "redirector": {
-        "url":"lala"
+        "url": "lala",
+        "encode_url": true
     },
     "config": {
         "foo": "bar"
     },
     "resource": {
         "datastore": "tests\/utils\/config\/datastore.php",
-        "data_dir": "sandbox/",
-        "raintpl_tpl": "tpl/"
+        "data_dir": "sandbox\/",
+        "raintpl_tpl": "tpl\/",
+        "config": "data\/config.php",
+        "ban_file": "data\/ipbans.php",
+        "updates": "data\/updates.txt",
+        "log": "data\/log.txt",
+        "update_check": "data\/lastupdatecheck.txt",
+        "history": "data\/history.php",
+        "theme": "default",
+        "raintpl_tmp": "tmp\/",
+        "thumbnails_cache": "cache",
+        "page_cache": "pagecache"
     },
     "plugins": {
         "WALLABAG_VERSION": 1
+    },
+    "dev": {
+        "debug": true
+    },
+    "updates": {
+        "check_updates": false,
+        "check_updates_branch": "stable",
+        "check_updates_interval": 86400
+    },
+    "feed": {
+        "rss_permalinks": true,
+        "show_atom": true
+    },
+    "translation": {
+        "language": "auto",
+        "mode": "php",
+        "extensions": []
+    },
+    "thumbnails": {
+        "mode": "common",
+        "width": 90,
+        "height": 53
     }
 }
 */ ?>
-
diff --git a/tests/utils/config/wt.json b/tests/utils/config/wt.json
new file mode 100644
index 00000000..69ce49a6
--- /dev/null
+++ b/tests/utils/config/wt.json
@@ -0,0 +1,12 @@
+{
+  "settings": {
+    "default": {
+      "_comment": "infinite cache",
+      "cache_duration": -1,
+      "timeout": 10
+    },
+    "path": {
+      "cache": "sandbox/"
+    }
+  }
+}
\ No newline at end of file
diff --git a/tests/utils/customtpl/dummy/language/fr/LC_MESSAGES/dummy.mo b/tests/utils/customtpl/dummy/language/fr/LC_MESSAGES/dummy.mo
new file mode 100644
index 00000000..8daae0c9
--- /dev/null
+++ b/tests/utils/customtpl/dummy/language/fr/LC_MESSAGES/dummy.mo
diff --git a/tests/utils/customtpl/dummy/language/fr/LC_MESSAGES/dummy.po b/tests/utils/customtpl/dummy/language/fr/LC_MESSAGES/dummy.po
new file mode 100644
index 00000000..90d1abb0
--- /dev/null
+++ b/tests/utils/customtpl/dummy/language/fr/LC_MESSAGES/dummy.po
@@ -0,0 +1,16 @@
+msgid ""
+msgstr ""
+"Project-Id-Version: Theme extension test\n"
+"POT-Creation-Date: 2017-05-20 13:54+0200\n"
+"PO-Revision-Date: 2018-03-26 19:09+0200\n"
+"Last-Translator: \n"
+"Language-Team: Shaarli\n"
+"Language: fr_FR\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=2; plural=(n > 1);\n"
+"X-Generator: Poedit 2.0.6\n"
+
+msgid "rooster"
+msgstr "coq"