aboutsummaryrefslogtreecommitdiffhomepage
path: root/tests
diff options
context:
space:
mode:
authorVirtualTam <virtualtam+github@flibidi.net>2017-10-25 22:49:22 +0200
committerGitHub <noreply@github.com>2017-10-25 22:49:22 +0200
commit88d38cb290aad669ad1406e2362d85c81e46d4f6 (patch)
tree9a0689e685ba42b44e507f2ae5e22595671b3bc4 /tests
parent6bc7afab91c78b893da314220fe346a366aefb8f (diff)
parentae7c954b1279981cc23c9f67d88f55bfecc4d828 (diff)
downloadShaarli-88d38cb290aad669ad1406e2362d85c81e46d4f6.tar.gz
Shaarli-88d38cb290aad669ad1406e2362d85c81e46d4f6.tar.zst
Shaarli-88d38cb290aad669ad1406e2362d85c81e46d4f6.zip
Merge pull request #1005 from virtualtam/refactor/authentication
Refactor session management utilities
Diffstat (limited to 'tests')
-rw-r--r--tests/SessionManagerTest.php160
-rw-r--r--tests/UtilsTest.php58
2 files changed, 160 insertions, 58 deletions
diff --git a/tests/SessionManagerTest.php b/tests/SessionManagerTest.php
new file mode 100644
index 00000000..a92c3ccc
--- /dev/null
+++ b/tests/SessionManagerTest.php
@@ -0,0 +1,160 @@
1<?php
2// Initialize reference data _before_ PHPUnit starts a session
3require_once 'tests/utils/ReferenceSessionIdHashes.php';
4ReferenceSessionIdHashes::genAllHashes();
5
6use \Shaarli\SessionManager;
7use \PHPUnit\Framework\TestCase;
8
9
10/**
11 * Fake ConfigManager
12 */
13class FakeConfigManager
14{
15 public static function get($key)
16 {
17 return $key;
18 }
19}
20
21
22/**
23 * Test coverage for SessionManager
24 */
25class SessionManagerTest extends TestCase
26{
27 // Session ID hashes
28 protected static $sidHashes = null;
29
30 /**
31 * Assign reference data
32 */
33 public static function setUpBeforeClass()
34 {
35 self::$sidHashes = ReferenceSessionIdHashes::getHashes();
36 }
37
38 /**
39 * Generate a session token
40 */
41 public function testGenerateToken()
42 {
43 $session = [];
44 $conf = new FakeConfigManager();
45 $sessionManager = new SessionManager($session, $conf);
46
47 $token = $sessionManager->generateToken();
48
49 $this->assertEquals(1, $session['tokens'][$token]);
50 $this->assertEquals(40, strlen($token));
51 }
52
53 /**
54 * Check a session token
55 */
56 public function testCheckToken()
57 {
58 $token = '4dccc3a45ad9d03e5542b90c37d8db6d10f2b38b';
59 $session = [
60 'tokens' => [
61 $token => 1,
62 ],
63 ];
64 $conf = new FakeConfigManager();
65 $sessionManager = new SessionManager($session, $conf);
66
67
68 // check and destroy the token
69 $this->assertTrue($sessionManager->checkToken($token));
70 $this->assertFalse(isset($session['tokens'][$token]));
71
72 // ensure the token has been destroyed
73 $this->assertFalse($sessionManager->checkToken($token));
74 }
75
76 /**
77 * Generate and check a session token
78 */
79 public function testGenerateAndCheckToken()
80 {
81 $session = [];
82 $conf = new FakeConfigManager();
83 $sessionManager = new SessionManager($session, $conf);
84
85 $token = $sessionManager->generateToken();
86
87 // ensure a token has been generated
88 $this->assertEquals(1, $session['tokens'][$token]);
89 $this->assertEquals(40, strlen($token));
90
91 // check and destroy the token
92 $this->assertTrue($sessionManager->checkToken($token));
93 $this->assertFalse(isset($session['tokens'][$token]));
94
95 // ensure the token has been destroyed
96 $this->assertFalse($sessionManager->checkToken($token));
97 }
98
99 /**
100 * Check an invalid session token
101 */
102 public function testCheckInvalidToken()
103 {
104 $session = [];
105 $conf = new FakeConfigManager();
106 $sessionManager = new SessionManager($session, $conf);
107
108 $this->assertFalse($sessionManager->checkToken('4dccc3a45ad9d03e5542b90c37d8db6d10f2b38b'));
109 }
110
111 /**
112 * Test SessionManager::checkId with a valid ID - TEST ALL THE HASHES!
113 *
114 * This tests extensively covers all hash algorithms / bit representations
115 */
116 public function testIsAnyHashSessionIdValid()
117 {
118 foreach (self::$sidHashes as $algo => $bpcs) {
119 foreach ($bpcs as $bpc => $hash) {
120 $this->assertTrue(SessionManager::checkId($hash));
121 }
122 }
123 }
124
125 /**
126 * Test checkId with a valid ID - SHA-1 hashes
127 */
128 public function testIsSha1SessionIdValid()
129 {
130 $this->assertTrue(SessionManager::checkId(sha1('shaarli')));
131 }
132
133 /**
134 * Test checkId with a valid ID - SHA-256 hashes
135 */
136 public function testIsSha256SessionIdValid()
137 {
138 $this->assertTrue(SessionManager::checkId(hash('sha256', 'shaarli')));
139 }
140
141 /**
142 * Test checkId with a valid ID - SHA-512 hashes
143 */
144 public function testIsSha512SessionIdValid()
145 {
146 $this->assertTrue(SessionManager::checkId(hash('sha512', 'shaarli')));
147 }
148
149 /**
150 * Test checkId with invalid IDs.
151 */
152 public function testIsSessionIdInvalid()
153 {
154 $this->assertFalse(SessionManager::checkId(''));
155 $this->assertFalse(SessionManager::checkId([]));
156 $this->assertFalse(
157 SessionManager::checkId('c0ZqcWF3VFE2NmJBdm1HMVQ0ZHJ3UmZPbTFsNGhkNHI=')
158 );
159 }
160}
diff --git a/tests/UtilsTest.php b/tests/UtilsTest.php
index 840eaf21..6cd37a7a 100644
--- a/tests/UtilsTest.php
+++ b/tests/UtilsTest.php
@@ -5,10 +5,6 @@
5 5
6require_once 'application/Utils.php'; 6require_once 'application/Utils.php';
7require_once 'application/Languages.php'; 7require_once 'application/Languages.php';
8require_once 'tests/utils/ReferenceSessionIdHashes.php';
9
10// Initialize reference data before PHPUnit starts a session
11ReferenceSessionIdHashes::genAllHashes();
12 8
13 9
14/** 10/**
@@ -16,9 +12,6 @@ ReferenceSessionIdHashes::genAllHashes();
16 */ 12 */
17class UtilsTest extends PHPUnit_Framework_TestCase 13class UtilsTest extends PHPUnit_Framework_TestCase
18{ 14{
19 // Session ID hashes
20 protected static $sidHashes = null;
21
22 // Log file 15 // Log file
23 protected static $testLogFile = 'tests.log'; 16 protected static $testLogFile = 'tests.log';
24 17
@@ -30,13 +23,11 @@ class UtilsTest extends PHPUnit_Framework_TestCase
30 */ 23 */
31 protected static $defaultTimeZone; 24 protected static $defaultTimeZone;
32 25
33
34 /** 26 /**
35 * Assign reference data 27 * Assign reference data
36 */ 28 */
37 public static function setUpBeforeClass() 29 public static function setUpBeforeClass()
38 { 30 {
39 self::$sidHashes = ReferenceSessionIdHashes::getHashes();
40 self::$defaultTimeZone = date_default_timezone_get(); 31 self::$defaultTimeZone = date_default_timezone_get();
41 // Timezone without DST for test consistency 32 // Timezone without DST for test consistency
42 date_default_timezone_set('Africa/Nairobi'); 33 date_default_timezone_set('Africa/Nairobi');
@@ -221,57 +212,8 @@ class UtilsTest extends PHPUnit_Framework_TestCase
221 $this->assertEquals('?', generateLocation($ref, 'localhost')); 212 $this->assertEquals('?', generateLocation($ref, 'localhost'));
222 } 213 }
223 214
224 /**
225 * Test is_session_id_valid with a valid ID - TEST ALL THE HASHES!
226 *
227 * This tests extensively covers all hash algorithms / bit representations
228 */
229 public function testIsAnyHashSessionIdValid()
230 {
231 foreach (self::$sidHashes as $algo => $bpcs) {
232 foreach ($bpcs as $bpc => $hash) {
233 $this->assertTrue(is_session_id_valid($hash));
234 }
235 }
236 }
237 215
238 /** 216 /**
239 * Test is_session_id_valid with a valid ID - SHA-1 hashes
240 */
241 public function testIsSha1SessionIdValid()
242 {
243 $this->assertTrue(is_session_id_valid(sha1('shaarli')));
244 }
245
246 /**
247 * Test is_session_id_valid with a valid ID - SHA-256 hashes
248 */
249 public function testIsSha256SessionIdValid()
250 {
251 $this->assertTrue(is_session_id_valid(hash('sha256', 'shaarli')));
252 }
253
254 /**
255 * Test is_session_id_valid with a valid ID - SHA-512 hashes
256 */
257 public function testIsSha512SessionIdValid()
258 {
259 $this->assertTrue(is_session_id_valid(hash('sha512', 'shaarli')));
260 }
261
262 /**
263 * Test is_session_id_valid with invalid IDs.
264 */
265 public function testIsSessionIdInvalid()
266 {
267 $this->assertFalse(is_session_id_valid(''));
268 $this->assertFalse(is_session_id_valid(array()));
269 $this->assertFalse(
270 is_session_id_valid('c0ZqcWF3VFE2NmJBdm1HMVQ0ZHJ3UmZPbTFsNGhkNHI=')
271 );
272 }
273
274 /**
275 * Test generateSecretApi. 217 * Test generateSecretApi.
276 */ 218 */
277 public function testGenerateSecretApi() 219 public function testGenerateSecretApi()