Merge pull request #1005 from virtualtam/refactor/authentication

Refactor session management utilities
author: VirtualTam <virtualtam+github@flibidi.net> 2017-10-25 22:49:22 +0200
committer: GitHub <noreply@github.com> 2017-10-25 22:49:22 +0200
commit: 88d38cb290aad669ad1406e2362d85c81e46d4f6 (patch)
tree: 9a0689e685ba42b44e507f2ae5e22595671b3bc4 /tests
parent: 6bc7afab91c78b893da314220fe346a366aefb8f (diff)
parent: ae7c954b1279981cc23c9f67d88f55bfecc4d828 (diff)
download: Shaarli-88d38cb290aad669ad1406e2362d85c81e46d4f6.tar.gz
Shaarli-88d38cb290aad669ad1406e2362d85c81e46d4f6.tar.zst
Shaarli-88d38cb290aad669ad1406e2362d85c81e46d4f6.zip
2 files changed, 160 insertions, 58 deletions
diff --git a/tests/SessionManagerTest.php b/tests/SessionManagerTest.php
new file mode 100644
index 00000000..a92c3ccc
--- /dev/null
+++ b/tests/SessionManagerTest.php
@@ -0,0 +1,160 @@
+<?php
+// Initialize reference data _before_ PHPUnit starts a session
+require_once 'tests/utils/ReferenceSessionIdHashes.php';
+ReferenceSessionIdHashes::genAllHashes();
+use \Shaarli\SessionManager;
+use \PHPUnit\Framework\TestCase;
+/**
+ * Fake ConfigManager
+ */
+class FakeConfigManager
+{
+    public static function get($key)
+    {
+        return $key;
+    }
+}
+/**
+ * Test coverage for SessionManager
+ */
+class SessionManagerTest extends TestCase
+{
+    // Session ID hashes
+    protected static $sidHashes = null;
+    /**
+     * Assign reference data
+     */
+    public static function setUpBeforeClass()
+    {
+        self::$sidHashes = ReferenceSessionIdHashes::getHashes();
+    }
+    /**
+     * Generate a session token
+     */
+    public function testGenerateToken()
+    {
+        $session = [];
+        $conf = new FakeConfigManager();
+        $sessionManager = new SessionManager($session, $conf);
+        $token = $sessionManager->generateToken();
+        $this->assertEquals(1, $session['tokens'][$token]);
+        $this->assertEquals(40, strlen($token));
+    }
+    /**
+     * Check a session token
+     */
+    public function testCheckToken()
+    {
+        $token = '4dccc3a45ad9d03e5542b90c37d8db6d10f2b38b';
+        $session = [
+            'tokens' => [
+                $token => 1,
+            ],
+        ];
+        $conf = new FakeConfigManager();
+        $sessionManager = new SessionManager($session, $conf);
+        // check and destroy the token
+        $this->assertTrue($sessionManager->checkToken($token));
+        $this->assertFalse(isset($session['tokens'][$token]));
+        // ensure the token has been destroyed
+        $this->assertFalse($sessionManager->checkToken($token));
+    }
+    /**
+     * Generate and check a session token
+     */
+    public function testGenerateAndCheckToken()
+    {
+        $session = [];
+        $conf = new FakeConfigManager();
+        $sessionManager = new SessionManager($session, $conf);
+        $token = $sessionManager->generateToken();
+        // ensure a token has been generated
+        $this->assertEquals(1, $session['tokens'][$token]);
+        $this->assertEquals(40, strlen($token));
+        // check and destroy the token
+        $this->assertTrue($sessionManager->checkToken($token));
+        $this->assertFalse(isset($session['tokens'][$token]));
+        // ensure the token has been destroyed
+        $this->assertFalse($sessionManager->checkToken($token));
+    }
+    /**
+     * Check an invalid session token
+     */
+    public function testCheckInvalidToken()
+    {
+        $session = [];
+        $conf = new FakeConfigManager();
+        $sessionManager = new SessionManager($session, $conf);
+        $this->assertFalse($sessionManager->checkToken('4dccc3a45ad9d03e5542b90c37d8db6d10f2b38b'));
+    }
+    /**
+     * Test SessionManager::checkId with a valid ID - TEST ALL THE HASHES!
+     *
+     * This tests extensively covers all hash algorithms / bit representations
+     */
+    public function testIsAnyHashSessionIdValid()
+    {
+        foreach (self::$sidHashes as $algo => $bpcs) {
+            foreach ($bpcs as $bpc => $hash) {
+                $this->assertTrue(SessionManager::checkId($hash));
+            }
+        }
+    }
+    /**
+     * Test checkId with a valid ID - SHA-1 hashes
+     */
+    public function testIsSha1SessionIdValid()
+    {
+        $this->assertTrue(SessionManager::checkId(sha1('shaarli')));
+    }
+    /**
+     * Test checkId with a valid ID - SHA-256 hashes
+     */
+    public function testIsSha256SessionIdValid()
+    {
+        $this->assertTrue(SessionManager::checkId(hash('sha256', 'shaarli')));
+    }
+    /**
+     * Test checkId with a valid ID - SHA-512 hashes
+     */
+    public function testIsSha512SessionIdValid()
+    {
+        $this->assertTrue(SessionManager::checkId(hash('sha512', 'shaarli')));
+    }
+    /**
+     * Test checkId with invalid IDs.
+     */
+    public function testIsSessionIdInvalid()
+    {
+        $this->assertFalse(SessionManager::checkId(''));
+        $this->assertFalse(SessionManager::checkId([]));
+        $this->assertFalse(
+            SessionManager::checkId('c0ZqcWF3VFE2NmJBdm1HMVQ0ZHJ3UmZPbTFsNGhkNHI=')
+        );
+    }
+}
diff --git a/tests/UtilsTest.php b/tests/UtilsTest.php
index 840eaf21..6cd37a7a 100644
--- a/tests/UtilsTest.php
+++ b/tests/UtilsTest.php
@@ -5,10 +5,6 @@
 require_once 'application/Utils.php';
 require_once 'application/Languages.php';
-require_once 'tests/utils/ReferenceSessionIdHashes.php';
-// Initialize reference data before PHPUnit starts a session
-ReferenceSessionIdHashes::genAllHashes();
 /**
@@ -16,9 +12,6 @@ ReferenceSessionIdHashes::genAllHashes();
 */
 class UtilsTest extends PHPUnit_Framework_TestCase
 {
-    // Session ID hashes
-    protected static $sidHashes = null;
    // Log file
    protected static $testLogFile = 'tests.log';
@@ -30,13 +23,11 @@ class UtilsTest extends PHPUnit_Framework_TestCase
     */
    protected static $defaultTimeZone;
    /**
     * Assign reference data
     */
    public static function setUpBeforeClass()
    {
-        self::$sidHashes = ReferenceSessionIdHashes::getHashes();
        self::$defaultTimeZone = date_default_timezone_get();
        // Timezone without DST for test consistency
        date_default_timezone_set('Africa/Nairobi');
@@ -221,57 +212,8 @@ class UtilsTest extends PHPUnit_Framework_TestCase
        $this->assertEquals('?', generateLocation($ref, 'localhost'));
    }
-    /**
-     * Test is_session_id_valid with a valid ID - TEST ALL THE HASHES!
-     *
-     * This tests extensively covers all hash algorithms / bit representations
-     */
-    public function testIsAnyHashSessionIdValid()
-    {
-        foreach (self::$sidHashes as $algo => $bpcs) {
-            foreach ($bpcs as $bpc => $hash) {
-                $this->assertTrue(is_session_id_valid($hash));
-            }
-        }
-    }
    /**
-     * Test is_session_id_valid with a valid ID - SHA-1 hashes
-     */
-    public function testIsSha1SessionIdValid()
-    {
-        $this->assertTrue(is_session_id_valid(sha1('shaarli')));
-    }
-    /**
-     * Test is_session_id_valid with a valid ID - SHA-256 hashes
-     */
-    public function testIsSha256SessionIdValid()
-    {
-        $this->assertTrue(is_session_id_valid(hash('sha256', 'shaarli')));
-    }
-    /**
-     * Test is_session_id_valid with a valid ID - SHA-512 hashes
-     */
-    public function testIsSha512SessionIdValid()
-    {
-        $this->assertTrue(is_session_id_valid(hash('sha512', 'shaarli')));
-    }
-    /**
-     * Test is_session_id_valid with invalid IDs.
-     */
-    public function testIsSessionIdInvalid()
-    {
-        $this->assertFalse(is_session_id_valid(''));
-        $this->assertFalse(is_session_id_valid(array()));
-        $this->assertFalse(
-            is_session_id_valid('c0ZqcWF3VFE2NmJBdm1HMVQ0ZHJ3UmZPbTFsNGhkNHI=')
-        );
-    }
-    
-    /**
     * Test generateSecretApi.
     */
    public function testGenerateSecretApi()
author	VirtualTam <virtualtam+github@flibidi.net>	2017-10-25 22:49:22 +0200
committer	GitHub <noreply@github.com>	2017-10-25 22:49:22 +0200
commit	88d38cb290aad669ad1406e2362d85c81e46d4f6 (patch)
tree	9a0689e685ba42b44e507f2ae5e22595671b3bc4 /tests
parent	6bc7afab91c78b893da314220fe346a366aefb8f (diff)
parent	ae7c954b1279981cc23c9f67d88f55bfecc4d828 (diff)
download	Shaarli-88d38cb290aad669ad1406e2362d85c81e46d4f6.tar.gz Shaarli-88d38cb290aad669ad1406e2362d85c81e46d4f6.tar.zst Shaarli-88d38cb290aad669ad1406e2362d85c81e46d4f6.zip

diff --git a/tests/SessionManagerTest.php b/tests/SessionManagerTest.php new file mode 100644 index 00000000..a92c3ccc --- /dev/null +++ b/tests/SessionManagerTest.php
@@ -0,0 +1,160 @@
		1	<?php
		2	// Initialize reference data _before_ PHPUnit starts a session
		3	require_once 'tests/utils/ReferenceSessionIdHashes.php';
		4	ReferenceSessionIdHashes::genAllHashes();
		5
		6	use \Shaarli\SessionManager;
		7	use \PHPUnit\Framework\TestCase;
		8
		9
		10	/**
		11	* Fake ConfigManager
		12	*/
		13	class FakeConfigManager
		14	{
		15	public static function get($key)
		16	{
		17	return $key;
		18	}
		19	}
		20
		21
		22	/**
		23	* Test coverage for SessionManager
		24	*/
		25	class SessionManagerTest extends TestCase
		26	{
		27	// Session ID hashes
		28	protected static $sidHashes = null;
		29
		30	/**
		31	* Assign reference data
		32	*/
		33	public static function setUpBeforeClass()
		34	{
		35	self::$sidHashes = ReferenceSessionIdHashes::getHashes();
		36	}
		37
		38	/**
		39	* Generate a session token
		40	*/
		41	public function testGenerateToken()
		42	{
		43	$session = [];
		44	$conf = new FakeConfigManager();
		45	$sessionManager = new SessionManager($session, $conf);
		46
		47	$token = $sessionManager->generateToken();
		48
		49	$this->assertEquals(1, $session['tokens'][$token]);
		50	$this->assertEquals(40, strlen($token));
		51	}
		52
		53	/**
		54	* Check a session token
		55	*/
		56	public function testCheckToken()
		57	{
		58	$token = '4dccc3a45ad9d03e5542b90c37d8db6d10f2b38b';
		59	$session = [
		60	'tokens' => [
		61	$token => 1,
		62	],
		63	];
		64	$conf = new FakeConfigManager();
		65	$sessionManager = new SessionManager($session, $conf);
		66
		67
		68	// check and destroy the token
		69	$this->assertTrue($sessionManager->checkToken($token));
		70	$this->assertFalse(isset($session['tokens'][$token]));
		71
		72	// ensure the token has been destroyed
		73	$this->assertFalse($sessionManager->checkToken($token));
		74	}
		75
		76	/**
		77	* Generate and check a session token
		78	*/
		79	public function testGenerateAndCheckToken()
		80	{
		81	$session = [];
		82	$conf = new FakeConfigManager();
		83	$sessionManager = new SessionManager($session, $conf);
		84
		85	$token = $sessionManager->generateToken();
		86
		87	// ensure a token has been generated
		88	$this->assertEquals(1, $session['tokens'][$token]);
		89	$this->assertEquals(40, strlen($token));
		90
		91	// check and destroy the token
		92	$this->assertTrue($sessionManager->checkToken($token));
		93	$this->assertFalse(isset($session['tokens'][$token]));
		94
		95	// ensure the token has been destroyed
		96	$this->assertFalse($sessionManager->checkToken($token));
		97	}
		98
		99	/**
		100	* Check an invalid session token
		101	*/
		102	public function testCheckInvalidToken()
		103	{
		104	$session = [];
		105	$conf = new FakeConfigManager();
		106	$sessionManager = new SessionManager($session, $conf);
		107
		108	$this->assertFalse($sessionManager->checkToken('4dccc3a45ad9d03e5542b90c37d8db6d10f2b38b'));
		109	}
		110
		111	/**
		112	* Test SessionManager::checkId with a valid ID - TEST ALL THE HASHES!
		113	*
		114	* This tests extensively covers all hash algorithms / bit representations
		115	*/
		116	public function testIsAnyHashSessionIdValid()
		117	{
		118	foreach (self::$sidHashes as $algo => $bpcs) {
		119	foreach ($bpcs as $bpc => $hash) {
		120	$this->assertTrue(SessionManager::checkId($hash));
		121	}
		122	}
		123	}
		124
		125	/**
		126	* Test checkId with a valid ID - SHA-1 hashes
		127	*/
		128	public function testIsSha1SessionIdValid()
		129	{
		130	$this->assertTrue(SessionManager::checkId(sha1('shaarli')));
		131	}
		132
		133	/**
		134	* Test checkId with a valid ID - SHA-256 hashes
		135	*/
		136	public function testIsSha256SessionIdValid()
		137	{
		138	$this->assertTrue(SessionManager::checkId(hash('sha256', 'shaarli')));
		139	}
		140
		141	/**
		142	* Test checkId with a valid ID - SHA-512 hashes
		143	*/
		144	public function testIsSha512SessionIdValid()
		145	{
		146	$this->assertTrue(SessionManager::checkId(hash('sha512', 'shaarli')));
		147	}
		148
		149	/**
		150	* Test checkId with invalid IDs.
		151	*/
		152	public function testIsSessionIdInvalid()
		153	{
		154	$this->assertFalse(SessionManager::checkId(''));
		155	$this->assertFalse(SessionManager::checkId([]));
		156	$this->assertFalse(
		157	SessionManager::checkId('c0ZqcWF3VFE2NmJBdm1HMVQ0ZHJ3UmZPbTFsNGhkNHI=')
		158	);
		159	}
		160	}


diff --git a/tests/UtilsTest.php b/tests/UtilsTest.php index 840eaf21..6cd37a7a 100644 --- a/tests/UtilsTest.php +++ b/tests/UtilsTest.php
@@ -5,10 +5,6 @@
5		5
6	require_once 'application/Utils.php';	6	require_once 'application/Utils.php';
7	require_once 'application/Languages.php';	7	require_once 'application/Languages.php';
8	require_once 'tests/utils/ReferenceSessionIdHashes.php';
9
10	// Initialize reference data before PHPUnit starts a session
11	ReferenceSessionIdHashes::genAllHashes();
12		8
13		9
14	/**	10	/**
@@ -16,9 +12,6 @@ ReferenceSessionIdHashes::genAllHashes();
16	*/	12	*/
17	class UtilsTest extends PHPUnit_Framework_TestCase	13	class UtilsTest extends PHPUnit_Framework_TestCase
18	{	14	{
19	// Session ID hashes
20	protected static $sidHashes = null;
21
22	// Log file	15	// Log file
23	protected static $testLogFile = 'tests.log';	16	protected static $testLogFile = 'tests.log';
24		17
@@ -30,13 +23,11 @@ class UtilsTest extends PHPUnit_Framework_TestCase
30	*/	23	*/
31	protected static $defaultTimeZone;	24	protected static $defaultTimeZone;
32		25
33
34	/**	26	/**
35	* Assign reference data	27	* Assign reference data
36	*/	28	*/
37	public static function setUpBeforeClass()	29	public static function setUpBeforeClass()
38	{	30	{
39	self::$sidHashes = ReferenceSessionIdHashes::getHashes();
40	self::$defaultTimeZone = date_default_timezone_get();	31	self::$defaultTimeZone = date_default_timezone_get();
41	// Timezone without DST for test consistency	32	// Timezone without DST for test consistency
42	date_default_timezone_set('Africa/Nairobi');	33	date_default_timezone_set('Africa/Nairobi');
@@ -221,57 +212,8 @@ class UtilsTest extends PHPUnit_Framework_TestCase
221	$this->assertEquals('?', generateLocation($ref, 'localhost'));	212	$this->assertEquals('?', generateLocation($ref, 'localhost'));
222	}	213	}
223		214
224	/**
225	* Test is_session_id_valid with a valid ID - TEST ALL THE HASHES!
226	*
227	* This tests extensively covers all hash algorithms / bit representations
228	*/
229	public function testIsAnyHashSessionIdValid()
230	{
231	foreach (self::$sidHashes as $algo => $bpcs) {
232	foreach ($bpcs as $bpc => $hash) {
233	$this->assertTrue(is_session_id_valid($hash));
234	}
235	}
236	}
237		215
238	/**	216	/**
239	* Test is_session_id_valid with a valid ID - SHA-1 hashes
240	*/
241	public function testIsSha1SessionIdValid()
242	{
243	$this->assertTrue(is_session_id_valid(sha1('shaarli')));
244	}
245
246	/**
247	* Test is_session_id_valid with a valid ID - SHA-256 hashes
248	*/
249	public function testIsSha256SessionIdValid()
250	{
251	$this->assertTrue(is_session_id_valid(hash('sha256', 'shaarli')));
252	}
253
254	/**
255	* Test is_session_id_valid with a valid ID - SHA-512 hashes
256	*/
257	public function testIsSha512SessionIdValid()
258	{
259	$this->assertTrue(is_session_id_valid(hash('sha512', 'shaarli')));
260	}
261
262	/**
263	* Test is_session_id_valid with invalid IDs.
264	*/
265	public function testIsSessionIdInvalid()
266	{
267	$this->assertFalse(is_session_id_valid(''));
268	$this->assertFalse(is_session_id_valid(array()));
269	$this->assertFalse(
270	is_session_id_valid('c0ZqcWF3VFE2NmJBdm1HMVQ0ZHJ3UmZPbTFsNGhkNHI=')
271	);
272	}
273
274	/**
275	* Test generateSecretApi.	217	* Test generateSecretApi.
276	*/	218	*/
277	public function testGenerateSecretApi()	219	public function testGenerateSecretApi()