diff options
Diffstat (limited to 'tests/security/LoginManagerTest.php')
| -rw-r--r-- | tests/security/LoginManagerTest.php | 104 |
1 files changed, 7 insertions, 97 deletions
diff --git a/tests/security/LoginManagerTest.php b/tests/security/LoginManagerTest.php index 7b0262b3..eef0f22a 100644 --- a/tests/security/LoginManagerTest.php +++ b/tests/security/LoginManagerTest.php | |||
| @@ -75,54 +75,27 @@ class LoginManagerTest extends TestCase | |||
| 75 | 'credentials.salt' => $this->salt, | 75 | 'credentials.salt' => $this->salt, |
| 76 | 'resource.ban_file' => $this->banFile, | 76 | 'resource.ban_file' => $this->banFile, |
| 77 | 'resource.log' => $this->logFile, | 77 | 'resource.log' => $this->logFile, |
| 78 | 'security.ban_after' => 4, | 78 | 'security.ban_after' => 2, |
| 79 | 'security.ban_duration' => 3600, | 79 | 'security.ban_duration' => 3600, |
| 80 | 'security.trusted_proxies' => [$this->trustedProxy], | 80 | 'security.trusted_proxies' => [$this->trustedProxy], |
| 81 | ]); | 81 | ]); |
| 82 | 82 | ||
| 83 | $this->cookie = []; | 83 | $this->cookie = []; |
| 84 | |||
| 85 | $this->globals = &$GLOBALS; | ||
| 86 | unset($this->globals['IPBANS']); | ||
| 87 | |||
| 88 | $this->session = []; | 84 | $this->session = []; |
| 89 | 85 | ||
| 90 | $this->sessionManager = new SessionManager($this->session, $this->configManager); | 86 | $this->sessionManager = new SessionManager($this->session, $this->configManager); |
| 91 | $this->loginManager = new LoginManager($this->globals, $this->configManager, $this->sessionManager); | 87 | $this->loginManager = new LoginManager($this->configManager, $this->sessionManager); |
| 92 | $this->server['REMOTE_ADDR'] = $this->ipAddr; | 88 | $this->server['REMOTE_ADDR'] = $this->ipAddr; |
| 93 | } | 89 | } |
| 94 | 90 | ||
| 95 | /** | 91 | /** |
| 96 | * Wipe test resources | ||
| 97 | */ | ||
| 98 | public function tearDown() | ||
| 99 | { | ||
| 100 | unset($this->globals['IPBANS']); | ||
| 101 | } | ||
| 102 | |||
| 103 | /** | ||
| 104 | * Instantiate a LoginManager and load ban records | ||
| 105 | */ | ||
| 106 | public function testReadBanFile() | ||
| 107 | { | ||
| 108 | file_put_contents( | ||
| 109 | $this->banFile, | ||
| 110 | "<?php\n\$GLOBALS['IPBANS']=array('FAILURES' => array('127.0.0.1' => 99));\n?>" | ||
| 111 | ); | ||
| 112 | new LoginManager($this->globals, $this->configManager, null); | ||
| 113 | $this->assertEquals(99, $this->globals['IPBANS']['FAILURES']['127.0.0.1']); | ||
| 114 | } | ||
| 115 | |||
| 116 | /** | ||
| 117 | * Record a failed login attempt | 92 | * Record a failed login attempt |
| 118 | */ | 93 | */ |
| 119 | public function testHandleFailedLogin() | 94 | public function testHandleFailedLogin() |
| 120 | { | 95 | { |
| 121 | $this->loginManager->handleFailedLogin($this->server); | 96 | $this->loginManager->handleFailedLogin($this->server); |
| 122 | $this->assertEquals(1, $this->globals['IPBANS']['FAILURES'][$this->ipAddr]); | ||
| 123 | |||
| 124 | $this->loginManager->handleFailedLogin($this->server); | 97 | $this->loginManager->handleFailedLogin($this->server); |
| 125 | $this->assertEquals(2, $this->globals['IPBANS']['FAILURES'][$this->ipAddr]); | 98 | $this->assertFalse($this->loginManager->canLogin($this->server)); |
| 126 | } | 99 | } |
| 127 | 100 | ||
| 128 | /** | 101 | /** |
| @@ -135,10 +108,8 @@ class LoginManagerTest extends TestCase | |||
| 135 | 'HTTP_X_FORWARDED_FOR' => $this->ipAddr, | 108 | 'HTTP_X_FORWARDED_FOR' => $this->ipAddr, |
| 136 | ]; | 109 | ]; |
| 137 | $this->loginManager->handleFailedLogin($server); | 110 | $this->loginManager->handleFailedLogin($server); |
| 138 | $this->assertEquals(1, $this->globals['IPBANS']['FAILURES'][$this->ipAddr]); | ||
| 139 | |||
| 140 | $this->loginManager->handleFailedLogin($server); | 111 | $this->loginManager->handleFailedLogin($server); |
| 141 | $this->assertEquals(2, $this->globals['IPBANS']['FAILURES'][$this->ipAddr]); | 112 | $this->assertFalse($this->loginManager->canLogin($server)); |
| 142 | } | 113 | } |
| 143 | 114 | ||
| 144 | /** | 115 | /** |
| @@ -150,39 +121,8 @@ class LoginManagerTest extends TestCase | |||
| 150 | 'REMOTE_ADDR' => $this->trustedProxy, | 121 | 'REMOTE_ADDR' => $this->trustedProxy, |
| 151 | ]; | 122 | ]; |
| 152 | $this->loginManager->handleFailedLogin($server); | 123 | $this->loginManager->handleFailedLogin($server); |
| 153 | $this->assertFalse(isset($this->globals['IPBANS']['FAILURES'][$this->ipAddr])); | ||
| 154 | |||
| 155 | $this->loginManager->handleFailedLogin($server); | 124 | $this->loginManager->handleFailedLogin($server); |
| 156 | $this->assertFalse(isset($this->globals['IPBANS']['FAILURES'][$this->ipAddr])); | 125 | $this->assertTrue($this->loginManager->canLogin($server)); |
| 157 | } | ||
| 158 | |||
| 159 | /** | ||
| 160 | * Record a failed login attempt and ban the IP after too many failures | ||
| 161 | */ | ||
| 162 | public function testHandleFailedLoginBanIp() | ||
| 163 | { | ||
| 164 | $this->loginManager->handleFailedLogin($this->server); | ||
| 165 | $this->assertEquals(1, $this->globals['IPBANS']['FAILURES'][$this->ipAddr]); | ||
| 166 | $this->assertTrue($this->loginManager->canLogin($this->server)); | ||
| 167 | |||
| 168 | $this->loginManager->handleFailedLogin($this->server); | ||
| 169 | $this->assertEquals(2, $this->globals['IPBANS']['FAILURES'][$this->ipAddr]); | ||
| 170 | $this->assertTrue($this->loginManager->canLogin($this->server)); | ||
| 171 | |||
| 172 | $this->loginManager->handleFailedLogin($this->server); | ||
| 173 | $this->assertEquals(3, $this->globals['IPBANS']['FAILURES'][$this->ipAddr]); | ||
| 174 | $this->assertTrue($this->loginManager->canLogin($this->server)); | ||
| 175 | |||
| 176 | $this->loginManager->handleFailedLogin($this->server); | ||
| 177 | $this->assertEquals(4, $this->globals['IPBANS']['FAILURES'][$this->ipAddr]); | ||
| 178 | $this->assertFalse($this->loginManager->canLogin($this->server)); | ||
| 179 | |||
| 180 | // handleFailedLogin is not supposed to be called at this point: | ||
| 181 | // - no login form should be displayed once an IP has been banned | ||
| 182 | // - yet this could happen when using custom templates / scripts | ||
| 183 | $this->loginManager->handleFailedLogin($this->server); | ||
| 184 | $this->assertEquals(5, $this->globals['IPBANS']['FAILURES'][$this->ipAddr]); | ||
| 185 | $this->assertFalse($this->loginManager->canLogin($this->server)); | ||
| 186 | } | 126 | } |
| 187 | 127 | ||
| 188 | /** | 128 | /** |
| @@ -202,14 +142,11 @@ class LoginManagerTest extends TestCase | |||
| 202 | public function testHandleSuccessfulLoginAfterFailure() | 142 | public function testHandleSuccessfulLoginAfterFailure() |
| 203 | { | 143 | { |
| 204 | $this->loginManager->handleFailedLogin($this->server); | 144 | $this->loginManager->handleFailedLogin($this->server); |
| 205 | $this->loginManager->handleFailedLogin($this->server); | ||
| 206 | $this->assertEquals(2, $this->globals['IPBANS']['FAILURES'][$this->ipAddr]); | ||
| 207 | $this->assertTrue($this->loginManager->canLogin($this->server)); | 145 | $this->assertTrue($this->loginManager->canLogin($this->server)); |
| 208 | 146 | ||
| 209 | $this->loginManager->handleSuccessfulLogin($this->server); | 147 | $this->loginManager->handleSuccessfulLogin($this->server); |
| 148 | $this->loginManager->handleFailedLogin($this->server); | ||
| 210 | $this->assertTrue($this->loginManager->canLogin($this->server)); | 149 | $this->assertTrue($this->loginManager->canLogin($this->server)); |
| 211 | $this->assertFalse(isset($this->globals['IPBANS']['FAILURES'][$this->ipAddr])); | ||
| 212 | $this->assertFalse(isset($this->globals['IPBANS']['BANS'][$this->ipAddr])); | ||
| 213 | } | 150 | } |
| 214 | 151 | ||
| 215 | /** | 152 | /** |
| @@ -221,33 +158,6 @@ class LoginManagerTest extends TestCase | |||
| 221 | } | 158 | } |
| 222 | 159 | ||
| 223 | /** | 160 | /** |
| 224 | * The IP is banned | ||
| 225 | */ | ||
| 226 | public function testCanLoginIpBanned() | ||
| 227 | { | ||
| 228 | // ban the IP for an hour | ||
| 229 | $this->globals['IPBANS']['FAILURES'][$this->ipAddr] = 10; | ||
| 230 | $this->globals['IPBANS']['BANS'][$this->ipAddr] = time() + 3600; | ||
| 231 | |||
| 232 | $this->assertFalse($this->loginManager->canLogin($this->server)); | ||
| 233 | } | ||
| 234 | |||
| 235 | /** | ||
| 236 | * The IP is banned, and the ban duration is over | ||
| 237 | */ | ||
| 238 | public function testCanLoginIpBanExpired() | ||
| 239 | { | ||
| 240 | // ban the IP for an hour | ||
| 241 | $this->globals['IPBANS']['FAILURES'][$this->ipAddr] = 10; | ||
| 242 | $this->globals['IPBANS']['BANS'][$this->ipAddr] = time() + 3600; | ||
| 243 | $this->assertFalse($this->loginManager->canLogin($this->server)); | ||
| 244 | |||
| 245 | // lift the ban | ||
| 246 | $this->globals['IPBANS']['BANS'][$this->ipAddr] = time() - 3600; | ||
| 247 | $this->assertTrue($this->loginManager->canLogin($this->server)); | ||
| 248 | } | ||
| 249 | |||
| 250 | /** | ||
| 251 | * Generate a token depending on the user credentials and client IP | 161 | * Generate a token depending on the user credentials and client IP |
| 252 | */ | 162 | */ |
| 253 | public function testGenerateStaySignedInToken() | 163 | public function testGenerateStaySignedInToken() |
| @@ -282,7 +192,7 @@ class LoginManagerTest extends TestCase | |||
| 282 | $configManager = new \FakeConfigManager([ | 192 | $configManager = new \FakeConfigManager([ |
| 283 | 'resource.ban_file' => $this->banFile, | 193 | 'resource.ban_file' => $this->banFile, |
| 284 | ]); | 194 | ]); |
| 285 | $loginManager = new LoginManager($this->globals, $configManager, null); | 195 | $loginManager = new LoginManager($configManager, null); |
| 286 | $loginManager->checkLoginState([], ''); | 196 | $loginManager->checkLoginState([], ''); |
| 287 | 197 | ||
| 288 | $this->assertFalse($loginManager->isLoggedIn()); | 198 | $this->assertFalse($loginManager->isLoggedIn()); |