1 files changed, 20 insertions, 95 deletions
diff --git a/tests/security/LoginManagerTest.php b/tests/security/LoginManagerTest.php
index f26cd1eb..eef0f22a 100644
--- a/tests/security/LoginManagerTest.php
+++ b/tests/security/LoginManagerTest.php
@@ -2,7 +2,8 @@
 namespace Shaarli\Security;
 require_once 'tests/utils/FakeConfigManager.php';
-use \PHPUnit\Framework\TestCase;
+use PHPUnit\Framework\TestCase;
 /**
 * Test coverage for LoginManager
@@ -74,54 +75,27 @@ class LoginManagerTest extends TestCase
            'credentials.salt' => $this->salt,
            'resource.ban_file' => $this->banFile,
            'resource.log' => $this->logFile,
-            'security.ban_after' => 4,
+            'security.ban_after' => 2,
            'security.ban_duration' => 3600,
            'security.trusted_proxies' => [$this->trustedProxy],
        ]);
        $this->cookie = [];
-        $this->globals = &$GLOBALS;
-        unset($this->globals['IPBANS']);
        $this->session = [];
        $this->sessionManager = new SessionManager($this->session, $this->configManager);
-        $this->loginManager = new LoginManager($this->globals, $this->configManager, $this->sessionManager);
+        $this->loginManager = new LoginManager($this->configManager, $this->sessionManager);
        $this->server['REMOTE_ADDR'] = $this->ipAddr;
    }
    /**
-     * Wipe test resources
-     */
-    public function tearDown()
-    {
-        unset($this->globals['IPBANS']);
-    }
-    /**
-     * Instantiate a LoginManager and load ban records
-     */
-    public function testReadBanFile()
-    {
-        file_put_contents(
-            $this->banFile,
-            "<?php\n\$GLOBALS['IPBANS']=array('FAILURES' => array('127.0.0.1' => 99));\n?>"
-        );
-        new LoginManager($this->globals, $this->configManager, null);
-        $this->assertEquals(99, $this->globals['IPBANS']['FAILURES']['127.0.0.1']);
-    }
-    /**
     * Record a failed login attempt
     */
    public function testHandleFailedLogin()
    {
        $this->loginManager->handleFailedLogin($this->server);
-        $this->assertEquals(1, $this->globals['IPBANS']['FAILURES'][$this->ipAddr]);
        $this->loginManager->handleFailedLogin($this->server);
-        $this->assertEquals(2, $this->globals['IPBANS']['FAILURES'][$this->ipAddr]);
+        $this->assertFalse($this->loginManager->canLogin($this->server));
    }
    /**
@@ -134,10 +108,8 @@ class LoginManagerTest extends TestCase
            'HTTP_X_FORWARDED_FOR' => $this->ipAddr,
        ];
        $this->loginManager->handleFailedLogin($server);
-        $this->assertEquals(1, $this->globals['IPBANS']['FAILURES'][$this->ipAddr]);
        $this->loginManager->handleFailedLogin($server);
-        $this->assertEquals(2, $this->globals['IPBANS']['FAILURES'][$this->ipAddr]);
+        $this->assertFalse($this->loginManager->canLogin($server));
    }
    /**
@@ -149,39 +121,8 @@ class LoginManagerTest extends TestCase
            'REMOTE_ADDR' => $this->trustedProxy,
        ];
        $this->loginManager->handleFailedLogin($server);
-        $this->assertFalse(isset($this->globals['IPBANS']['FAILURES'][$this->ipAddr]));
        $this->loginManager->handleFailedLogin($server);
-        $this->assertFalse(isset($this->globals['IPBANS']['FAILURES'][$this->ipAddr]));
+        $this->assertTrue($this->loginManager->canLogin($server));
-    }
-    /**
-     * Record a failed login attempt and ban the IP after too many failures
-     */
-    public function testHandleFailedLoginBanIp()
-    {
-        $this->loginManager->handleFailedLogin($this->server);
-        $this->assertEquals(1, $this->globals['IPBANS']['FAILURES'][$this->ipAddr]);
-        $this->assertTrue($this->loginManager->canLogin($this->server));
-        $this->loginManager->handleFailedLogin($this->server);
-        $this->assertEquals(2, $this->globals['IPBANS']['FAILURES'][$this->ipAddr]);
-        $this->assertTrue($this->loginManager->canLogin($this->server));
-        $this->loginManager->handleFailedLogin($this->server);
-        $this->assertEquals(3, $this->globals['IPBANS']['FAILURES'][$this->ipAddr]);
-        $this->assertTrue($this->loginManager->canLogin($this->server));
-        $this->loginManager->handleFailedLogin($this->server);
-        $this->assertEquals(4, $this->globals['IPBANS']['FAILURES'][$this->ipAddr]);
-        $this->assertFalse($this->loginManager->canLogin($this->server));
-        // handleFailedLogin is not supposed to be called at this point:
-        // - no login form should be displayed once an IP has been banned
-        // - yet this could happen when using custom templates / scripts
-        $this->loginManager->handleFailedLogin($this->server);
-        $this->assertEquals(5, $this->globals['IPBANS']['FAILURES'][$this->ipAddr]);
-        $this->assertFalse($this->loginManager->canLogin($this->server));
    }
    /**
@@ -201,14 +142,11 @@ class LoginManagerTest extends TestCase
    public function testHandleSuccessfulLoginAfterFailure()
    {
        $this->loginManager->handleFailedLogin($this->server);
-        $this->loginManager->handleFailedLogin($this->server);
-        $this->assertEquals(2, $this->globals['IPBANS']['FAILURES'][$this->ipAddr]);
        $this->assertTrue($this->loginManager->canLogin($this->server));
        $this->loginManager->handleSuccessfulLogin($this->server);
+        $this->loginManager->handleFailedLogin($this->server);
        $this->assertTrue($this->loginManager->canLogin($this->server));
-        $this->assertFalse(isset($this->globals['IPBANS']['FAILURES'][$this->ipAddr]));
-        $this->assertFalse(isset($this->globals['IPBANS']['BANS'][$this->ipAddr]));
    }
    /**
@@ -220,41 +158,28 @@ class LoginManagerTest extends TestCase
    }
    /**
-     * The IP is banned
+     * Generate a token depending on the user credentials and client IP
-     */
-    public function testCanLoginIpBanned()
-    {
-        // ban the IP for an hour
-        $this->globals['IPBANS']['FAILURES'][$this->ipAddr] = 10;
-        $this->globals['IPBANS']['BANS'][$this->ipAddr] = time() + 3600;
-        $this->assertFalse($this->loginManager->canLogin($this->server));
-    }
-    /**
-     * The IP is banned, and the ban duration is over
     */
-    public function testCanLoginIpBanExpired()
+    public function testGenerateStaySignedInToken()
    {
-        // ban the IP for an hour
+        $this->loginManager->generateStaySignedInToken($this->clientIpAddress);
-        $this->globals['IPBANS']['FAILURES'][$this->ipAddr] = 10;
-        $this->globals['IPBANS']['BANS'][$this->ipAddr] = time() + 3600;
-        $this->assertFalse($this->loginManager->canLogin($this->server));
-        // lift the ban
+        $this->assertEquals(
-        $this->globals['IPBANS']['BANS'][$this->ipAddr] = time() - 3600;
+            sha1($this->passwordHash . $this->clientIpAddress . $this->salt),
-        $this->assertTrue($this->loginManager->canLogin($this->server));
+            $this->loginManager->getStaySignedInToken()
+        );
    }
    /**
-     * Generate a token depending on the user credentials and client IP
+     * Generate a token depending on the user credentials with session protected disabled
     */
-    public function testGenerateStaySignedInToken()
+    public function testGenerateStaySignedInTokenSessionProtectionDisabled()
    {
+        $this->configManager->set('security.session_protection_disabled', true);
        $this->loginManager->generateStaySignedInToken($this->clientIpAddress);
        $this->assertEquals(
-            sha1($this->passwordHash . $this->clientIpAddress . $this->salt),
+            sha1($this->passwordHash . $this->salt),
            $this->loginManager->getStaySignedInToken()
        );
    }
@@ -267,7 +192,7 @@ class LoginManagerTest extends TestCase
        $configManager = new \FakeConfigManager([
            'resource.ban_file' => $this->banFile,
        ]);
-        $loginManager = new LoginManager($this->globals, $configManager, null);
+        $loginManager = new LoginManager($configManager, null);
        $loginManager->checkLoginState([], '');
        $this->assertFalse($loginManager->isLoggedIn());

diff --git a/tests/security/LoginManagerTest.php b/tests/security/LoginManagerTest.php index f26cd1eb..eef0f22a 100644 --- a/tests/security/LoginManagerTest.php +++ b/tests/security/LoginManagerTest.php
@@ -2,7 +2,8 @@
2	namespace Shaarli\Security;	2	namespace Shaarli\Security;
3		3
4	require_once 'tests/utils/FakeConfigManager.php';	4	require_once 'tests/utils/FakeConfigManager.php';
5	use \PHPUnit\Framework\TestCase;	5
		6	use PHPUnit\Framework\TestCase;
6		7
7	/**	8	/**
8	* Test coverage for LoginManager	9	* Test coverage for LoginManager
@@ -74,54 +75,27 @@ class LoginManagerTest extends TestCase
74	'credentials.salt' => $this->salt,	75	'credentials.salt' => $this->salt,
75	'resource.ban_file' => $this->banFile,	76	'resource.ban_file' => $this->banFile,
76	'resource.log' => $this->logFile,	77	'resource.log' => $this->logFile,
77	'security.ban_after' => 4,	78	'security.ban_after' => 2,
78	'security.ban_duration' => 3600,	79	'security.ban_duration' => 3600,
79	'security.trusted_proxies' => [$this->trustedProxy],	80	'security.trusted_proxies' => [$this->trustedProxy],
80	]);	81	]);
81		82
82	$this->cookie = [];	83	$this->cookie = [];
83
84	$this->globals = &$GLOBALS;
85	unset($this->globals['IPBANS']);
86
87	$this->session = [];	84	$this->session = [];
88		85
89	$this->sessionManager = new SessionManager($this->session, $this->configManager);	86	$this->sessionManager = new SessionManager($this->session, $this->configManager);
90	$this->loginManager = new LoginManager($this->globals, $this->configManager, $this->sessionManager);	87	$this->loginManager = new LoginManager($this->configManager, $this->sessionManager);
91	$this->server['REMOTE_ADDR'] = $this->ipAddr;	88	$this->server['REMOTE_ADDR'] = $this->ipAddr;
92	}	89	}
93		90
94	/**	91	/**
95	* Wipe test resources
96	*/
97	public function tearDown()
98	{
99	unset($this->globals['IPBANS']);
100	}
101
102	/**
103	* Instantiate a LoginManager and load ban records
104	*/
105	public function testReadBanFile()
106	{
107	file_put_contents(
108	$this->banFile,
109	"<?php\n\$GLOBALS['IPBANS']=array('FAILURES' => array('127.0.0.1' => 99));\n?>"
110	);
111	new LoginManager($this->globals, $this->configManager, null);
112	$this->assertEquals(99, $this->globals['IPBANS']['FAILURES']['127.0.0.1']);
113	}
114
115	/**
116	* Record a failed login attempt	92	* Record a failed login attempt
117	*/	93	*/
118	public function testHandleFailedLogin()	94	public function testHandleFailedLogin()
119	{	95	{
120	$this->loginManager->handleFailedLogin($this->server);	96	$this->loginManager->handleFailedLogin($this->server);
121	$this->assertEquals(1, $this->globals['IPBANS']['FAILURES'][$this->ipAddr]);
122
123	$this->loginManager->handleFailedLogin($this->server);	97	$this->loginManager->handleFailedLogin($this->server);
124	$this->assertEquals(2, $this->globals['IPBANS']['FAILURES'][$this->ipAddr]);	98	$this->assertFalse($this->loginManager->canLogin($this->server));
125	}	99	}
126		100
127	/**	101	/**
@@ -134,10 +108,8 @@ class LoginManagerTest extends TestCase
134	'HTTP_X_FORWARDED_FOR' => $this->ipAddr,	108	'HTTP_X_FORWARDED_FOR' => $this->ipAddr,
135	];	109	];
136	$this->loginManager->handleFailedLogin($server);	110	$this->loginManager->handleFailedLogin($server);
137	$this->assertEquals(1, $this->globals['IPBANS']['FAILURES'][$this->ipAddr]);
138
139	$this->loginManager->handleFailedLogin($server);	111	$this->loginManager->handleFailedLogin($server);
140	$this->assertEquals(2, $this->globals['IPBANS']['FAILURES'][$this->ipAddr]);	112	$this->assertFalse($this->loginManager->canLogin($server));
141	}	113	}
142		114
143	/**	115	/**
@@ -149,39 +121,8 @@ class LoginManagerTest extends TestCase
149	'REMOTE_ADDR' => $this->trustedProxy,	121	'REMOTE_ADDR' => $this->trustedProxy,
150	];	122	];
151	$this->loginManager->handleFailedLogin($server);	123	$this->loginManager->handleFailedLogin($server);
152	$this->assertFalse(isset($this->globals['IPBANS']['FAILURES'][$this->ipAddr]));
153
154	$this->loginManager->handleFailedLogin($server);	124	$this->loginManager->handleFailedLogin($server);
155	$this->assertFalse(isset($this->globals['IPBANS']['FAILURES'][$this->ipAddr]));	125	$this->assertTrue($this->loginManager->canLogin($server));
156	}
157
158	/**
159	* Record a failed login attempt and ban the IP after too many failures
160	*/
161	public function testHandleFailedLoginBanIp()
162	{
163	$this->loginManager->handleFailedLogin($this->server);
164	$this->assertEquals(1, $this->globals['IPBANS']['FAILURES'][$this->ipAddr]);
165	$this->assertTrue($this->loginManager->canLogin($this->server));
166
167	$this->loginManager->handleFailedLogin($this->server);
168	$this->assertEquals(2, $this->globals['IPBANS']['FAILURES'][$this->ipAddr]);
169	$this->assertTrue($this->loginManager->canLogin($this->server));
170
171	$this->loginManager->handleFailedLogin($this->server);
172	$this->assertEquals(3, $this->globals['IPBANS']['FAILURES'][$this->ipAddr]);
173	$this->assertTrue($this->loginManager->canLogin($this->server));
174
175	$this->loginManager->handleFailedLogin($this->server);
176	$this->assertEquals(4, $this->globals['IPBANS']['FAILURES'][$this->ipAddr]);
177	$this->assertFalse($this->loginManager->canLogin($this->server));
178
179	// handleFailedLogin is not supposed to be called at this point:
180	// - no login form should be displayed once an IP has been banned
181	// - yet this could happen when using custom templates / scripts
182	$this->loginManager->handleFailedLogin($this->server);
183	$this->assertEquals(5, $this->globals['IPBANS']['FAILURES'][$this->ipAddr]);
184	$this->assertFalse($this->loginManager->canLogin($this->server));
185	}	126	}
186		127
187	/**	128	/**
@@ -201,14 +142,11 @@ class LoginManagerTest extends TestCase
201	public function testHandleSuccessfulLoginAfterFailure()	142	public function testHandleSuccessfulLoginAfterFailure()
202	{	143	{
203	$this->loginManager->handleFailedLogin($this->server);	144	$this->loginManager->handleFailedLogin($this->server);
204	$this->loginManager->handleFailedLogin($this->server);
205	$this->assertEquals(2, $this->globals['IPBANS']['FAILURES'][$this->ipAddr]);
206	$this->assertTrue($this->loginManager->canLogin($this->server));	145	$this->assertTrue($this->loginManager->canLogin($this->server));
207		146
208	$this->loginManager->handleSuccessfulLogin($this->server);	147	$this->loginManager->handleSuccessfulLogin($this->server);
		148	$this->loginManager->handleFailedLogin($this->server);
209	$this->assertTrue($this->loginManager->canLogin($this->server));	149	$this->assertTrue($this->loginManager->canLogin($this->server));
210	$this->assertFalse(isset($this->globals['IPBANS']['FAILURES'][$this->ipAddr]));
211	$this->assertFalse(isset($this->globals['IPBANS']['BANS'][$this->ipAddr]));
212	}	150	}
213		151
214	/**	152	/**
@@ -220,41 +158,28 @@ class LoginManagerTest extends TestCase
220	}	158	}
221		159
222	/**	160	/**
223	* The IP is banned	161	* Generate a token depending on the user credentials and client IP
224	*/
225	public function testCanLoginIpBanned()
226	{
227	// ban the IP for an hour
228	$this->globals['IPBANS']['FAILURES'][$this->ipAddr] = 10;
229	$this->globals['IPBANS']['BANS'][$this->ipAddr] = time() + 3600;
230
231	$this->assertFalse($this->loginManager->canLogin($this->server));
232	}
233
234	/**
235	* The IP is banned, and the ban duration is over
236	*/	162	*/
237	public function testCanLoginIpBanExpired()	163	public function testGenerateStaySignedInToken()
238	{	164	{
239	// ban the IP for an hour	165	$this->loginManager->generateStaySignedInToken($this->clientIpAddress);
240	$this->globals['IPBANS']['FAILURES'][$this->ipAddr] = 10;
241	$this->globals['IPBANS']['BANS'][$this->ipAddr] = time() + 3600;
242	$this->assertFalse($this->loginManager->canLogin($this->server));
243		166
244	// lift the ban	167	$this->assertEquals(
245	$this->globals['IPBANS']['BANS'][$this->ipAddr] = time() - 3600;	168	sha1($this->passwordHash . $this->clientIpAddress . $this->salt),
246	$this->assertTrue($this->loginManager->canLogin($this->server));	169	$this->loginManager->getStaySignedInToken()
		170	);
247	}	171	}
248		172
249	/**	173	/**
250	* Generate a token depending on the user credentials and client IP	174	* Generate a token depending on the user credentials with session protected disabled
251	*/	175	*/
252	public function testGenerateStaySignedInToken()	176	public function testGenerateStaySignedInTokenSessionProtectionDisabled()
253	{	177	{
		178	$this->configManager->set('security.session_protection_disabled', true);
254	$this->loginManager->generateStaySignedInToken($this->clientIpAddress);	179	$this->loginManager->generateStaySignedInToken($this->clientIpAddress);
255		180
256	$this->assertEquals(	181	$this->assertEquals(
257	sha1($this->passwordHash . $this->clientIpAddress . $this->salt),	182	sha1($this->passwordHash . $this->salt),
258	$this->loginManager->getStaySignedInToken()	183	$this->loginManager->getStaySignedInToken()
259	);	184	);
260	}	185	}
@@ -267,7 +192,7 @@ class LoginManagerTest extends TestCase
267	$configManager = new \FakeConfigManager([	192	$configManager = new \FakeConfigManager([
268	'resource.ban_file' => $this->banFile,	193	'resource.ban_file' => $this->banFile,
269	]);	194	]);
270	$loginManager = new LoginManager($this->globals, $configManager, null);	195	$loginManager = new LoginManager($configManager, null);
271	$loginManager->checkLoginState([], '');	196	$loginManager->checkLoginState([], '');
272		197
273	$this->assertFalse($loginManager->isLoggedIn());	198	$this->assertFalse($loginManager->isLoggedIn());