diff options
Diffstat (limited to 'tests/security/LoginManagerTest.php')
-rw-r--r-- | tests/security/LoginManagerTest.php | 149 |
1 files changed, 144 insertions, 5 deletions
diff --git a/tests/security/LoginManagerTest.php b/tests/security/LoginManagerTest.php index 633f1bb9..fad09992 100644 --- a/tests/security/LoginManagerTest.php +++ b/tests/security/LoginManagerTest.php | |||
@@ -9,13 +9,40 @@ use \PHPUnit\Framework\TestCase; | |||
9 | */ | 9 | */ |
10 | class LoginManagerTest extends TestCase | 10 | class LoginManagerTest extends TestCase |
11 | { | 11 | { |
12 | /** @var \FakeConfigManager Configuration Manager instance */ | ||
12 | protected $configManager = null; | 13 | protected $configManager = null; |
14 | |||
15 | /** @var LoginManager Login Manager instance */ | ||
13 | protected $loginManager = null; | 16 | protected $loginManager = null; |
17 | |||
18 | /** @var SessionManager Session Manager instance */ | ||
19 | protected $sessionManager = null; | ||
20 | |||
21 | /** @var string Banned IP filename */ | ||
14 | protected $banFile = 'sandbox/ipbans.php'; | 22 | protected $banFile = 'sandbox/ipbans.php'; |
23 | |||
24 | /** @var string Log filename */ | ||
15 | protected $logFile = 'sandbox/shaarli.log'; | 25 | protected $logFile = 'sandbox/shaarli.log'; |
26 | |||
27 | /** @var array Simulates the $_COOKIE array */ | ||
28 | protected $cookie = []; | ||
29 | |||
30 | /** @var array Simulates the $GLOBALS array */ | ||
16 | protected $globals = []; | 31 | protected $globals = []; |
17 | protected $ipAddr = '127.0.0.1'; | 32 | |
33 | /** @var array Simulates the $_SERVER array */ | ||
18 | protected $server = []; | 34 | protected $server = []; |
35 | |||
36 | /** @var array Simulates the $_SESSION array */ | ||
37 | protected $session = []; | ||
38 | |||
39 | /** @var string Advertised client IP address */ | ||
40 | protected $clientIpAddress = '10.1.47.179'; | ||
41 | |||
42 | /** @var string Local client IP address */ | ||
43 | protected $ipAddr = '127.0.0.1'; | ||
44 | |||
45 | /** @var string Trusted proxy IP address */ | ||
19 | protected $trustedProxy = '10.1.1.100'; | 46 | protected $trustedProxy = '10.1.1.100'; |
20 | 47 | ||
21 | /** @var string User login */ | 48 | /** @var string User login */ |
@@ -52,10 +79,18 @@ class LoginManagerTest extends TestCase | |||
52 | 'security.trusted_proxies' => [$this->trustedProxy], | 79 | 'security.trusted_proxies' => [$this->trustedProxy], |
53 | ]); | 80 | ]); |
54 | 81 | ||
82 | $this->cookie = []; | ||
83 | |||
55 | $this->globals = &$GLOBALS; | 84 | $this->globals = &$GLOBALS; |
56 | unset($this->globals['IPBANS']); | 85 | unset($this->globals['IPBANS']); |
57 | 86 | ||
58 | $this->loginManager = new LoginManager($this->globals, $this->configManager, null); | 87 | $this->session = [ |
88 | 'expires_on' => time() + 100, | ||
89 | 'ip' => $this->clientIpAddress, | ||
90 | ]; | ||
91 | |||
92 | $this->sessionManager = new SessionManager($this->session, $this->configManager); | ||
93 | $this->loginManager = new LoginManager($this->globals, $this->configManager, $this->sessionManager); | ||
59 | $this->server['REMOTE_ADDR'] = $this->ipAddr; | 94 | $this->server['REMOTE_ADDR'] = $this->ipAddr; |
60 | } | 95 | } |
61 | 96 | ||
@@ -219,12 +254,116 @@ class LoginManagerTest extends TestCase | |||
219 | */ | 254 | */ |
220 | public function testGenerateStaySignedInToken() | 255 | public function testGenerateStaySignedInToken() |
221 | { | 256 | { |
222 | $ipAddress = '10.1.47.179'; | 257 | $this->loginManager->generateStaySignedInToken($this->clientIpAddress); |
223 | $this->loginManager->generateStaySignedInToken($ipAddress); | ||
224 | 258 | ||
225 | $this->assertEquals( | 259 | $this->assertEquals( |
226 | sha1($this->passwordHash . $ipAddress . $this->salt), | 260 | sha1($this->passwordHash . $this->clientIpAddress . $this->salt), |
227 | $this->loginManager->getStaySignedInToken() | 261 | $this->loginManager->getStaySignedInToken() |
228 | ); | 262 | ); |
229 | } | 263 | } |
264 | |||
265 | /** | ||
266 | * Check user login - Shaarli has not yet been configured | ||
267 | */ | ||
268 | public function testCheckLoginStateNotConfigured() | ||
269 | { | ||
270 | $configManager = new \FakeConfigManager([ | ||
271 | 'resource.ban_file' => $this->banFile, | ||
272 | ]); | ||
273 | $loginManager = new LoginManager($this->globals, $configManager, null); | ||
274 | $loginManager->checkLoginState([], ''); | ||
275 | |||
276 | $this->assertFalse($loginManager->isLoggedIn()); | ||
277 | } | ||
278 | |||
279 | /** | ||
280 | * Check user login - the client cookie does not match the server token | ||
281 | */ | ||
282 | public function testCheckLoginStateStaySignedInWithInvalidToken() | ||
283 | { | ||
284 | $this->loginManager->generateStaySignedInToken($this->clientIpAddress); | ||
285 | $this->cookie[LoginManager::$STAY_SIGNED_IN_COOKIE] = 'nope'; | ||
286 | |||
287 | $this->loginManager->checkLoginState($this->cookie, $this->clientIpAddress); | ||
288 | |||
289 | $this->assertFalse($this->loginManager->isLoggedIn()); | ||
290 | } | ||
291 | |||
292 | /** | ||
293 | * Check user login - the client cookie matches the server token | ||
294 | */ | ||
295 | public function testCheckLoginStateStaySignedInWithValidToken() | ||
296 | { | ||
297 | $this->loginManager->generateStaySignedInToken($this->clientIpAddress); | ||
298 | $this->cookie[LoginManager::$STAY_SIGNED_IN_COOKIE] = $this->loginManager->getStaySignedInToken(); | ||
299 | |||
300 | $this->loginManager->checkLoginState($this->cookie, $this->clientIpAddress); | ||
301 | |||
302 | $this->assertTrue($this->loginManager->isLoggedIn()); | ||
303 | } | ||
304 | |||
305 | /** | ||
306 | * Check user login - the session has expired | ||
307 | */ | ||
308 | public function testCheckLoginStateSessionExpired() | ||
309 | { | ||
310 | $this->loginManager->generateStaySignedInToken($this->clientIpAddress); | ||
311 | $this->session['expires_on'] = time() - 100; | ||
312 | |||
313 | $this->loginManager->checkLoginState($this->cookie, $this->clientIpAddress); | ||
314 | |||
315 | $this->assertFalse($this->loginManager->isLoggedIn()); | ||
316 | } | ||
317 | |||
318 | /** | ||
319 | * Check user login - the remote client IP has changed | ||
320 | */ | ||
321 | public function testCheckLoginStateClientIpChanged() | ||
322 | { | ||
323 | $this->loginManager->generateStaySignedInToken($this->clientIpAddress); | ||
324 | |||
325 | $this->loginManager->checkLoginState($this->cookie, '10.7.157.98'); | ||
326 | |||
327 | $this->assertFalse($this->loginManager->isLoggedIn()); | ||
328 | } | ||
329 | |||
330 | /** | ||
331 | * Check user credentials - wrong login supplied | ||
332 | */ | ||
333 | public function testCheckCredentialsWrongLogin() | ||
334 | { | ||
335 | $this->assertFalse( | ||
336 | $this->loginManager->checkCredentials('', '', 'b4dl0g1n', $this->password) | ||
337 | ); | ||
338 | } | ||
339 | |||
340 | /** | ||
341 | * Check user credentials - wrong password supplied | ||
342 | */ | ||
343 | public function testCheckCredentialsWrongPassword() | ||
344 | { | ||
345 | $this->assertFalse( | ||
346 | $this->loginManager->checkCredentials('', '', $this->login, 'b4dp455wd') | ||
347 | ); | ||
348 | } | ||
349 | |||
350 | /** | ||
351 | * Check user credentials - wrong login and password supplied | ||
352 | */ | ||
353 | public function testCheckCredentialsWrongLoginAndPassword() | ||
354 | { | ||
355 | $this->assertFalse( | ||
356 | $this->loginManager->checkCredentials('', '', 'b4dl0g1n', 'b4dp455wd') | ||
357 | ); | ||
358 | } | ||
359 | |||
360 | /** | ||
361 | * Check user credentials - correct login and password supplied | ||
362 | */ | ||
363 | public function testCheckCredentialsGoodLoginAndPassword() | ||
364 | { | ||
365 | $this->assertTrue( | ||
366 | $this->loginManager->checkCredentials('', '', $this->login, $this->password) | ||
367 | ); | ||
368 | } | ||
230 | } | 369 | } |