aboutsummaryrefslogtreecommitdiffhomepage
path: root/tests/security
diff options
context:
space:
mode:
Diffstat (limited to 'tests/security')
-rw-r--r--tests/security/BanManagerTest.php4
-rw-r--r--tests/security/LoginManagerTest.php68
-rw-r--r--tests/security/SessionManagerTest.php90
3 files changed, 128 insertions, 34 deletions
diff --git a/tests/security/BanManagerTest.php b/tests/security/BanManagerTest.php
index bba7c8ad..698d3d10 100644
--- a/tests/security/BanManagerTest.php
+++ b/tests/security/BanManagerTest.php
@@ -3,8 +3,8 @@
3 3
4namespace Shaarli\Security; 4namespace Shaarli\Security;
5 5
6use PHPUnit\Framework\TestCase;
7use Shaarli\FileUtils; 6use Shaarli\FileUtils;
7use Shaarli\TestCase;
8 8
9/** 9/**
10 * Test coverage for BanManager 10 * Test coverage for BanManager
@@ -32,7 +32,7 @@ class BanManagerTest extends TestCase
32 /** 32 /**
33 * Prepare or reset test resources 33 * Prepare or reset test resources
34 */ 34 */
35 public function setUp() 35 protected function setUp(): void
36 { 36 {
37 if (file_exists($this->banFile)) { 37 if (file_exists($this->banFile)) {
38 unlink($this->banFile); 38 unlink($this->banFile);
diff --git a/tests/security/LoginManagerTest.php b/tests/security/LoginManagerTest.php
index eef0f22a..d302983d 100644
--- a/tests/security/LoginManagerTest.php
+++ b/tests/security/LoginManagerTest.php
@@ -1,9 +1,8 @@
1<?php 1<?php
2namespace Shaarli\Security;
3 2
4require_once 'tests/utils/FakeConfigManager.php'; 3namespace Shaarli\Security;
5 4
6use PHPUnit\Framework\TestCase; 5use Shaarli\TestCase;
7 6
8/** 7/**
9 * Test coverage for LoginManager 8 * Test coverage for LoginManager
@@ -58,10 +57,13 @@ class LoginManagerTest extends TestCase
58 /** @var string Salt used by hash functions */ 57 /** @var string Salt used by hash functions */
59 protected $salt = '669e24fa9c5a59a613f98e8e38327384504a4af2'; 58 protected $salt = '669e24fa9c5a59a613f98e8e38327384504a4af2';
60 59
60 /** @var CookieManager */
61 protected $cookieManager;
62
61 /** 63 /**
62 * Prepare or reset test resources 64 * Prepare or reset test resources
63 */ 65 */
64 public function setUp() 66 protected function setUp(): void
65 { 67 {
66 if (file_exists($this->banFile)) { 68 if (file_exists($this->banFile)) {
67 unlink($this->banFile); 69 unlink($this->banFile);
@@ -78,13 +80,18 @@ class LoginManagerTest extends TestCase
78 'security.ban_after' => 2, 80 'security.ban_after' => 2,
79 'security.ban_duration' => 3600, 81 'security.ban_duration' => 3600,
80 'security.trusted_proxies' => [$this->trustedProxy], 82 'security.trusted_proxies' => [$this->trustedProxy],
83 'ldap.host' => '',
81 ]); 84 ]);
82 85
83 $this->cookie = []; 86 $this->cookie = [];
84 $this->session = []; 87 $this->session = [];
85 88
86 $this->sessionManager = new SessionManager($this->session, $this->configManager); 89 $this->cookieManager = $this->createMock(CookieManager::class);
87 $this->loginManager = new LoginManager($this->configManager, $this->sessionManager); 90 $this->cookieManager->method('getCookieParameter')->willReturnCallback(function (string $key) {
91 return $this->cookie[$key] ?? null;
92 });
93 $this->sessionManager = new SessionManager($this->session, $this->configManager, 'session_path');
94 $this->loginManager = new LoginManager($this->configManager, $this->sessionManager, $this->cookieManager);
88 $this->server['REMOTE_ADDR'] = $this->ipAddr; 95 $this->server['REMOTE_ADDR'] = $this->ipAddr;
89 } 96 }
90 97
@@ -192,8 +199,8 @@ class LoginManagerTest extends TestCase
192 $configManager = new \FakeConfigManager([ 199 $configManager = new \FakeConfigManager([
193 'resource.ban_file' => $this->banFile, 200 'resource.ban_file' => $this->banFile,
194 ]); 201 ]);
195 $loginManager = new LoginManager($configManager, null); 202 $loginManager = new LoginManager($configManager, null, $this->cookieManager);
196 $loginManager->checkLoginState([], ''); 203 $loginManager->checkLoginState('');
197 204
198 $this->assertFalse($loginManager->isLoggedIn()); 205 $this->assertFalse($loginManager->isLoggedIn());
199 } 206 }
@@ -209,9 +216,9 @@ class LoginManagerTest extends TestCase
209 'expires_on' => time() + 100, 216 'expires_on' => time() + 100,
210 ]; 217 ];
211 $this->loginManager->generateStaySignedInToken($this->clientIpAddress); 218 $this->loginManager->generateStaySignedInToken($this->clientIpAddress);
212 $this->cookie[LoginManager::$STAY_SIGNED_IN_COOKIE] = 'nope'; 219 $this->cookie[CookieManager::STAY_SIGNED_IN] = 'nope';
213 220
214 $this->loginManager->checkLoginState($this->cookie, $this->clientIpAddress); 221 $this->loginManager->checkLoginState($this->clientIpAddress);
215 222
216 $this->assertTrue($this->loginManager->isLoggedIn()); 223 $this->assertTrue($this->loginManager->isLoggedIn());
217 $this->assertTrue(empty($this->session['username'])); 224 $this->assertTrue(empty($this->session['username']));
@@ -223,9 +230,9 @@ class LoginManagerTest extends TestCase
223 public function testCheckLoginStateStaySignedInWithValidToken() 230 public function testCheckLoginStateStaySignedInWithValidToken()
224 { 231 {
225 $this->loginManager->generateStaySignedInToken($this->clientIpAddress); 232 $this->loginManager->generateStaySignedInToken($this->clientIpAddress);
226 $this->cookie[LoginManager::$STAY_SIGNED_IN_COOKIE] = $this->loginManager->getStaySignedInToken(); 233 $this->cookie[CookieManager::STAY_SIGNED_IN] = $this->loginManager->getStaySignedInToken();
227 234
228 $this->loginManager->checkLoginState($this->cookie, $this->clientIpAddress); 235 $this->loginManager->checkLoginState($this->clientIpAddress);
229 236
230 $this->assertTrue($this->loginManager->isLoggedIn()); 237 $this->assertTrue($this->loginManager->isLoggedIn());
231 $this->assertEquals($this->login, $this->session['username']); 238 $this->assertEquals($this->login, $this->session['username']);
@@ -240,7 +247,7 @@ class LoginManagerTest extends TestCase
240 $this->loginManager->generateStaySignedInToken($this->clientIpAddress); 247 $this->loginManager->generateStaySignedInToken($this->clientIpAddress);
241 $this->session['expires_on'] = time() - 100; 248 $this->session['expires_on'] = time() - 100;
242 249
243 $this->loginManager->checkLoginState($this->cookie, $this->clientIpAddress); 250 $this->loginManager->checkLoginState($this->clientIpAddress);
244 251
245 $this->assertFalse($this->loginManager->isLoggedIn()); 252 $this->assertFalse($this->loginManager->isLoggedIn());
246 } 253 }
@@ -252,7 +259,7 @@ class LoginManagerTest extends TestCase
252 { 259 {
253 $this->loginManager->generateStaySignedInToken($this->clientIpAddress); 260 $this->loginManager->generateStaySignedInToken($this->clientIpAddress);
254 261
255 $this->loginManager->checkLoginState($this->cookie, '10.7.157.98'); 262 $this->loginManager->checkLoginState('10.7.157.98');
256 263
257 $this->assertFalse($this->loginManager->isLoggedIn()); 264 $this->assertFalse($this->loginManager->isLoggedIn());
258 } 265 }
@@ -296,4 +303,37 @@ class LoginManagerTest extends TestCase
296 $this->loginManager->checkCredentials('', '', $this->login, $this->password) 303 $this->loginManager->checkCredentials('', '', $this->login, $this->password)
297 ); 304 );
298 } 305 }
306
307 /**
308 * Check user credentials through LDAP - server unreachable
309 */
310 public function testCheckCredentialsFromUnreachableLdap()
311 {
312 $this->configManager->set('ldap.host', 'dummy');
313 $this->assertFalse(
314 $this->loginManager->checkCredentials('', '', $this->login, $this->password)
315 );
316 }
317
318 /**
319 * Check user credentials through LDAP - wrong login and password supplied
320 */
321 public function testCheckCredentialsFromLdapWrongLoginAndPassword()
322 {
323 $this->configManager->set('ldap.host', 'dummy');
324 $this->assertFalse(
325 $this->loginManager->checkCredentialsFromLdap($this->login, $this->password, function() { return null; }, function() { return false; })
326 );
327 }
328
329 /**
330 * Check user credentials through LDAP - correct login and password supplied
331 */
332 public function testCheckCredentialsFromLdapGoodLoginAndPassword()
333 {
334 $this->configManager->set('ldap.host', 'dummy');
335 $this->assertTrue(
336 $this->loginManager->checkCredentialsFromLdap($this->login, $this->password, function() { return null; }, function() { return true; })
337 );
338 }
299} 339}
diff --git a/tests/security/SessionManagerTest.php b/tests/security/SessionManagerTest.php
index f264505e..3f9c3ef5 100644
--- a/tests/security/SessionManagerTest.php
+++ b/tests/security/SessionManagerTest.php
@@ -1,12 +1,8 @@
1<?php 1<?php
2require_once 'tests/utils/FakeConfigManager.php';
3 2
4// Initialize reference data _before_ PHPUnit starts a session 3namespace Shaarli\Security;
5require_once 'tests/utils/ReferenceSessionIdHashes.php';
6ReferenceSessionIdHashes::genAllHashes();
7 4
8use PHPUnit\Framework\TestCase; 5use Shaarli\TestCase;
9use Shaarli\Security\SessionManager;
10 6
11/** 7/**
12 * Test coverage for SessionManager 8 * Test coverage for SessionManager
@@ -28,23 +24,23 @@ class SessionManagerTest extends TestCase
28 /** 24 /**
29 * Assign reference data 25 * Assign reference data
30 */ 26 */
31 public static function setUpBeforeClass() 27 public static function setUpBeforeClass(): void
32 { 28 {
33 self::$sidHashes = ReferenceSessionIdHashes::getHashes(); 29 self::$sidHashes = \ReferenceSessionIdHashes::getHashes();
34 } 30 }
35 31
36 /** 32 /**
37 * Initialize or reset test resources 33 * Initialize or reset test resources
38 */ 34 */
39 public function setUp() 35 protected function setUp(): void
40 { 36 {
41 $this->conf = new FakeConfigManager([ 37 $this->conf = new \FakeConfigManager([
42 'credentials.login' => 'johndoe', 38 'credentials.login' => 'johndoe',
43 'credentials.salt' => 'salt', 39 'credentials.salt' => 'salt',
44 'security.session_protection_disabled' => false, 40 'security.session_protection_disabled' => false,
45 ]); 41 ]);
46 $this->session = []; 42 $this->session = [];
47 $this->sessionManager = new SessionManager($this->session, $this->conf); 43 $this->sessionManager = new SessionManager($this->session, $this->conf, 'session_path');
48 } 44 }
49 45
50 /** 46 /**
@@ -69,7 +65,7 @@ class SessionManagerTest extends TestCase
69 $token => 1, 65 $token => 1,
70 ], 66 ],
71 ]; 67 ];
72 $sessionManager = new SessionManager($session, $this->conf); 68 $sessionManager = new SessionManager($session, $this->conf, 'session_path');
73 69
74 // check and destroy the token 70 // check and destroy the token
75 $this->assertTrue($sessionManager->checkToken($token)); 71 $this->assertTrue($sessionManager->checkToken($token));
@@ -211,15 +207,16 @@ class SessionManagerTest extends TestCase
211 'expires_on' => time() + 1000, 207 'expires_on' => time() + 1000,
212 'username' => 'johndoe', 208 'username' => 'johndoe',
213 'visibility' => 'public', 209 'visibility' => 'public',
214 'untaggedonly' => false, 210 'untaggedonly' => true,
215 ]; 211 ];
216 $this->sessionManager->logout(); 212 $this->sessionManager->logout();
217 213
218 $this->assertFalse(isset($this->session['ip'])); 214 $this->assertArrayNotHasKey('ip', $this->session);
219 $this->assertFalse(isset($this->session['expires_on'])); 215 $this->assertArrayNotHasKey('expires_on', $this->session);
220 $this->assertFalse(isset($this->session['username'])); 216 $this->assertArrayNotHasKey('username', $this->session);
221 $this->assertFalse(isset($this->session['visibility'])); 217 $this->assertArrayNotHasKey('visibility', $this->session);
222 $this->assertFalse(isset($this->session['untaggedonly'])); 218 $this->assertArrayHasKey('untaggedonly', $this->session);
219 $this->assertTrue($this->session['untaggedonly']);
223 } 220 }
224 221
225 /** 222 /**
@@ -269,4 +266,61 @@ class SessionManagerTest extends TestCase
269 $this->session['ip'] = 'ip_id_one'; 266 $this->session['ip'] = 'ip_id_one';
270 $this->assertTrue($this->sessionManager->hasClientIpChanged('ip_id_two')); 267 $this->assertTrue($this->sessionManager->hasClientIpChanged('ip_id_two'));
271 } 268 }
269
270 /**
271 * Test creating an entry in the session array
272 */
273 public function testSetSessionParameterCreate(): void
274 {
275 $this->sessionManager->setSessionParameter('abc', 'def');
276
277 static::assertSame('def', $this->session['abc']);
278 }
279
280 /**
281 * Test updating an entry in the session array
282 */
283 public function testSetSessionParameterUpdate(): void
284 {
285 $this->session['abc'] = 'ghi';
286
287 $this->sessionManager->setSessionParameter('abc', 'def');
288
289 static::assertSame('def', $this->session['abc']);
290 }
291
292 /**
293 * Test updating an entry in the session array with null value
294 */
295 public function testSetSessionParameterUpdateNull(): void
296 {
297 $this->session['abc'] = 'ghi';
298
299 $this->sessionManager->setSessionParameter('abc', null);
300
301 static::assertArrayHasKey('abc', $this->session);
302 static::assertNull($this->session['abc']);
303 }
304
305 /**
306 * Test deleting an existing entry in the session array
307 */
308 public function testDeleteSessionParameter(): void
309 {
310 $this->session['abc'] = 'def';
311
312 $this->sessionManager->deleteSessionParameter('abc');
313
314 static::assertArrayNotHasKey('abc', $this->session);
315 }
316
317 /**
318 * Test deleting a non existent entry in the session array
319 */
320 public function testDeleteSessionParameterNotExisting(): void
321 {
322 $this->sessionManager->deleteSessionParameter('abc');
323
324 static::assertArrayNotHasKey('abc', $this->session);
325 }
272} 326}