aboutsummaryrefslogtreecommitdiffhomepage
path: root/tests/security
diff options
context:
space:
mode:
Diffstat (limited to 'tests/security')
-rw-r--r--tests/security/LoginManagerTest.php149
-rw-r--r--tests/security/SessionManagerTest.php2
2 files changed, 145 insertions, 6 deletions
diff --git a/tests/security/LoginManagerTest.php b/tests/security/LoginManagerTest.php
index 633f1bb9..fad09992 100644
--- a/tests/security/LoginManagerTest.php
+++ b/tests/security/LoginManagerTest.php
@@ -9,13 +9,40 @@ use \PHPUnit\Framework\TestCase;
9 */ 9 */
10class LoginManagerTest extends TestCase 10class LoginManagerTest extends TestCase
11{ 11{
12 /** @var \FakeConfigManager Configuration Manager instance */
12 protected $configManager = null; 13 protected $configManager = null;
14
15 /** @var LoginManager Login Manager instance */
13 protected $loginManager = null; 16 protected $loginManager = null;
17
18 /** @var SessionManager Session Manager instance */
19 protected $sessionManager = null;
20
21 /** @var string Banned IP filename */
14 protected $banFile = 'sandbox/ipbans.php'; 22 protected $banFile = 'sandbox/ipbans.php';
23
24 /** @var string Log filename */
15 protected $logFile = 'sandbox/shaarli.log'; 25 protected $logFile = 'sandbox/shaarli.log';
26
27 /** @var array Simulates the $_COOKIE array */
28 protected $cookie = [];
29
30 /** @var array Simulates the $GLOBALS array */
16 protected $globals = []; 31 protected $globals = [];
17 protected $ipAddr = '127.0.0.1'; 32
33 /** @var array Simulates the $_SERVER array */
18 protected $server = []; 34 protected $server = [];
35
36 /** @var array Simulates the $_SESSION array */
37 protected $session = [];
38
39 /** @var string Advertised client IP address */
40 protected $clientIpAddress = '10.1.47.179';
41
42 /** @var string Local client IP address */
43 protected $ipAddr = '127.0.0.1';
44
45 /** @var string Trusted proxy IP address */
19 protected $trustedProxy = '10.1.1.100'; 46 protected $trustedProxy = '10.1.1.100';
20 47
21 /** @var string User login */ 48 /** @var string User login */
@@ -52,10 +79,18 @@ class LoginManagerTest extends TestCase
52 'security.trusted_proxies' => [$this->trustedProxy], 79 'security.trusted_proxies' => [$this->trustedProxy],
53 ]); 80 ]);
54 81
82 $this->cookie = [];
83
55 $this->globals = &$GLOBALS; 84 $this->globals = &$GLOBALS;
56 unset($this->globals['IPBANS']); 85 unset($this->globals['IPBANS']);
57 86
58 $this->loginManager = new LoginManager($this->globals, $this->configManager, null); 87 $this->session = [
88 'expires_on' => time() + 100,
89 'ip' => $this->clientIpAddress,
90 ];
91
92 $this->sessionManager = new SessionManager($this->session, $this->configManager);
93 $this->loginManager = new LoginManager($this->globals, $this->configManager, $this->sessionManager);
59 $this->server['REMOTE_ADDR'] = $this->ipAddr; 94 $this->server['REMOTE_ADDR'] = $this->ipAddr;
60 } 95 }
61 96
@@ -219,12 +254,116 @@ class LoginManagerTest extends TestCase
219 */ 254 */
220 public function testGenerateStaySignedInToken() 255 public function testGenerateStaySignedInToken()
221 { 256 {
222 $ipAddress = '10.1.47.179'; 257 $this->loginManager->generateStaySignedInToken($this->clientIpAddress);
223 $this->loginManager->generateStaySignedInToken($ipAddress);
224 258
225 $this->assertEquals( 259 $this->assertEquals(
226 sha1($this->passwordHash . $ipAddress . $this->salt), 260 sha1($this->passwordHash . $this->clientIpAddress . $this->salt),
227 $this->loginManager->getStaySignedInToken() 261 $this->loginManager->getStaySignedInToken()
228 ); 262 );
229 } 263 }
264
265 /**
266 * Check user login - Shaarli has not yet been configured
267 */
268 public function testCheckLoginStateNotConfigured()
269 {
270 $configManager = new \FakeConfigManager([
271 'resource.ban_file' => $this->banFile,
272 ]);
273 $loginManager = new LoginManager($this->globals, $configManager, null);
274 $loginManager->checkLoginState([], '');
275
276 $this->assertFalse($loginManager->isLoggedIn());
277 }
278
279 /**
280 * Check user login - the client cookie does not match the server token
281 */
282 public function testCheckLoginStateStaySignedInWithInvalidToken()
283 {
284 $this->loginManager->generateStaySignedInToken($this->clientIpAddress);
285 $this->cookie[LoginManager::$STAY_SIGNED_IN_COOKIE] = 'nope';
286
287 $this->loginManager->checkLoginState($this->cookie, $this->clientIpAddress);
288
289 $this->assertFalse($this->loginManager->isLoggedIn());
290 }
291
292 /**
293 * Check user login - the client cookie matches the server token
294 */
295 public function testCheckLoginStateStaySignedInWithValidToken()
296 {
297 $this->loginManager->generateStaySignedInToken($this->clientIpAddress);
298 $this->cookie[LoginManager::$STAY_SIGNED_IN_COOKIE] = $this->loginManager->getStaySignedInToken();
299
300 $this->loginManager->checkLoginState($this->cookie, $this->clientIpAddress);
301
302 $this->assertTrue($this->loginManager->isLoggedIn());
303 }
304
305 /**
306 * Check user login - the session has expired
307 */
308 public function testCheckLoginStateSessionExpired()
309 {
310 $this->loginManager->generateStaySignedInToken($this->clientIpAddress);
311 $this->session['expires_on'] = time() - 100;
312
313 $this->loginManager->checkLoginState($this->cookie, $this->clientIpAddress);
314
315 $this->assertFalse($this->loginManager->isLoggedIn());
316 }
317
318 /**
319 * Check user login - the remote client IP has changed
320 */
321 public function testCheckLoginStateClientIpChanged()
322 {
323 $this->loginManager->generateStaySignedInToken($this->clientIpAddress);
324
325 $this->loginManager->checkLoginState($this->cookie, '10.7.157.98');
326
327 $this->assertFalse($this->loginManager->isLoggedIn());
328 }
329
330 /**
331 * Check user credentials - wrong login supplied
332 */
333 public function testCheckCredentialsWrongLogin()
334 {
335 $this->assertFalse(
336 $this->loginManager->checkCredentials('', '', 'b4dl0g1n', $this->password)
337 );
338 }
339
340 /**
341 * Check user credentials - wrong password supplied
342 */
343 public function testCheckCredentialsWrongPassword()
344 {
345 $this->assertFalse(
346 $this->loginManager->checkCredentials('', '', $this->login, 'b4dp455wd')
347 );
348 }
349
350 /**
351 * Check user credentials - wrong login and password supplied
352 */
353 public function testCheckCredentialsWrongLoginAndPassword()
354 {
355 $this->assertFalse(
356 $this->loginManager->checkCredentials('', '', 'b4dl0g1n', 'b4dp455wd')
357 );
358 }
359
360 /**
361 * Check user credentials - correct login and password supplied
362 */
363 public function testCheckCredentialsGoodLoginAndPassword()
364 {
365 $this->assertTrue(
366 $this->loginManager->checkCredentials('', '', $this->login, $this->password)
367 );
368 }
230} 369}
diff --git a/tests/security/SessionManagerTest.php b/tests/security/SessionManagerTest.php
index ae10ffa6..9bd868f8 100644
--- a/tests/security/SessionManagerTest.php
+++ b/tests/security/SessionManagerTest.php
@@ -17,7 +17,7 @@ class SessionManagerTest extends TestCase
17 /** @var array Session ID hashes */ 17 /** @var array Session ID hashes */
18 protected static $sidHashes = null; 18 protected static $sidHashes = null;
19 19
20 /** @var FakeConfigManager ConfigManager substitute for testing */ 20 /** @var \FakeConfigManager ConfigManager substitute for testing */
21 protected $conf = null; 21 protected $conf = null;
22 22
23 /** @var array $_SESSION array for testing */ 23 /** @var array $_SESSION array for testing */