aboutsummaryrefslogtreecommitdiffhomepage
path: root/tests/security
diff options
context:
space:
mode:
Diffstat (limited to 'tests/security')
-rw-r--r--tests/security/BanManagerTest.php9
-rw-r--r--tests/security/LoginManagerTest.php81
-rw-r--r--tests/security/SessionManagerTest.php91
3 files changed, 135 insertions, 46 deletions
diff --git a/tests/security/BanManagerTest.php b/tests/security/BanManagerTest.php
index bba7c8ad..29d2791b 100644
--- a/tests/security/BanManagerTest.php
+++ b/tests/security/BanManagerTest.php
@@ -3,8 +3,9 @@
3 3
4namespace Shaarli\Security; 4namespace Shaarli\Security;
5 5
6use PHPUnit\Framework\TestCase; 6use Psr\Log\LoggerInterface;
7use Shaarli\FileUtils; 7use Shaarli\Helper\FileUtils;
8use Shaarli\TestCase;
8 9
9/** 10/**
10 * Test coverage for BanManager 11 * Test coverage for BanManager
@@ -32,7 +33,7 @@ class BanManagerTest extends TestCase
32 /** 33 /**
33 * Prepare or reset test resources 34 * Prepare or reset test resources
34 */ 35 */
35 public function setUp() 36 protected function setUp(): void
36 { 37 {
37 if (file_exists($this->banFile)) { 38 if (file_exists($this->banFile)) {
38 unlink($this->banFile); 39 unlink($this->banFile);
@@ -387,7 +388,7 @@ class BanManagerTest extends TestCase
387 3, 388 3,
388 1800, 389 1800,
389 $this->banFile, 390 $this->banFile,
390 $this->logFile 391 $this->createMock(LoggerInterface::class)
391 ); 392 );
392 } 393 }
393} 394}
diff --git a/tests/security/LoginManagerTest.php b/tests/security/LoginManagerTest.php
index 8fd1698c..f7609fc6 100644
--- a/tests/security/LoginManagerTest.php
+++ b/tests/security/LoginManagerTest.php
@@ -1,16 +1,17 @@
1<?php 1<?php
2namespace Shaarli\Security;
3 2
4require_once 'tests/utils/FakeConfigManager.php'; 3namespace Shaarli\Security;
5 4
6use PHPUnit\Framework\TestCase; 5use Psr\Log\LoggerInterface;
6use Shaarli\FakeConfigManager;
7use Shaarli\TestCase;
7 8
8/** 9/**
9 * Test coverage for LoginManager 10 * Test coverage for LoginManager
10 */ 11 */
11class LoginManagerTest extends TestCase 12class LoginManagerTest extends TestCase
12{ 13{
13 /** @var \FakeConfigManager Configuration Manager instance */ 14 /** @var FakeConfigManager Configuration Manager instance */
14 protected $configManager = null; 15 protected $configManager = null;
15 16
16 /** @var LoginManager Login Manager instance */ 17 /** @var LoginManager Login Manager instance */
@@ -58,10 +59,16 @@ class LoginManagerTest extends TestCase
58 /** @var string Salt used by hash functions */ 59 /** @var string Salt used by hash functions */
59 protected $salt = '669e24fa9c5a59a613f98e8e38327384504a4af2'; 60 protected $salt = '669e24fa9c5a59a613f98e8e38327384504a4af2';
60 61
62 /** @var CookieManager */
63 protected $cookieManager;
64
65 /** @var BanManager */
66 protected $banManager;
67
61 /** 68 /**
62 * Prepare or reset test resources 69 * Prepare or reset test resources
63 */ 70 */
64 public function setUp() 71 protected function setUp(): void
65 { 72 {
66 if (file_exists($this->banFile)) { 73 if (file_exists($this->banFile)) {
67 unlink($this->banFile); 74 unlink($this->banFile);
@@ -69,7 +76,7 @@ class LoginManagerTest extends TestCase
69 76
70 $this->passwordHash = sha1($this->password . $this->login . $this->salt); 77 $this->passwordHash = sha1($this->password . $this->login . $this->salt);
71 78
72 $this->configManager = new \FakeConfigManager([ 79 $this->configManager = new FakeConfigManager([
73 'credentials.login' => $this->login, 80 'credentials.login' => $this->login,
74 'credentials.hash' => $this->passwordHash, 81 'credentials.hash' => $this->passwordHash,
75 'credentials.salt' => $this->salt, 82 'credentials.salt' => $this->salt,
@@ -84,19 +91,34 @@ class LoginManagerTest extends TestCase
84 $this->cookie = []; 91 $this->cookie = [];
85 $this->session = []; 92 $this->session = [];
86 93
87 $this->sessionManager = new SessionManager($this->session, $this->configManager); 94 $this->cookieManager = $this->createMock(CookieManager::class);
88 $this->loginManager = new LoginManager($this->configManager, $this->sessionManager); 95 $this->cookieManager->method('getCookieParameter')->willReturnCallback(function (string $key) {
96 return $this->cookie[$key] ?? null;
97 });
98 $this->sessionManager = new SessionManager($this->session, $this->configManager, 'session_path');
99 $this->banManager = $this->createMock(BanManager::class);
100 $this->loginManager = new LoginManager(
101 $this->configManager,
102 $this->sessionManager,
103 $this->cookieManager,
104 $this->banManager,
105 $this->createMock(LoggerInterface::class)
106 );
89 $this->server['REMOTE_ADDR'] = $this->ipAddr; 107 $this->server['REMOTE_ADDR'] = $this->ipAddr;
90 } 108 }
91 109
92 /** 110 /**
93 * Record a failed login attempt 111 * Record a failed login attempt
94 */ 112 */
95 public function testHandleFailedLogin() 113 public function testHandleFailedLogin(): void
96 { 114 {
115 $this->banManager->expects(static::exactly(2))->method('handleFailedAttempt');
116 $this->banManager->method('isBanned')->willReturn(true);
117
97 $this->loginManager->handleFailedLogin($this->server); 118 $this->loginManager->handleFailedLogin($this->server);
98 $this->loginManager->handleFailedLogin($this->server); 119 $this->loginManager->handleFailedLogin($this->server);
99 $this->assertFalse($this->loginManager->canLogin($this->server)); 120
121 static::assertFalse($this->loginManager->canLogin($this->server));
100 } 122 }
101 123
102 /** 124 /**
@@ -108,8 +130,13 @@ class LoginManagerTest extends TestCase
108 'REMOTE_ADDR' => $this->trustedProxy, 130 'REMOTE_ADDR' => $this->trustedProxy,
109 'HTTP_X_FORWARDED_FOR' => $this->ipAddr, 131 'HTTP_X_FORWARDED_FOR' => $this->ipAddr,
110 ]; 132 ];
133
134 $this->banManager->expects(static::exactly(2))->method('handleFailedAttempt');
135 $this->banManager->method('isBanned')->willReturn(true);
136
111 $this->loginManager->handleFailedLogin($server); 137 $this->loginManager->handleFailedLogin($server);
112 $this->loginManager->handleFailedLogin($server); 138 $this->loginManager->handleFailedLogin($server);
139
113 $this->assertFalse($this->loginManager->canLogin($server)); 140 $this->assertFalse($this->loginManager->canLogin($server));
114 } 141 }
115 142
@@ -190,11 +217,17 @@ class LoginManagerTest extends TestCase
190 */ 217 */
191 public function testCheckLoginStateNotConfigured() 218 public function testCheckLoginStateNotConfigured()
192 { 219 {
193 $configManager = new \FakeConfigManager([ 220 $configManager = new FakeConfigManager([
194 'resource.ban_file' => $this->banFile, 221 'resource.ban_file' => $this->banFile,
195 ]); 222 ]);
196 $loginManager = new LoginManager($configManager, null); 223 $loginManager = new LoginManager(
197 $loginManager->checkLoginState([], ''); 224 $configManager,
225 $this->sessionManager,
226 $this->cookieManager,
227 $this->banManager,
228 $this->createMock(LoggerInterface::class)
229 );
230 $loginManager->checkLoginState('');
198 231
199 $this->assertFalse($loginManager->isLoggedIn()); 232 $this->assertFalse($loginManager->isLoggedIn());
200 } 233 }
@@ -210,9 +243,9 @@ class LoginManagerTest extends TestCase
210 'expires_on' => time() + 100, 243 'expires_on' => time() + 100,
211 ]; 244 ];
212 $this->loginManager->generateStaySignedInToken($this->clientIpAddress); 245 $this->loginManager->generateStaySignedInToken($this->clientIpAddress);
213 $this->cookie[LoginManager::$STAY_SIGNED_IN_COOKIE] = 'nope'; 246 $this->cookie[CookieManager::STAY_SIGNED_IN] = 'nope';
214 247
215 $this->loginManager->checkLoginState($this->cookie, $this->clientIpAddress); 248 $this->loginManager->checkLoginState($this->clientIpAddress);
216 249
217 $this->assertTrue($this->loginManager->isLoggedIn()); 250 $this->assertTrue($this->loginManager->isLoggedIn());
218 $this->assertTrue(empty($this->session['username'])); 251 $this->assertTrue(empty($this->session['username']));
@@ -224,9 +257,9 @@ class LoginManagerTest extends TestCase
224 public function testCheckLoginStateStaySignedInWithValidToken() 257 public function testCheckLoginStateStaySignedInWithValidToken()
225 { 258 {
226 $this->loginManager->generateStaySignedInToken($this->clientIpAddress); 259 $this->loginManager->generateStaySignedInToken($this->clientIpAddress);
227 $this->cookie[LoginManager::$STAY_SIGNED_IN_COOKIE] = $this->loginManager->getStaySignedInToken(); 260 $this->cookie[CookieManager::STAY_SIGNED_IN] = $this->loginManager->getStaySignedInToken();
228 261
229 $this->loginManager->checkLoginState($this->cookie, $this->clientIpAddress); 262 $this->loginManager->checkLoginState($this->clientIpAddress);
230 263
231 $this->assertTrue($this->loginManager->isLoggedIn()); 264 $this->assertTrue($this->loginManager->isLoggedIn());
232 $this->assertEquals($this->login, $this->session['username']); 265 $this->assertEquals($this->login, $this->session['username']);
@@ -241,7 +274,7 @@ class LoginManagerTest extends TestCase
241 $this->loginManager->generateStaySignedInToken($this->clientIpAddress); 274 $this->loginManager->generateStaySignedInToken($this->clientIpAddress);
242 $this->session['expires_on'] = time() - 100; 275 $this->session['expires_on'] = time() - 100;
243 276
244 $this->loginManager->checkLoginState($this->cookie, $this->clientIpAddress); 277 $this->loginManager->checkLoginState($this->clientIpAddress);
245 278
246 $this->assertFalse($this->loginManager->isLoggedIn()); 279 $this->assertFalse($this->loginManager->isLoggedIn());
247 } 280 }
@@ -253,7 +286,7 @@ class LoginManagerTest extends TestCase
253 { 286 {
254 $this->loginManager->generateStaySignedInToken($this->clientIpAddress); 287 $this->loginManager->generateStaySignedInToken($this->clientIpAddress);
255 288
256 $this->loginManager->checkLoginState($this->cookie, '10.7.157.98'); 289 $this->loginManager->checkLoginState('10.7.157.98');
257 290
258 $this->assertFalse($this->loginManager->isLoggedIn()); 291 $this->assertFalse($this->loginManager->isLoggedIn());
259 } 292 }
@@ -264,7 +297,7 @@ class LoginManagerTest extends TestCase
264 public function testCheckCredentialsWrongLogin() 297 public function testCheckCredentialsWrongLogin()
265 { 298 {
266 $this->assertFalse( 299 $this->assertFalse(
267 $this->loginManager->checkCredentials('', '', 'b4dl0g1n', $this->password) 300 $this->loginManager->checkCredentials('', 'b4dl0g1n', $this->password)
268 ); 301 );
269 } 302 }
270 303
@@ -274,7 +307,7 @@ class LoginManagerTest extends TestCase
274 public function testCheckCredentialsWrongPassword() 307 public function testCheckCredentialsWrongPassword()
275 { 308 {
276 $this->assertFalse( 309 $this->assertFalse(
277 $this->loginManager->checkCredentials('', '', $this->login, 'b4dp455wd') 310 $this->loginManager->checkCredentials('', $this->login, 'b4dp455wd')
278 ); 311 );
279 } 312 }
280 313
@@ -284,7 +317,7 @@ class LoginManagerTest extends TestCase
284 public function testCheckCredentialsWrongLoginAndPassword() 317 public function testCheckCredentialsWrongLoginAndPassword()
285 { 318 {
286 $this->assertFalse( 319 $this->assertFalse(
287 $this->loginManager->checkCredentials('', '', 'b4dl0g1n', 'b4dp455wd') 320 $this->loginManager->checkCredentials('', 'b4dl0g1n', 'b4dp455wd')
288 ); 321 );
289 } 322 }
290 323
@@ -294,7 +327,7 @@ class LoginManagerTest extends TestCase
294 public function testCheckCredentialsGoodLoginAndPassword() 327 public function testCheckCredentialsGoodLoginAndPassword()
295 { 328 {
296 $this->assertTrue( 329 $this->assertTrue(
297 $this->loginManager->checkCredentials('', '', $this->login, $this->password) 330 $this->loginManager->checkCredentials('', $this->login, $this->password)
298 ); 331 );
299 } 332 }
300 333
@@ -305,7 +338,7 @@ class LoginManagerTest extends TestCase
305 { 338 {
306 $this->configManager->set('ldap.host', 'dummy'); 339 $this->configManager->set('ldap.host', 'dummy');
307 $this->assertFalse( 340 $this->assertFalse(
308 $this->loginManager->checkCredentials('', '', $this->login, $this->password) 341 $this->loginManager->checkCredentials('', $this->login, $this->password)
309 ); 342 );
310 } 343 }
311 344
diff --git a/tests/security/SessionManagerTest.php b/tests/security/SessionManagerTest.php
index f264505e..6830d714 100644
--- a/tests/security/SessionManagerTest.php
+++ b/tests/security/SessionManagerTest.php
@@ -1,12 +1,9 @@
1<?php 1<?php
2require_once 'tests/utils/FakeConfigManager.php';
3 2
4// Initialize reference data _before_ PHPUnit starts a session 3namespace Shaarli\Security;
5require_once 'tests/utils/ReferenceSessionIdHashes.php';
6ReferenceSessionIdHashes::genAllHashes();
7 4
8use PHPUnit\Framework\TestCase; 5use Shaarli\FakeConfigManager;
9use Shaarli\Security\SessionManager; 6use Shaarli\TestCase;
10 7
11/** 8/**
12 * Test coverage for SessionManager 9 * Test coverage for SessionManager
@@ -16,7 +13,7 @@ class SessionManagerTest extends TestCase
16 /** @var array Session ID hashes */ 13 /** @var array Session ID hashes */
17 protected static $sidHashes = null; 14 protected static $sidHashes = null;
18 15
19 /** @var \FakeConfigManager ConfigManager substitute for testing */ 16 /** @var FakeConfigManager ConfigManager substitute for testing */
20 protected $conf = null; 17 protected $conf = null;
21 18
22 /** @var array $_SESSION array for testing */ 19 /** @var array $_SESSION array for testing */
@@ -28,15 +25,15 @@ class SessionManagerTest extends TestCase
28 /** 25 /**
29 * Assign reference data 26 * Assign reference data
30 */ 27 */
31 public static function setUpBeforeClass() 28 public static function setUpBeforeClass(): void
32 { 29 {
33 self::$sidHashes = ReferenceSessionIdHashes::getHashes(); 30 self::$sidHashes = \ReferenceSessionIdHashes::getHashes();
34 } 31 }
35 32
36 /** 33 /**
37 * Initialize or reset test resources 34 * Initialize or reset test resources
38 */ 35 */
39 public function setUp() 36 protected function setUp(): void
40 { 37 {
41 $this->conf = new FakeConfigManager([ 38 $this->conf = new FakeConfigManager([
42 'credentials.login' => 'johndoe', 39 'credentials.login' => 'johndoe',
@@ -44,7 +41,7 @@ class SessionManagerTest extends TestCase
44 'security.session_protection_disabled' => false, 41 'security.session_protection_disabled' => false,
45 ]); 42 ]);
46 $this->session = []; 43 $this->session = [];
47 $this->sessionManager = new SessionManager($this->session, $this->conf); 44 $this->sessionManager = new SessionManager($this->session, $this->conf, 'session_path');
48 } 45 }
49 46
50 /** 47 /**
@@ -69,7 +66,7 @@ class SessionManagerTest extends TestCase
69 $token => 1, 66 $token => 1,
70 ], 67 ],
71 ]; 68 ];
72 $sessionManager = new SessionManager($session, $this->conf); 69 $sessionManager = new SessionManager($session, $this->conf, 'session_path');
73 70
74 // check and destroy the token 71 // check and destroy the token
75 $this->assertTrue($sessionManager->checkToken($token)); 72 $this->assertTrue($sessionManager->checkToken($token));
@@ -211,15 +208,16 @@ class SessionManagerTest extends TestCase
211 'expires_on' => time() + 1000, 208 'expires_on' => time() + 1000,
212 'username' => 'johndoe', 209 'username' => 'johndoe',
213 'visibility' => 'public', 210 'visibility' => 'public',
214 'untaggedonly' => false, 211 'untaggedonly' => true,
215 ]; 212 ];
216 $this->sessionManager->logout(); 213 $this->sessionManager->logout();
217 214
218 $this->assertFalse(isset($this->session['ip'])); 215 $this->assertArrayNotHasKey('ip', $this->session);
219 $this->assertFalse(isset($this->session['expires_on'])); 216 $this->assertArrayNotHasKey('expires_on', $this->session);
220 $this->assertFalse(isset($this->session['username'])); 217 $this->assertArrayNotHasKey('username', $this->session);
221 $this->assertFalse(isset($this->session['visibility'])); 218 $this->assertArrayNotHasKey('visibility', $this->session);
222 $this->assertFalse(isset($this->session['untaggedonly'])); 219 $this->assertArrayHasKey('untaggedonly', $this->session);
220 $this->assertTrue($this->session['untaggedonly']);
223 } 221 }
224 222
225 /** 223 /**
@@ -269,4 +267,61 @@ class SessionManagerTest extends TestCase
269 $this->session['ip'] = 'ip_id_one'; 267 $this->session['ip'] = 'ip_id_one';
270 $this->assertTrue($this->sessionManager->hasClientIpChanged('ip_id_two')); 268 $this->assertTrue($this->sessionManager->hasClientIpChanged('ip_id_two'));
271 } 269 }
270
271 /**
272 * Test creating an entry in the session array
273 */
274 public function testSetSessionParameterCreate(): void
275 {
276 $this->sessionManager->setSessionParameter('abc', 'def');
277
278 static::assertSame('def', $this->session['abc']);
279 }
280
281 /**
282 * Test updating an entry in the session array
283 */
284 public function testSetSessionParameterUpdate(): void
285 {
286 $this->session['abc'] = 'ghi';
287
288 $this->sessionManager->setSessionParameter('abc', 'def');
289
290 static::assertSame('def', $this->session['abc']);
291 }
292
293 /**
294 * Test updating an entry in the session array with null value
295 */
296 public function testSetSessionParameterUpdateNull(): void
297 {
298 $this->session['abc'] = 'ghi';
299
300 $this->sessionManager->setSessionParameter('abc', null);
301
302 static::assertArrayHasKey('abc', $this->session);
303 static::assertNull($this->session['abc']);
304 }
305
306 /**
307 * Test deleting an existing entry in the session array
308 */
309 public function testDeleteSessionParameter(): void
310 {
311 $this->session['abc'] = 'def';
312
313 $this->sessionManager->deleteSessionParameter('abc');
314
315 static::assertArrayNotHasKey('abc', $this->session);
316 }
317
318 /**
319 * Test deleting a non existent entry in the session array
320 */
321 public function testDeleteSessionParameterNotExisting(): void
322 {
323 $this->sessionManager->deleteSessionParameter('abc');
324
325 static::assertArrayNotHasKey('abc', $this->session);
326 }
272} 327}
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-28 02:10:36 +0000