From ebd650c06c67a67da2a0d099f625b6a7ec62ab2b Mon Sep 17 00:00:00 2001
From: VirtualTam <virtualtam@flibidi.net>
Date: Sun, 22 Oct 2017 18:44:46 +0200
Subject: Refactor session token management

Relates to https://github.com/shaarli/Shaarli/issues/324

Added:
- `SessionManager` class to group session-related features
- unit tests

Changed:
- `getToken()` -> `SessionManager->generateToken()`
- `tokenOk()` -> `SessionManager->checkToken()`
- inject a `$token` parameter to `PageBuilder`'s constructor

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
---
 tests/SessionManagerTest.php | 72 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 72 insertions(+)
 create mode 100644 tests/SessionManagerTest.php

(limited to 'tests/SessionManagerTest.php')

diff --git a/tests/SessionManagerTest.php b/tests/SessionManagerTest.php
new file mode 100644
index 00000000..3a270303
--- /dev/null
+++ b/tests/SessionManagerTest.php
@@ -0,0 +1,72 @@
+<?php
+namespace Shaarli;
+
+use \PHPUnit\Framework\TestCase;
+
+/**
+ * Fake ConfigManager
+ */
+class FakeConfigManager
+{
+    public static function get($key)
+    {
+        return $key;
+    }
+}
+
+
+/**
+ * Test coverage for SessionManager
+ */
+class SessionManagerTest extends TestCase
+{
+    /**
+     * Generate a session token
+     */
+    public function testGenerateToken()
+    {
+        $session = [];
+        $conf = new FakeConfigManager();
+        $sessionManager = new SessionManager($session, $conf);
+
+        $token = $sessionManager->generateToken();
+
+        $this->assertEquals(1, $session['tokens'][$token]);
+        $this->assertEquals(40, strlen($token));
+    }
+
+    /**
+     * Generate and check a session token
+     */
+    public function testGenerateAndCheckToken()
+    {
+        $session = [];
+        $conf = new FakeConfigManager();
+        $sessionManager = new SessionManager($session, $conf);
+
+        $token = $sessionManager->generateToken();
+
+        // ensure a token has been generated
+        $this->assertEquals(1, $session['tokens'][$token]);
+        $this->assertEquals(40, strlen($token));
+
+        // check and destroy the token
+        $this->assertTrue($sessionManager->checkToken($token));
+        $this->assertFalse(isset($session['tokens'][$token]));
+
+        // ensure the token has been destroyed
+        $this->assertFalse($sessionManager->checkToken($token));
+    }
+
+    /**
+     * Check an invalid session token
+     */
+    public function testCheckInvalidToken()
+    {
+        $session = [];
+        $conf = new FakeConfigManager();
+        $sessionManager = new SessionManager($session, $conf);
+
+        $this->assertFalse($sessionManager->checkToken('4dccc3a45ad9d03e5542b90c37d8db6d10f2b38b'));
+    }
+}
-- 
cgit v1.2.3