123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149 |
- <?php
- require_once 'tests/utils/FakeConfigManager.php';
- // Initialize reference data _before_ PHPUnit starts a session
- require_once 'tests/utils/ReferenceSessionIdHashes.php';
- ReferenceSessionIdHashes::genAllHashes();
- use \Shaarli\SessionManager;
- use \PHPUnit\Framework\TestCase;
- /**
- * Test coverage for SessionManager
- */
- class SessionManagerTest extends TestCase
- {
- // Session ID hashes
- protected static $sidHashes = null;
- // Fake ConfigManager
- protected static $conf = null;
- /**
- * Assign reference data
- */
- public static function setUpBeforeClass()
- {
- self::$sidHashes = ReferenceSessionIdHashes::getHashes();
- self::$conf = new FakeConfigManager();
- }
- /**
- * Generate a session token
- */
- public function testGenerateToken()
- {
- $session = [];
- $sessionManager = new SessionManager($session, self::$conf);
- $token = $sessionManager->generateToken();
- $this->assertEquals(1, $session['tokens'][$token]);
- $this->assertEquals(40, strlen($token));
- }
- /**
- * Check a session token
- */
- public function testCheckToken()
- {
- $token = '4dccc3a45ad9d03e5542b90c37d8db6d10f2b38b';
- $session = [
- 'tokens' => [
- $token => 1,
- ],
- ];
- $sessionManager = new SessionManager($session, self::$conf);
- // check and destroy the token
- $this->assertTrue($sessionManager->checkToken($token));
- $this->assertFalse(isset($session['tokens'][$token]));
- // ensure the token has been destroyed
- $this->assertFalse($sessionManager->checkToken($token));
- }
- /**
- * Generate and check a session token
- */
- public function testGenerateAndCheckToken()
- {
- $session = [];
- $sessionManager = new SessionManager($session, self::$conf);
- $token = $sessionManager->generateToken();
- // ensure a token has been generated
- $this->assertEquals(1, $session['tokens'][$token]);
- $this->assertEquals(40, strlen($token));
- // check and destroy the token
- $this->assertTrue($sessionManager->checkToken($token));
- $this->assertFalse(isset($session['tokens'][$token]));
- // ensure the token has been destroyed
- $this->assertFalse($sessionManager->checkToken($token));
- }
- /**
- * Check an invalid session token
- */
- public function testCheckInvalidToken()
- {
- $session = [];
- $sessionManager = new SessionManager($session, self::$conf);
- $this->assertFalse($sessionManager->checkToken('4dccc3a45ad9d03e5542b90c37d8db6d10f2b38b'));
- }
- /**
- * Test SessionManager::checkId with a valid ID - TEST ALL THE HASHES!
- *
- * This tests extensively covers all hash algorithms / bit representations
- */
- public function testIsAnyHashSessionIdValid()
- {
- foreach (self::$sidHashes as $algo => $bpcs) {
- foreach ($bpcs as $bpc => $hash) {
- $this->assertTrue(SessionManager::checkId($hash));
- }
- }
- }
- /**
- * Test checkId with a valid ID - SHA-1 hashes
- */
- public function testIsSha1SessionIdValid()
- {
- $this->assertTrue(SessionManager::checkId(sha1('shaarli')));
- }
- /**
- * Test checkId with a valid ID - SHA-256 hashes
- */
- public function testIsSha256SessionIdValid()
- {
- $this->assertTrue(SessionManager::checkId(hash('sha256', 'shaarli')));
- }
- /**
- * Test checkId with a valid ID - SHA-512 hashes
- */
- public function testIsSha512SessionIdValid()
- {
- $this->assertTrue(SessionManager::checkId(hash('sha512', 'shaarli')));
- }
- /**
- * Test checkId with invalid IDs.
- */
- public function testIsSessionIdInvalid()
- {
- $this->assertFalse(SessionManager::checkId(''));
- $this->assertFalse(SessionManager::checkId([]));
- $this->assertFalse(
- SessionManager::checkId('c0ZqcWF3VFE2NmJBdm1HMVQ0ZHJ3UmZPbTFsNGhkNHI=')
- );
- }
- }
|