logauth
/
SMMP
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Phpunit 1

This commit is contained in:
xdrm-brackets 2017-05-12 22:40:51 +02:00
parent 971fda4b0e
commit 23d26e9cd9
10 changed files with 111 additions and 823 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -5,3 +5,4 @@
/lib/vendor /lib/vendor
*.lock *.lock
/vendor/ /vendor/
/phpunit/coverage

11
composer.json
View File

@ -12,5 +12,16 @@
"phpro/grumphp": "^0.11.5", "phpro/grumphp": "^0.11.5",
"jakub-onderka/php-parallel-lint": "^0.9.2", "jakub-onderka/php-parallel-lint": "^0.9.2",
"phpunit/phpunit": "^6.1" "phpunit/phpunit": "^6.1"
},
"autoload": {
"psr-4": {
"database\\": "build/database",
"api\\": "build/api",
"error\\": "build/error",
"orm\\": "build/orm",
"http\\": "build/http",
"router\\": "build/router",
"viewer\\": "build/viewer"
}
} }
} }

70
phpunit/bootstrap.php Executable file → Normal file
View File

@ -1,11 +1,69 @@
<?php define('__ROOT__', dirname(dirname(__FILE__)) ); <?php
require_once './vendor/autoload.php';
// On definit les constantes inexistantes dans PHPUnit /* [0] On definit la racine __ROOT__ si c'est pas deja fait
$_SERVER['HTTP_HOST'] = 'stefproject'; =========================================================*/
$_SERVER['REMOTE_ADDR'] = '127.0.0.1'; if( !defined('__ROOT__') ) define('__ROOT__', dirname(dirname(__FILE__)) );
$_SERVER['HTTP_USER_AGENT'] = 'Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:44.0) Gecko/20100101 Firefox/44.0'; if( !defined('__CONFIG__') ) define('__CONFIG__', __ROOT__.'/config' );
if( !defined('__BUILD__') ) define('__BUILD__', __ROOT__.'/build' );
if( !defined('__PUBLIC__') ) define('__PUBLIC__', __ROOT__.'/public_html' );
require_once __ROOT__.'/autoloader.php';
/* [1] On définit __SERVER_HOST__ et __SERVER_ROOT__ si c'est pas déja fait
=========================================================*/
if( !defined('__SERVER_HOST__') || !defined('__SERVER_ROOT__') ){
/* (1) On charge le fichier de configuration */
$json = json_decode( file_get_contents(__ROOT__.'/config/server.json'), true );
// Si pas d'erreur, on définit
if( !is_null($json) ){
/* (2) Gestion de la config si server local ou remote */
if( !isset($_SERVER['SERVER_NAME']) || !checkdnsrr($_SERVER['SERVER_NAME'], 'NS') )
$config = $json['local'];
else
$config = $json['remote'];
/* (3) Création des constantes */
define('__SERVER_HOST__', $config['host']);
define('__SERVER_ROOT__', $config['root']);
}
}
/* ACTIVE LE DEBUGGAGE (WARNING + EXCEPTION)
*
*/
function debug(){
ini_set('display_errors',1);
ini_set('display_startup_errors',1);
error_reporting(-1);
}
/*************************/
/* SECURE SHA1 ALGORITHM */
/*************************/
function secure_hash($data, $salt='">\[..|{@#))', $depth=1){
/* (1) On hash @depth fois
---------------------------------------------------------*/
$hash = $data;
$c = 0;
for( $h = 0 ; $h < $depth ; $h++ ){
$hash = hash('sha512', $salt.hash('sha512', $hash.'_)Q@#((%*_$%(@#') );
$c++;
}
/* (2) On renvoie le résultat
---------------------------------------------------------*/
return $hash;
}

20
phpunit/phpunit.xml
View File

@ -1,22 +1,20 @@
<phpunit bootstrap="./bootstrap.php"> <phpunit bootstrap="bootstrap.php">
<testsuites> <testsuites>
<testsuite name="manager/Database"> <testsuite name="api/config">
<directory prefix="Database_" suffix=".php">./tests/</directory> <directory prefix="api">./tests</directory>
</testsuite>
<testsuite name="manager/Error">
<file>./tests/Error.php</file>
</testsuite>
<testsuite name="manager/sessionManager">
<file>./tests/sessionManager.php</file>
</testsuite> </testsuite>
</testsuites> </testsuites>
<filter>
<whitelist>
<directory>../build/</directory>
</whitelist>
</filter>
<logging> <logging>
<log type="coverage-html" target="coverage"/> <log type="coverage-html" target="coverage"/>
</logging> </logging>

267
phpunit/tests/Database_check.php
View File

@ -1,267 +0,0 @@
<?php namespace phpunit;
class Database_check extends \PHPUnit_Framework_TestCase{
/* [1] AUTO_INCREMENT
=========================================================*/
public function testAutoIncrementSizeInfCorrect(){
$this->assertTrue( \api\core\Checker::run('auto_increment_id', -2147483647) );
}
public function testAutoIncrementSizeInfStringCorrect(){
$this->assertTrue( \api\core\Checker::run('auto_increment_id', '-2147483647') );
}
public function testAutoIncrementSizeSupCorrect(){
$this->assertTrue( \api\core\Checker::run('auto_increment_id', 2147483647) );
}
public function testAutoIncrementSizeSupStringCorrect(){
$this->assertTrue( \api\core\Checker::run('auto_increment_id', '2147483647') );
}
public function testAutoIncrementSizeLtInfIncorrect(){
$this->assertFalse( \api\core\Checker::run('auto_increment_id', -2147483647-1) );
}
public function testAutoIncrementSizeLtInfStringIncorrect(){
$this->assertFalse( \api\core\Checker::run('auto_increment_id', '-2147483648') );
}
public function testAutoIncrementSizeGtSupIncorrect(){
$this->assertFalse( \api\core\Checker::run('auto_increment_id', 2147483647+1) );
}
public function testAutoIncrementSizeGtSupStringIncorrect(){
$this->assertFalse( \api\core\Checker::run('auto_increment_id', '2147483648') );
}
/* [1] Code RFID
=========================================================*/
public function testUserCodeSize4(){
$this->assertTrue( \api\core\Checker::run('user.code', '01-23-AB-CD') );
}
public function testUserCodeSize6(){
$this->assertTrue( \api\core\Checker::run('user.code', '01-23-45-67-89-AB') );
}
public function testUserCodeSize4WrongCharacter(){
$this->assertFalse( \api\core\Checker::run('user.code', '01-23-AB-CG') );
}
public function testUserCodeSizeGreaterThan6(){
$this->assertFalse( \api\core\Checker::run('user.code', '01-23-45-67-89-AB-CD') );
}
public function testUserCodeSize6WrongCharacter(){
$this->assertFalse( \api\core\Checker::run('user.code', '01-23-45-67-89-AG') );
}
/* [2] user.username ; machine.name ; group.name
=========================================================*/
/* (1) Type */
public function testUsernameTypeStringCorrect(){
$this->assertTrue( \api\core\Checker::run('user.username', '012') );
}
public function testUsernameTypeIntIncorrect(){
$this->assertFalse( \api\core\Checker::run('user.username', 012) );
}
/* (2) Content */
public function testUsernameContentCorrect(){
$this->assertTrue( \api\core\Checker::run('user.username', '0123456789_-') );
$this->assertTrue( \api\core\Checker::run('user.username', 'abcdefghijklmnopqrstuvwxyz') );
$this->assertTrue( \api\core\Checker::run('user.username', 'ABCDEFGHIJKLMNOPQRSTUVWXYZ') );
}
public function testUsernameContentIncorrect(){
$illegal_chars = '{}[]()=+.,\'\\"/:;|!@#$%^&* ';
foreach(str_split($illegal_chars) as $char) // Teste les caracteres enonces plus haut
$this->assertFalse( \api\core\Checker::run('user.username', 'abc'.$char) );
}
/* (3) Size */
public function testUsernameSize3Correct(){
$this->assertEquals( 3, strlen('012') );
$this->assertTrue( \api\core\Checker::run('user.username', '012') );
}
public function testUsernameSize30Correct(){
$this->assertEquals( 30, strlen('0123456789abcdefghijklmno_-sda') );
$this->assertTrue( \api\core\Checker::run('user.username', '0123456789abcdefghijklmno_-sda') );
}
public function testUsernameSizeLt3Incorrect(){
$this->assertLessThan( 3, strlen('') );
$this->assertFalse( \api\core\Checker::run('user.username', '') );
}
public function testUsernameSizeGt30Incorrect(){
$this->assertGreaterThan( 30, strlen('0123456789abcdefghijklmno_-sdaa') );
$this->assertFalse( \api\core\Checker::run('user.username', '0123456789abcdefghijklmno_-sdaa') );
}
/* [3] firstname / lastname
=========================================================*/
/* (1) Type */
public function testFirstnameTypeStringCorrect(){
$this->assertTrue( \api\core\Checker::run('user.firstname', 'abc') );
}
public function testFirstnameTypeIntIncorrect(){
$this->assertFalse( \api\core\Checker::run('user.firstname', 01932) );
}
/* (2) Content */
public function testFirstnameContentCorrect(){
$this->assertTrue( \api\core\Checker::run('user.firstname', 'abcdefghijklmnopqrstuvwxyz') );
$this->assertTrue( \api\core\Checker::run('user.firstname', 'ABCDEFGHIJKLMNOPQRSTUVWXYZ') );
}
public function testFirstnameContentIncorrect(){
$illegal_chars = '{}[]()=_+.,\'\\"/:;|!@#$%^&*0123456789';
foreach(str_split($illegal_chars) as $char) // Teste les caracteres enonces plus haut
$this->assertFalse( \api\core\Checker::run('user.firstname', 'abc'.$char) );
}
/* (3) Size */
public function testFirstnameSize3Correct(){
$this->assertEquals( 3, strlen('abc') );
$this->assertTrue( \api\core\Checker::run('user.firstname', 'abc') );
}
public function testFirstnameSize30Correct(){
$this->assertEquals( 30, strlen('abcdefghijklmnopqrstuvwxyz-k s') );
$this->assertTrue( \api\core\Checker::run('user.firstname', 'abcdefghijklmnopqrstuvwxyz-k s') );
}
public function testFirstnameSizeLt3Incorrect(){
$this->assertLessThan( 3, strlen('ab') );
$this->assertFalse( \api\core\Checker::run('user.firstname', 'ab') );
}
public function testFirstnameSizeGt30Incorrect(){
$this->assertGreaterThan( 30, strlen('abcdefghijklmnopqrstuvwxyz-k ss') );
$this->assertFalse( \api\core\Checker::run('user.firstname', 'abcdefghijklmnopqrstuvwxyz-k ss') );
}
/* [4] Adresse mail
=========================================================*/
/* (1) Size */
public function testMailSizeEqCorrect(){
$this->assertLessThanOrEqual( 50, 'nom-prenom.mot@domaine-d.gouv' );
$this->assertTrue( \api\core\Checker::run('user.mail', 'nom-prenom.mot@domaine-d.gouv') );
}
public function testMailSizeSupCorrect(){
$this->assertGreaterThan( 50, strlen('ab12345678901234567890nom-prenom.mot@domaine-d.gouv') );
$this->assertFalse( \api\core\Checker::run('user.mail', 'ab12345678901234567890nom-prenom.mot@domaine-d.gouv') );
}
/* (2) Content */
public function testMailContentCorrect(){
$this->assertTrue( \api\core\Checker::run('user.mail', '0nom-prenom.mot@domaine-d.gouv') );
}
public function testMailContentIncorrect1(){
$this->assertFalse( \api\core\Checker::run('user.mail', '0nom-prenom.mot@domaine-d.gouve') );
}
public function testMailContentIncorrect2(){
$this->assertFalse( \api\core\Checker::run('user.mail', '0nom-prenom.mot@domaine-d.g') );
}
/* [5] Mot de passe
=========================================================*/
public function testPasswordSizeEqCorrect(){
$password_hash = \manager\sessionManager::secure_hash('monmotdepasse');
$this->assertEquals( 40, strlen($password_hash) );
$this->assertTrue( \api\core\Checker::run('user.password', $password_hash) );
}
public function testPasswordSizeInfIncorrect(){
$password_hash = 'a';
$this->assertLessThan( 40, strlen($password_hash) );
$this->assertFalse( \api\core\Checker::run('user.password', $password_hash) );
}
public function testPasswordSizeSupIncorrect(){
$password_hash = \manager\sessionManager::secure_hash('monmotdepasse').'a';
$this->assertGreaterThan( 40, strlen($password_hash) );
$this->assertFalse( \api\core\Checker::run('user.password', $password_hash) );
}
public function testPasswordContentCorrect(){
$this->assertTrue( \api\core\Checker::run('user.password', 'dd629d39c4576731a2bef003c72ff89d6fc2a99a') );
}
public function testPasswordContentIncorrect(){
$this->assertContains( 'g', 'dd629d39c4576731a2bef003c72ff89d6fc2a9g' );
$this->assertFalse( \api\core\Checker::run('user.password', 'dd629d39c4576731a2bef003c72ff89d6fc2a9g') );
}
/* [6] Status de l'utilisateur
=========================================================*/
/* (1) Type */
public function testStatusTypeIntCorrect(){
$this->assertTrue( \api\core\Checker::run('user.status', 1) );
}
public function testStatusTypeStringCorrect(){
$this->assertTrue( \api\core\Checker::run('user.status', '1') );
}
public function testStatusTypeIntIncorrect(){
$this->assertFalse( \api\core\Checker::run('user.status', 1.03) );
}
public function testStatusTypeStringIncorrect(){
$this->assertFalse( \api\core\Checker::run('user.status', '1.03') );
}
/* (2) Size */
public function testStatusSizeInfCorrect(){
$this->assertGreaterThanOrEqual( 0, 0 );
$this->assertTrue( \api\core\Checker::run('user.status', 0) );
}
public function testStatusSizeSupCorrect(){
$this->assertLessThanOrEqual( 100, 100 );
$this->assertTrue( \api\core\Checker::run('user.status', 100) );
}
public function testStatusSizeInfIncorrect(){
$this->assertLessThan( 0, -1 );
$this->assertFalse( \api\core\Checker::run('user.status', -1) );
}
public function testStatusSizeSupIncorrect(){
$this->assertGreaterThan( 100, 101 );
$this->assertFalse( \api\core\Checker::run('user.status', 101) );
}
}
?>

63
phpunit/tests/Database_construct.php
View File

@ -1,63 +0,0 @@
<?php namespace phpunit;
class Database_construct extends \PHPUnit_Framework_TestCase{
/* [1] Verification du chargement de la config
=========================================================*/
public function testGetInstanceWithNoSERVER(){
$instance = \database\core\DatabaseDriver::get();
$this->assertEquals( 'localhost', $instance->getConfig()['host'] );
}
public function testGetInstanceWithSERVERLocal(){
// Pour regenerer une instance, on definit une erreur
\database\core\DatabaseDriver::$error = \error\core\Error::PDOConnection;
$instance = \database\core\DatabaseDriver::get();
$this->assertEquals( 'localhost', $instance->getConfig()['host'] );
}
/* [2] Verification du singleton (getInstance)
=========================================================*/
public function testInstancePersistence(){
\database\core\DatabaseDriver::$error = \error\core\Error::PDOConnection;
$instance_construct = \database\core\DatabaseDriver::get();
$instance_nextuse = \database\core\DatabaseDriver::get();
$this->assertSame( $instance_construct, $instance_nextuse );
}
public function testInstancePersistenceRefutation(){
\database\core\DatabaseDriver::$error = \error\core\Error::PDOConnection;
$instance_construct = \database\core\DatabaseDriver::get();
\database\core\DatabaseDriver::$error = \error\core\Error::PDOConnection;
$instance_nextuse = \database\core\DatabaseDriver::get();
$this->assertNotSame( $instance_construct, $instance_nextuse );
}
/* [3] Verification de l'objet PDO
=========================================================*/
public function testPDO(){
$pdo = \database\core\DatabaseDriver::getPDO();
$this->assertGreaterThan( 10, count($pdo->query('SELECT * FROM user')->fetchAll()), '[!] Moins de 10 utilisateurs trouves.');
}
}
?>

116
phpunit/tests/Database_delNumeric.php
View File

@ -1,116 +0,0 @@
<?php namespace phpunit;
class Database_delNumeric extends \PHPUnit_Framework_TestCase{
/* [0] Verification du type
=========================================================*/
public function testTypeInt(){
$this->assertEquals( [], \database\core\DatabaseDriver::delNumeric(10) );
}
public function testTypeString(){
$this->assertEquals( [], \database\core\DatabaseDriver::delNumeric('notarray') );
}
/* [1] Verification pour 2 dimensions
=========================================================*/
/* (1) Global */
public function testGlobal2Dim(){
$fetchData = [[
'id' => '000001',
0 => '000001',
'nom' => 'Jean Dupont',
1 => 'Jean Dupont',
]];
$computed_array = \database\core\DatabaseDriver::delNumeric( $fetchData );
$this->assertArrayHasKey( 'id', $computed_array[0] );
$this->assertArrayHasKey( 'nom', $computed_array[0] );
$this->assertArrayNotHasKey( 0, $computed_array[0] );
$this->assertArrayNotHasKey( 1, $computed_array[0] );
}
/* (2) Verification d'indices numeriques dans les donnees */
public function testGlobal2DimWithNumericIndexes(){
$fetchData = [[
'id' => '000001',
0 => '000001',
'nom' => 'Jean Dupont',
1 => 'Jean Dupont',
2 => 'Bla',
3 => 'Bla',
4 => 'Bla',
5 => 'Bla',
6 => 'Bla',
7 => 'Bla'
]];
$computed_array = \database\core\DatabaseDriver::delNumeric( $fetchData );
$this->assertArrayHasKey( 'id', $computed_array[0] );
$this->assertArrayHasKey( 'nom', $computed_array[0] );
$this->assertArrayNotHasKey( 0, $computed_array[0] );
$this->assertArrayNotHasKey( 1, $computed_array[0] );
$this->assertArrayHasKey( 2, $computed_array[0] );
$this->assertArrayHasKey( 3, $computed_array[0] );
$this->assertArrayHasKey( 4, $computed_array[0] );
$this->assertArrayHasKey( 5, $computed_array[0] );
$this->assertArrayHasKey( 6, $computed_array[0] );
$this->assertArrayHasKey( 7, $computed_array[0] );
}
/* [2] Verification pour 1 dimensions
=========================================================*/
/* (1) Global */
public function testGlobal1Dim(){
$fetchData = [
'id' => '000001',
0 => '000001',
'nom' => 'Jean Dupont',
1 => 'Jean Dupont'
];
$computed_array = \database\core\DatabaseDriver::delNumeric( $fetchData );
$this->assertArrayHasKey( 'id', $computed_array );
$this->assertArrayHasKey( 'nom', $computed_array );
$this->assertArrayNotHasKey( 0, $computed_array );
$this->assertArrayNotHasKey( 1, $computed_array );
}
/* (2) Verification d'indices numeriques dans les donnees */
public function testGlobal1DimWithNumericIndexes(){
$fetchData = [
'id' => '000001',
0 => '000001',
'nom' => 'Jean Dupont',
1 => 'Jean Dupont',
2 => 'Bla',
3 => 'Bla',
4 => 'Bla',
5 => 'Bla',
6 => 'Bla',
7 => 'Bla'
];
$computed_array = \database\core\DatabaseDriver::delNumeric( $fetchData );
$this->assertArrayHasKey( 'id', $computed_array );
$this->assertArrayHasKey( 'nom', $computed_array );
$this->assertArrayNotHasKey( 0, $computed_array );
$this->assertArrayNotHasKey( 1, $computed_array );
$this->assertArrayHasKey( 2, $computed_array );
$this->assertArrayHasKey( 3, $computed_array );
$this->assertArrayHasKey( 4, $computed_array );
$this->assertArrayHasKey( 5, $computed_array );
$this->assertArrayHasKey( 6, $computed_array );
$this->assertArrayHasKey( 7, $computed_array );
}
}
?>

107
phpunit/tests/ManagerError.php
View File

@ -1,107 +0,0 @@
<?php namespace phpunit;
class Error extends \PHPUnit_Framework_TestCase{
/* [1] Test de toutes les erreurs
=========================================================*/
public function testErrorSuccess(){
$error = \error\core\Error::Success;
$this->assertNotNull( \error\core\Error::explicit($error) );
}
public function testErrorParsingFailed(){
$error = \error\core\Error::ParsingFailed;
$this->assertNotNull( \error\core\Error::explicit($error) );
}
public function testErrorInvalidFlags(){
$error = \error\core\Error::InvalidFlags;
$this->assertNotNull( \error\core\Error::explicit($error) );
}
public function testErrorUnreachableResource(){
$error = \error\core\Error::UnreachableResource;
$this->assertNotNull( \error\core\Error::explicit($error) );
}
public function testErrorMissingPath(){
$error = \error\core\Error::MissingPath;
$this->assertNotNull( \error\core\Error::explicit($error) );
}
public function testErrorWrongPathModule(){
$error = \error\core\Error::WrongPathModule;
$this->assertNotNull( \error\core\Error::explicit($error) );
}
public function testErrorUnknownModule(){
$error = \error\core\Error::UnknownModule;
$this->assertNotNull( \error\core\Error::explicit($error) );
}
public function testErrorUnknownMethod(){
$error = \error\core\Error::UnknownMethod;
$this->assertNotNull( \error\core\Error::explicit($error) );
}
public function testErrorUncallableMethod(){
$error = \error\core\Error::UncallableMethod;
$this->assertNotNull( \error\core\Error::explicit($error) );
}
public function testErrorParamError(){
$error = \error\core\Error::ParamError;
$this->assertNotNull( \error\core\Error::explicit($error) );
}
public function testErrorModuleError(){
$error = \error\core\Error::ModuleError;
$this->assertNotNull( \error\core\Error::explicit($error) );
}
public function testErrorWrongPathRepo(){
$error = \error\core\Error::WrongPathRepo;
$this->assertNotNull( \error\core\Error::explicit($error) );
}
public function testErrorUnknownRepo(){
$error = \error\core\Error::UnknownRepo;
$this->assertNotNull( \error\core\Error::explicit($error) );
}
public function testErrorRepoError(){
$error = \error\core\Error::RepoError;
$this->assertNotNull( \error\core\Error::explicit($error) );
}
public function testErrorPDOConnection(){
$error = \error\core\Error::PDOConnection;
$this->assertNotNull( \error\core\Error::explicit($error) );
}
public function testErrorNotKnown(){
$error = 1239;
$this->assertNull( \error\core\Error::explicit($error) );
}
}
?>

24
phpunit/tests/apiconfig.php Normal file
View File

@ -0,0 +1,24 @@
<?php
use PHPUnit\Framework\TestCase;
class apiconfig extends TestCase{
public function checkConfig(){
/* [1] Check configuration
=========================================================*/
/* (1) Check file */
$path = __CONFIG__.'/modules.json';
$this->assertFileExists($path);
/* (2) Checks json */
$config = json_decode( file_get_contents($path), true );
$this->assertNotNull($config);
}
}
?>

251
phpunit/tests/sessionManager.php
View File

@ -1,251 +0,0 @@
<?php namespace phpunit;
class sessionManager extends \PHPUnit_Framework_TestCase{
/* [1] Test de toutes les fonctions utilitaires
=========================================================*/
public function testSecureSHA1(){
$plain = 'montexteclair';
$hash = \manager\sessionManager::secure_hash($plain);
// Verification desuiee
$this->assertEquals(40, strlen($hash) );
$this->assertNotContains( $plain, $hash );
}
/* [2] Test de l'unicite et du prefix
=========================================================*/
public function testIdSessionUniq(){
// Premiere session
session_destroy();
@\manager\sessionManager::session_start();
$id_first = session_id();
// Seconde session
session_destroy();
@\manager\sessionManager::session_start();
$id_second = session_id();
$this->assertNotEquals( $id_first, $id_second );
}
public function testIdenticalPrefix(){
// Premiere session
session_destroy();
@\manager\sessionManager::session_start();
$first_prefix = substr(session_id(), 0, 5);
// Seconde session
session_destroy();
@\manager\sessionManager::session_start();
$second_prefix = substr(session_id(), 0, 5);
$this->assertEquals( $first_prefix, $second_prefix );
}
public function testCookieUniq(){
// Premiere session
session_destroy();
@\manager\sessionManager::session_start();
$token_first = $_COOKIE['session_token'];
// Seconde session
session_destroy();
@\manager\sessionManager::session_start();
$token_second = $_COOKIE['session_token'];
$this->assertNotEquals( $token_first, $token_second );
}
/* [3] REMOTE_ADDR different
=========================================================*/
public function testSessionIdTheftWithWrongIp(){
$default_remote_addr = $_SERVER['REMOTE_ADDR'];
// Hote n.1
$_SERVER['REMOTE_ADDR'] = 'a';
session_destroy();
@\manager\sessionManager::session_start();
$first_prefix = substr(session_id(), 0, 5);
// Hote n.2
$_SERVER['REMOTE_ADDR'] = 'b';
session_destroy();
@\manager\sessionManager::session_start();
$second_prefix = substr(session_id(), 0, 5);
$this->assertNotEquals( $first_prefix, $second_prefix );
$_SERVER['REMOTE_ADDR'] = $default_remote_addr;
}
public function testSessionTokenTheftWithWrongIp(){
$default_remote_addr = $_SERVER['REMOTE_ADDR'];
// Hote n.1
$_SERVER['REMOTE_ADDR'] = 'a';
session_destroy();
@\manager\sessionManager::session_start();
$first_prefix = substr($_COOKIE['session_token'], 0, 5);
// Hote n.2
$_SERVER['REMOTE_ADDR'] = 'b';
session_destroy();
@\manager\sessionManager::session_start();
$second_prefix = substr($_COOKIE['session_token'], 0, 5);
$this->assertNotEquals( $first_prefix, $second_prefix );
$_SERVER['REMOTE_ADDR'] = $default_remote_addr;
}
public function testSessionTokenTheftWithWrongIpThenWell(){
$default_remote_addr = $_SERVER['REMOTE_ADDR'];
// Hote n.1
$_SERVER['REMOTE_ADDR'] = 'a';
session_destroy();
@\manager\sessionManager::session_start();
$first_prefix = substr($_COOKIE['session_token'], 0, 40);
// Hote n.2
$_SERVER['REMOTE_ADDR'] = 'b';
session_destroy();
@\manager\sessionManager::session_start();
$second_prefix = substr($_COOKIE['session_token'], 0, 40);
// Hote n.1
$_SERVER['REMOTE_ADDR'] = 'a';
session_destroy();
@\manager\sessionManager::session_start();
$third_prefix = substr($_COOKIE['session_token'], 0, 40);
$this->assertEquals( $first_prefix, $third_prefix );
$this->assertNotEquals( $first_prefix, $second_prefix );
$_SERVER['REMOTE_ADDR'] = $default_remote_addr;
}
/* [4] HTTP_USER_AGENT different
=========================================================*/
public function testSessionIdTheftWithWrongUserAgent(){
$default_http_user_agent = $_SERVER['HTTP_USER_AGENT'];
// Hote n.1
$_SERVER['HTTP_USER_AGENT'] = 'a';
session_destroy();
@\manager\sessionManager::session_start();
$first_prefix = substr(session_id(), 0, 5);
// Hote n.2
$_SERVER['HTTP_USER_AGENT'] = 'b';
session_destroy();
@\manager\sessionManager::session_start();
$second_prefix = substr(session_id(), 0, 5);
$this->assertNotEquals( $first_prefix, $second_prefix );
$_SERVER['HTTP_USER_AGENT'] = $default_http_user_agent;
}
public function testSessionTokenTheftWithWrongUserAgent(){
$default_http_user_agent = $_SERVER['HTTP_USER_AGENT'];
// Hote n.1
$_SERVER['HTTP_USER_AGENT'] = 'a';
session_destroy();
@\manager\sessionManager::session_start();
$first_prefix = substr($_COOKIE['session_token'], 0, 40);
// Hote n.2
$_SERVER['HTTP_USER_AGENT'] = 'b';
session_destroy();
@\manager\sessionManager::session_start();
$second_prefix = substr($_COOKIE['session_token'], 0, 40);
$this->assertNotEquals( $first_prefix, $second_prefix );
$_SERVER['HTTP_USER_AGENT'] = $default_http_user_agent;
}
public function testSessionTokenTheftWithWrongUserAgentThenWell(){
$default_http_user_agent = $_SERVER['HTTP_USER_AGENT'];
// Hote n.1
$_SERVER['HTTP_USER_AGENT'] = 'a';
session_destroy();
@\manager\sessionManager::session_start();
$first_prefix = substr($_COOKIE['session_token'], 0, 40);
// Hote n.2
$_SERVER['HTTP_USER_AGENT'] = 'b';
session_destroy();
@\manager\sessionManager::session_start();
$second_prefix = substr($_COOKIE['session_token'], 0, 40);
// Hote n.1
$_SERVER['HTTP_USER_AGENT'] = 'a';
session_destroy();
@\manager\sessionManager::session_start();
$third_prefix = substr($_COOKIE['session_token'], 0, 40);
$this->assertEquals( $first_prefix, $third_prefix );
$this->assertNotEquals( $first_prefix, $second_prefix );
$_SERVER['HTTP_USER_AGENT'] = $default_http_user_agent;
}
/* [5] Regeneration du cookie 'session_token'
=========================================================*/
public function testRegeneratedToken(){
// Connection 1
session_destroy();
@\manager\sessionManager::session_start();
$first_token = $_COOKIE['session_token'];
// Connection 2
session_destroy();
@\manager\sessionManager::session_start();
$second_token = $_COOKIE['session_token'];
$this->assertNotEquals( $first_token, $second_token );
}
public function testSamePrefixToken(){
// Connection 1
session_destroy();
@\manager\sessionManager::session_start();
$first_token_prefix = substr($_COOKIE['session_token'], 0, 40);
// Connection 2
session_destroy();
@\manager\sessionManager::session_start();
$second_token_prefix = substr($_COOKIE['session_token'], 0, 40);
$this->assertEquals( $first_token_prefix, $second_token_prefix );
}
}
?>