NxTIC/test/phpunit/tests/sessionManager.php

<?php namespace phpunit;


	class sessionManager extends \PHPUnit_Framework_TestCase{

		/* [1] Test de toutes les fonctions utilitaires
		=========================================================*/
		public function testSecureSHA1(){
			$plain = 'montexteclair';
			$hash  = \manager\sessionManager::sha1($plain);

			// Verification desuiee
			$this->assertEquals(40, strlen($hash) );
			$this->assertNotContains( $plain, $hash );
		}

		/* [2] Test de l'unicite et du prefix
		=========================================================*/
		public function testIdSessionUniq(){
			// Premiere session
			session_destroy();
			@\manager\sessionManager::session_start();
			$id_first = session_id();

			// Seconde session
			session_destroy();
			@\manager\sessionManager::session_start();
			$id_second = session_id();

			$this->assertNotEquals( $id_first, $id_second );
		}


		public function testIdenticalPrefix(){
			// Premiere session
			session_destroy();
			@\manager\sessionManager::session_start();
			$first_prefix = substr(session_id(), 0, 5);

			// Seconde session
			session_destroy();
			@\manager\sessionManager::session_start();
			$second_prefix = substr(session_id(), 0, 5);

			$this->assertEquals( $first_prefix, $second_prefix );
		}


		public function testCookieUniq(){
			// Premiere session
			session_destroy();
			@\manager\sessionManager::session_start();
			$token_first = $_COOKIE['session_token'];

			// Seconde session
			session_destroy();
			@\manager\sessionManager::session_start();
			$token_second = $_COOKIE['session_token'];

			$this->assertNotEquals( $token_first, $token_second );
		}

		/* [3] REMOTE_ADDR different
		=========================================================*/
		public function testSessionIdTheftWithWrongIp(){
			$default_remote_addr = $_SERVER['REMOTE_ADDR'];

			// Hote n.1
			$_SERVER['REMOTE_ADDR'] = 'a';
			session_destroy();
			@\manager\sessionManager::session_start();
			$first_prefix = substr(session_id(), 0, 5);

			// Hote n.2
			$_SERVER['REMOTE_ADDR'] = 'b';
			session_destroy();
			@\manager\sessionManager::session_start();
			$second_prefix = substr(session_id(), 0, 5);


			$this->assertNotEquals( $first_prefix, $second_prefix );

			$_SERVER['REMOTE_ADDR'] = $default_remote_addr;
		}

		public function testSessionTokenTheftWithWrongIp(){
			$default_remote_addr = $_SERVER['REMOTE_ADDR'];

			// Hote n.1
			$_SERVER['REMOTE_ADDR'] = 'a';
			session_destroy();
			@\manager\sessionManager::session_start();
			$first_prefix = substr($_COOKIE['session_token'], 0, 5);

			// Hote n.2
			$_SERVER['REMOTE_ADDR'] = 'b';
			session_destroy();
			@\manager\sessionManager::session_start();
			$second_prefix = substr($_COOKIE['session_token'], 0, 5);


			$this->assertNotEquals( $first_prefix, $second_prefix );

			$_SERVER['REMOTE_ADDR'] = $default_remote_addr;
		}


		public function testSessionTokenTheftWithWrongIpThenWell(){
			$default_remote_addr = $_SERVER['REMOTE_ADDR'];

			// Hote n.1
			$_SERVER['REMOTE_ADDR'] = 'a';
			session_destroy();
			@\manager\sessionManager::session_start();
			$first_prefix = substr($_COOKIE['session_token'], 0, 40);

			// Hote n.2
			$_SERVER['REMOTE_ADDR'] = 'b';
			session_destroy();
			@\manager\sessionManager::session_start();
			$second_prefix = substr($_COOKIE['session_token'], 0, 40);

			// Hote n.1
			$_SERVER['REMOTE_ADDR'] = 'a';
			session_destroy();
			@\manager\sessionManager::session_start();
			$third_prefix = substr($_COOKIE['session_token'], 0, 40);


			$this->assertEquals( $first_prefix, $third_prefix );
			$this->assertNotEquals( $first_prefix, $second_prefix );

			$_SERVER['REMOTE_ADDR'] = $default_remote_addr;
		}

		/* [4] HTTP_USER_AGENT different
		=========================================================*/
		public function testSessionIdTheftWithWrongUserAgent(){
			$default_http_user_agent = $_SERVER['HTTP_USER_AGENT'];

			// Hote n.1
			$_SERVER['HTTP_USER_AGENT'] = 'a';
			session_destroy();
			@\manager\sessionManager::session_start();
			$first_prefix = substr(session_id(), 0, 5);

			// Hote n.2
			$_SERVER['HTTP_USER_AGENT'] = 'b';
			session_destroy();
			@\manager\sessionManager::session_start();
			$second_prefix = substr(session_id(), 0, 5);


			$this->assertNotEquals( $first_prefix, $second_prefix );

			$_SERVER['HTTP_USER_AGENT'] = $default_http_user_agent;
		}

		public function testSessionTokenTheftWithWrongUserAgent(){
			$default_http_user_agent = $_SERVER['HTTP_USER_AGENT'];

			// Hote n.1
			$_SERVER['HTTP_USER_AGENT'] = 'a';
			session_destroy();
			@\manager\sessionManager::session_start();
			$first_prefix = substr($_COOKIE['session_token'], 0, 40);

			// Hote n.2
			$_SERVER['HTTP_USER_AGENT'] = 'b';
			session_destroy();
			@\manager\sessionManager::session_start();
			$second_prefix = substr($_COOKIE['session_token'], 0, 40);


			$this->assertNotEquals( $first_prefix, $second_prefix );

			$_SERVER['HTTP_USER_AGENT'] = $default_http_user_agent;
		}


		public function testSessionTokenTheftWithWrongUserAgentThenWell(){
			$default_http_user_agent = $_SERVER['HTTP_USER_AGENT'];

			// Hote n.1
			$_SERVER['HTTP_USER_AGENT'] = 'a';
			session_destroy();
			@\manager\sessionManager::session_start();
			$first_prefix = substr($_COOKIE['session_token'], 0, 40);

			// Hote n.2
			$_SERVER['HTTP_USER_AGENT'] = 'b';
			session_destroy();
			@\manager\sessionManager::session_start();
			$second_prefix = substr($_COOKIE['session_token'], 0, 40);

			// Hote n.1
			$_SERVER['HTTP_USER_AGENT'] = 'a';
			session_destroy();
			@\manager\sessionManager::session_start();
			$third_prefix = substr($_COOKIE['session_token'], 0, 40);


			$this->assertEquals( $first_prefix, $third_prefix );
			$this->assertNotEquals( $first_prefix, $second_prefix );

			$_SERVER['HTTP_USER_AGENT'] = $default_http_user_agent;
		}


		/* [5] Regeneration du cookie 'session_token'
		=========================================================*/
		public function testRegeneratedToken(){

			// Connection 1
			session_destroy();
			@\manager\sessionManager::session_start();
			$first_token = $_COOKIE['session_token'];

			// Connection 2
			session_destroy();
			@\manager\sessionManager::session_start();
			$second_token = $_COOKIE['session_token'];


			$this->assertNotEquals( $first_token, $second_token );
		}

		public function testSamePrefixToken(){

			// Connection 1
			session_destroy();
			@\manager\sessionManager::session_start();
			$first_token_prefix = substr($_COOKIE['session_token'], 0, 40);

			// Connection 2
			session_destroy();
			@\manager\sessionManager::session_start();
			$second_token_prefix = substr($_COOKIE['session_token'], 0, 40);

			$this->assertEquals( $first_token_prefix, $second_token_prefix );
		}


	}


?>
Commit initial -> Clonage du modele de stefprojet 2016-04-04 09:47:17 +00:00			`<?php namespace phpunit;`


			`class sessionManager extends \PHPUnit_Framework_TestCase{`

			`/* [1] Test de toutes les fonctions utilitaires`
			`=========================================================*/`
			`public function testSecureSHA1(){`
			`$plain = 'montexteclair';`
Correction temporaire des sessions + login ok 2016-04-13 11:36:49 +00:00			`$hash = \manager\sessionManager::sha1($plain);`
Commit initial -> Clonage du modele de stefprojet 2016-04-04 09:47:17 +00:00
			`// Verification desuiee`
			`$this->assertEquals(40, strlen($hash) );`
			`$this->assertNotContains( $plain, $hash );`
			`}`

			`/* [2] Test de l'unicite et du prefix`
			`=========================================================*/`
			`public function testIdSessionUniq(){`
			`// Premiere session`
			`session_destroy();`
			`@\manager\sessionManager::session_start();`
			`$id_first = session_id();`

			`// Seconde session`
			`session_destroy();`
			`@\manager\sessionManager::session_start();`
			`$id_second = session_id();`

			`$this->assertNotEquals( $id_first, $id_second );`
			`}`


			`public function testIdenticalPrefix(){`
			`// Premiere session`
			`session_destroy();`
			`@\manager\sessionManager::session_start();`
			`$first_prefix = substr(session_id(), 0, 5);`

			`// Seconde session`
			`session_destroy();`
			`@\manager\sessionManager::session_start();`
			`$second_prefix = substr(session_id(), 0, 5);`

			`$this->assertEquals( $first_prefix, $second_prefix );`
			`}`


			`public function testCookieUniq(){`
			`// Premiere session`
			`session_destroy();`
			`@\manager\sessionManager::session_start();`
			`$token_first = $_COOKIE['session_token'];`

			`// Seconde session`
			`session_destroy();`
			`@\manager\sessionManager::session_start();`
			`$token_second = $_COOKIE['session_token'];`

			`$this->assertNotEquals( $token_first, $token_second );`
			`}`

			`/* [3] REMOTE_ADDR different`
			`=========================================================*/`
			`public function testSessionIdTheftWithWrongIp(){`
			`$default_remote_addr = $_SERVER['REMOTE_ADDR'];`

			`// Hote n.1`
			`$_SERVER['REMOTE_ADDR'] = 'a';`
			`session_destroy();`
			`@\manager\sessionManager::session_start();`
			`$first_prefix = substr(session_id(), 0, 5);`

			`// Hote n.2`
			`$_SERVER['REMOTE_ADDR'] = 'b';`
			`session_destroy();`
			`@\manager\sessionManager::session_start();`
			`$second_prefix = substr(session_id(), 0, 5);`


			`$this->assertNotEquals( $first_prefix, $second_prefix );`

			`$_SERVER['REMOTE_ADDR'] = $default_remote_addr;`
			`}`

			`public function testSessionTokenTheftWithWrongIp(){`
			`$default_remote_addr = $_SERVER['REMOTE_ADDR'];`

			`// Hote n.1`
			`$_SERVER['REMOTE_ADDR'] = 'a';`
			`session_destroy();`
			`@\manager\sessionManager::session_start();`
			`$first_prefix = substr($_COOKIE['session_token'], 0, 5);`

			`// Hote n.2`
			`$_SERVER['REMOTE_ADDR'] = 'b';`
			`session_destroy();`
			`@\manager\sessionManager::session_start();`
			`$second_prefix = substr($_COOKIE['session_token'], 0, 5);`


			`$this->assertNotEquals( $first_prefix, $second_prefix );`

			`$_SERVER['REMOTE_ADDR'] = $default_remote_addr;`
			`}`



			`public function testSessionTokenTheftWithWrongIpThenWell(){`
			`$default_remote_addr = $_SERVER['REMOTE_ADDR'];`

			`// Hote n.1`
			`$_SERVER['REMOTE_ADDR'] = 'a';`
			`session_destroy();`
			`@\manager\sessionManager::session_start();`
			`$first_prefix = substr($_COOKIE['session_token'], 0, 40);`

			`// Hote n.2`
			`$_SERVER['REMOTE_ADDR'] = 'b';`
			`session_destroy();`
			`@\manager\sessionManager::session_start();`
			`$second_prefix = substr($_COOKIE['session_token'], 0, 40);`

			`// Hote n.1`
			`$_SERVER['REMOTE_ADDR'] = 'a';`
			`session_destroy();`
			`@\manager\sessionManager::session_start();`
			`$third_prefix = substr($_COOKIE['session_token'], 0, 40);`


			`$this->assertEquals( $first_prefix, $third_prefix );`
			`$this->assertNotEquals( $first_prefix, $second_prefix );`

			`$_SERVER['REMOTE_ADDR'] = $default_remote_addr;`
			`}`

			`/* [4] HTTP_USER_AGENT different`
			`=========================================================*/`
			`public function testSessionIdTheftWithWrongUserAgent(){`
			`$default_http_user_agent = $_SERVER['HTTP_USER_AGENT'];`

			`// Hote n.1`
			`$_SERVER['HTTP_USER_AGENT'] = 'a';`
			`session_destroy();`
			`@\manager\sessionManager::session_start();`
			`$first_prefix = substr(session_id(), 0, 5);`

			`// Hote n.2`
			`$_SERVER['HTTP_USER_AGENT'] = 'b';`
			`session_destroy();`
			`@\manager\sessionManager::session_start();`
			`$second_prefix = substr(session_id(), 0, 5);`


			`$this->assertNotEquals( $first_prefix, $second_prefix );`

			`$_SERVER['HTTP_USER_AGENT'] = $default_http_user_agent;`
			`}`

			`public function testSessionTokenTheftWithWrongUserAgent(){`
			`$default_http_user_agent = $_SERVER['HTTP_USER_AGENT'];`

			`// Hote n.1`
			`$_SERVER['HTTP_USER_AGENT'] = 'a';`
			`session_destroy();`
			`@\manager\sessionManager::session_start();`
			`$first_prefix = substr($_COOKIE['session_token'], 0, 40);`

			`// Hote n.2`
			`$_SERVER['HTTP_USER_AGENT'] = 'b';`
			`session_destroy();`
			`@\manager\sessionManager::session_start();`
			`$second_prefix = substr($_COOKIE['session_token'], 0, 40);`


			`$this->assertNotEquals( $first_prefix, $second_prefix );`

			`$_SERVER['HTTP_USER_AGENT'] = $default_http_user_agent;`
			`}`



			`public function testSessionTokenTheftWithWrongUserAgentThenWell(){`
			`$default_http_user_agent = $_SERVER['HTTP_USER_AGENT'];`

			`// Hote n.1`
			`$_SERVER['HTTP_USER_AGENT'] = 'a';`
			`session_destroy();`
			`@\manager\sessionManager::session_start();`
			`$first_prefix = substr($_COOKIE['session_token'], 0, 40);`

			`// Hote n.2`
			`$_SERVER['HTTP_USER_AGENT'] = 'b';`
			`session_destroy();`
			`@\manager\sessionManager::session_start();`
			`$second_prefix = substr($_COOKIE['session_token'], 0, 40);`

			`// Hote n.1`
			`$_SERVER['HTTP_USER_AGENT'] = 'a';`
			`session_destroy();`
			`@\manager\sessionManager::session_start();`
			`$third_prefix = substr($_COOKIE['session_token'], 0, 40);`


			`$this->assertEquals( $first_prefix, $third_prefix );`
			`$this->assertNotEquals( $first_prefix, $second_prefix );`

			`$_SERVER['HTTP_USER_AGENT'] = $default_http_user_agent;`
			`}`



			`/* [5] Regeneration du cookie 'session_token'`
			`=========================================================*/`
			`public function testRegeneratedToken(){`

			`// Connection 1`
			`session_destroy();`
			`@\manager\sessionManager::session_start();`
			`$first_token = $_COOKIE['session_token'];`

			`// Connection 2`
			`session_destroy();`
			`@\manager\sessionManager::session_start();`
			`$second_token = $_COOKIE['session_token'];`


			`$this->assertNotEquals( $first_token, $second_token );`
			`}`

			`public function testSamePrefixToken(){`

			`// Connection 1`
			`session_destroy();`
			`@\manager\sessionManager::session_start();`
			`$first_token_prefix = substr($_COOKIE['session_token'], 0, 40);`

			`// Connection 2`
			`session_destroy();`
			`@\manager\sessionManager::session_start();`
			`$second_token_prefix = substr($_COOKIE['session_token'], 0, 40);`

			`$this->assertEquals( $first_token_prefix, $second_token_prefix );`
			`}`

Tests et opti de ModuleRequest 2016-04-18 08:30:40 +00:00
Commit initial -> Clonage du modele de stefprojet 2016-04-04 09:47:17 +00:00
			`}`


Tests et opti de ModuleRequest 2016-04-18 08:30:40 +00:00			`?>`