2016-04-04 09:47:17 +00:00
|
|
|
<?php namespace phpunit;
|
|
|
|
|
|
|
|
|
|
|
|
class sessionManager extends \PHPUnit_Framework_TestCase{
|
|
|
|
|
|
|
|
/* [1] Test de toutes les fonctions utilitaires
|
|
|
|
=========================================================*/
|
|
|
|
public function testSecureSHA1(){
|
|
|
|
$plain = 'montexteclair';
|
2016-04-13 11:37:36 +00:00
|
|
|
$hash = \manager\sessionManager::sha1($plain);
|
2016-04-04 09:47:17 +00:00
|
|
|
|
|
|
|
// Verification desuiee
|
|
|
|
$this->assertEquals(40, strlen($hash) );
|
|
|
|
$this->assertNotContains( $plain, $hash );
|
|
|
|
}
|
|
|
|
|
|
|
|
/* [2] Test de l'unicite et du prefix
|
|
|
|
=========================================================*/
|
|
|
|
public function testIdSessionUniq(){
|
|
|
|
// Premiere session
|
|
|
|
session_destroy();
|
|
|
|
@\manager\sessionManager::session_start();
|
|
|
|
$id_first = session_id();
|
|
|
|
|
|
|
|
// Seconde session
|
|
|
|
session_destroy();
|
|
|
|
@\manager\sessionManager::session_start();
|
|
|
|
$id_second = session_id();
|
|
|
|
|
|
|
|
$this->assertNotEquals( $id_first, $id_second );
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
public function testIdenticalPrefix(){
|
|
|
|
// Premiere session
|
|
|
|
session_destroy();
|
|
|
|
@\manager\sessionManager::session_start();
|
|
|
|
$first_prefix = substr(session_id(), 0, 5);
|
|
|
|
|
|
|
|
// Seconde session
|
|
|
|
session_destroy();
|
|
|
|
@\manager\sessionManager::session_start();
|
|
|
|
$second_prefix = substr(session_id(), 0, 5);
|
|
|
|
|
|
|
|
$this->assertEquals( $first_prefix, $second_prefix );
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
public function testCookieUniq(){
|
|
|
|
// Premiere session
|
|
|
|
session_destroy();
|
|
|
|
@\manager\sessionManager::session_start();
|
|
|
|
$token_first = $_COOKIE['session_token'];
|
|
|
|
|
|
|
|
// Seconde session
|
|
|
|
session_destroy();
|
|
|
|
@\manager\sessionManager::session_start();
|
|
|
|
$token_second = $_COOKIE['session_token'];
|
|
|
|
|
|
|
|
$this->assertNotEquals( $token_first, $token_second );
|
|
|
|
}
|
|
|
|
|
|
|
|
/* [3] REMOTE_ADDR different
|
|
|
|
=========================================================*/
|
|
|
|
public function testSessionIdTheftWithWrongIp(){
|
|
|
|
$default_remote_addr = $_SERVER['REMOTE_ADDR'];
|
|
|
|
|
|
|
|
// Hote n.1
|
|
|
|
$_SERVER['REMOTE_ADDR'] = 'a';
|
|
|
|
session_destroy();
|
|
|
|
@\manager\sessionManager::session_start();
|
|
|
|
$first_prefix = substr(session_id(), 0, 5);
|
|
|
|
|
|
|
|
// Hote n.2
|
|
|
|
$_SERVER['REMOTE_ADDR'] = 'b';
|
|
|
|
session_destroy();
|
|
|
|
@\manager\sessionManager::session_start();
|
|
|
|
$second_prefix = substr(session_id(), 0, 5);
|
|
|
|
|
|
|
|
|
|
|
|
$this->assertNotEquals( $first_prefix, $second_prefix );
|
|
|
|
|
|
|
|
$_SERVER['REMOTE_ADDR'] = $default_remote_addr;
|
|
|
|
}
|
|
|
|
|
|
|
|
public function testSessionTokenTheftWithWrongIp(){
|
|
|
|
$default_remote_addr = $_SERVER['REMOTE_ADDR'];
|
|
|
|
|
|
|
|
// Hote n.1
|
|
|
|
$_SERVER['REMOTE_ADDR'] = 'a';
|
|
|
|
session_destroy();
|
|
|
|
@\manager\sessionManager::session_start();
|
|
|
|
$first_prefix = substr($_COOKIE['session_token'], 0, 5);
|
|
|
|
|
|
|
|
// Hote n.2
|
|
|
|
$_SERVER['REMOTE_ADDR'] = 'b';
|
|
|
|
session_destroy();
|
|
|
|
@\manager\sessionManager::session_start();
|
|
|
|
$second_prefix = substr($_COOKIE['session_token'], 0, 5);
|
|
|
|
|
|
|
|
|
|
|
|
$this->assertNotEquals( $first_prefix, $second_prefix );
|
|
|
|
|
|
|
|
$_SERVER['REMOTE_ADDR'] = $default_remote_addr;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
public function testSessionTokenTheftWithWrongIpThenWell(){
|
|
|
|
$default_remote_addr = $_SERVER['REMOTE_ADDR'];
|
|
|
|
|
|
|
|
// Hote n.1
|
|
|
|
$_SERVER['REMOTE_ADDR'] = 'a';
|
|
|
|
session_destroy();
|
|
|
|
@\manager\sessionManager::session_start();
|
|
|
|
$first_prefix = substr($_COOKIE['session_token'], 0, 40);
|
|
|
|
|
|
|
|
// Hote n.2
|
|
|
|
$_SERVER['REMOTE_ADDR'] = 'b';
|
|
|
|
session_destroy();
|
|
|
|
@\manager\sessionManager::session_start();
|
|
|
|
$second_prefix = substr($_COOKIE['session_token'], 0, 40);
|
|
|
|
|
|
|
|
// Hote n.1
|
|
|
|
$_SERVER['REMOTE_ADDR'] = 'a';
|
|
|
|
session_destroy();
|
|
|
|
@\manager\sessionManager::session_start();
|
|
|
|
$third_prefix = substr($_COOKIE['session_token'], 0, 40);
|
|
|
|
|
|
|
|
|
|
|
|
$this->assertEquals( $first_prefix, $third_prefix );
|
|
|
|
$this->assertNotEquals( $first_prefix, $second_prefix );
|
|
|
|
|
|
|
|
$_SERVER['REMOTE_ADDR'] = $default_remote_addr;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* [4] HTTP_USER_AGENT different
|
|
|
|
=========================================================*/
|
|
|
|
public function testSessionIdTheftWithWrongUserAgent(){
|
|
|
|
$default_http_user_agent = $_SERVER['HTTP_USER_AGENT'];
|
|
|
|
|
|
|
|
// Hote n.1
|
|
|
|
$_SERVER['HTTP_USER_AGENT'] = 'a';
|
|
|
|
session_destroy();
|
|
|
|
@\manager\sessionManager::session_start();
|
|
|
|
$first_prefix = substr(session_id(), 0, 5);
|
|
|
|
|
|
|
|
// Hote n.2
|
|
|
|
$_SERVER['HTTP_USER_AGENT'] = 'b';
|
|
|
|
session_destroy();
|
|
|
|
@\manager\sessionManager::session_start();
|
|
|
|
$second_prefix = substr(session_id(), 0, 5);
|
|
|
|
|
|
|
|
|
|
|
|
$this->assertNotEquals( $first_prefix, $second_prefix );
|
|
|
|
|
|
|
|
$_SERVER['HTTP_USER_AGENT'] = $default_http_user_agent;
|
|
|
|
}
|
|
|
|
|
|
|
|
public function testSessionTokenTheftWithWrongUserAgent(){
|
|
|
|
$default_http_user_agent = $_SERVER['HTTP_USER_AGENT'];
|
|
|
|
|
|
|
|
// Hote n.1
|
|
|
|
$_SERVER['HTTP_USER_AGENT'] = 'a';
|
|
|
|
session_destroy();
|
|
|
|
@\manager\sessionManager::session_start();
|
|
|
|
$first_prefix = substr($_COOKIE['session_token'], 0, 40);
|
|
|
|
|
|
|
|
// Hote n.2
|
|
|
|
$_SERVER['HTTP_USER_AGENT'] = 'b';
|
|
|
|
session_destroy();
|
|
|
|
@\manager\sessionManager::session_start();
|
|
|
|
$second_prefix = substr($_COOKIE['session_token'], 0, 40);
|
|
|
|
|
|
|
|
|
|
|
|
$this->assertNotEquals( $first_prefix, $second_prefix );
|
|
|
|
|
|
|
|
$_SERVER['HTTP_USER_AGENT'] = $default_http_user_agent;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
public function testSessionTokenTheftWithWrongUserAgentThenWell(){
|
|
|
|
$default_http_user_agent = $_SERVER['HTTP_USER_AGENT'];
|
|
|
|
|
|
|
|
// Hote n.1
|
|
|
|
$_SERVER['HTTP_USER_AGENT'] = 'a';
|
|
|
|
session_destroy();
|
|
|
|
@\manager\sessionManager::session_start();
|
|
|
|
$first_prefix = substr($_COOKIE['session_token'], 0, 40);
|
|
|
|
|
|
|
|
// Hote n.2
|
|
|
|
$_SERVER['HTTP_USER_AGENT'] = 'b';
|
|
|
|
session_destroy();
|
|
|
|
@\manager\sessionManager::session_start();
|
|
|
|
$second_prefix = substr($_COOKIE['session_token'], 0, 40);
|
|
|
|
|
|
|
|
// Hote n.1
|
|
|
|
$_SERVER['HTTP_USER_AGENT'] = 'a';
|
|
|
|
session_destroy();
|
|
|
|
@\manager\sessionManager::session_start();
|
|
|
|
$third_prefix = substr($_COOKIE['session_token'], 0, 40);
|
|
|
|
|
|
|
|
|
|
|
|
$this->assertEquals( $first_prefix, $third_prefix );
|
|
|
|
$this->assertNotEquals( $first_prefix, $second_prefix );
|
|
|
|
|
|
|
|
$_SERVER['HTTP_USER_AGENT'] = $default_http_user_agent;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/* [5] Regeneration du cookie 'session_token'
|
|
|
|
=========================================================*/
|
|
|
|
public function testRegeneratedToken(){
|
|
|
|
|
|
|
|
// Connection 1
|
|
|
|
session_destroy();
|
|
|
|
@\manager\sessionManager::session_start();
|
|
|
|
$first_token = $_COOKIE['session_token'];
|
|
|
|
|
|
|
|
// Connection 2
|
|
|
|
session_destroy();
|
|
|
|
@\manager\sessionManager::session_start();
|
|
|
|
$second_token = $_COOKIE['session_token'];
|
|
|
|
|
|
|
|
|
|
|
|
$this->assertNotEquals( $first_token, $second_token );
|
|
|
|
}
|
|
|
|
|
|
|
|
public function testSamePrefixToken(){
|
|
|
|
|
|
|
|
// Connection 1
|
|
|
|
session_destroy();
|
|
|
|
@\manager\sessionManager::session_start();
|
|
|
|
$first_token_prefix = substr($_COOKIE['session_token'], 0, 40);
|
|
|
|
|
|
|
|
// Connection 2
|
|
|
|
session_destroy();
|
|
|
|
@\manager\sessionManager::session_start();
|
|
|
|
$second_token_prefix = substr($_COOKIE['session_token'], 0, 40);
|
|
|
|
|
|
|
|
$this->assertEquals( $first_token_prefix, $second_token_prefix );
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
?>
|