NxTIC/phpunit/tests/sessionManager.php

252 lines
6.6 KiB
PHP
Executable File

<?php namespace phpunit;
class sessionManager extends \PHPUnit_Framework_TestCase{
/* [1] Test de toutes les fonctions utilitaires
=========================================================*/
public function testSecureSHA1(){
$plain = 'montexteclair';
$hash = \manager\sessionManager::sha1($plain);
// Verification desuiee
$this->assertEquals(40, strlen($hash) );
$this->assertNotContains( $plain, $hash );
}
/* [2] Test de l'unicite et du prefix
=========================================================*/
public function testIdSessionUniq(){
// Premiere session
session_destroy();
@\manager\sessionManager::session_start();
$id_first = session_id();
// Seconde session
session_destroy();
@\manager\sessionManager::session_start();
$id_second = session_id();
$this->assertNotEquals( $id_first, $id_second );
}
public function testIdenticalPrefix(){
// Premiere session
session_destroy();
@\manager\sessionManager::session_start();
$first_prefix = substr(session_id(), 0, 5);
// Seconde session
session_destroy();
@\manager\sessionManager::session_start();
$second_prefix = substr(session_id(), 0, 5);
$this->assertEquals( $first_prefix, $second_prefix );
}
public function testCookieUniq(){
// Premiere session
session_destroy();
@\manager\sessionManager::session_start();
$token_first = $_COOKIE['session_token'];
// Seconde session
session_destroy();
@\manager\sessionManager::session_start();
$token_second = $_COOKIE['session_token'];
$this->assertNotEquals( $token_first, $token_second );
}
/* [3] REMOTE_ADDR different
=========================================================*/
public function testSessionIdTheftWithWrongIp(){
$default_remote_addr = $_SERVER['REMOTE_ADDR'];
// Hote n.1
$_SERVER['REMOTE_ADDR'] = 'a';
session_destroy();
@\manager\sessionManager::session_start();
$first_prefix = substr(session_id(), 0, 5);
// Hote n.2
$_SERVER['REMOTE_ADDR'] = 'b';
session_destroy();
@\manager\sessionManager::session_start();
$second_prefix = substr(session_id(), 0, 5);
$this->assertNotEquals( $first_prefix, $second_prefix );
$_SERVER['REMOTE_ADDR'] = $default_remote_addr;
}
public function testSessionTokenTheftWithWrongIp(){
$default_remote_addr = $_SERVER['REMOTE_ADDR'];
// Hote n.1
$_SERVER['REMOTE_ADDR'] = 'a';
session_destroy();
@\manager\sessionManager::session_start();
$first_prefix = substr($_COOKIE['session_token'], 0, 5);
// Hote n.2
$_SERVER['REMOTE_ADDR'] = 'b';
session_destroy();
@\manager\sessionManager::session_start();
$second_prefix = substr($_COOKIE['session_token'], 0, 5);
$this->assertNotEquals( $first_prefix, $second_prefix );
$_SERVER['REMOTE_ADDR'] = $default_remote_addr;
}
public function testSessionTokenTheftWithWrongIpThenWell(){
$default_remote_addr = $_SERVER['REMOTE_ADDR'];
// Hote n.1
$_SERVER['REMOTE_ADDR'] = 'a';
session_destroy();
@\manager\sessionManager::session_start();
$first_prefix = substr($_COOKIE['session_token'], 0, 40);
// Hote n.2
$_SERVER['REMOTE_ADDR'] = 'b';
session_destroy();
@\manager\sessionManager::session_start();
$second_prefix = substr($_COOKIE['session_token'], 0, 40);
// Hote n.1
$_SERVER['REMOTE_ADDR'] = 'a';
session_destroy();
@\manager\sessionManager::session_start();
$third_prefix = substr($_COOKIE['session_token'], 0, 40);
$this->assertEquals( $first_prefix, $third_prefix );
$this->assertNotEquals( $first_prefix, $second_prefix );
$_SERVER['REMOTE_ADDR'] = $default_remote_addr;
}
/* [4] HTTP_USER_AGENT different
=========================================================*/
public function testSessionIdTheftWithWrongUserAgent(){
$default_http_user_agent = $_SERVER['HTTP_USER_AGENT'];
// Hote n.1
$_SERVER['HTTP_USER_AGENT'] = 'a';
session_destroy();
@\manager\sessionManager::session_start();
$first_prefix = substr(session_id(), 0, 5);
// Hote n.2
$_SERVER['HTTP_USER_AGENT'] = 'b';
session_destroy();
@\manager\sessionManager::session_start();
$second_prefix = substr(session_id(), 0, 5);
$this->assertNotEquals( $first_prefix, $second_prefix );
$_SERVER['HTTP_USER_AGENT'] = $default_http_user_agent;
}
public function testSessionTokenTheftWithWrongUserAgent(){
$default_http_user_agent = $_SERVER['HTTP_USER_AGENT'];
// Hote n.1
$_SERVER['HTTP_USER_AGENT'] = 'a';
session_destroy();
@\manager\sessionManager::session_start();
$first_prefix = substr($_COOKIE['session_token'], 0, 40);
// Hote n.2
$_SERVER['HTTP_USER_AGENT'] = 'b';
session_destroy();
@\manager\sessionManager::session_start();
$second_prefix = substr($_COOKIE['session_token'], 0, 40);
$this->assertNotEquals( $first_prefix, $second_prefix );
$_SERVER['HTTP_USER_AGENT'] = $default_http_user_agent;
}
public function testSessionTokenTheftWithWrongUserAgentThenWell(){
$default_http_user_agent = $_SERVER['HTTP_USER_AGENT'];
// Hote n.1
$_SERVER['HTTP_USER_AGENT'] = 'a';
session_destroy();
@\manager\sessionManager::session_start();
$first_prefix = substr($_COOKIE['session_token'], 0, 40);
// Hote n.2
$_SERVER['HTTP_USER_AGENT'] = 'b';
session_destroy();
@\manager\sessionManager::session_start();
$second_prefix = substr($_COOKIE['session_token'], 0, 40);
// Hote n.1
$_SERVER['HTTP_USER_AGENT'] = 'a';
session_destroy();
@\manager\sessionManager::session_start();
$third_prefix = substr($_COOKIE['session_token'], 0, 40);
$this->assertEquals( $first_prefix, $third_prefix );
$this->assertNotEquals( $first_prefix, $second_prefix );
$_SERVER['HTTP_USER_AGENT'] = $default_http_user_agent;
}
/* [5] Regeneration du cookie 'session_token'
=========================================================*/
public function testRegeneratedToken(){
// Connection 1
session_destroy();
@\manager\sessionManager::session_start();
$first_token = $_COOKIE['session_token'];
// Connection 2
session_destroy();
@\manager\sessionManager::session_start();
$second_token = $_COOKIE['session_token'];
$this->assertNotEquals( $first_token, $second_token );
}
public function testSamePrefixToken(){
// Connection 1
session_destroy();
@\manager\sessionManager::session_start();
$first_token_prefix = substr($_COOKIE['session_token'], 0, 40);
// Connection 2
session_destroy();
@\manager\sessionManager::session_start();
$second_token_prefix = substr($_COOKIE['session_token'], 0, 40);
$this->assertEquals( $first_token_prefix, $second_token_prefix );
}
}
?>