mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-05-05 15:16:16 +02:00
Code Issues Releases Wiki Activity

Merge remote-tracking branch 'asperous/ticket/11620' into develop

Browse Source 
* asperous/ticket/11620: (46 commits)
  [ticket/11620] Whitespace and combine function into test_case
  [ticket/11620] Move check_ban_test functions to setUp/tearDown for clarity
  [ticket/11620] Changed incorrect global variable
  [ticket/11620] Minor indentation changes and comment clarity
  [ticket/11620] Expected and actual test conditions wrongly swapped
  [ticket/11620] Space between . in directory import concatenation
  [ticket/11620] Changes to match merge
  [ticket/11620] Changes for code guidelines consistency
  [ticket/11620] Fix a static calls to non-static for session captcha
  [ticket/11620] Cleanup creation_test that was renamed on a cherry-pick
  [ticket/11620] Update auth_provider for new interface
  [ticket/11620] Added garbage_collection_test
  [ticket/11620] Fixed check_ban_test errors with cache and ban warning message
  [ticket/11620] Fixed a typo on check_ban_test
  [ticket/11620]  Refactored check_isvalid_test to use session_test_case
  [ticket/11615] Refactored isvalid test to be more imperative
  [ticket/11615]  Rename continue -> check_isvalid for clarity
  [ticket/11620] Added a test for checking if users are banned
  [ticket/11620] Remove typo in beginning of session_key_test
  [ticket/11620] Typo in file name session_key_tests -> test
  ...
This commit is contained in:
Andreas Fischer 2013-07-23 03:12:33 +02:00
commit 1004aaf787
20 changed files with 1014 additions and 204 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
tests/mock/auth_provider.php Normal file
View File

@ -0,0 +1,53 @@
<?php
/**
*
* @package testing
* @copyright (c) 2013 phpBB Group
* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
*
*/
/**
* Mock auth provider class with basic functions to help test sessions.
*/
class phpbb_mock_auth_provider implements phpbb_auth_provider_interface
{
function init()
{
return null;
}
function login($username, $password)
{
return array(
'status' => "",
'error_msg' => "",
'user_row' => "",
);
}
function autologin()
{
return array();
}
function acp()
{
return array();
}
function logout($data, $new_session)
{
return null;
}
function validate_session($user)
{
return null;
}
public function get_acp_template($new_config)
{
return null;
}
}

4
tests/mock/session_testable.php
View File

@ -58,5 +58,9 @@ class phpbb_mock_session_testable extends phpbb_session
}
}
}
public function setup()
{
}
}

78
tests/session/check_ban_test.php Normal file
View File

@ -0,0 +1,78 @@
<?php
/**
*
* @package testing
* @copyright (c) 2013 phpBB Group
* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
*
*/
require_once dirname(__FILE__) . '/../test_framework/phpbb_session_test_case.php';
class phpbb_session_check_ban_test extends phpbb_session_test_case
{
protected $user_id = 4;
protected $key_id = 4;
protected $session;
protected $backup_cache;
public function getDataSet()
{
return $this->createXMLDataSet(dirname(__FILE__) . '/fixtures/sessions_banlist.xml');
}
static function check_banned_data()
{
return array(
array('All false values, should not be banned',
false, false, false, false, /* should be banned? -> */ false),
array('Matching values in the database, should be banned',
4, '127.0.0.1', 'bar@example.org', true, /* should be banned? -> */ true),
array('IP Banned, should be banned',
false, '127.1.1.1', false, false, /* should be banned? -> */ true),
);
}
public function setUp()
{
parent::setUp();
// Get session here so that config is mocked correctly
$this->session = $this->session_factory->get_session($this->db);
global $cache, $config, $phpbb_root_path, $phpEx;
$this->backup_cache = $cache;
// Change the global cache object for this test because
// the mock cache object does not hit the database as is needed
// for this test.
$cache = new phpbb_cache_service(
new phpbb_cache_driver_file(),
$config,
$this->db,
$phpbb_root_path,
$phpEx
);
}
public function tearDown()
{
parent::tearDown();
// Set cache back to what it was before the test changed it
global $cache;
$cache = $this->backup_cache;
}
/** @dataProvider check_banned_data */
public function test_check_is_banned($test_msg, $user_id, $user_ips, $user_email, $return, $should_be_banned)
{
try
{
$is_banned = $this->session->check_ban($user_id, $user_ips, $user_email, $return);
}
catch (PHPUnit_Framework_Error_Notice $e)
{
// User error was triggered, user must have been banned
$is_banned = true;
}
$this->assertEquals($should_be_banned, $is_banned, $test_msg);
}
}

61
tests/session/check_isvalid_test.php Normal file
View File

@ -0,0 +1,61 @@
<?php
/**
*
* @package testing
* @copyright (c) 2013 phpBB Group
* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
*
*/
require_once dirname(__FILE__) . '/../test_framework/phpbb_session_test_case.php';
class phpbb_session_check_isvalid_test extends phpbb_session_test_case
{
public function getDataSet()
{
return $this->createXMLDataSet(dirname(__FILE__) . '/fixtures/sessions_full.xml');
}
protected function access_with($session_id, $user_id, $user_agent, $ip)
{
$this->session_factory->merge_test_data($session_id, $user_id, $user_agent, $ip);
$session = $this->session_factory->get_session($this->db);
$session->page = array('page' => 'page', 'forum' => 0);
$session->session_begin();
$this->session_factory->check($this);
return $session;
}
public function test_session_valid_session_exists()
{
$session = $this->access_with('bar_session000000000000000000000', '4', 'user agent', '127.0.0.1');
$session->check_cookies($this, array());
$this->check_sessions_equals(array(
array('session_id' => 'anon_session00000000000000000000', 'session_user_id' => 1),
array('session_id' => 'bar_session000000000000000000000', 'session_user_id' => 4),
),
'If a request comes with a valid session id with matching user agent and IP, no new session should be created.'
);
}
public function test_session_invalid_make_new_annon_session()
{
$session = $this->access_with('anon_session00000000000000000000', '4', 'user agent', '127.0.0.1');
$session->check_cookies($this, array(
'u' => array('1', null),
'k' => array(null, null),
'sid' => array($session->session_id, null),
));
$this->check_sessions_equals(array(
array('session_id' => $session->session_id, 'session_user_id' => 1), // use generated SID
array('session_id' => 'bar_session000000000000000000000', 'session_user_id' => 4),
),
'If a request comes with a valid session id and IP but different user id and user agent,
a new anonymous session is created and the session matching the supplied session id is deleted.'
);
}
}

133
tests/session/continue_test.php
View File

@ -1,133 +0,0 @@
<?php
/**
*
* @package testing
* @copyright (c) 2011 phpBB Group
* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
*
*/
require_once dirname(__FILE__) . '/testable_factory.php';
class phpbb_session_continue_test extends phpbb_database_test_case
{
public function getDataSet()
{
return $this->createXMLDataSet(dirname(__FILE__).'/fixtures/sessions_full.xml');
}
static public function session_begin_attempts()
{
// The session_id field is defined as CHAR(32) in the database schema.
// Thus the data we put in session_id fields has to have a length of 32 characters on stricter DBMSes.
// Thus we fill those strings up with zeroes until they have a string length of 32.
return array(
array(
'bar_session000000000000000000000', '4', 'user agent', '127.0.0.1',
array(
array('session_id' => 'anon_session00000000000000000000', 'session_user_id' => 1),
array('session_id' => 'bar_session000000000000000000000', 'session_user_id' => 4),
),
array(),
'If a request comes with a valid session id with matching user agent and IP, no new session should be created.',
),
array(
'anon_session00000000000000000000', '4', 'user agent', '127.0.0.1',
array(
array('session_id' => '__new_session_id__', 'session_user_id' => 1), // use generated SID
array('session_id' => 'bar_session000000000000000000000', 'session_user_id' => 4),
),
array(
'u' => array('1', null),
'k' => array(null, null),
'sid' => array('__new_session_id__', null),
),
'If a request comes with a valid session id and IP but different user id and user agent, a new anonymous session is created and the session matching the supplied session id is deleted.',
),
);
}
/**
* @dataProvider session_begin_attempts
*/
public function test_session_begin_valid_session($session_id, $user_id, $user_agent, $ip, $expected_sessions, $expected_cookies, $message)
{
global $phpbb_container, $phpbb_root_path, $phpEx;
$db = $this->new_dbal();
$config = new phpbb_config(array());
$request = $this->getMock('phpbb_request');
$user = $this->getMock('phpbb_user');
$auth_provider = new phpbb_auth_provider_db($db, $config, $request, $user, $phpbb_root_path, $phpEx);
$phpbb_container = $this->getMock('Symfony\Component\DependencyInjection\ContainerInterface');
$phpbb_container->expects($this->any())
->method('get')
->with('auth.provider.db')
->will($this->returnValue($auth_provider));
$session_factory = new phpbb_session_testable_factory;
$session_factory->set_cookies(array(
'_sid' => $session_id,
'_u' => $user_id,
));
$session_factory->merge_config_data(array(
'session_length' => time(), // need to do this to allow sessions started at time 0
));
$session_factory->merge_server_data(array(
'HTTP_USER_AGENT' => $user_agent,
'REMOTE_ADDR' => $ip,
));
$session = $session_factory->get_session($db);
$session->page = array('page' => 'page', 'forum' => 0);
$session->session_begin();
$sql = 'SELECT session_id, session_user_id
FROM phpbb_sessions
ORDER BY session_user_id';
$expected_sessions = $this->replace_session($expected_sessions, $session->session_id);
$expected_cookies = $this->replace_session($expected_cookies, $session->session_id);
$this->assertSqlResultEquals(
$expected_sessions,
$sql,
$message
);
$session->check_cookies($this, $expected_cookies);
$session_factory->check($this);
}
/**
* Replaces recursively the value __new_session_id__ with the given session
* id.
*
* @param array $array An array of data
* @param string $session_id The new session id to use instead of the
* placeholder.
* @return array The input array with all occurances of __new_session_id__
* replaced.
*/
public function replace_session($array, $session_id)
{
foreach ($array as $key => &$value)
{
if ($value === '__new_session_id__')
{
$value = $session_id;
}
if (is_array($value))
{
$value = $this->replace_session($value, $session_id);
}
}
return $array;
}
}

43
tests/session/create_test.php Normal file
View File

@ -0,0 +1,43 @@
<?php
/**
*
* @package testing
* @copyright (c) 2013 phpBB Group
* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
*
*/
require_once dirname(__FILE__) . '/../test_framework/phpbb_session_test_case.php';
class phpbb_session_create_test extends phpbb_session_test_case
{
public function getDataSet()
{
return $this->createXMLDataSet(dirname(__FILE__) . '/fixtures/sessions_full.xml');
}
static function bot($bot_agent, $user_id, $bot_ip)
{
return array(array(
'bot_agent' => $bot_agent,
'user_id' => $user_id,
'bot_ip' => $bot_ip,
));
}
function test_bot_session()
{
$output = $this->session_facade->session_create(
false,
false,
false,
false,
array(),
'user agent',
'127.0.0.1',
self::bot('user agent', 13, '127.0.0.1'),
''
);
$this->assertEquals(true, $output->data['is_bot'], 'should be a bot');
}
}

69
tests/session/creation_test.php
View File

@ -1,69 +0,0 @@
<?php
/**
*
* @package testing
* @copyright (c) 2011 phpBB Group
* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
*
*/
require_once dirname(__FILE__) . '/testable_factory.php';
class phpbb_session_creation_test extends phpbb_database_test_case
{
public function getDataSet()
{
return $this->createXMLDataSet(dirname(__FILE__).'/fixtures/sessions_empty.xml');
}
// also see security/extract_current_page.php
public function test_login_session_create()
{
global $phpbb_container, $phpbb_root_path, $phpEx;
$db = $this->new_dbal();
$config = new phpbb_config(array());
$request = $this->getMock('phpbb_request');
$user = $this->getMock('phpbb_user');
$auth_provider = new phpbb_auth_provider_db($db, $config, $request, $user, $phpbb_root_path, $phpEx);
$phpbb_container = $this->getMock('Symfony\Component\DependencyInjection\ContainerInterface');
$phpbb_container->expects($this->any())
->method('get')
->with('auth.provider.db')
->will($this->returnValue($auth_provider));
$session_factory = new phpbb_session_testable_factory;
$session = $session_factory->get_session($db);
$session->page = array('page' => 'page', 'forum' => 0);
$session->session_create(3);
$sql = 'SELECT session_user_id
FROM phpbb_sessions';
$this->assertSqlResultEquals(
array(array('session_user_id' => 3)),
$sql,
'Check if exactly one session for user id 3 was created'
);
$one_year_in_seconds = 365 * 24 * 60 * 60;
$cookie_expire = $session->time_now + $one_year_in_seconds;
$session->check_cookies($this, array(
'u' => array(null, $cookie_expire),
'k' => array(null, $cookie_expire),
'sid' => array($session->session_id, $cookie_expire),
));
global $SID, $_SID;
$this->assertEquals($session->session_id, $_SID);
$this->assertEquals('?sid=' . $session->session_id, $SID);
$session_factory->check($this);
}
}

51
tests/session/extract_hostname_test.php Normal file
View File

@ -0,0 +1,51 @@
<?php
/**
*
* @package testing
* @copyright (c) 2013 phpBB Group
* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
*
*/
require_once dirname(__FILE__) . '/../test_framework/phpbb_session_test_case.php';
class phpbb_session_extract_hostname_test extends phpbb_session_test_case
{
public function getDataSet()
{
return $this->createXMLDataSet(dirname(__FILE__) . '/fixtures/sessions_empty.xml');
}
static public function extract_current_hostname_data()
{
return array (
// [Input] $host, $server_name_config, $cookie_domain_config, [Expected] $output
// If host is ip use that
// ipv4
array('127.0.0.1', 'skipped.org', 'skipped.org', '127.0.0.1'),
// ipv6
array('::1', 'skipped.org', 'skipped.org', ':'),
array('2002::3235:51f9', 'skipped.org', 'skipped.org', '2002::3235'),
// If no host but server name matches cookie_domain use that
array('', 'example.org', 'example.org', 'example.org'),
// If there is a host uri use that
array('example.org', false, false, 'example.org'),
// 'best approach' guessing
array('', 'example.org', false, 'example.org'),
array('', false, '127.0.0.1', '127.0.0.1'),
array('', false, false, php_uname('n')),
);
}
/** @dataProvider extract_current_hostname_data */
function test_extract_current_hostname($host, $server_name_config, $cookie_domain_config, $expected)
{
$output = $this->session_facade->extract_current_hostname(
$host,
$server_name_config,
$cookie_domain_config
);
$this->assertEquals($expected, $output);
}
}

115
tests/session/extract_page_test.php Normal file
View File

@ -0,0 +1,115 @@
<?php
/**
*
* @package testing
* @copyright (c) 2013 phpBB Group
* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
*
*/
require_once dirname(__FILE__) . '/../test_framework/phpbb_session_test_case.php';
class phpbb_session_extract_page_test extends phpbb_session_test_case
{
public function getDataSet()
{
return $this->createXMLDataSet(dirname(__FILE__) . '/fixtures/sessions_empty.xml');
}
static public function extract_current_page_data()
{
return array(
array(
'./',
'/phpBB/index.php',
'',
'/phpBB/',
array(
'page_name' => 'index.php',
'page_dir' => '',
'query_string' => '',
'script_path' => '/phpBB/',
'root_script_path' => '/phpBB/',
'page' => 'index.php',
'forum' => 0,
),
),
array(
'./',
'/phpBB/ucp.php',
'mode=login',
'/phpBB/ucp.php?mode=login',
array(
'page_name' => 'ucp.php',
'page_dir' => '',
'query_string' => 'mode=login',
'script_path' => '/phpBB/',
'root_script_path' => '/phpBB/',
'page' => 'ucp.php?mode=login',
'forum' => 0,
),
),
array(
'./',
'/phpBB/ucp.php',
'mode=register',
'/phpBB/ucp.php?mode=register',
array(
'page_name' => 'ucp.php',
'page_dir' => '',
'query_string' => 'mode=register',
'script_path' => '/phpBB/',
'root_script_path' => '/phpBB/',
'page' => 'ucp.php?mode=register',
'forum' => 0,
),
),
array(
'./',
'/phpBB/ucp.php',
'mode=register',
'/phpBB/ucp.php?mode=register',
array(
'page_name' => 'ucp.php',
'page_dir' => '',
'query_string' => 'mode=register',
'script_path' => '/phpBB/',
'root_script_path' => '/phpBB/',
'page' => 'ucp.php?mode=register',
'forum' => 0,
),
),
array(
'./../',
'/phpBB/adm/index.php',
'sid=e7215d958cdd41a6fc13509bebe53e42',
'/phpBB/adm/index.php?sid=e7215d958cdd41a6fc13509bebe53e42',
array(
'page_name' => 'index.php',
//'page_dir' => 'adm',
// ^-- Ignored because .. returns different directory in live vs testing
'query_string' => '',
'script_path' => '/phpBB/adm/',
'root_script_path' => '/phpBB/',
//'page' => 'adm/index.php',
'forum' => 0,
),
),
);
}
/** @dataProvider extract_current_page_data */
function test_extract_current_page($root_path, $php_self, $query_string, $request_uri, $expected)
{
$output = $this->session_facade->extract_current_page(
$root_path,
$php_self,
$query_string,
$request_uri
);
// This compares the result of the output.
// Any keys that are not in the expected array are overwritten by the output (aka not checked).
$this->assert_array_content_equals(array_merge($output, $expected), $output);
}
}

66
tests/session/fixtures/sessions_banlist.xml Normal file
View File

@ -0,0 +1,66 @@
<?xml version="1.0" encoding="UTF-8" ?>
<dataset>
<table name="phpbb_users">
<column>user_id</column>
<column>username_clean</column>
<column>user_permissions</column>
<column>user_sig</column>
<column>user_occ</column>
<column>user_interests</column>
<row>
<value>1</value>
<value>anonymous</value>
<value></value>
<value></value>
<value></value>
<value></value>
</row>
</table>
<table name="phpbb_sessions">
<column>session_id</column>
<column>session_user_id</column>
<column>session_ip</column>
<column>session_browser</column>
<column>session_admin</column>
<row>
<value>bar_session000000000000000000000</value>
<value>4</value>
<value>127.0.0.1</value>
<value>user agent</value>
<value>1</value>
</row>
</table>
<table name="phpbb_banlist">
<column>ban_id</column>
<column>ban_userid</column>
<column>ban_ip</column>
<column>ban_email</column>
<column>ban_start</column>
<column>ban_end</column>
<column>ban_exclude</column>
<column>ban_reason</column>
<column>ban_give_reason</column>
<row>
<value>2</value>
<value>4</value>
<value>127.0.0.1</value>
<value>bar@example.org</value>
<value>1111</value>
<value>0</value>
<value>0</value>
<value>HAHAHA</value>
<value>1</value>
</row>
<row>
<value>3</value>
<value>0</value>
<value>127.1.1.1</value>
<value></value>
<value>1111</value>
<value>0</value>
<value>0</value>
<value>HAHAHA</value>
<value>1</value>
</row>
</table>
</dataset>

3
tests/session/fixtures/sessions_full.xml
View File

@ -37,17 +37,20 @@
<column>session_user_id</column>
<column>session_ip</column>
<column>session_browser</column>
<column>session_admin</column>
<row>
<value>anon_session00000000000000000000</value>
<value>1</value>
<value>127.0.0.1</value>
<value>anonymous user agent</value>
<value>0</value>
</row>
<row>
<value>bar_session000000000000000000000</value>
<value>4</value>
<value>127.0.0.1</value>
<value>user agent</value>
<value>1</value>
</row>
</table>
</dataset>

58
tests/session/fixtures/sessions_garbage.xml Normal file
View File

@ -0,0 +1,58 @@
<?xml version="1.0" encoding="UTF-8" ?>
<dataset>
<table name="phpbb_users">
<column>user_id</column>
<column>username_clean</column>
<column>user_permissions</column>
<column>user_sig</column>
<column>user_occ</column>
<column>user_interests</column>
<row>
<value>4</value>
<value>bar</value>
<value></value>
<value></value>
<value></value>
<value></value>
</row>
</table>
<table name="phpbb_sessions">
<column>session_id</column>
<column>session_user_id</column>
<column>session_ip</column>
<column>session_browser</column>
<column>session_admin</column>
<row>
<value>anon_session00000000000000000000</value>
<value>1</value>
<value>127.0.0.1</value>
<value>anonymous user agent</value>
<value>0</value>
</row>
<row>
<value>bar_session000000000000000000000</value>
<value>4</value>
<value>127.0.0.1</value>
<value>user agent</value>
<value>1</value>
</row>
</table>
<table name="phpbb_login_attempts">
<column>attempt_ip</column>
<column>attempt_browser</column>
<column>attempt_forwarded_for</column>
<column>attempt_time</column>
<column>user_id</column>
<column>username</column>
<column>username_clean</column>
<row>
<value>127.0.0.1</value>
<value>browser</value>
<value></value>
<value>0001</value>
<value>4</value>
<value>bar</value>
<value>bar</value>
</row>
</table>
</dataset>

44
tests/session/fixtures/sessions_key.xml Normal file
View File

@ -0,0 +1,44 @@
<?xml version="1.0" encoding="UTF-8" ?>
<dataset>
<table name="phpbb_sessions_keys">
<column>key_id</column>
<column>user_id</column>
<column>last_ip</column>
<column>last_login</column>
<row>
<value>a87ff679a2f3e71d9181a67b7542122c</value>
<value>4</value>
<value>127.0.0.1</value>
<value>0</value>
</row>
</table>
<table name="phpbb_sessions">
<column>session_id</column>
<column>session_user_id</column>
<column>session_ip</column>
<column>session_browser</column>
<row>
<value>bar_session000000000000000000000</value>
<value>4</value>
<value>127.0.0.1</value>
<value>user agent</value>
<value>1</value>
</row>
</table>
<table name="phpbb_users">
<column>user_id</column>
<column>username_clean</column>
<column>user_permissions</column>
<column>user_sig</column>
<column>user_occ</column>
<column>user_interests</column>
<row>
<value>4</value>
<value>bar</value>
<value></value>
<value></value>
<value></value>
<value></value>
</row>
</table>
</dataset>

53
tests/session/garbage_collection_test.php Normal file
View File

@ -0,0 +1,53 @@
<?php
/**
*
* @package testing
* @copyright (c) 2013 phpBB Group
* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
*
*/
require_once dirname(__FILE__) . '/../test_framework/phpbb_session_test_case.php';
class phpbb_session_garbage_collection_test extends phpbb_session_test_case
{
public $session;
public function getDataSet()
{
return $this->createXMLDataSet(dirname(__FILE__) . '/fixtures/sessions_garbage.xml');
}
public function setUp()
{
parent::setUp();
$this->session = $this->session_factory->get_session($this->db);
}
public function test_cleanup_all()
{
$this->check_sessions_equals(
array(
array(
'session_id' => 'anon_session00000000000000000000',
'session_user_id' => 1,
),
array(
'session_id' => 'bar_session000000000000000000000',
'session_user_id' => 4,
),
),
'Before test, should have some sessions.'
);
// Set session length so it clears all
global $config;
$config['session_length'] = 0;
// There is an error unless the captcha plugin is set
$config['captcha_plugin'] = 'phpbb_captcha_nogd';
$this->session->session_gc();
$this->check_sessions_equals(
array(),
'After setting session time to 0, should remove all.'
);
}
}

51
tests/session/session_key_test.php Normal file
View File

@ -0,0 +1,51 @@
<?php
/**
*
* @package testing
* @copyright (c) 2013 phpBB Group
* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
*
*/
require_once dirname(__FILE__) . '/../test_framework/phpbb_session_test_case.php';
class phpbb_session_login_keys_test extends phpbb_session_test_case
{
protected $user_id = 4;
protected $key_id = 4;
public function getDataSet()
{
return $this->createXMLDataSet(dirname(__FILE__) . '/fixtures/sessions_key.xml');
}
public function test_set_key_manually()
{
// With AutoLogin setup
$this->session_factory->merge_config_data(array('allow_autologin' => true));
$session = $this->session_factory->get_session($this->db);
// Using a user_id and key that is already in the database
$session->cookie_data['u'] = $this->user_id;
$session->cookie_data['k'] = $this->key_id;
// Try to access session
$session->session_create($this->user_id, false, $this->user_id);
$this->assertEquals($this->user_id, $session->data['user_id'], "session should automatically login");
}
public function test_reset_keys()
{
// With AutoLogin setup
$this->session_factory->merge_config_data(array('allow_autologin' => true));
$session = $this->session_factory->get_session($this->db);
// Reset of the keys for this user
$session->reset_login_keys($this->user_id);
// Using a user_id and key that was in the database (before reset)
$session->cookie_data['u'] = $this->user_id;
$session->cookie_data['k'] = $this->key_id;
// Try to access session
$session->session_create($this->user_id, false, $this->user_id);
$this->assertNotEquals($this->user_id, $session->data['user_id'], "session should be cleared");
}
}

142
tests/session/testable_facade.php Normal file
View File

@ -0,0 +1,142 @@
<?php
/**
*
* @package testing
* @copyright (c) 2013 phpBB Group
* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
*
*/
require_once dirname(__FILE__) . '/testable_factory.php';
require_once dirname(__FILE__) . '/../../phpBB/phpbb/session.php';
/**
* This class exists to expose session.php's functions in a more testable way.
*
* Since many functions in session.php have global variables inside the function,
* this exposes those functions through a testable facade that uses
* testable_factory's mock global variables to modify global variables used in
* the functions.
*
* This is using the facade pattern to provide a testable "front" to the
* functions in sessions.php.
*
*/
class phpbb_session_testable_facade
{
protected $db;
protected $session_factory;
function __construct($db, $session_factory)
{
$this->db = $db;
$this->session_factory = $session_factory;
}
function extract_current_page(
$root_path,
$php_self,
$query_string,
$request_uri
)
{
$this->session_factory->get_session($this->db);
global $request;
$request->overwrite('PHP_SELF', $php_self, phpbb_request_interface::SERVER);
$request->overwrite('QUERY_STRING', $query_string, phpbb_request_interface::SERVER);
$request->overwrite('REQUEST_URI', $request_uri, phpbb_request_interface::SERVER);
return phpbb_session::extract_current_page($root_path);
}
function extract_current_hostname(
$host,
$server_name_config,
$cookie_domain_config
)
{
$session = $this->session_factory->get_session($this->db);
global $config, $request;
$config['server_name'] = $server_name_config;
$config['cookie_domain'] = $cookie_domain_config;
$request->overwrite('SERVER_NAME', $host, phpbb_request_interface::SERVER);
$request->overwrite('Host', $host, phpbb_request_interface::SERVER);
// Note: There is a php_uname function used as a fallthrough
// that this function doesn't override
return $session->extract_current_hostname();
}
/**
*
* This function has a lot of dependencies, so instead of naming them all,
* just ask for overrides
*
* @param update_session_page Boolean of whether to set page of the session
* @param config_overrides An array of overrides for the global config object
* @param request_overrides An array of overrides for the global request object
* @return boolean False if the user is identified, otherwise true.
*/
function session_begin(
$update_session_page = true,
$config_overrides = array(),
$request_overrides = array(),
$cookies_overrides = array()
)
{
$this->session_factory->merge_config_data($config_overrides);
$this->session_factory->merge_server_data($request_overrides);
$this->session_factory->set_cookies($cookies_overrides);
$session = $this->session_factory->get_session($this->db);
$session->session_begin($update_session_page);
return $session;
}
function session_create(
$user_id = false,
$set_admin = false,
$persist_login = false,
$viewonline = true,
array $config_overrides = array(),
$user_agent = 'user agent',
$ip_address = '127.0.0.1',
array $bot_overrides = array(),
$uri_sid = ""
)
{
$this->session_factory->merge_config_data($config_overrides);
// Bots
$this->session_factory->merge_cache_data(array('_bots' => $bot_overrides));
global $request;
$session = $this->session_factory->get_session($this->db);
$session->browser = $user_agent;
$session->ip = $ip_address;
// Uri sid
if ($uri_sid)
{
$_GET['sid'] = $uri_sid;
}
$session->session_create($user_id, $set_admin, $persist_login, $viewonline);
return $session;
}
function validate_referer(
$check_script_path,
$referer,
$host,
$force_server_vars,
$server_port,
$server_name,
$root_script_path
)
{
$session = $this->session_factory->get_session($this->db);
global $config, $request;
$session->referer = $referer;
$session->page['root_script_path'] = $root_script_path;
$session->host = $host;
$config['force_server_vars'] = $force_server_vars;
$config['server_name'] = $server_name;
$request->overwrite('SERVER_PORT', $server_port, phpbb_request_interface::SERVER);
return $session->validate_referer($check_script_path);
}
}

40
tests/session/testable_factory.php
View File

@ -2,11 +2,14 @@
/**
*
* @package testing
* @copyright (c) 2011 phpBB Group
* @copyright (c) 2013 phpBB Group
* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
*
*/
require_once dirname(__FILE__) . '/../mock/container_builder.php';
require_once dirname(__FILE__) . '/../mock/auth_provider.php';
/**
* This class exists to setup an instance of phpbb's session class for testing.
*
@ -16,6 +19,7 @@
*/
class phpbb_session_testable_factory
{
protected $container;
protected $config_data;
protected $cache_data;
protected $cookies;
@ -65,7 +69,7 @@ class phpbb_session_testable_factory
public function get_session(phpbb_db_driver $dbal)
{
// set up all the global variables used by session
global $SID, $_SID, $db, $config, $cache, $request;
global $SID, $_SID, $db, $config, $cache, $request, $phpbb_container;
$request = $this->request = new phpbb_mock_request(
array(),
@ -83,6 +87,12 @@ class phpbb_session_testable_factory
$cache = $this->cache = new phpbb_mock_cache($this->get_cache_data());
$SID = $_SID = null;
$phpbb_container = $this->container = new phpbb_mock_container_builder();
$phpbb_container->set(
'auth.provider.db',
new phpbb_mock_auth_provider()
);
$session = new phpbb_mock_session_testable;
return $session;
}
@ -164,6 +174,32 @@ class phpbb_session_testable_factory
return $this->server_data = array_merge($this->server_data, $server_data);
}
/**
* Set cookies, merge config and server data in one step.
*
* New values overwrite old ones.
*
* @param $session_id
* @param $user_id
* @param $user_agent
* @param $ip
* @param int $time
*/
public function merge_test_data($session_id, $user_id, $user_agent, $ip, $time = 0)
{
$this->set_cookies(array(
'_sid' => $session_id,
'_u' => $user_id,
));
$this->merge_config_data(array(
'session_length' => time() + $time, // need to do this to allow sessions started at time 0
));
$this->merge_server_data(array(
'HTTP_USER_AGENT' => $user_agent,
'REMOTE_ADDR' => $ip,
));
}
/**
* Retrieve all server variables to be passed to the session.
*

48
tests/session/unset_admin_test.php Normal file
View File

@ -0,0 +1,48 @@
<?php
/**
*
* @package testing
* @copyright (c) 2013 phpBB Group
* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
*
*/
require_once dirname(__FILE__) . '/../test_framework/phpbb_session_test_case.php';
class phpbb_session_unset_admin_test extends phpbb_session_test_case
{
public function getDataSet()
{
return $this->createXMLDataSet(dirname(__FILE__) . '/fixtures/sessions_full.xml');
}
function get_test_session()
{
return $this->session_facade->session_begin(
true,
// Config
array(
'session_length' => time(), // need to do this to allow sessions started at time 0
),
// Server
array(
'HTTP_USER_AGENT' => "user agent",
'REMOTE_ADDR' => "127.0.0.1",
),
// Cookies
array(
'_sid' => 'bar_session000000000000000000000',
'_u' => 4,
)
);
}
public function test_unset_admin()
{
$session = $this->get_test_session();
$this->assertEquals(1, $session->data['session_admin'], 'should be an admin before test starts');
$session->unset_admin();
$session = $this->get_test_session();
$this->assertEquals(0, $session->data['session_admin'], 'should be not be an admin after unset_admin');
}
}

70
tests/session/validate_referrer_test.php Normal file
View File

@ -0,0 +1,70 @@
<?php
/**
*
* @package testing
* @copyright (c) 2013 phpBB Group
* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
*
*/
require_once dirname(__FILE__) . '/../test_framework/phpbb_session_test_case.php';
class phpbb_session_validate_referrer_test extends phpbb_session_test_case
{
public function getDataSet()
{
return $this->createXMLDataSet(dirname(__FILE__) . '/fixtures/sessions_empty.xml');
}
static function referrer_inputs()
{
$ex = "example.org";
$alt = "example.com";
return array(
// checkpath referrer host forcevars port servername rootpath pass?
// 0 Referrer or host wasn't collected, therefore should validate
array(false, '', $ex, false, 80, $ex, '', true),
array(false, $ex, '', false, 80, $ex, '', true),
// 2 Referrer doesn't match host or server_name
array(false, $alt, $ex, false, 80, $ex, '', false),
// 3 Everything should check out
array(false, $ex, $ex, false, 80, $ex, '', true),
// 4 Check Script Path
array(true, $ex, $ex, false, 80, $ex, '', true),
array(true, "$ex/foo", $ex, false, 80, $ex, "/foo", true),
array(true, "$ex/bar", $ex, false, 80, $ex, "/foo", false),
// 7 Port (This is not checked unless path is checked)
array(true, "$ex:80/foo", "$ex:80", false, 80, "$ex:80", "/foo", true),
array(true, "$ex:80/bar", "$ex:80", false, 80, "$ex:80", "/foo", false),
array(true, "$ex:79/foo", "$ex:81", false, 81, "$ex:81", "/foo", false),
);
}
/** @dataProvider referrer_inputs */
function test_referrer_inputs(
$check_script_path,
$referrer,
$host,
$force_server_vars,
$server_port,
$server_name,
$root_script_path,
$pass_or_fail
)
{
// Referrer needs http:// because it's going to get stripped in function.
$referrer = $referrer ? 'http://' . $referrer : '';
$this->assertEquals(
$pass_or_fail,
$this->session_facade->validate_referer(
$check_script_path,
$referrer,
$host,
$force_server_vars,
$server_port,
$server_name,
$root_script_path
),
"referrer should" . ($pass_or_fail ? '' : "n't") . " be validated");
}
}

36
tests/test_framework/phpbb_session_test_case.php Normal file
View File

@ -0,0 +1,36 @@
<?php
/**
*
* @package testing
* @copyright (c) 2013 phpBB Group
* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
*
*/
require_once dirname(__FILE__) . '/../session/testable_factory.php';
require_once dirname(__FILE__) . '/../session/testable_facade.php';
abstract class phpbb_session_test_case extends phpbb_database_test_case
{
protected $session_factory;
protected $session_facade;
protected $db;
function setUp()
{
parent::setUp();
$this->session_factory = new phpbb_session_testable_factory;
$this->db = $this->new_dbal();
$this->session_facade =
new phpbb_session_testable_facade($this->db, $this->session_factory);
}
protected function check_sessions_equals($expected_sessions, $message)
{
$sql = 'SELECT session_id, session_user_id
FROM phpbb_sessions
ORDER BY session_user_id';
$this->assertSqlResultEquals($expected_sessions, $sql, $message);
}
}