diff options
Diffstat (limited to 'tests/session')
| -rw-r--r-- | tests/session/append_sid_test.php | 4 | ||||
| -rw-r--r-- | tests/session/check_ban_test.php | 78 | ||||
| -rw-r--r-- | tests/session/check_isvalid_test.php | 61 | ||||
| -rw-r--r-- | tests/session/continue_test.php | 121 | ||||
| -rw-r--r-- | tests/session/create_test.php | 43 | ||||
| -rw-r--r-- | tests/session/creation_test.php | 57 | ||||
| -rw-r--r-- | tests/session/extract_hostname_test.php | 51 | ||||
| -rw-r--r-- | tests/session/extract_page_test.php | 165 | ||||
| -rw-r--r-- | tests/session/fixtures/sessions_banlist.xml | 62 | ||||
| -rw-r--r-- | tests/session/fixtures/sessions_empty.xml | 8 | ||||
| -rw-r--r-- | tests/session/fixtures/sessions_full.xml | 11 | ||||
| -rw-r--r-- | tests/session/fixtures/sessions_garbage.xml | 54 | ||||
| -rw-r--r-- | tests/session/fixtures/sessions_key.xml | 40 | ||||
| -rw-r--r-- | tests/session/garbage_collection_test.php | 53 | ||||
| -rw-r--r-- | tests/session/session_key_test.php | 51 | ||||
| -rw-r--r-- | tests/session/testable_facade.php | 126 | ||||
| -rw-r--r-- | tests/session/testable_factory.php | 58 | ||||
| -rw-r--r-- | tests/session/unset_admin_test.php | 48 | ||||
| -rw-r--r-- | tests/session/validate_referrer_test.php | 70 |
19 files changed, 959 insertions, 202 deletions
diff --git a/tests/session/append_sid_test.php b/tests/session/append_sid_test.php index ce7bf71215..b9e9ac1aa9 100644 --- a/tests/session/append_sid_test.php +++ b/tests/session/append_sid_test.php @@ -45,6 +45,10 @@ class phpbb_session_append_sid_test extends phpbb_test_case */ public function test_append_sid($url, $params, $is_amp, $session_id, $expected, $description) { + global $phpbb_dispatcher; + + $phpbb_dispatcher = new phpbb_mock_event_dispatcher; $this->assertEquals($expected, append_sid($url, $params, $is_amp, $session_id)); } } + diff --git a/tests/session/check_ban_test.php b/tests/session/check_ban_test.php new file mode 100644 index 0000000000..3f13b9f216 --- /dev/null +++ b/tests/session/check_ban_test.php @@ -0,0 +1,78 @@ +<?php +/** + * + * @package testing + * @copyright (c) 2013 phpBB Group + * @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2 + * + */ + +require_once dirname(__FILE__) . '/../test_framework/phpbb_session_test_case.php'; + +class phpbb_session_check_ban_test extends phpbb_session_test_case +{ + protected $user_id = 4; + protected $key_id = 4; + protected $session; + protected $backup_cache; + + public function getDataSet() + { + return $this->createXMLDataSet(dirname(__FILE__) . '/fixtures/sessions_banlist.xml'); + } + + static function check_banned_data() + { + return array( + array('All false values, should not be banned', + false, false, false, false, /* should be banned? -> */ false), + array('Matching values in the database, should be banned', + 4, '127.0.0.1', 'bar@example.org', true, /* should be banned? -> */ true), + array('IP Banned, should be banned', + false, '127.1.1.1', false, false, /* should be banned? -> */ true), + ); + } + + public function setUp() + { + parent::setUp(); + // Get session here so that config is mocked correctly + $this->session = $this->session_factory->get_session($this->db); + global $cache, $config, $phpbb_root_path, $phpEx; + $this->backup_cache = $cache; + // Change the global cache object for this test because + // the mock cache object does not hit the database as is needed + // for this test. + $cache = new \phpbb\cache\service( + new \phpbb\cache\driver\file(), + $config, + $this->db, + $phpbb_root_path, + $phpEx + ); + } + + public function tearDown() + { + parent::tearDown(); + // Set cache back to what it was before the test changed it + global $cache; + $cache = $this->backup_cache; + } + + /** @dataProvider check_banned_data */ + public function test_check_is_banned($test_msg, $user_id, $user_ips, $user_email, $return, $should_be_banned) + { + try + { + $is_banned = $this->session->check_ban($user_id, $user_ips, $user_email, $return); + } + catch (PHPUnit_Framework_Error_Notice $e) + { + // User error was triggered, user must have been banned + $is_banned = true; + } + + $this->assertEquals($should_be_banned, $is_banned, $test_msg); + } +} diff --git a/tests/session/check_isvalid_test.php b/tests/session/check_isvalid_test.php new file mode 100644 index 0000000000..760e2a6f24 --- /dev/null +++ b/tests/session/check_isvalid_test.php @@ -0,0 +1,61 @@ +<?php +/** +* +* @package testing +* @copyright (c) 2013 phpBB Group +* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2 +* +*/ + +require_once dirname(__FILE__) . '/../test_framework/phpbb_session_test_case.php'; + +class phpbb_session_check_isvalid_test extends phpbb_session_test_case +{ + public function getDataSet() + { + return $this->createXMLDataSet(dirname(__FILE__) . '/fixtures/sessions_full.xml'); + } + + protected function access_with($session_id, $user_id, $user_agent, $ip) + { + $this->session_factory->merge_test_data($session_id, $user_id, $user_agent, $ip); + + $session = $this->session_factory->get_session($this->db); + $session->page = array('page' => 'page', 'forum' => 0); + + $session->session_begin(); + $this->session_factory->check($this); + return $session; + } + + public function test_session_valid_session_exists() + { + $session = $this->access_with('bar_session000000000000000000000', '4', 'user agent', '127.0.0.1'); + $session->check_cookies($this, array()); + + $this->check_sessions_equals(array( + array('session_id' => 'anon_session00000000000000000000', 'session_user_id' => 1), + array('session_id' => 'bar_session000000000000000000000', 'session_user_id' => 4), + ), + 'If a request comes with a valid session id with matching user agent and IP, no new session should be created.' + ); + } + + public function test_session_invalid_make_new_annon_session() + { + $session = $this->access_with('anon_session00000000000000000000', '4', 'user agent', '127.0.0.1'); + $session->check_cookies($this, array( + 'u' => array('1', null), + 'k' => array(null, null), + 'sid' => array($session->session_id, null), + )); + + $this->check_sessions_equals(array( + array('session_id' => $session->session_id, 'session_user_id' => 1), // use generated SID + array('session_id' => 'bar_session000000000000000000000', 'session_user_id' => 4), + ), + 'If a request comes with a valid session id and IP but different user id and user agent, + a new anonymous session is created and the session matching the supplied session id is deleted.' + ); + } +} diff --git a/tests/session/continue_test.php b/tests/session/continue_test.php deleted file mode 100644 index c4f7f8d75b..0000000000 --- a/tests/session/continue_test.php +++ /dev/null @@ -1,121 +0,0 @@ -<?php -/** -* -* @package testing -* @copyright (c) 2011 phpBB Group -* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2 -* -*/ - -require_once dirname(__FILE__) . '/../mock/cache.php'; -require_once dirname(__FILE__) . '/testable_factory.php'; - -class phpbb_session_continue_test extends phpbb_database_test_case -{ - public function getDataSet() - { - return $this->createXMLDataSet(dirname(__FILE__).'/fixtures/sessions_full.xml'); - } - - static public function session_begin_attempts() - { - // The session_id field is defined as CHAR(32) in the database schema. - // Thus the data we put in session_id fields has to have a length of 32 characters on stricter DBMSes. - // Thus we fill those strings up with zeroes until they have a string length of 32. - - return array( - array( - 'bar_session000000000000000000000', '4', 'user agent', '127.0.0.1', - array( - array('session_id' => 'anon_session00000000000000000000', 'session_user_id' => 1), - array('session_id' => 'bar_session000000000000000000000', 'session_user_id' => 4), - ), - array(), - 'If a request comes with a valid session id with matching user agent and IP, no new session should be created.', - ), - array( - 'anon_session00000000000000000000', '4', 'user agent', '127.0.0.1', - array( - array('session_id' => '__new_session_id__', 'session_user_id' => 1), // use generated SID - array('session_id' => 'bar_session000000000000000000000', 'session_user_id' => 4), - ), - array( - 'u' => array('1', null), - 'k' => array(null, null), - 'sid' => array('__new_session_id__', null), - ), - 'If a request comes with a valid session id and IP but different user id and user agent, a new anonymous session is created and the session matching the supplied session id is deleted.', - ), - ); - } - - /** - * @dataProvider session_begin_attempts - */ - public function test_session_begin_valid_session($session_id, $user_id, $user_agent, $ip, $expected_sessions, $expected_cookies, $message) - { - $db = $this->new_dbal(); - $session_factory = new phpbb_session_testable_factory; - $session_factory->set_cookies(array( - '_sid' => $session_id, - '_u' => $user_id, - )); - $session_factory->merge_config_data(array( - 'session_length' => time(), // need to do this to allow sessions started at time 0 - )); - $session_factory->merge_server_data(array( - 'HTTP_USER_AGENT' => $user_agent, - 'REMOTE_ADDR' => $ip, - )); - - $session = $session_factory->get_session($db); - $session->page = array('page' => 'page', 'forum' => 0); - - $session->session_begin(); - - $sql = 'SELECT session_id, session_user_id - FROM phpbb_sessions - ORDER BY session_user_id'; - - $expected_sessions = $this->replace_session($expected_sessions, $session->session_id); - $expected_cookies = $this->replace_session($expected_cookies, $session->session_id); - - $this->assertSqlResultEquals( - $expected_sessions, - $sql, - $message - ); - - $session->check_cookies($this, $expected_cookies); - - $session_factory->check($this); - } - - /** - * Replaces recursively the value __new_session_id__ with the given session - * id. - * - * @param array $array An array of data - * @param string $session_id The new session id to use instead of the - * placeholder. - * @return array The input array with all occurances of __new_session_id__ - * replaced. - */ - public function replace_session($array, $session_id) - { - foreach ($array as $key => &$value) - { - if ($value === '__new_session_id__') - { - $value = $session_id; - } - - if (is_array($value)) - { - $value = $this->replace_session($value, $session_id); - } - } - - return $array; - } -} diff --git a/tests/session/create_test.php b/tests/session/create_test.php new file mode 100644 index 0000000000..442445599b --- /dev/null +++ b/tests/session/create_test.php @@ -0,0 +1,43 @@ +<?php +/** + * + * @package testing + * @copyright (c) 2013 phpBB Group + * @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2 + * + */ + +require_once dirname(__FILE__) . '/../test_framework/phpbb_session_test_case.php'; + +class phpbb_session_create_test extends phpbb_session_test_case +{ + public function getDataSet() + { + return $this->createXMLDataSet(dirname(__FILE__) . '/fixtures/sessions_full.xml'); + } + + static function bot($bot_agent, $user_id, $bot_ip) + { + return array(array( + 'bot_agent' => $bot_agent, + 'user_id' => $user_id, + 'bot_ip' => $bot_ip, + )); + } + + function test_bot_session() + { + $output = $this->session_facade->session_create( + false, + false, + false, + false, + array(), + 'user agent', + '127.0.0.1', + self::bot('user agent', 13, '127.0.0.1'), + '' + ); + $this->assertEquals(true, $output->data['is_bot'], 'should be a bot'); + } +} diff --git a/tests/session/creation_test.php b/tests/session/creation_test.php deleted file mode 100644 index bef52c6554..0000000000 --- a/tests/session/creation_test.php +++ /dev/null @@ -1,57 +0,0 @@ -<?php -/** -* -* @package testing -* @copyright (c) 2011 phpBB Group -* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2 -* -*/ - -require_once dirname(__FILE__) . '/../mock/cache.php'; -require_once dirname(__FILE__) . '/testable_factory.php'; - -class phpbb_session_creation_test extends phpbb_database_test_case -{ - public function getDataSet() - { - return $this->createXMLDataSet(dirname(__FILE__).'/fixtures/sessions_empty.xml'); - } - - // also see security/extract_current_page.php - - public function test_login_session_create() - { - $db = $this->new_dbal(); - $session_factory = new phpbb_session_testable_factory; - - $session = $session_factory->get_session($db); - $session->page = array('page' => 'page', 'forum' => 0); - - $session->session_create(3); - - $sql = 'SELECT session_user_id - FROM phpbb_sessions'; - - $this->assertSqlResultEquals( - array(array('session_user_id' => 3)), - $sql, - 'Check if exactly one session for user id 3 was created' - ); - - $one_year_in_seconds = 365 * 24 * 60 * 60; - $cookie_expire = $session->time_now + $one_year_in_seconds; - - $session->check_cookies($this, array( - 'u' => array(null, $cookie_expire), - 'k' => array(null, $cookie_expire), - 'sid' => array($session->session_id, $cookie_expire), - )); - - global $SID, $_SID; - $this->assertEquals($session->session_id, $_SID); - $this->assertEquals('?sid=' . $session->session_id, $SID); - - $session_factory->check($this); - } -} - diff --git a/tests/session/extract_hostname_test.php b/tests/session/extract_hostname_test.php new file mode 100644 index 0000000000..bd183fd438 --- /dev/null +++ b/tests/session/extract_hostname_test.php @@ -0,0 +1,51 @@ +<?php +/** + * + * @package testing + * @copyright (c) 2013 phpBB Group + * @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2 + * + */ + +require_once dirname(__FILE__) . '/../test_framework/phpbb_session_test_case.php'; + +class phpbb_session_extract_hostname_test extends phpbb_session_test_case +{ + public function getDataSet() + { + return $this->createXMLDataSet(dirname(__FILE__) . '/fixtures/sessions_empty.xml'); + } + + static public function extract_current_hostname_data() + { + return array ( + // [Input] $host, $server_name_config, $cookie_domain_config, [Expected] $output + // If host is ip use that + // ipv4 + array('127.0.0.1', 'skipped.org', 'skipped.org', '127.0.0.1'), + // ipv6 + array('::1', 'skipped.org', 'skipped.org', ':'), + array('2002::3235:51f9', 'skipped.org', 'skipped.org', '2002::3235'), + // If no host but server name matches cookie_domain use that + array('', 'example.org', 'example.org', 'example.org'), + // If there is a host uri use that + array('example.org', false, false, 'example.org'), + // 'best approach' guessing + array('', 'example.org', false, 'example.org'), + array('', false, '127.0.0.1', '127.0.0.1'), + array('', false, false, php_uname('n')), + ); + } + + /** @dataProvider extract_current_hostname_data */ + function test_extract_current_hostname($host, $server_name_config, $cookie_domain_config, $expected) + { + $output = $this->session_facade->extract_current_hostname( + $host, + $server_name_config, + $cookie_domain_config + ); + + $this->assertEquals($expected, $output); + } +} diff --git a/tests/session/extract_page_test.php b/tests/session/extract_page_test.php new file mode 100644 index 0000000000..6e137e28b8 --- /dev/null +++ b/tests/session/extract_page_test.php @@ -0,0 +1,165 @@ +<?php +/** + * + * @package testing + * @copyright (c) 2013 phpBB Group + * @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2 + * + */ + +require_once dirname(__FILE__) . '/../test_framework/phpbb_session_test_case.php'; + +class phpbb_session_extract_page_test extends phpbb_session_test_case +{ + public function getDataSet() + { + return $this->createXMLDataSet(dirname(__FILE__) . '/fixtures/sessions_empty.xml'); + } + + static public function extract_current_page_data() + { + return array( + array( + './', + '/phpBB/index.php', + '', + '/phpBB/', + '/', + array( + 'page_name' => 'index.php', + 'page_dir' => '', + 'query_string' => '', + 'script_path' => '/phpBB/', + 'root_script_path' => '/phpBB/', + 'page' => 'index.php', + 'forum' => 0, + ), + ), + array( + './', + '/phpBB/ucp.php', + 'mode=login', + '/phpBB/', + '/', + array( + 'page_name' => 'ucp.php', + 'page_dir' => '', + 'query_string' => 'mode=login', + 'script_path' => '/phpBB/', + 'root_script_path' => '/phpBB/', + 'page' => 'ucp.php?mode=login', + 'forum' => 0, + ), + ), + array( + './', + '/phpBB/ucp.php', + 'mode=register', + '/phpBB/', + '/', + array( + 'page_name' => 'ucp.php', + 'page_dir' => '', + 'query_string' => 'mode=register', + 'script_path' => '/phpBB/', + 'root_script_path' => '/phpBB/', + 'page' => 'ucp.php?mode=register', + 'forum' => 0, + ), + ), + array( + './', + '/phpBB/ucp.php', + 'mode=register', + '/phpBB/', + '/', + array( + 'page_name' => 'ucp.php', + 'page_dir' => '', + 'query_string' => 'mode=register', + 'script_path' => '/phpBB/', + 'root_script_path' => '/phpBB/', + 'page' => 'ucp.php?mode=register', + 'forum' => 0, + ), + ), + array( + './../', + '/phpBB/adm/index.php', + 'sid=e7215d958cdd41a6fc13509bebe53e42', + '/phpBB/adm/', + '/', + array( + 'page_name' => 'index.php', + //'page_dir' => 'adm', + // ^-- Ignored because .. returns different directory in live vs testing + 'query_string' => '', + 'script_path' => '/phpBB/adm/', + //'root_script_path' => '/phpBB/', + //'page' => 'adm/index.php', + 'forum' => 0, + ), + ), + array( + './', + '/phpBB/adm/app.php', + 'page=1&test=2', + '/phpBB/', + '/foo/bar', + array( + 'page_name' => 'app.php/foo/bar', + 'page_dir' => '', + 'query_string' => 'page=1&test=2', + 'script_path' => '/phpBB/', + 'root_script_path' => '/phpBB/', + 'page' => 'app.php/foo/bar?page=1&test=2', + 'forum' => 0, + ), + ), + array( + './../phpBB/', + '/test/test.php', + 'page=1&test=2', + '/test/', + '', + array( + 'page_name' => 'test.php', + //'page_dir' => '', + 'query_string' => 'page=1&test=2', + 'script_path' => '/test/', + //'root_script_path' => '../phpBB/', + //'page' => '../test/test.php/foo/bar?page=1&test=2', + 'forum' => 0, + ), + ), + ); + } + + /** @dataProvider extract_current_page_data */ + function test_extract_current_page($root_path, $getScriptName, $getQueryString, $getBasePath, $getPathInfo, $expected) + { + global $symfony_request; + + $symfony_request = $this->getMock("\phpbb\symfony_request", array(), array( + new phpbb_mock_request(), + )); + $symfony_request->expects($this->any()) + ->method('getScriptName') + ->will($this->returnValue($getScriptName)); + $symfony_request->expects($this->any()) + ->method('getQueryString') + ->will($this->returnValue($getQueryString)); + $symfony_request->expects($this->any()) + ->method('getBasePath') + ->will($this->returnValue($getBasePath)); + $symfony_request->expects($this->any()) + ->method('getPathInfo') + ->will($this->returnValue($getPathInfo)); + + $output = \phpbb\session::extract_current_page($root_path); + + // This compares the result of the output. + // Any keys that are not in the expected array are overwritten by the output (aka not checked). + $this->assert_array_content_equals(array_merge($output, $expected), $output); + } +} diff --git a/tests/session/fixtures/sessions_banlist.xml b/tests/session/fixtures/sessions_banlist.xml new file mode 100644 index 0000000000..e720e35f0a --- /dev/null +++ b/tests/session/fixtures/sessions_banlist.xml @@ -0,0 +1,62 @@ +<?xml version="1.0" encoding="UTF-8" ?> +<dataset> + <table name="phpbb_users"> + <column>user_id</column> + <column>username_clean</column> + <column>user_permissions</column> + <column>user_sig</column> + <row> + <value>1</value> + <value>anonymous</value> + <value></value> + <value></value> + </row> + </table> + <table name="phpbb_sessions"> + <column>session_id</column> + <column>session_user_id</column> + <column>session_ip</column> + <column>session_browser</column> + <column>session_admin</column> + <row> + <value>bar_session000000000000000000000</value> + <value>4</value> + <value>127.0.0.1</value> + <value>user agent</value> + <value>1</value> + </row> + </table> + <table name="phpbb_banlist"> + <column>ban_id</column> + <column>ban_userid</column> + <column>ban_ip</column> + <column>ban_email</column> + <column>ban_start</column> + <column>ban_end</column> + <column>ban_exclude</column> + <column>ban_reason</column> + <column>ban_give_reason</column> + <row> + <value>2</value> + <value>4</value> + <value>127.0.0.1</value> + <value>bar@example.org</value> + <value>1111</value> + <value>0</value> + <value>0</value> + <value>HAHAHA</value> + <value>1</value> + </row> + <row> + <value>3</value> + <value>0</value> + <value>127.1.1.1</value> + <value></value> + <value>1111</value> + <value>0</value> + <value>0</value> + <value>HAHAHA</value> + <value>1</value> + </row> + </table> +</dataset> diff --git a/tests/session/fixtures/sessions_empty.xml b/tests/session/fixtures/sessions_empty.xml index 0e6ddccd88..2acba58f45 100644 --- a/tests/session/fixtures/sessions_empty.xml +++ b/tests/session/fixtures/sessions_empty.xml @@ -5,31 +5,23 @@ <column>username_clean</column> <column>user_permissions</column> <column>user_sig</column> - <column>user_occ</column> - <column>user_interests</column> <row> <value>1</value> <value>anonymous</value> <value></value> <value></value> - <value></value> - <value></value> </row> <row> <value>3</value> <value>foo</value> <value></value> <value></value> - <value></value> - <value></value> </row> <row> <value>4</value> <value>bar</value> <value></value> <value></value> - <value></value> - <value></value> </row> </table> <table name="phpbb_sessions"> diff --git a/tests/session/fixtures/sessions_full.xml b/tests/session/fixtures/sessions_full.xml index 509687f4d2..4fb6b9dfd4 100644 --- a/tests/session/fixtures/sessions_full.xml +++ b/tests/session/fixtures/sessions_full.xml @@ -5,31 +5,23 @@ <column>username_clean</column> <column>user_permissions</column> <column>user_sig</column> - <column>user_occ</column> - <column>user_interests</column> <row> <value>1</value> <value>anonymous</value> <value></value> <value></value> - <value></value> - <value></value> </row> <row> <value>3</value> <value>foo</value> <value></value> <value></value> - <value></value> - <value></value> </row> <row> <value>4</value> <value>bar</value> <value></value> <value></value> - <value></value> - <value></value> </row> </table> <table name="phpbb_sessions"> @@ -37,17 +29,20 @@ <column>session_user_id</column> <column>session_ip</column> <column>session_browser</column> + <column>session_admin</column> <row> <value>anon_session00000000000000000000</value> <value>1</value> <value>127.0.0.1</value> <value>anonymous user agent</value> + <value>0</value> </row> <row> <value>bar_session000000000000000000000</value> <value>4</value> <value>127.0.0.1</value> <value>user agent</value> + <value>1</value> </row> </table> </dataset> diff --git a/tests/session/fixtures/sessions_garbage.xml b/tests/session/fixtures/sessions_garbage.xml new file mode 100644 index 0000000000..5eace839d0 --- /dev/null +++ b/tests/session/fixtures/sessions_garbage.xml @@ -0,0 +1,54 @@ +<?xml version="1.0" encoding="UTF-8" ?> +<dataset> + <table name="phpbb_users"> + <column>user_id</column> + <column>username_clean</column> + <column>user_permissions</column> + <column>user_sig</column> + <row> + <value>4</value> + <value>bar</value> + <value></value> + <value></value> + </row> + </table> + <table name="phpbb_sessions"> + <column>session_id</column> + <column>session_user_id</column> + <column>session_ip</column> + <column>session_browser</column> + <column>session_admin</column> + <row> + <value>anon_session00000000000000000000</value> + <value>1</value> + <value>127.0.0.1</value> + <value>anonymous user agent</value> + <value>0</value> + </row> + <row> + <value>bar_session000000000000000000000</value> + <value>4</value> + <value>127.0.0.1</value> + <value>user agent</value> + <value>1</value> + </row> + </table> + <table name="phpbb_login_attempts"> + <column>attempt_ip</column> + <column>attempt_browser</column> + <column>attempt_forwarded_for</column> + <column>attempt_time</column> + <column>user_id</column> + <column>username</column> + <column>username_clean</column> + <row> + <value>127.0.0.1</value> + <value>browser</value> + <value></value> + <value>0001</value> + <value>4</value> + <value>bar</value> + <value>bar</value> + </row> + </table> +</dataset> diff --git a/tests/session/fixtures/sessions_key.xml b/tests/session/fixtures/sessions_key.xml new file mode 100644 index 0000000000..4f349cd282 --- /dev/null +++ b/tests/session/fixtures/sessions_key.xml @@ -0,0 +1,40 @@ +<?xml version="1.0" encoding="UTF-8" ?> +<dataset> + <table name="phpbb_sessions_keys"> + <column>key_id</column> + <column>user_id</column> + <column>last_ip</column> + <column>last_login</column> + <row> + <value>a87ff679a2f3e71d9181a67b7542122c</value> + <value>4</value> + <value>127.0.0.1</value> + <value>0</value> + </row> + </table> + <table name="phpbb_sessions"> + <column>session_id</column> + <column>session_user_id</column> + <column>session_ip</column> + <column>session_browser</column> + <row> + <value>bar_session000000000000000000000</value> + <value>4</value> + <value>127.0.0.1</value> + <value>user agent</value> + <value>1</value> + </row> + </table> + <table name="phpbb_users"> + <column>user_id</column> + <column>username_clean</column> + <column>user_permissions</column> + <column>user_sig</column> + <row> + <value>4</value> + <value>bar</value> + <value></value> + <value></value> + </row> + </table> +</dataset> diff --git a/tests/session/garbage_collection_test.php b/tests/session/garbage_collection_test.php new file mode 100644 index 0000000000..e7d01785dd --- /dev/null +++ b/tests/session/garbage_collection_test.php @@ -0,0 +1,53 @@ +<?php +/** + * + * @package testing + * @copyright (c) 2013 phpBB Group + * @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2 + * + */ + +require_once dirname(__FILE__) . '/../test_framework/phpbb_session_test_case.php'; + +class phpbb_session_garbage_collection_test extends phpbb_session_test_case +{ + public $session; + + public function getDataSet() + { + return $this->createXMLDataSet(dirname(__FILE__) . '/fixtures/sessions_garbage.xml'); + } + + public function setUp() + { + parent::setUp(); + $this->session = $this->session_factory->get_session($this->db); + } + + public function test_cleanup_all() + { + $this->check_sessions_equals( + array( + array( + 'session_id' => 'anon_session00000000000000000000', + 'session_user_id' => 1, + ), + array( + 'session_id' => 'bar_session000000000000000000000', + 'session_user_id' => 4, + ), + ), + 'Before test, should have some sessions.' + ); + // Set session length so it clears all + global $config; + $config['session_length'] = 0; + // There is an error unless the captcha plugin is set + $config['captcha_plugin'] = 'phpbb_captcha_nogd'; + $this->session->session_gc(); + $this->check_sessions_equals( + array(), + 'After setting session time to 0, should remove all.' + ); + } +} diff --git a/tests/session/session_key_test.php b/tests/session/session_key_test.php new file mode 100644 index 0000000000..1cf2101385 --- /dev/null +++ b/tests/session/session_key_test.php @@ -0,0 +1,51 @@ +<?php +/** + * + * @package testing + * @copyright (c) 2013 phpBB Group + * @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2 + * + */ + +require_once dirname(__FILE__) . '/../test_framework/phpbb_session_test_case.php'; + +class phpbb_session_login_keys_test extends phpbb_session_test_case +{ + protected $user_id = 4; + protected $key_id = 4; + + public function getDataSet() + { + return $this->createXMLDataSet(dirname(__FILE__) . '/fixtures/sessions_key.xml'); + } + + public function test_set_key_manually() + { + // With AutoLogin setup + $this->session_factory->merge_config_data(array('allow_autologin' => true)); + $session = $this->session_factory->get_session($this->db); + // Using a user_id and key that is already in the database + $session->cookie_data['u'] = $this->user_id; + $session->cookie_data['k'] = $this->key_id; + // Try to access session + $session->session_create($this->user_id, false, $this->user_id); + + $this->assertEquals($this->user_id, $session->data['user_id'], "session should automatically login"); + } + + public function test_reset_keys() + { + // With AutoLogin setup + $this->session_factory->merge_config_data(array('allow_autologin' => true)); + $session = $this->session_factory->get_session($this->db); + // Reset of the keys for this user + $session->reset_login_keys($this->user_id); + // Using a user_id and key that was in the database (before reset) + $session->cookie_data['u'] = $this->user_id; + $session->cookie_data['k'] = $this->key_id; + // Try to access session + $session->session_create($this->user_id, false, $this->user_id); + + $this->assertNotEquals($this->user_id, $session->data['user_id'], "session should be cleared"); + } +} diff --git a/tests/session/testable_facade.php b/tests/session/testable_facade.php new file mode 100644 index 0000000000..2600a46cc4 --- /dev/null +++ b/tests/session/testable_facade.php @@ -0,0 +1,126 @@ +<?php +/** + * + * @package testing + * @copyright (c) 2013 phpBB Group + * @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2 + * + */ + +require_once dirname(__FILE__) . '/testable_factory.php'; +require_once dirname(__FILE__) . '/../../phpBB/phpbb/session.php'; + +/** + * This class exists to expose session.php's functions in a more testable way. + * + * Since many functions in session.php have global variables inside the function, + * this exposes those functions through a testable facade that uses + * testable_factory's mock global variables to modify global variables used in + * the functions. + * + * This is using the facade pattern to provide a testable "front" to the + * functions in sessions.php. + * + */ +class phpbb_session_testable_facade +{ + protected $db; + protected $session_factory; + + function __construct($db, $session_factory) + { + $this->db = $db; + $this->session_factory = $session_factory; + } + + function extract_current_hostname( + $host, + $server_name_config, + $cookie_domain_config + ) + { + $session = $this->session_factory->get_session($this->db); + global $config, $request; + $config['server_name'] = $server_name_config; + $config['cookie_domain'] = $cookie_domain_config; + $request->overwrite('SERVER_NAME', $host, \phpbb\request\request_interface::SERVER); + $request->overwrite('Host', $host, \phpbb\request\request_interface::SERVER); + // Note: There is a php_uname function used as a fallthrough + // that this function doesn't override + return $session->extract_current_hostname(); + } + + /** + * + * This function has a lot of dependencies, so instead of naming them all, + * just ask for overrides + * + * @param update_session_page Boolean of whether to set page of the session + * @param config_overrides An array of overrides for the global config object + * @param request_overrides An array of overrides for the global request object + * @return boolean False if the user is identified, otherwise true. + */ + function session_begin( + $update_session_page = true, + $config_overrides = array(), + $request_overrides = array(), + $cookies_overrides = array() + ) + { + $this->session_factory->merge_config_data($config_overrides); + $this->session_factory->merge_server_data($request_overrides); + $this->session_factory->set_cookies($cookies_overrides); + $session = $this->session_factory->get_session($this->db); + $session->session_begin($update_session_page); + return $session; + } + + function session_create( + $user_id = false, + $set_admin = false, + $persist_login = false, + $viewonline = true, + array $config_overrides = array(), + $user_agent = 'user agent', + $ip_address = '127.0.0.1', + array $bot_overrides = array(), + $uri_sid = "" + ) + { + $this->session_factory->merge_config_data($config_overrides); + // Bots + $this->session_factory->merge_cache_data(array('_bots' => $bot_overrides)); + global $request; + $session = $this->session_factory->get_session($this->db); + $session->browser = $user_agent; + $session->ip = $ip_address; + // Uri sid + if ($uri_sid) + { + $_GET['sid'] = $uri_sid; + } + $session->session_create($user_id, $set_admin, $persist_login, $viewonline); + return $session; + } + + function validate_referer( + $check_script_path, + $referer, + $host, + $force_server_vars, + $server_port, + $server_name, + $root_script_path + ) + { + $session = $this->session_factory->get_session($this->db); + global $config, $request; + $session->referer = $referer; + $session->page['root_script_path'] = $root_script_path; + $session->host = $host; + $config['force_server_vars'] = $force_server_vars; + $config['server_name'] = $server_name; + $request->overwrite('SERVER_PORT', $server_port, \phpbb\request\request_interface::SERVER); + return $session->validate_referer($check_script_path); + } +} diff --git a/tests/session/testable_factory.php b/tests/session/testable_factory.php index 00f79738ef..c968012edf 100644 --- a/tests/session/testable_factory.php +++ b/tests/session/testable_factory.php @@ -2,12 +2,13 @@ /** * * @package testing -* @copyright (c) 2011 phpBB Group +* @copyright (c) 2013 phpBB Group * @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2 * */ -require_once dirname(__FILE__) . '/../mock/session_testable.php'; +require_once dirname(__FILE__) . '/../mock/container_builder.php'; +require_once dirname(__FILE__) . '/../mock/auth_provider.php'; /** * This class exists to setup an instance of phpbb's session class for testing. @@ -18,12 +19,14 @@ require_once dirname(__FILE__) . '/../mock/session_testable.php'; */ class phpbb_session_testable_factory { + protected $container; protected $config_data; protected $cache_data; protected $cookies; protected $config; protected $cache; + protected $request; /** * Initialises the factory with a set of default config and cache values. @@ -60,22 +63,35 @@ class phpbb_session_testable_factory /** * Retrieve the configured session class instance * - * @param dbal $dbal The database connection to use for session data + * @param \phpbb\db\driver\driver_interface $dbal The database connection to use for session data * @return phpbb_mock_session_testable A session instance */ - public function get_session(dbal $dbal) + public function get_session(\phpbb\db\driver\driver_interface $dbal) { // set up all the global variables used by session - global $SID, $_SID, $db, $config, $cache; + global $SID, $_SID, $db, $config, $cache, $request, $phpbb_container; + + $request = $this->request = new phpbb_mock_request( + array(), + array(), + $this->cookies, + $this->server_data + ); + request_var(null, null, null, null, $request); + + $config = $this->config = new \phpbb\config\config($this->get_config_data()); + set_config(null, null, null, $config); - $config = $this->config = $this->get_config_data(); $db = $dbal; $cache = $this->cache = new phpbb_mock_cache($this->get_cache_data()); $SID = $_SID = null; - $_COOKIE = $this->cookies; - $_SERVER = $this->server_data; + $phpbb_container = $this->container = new phpbb_mock_container_builder(); + $phpbb_container->set( + 'auth.provider.db', + new phpbb_mock_auth_provider() + ); $session = new phpbb_mock_session_testable; return $session; @@ -159,6 +175,32 @@ class phpbb_session_testable_factory } /** + * Set cookies, merge config and server data in one step. + * + * New values overwrite old ones. + * + * @param $session_id + * @param $user_id + * @param $user_agent + * @param $ip + * @param int $time + */ + public function merge_test_data($session_id, $user_id, $user_agent, $ip, $time = 0) + { + $this->set_cookies(array( + '_sid' => $session_id, + '_u' => $user_id, + )); + $this->merge_config_data(array( + 'session_length' => time() + $time, // need to do this to allow sessions started at time 0 + )); + $this->merge_server_data(array( + 'HTTP_USER_AGENT' => $user_agent, + 'REMOTE_ADDR' => $ip, + )); + } + + /** * Retrieve all server variables to be passed to the session. * * @return array Server variables diff --git a/tests/session/unset_admin_test.php b/tests/session/unset_admin_test.php new file mode 100644 index 0000000000..1d5b1759ab --- /dev/null +++ b/tests/session/unset_admin_test.php @@ -0,0 +1,48 @@ +<?php +/** + * + * @package testing + * @copyright (c) 2013 phpBB Group + * @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2 + * + */ + +require_once dirname(__FILE__) . '/../test_framework/phpbb_session_test_case.php'; + +class phpbb_session_unset_admin_test extends phpbb_session_test_case +{ + public function getDataSet() + { + return $this->createXMLDataSet(dirname(__FILE__) . '/fixtures/sessions_full.xml'); + } + + function get_test_session() + { + return $this->session_facade->session_begin( + true, + // Config + array( + 'session_length' => time(), // need to do this to allow sessions started at time 0 + ), + // Server + array( + 'HTTP_USER_AGENT' => "user agent", + 'REMOTE_ADDR' => "127.0.0.1", + ), + // Cookies + array( + '_sid' => 'bar_session000000000000000000000', + '_u' => 4, + ) + ); + } + + public function test_unset_admin() + { + $session = $this->get_test_session(); + $this->assertEquals(1, $session->data['session_admin'], 'should be an admin before test starts'); + $session->unset_admin(); + $session = $this->get_test_session(); + $this->assertEquals(0, $session->data['session_admin'], 'should be not be an admin after unset_admin'); + } +} diff --git a/tests/session/validate_referrer_test.php b/tests/session/validate_referrer_test.php new file mode 100644 index 0000000000..a302229287 --- /dev/null +++ b/tests/session/validate_referrer_test.php @@ -0,0 +1,70 @@ +<?php +/** + * + * @package testing + * @copyright (c) 2013 phpBB Group + * @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2 + * + */ + +require_once dirname(__FILE__) . '/../test_framework/phpbb_session_test_case.php'; + +class phpbb_session_validate_referrer_test extends phpbb_session_test_case +{ + public function getDataSet() + { + return $this->createXMLDataSet(dirname(__FILE__) . '/fixtures/sessions_empty.xml'); + } + + static function referrer_inputs() + { + $ex = "example.org"; + $alt = "example.com"; + return array( + // checkpath referrer host forcevars port servername rootpath pass? + // 0 Referrer or host wasn't collected, therefore should validate + array(false, '', $ex, false, 80, $ex, '', true), + array(false, $ex, '', false, 80, $ex, '', true), + // 2 Referrer doesn't match host or server_name + array(false, $alt, $ex, false, 80, $ex, '', false), + // 3 Everything should check out + array(false, $ex, $ex, false, 80, $ex, '', true), + // 4 Check Script Path + array(true, $ex, $ex, false, 80, $ex, '', true), + array(true, "$ex/foo", $ex, false, 80, $ex, "/foo", true), + array(true, "$ex/bar", $ex, false, 80, $ex, "/foo", false), + // 7 Port (This is not checked unless path is checked) + array(true, "$ex:80/foo", "$ex:80", false, 80, "$ex:80", "/foo", true), + array(true, "$ex:80/bar", "$ex:80", false, 80, "$ex:80", "/foo", false), + array(true, "$ex:79/foo", "$ex:81", false, 81, "$ex:81", "/foo", false), + ); + } + + /** @dataProvider referrer_inputs */ + function test_referrer_inputs( + $check_script_path, + $referrer, + $host, + $force_server_vars, + $server_port, + $server_name, + $root_script_path, + $pass_or_fail + ) + { + // Referrer needs http:// because it's going to get stripped in function. + $referrer = $referrer ? 'http://' . $referrer : ''; + $this->assertEquals( + $pass_or_fail, + $this->session_facade->validate_referer( + $check_script_path, + $referrer, + $host, + $force_server_vars, + $server_port, + $server_name, + $root_script_path + ), + "referrer should" . ($pass_or_fail ? '' : "n't") . " be validated"); + } +} |