+<?php

+/**

+*

+* @package testing

+* @copyright (c) 2011 phpBB Group

+* @license http://opensource.org/licenses/gpl-license.php GNU Public License

+*

+*/

+

+require_once dirname(__FILE__) . '/../mock/cache.php';

+require_once dirname(__FILE__) . '/testable_factory.php';

+

+class phpbb_session_continue_test extends phpbb_database_test_case

+{

+ public function getDataSet()

+ {

+ return $this->createXMLDataSet(dirname(__FILE__).'/fixtures/sessions_full.xml');

+ }

+

+ static public function session_begin_attempts()

+ {

+ return array(

+ array(

+ 'bar_session', '4', 'user agent', '127.0.0.1',

+ array(

+ array('session_id' => 'anon_session', 'session_user_id' => 1),

+ array('session_id' => 'bar_session', 'session_user_id' => 4),

+ ),

+ array(),

+ 'If a request comes with a valid session id with matching user agent and IP, no new session should be created.',

+ ),

+ array(

+ 'anon_session', '4', 'user agent', '127.0.0.1',

+ array(

+ array('session_id' => '__new_session_id__', 'session_user_id' => 1), // use generated SID

+ array('session_id' => 'bar_session', 'session_user_id' => 4),

+ ),

+ array(

+ 'u' => array('1', null),

+ 'k' => array(null, null),

+ 'sid' => array('__new_session_id__', null),

+ ),

+ 'If a request comes with a valid session id and IP but different user id and user agent, a new anonymous session is created and the session matching the supplied session id is deleted.',

+ ),

+ );

+ }

+

+ /**

+ * @dataProvider session_begin_attempts

+ */

+ public function test_session_begin_valid_session($session_id, $user_id, $user_agent, $ip, $expected_sessions, $expected_cookies, $message)

+ {

+ $db = $this->new_dbal();

+ $session_factory = new phpbb_session_testable_factory;

+ $session_factory->set_cookies(array(

+ '_sid' => $session_id,

+ '_u' => $user_id,

+ ));

+ $session_factory->merge_config_data(array(

+ 'session_length' => time(), // need to do this to allow sessions started at time 0

+ ));

+ $session_factory->merge_server_data(array(

+ 'HTTP_USER_AGENT' => $user_agent,

+ 'REMOTE_ADDR' => $ip,

+ ));

+

+ $session = $session_factory->get_session($db);

+ $session->page = array('page' => 'page', 'forum' => 0);

+

+ $session->session_begin();

+

+ $sql = 'SELECT session_id, session_user_id

+ FROM phpbb_sessions

+ ORDER BY session_user_id';

+

+ $expected_sessions = $this->replace_session($expected_sessions, $session->session_id);

+ $expected_cookies = $this->replace_session($expected_cookies, $session->session_id);

+

+ $this->assertSqlResultEquals(

+ $expected_sessions,

+ $sql,

+ $message

+ );

+

+ $session->check_cookies($this, $expected_cookies);

+

+ $session_factory->check($this);

+ }

+

+ /**

+ * Replaces recursively the value __new_session_id__ with the given session

+ * id.

+ *

+ * @param array $array An array of data

+ * @param string $session_id The new session id to use instead of the

+ * placeholder.

+ * @return array The input array with all occurances of __new_session_id__

+ * replaced.

+ */

+ public function replace_session($array, $session_id)

+ {

+ foreach ($array as $key => &$value)

+ {

+ if ($value === '__new_session_id__')

+ {

+ $value = $session_id;

+ }

+

+ if (is_array($value))

+ {

+ $value = $this->replace_session($value, $session_id);

+ }

+ }

+

+ return $array;

+ }

+}

+ <table name="phpbb_sessions">

+ <column>session_id</column>

+ <column>session_user_id</column>

+ <column>session_ip</column>

+ <column>session_browser</column>

+ </table>

+<?php

+/**

+*

+* @package testing

+* @copyright (c) 2011 phpBB Group

+* @license http://opensource.org/licenses/gpl-license.php GNU Public License

+*

+*/

+

+require_once dirname(__FILE__) . '/../mock/cache.php';

+require_once dirname(__FILE__) . '/testable_factory.php';

+

+class phpbb_session_init_test extends phpbb_database_test_case

+{

+ public function getDataSet()

+ {

+ return $this->createXMLDataSet(dirname(__FILE__).'/fixtures/sessions_empty.xml');

+ }

+

+ // also see security/extract_current_page.php

+

+ public function test_login_session_create()

+ {

+ $db = $this->new_dbal();

+ $session_factory = new phpbb_session_testable_factory;

+

+ $session = $session_factory->get_session($db);

+ $session->page = array('page' => 'page', 'forum' => 0);

+

+ $session->session_create(3);

+

+ $sql = 'SELECT session_user_id

+ FROM phpbb_sessions';

+

+ $this->assertSqlResultEquals(

+ array(array('session_user_id' => 3)),

+ $sql,

+ 'Check if exacly one session for user id 3 was created'

+ );

+

+ $cookie_expire = $session->time_now + 31536000; // default is one year

+

+ $session->check_cookies($this, array(

+ 'u' => array(null, $cookie_expire),

+ 'k' => array(null, $cookie_expire),

+ 'sid' => array($session->session_id, $cookie_expire),

+ ));

+

+ global $SID, $_SID;

+ $this->assertEquals($session->session_id, $_SID);

+ $this->assertEquals('?sid=' . $session->session_id, $SID);

+

+ $session_factory->check($this);

+ }

+}

+

+<?php

+/**

+*

+* @package testing

+* @copyright (c) 2011 phpBB Group

+* @license http://opensource.org/licenses/gpl-license.php GNU Public License

+*

+*/

+

+require_once dirname(__FILE__) . '/../mock/session_testable.php';

+

+/**

+* This class exists to setup an instance of phpbb's session class for testing.

+*

+* The session class has rather complex dependencies, so in order to make its

+* tests more * understandable and to make its dependencies more visible this

+* factory class sets up all the necessary global state & variable contents.

+*/

+class phpbb_session_testable_factory

+{

+ protected $config_data;

+ protected $cache_data;

+ protected $cookies;

+

+ protected $config;

+ protected $cache;

+

+ /**

+ * Initialises the factory with a set of default config and cache values.

+ */

+ public function __construct()

+ {

+ // default configuration values

+ $this->config_data = array(

+ 'allow_autologin' => false,

+ 'auth_method' => 'db',

+ 'forwarded_for_check' => true,

+ 'active_sessions' => 0, // disable

+ 'rand_seed' => 'foo',

+ 'rand_seed_last_update' => 0,

+ 'max_autologin_time' => 0,

+ 'session_length' => 100,

+ 'form_token_lifetime' => 100,

+ 'cookie_name' => '',

+ 'limit_load' => 0,

+ 'limit_search_load' => 0,

+ 'ip_check' => 3,

+ 'browser_check' => 1,

+ );

+

+ $this->cache_data = array(

+ '_bots' => array(),

+ );

+

+ $this->cookies = array();

+

+ $this->server_data = $_SERVER;

+ }

+

+ /**

+ * Retrieve the configured session class instance

+ *

+ * @param dbal $dbal The database connection to use for session data

+ * @return phpbb_mock_session_testable A session instance

+ */

+ public function get_session(dbal $dbal)

+ {

+ // set up all the global variables used by session

+ global $SID, $_SID, $db, $config, $cache;

+

+ $config = $this->config = $this->get_config_data();

+ $db = $dbal;

+

+ $cache = $this->cache = new phpbb_mock_cache($this->get_cache_data());

+ $SID = $_SID = null;

+

+ $_COOKIE = $this->cookies;

+ $_SERVER = $this->server_data;

+

+ $session = new phpbb_mock_session_testable;

+ return $session;

+ }

+

+ /**

+ * Set the cookies which should be present in the request data.

+ *

+ * @param array $cookies The cookie data, structured like $_COOKIE contents.

+ */

+ public function set_cookies(array $cookies)

+ {

+ $this->cookies = $cookies;

+ }

+

+ /**

+ * Check if the cache used for the generated session contains correct data.

+ *

+ * @param PHPUnit_Framework_Assert $test The test case to call assert methods

+ * on

+ */

+ public function check(PHPUnit_Framework_Assert $test)

+ {

+ $this->cache->check($test, $this->get_cache_data());

+ }

+

+ /**

+ * Merge config data with the current config data to be supplied to session.

+ *

+ * New values overwrite new ones.

+ *

+ * @param array $config_data The config data to merge with previous data

+ */

+ public function merge_config_data(array $config_data)

+ {

+ $this->config_data = array_merge($this->config_data, $config_data);

+ }

+

+ /**

+ * Retrieve the entire config data to be passed to the session.

+ *

+ * @return array Configuration

+ */

+ public function get_config_data()

+ {

+ return $this->config_data;

+ }

+

+ /**

+ * Merge the cache contents with more data.

+ *

+ * New values overwrite old ones.

+ *

+ * @param array $cache_data The additional cache data

+ */

+ public function merge_cache_data(array $cache_data)

+ {

+ $this->cache_data = array_merge($this->cache_data, $cache_data);

+ }

+

+ /**

+ * Retrieve the entire cache data to be passed to the session.

+ *

+ * @return array Cache contents

+ */

+ public function get_cache_data()

+ {

+ return $this->cache_data;

+ }

+

+ /**

+ * Merge the current server info ($_SERVER) with more data.

+ *

+ * New values overwrite old ones.

+ *

+ * @param array $server_data The additional server variables

+ */

+ public function merge_server_data($server_data)

+ {

+ return $this->server_data = array_merge($this->server_data, $server_data);

+ }

+

+ /**

+ * Retrieve all server variables to be passed to the session.

+ *

+ * @return array Server variables

+ */

+ public function get_server_data()

+ {

+ return $this->server_data;

+ }

+}

+