just pushing so I can rebase zzz
This commit is contained in:
xisi
parent
d57aed4049
commit
7393f21d01
@ -118,4 +118,4 @@ if (!@$supress_master) $smarty->display($master_template, $smarty_cache_key);
|
||||
// Unset any temporary values here
|
||||
unset($_SESSION['POPUP']);
|
||||
|
||||
?>
|
||||
?>
|
||||
|
||||
10
tests/config.dist.php
Normal file
10
tests/config.dist.php
Normal file
@ -0,0 +1,10 @@
|
||||
<?php
|
||||
|
||||
// full path to mpos public directory, with trailing slash
|
||||
define('BASEPATH', '');
|
||||
|
||||
// choose which mpos config to test against, dist or real
|
||||
// 0 = dist, 1 = real
|
||||
define('DIST_OR_REAL_CONFIG', 1);
|
||||
|
||||
?>
|
||||
@ -1,7 +1,6 @@
|
||||
<?php
|
||||
|
||||
// full path to mpos public directory, with trailing slash
|
||||
// haven't been able to set this to __DIR__ + changing bootstrap to have the tests work, so full path seems best
|
||||
define('BASEPATH', '/var/www/php-mpos-allbranches/php-mpos/public/');
|
||||
|
||||
// choose which config to test against, dist or real
|
||||
|
||||
@ -3,8 +3,11 @@
|
||||
<testsuite name="SampleTest">
|
||||
<directory>unit/config</directory>
|
||||
</testsuite>
|
||||
<testsuite name="SecurityRegress">
|
||||
<directory>unit/securityregress/SecurityRegress.php</directory>
|
||||
<testsuite name="Security_CSRFToken">
|
||||
<directory>unit/securityregress/Security_CSRFToken.php</directory>
|
||||
</testsuite>
|
||||
<testsuite name="Security_Sessions">
|
||||
<directory>unit/securityregress/Security_Sessions.php</directory>
|
||||
</testsuite>
|
||||
</testsuites>
|
||||
</phpunit>
|
||||
@ -1,13 +0,0 @@
|
||||
<?php
|
||||
|
||||
class TestSecurityRegress extends PHPUnit_Framework_Testcase {
|
||||
/**
|
||||
* CSRFToken tests
|
||||
*/
|
||||
function testCSRFTokenSuccess() {
|
||||
global $config;
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
?>
|
||||
46
tests/unit/securityregress/Security_CSRFToken.php
Normal file
46
tests/unit/securityregress/Security_CSRFToken.php
Normal file
@ -0,0 +1,46 @@
|
||||
<?php
|
||||
|
||||
class Security_CSRFToken extends PHPUnit_Framework_Testcase {
|
||||
/**
|
||||
* Tests if a CSRF token succeeds for a matching user and type
|
||||
*/
|
||||
function testCSRFToken_success() {
|
||||
global $config;
|
||||
global $user;
|
||||
global $csrftoken;
|
||||
|
||||
// no delay
|
||||
// TODO: simulate delay without a sleep ? test length
|
||||
$created_token = $csrftoken->getBasic($user->getCurrentIP(), 'test-token');
|
||||
$test_token = $csrftoken->checkBasic($user->getCurrentIP(), 'test-token', $created_token);
|
||||
$this->assertTrue($test_token);
|
||||
$this->assertAttributeEquals($csrftoken->valid, true);
|
||||
}
|
||||
|
||||
/**
|
||||
* Tests if a CSRF token correctly fails
|
||||
*/
|
||||
function testCSRFToken_fail() {
|
||||
global $config;
|
||||
global $user;
|
||||
global $csrftoken;
|
||||
|
||||
// differing user
|
||||
$created_token = $csrftoken->getBasic('not the same', 'test-token');
|
||||
$test_token = $csrftoken->checkBasic($user->getCurrentIP(), 'test-token', $created_token);
|
||||
$this->assertFalse($test_token);
|
||||
|
||||
// differing type
|
||||
$created_token2 = $csrftoken->getBasic($user->getCurrentIP(), 'not the same');
|
||||
$test_token2 = $csrftoken->checkBasic($user->getCurrentIP(), 'test-token', $created_token2);
|
||||
$this->assertFalse($test_token2);
|
||||
|
||||
// token slightly shortened
|
||||
$created_token3 = $csrftoken->getBasic($user->getCurrentIP(), 'test-token');
|
||||
$created_token3 = substr($created_token3, 0, (strlen($created_token3)-1));
|
||||
$test_token3 = $csrftoken->checkBasic($user->getCurrentIP(), 'test-token', $created_token3);
|
||||
$this->assertFalse($test_token3);
|
||||
}
|
||||
}
|
||||
|
||||
?>
|
||||
30
tests/unit/securityregress/Security_Sessions.php
Normal file
30
tests/unit/securityregress/Security_Sessions.php
Normal file
@ -0,0 +1,30 @@
|
||||
<?php
|
||||
|
||||
class Security_Sessions extends PHPUnit_Framework_Testcase {
|
||||
/**
|
||||
* Tests if our current session checking will throw errors or take a malformed id
|
||||
*/
|
||||
function testSessions_destruction_malformed_id() {
|
||||
global $config;
|
||||
|
||||
$malformed_ids = array(
|
||||
"",
|
||||
"'",
|
||||
"9881o1ke7ia4k5*p1k28e6utg0"
|
||||
);
|
||||
|
||||
foreach ($malformed_ids as $mid) {
|
||||
session_set_cookie_params(time()+$config['cookie']['duration'], $config['cookie']['path'], $config['cookie']['domain'], $config['cookie']['secure'], $config['cookie']['httponly']);
|
||||
$session_start = @session_start();
|
||||
if (!$session_start) {
|
||||
session_destroy();
|
||||
session_regenerate_id(true);
|
||||
session_start();
|
||||
}
|
||||
@setcookie(session_name(), session_id(), time()+$config['cookie']['duration'], $config['cookie']['path'], $config['cookie']['domain'], $config['cookie']['secure'], $config['cookie']['httponly']);
|
||||
$this->assertNotEquals($mid, session_id());
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
?>
|
||||
Loading…
Reference in New Issue
Block a user