RanchiMall/php-mpos
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

just pushing so I can rebase zzz

Browse Source
This commit is contained in:
xisi 2014-01-24 18:49:06 -05:00
parent d57aed4049
commit 7393f21d01
7 changed files with 92 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
public/index.php
View File

@ -118,4 +118,4 @@ if (!@$supress_master) $smarty->display($master_template, $smarty_cache_key);
// Unset any temporary values here // Unset any temporary values here
unset($_SESSION['POPUP']); unset($_SESSION['POPUP']);
?> ?>

10
tests/config.dist.php Normal file
View File

@ -0,0 +1,10 @@
<?php
// full path to mpos public directory, with trailing slash
define('BASEPATH', '');
// choose which mpos config to test against, dist or real
// 0 = dist, 1 = real
define('DIST_OR_REAL_CONFIG', 1);
?>

1
tests/config.php
View File

@ -1,7 +1,6 @@
<?php <?php
// full path to mpos public directory, with trailing slash // full path to mpos public directory, with trailing slash
// haven't been able to set this to __DIR__ + changing bootstrap to have the tests work, so full path seems best
define('BASEPATH', '/var/www/php-mpos-allbranches/php-mpos/public/'); define('BASEPATH', '/var/www/php-mpos-allbranches/php-mpos/public/');
// choose which config to test against, dist or real // choose which config to test against, dist or real

7
tests/phpunit.xml
View File

@ -3,8 +3,11 @@
<testsuite name="SampleTest"> <testsuite name="SampleTest">
<directory>unit/config</directory> <directory>unit/config</directory>
</testsuite> </testsuite>
<testsuite name="SecurityRegress"> <testsuite name="Security_CSRFToken">
<directory>unit/securityregress/SecurityRegress.php</directory> <directory>unit/securityregress/Security_CSRFToken.php</directory>
</testsuite>
<testsuite name="Security_Sessions">
<directory>unit/securityregress/Security_Sessions.php</directory>
</testsuite> </testsuite>
</testsuites> </testsuites>
</phpunit> </phpunit>

13
tests/unit/securityregress/SecurityRegress.php
View File

@ -1,13 +0,0 @@
<?php
class TestSecurityRegress extends PHPUnit_Framework_Testcase {
/**
* CSRFToken tests
*/
function testCSRFTokenSuccess() {
global $config;
}
}
?>

46
tests/unit/securityregress/Security_CSRFToken.php Normal file
View File

@ -0,0 +1,46 @@
<?php
class Security_CSRFToken extends PHPUnit_Framework_Testcase {
/**
* Tests if a CSRF token succeeds for a matching user and type
*/
function testCSRFToken_success() {
global $config;
global $user;
global $csrftoken;
// no delay
// TODO: simulate delay without a sleep ? test length
$created_token = $csrftoken->getBasic($user->getCurrentIP(), 'test-token');
$test_token = $csrftoken->checkBasic($user->getCurrentIP(), 'test-token', $created_token);
$this->assertTrue($test_token);
$this->assertAttributeEquals($csrftoken->valid, true);
}
/**
* Tests if a CSRF token correctly fails
*/
function testCSRFToken_fail() {
global $config;
global $user;
global $csrftoken;
// differing user
$created_token = $csrftoken->getBasic('not the same', 'test-token');
$test_token = $csrftoken->checkBasic($user->getCurrentIP(), 'test-token', $created_token);
$this->assertFalse($test_token);
// differing type
$created_token2 = $csrftoken->getBasic($user->getCurrentIP(), 'not the same');
$test_token2 = $csrftoken->checkBasic($user->getCurrentIP(), 'test-token', $created_token2);
$this->assertFalse($test_token2);
// token slightly shortened
$created_token3 = $csrftoken->getBasic($user->getCurrentIP(), 'test-token');
$created_token3 = substr($created_token3, 0, (strlen($created_token3)-1));
$test_token3 = $csrftoken->checkBasic($user->getCurrentIP(), 'test-token', $created_token3);
$this->assertFalse($test_token3);
}
}
?>

30
tests/unit/securityregress/Security_Sessions.php Normal file
View File

@ -0,0 +1,30 @@
<?php
class Security_Sessions extends PHPUnit_Framework_Testcase {
/**
* Tests if our current session checking will throw errors or take a malformed id
*/
function testSessions_destruction_malformed_id() {
global $config;
$malformed_ids = array(
"",
"'",
"9881o1ke7ia4k5*p1k28e6utg0"
);
foreach ($malformed_ids as $mid) {
session_set_cookie_params(time()+$config['cookie']['duration'], $config['cookie']['path'], $config['cookie']['domain'], $config['cookie']['secure'], $config['cookie']['httponly']);
$session_start = @session_start();
if (!$session_start) {
session_destroy();
session_regenerate_id(true);
session_start();
}
@setcookie(session_name(), session_id(), time()+$config['cookie']['duration'], $config['cookie']['path'], $config['cookie']['domain'], $config['cookie']['secure'], $config['cookie']['httponly']);
$this->assertNotEquals($mid, session_id());
}
}
}
?>