source: trunk/tests/AuthSQLTest.php

Last change on this file was 541, checked in by anonymous, 9 years ago

v2.2.0-3: Fixed auth password hashing verification issues. Updated hyperlinkTxt() with option. Updated tests.
File size: 10.3 KB
Line 
1<?php
2/**
3 * The Strangecode Codebase - a general application development framework for PHP
4 * For details visit the project site: <http://trac.strangecode.com/codebase/>
5 * Copyright 2001-2012 Strangecode, LLC
6 *
7 * This file is part of The Strangecode Codebase.
8 *
9 * The Strangecode Codebase is free software: you can redistribute it and/or
10 * modify it under the terms of the GNU General Public License as published by the
11 * Free Software Foundation, either version 3 of the License, or (at your option)
12 * any later version.
13 *
14 * The Strangecode Codebase is distributed in the hope that it will be useful, but
15 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
16 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
17 * details.
18 *
19 * You should have received a copy of the GNU General Public License along with
20 * The Strangecode Codebase. If not, see <http://www.gnu.org/licenses/>.
21 */
22
23/**
24 * PHPUnit test case for codebase/lib/Auth_SQL.inc.php
25 *
26 * The method skeletons below need to be filled in with
27 * real data so that the tests will run correctly. Replace
28 * all EXPECTED_VAL and PARAM strings with real data.
29 *
30 * Created with PHPUnit_Skeleton on 2005-08-09
31 */
32class AuthSQLTest extends PHPUnit_Framework_TestCase {
33
34    var $Auth_SQL;
35
36    static $shared_session;
37
38    function setUp()
39    {
40        require dirname(__FILE__) . '/_config.inc.php';
41        require_once '../lib/Auth_SQL.inc.php';
42        $this->Auth_SQL = new Auth_SQL('testauth');
43        $this->Auth_SQL->setParam(array(
44            'db_table'          => 'test_user_tbl',
45            'db_primary_key'    => 'user_id',
46            'db_login_table'    => 'test_login_tbl',
47            'login_url'         => '/login.php',
48            'blocking'          => true,
49            'encryption_type' => Auth_SQL::ENCRYPT_MD5_HARDENED,
50        ));
51
52        // Use fresh user table.
53        $this->Auth_SQL->initDB(true);
54
55        // Insert test data.
56        $db =& DB::getInstance();
57        $db->query("
58            INSERT INTO test_user_tbl (
59                username,
60                userpass,
61                first_name,
62                last_name,
63                email
64            ) VALUES (
65                'testuser',
66                '" . $this->Auth_SQL->encryptPassword('testpass') . "',
67                'John',
68                'Doe',
69                'root@localhost'
70            )
71        ");
72        $_SESSION = AuthSQLTest::$shared_session;
73
74        // Sessions require client IP addr.
75        $_SERVER['REMOTE_ADDR'] = '127.0.0.1';
76    }
77
78    function tearDown()
79    {
80        $db =& DB::getInstance();
81
82        unset($this->Auth_SQL);
83        $db->query("DROP TABLE IF EXISTS test_user_tbl");
84        $db->query("DROP TABLE IF EXISTS test_login_tbl");
85        AuthSQLTest::$shared_session = $_SESSION;
86    }
87
88    function test_set()
89    {
90        $this->Auth_SQL->set('testuserkey', 'testuserval');
91        $this->assertEquals('testuserval', $_SESSION['_auth_sql']['testauth']['user_data']['testuserkey']);
92    }
93
94    function test_get()
95    {
96        $_SESSION['_auth_sql']['testauth']['user_data']['testuserkey'] = 'testuserval';
97        $val = $this->Auth_SQL->get('testuserkey');
98        $this->assertEquals('testuserval', $val);
99    }
100
101    function test_setparam()
102    {
103        $this->Auth_SQL->setParam(array(
104            'login_url'         => 'testloginurl.php'
105        ));
106        $this->assertEquals('testloginurl.php', $this->Auth_SQL->getParam('login_url'));
107    }
108
109    function test_getparam()
110    {
111        //$this->Auth_SQL->_params['login_url'] = 'testloginurl.php';
112        $this->Auth_SQL->setParam(array(
113            'login_url'         => 'testloginurl.php'
114        ));
115        $param = $this->Auth_SQL->getParam('login_url');
116        $this->assertEquals('testloginurl.php', $param);
117    }
118
119    function test_clear()
120    {
121        $login = $this->Auth_SQL->login('testuser', 'testpass');
122        $this->assertTrue($login, 'User login failed, but should have succeeded.');
123        $before_logged_in = $this->Auth_SQL->isloggedin();
124        $this->assertTrue($before_logged_in, 'User is not logged in, but should be.');
125        $this->Auth_SQL->clear();
126        $after_logged_in = $this->Auth_SQL->isloggedin();
127        $this->assertFalse($after_logged_in, 'User is still logged in but should not be.');
128    }
129
130    function test_authenticate()
131    {
132        $true = $this->Auth_SQL->authenticate('testuser', 'testpass');
133        $this->assertInternalType('array', $true, 'User login failed, but should have succeeded.');
134
135        // Testing wrong password.
136        $false = $this->Auth_SQL->authenticate('testuser', 'wrongpass');
137
138        $this->assertfalse($false, 'User login succeeded, but should have failed.');
139    }
140
141    function test_login_and_isLoggedIn()
142    {
143        $login = $this->Auth_SQL->login('testuser', 'testpass');
144        $this->assertTrue($login, '1. User login failed, but should have succeeded.');
145        $before_logged_in = $this->Auth_SQL->isloggedin();
146        $this->assertTrue($before_logged_in, '2. User is not logged in, but should be.');
147        $this->Auth_SQL->clear();
148        $after_logged_in = $this->Auth_SQL->isloggedin();
149        $this->assertFalse($after_logged_in, '3. User is still logged in but should not be.');
150
151        // Testing wrong password.
152        $login2 = $this->Auth_SQL->login('testuser', 'wrongpass');
153        $this->assertFalse($login2, '4. User login succeeded, but should have failed.');
154        $before_logged_in2 = $this->Auth_SQL->isloggedin();
155        $this->assertFalse($before_logged_in2, '5. User is logged in, but should not be.');
156        $this->Auth_SQL->clear();
157        $after_logged_in2 = $this->Auth_SQL->isloggedin();
158        $this->assertFalse($after_logged_in2, '6. Wrong user is still logged in but should not be.');
159    }
160
161    function test_requirelogin()
162    {
163//         $this->Auth_SQL->requirelogin('Login is required!');
164    }
165
166    function test_blockaccount()
167    {
168        $db =& DB::getInstance();
169
170        $this->Auth_SQL->login('testuser', 'testpass');
171        $this->Auth_SQL->blockaccount(null, 'blocktestuser');
172        $qid = $db->query("
173            SELECT blocked_reason
174            FROM test_user_tbl
175        ");
176        list($reason) = mysql_fetch_row($qid);
177        $this->assertEquals('blocktestuser', $reason, "Block not found in DB record.");
178    }
179
180    function test_unblockaccount()
181    {
182        $db =& DB::getInstance();
183
184        $db->query("
185            UPDATE test_user_tbl SET blocked_reason = 'blocktestuser'
186        ");
187        $this->Auth_SQL->unblockaccount();
188
189        $qid = $db->query("
190            SELECT blocked_reason
191            FROM test_user_tbl
192        ");
193        list($reason) = mysql_fetch_row($qid);
194        $this->assertTrue('' == $reason, "Block not removed from DB record.");
195    }
196
197    function test_usernameexists()
198    {
199        $result = $this->Auth_SQL->usernameexists('testuser');
200        $this->assertTrue($result);
201    }
202
203    function test_getusername()
204    {
205        $result = $this->Auth_SQL->getusername(1);
206        $this->assertEquals('testuser', $result);
207    }
208
209    function test_generatepassword()
210    {
211        $result = $this->Auth_SQL->generatepassword(10);
212        $this->assertEquals(14, strlen($result));
213    }
214
215    function test_encryptpassword()
216    {
217        $result = $this->Auth_SQL->encryptpassword('123', null, Auth_SQL::ENCRYPT_MD5);
218        $this->assertEquals('202cb962ac59075b964b07152d234b70', $result);
219        $this->assertTrue($this->Auth_SQL->verifyPassword('123', $result, Auth_SQL::ENCRYPT_MD5));
220
221        $result = $this->Auth_SQL->encryptpassword('123', null, Auth_SQL::ENCRYPT_MD5_HARDENED);
222        $this->assertEquals('1f0f8d357a96eb97f24371ebf53dcaf6', $result);
223        $this->assertTrue($this->Auth_SQL->verifyPassword('123', $result, Auth_SQL::ENCRYPT_MD5_HARDENED));
224
225        $result = $this->Auth_SQL->encryptpassword('123', null, Auth_SQL::ENCRYPT_SHA1);
226        $this->assertEquals('40bd001563085fc35165329ea1ff5c5ecbdbbeef', $result);
227        $this->assertTrue($this->Auth_SQL->verifyPassword('123', $result, Auth_SQL::ENCRYPT_SHA1));
228
229        $result = $this->Auth_SQL->encryptpassword('123', null, Auth_SQL::ENCRYPT_SHA1_HARDENED);
230        $this->assertEquals('1d086fcae3dd941e0f1371148502d03e96ab536f', $result);
231        $this->assertTrue($this->Auth_SQL->verifyPassword('123', $result, Auth_SQL::ENCRYPT_SHA1_HARDENED));
232
233        $result = $this->Auth_SQL->encryptpassword('123', null, Auth_SQL::ENCRYPT_PLAINTEXT);
234        $this->assertEquals('123', $result);
235        $this->assertTrue($this->Auth_SQL->verifyPassword('123', $result, Auth_SQL::ENCRYPT_PLAINTEXT));
236
237        $result = $this->Auth_SQL->encryptpassword('123', 'saltstring', Auth_SQL::ENCRYPT_CRYPT);
238        $this->assertTrue($this->Auth_SQL->verifyPassword('123', $result, Auth_SQL::ENCRYPT_CRYPT));
239
240        if (function_exists('password_hash')) {
241            // Only available in PHP >= 5.5
242            $result = $this->Auth_SQL->encryptpassword('123', 'saltstring', Auth_SQL::ENCRYPT_PASSWORD_BCRYPT);
243            $this->assertTrue($this->Auth_SQL->verifyPassword('123', $result, Auth_SQL::ENCRYPT_PASSWORD_BCRYPT));
244
245            $result = $this->Auth_SQL->encryptpassword('123', 'saltstring', Auth_SQL::ENCRYPT_PASSWORD_DEFAULT);
246            $this->assertTrue($this->Auth_SQL->verifyPassword('123', $result, Auth_SQL::ENCRYPT_PASSWORD_DEFAULT));
247        }
248    }
249
250    function test_setpassword()
251    {
252        $db =& DB::getInstance();
253
254        $this->Auth_SQL->setParam(array('hash_type' => Auth_SQL::ENCRYPT_SHA1_HARDENED));
255        $this->Auth_SQL->setpassword(null, '123');
256        $qid = $db->query("
257            SELECT userpass
258            FROM test_user_tbl
259        ");
260        list($pass) = mysql_fetch_row($qid);
261        $this->assertEquals('1d086fcae3dd941e0f1371148502d03e96ab536f', $pass);
262    }
263
264    function test_resetpassword()
265    {
266        $result = $this->Auth_SQL->resetpassword(1, 'Because this is a test.');
267        $this->assertInternalType('array', $result);
268
269    }
270
271//     function test_inclearancezone()
272//     {
273//         $result = $this->Auth_SQL->inclearancezone(PARAM);
274//         $expected = EXPECTED_VAL;
275//         $this->assertEquals($expected, $result);
276//     }
277//
278//     function test_requireaccessclearance()
279//     {
280//         $result = $this->Auth_SQL->requireaccessclearance(PARAM);
281//         $expected = EXPECTED_VAL;
282//         $this->assertEquals($expected, $result);
283//     }
284
285}
286
Note: See TracBrowser for help on using the repository browser.