[442] | 1 | <?php |
---|
| 2 | /** |
---|
| 3 | * The Strangecode Codebase - a general application development framework for PHP |
---|
| 4 | * For details visit the project site: <http://trac.strangecode.com/codebase/> |
---|
| 5 | * Copyright 2001-2012 Strangecode, LLC |
---|
[446] | 6 | * |
---|
[442] | 7 | * This file is part of The Strangecode Codebase. |
---|
| 8 | * |
---|
| 9 | * The Strangecode Codebase is free software: you can redistribute it and/or |
---|
| 10 | * modify it under the terms of the GNU General Public License as published by the |
---|
| 11 | * Free Software Foundation, either version 3 of the License, or (at your option) |
---|
| 12 | * any later version. |
---|
[446] | 13 | * |
---|
[442] | 14 | * The Strangecode Codebase is distributed in the hope that it will be useful, but |
---|
| 15 | * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
---|
| 16 | * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more |
---|
| 17 | * details. |
---|
[446] | 18 | * |
---|
[442] | 19 | * You should have received a copy of the GNU General Public License along with |
---|
| 20 | * The Strangecode Codebase. If not, see <http://www.gnu.org/licenses/>. |
---|
| 21 | */ |
---|
| 22 | |
---|
| 23 | /** |
---|
| 24 | * PHPUnit test case for codebase/lib/Auth_SQL.inc.php |
---|
| 25 | * |
---|
| 26 | * The method skeletons below need to be filled in with |
---|
| 27 | * real data so that the tests will run correctly. Replace |
---|
| 28 | * all EXPECTED_VAL and PARAM strings with real data. |
---|
| 29 | * |
---|
| 30 | * Created with PHPUnit_Skeleton on 2005-08-09 |
---|
| 31 | */ |
---|
| 32 | class AuthSQLTest extends PHPUnit_Framework_TestCase { |
---|
| 33 | |
---|
| 34 | var $Auth_SQL; |
---|
[446] | 35 | |
---|
[442] | 36 | static $shared_session; |
---|
[446] | 37 | |
---|
[442] | 38 | function setUp() |
---|
| 39 | { |
---|
[479] | 40 | require dirname(__FILE__) . '/_config.inc.php'; |
---|
[442] | 41 | require_once '../lib/Auth_SQL.inc.php'; |
---|
| 42 | $this->Auth_SQL = new Auth_SQL('testauth'); |
---|
| 43 | $this->Auth_SQL->setParam(array( |
---|
| 44 | 'db_table' => 'test_user_tbl', |
---|
| 45 | 'db_primary_key' => 'user_id', |
---|
| 46 | 'db_login_table' => 'test_login_tbl', |
---|
| 47 | 'login_url' => '/login.php', |
---|
| 48 | 'blocking' => true, |
---|
[447] | 49 | 'encryption_type' => Auth_SQL::ENCRYPT_MD5_HARDENED, |
---|
[442] | 50 | )); |
---|
| 51 | |
---|
| 52 | // Use fresh user table. |
---|
| 53 | $this->Auth_SQL->initDB(true); |
---|
| 54 | |
---|
| 55 | // Insert test data. |
---|
| 56 | $db =& DB::getInstance(); |
---|
| 57 | $db->query(" |
---|
| 58 | INSERT INTO test_user_tbl ( |
---|
| 59 | username, |
---|
| 60 | userpass, |
---|
| 61 | first_name, |
---|
| 62 | last_name, |
---|
| 63 | email |
---|
| 64 | ) VALUES ( |
---|
| 65 | 'testuser', |
---|
| 66 | '" . $this->Auth_SQL->encryptPassword('testpass') . "', |
---|
| 67 | 'John', |
---|
| 68 | 'Doe', |
---|
| 69 | 'root@localhost' |
---|
| 70 | ) |
---|
| 71 | "); |
---|
| 72 | $_SESSION = AuthSQLTest::$shared_session; |
---|
[541] | 73 | |
---|
| 74 | // Sessions require client IP addr. |
---|
| 75 | $_SERVER['REMOTE_ADDR'] = '127.0.0.1'; |
---|
[442] | 76 | } |
---|
| 77 | |
---|
| 78 | function tearDown() |
---|
| 79 | { |
---|
[479] | 80 | $db =& DB::getInstance(); |
---|
[446] | 81 | |
---|
[479] | 82 | unset($this->Auth_SQL); |
---|
[442] | 83 | $db->query("DROP TABLE IF EXISTS test_user_tbl"); |
---|
| 84 | $db->query("DROP TABLE IF EXISTS test_login_tbl"); |
---|
| 85 | AuthSQLTest::$shared_session = $_SESSION; |
---|
| 86 | } |
---|
| 87 | |
---|
| 88 | function test_set() |
---|
| 89 | { |
---|
| 90 | $this->Auth_SQL->set('testuserkey', 'testuserval'); |
---|
| 91 | $this->assertEquals('testuserval', $_SESSION['_auth_sql']['testauth']['user_data']['testuserkey']); |
---|
| 92 | } |
---|
| 93 | |
---|
| 94 | function test_get() |
---|
| 95 | { |
---|
| 96 | $_SESSION['_auth_sql']['testauth']['user_data']['testuserkey'] = 'testuserval'; |
---|
| 97 | $val = $this->Auth_SQL->get('testuserkey'); |
---|
| 98 | $this->assertEquals('testuserval', $val); |
---|
| 99 | } |
---|
| 100 | |
---|
| 101 | function test_setparam() |
---|
| 102 | { |
---|
| 103 | $this->Auth_SQL->setParam(array( |
---|
| 104 | 'login_url' => 'testloginurl.php' |
---|
| 105 | )); |
---|
| 106 | $this->assertEquals('testloginurl.php', $this->Auth_SQL->getParam('login_url')); |
---|
| 107 | } |
---|
| 108 | |
---|
| 109 | function test_getparam() |
---|
| 110 | { |
---|
| 111 | //$this->Auth_SQL->_params['login_url'] = 'testloginurl.php'; |
---|
| 112 | $this->Auth_SQL->setParam(array( |
---|
| 113 | 'login_url' => 'testloginurl.php' |
---|
| 114 | )); |
---|
| 115 | $param = $this->Auth_SQL->getParam('login_url'); |
---|
| 116 | $this->assertEquals('testloginurl.php', $param); |
---|
| 117 | } |
---|
| 118 | |
---|
| 119 | function test_clear() |
---|
| 120 | { |
---|
| 121 | $login = $this->Auth_SQL->login('testuser', 'testpass'); |
---|
| 122 | $this->assertTrue($login, 'User login failed, but should have succeeded.'); |
---|
| 123 | $before_logged_in = $this->Auth_SQL->isloggedin(); |
---|
| 124 | $this->assertTrue($before_logged_in, 'User is not logged in, but should be.'); |
---|
| 125 | $this->Auth_SQL->clear(); |
---|
| 126 | $after_logged_in = $this->Auth_SQL->isloggedin(); |
---|
| 127 | $this->assertFalse($after_logged_in, 'User is still logged in but should not be.'); |
---|
| 128 | } |
---|
| 129 | |
---|
| 130 | function test_authenticate() |
---|
| 131 | { |
---|
| 132 | $true = $this->Auth_SQL->authenticate('testuser', 'testpass'); |
---|
| 133 | $this->assertInternalType('array', $true, 'User login failed, but should have succeeded.'); |
---|
| 134 | |
---|
| 135 | // Testing wrong password. |
---|
| 136 | $false = $this->Auth_SQL->authenticate('testuser', 'wrongpass'); |
---|
| 137 | |
---|
| 138 | $this->assertfalse($false, 'User login succeeded, but should have failed.'); |
---|
| 139 | } |
---|
| 140 | |
---|
| 141 | function test_login_and_isLoggedIn() |
---|
| 142 | { |
---|
| 143 | $login = $this->Auth_SQL->login('testuser', 'testpass'); |
---|
| 144 | $this->assertTrue($login, '1. User login failed, but should have succeeded.'); |
---|
| 145 | $before_logged_in = $this->Auth_SQL->isloggedin(); |
---|
| 146 | $this->assertTrue($before_logged_in, '2. User is not logged in, but should be.'); |
---|
| 147 | $this->Auth_SQL->clear(); |
---|
| 148 | $after_logged_in = $this->Auth_SQL->isloggedin(); |
---|
| 149 | $this->assertFalse($after_logged_in, '3. User is still logged in but should not be.'); |
---|
[446] | 150 | |
---|
[442] | 151 | // Testing wrong password. |
---|
| 152 | $login2 = $this->Auth_SQL->login('testuser', 'wrongpass'); |
---|
| 153 | $this->assertFalse($login2, '4. User login succeeded, but should have failed.'); |
---|
| 154 | $before_logged_in2 = $this->Auth_SQL->isloggedin(); |
---|
| 155 | $this->assertFalse($before_logged_in2, '5. User is logged in, but should not be.'); |
---|
| 156 | $this->Auth_SQL->clear(); |
---|
| 157 | $after_logged_in2 = $this->Auth_SQL->isloggedin(); |
---|
| 158 | $this->assertFalse($after_logged_in2, '6. Wrong user is still logged in but should not be.'); |
---|
| 159 | } |
---|
| 160 | |
---|
| 161 | function test_requirelogin() |
---|
| 162 | { |
---|
| 163 | // $this->Auth_SQL->requirelogin('Login is required!'); |
---|
| 164 | } |
---|
| 165 | |
---|
| 166 | function test_blockaccount() |
---|
| 167 | { |
---|
[479] | 168 | $db =& DB::getInstance(); |
---|
[446] | 169 | |
---|
[442] | 170 | $this->Auth_SQL->login('testuser', 'testpass'); |
---|
| 171 | $this->Auth_SQL->blockaccount(null, 'blocktestuser'); |
---|
| 172 | $qid = $db->query(" |
---|
| 173 | SELECT blocked_reason |
---|
| 174 | FROM test_user_tbl |
---|
| 175 | "); |
---|
| 176 | list($reason) = mysql_fetch_row($qid); |
---|
| 177 | $this->assertEquals('blocktestuser', $reason, "Block not found in DB record."); |
---|
| 178 | } |
---|
| 179 | |
---|
| 180 | function test_unblockaccount() |
---|
| 181 | { |
---|
[479] | 182 | $db =& DB::getInstance(); |
---|
[446] | 183 | |
---|
[442] | 184 | $db->query(" |
---|
| 185 | UPDATE test_user_tbl SET blocked_reason = 'blocktestuser' |
---|
| 186 | "); |
---|
| 187 | $this->Auth_SQL->unblockaccount(); |
---|
| 188 | |
---|
| 189 | $qid = $db->query(" |
---|
| 190 | SELECT blocked_reason |
---|
| 191 | FROM test_user_tbl |
---|
| 192 | "); |
---|
| 193 | list($reason) = mysql_fetch_row($qid); |
---|
| 194 | $this->assertTrue('' == $reason, "Block not removed from DB record."); |
---|
| 195 | } |
---|
| 196 | |
---|
| 197 | function test_usernameexists() |
---|
| 198 | { |
---|
| 199 | $result = $this->Auth_SQL->usernameexists('testuser'); |
---|
| 200 | $this->assertTrue($result); |
---|
| 201 | } |
---|
| 202 | |
---|
| 203 | function test_getusername() |
---|
| 204 | { |
---|
| 205 | $result = $this->Auth_SQL->getusername(1); |
---|
| 206 | $this->assertEquals('testuser', $result); |
---|
| 207 | } |
---|
| 208 | |
---|
| 209 | function test_generatepassword() |
---|
| 210 | { |
---|
[541] | 211 | $result = $this->Auth_SQL->generatepassword(10); |
---|
| 212 | $this->assertEquals(14, strlen($result)); |
---|
[442] | 213 | } |
---|
| 214 | |
---|
| 215 | function test_encryptpassword() |
---|
| 216 | { |
---|
[541] | 217 | $result = $this->Auth_SQL->encryptpassword('123', null, Auth_SQL::ENCRYPT_MD5); |
---|
[442] | 218 | $this->assertEquals('202cb962ac59075b964b07152d234b70', $result); |
---|
[541] | 219 | $this->assertTrue($this->Auth_SQL->verifyPassword('123', $result, Auth_SQL::ENCRYPT_MD5)); |
---|
[442] | 220 | |
---|
[541] | 221 | $result = $this->Auth_SQL->encryptpassword('123', null, Auth_SQL::ENCRYPT_MD5_HARDENED); |
---|
| 222 | $this->assertEquals('1f0f8d357a96eb97f24371ebf53dcaf6', $result); |
---|
| 223 | $this->assertTrue($this->Auth_SQL->verifyPassword('123', $result, Auth_SQL::ENCRYPT_MD5_HARDENED)); |
---|
[442] | 224 | |
---|
[541] | 225 | $result = $this->Auth_SQL->encryptpassword('123', null, Auth_SQL::ENCRYPT_SHA1); |
---|
[442] | 226 | $this->assertEquals('40bd001563085fc35165329ea1ff5c5ecbdbbeef', $result); |
---|
[541] | 227 | $this->assertTrue($this->Auth_SQL->verifyPassword('123', $result, Auth_SQL::ENCRYPT_SHA1)); |
---|
[442] | 228 | |
---|
[541] | 229 | $result = $this->Auth_SQL->encryptpassword('123', null, Auth_SQL::ENCRYPT_SHA1_HARDENED); |
---|
| 230 | $this->assertEquals('1d086fcae3dd941e0f1371148502d03e96ab536f', $result); |
---|
| 231 | $this->assertTrue($this->Auth_SQL->verifyPassword('123', $result, Auth_SQL::ENCRYPT_SHA1_HARDENED)); |
---|
[442] | 232 | |
---|
[541] | 233 | $result = $this->Auth_SQL->encryptpassword('123', null, Auth_SQL::ENCRYPT_PLAINTEXT); |
---|
[442] | 234 | $this->assertEquals('123', $result); |
---|
[541] | 235 | $this->assertTrue($this->Auth_SQL->verifyPassword('123', $result, Auth_SQL::ENCRYPT_PLAINTEXT)); |
---|
[442] | 236 | |
---|
[541] | 237 | $result = $this->Auth_SQL->encryptpassword('123', 'saltstring', Auth_SQL::ENCRYPT_CRYPT); |
---|
| 238 | $this->assertTrue($this->Auth_SQL->verifyPassword('123', $result, Auth_SQL::ENCRYPT_CRYPT)); |
---|
| 239 | |
---|
| 240 | if (function_exists('password_hash')) { |
---|
| 241 | // Only available in PHP >= 5.5 |
---|
| 242 | $result = $this->Auth_SQL->encryptpassword('123', 'saltstring', Auth_SQL::ENCRYPT_PASSWORD_BCRYPT); |
---|
| 243 | $this->assertTrue($this->Auth_SQL->verifyPassword('123', $result, Auth_SQL::ENCRYPT_PASSWORD_BCRYPT)); |
---|
| 244 | |
---|
| 245 | $result = $this->Auth_SQL->encryptpassword('123', 'saltstring', Auth_SQL::ENCRYPT_PASSWORD_DEFAULT); |
---|
| 246 | $this->assertTrue($this->Auth_SQL->verifyPassword('123', $result, Auth_SQL::ENCRYPT_PASSWORD_DEFAULT)); |
---|
| 247 | } |
---|
[442] | 248 | } |
---|
| 249 | |
---|
| 250 | function test_setpassword() |
---|
| 251 | { |
---|
[479] | 252 | $db =& DB::getInstance(); |
---|
[446] | 253 | |
---|
[541] | 254 | $this->Auth_SQL->setParam(array('hash_type' => Auth_SQL::ENCRYPT_SHA1_HARDENED)); |
---|
[442] | 255 | $this->Auth_SQL->setpassword(null, '123'); |
---|
| 256 | $qid = $db->query(" |
---|
| 257 | SELECT userpass |
---|
| 258 | FROM test_user_tbl |
---|
| 259 | "); |
---|
| 260 | list($pass) = mysql_fetch_row($qid); |
---|
[541] | 261 | $this->assertEquals('1d086fcae3dd941e0f1371148502d03e96ab536f', $pass); |
---|
[442] | 262 | } |
---|
| 263 | |
---|
| 264 | function test_resetpassword() |
---|
| 265 | { |
---|
| 266 | $result = $this->Auth_SQL->resetpassword(1, 'Because this is a test.'); |
---|
| 267 | $this->assertInternalType('array', $result); |
---|
[446] | 268 | |
---|
[442] | 269 | } |
---|
| 270 | |
---|
| 271 | // function test_inclearancezone() |
---|
| 272 | // { |
---|
| 273 | // $result = $this->Auth_SQL->inclearancezone(PARAM); |
---|
| 274 | // $expected = EXPECTED_VAL; |
---|
| 275 | // $this->assertEquals($expected, $result); |
---|
| 276 | // } |
---|
| 277 | // |
---|
| 278 | // function test_requireaccessclearance() |
---|
| 279 | // { |
---|
| 280 | // $result = $this->Auth_SQL->requireaccessclearance(PARAM); |
---|
| 281 | // $expected = EXPECTED_VAL; |
---|
| 282 | // $this->assertEquals($expected, $result); |
---|
| 283 | // } |
---|
| 284 | |
---|
| 285 | } |
---|
| 286 | |
---|