<?php
/**
 * The Strangecode Codebase - a general application development framework for PHP
 * For details visit the project site: <http://trac.strangecode.com/codebase/>
 * Copyright 2001-2012 Strangecode, LLC
 *
 * This file is part of The Strangecode Codebase.
 *
 * The Strangecode Codebase is free software: you can redistribute it and/or
 * modify it under the terms of the GNU General Public License as published by the
 * Free Software Foundation, either version 3 of the License, or (at your option)
 * any later version.
 *
 * The Strangecode Codebase is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
 * details.
 *
 * You should have received a copy of the GNU General Public License along with
 * The Strangecode Codebase. If not, see <http://www.gnu.org/licenses/>.
 */

/**
 * PHPUnit test case for codebase/lib/Auth_SQL.inc.php
 *
 * The method skeletons below need to be filled in with
 * real data so that the tests will run correctly. Replace
 * all EXPECTED_VAL and PARAM strings with real data.
 *
 * Created with PHPUnit_Skeleton on 2005-08-09
 */
class AuthSQLTest extends PHPUnit_Framework_TestCase {

    var $Auth_SQL;

    static $shared_session;

    function setUp()
    {
        require dirname(__FILE__) . '/_config.inc.php';
        require_once '../lib/Auth_SQL.inc.php';
        $this->Auth_SQL = new Auth_SQL('testauth');
        $this->Auth_SQL->setParam(array(
            'db_table'          => 'test_user_tbl',
            'db_primary_key'    => 'user_id',
            'db_login_table'    => 'test_login_tbl',
            'login_url'         => '/login.php',
            'blocking'          => true,
            'encryption_type' => Auth_SQL::ENCRYPT_MD5_HARDENED,
        ));

        // Use fresh user table.
        $this->Auth_SQL->initDB(true);

        // Insert test data.
        $db =& DB::getInstance();
        $db->query("
            INSERT INTO test_user_tbl (
                username,
                userpass,
                first_name,
                last_name,
                email
            ) VALUES (
                'testuser',
                '" . $this->Auth_SQL->encryptPassword('testpass') . "',
                'John',
                'Doe',
                'root@localhost'
            )
        ");
        $_SESSION = AuthSQLTest::$shared_session;

        // Sessions require client IP addr.
        $_SERVER['REMOTE_ADDR'] = '127.0.0.1';
    }

    function tearDown()
    {
        $db =& DB::getInstance();

        unset($this->Auth_SQL);
        $db->query("DROP TABLE IF EXISTS test_user_tbl");
        $db->query("DROP TABLE IF EXISTS test_login_tbl");
        AuthSQLTest::$shared_session = $_SESSION;
    }

    function test_set()
    {
        $this->Auth_SQL->set('testuserkey', 'testuserval');
        $this->assertEquals('testuserval', $_SESSION['_auth_sql']['testauth']['user_data']['testuserkey']);
    }

    function test_get()
    {
        $_SESSION['_auth_sql']['testauth']['user_data']['testuserkey'] = 'testuserval';
        $val = $this->Auth_SQL->get('testuserkey');
        $this->assertEquals('testuserval', $val);
    }

    function test_setparam()
    {
        $this->Auth_SQL->setParam(array(
            'login_url'         => 'testloginurl.php'
        ));
        $this->assertEquals('testloginurl.php', $this->Auth_SQL->getParam('login_url'));
    }

    function test_getparam()
    {
        //$this->Auth_SQL->_params['login_url'] = 'testloginurl.php';
        $this->Auth_SQL->setParam(array(
            'login_url'         => 'testloginurl.php'
        ));
        $param = $this->Auth_SQL->getParam('login_url');
        $this->assertEquals('testloginurl.php', $param);
    }

    function test_clear()
    {
        $login = $this->Auth_SQL->login('testuser', 'testpass');
        $this->assertTrue($login, 'User login failed, but should have succeeded.');
        $before_logged_in = $this->Auth_SQL->isloggedin();
        $this->assertTrue($before_logged_in, 'User is not logged in, but should be.');
        $this->Auth_SQL->clear();
        $after_logged_in = $this->Auth_SQL->isloggedin();
        $this->assertFalse($after_logged_in, 'User is still logged in but should not be.');
    }

    function test_authenticate()
    {
        $true = $this->Auth_SQL->authenticate('testuser', 'testpass');
        $this->assertInternalType('array', $true, 'User login failed, but should have succeeded.');

        // Testing wrong password.
        $false = $this->Auth_SQL->authenticate('testuser', 'wrongpass');

        $this->assertfalse($false, 'User login succeeded, but should have failed.');
    }

    function test_login_and_isLoggedIn()
    {
        $login = $this->Auth_SQL->login('testuser', 'testpass');
        $this->assertTrue($login, '1. User login failed, but should have succeeded.');
        $before_logged_in = $this->Auth_SQL->isloggedin();
        $this->assertTrue($before_logged_in, '2. User is not logged in, but should be.');
        $this->Auth_SQL->clear();
        $after_logged_in = $this->Auth_SQL->isloggedin();
        $this->assertFalse($after_logged_in, '3. User is still logged in but should not be.');

        // Testing wrong password.
        $login2 = $this->Auth_SQL->login('testuser', 'wrongpass');
        $this->assertFalse($login2, '4. User login succeeded, but should have failed.');
        $before_logged_in2 = $this->Auth_SQL->isloggedin();
        $this->assertFalse($before_logged_in2, '5. User is logged in, but should not be.');
        $this->Auth_SQL->clear();
        $after_logged_in2 = $this->Auth_SQL->isloggedin();
        $this->assertFalse($after_logged_in2, '6. Wrong user is still logged in but should not be.');
    }

    function test_requirelogin()
    {
//         $this->Auth_SQL->requirelogin('Login is required!');
    }

    function test_blockaccount()
    {
        $db =& DB::getInstance();

        $this->Auth_SQL->login('testuser', 'testpass');
        $this->Auth_SQL->blockaccount(null, 'blocktestuser');
        $qid = $db->query("
            SELECT blocked_reason
            FROM test_user_tbl
        ");
        list($reason) = mysql_fetch_row($qid);
        $this->assertEquals('blocktestuser', $reason, "Block not found in DB record.");
    }

    function test_unblockaccount()
    {
        $db =& DB::getInstance();

        $db->query("
            UPDATE test_user_tbl SET blocked_reason = 'blocktestuser'
        ");
        $this->Auth_SQL->unblockaccount();

        $qid = $db->query("
            SELECT blocked_reason
            FROM test_user_tbl
        ");
        list($reason) = mysql_fetch_row($qid);
        $this->assertTrue('' == $reason, "Block not removed from DB record.");
    }

    function test_usernameexists()
    {
        $result = $this->Auth_SQL->usernameexists('testuser');
        $this->assertTrue($result);
    }

    function test_getusername()
    {
        $result = $this->Auth_SQL->getusername(1);
        $this->assertEquals('testuser', $result);
    }

    function test_generatepassword()
    {
        $result = $this->Auth_SQL->generatepassword(10);
        $this->assertEquals(14, strlen($result));
    }

    function test_encryptpassword()
    {
        $result = $this->Auth_SQL->encryptpassword('123', null, Auth_SQL::ENCRYPT_MD5);
        $this->assertEquals('202cb962ac59075b964b07152d234b70', $result);
        $this->assertTrue($this->Auth_SQL->verifyPassword('123', $result, Auth_SQL::ENCRYPT_MD5));

        $result = $this->Auth_SQL->encryptpassword('123', null, Auth_SQL::ENCRYPT_MD5_HARDENED);
        $this->assertEquals('1f0f8d357a96eb97f24371ebf53dcaf6', $result);
        $this->assertTrue($this->Auth_SQL->verifyPassword('123', $result, Auth_SQL::ENCRYPT_MD5_HARDENED));

        $result = $this->Auth_SQL->encryptpassword('123', null, Auth_SQL::ENCRYPT_SHA1);
        $this->assertEquals('40bd001563085fc35165329ea1ff5c5ecbdbbeef', $result);
        $this->assertTrue($this->Auth_SQL->verifyPassword('123', $result, Auth_SQL::ENCRYPT_SHA1));

        $result = $this->Auth_SQL->encryptpassword('123', null, Auth_SQL::ENCRYPT_SHA1_HARDENED);
        $this->assertEquals('1d086fcae3dd941e0f1371148502d03e96ab536f', $result);
        $this->assertTrue($this->Auth_SQL->verifyPassword('123', $result, Auth_SQL::ENCRYPT_SHA1_HARDENED));

        $result = $this->Auth_SQL->encryptpassword('123', null, Auth_SQL::ENCRYPT_PLAINTEXT);
        $this->assertEquals('123', $result);
        $this->assertTrue($this->Auth_SQL->verifyPassword('123', $result, Auth_SQL::ENCRYPT_PLAINTEXT));

        $result = $this->Auth_SQL->encryptpassword('123', 'saltstring', Auth_SQL::ENCRYPT_CRYPT);
        $this->assertTrue($this->Auth_SQL->verifyPassword('123', $result, Auth_SQL::ENCRYPT_CRYPT));

        if (function_exists('password_hash')) {
            // Only available in PHP >= 5.5
            $result = $this->Auth_SQL->encryptpassword('123', 'saltstring', Auth_SQL::ENCRYPT_PASSWORD_BCRYPT);
            $this->assertTrue($this->Auth_SQL->verifyPassword('123', $result, Auth_SQL::ENCRYPT_PASSWORD_BCRYPT));

            $result = $this->Auth_SQL->encryptpassword('123', 'saltstring', Auth_SQL::ENCRYPT_PASSWORD_DEFAULT);
            $this->assertTrue($this->Auth_SQL->verifyPassword('123', $result, Auth_SQL::ENCRYPT_PASSWORD_DEFAULT));
        }
    }

    function test_setpassword()
    {
        $db =& DB::getInstance();

        $this->Auth_SQL->setParam(array('hash_type' => Auth_SQL::ENCRYPT_SHA1_HARDENED));
        $this->Auth_SQL->setpassword(null, '123');
        $qid = $db->query("
            SELECT userpass
            FROM test_user_tbl
        ");
        list($pass) = mysql_fetch_row($qid);
        $this->assertEquals('1d086fcae3dd941e0f1371148502d03e96ab536f', $pass);
    }

    function test_resetpassword()
    {
        $result = $this->Auth_SQL->resetpassword(1, 'Because this is a test.');
        $this->assertInternalType('array', $result);

    }

//     function test_inclearancezone()
//     {
//         $result = $this->Auth_SQL->inclearancezone(PARAM);
//         $expected = EXPECTED_VAL;
//         $this->assertEquals($expected, $result);
//     }
//
//     function test_requireaccessclearance()
//     {
//         $result = $this->Auth_SQL->requireaccessclearance(PARAM);
//         $expected = EXPECTED_VAL;
//         $this->assertEquals($expected, $result);
//     }

}