forked from ezimuel/PHP-Secure-Session
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathSecureHandlerTest.php
88 lines (72 loc) · 2.65 KB
/
SecureHandlerTest.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
<?php
namespace PHPSecureSessionTest;
use PHPSecureSession\Exception\AuthenticationFailedException;
use PHPSecureSession\SecureHandler;
use PHPUnit\Framework\TestCase;
use ReflectionObject;
use ReflectionClass;
use SessionHandler;
class SecureHandlerTest extends TestCase
{
public function setUp()
{
$this->secureHandler = new SecureHandler();
session_set_save_handler($this->secureHandler, true);
session_start();
}
public function tearDown()
{
session_destroy();
session_write_close();
}
public function testConstructor()
{
$this->assertInstanceOf(SessionHandler::class, $this->secureHandler);
}
public function testOpen()
{
$this->assertTrue($this->secureHandler->open(sys_get_temp_dir(), ''));
$handler = new ReflectionObject($this->secureHandler);
$key = $handler->getProperty('key');
$key->setAccessible(true);
$this->assertEquals(64, mb_strlen($key->getValue($this->secureHandler), '8bit'));
}
public function testWriteRead()
{
$this->assertTrue($this->secureHandler->open(sys_get_temp_dir(), ''));
$id = session_id();
$data = random_bytes(1024);
$this->assertTrue($this->secureHandler->write($id, $data));
$this->assertEquals($data, $this->secureHandler->read($id));
}
/**
* Test for issue #27
* @see https://github.com/ezimuel/PHP-Secure-Session/issues/27
*/
public function testDoubleOpen()
{
$this->assertTrue($this->secureHandler->open(sys_get_temp_dir(), ''));
$id1 = session_id();
$handler = new ReflectionObject($this->secureHandler);
$key = $handler->getProperty('key');
$key->setAccessible(true);
$key1 = $key->getValue($this->secureHandler);
$this->assertTrue($this->secureHandler->open(sys_get_temp_dir(), ''));
$id2 = session_id();
$key2 = $key->getValue($this->secureHandler);
$this->assertEquals($id1, $id2);
$this->assertEquals($key1, $key2);
}
public function testAuthenticationFailureDecrypt()
{
$this->assertTrue($this->secureHandler->open(sys_get_temp_dir(), ''));
$id = session_id();
$data = "This is a test!";
$this->assertTrue($this->secureHandler->write($id, $data));
// Change the session data to generate an authentication error
$alteredData = str_replace('!', '.', $data);
file_put_contents(sys_get_temp_dir() . "/sess_$id", $alteredData);
$this->expectException(AuthenticationFailedException::class);
$this->assertEquals($data, $this->secureHandler->read($id));
}
}