Refactored unit test + added AuthenticationFailedException

Author: ezimuel

.travis.yml

@@ -21,6 +21,7 @@ matrix:
         - EXECUTE_TEST_COVERALLS=true
     - php: 7
     - php: 7.1
+    - php: 7.2
     - php: hhvm
   allow_failures:
     - php: hhvm
@@ -34,8 +35,8 @@ install:
   - travis_retry composer install --no-interaction
 
 script:
-  - if [[ $EXECUTE_TEST_COVERALLS == 'true' ]]; then ./vendor/bin/phpunit --coverage-clover clover.xml ; fi
-  - if [[ $EXECUTE_TEST_COVERALLS != 'true' ]]; then ./vendor/bin/phpunit ; fi
+  - if [[ $EXECUTE_TEST_COVERALLS == 'true' ]]; then composer test-coverage ; fi
+  - if [[ $EXECUTE_TEST_COVERALLS != 'true' ]]; then composer test ; fi
 
 after_script:
   - if [[ $EXECUTE_TEST_COVERALLS == 'true' ]]; then ./vendor/bin/coveralls -v; fi

composer.json

@@ -23,11 +23,16 @@
       "files": ["bin/register_secure_session.php"]
   },
   "autoload-dev": {
+      "files": ["test/autoload.php"],
       "psr-4": {
           "PHPSecureSessionTest\\": "test/"
       }
   },
   "require-dev": {
-      "phpunit/PHPUnit": "^5.7"
+      "phpunit/PHPUnit": "^5.7.27 || ^6.5.6"
+  },
+  "scripts": {
+        "test": "phpunit --colors=always --stderr",
+        "test-coverage": "phpunit --colors=always --stderr --coverage-clover clover.xml"
   }
 }

phpunit.xml.dist

@@ -1,4 +1,4 @@
-<phpunit bootstrap="./test/bootstrap.php" colors="true">
+<phpunit bootstrap="./vendor/autoload.php" colors="true">
     <testsuites>
         <testsuite name="PHP-Secure-Session Tests">
             <directory>./test</directory>

src/Exception/AuthenticationFailedException.php

@@ -0,0 +1,6 @@
+<?php
+
+namespace PHPSecureSession\Exception;
+
+class AuthenticationFailedException extends \RuntimeException {
+}

src/SecureHandler.php

@@ -122,7 +122,7 @@ protected function decrypt($data, $key)
             true
         );
         if (! hash_equals($hmac, $hmacNew)) {
-            throw new \RuntimeException('Authentication failed');
+            throw new Exception\AuthenticationFailedException('Authentication failed');
         }
         // Decrypt
         return openssl_decrypt(

test/SecureSessionTest.php test/SecureHandlerTest.php

@@ -2,26 +2,32 @@
 
 namespace PHPSecureSessionTest;
 
+use PHPSecureSession\Exception\AuthenticationFailedException;
 use PHPSecureSession\SecureHandler;
-use SessionHandler;
+use PHPUnit\Framework\TestCase;
 use ReflectionObject;
 use ReflectionClass;
+use SessionHandler;
 
-class HashTest extends \PHPUnit_Framework_TestCase
+class SecureHandlerTest extends TestCase
 {
     public function setUp()
     {
         $this->secureHandler = new SecureHandler();
+        session_set_save_handler($this->secureHandler, true);
+        session_start();
+    }
+
+    public function tearDown()
+    {
+        session_write_close();
     }
 
     public function testConstructor()
     {
         $this->assertInstanceOf(SessionHandler::class, $this->secureHandler);
     }
 
-    /**
-     * @runInSeparateProcess
-     */
     public function testOpen()
     {
         $this->assertTrue($this->secureHandler->open(sys_get_temp_dir(), ''));
@@ -32,9 +38,6 @@ public function testOpen()
         $this->assertEquals(64, mb_strlen($key->getValue($this->secureHandler), '8bit'));
     }
 
-    /**
-     * @runInSeparateProcess
-     */
     public function testWriteRead()
     {
         $this->assertTrue($this->secureHandler->open(sys_get_temp_dir(), ''));
@@ -47,8 +50,6 @@ public function testWriteRead()
     /**
      * Test for issue #27
      * @see https://github.com/ezimuel/PHP-Secure-Session/issues/27
-     *
-     * @runInSeparateProcess
      */
     public function testDoubleOpen()
     {
@@ -67,4 +68,20 @@ public function testDoubleOpen()
         $this->assertEquals($id1, $id2);
         $this->assertEquals($key1, $key2);
     }
+
+    public function testAuthenticationFailureDecrypt()
+    {
+        $this->assertTrue($this->secureHandler->open(sys_get_temp_dir(), ''));
+        $id = session_id();
+        $data = "This is a test!";
+        $this->assertTrue($this->secureHandler->write($id, $data));
+
+        // Change the session data to generate an authentication error
+        $alteredData = str_replace('!', '.', $data);
+        file_put_contents(sys_get_temp_dir() . "/sess_$id", $alteredData);
+
+        $this->expectException(AuthenticationFailedException::class);
+        $this->assertEquals($data, $this->secureHandler->read($id));
+
+    }
 }

test/autoload.php

@@ -0,0 +1,16 @@
+<?php
+if (! interface_exists(\PHPUnit_Framework_Test::class)) {
+    class_alias(\PHPUnit\Framework\Test::class, \PHPUnit_Framework_Test::class);
+}
+if (! class_exists(\PHPUnit_Framework_AssertionFailedError::class)) {
+    class_alias(\PHPUnit\Framework\AssertionFailedError::class, \PHPUnit_Framework_AssertionFailedError::class);
+}
+if (! class_exists(\PHPUnit_Framework_TestSuite::class)) {
+    class_alias(\PHPUnit\Framework\TestSuite::class, \PHPUnit_Framework_TestSuite::class);
+}
+if (! class_exists(\PHPUnit\Framework\Error\Error::class)) {
+    class_alias(\PHPUnit_Framework_Error::class, \PHPUnit\Framework\Error\Error::class);
+}
+if (! class_exists(\PHPUnit\Framework\Error\Notice::class)) {
+    class_alias(\PHPUnit_Framework_Error_Notice::class, \PHPUnit\Framework\Error\Notice::class);
+}