tests/src/Model/User/CookieTest.php

   1 <?php
   2 /**
   3  * @copyright Copyright (C) 2020, Friendica
   4  *
   5  * @license GNU AGPL version 3 or any later version
   6  *
   7  * This program is free software: you can redistribute it and/or modify
   8  * it under the terms of the GNU Affero General Public License as
   9  * published by the Free Software Foundation, either version 3 of the
  10  * License, or (at your option) any later version.
  11  *
  12  * This program is distributed in the hope that it will be useful,
  13  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  15  * GNU Affero General Public License for more details.
  16  *
  17  * You should have received a copy of the GNU Affero General Public License
  18  * along with this program.  If not, see <https://www.gnu.org/licenses/>.
  19  *
  20  */
  21
  22 namespace Friendica\Test\src\Model\User;
  23
  24 use Friendica\App\BaseURL;
  25 use Friendica\Core\Config\IConfig;
  26 use Friendica\Model\User\Cookie;
  27 use Friendica\Test\MockedTest;
  28 use Friendica\Test\Util\StaticCookie;
  29 use Mockery\MockInterface;
  30
  31 class CookieTest extends MockedTest
  32 {
  33         /** @var MockInterface|IConfig */
  34         private $config;
  35         /** @var MockInterface|BaseURL */
  36         private $baseUrl;
  37
  38         protected function setUp()
  39         {
  40                 StaticCookie::clearStatic();
  41
  42                 parent::setUp();
  43
  44                 $this->config = \Mockery::mock(IConfig::class);
  45                 $this->baseUrl = \Mockery::mock(BaseURL::class);
  46         }
  47
  48         protected function tearDown()
  49         {
  50                 StaticCookie::clearStatic();
  51
  52                 parent::tearDown();
  53         }
  54
  55         /**
  56          * Test if we can create a basic cookie instance
  57          */
  58         public function testInstance()
  59         {
  60                 $this->baseUrl->shouldReceive('getSSLPolicy')->andReturn(true)->once();
  61                 $this->config->shouldReceive('get')->with('system', 'site_prvkey')->andReturn('1235')->once();
  62                 $this->config->shouldReceive('get')->with('system', 'auth_cookie_lifetime', Cookie::DEFAULT_EXPIRE)->andReturn('7')->once();
  63
  64                 $cookie = new Cookie($this->config, $this->baseUrl);
  65                 self::assertInstanceOf(Cookie::class, $cookie);
  66         }
  67
  68         public function dataGet()
  69         {
  70                 return [
  71                         'default'    => [
  72                                 'cookieData' => [
  73                                         Cookie::NAME => json_encode([
  74                                                 'uid'  => -1,
  75                                                 'hash' => 12345,
  76                                                 'ip'   => '127.0.0.1',
  77                                         ])
  78                                 ],
  79                                 'hasValues'  => true,
  80                                 'uid'        => -1,
  81                                 'hash'       => 12345,
  82                                 'ip'         => '127.0.0.1',
  83                         ],
  84                         'missing'    => [
  85                                 'cookieData' => [
  86
  87                                 ],
  88                                 'hasValues'  => false,
  89                                 'uid'        => null,
  90                                 'hash'       => null,
  91                                 'ip'         => null,
  92                         ],
  93                         'invalid'    => [
  94                                 'cookieData' => [
  95                                         Cookie::NAME => 'test',
  96                                 ],
  97                                 'hasValues'  => false,
  98                                 'uid'        => null,
  99                                 'hash'       => null,
 100                                 'ip'         => null,
 101                         ],
 102                         'incomplete' => [
 103                                 'cookieData' => [
 104                                         Cookie::NAME => json_encode([
 105                                                 'uid'  => -1,
 106                                                 'hash' => 12345,
 107                                         ])
 108                                 ],
 109                                 'hasValues'  => true,
 110                                 'uid'        => -1,
 111                                 'hash'       => 12345,
 112                                 'ip'         => null,
 113                         ],
 114                 ];
 115         }
 116
 117         /**
 118          * Test the get() method of the cookie class
 119          *
 120          * @dataProvider dataGet
 121          */
 122         public function testGet(array $cookieData, bool $hasValues, $uid, $hash, $ip)
 123         {
 124                 $this->baseUrl->shouldReceive('getSSLPolicy')->andReturn(true)->once();
 125                 $this->config->shouldReceive('get')->with('system', 'site_prvkey')->andReturn('1235')->once();
 126                 $this->config->shouldReceive('get')->with('system', 'auth_cookie_lifetime', Cookie::DEFAULT_EXPIRE)->andReturn('7')->once();
 127
 128                 $cookie = new Cookie($this->config, $this->baseUrl, [], $cookieData);
 129                 self::assertInstanceOf(Cookie::class, $cookie);
 130
 131                 $assertData = $cookie->getData();
 132
 133                 if (!$hasValues) {
 134                         self::assertEmpty($assertData);
 135                 } else {
 136                         self::assertNotEmpty($assertData);
 137                         if (isset($uid)) {
 138                                 self::assertObjectHasAttribute('uid', $assertData);
 139                                 self::assertEquals($uid, $assertData->uid);
 140                         } else {
 141                                 self::assertObjectNotHasAttribute('uid', $assertData);
 142                         }
 143                         if (isset($hash)) {
 144                                 self::assertObjectHasAttribute('hash', $assertData);
 145                                 self::assertEquals($hash, $assertData->hash);
 146                         } else {
 147                                 self::assertObjectNotHasAttribute('hash', $assertData);
 148                         }
 149                         if (isset($ip)) {
 150                                 self::assertObjectHasAttribute('ip', $assertData);
 151                                 self::assertEquals($ip, $assertData->ip);
 152                         } else {
 153                                 self::assertObjectNotHasAttribute('ip', $assertData);
 154                         }
 155                 }
 156         }
 157
 158         public function dataCheck()
 159         {
 160                 return [
 161                         'default'   => [
 162                                 'serverPrivateKey' => 'serverkey',
 163                                 'userPrivateKey'   => 'userkey',
 164                                 'password'         => 'test',
 165                                 'assertHash'       => 'e9b4eb16275a2907b5659d22905b248221d0517dde4a9d5c320b8fe051b1267b',
 166                                 'assertTrue'       => true,
 167                         ],
 168                         'emptyUser' => [
 169                                 'serverPrivateKey' => 'serverkey',
 170                                 'userPrivateKey'   => '',
 171                                 'password'         => '',
 172                                 'assertHash'       => '',
 173                                 'assertTrue'       => false,
 174                         ],
 175                         'invalid'   => [
 176                                 'serverPrivateKey' => 'serverkey',
 177                                 'userPrivateKey'   => 'bla',
 178                                 'password'         => 'nope',
 179                                 'assertHash'       => 'real wrong!',
 180                                 'assertTrue'       => false,
 181                         ]
 182                 ];
 183         }
 184
 185         /**
 186          * Test the check() method of the cookie class
 187          *
 188          * @dataProvider dataCheck
 189          */
 190         public function testCheck(string $serverPrivateKey, string $userPrivateKey, string $password, string $assertHash, bool $assertTrue)
 191         {
 192                 $this->baseUrl->shouldReceive('getSSLPolicy')->andReturn(true)->once();
 193                 $this->config->shouldReceive('get')->with('system', 'site_prvkey')->andReturn($serverPrivateKey)->once();
 194                 $this->config->shouldReceive('get')->with('system', 'auth_cookie_lifetime', Cookie::DEFAULT_EXPIRE)->andReturn('7')->once();
 195
 196                 $cookie = new Cookie($this->config, $this->baseUrl);
 197                 self::assertInstanceOf(Cookie::class, $cookie);
 198
 199                 self::assertEquals($assertTrue, $cookie->check($assertHash, $password, $userPrivateKey));
 200         }
 201
 202         public function dataSet()
 203         {
 204                 return [
 205                         'default'         => [
 206                                 'serverKey'   => 23,
 207                                 'uid'         => 0,
 208                                 'password'    => '234',
 209                                 'privateKey'  => '124',
 210                                 'assertHash'  => 'b657a15cfe7ed1f7289c9aa51af14a9a26c966f4ddd74e495fba103d8e872a39',
 211                                 'remoteIp'    => '0.0.0.0',
 212                                 'serverArray' => [],
 213                                 'lifetime'    => null,
 214                         ],
 215                         'withServerArray' => [
 216                                 'serverKey'   => 23,
 217                                 'uid'         => 0,
 218                                 'password'    => '234',
 219                                 'privateKey'  => '124',
 220                                 'assertHash'  => 'b657a15cfe7ed1f7289c9aa51af14a9a26c966f4ddd74e495fba103d8e872a39',
 221                                 'remoteIp'    => '1.2.3.4',
 222                                 'serverArray' => ['REMOTE_ADDR' => '1.2.3.4',],
 223                                 'lifetime'    => null,
 224                         ],
 225                         'withLifetime0'   => [
 226                                 'serverKey'   => 23,
 227                                 'uid'         => 0,
 228                                 'password'    => '234',
 229                                 'privateKey'  => '124',
 230                                 'assertHash'  => 'b657a15cfe7ed1f7289c9aa51af14a9a26c966f4ddd74e495fba103d8e872a39',
 231                                 'remoteIp'    => '1.2.3.4',
 232                                 'serverArray' => ['REMOTE_ADDR' => '1.2.3.4',],
 233                                 'lifetime'    => 0,
 234                         ],
 235                         'withLifetime'     => [
 236                                 'serverKey'   => 23,
 237                                 'uid'         => 0,
 238                                 'password'    => '234',
 239                                 'privateKey'  => '124',
 240                                 'assertHash'  => 'b657a15cfe7ed1f7289c9aa51af14a9a26c966f4ddd74e495fba103d8e872a39',
 241                                 'remoteIp'    => '1.2.3.4',
 242                                 'serverArray' => ['REMOTE_ADDR' => '1.2.3.4',],
 243                                 'lifetime'    => 2 * 24 * 60 * 60,
 244                         ],
 245                 ];
 246         }
 247
 248         public function assertCookie($uid, $hash, $remoteIp, $lifetime)
 249         {
 250                 self::assertArrayHasKey(Cookie::NAME, StaticCookie::$_COOKIE);
 251
 252                 $data = json_decode(StaticCookie::$_COOKIE[Cookie::NAME]);
 253
 254                 self::assertObjectHasAttribute('uid', $data);
 255                 self::assertEquals($uid, $data->uid);
 256                 self::assertObjectHasAttribute('hash', $data);
 257                 self::assertEquals($hash, $data->hash);
 258                 self::assertObjectHasAttribute('ip', $data);
 259                 self::assertEquals($remoteIp, $data->ip);
 260
 261                 if (isset($lifetime) && $lifetime !== 0) {
 262                         self::assertLessThanOrEqual(time() + $lifetime, StaticCookie::$_EXPIRE);
 263                 } else {
 264                         self::assertLessThanOrEqual(time() + Cookie::DEFAULT_EXPIRE * 24 * 60 * 60, StaticCookie::$_EXPIRE);
 265                 }
 266         }
 267
 268         /**
 269          * Test the set() method of the cookie class
 270          *
 271          * @dataProvider dataSet
 272          */
 273         public function testSet($serverKey, $uid, $password, $privateKey, $assertHash, $remoteIp, $serverArray, $lifetime)
 274         {
 275                 $this->baseUrl->shouldReceive('getSSLPolicy')->andReturn(true)->once();
 276                 $this->config->shouldReceive('get')->with('system', 'site_prvkey')->andReturn($serverKey)->once();
 277                 $this->config->shouldReceive('get')->with('system', 'auth_cookie_lifetime', Cookie::DEFAULT_EXPIRE)->andReturn(Cookie::DEFAULT_EXPIRE)->once();
 278
 279                 $cookie = new StaticCookie($this->config, $this->baseUrl, $serverArray);
 280                 self::assertInstanceOf(Cookie::class, $cookie);
 281
 282                 $cookie->set($uid, $password, $privateKey, $lifetime);
 283
 284                 self::assertCookie($uid, $assertHash, $remoteIp, $lifetime);
 285         }
 286
 287         /**
 288          * Test two different set() of the cookie class (first set is invalid)
 289          *
 290          * @dataProvider dataSet
 291          */
 292         public function testDoubleSet($serverKey, $uid, $password, $privateKey, $assertHash, $remoteIp, $serverArray, $lifetime)
 293         {
 294                 $this->baseUrl->shouldReceive('getSSLPolicy')->andReturn(true)->once();
 295                 $this->config->shouldReceive('get')->with('system', 'site_prvkey')->andReturn($serverKey)->once();
 296                 $this->config->shouldReceive('get')->with('system', 'auth_cookie_lifetime', Cookie::DEFAULT_EXPIRE)->andReturn(Cookie::DEFAULT_EXPIRE)->once();
 297
 298                 $cookie = new StaticCookie($this->config, $this->baseUrl, $serverArray);
 299                 self::assertInstanceOf(Cookie::class, $cookie);
 300
 301                 // Invalid set, should get overwritten
 302                 $cookie->set(-1, 'invalid', 'nothing', -234);
 303
 304                 $cookie->set($uid, $password, $privateKey, $lifetime);
 305
 306                 self::assertCookie($uid, $assertHash, $remoteIp, $lifetime);
 307         }
 308
 309         /**
 310          * Test the clear() method of the cookie class
 311          */
 312         public function testClear()
 313         {
 314                 StaticCookie::$_COOKIE = [
 315                         Cookie::NAME => 'test'
 316                 ];
 317
 318                 $this->baseUrl->shouldReceive('getSSLPolicy')->andReturn(true)->once();
 319                 $this->config->shouldReceive('get')->with('system', 'site_prvkey')->andReturn(24)->once();
 320                 $this->config->shouldReceive('get')->with('system', 'auth_cookie_lifetime', Cookie::DEFAULT_EXPIRE)->andReturn(Cookie::DEFAULT_EXPIRE)->once();
 321
 322                 $cookie = new StaticCookie($this->config, $this->baseUrl);
 323                 self::assertInstanceOf(Cookie::class, $cookie);
 324
 325                 self::assertEquals('test', StaticCookie::$_COOKIE[Cookie::NAME]);
 326                 self::assertEquals(null, StaticCookie::$_EXPIRE);
 327
 328                 $cookie->clear();
 329
 330                 self::assertEmpty(StaticCookie::$_COOKIE[Cookie::NAME]);
 331                 self::assertEquals(-3600, StaticCookie::$_EXPIRE);
 332         }
 333 }