tests/src/Model/User/CookieTest.php

   1 <?php
   2 /**
   3  * @copyright Copyright (C) 2020, Friendica
   4  *
   5  * @license GNU AGPL version 3 or any later version
   6  *
   7  * This program is free software: you can redistribute it and/or modify
   8  * it under the terms of the GNU Affero General Public License as
   9  * published by the Free Software Foundation, either version 3 of the
  10  * License, or (at your option) any later version.
  11  *
  12  * This program is distributed in the hope that it will be useful,
  13  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  15  * GNU Affero General Public License for more details.
  16  *
  17  * You should have received a copy of the GNU Affero General Public License
  18  * along with this program.  If not, see <https://www.gnu.org/licenses/>.
  19  *
  20  */
  21
  22 namespace Friendica\Test\src\Model\User;
  23
  24 use Friendica\App\BaseURL;
  25 use Friendica\Core\Config\IConfig;
  26 use Friendica\Model\User\Cookie;
  27 use Friendica\Test\MockedTest;
  28 use Friendica\Test\Util\StaticCookie;
  29 use Mockery\MockInterface;
  30
  31 class CookieTest extends MockedTest
  32 {
  33         /** @var MockInterface|IConfig */
  34         private $config;
  35         /** @var MockInterface|BaseURL */
  36         private $baseUrl;
  37
  38         protected function setUp()
  39         {
  40                 StaticCookie::clearStatic();
  41
  42                 parent::setUp();
  43
  44                 $this->config = \Mockery::mock(IConfig::class);
  45                 $this->baseUrl = \Mockery::mock(BaseURL::class);
  46         }
  47
  48         protected function tearDown()
  49         {
  50                 StaticCookie::clearStatic();
  51         }
  52
  53         /**
  54          * Test if we can create a basic cookie instance
  55          */
  56         public function testInstance()
  57         {
  58                 $this->baseUrl->shouldReceive('getSSLPolicy')->andReturn(true)->once();
  59                 $this->config->shouldReceive('get')->with('system', 'site_prvkey')->andReturn('1235')->once();
  60                 $this->config->shouldReceive('get')->with('system', 'auth_cookie_lifetime', Cookie::DEFAULT_EXPIRE)->andReturn('7')->once();
  61
  62                 $cookie = new Cookie($this->config, $this->baseUrl);
  63                 self::assertInstanceOf(Cookie::class, $cookie);
  64         }
  65
  66         public function dataGet()
  67         {
  68                 return [
  69                         'default'    => [
  70                                 'cookieData' => [
  71                                         Cookie::NAME => json_encode([
  72                                                 'uid'  => -1,
  73                                                 'hash' => 12345,
  74                                                 'ip'   => '127.0.0.1',
  75                                         ])
  76                                 ],
  77                                 'hasValues'  => true,
  78                                 'uid'        => -1,
  79                                 'hash'       => 12345,
  80                                 'ip'         => '127.0.0.1',
  81                         ],
  82                         'missing'    => [
  83                                 'cookieData' => [
  84
  85                                 ],
  86                                 'hasValues'  => false,
  87                                 'uid'        => null,
  88                                 'hash'       => null,
  89                                 'ip'         => null,
  90                         ],
  91                         'invalid'    => [
  92                                 'cookieData' => [
  93                                         Cookie::NAME => 'test',
  94                                 ],
  95                                 'hasValues'  => false,
  96                                 'uid'        => null,
  97                                 'hash'       => null,
  98                                 'ip'         => null,
  99                         ],
 100                         'incomplete' => [
 101                                 'cookieData' => [
 102                                         Cookie::NAME => json_encode([
 103                                                 'uid'  => -1,
 104                                                 'hash' => 12345,
 105                                         ])
 106                                 ],
 107                                 'hasValues'  => true,
 108                                 'uid'        => -1,
 109                                 'hash'       => 12345,
 110                                 'ip'         => null,
 111                         ],
 112                 ];
 113         }
 114
 115         /**
 116          * Test the get() method of the cookie class
 117          *
 118          * @dataProvider dataGet
 119          */
 120         public function testGet(array $cookieData, bool $hasValues, $uid, $hash, $ip)
 121         {
 122                 $this->baseUrl->shouldReceive('getSSLPolicy')->andReturn(true)->once();
 123                 $this->config->shouldReceive('get')->with('system', 'site_prvkey')->andReturn('1235')->once();
 124                 $this->config->shouldReceive('get')->with('system', 'auth_cookie_lifetime', Cookie::DEFAULT_EXPIRE)->andReturn('7')->once();
 125
 126                 $cookie = new Cookie($this->config, $this->baseUrl, [], $cookieData);
 127                 self::assertInstanceOf(Cookie::class, $cookie);
 128
 129                 $assertData = $cookie->getData();
 130
 131                 if (!$hasValues) {
 132                         self::assertEmpty($assertData);
 133                 } else {
 134                         self::assertNotEmpty($assertData);
 135                         if (isset($uid)) {
 136                                 self::assertObjectHasAttribute('uid', $assertData);
 137                                 self::assertEquals($uid, $assertData->uid);
 138                         } else {
 139                                 self::assertObjectNotHasAttribute('uid', $assertData);
 140                         }
 141                         if (isset($hash)) {
 142                                 self::assertObjectHasAttribute('hash', $assertData);
 143                                 self::assertEquals($hash, $assertData->hash);
 144                         } else {
 145                                 self::assertObjectNotHasAttribute('hash', $assertData);
 146                         }
 147                         if (isset($ip)) {
 148                                 self::assertObjectHasAttribute('ip', $assertData);
 149                                 self::assertEquals($ip, $assertData->ip);
 150                         } else {
 151                                 self::assertObjectNotHasAttribute('ip', $assertData);
 152                         }
 153                 }
 154         }
 155
 156         public function dataCheck()
 157         {
 158                 return [
 159                         'default'   => [
 160                                 'serverPrivateKey' => 'serverkey',
 161                                 'userPrivateKey'   => 'userkey',
 162                                 'password'         => 'test',
 163                                 'assertHash'       => 'e9b4eb16275a2907b5659d22905b248221d0517dde4a9d5c320b8fe051b1267b',
 164                                 'assertTrue'       => true,
 165                         ],
 166                         'emptyUser' => [
 167                                 'serverPrivateKey' => 'serverkey',
 168                                 'userPrivateKey'   => '',
 169                                 'password'         => '',
 170                                 'assertHash'       => '',
 171                                 'assertTrue'       => false,
 172                         ],
 173                         'invalid'   => [
 174                                 'serverPrivateKey' => 'serverkey',
 175                                 'userPrivateKey'   => 'bla',
 176                                 'password'         => 'nope',
 177                                 'assertHash'       => 'real wrong!',
 178                                 'assertTrue'       => false,
 179                         ]
 180                 ];
 181         }
 182
 183         /**
 184          * Test the check() method of the cookie class
 185          *
 186          * @dataProvider dataCheck
 187          */
 188         public function testCheck(string $serverPrivateKey, string $userPrivateKey, string $password, string $assertHash, bool $assertTrue)
 189         {
 190                 $this->baseUrl->shouldReceive('getSSLPolicy')->andReturn(true)->once();
 191                 $this->config->shouldReceive('get')->with('system', 'site_prvkey')->andReturn($serverPrivateKey)->once();
 192                 $this->config->shouldReceive('get')->with('system', 'auth_cookie_lifetime', Cookie::DEFAULT_EXPIRE)->andReturn('7')->once();
 193
 194                 $cookie = new Cookie($this->config, $this->baseUrl);
 195                 self::assertInstanceOf(Cookie::class, $cookie);
 196
 197                 self::assertEquals($assertTrue, $cookie->check($assertHash, $password, $userPrivateKey));
 198         }
 199
 200         public function dataSet()
 201         {
 202                 return [
 203                         'default'         => [
 204                                 'serverKey'   => 23,
 205                                 'uid'         => 0,
 206                                 'password'    => '234',
 207                                 'privateKey'  => '124',
 208                                 'assertHash'  => 'b657a15cfe7ed1f7289c9aa51af14a9a26c966f4ddd74e495fba103d8e872a39',
 209                                 'remoteIp'    => '0.0.0.0',
 210                                 'serverArray' => [],
 211                                 'lifetime'    => null,
 212                         ],
 213                         'withServerArray' => [
 214                                 'serverKey'   => 23,
 215                                 'uid'         => 0,
 216                                 'password'    => '234',
 217                                 'privateKey'  => '124',
 218                                 'assertHash'  => 'b657a15cfe7ed1f7289c9aa51af14a9a26c966f4ddd74e495fba103d8e872a39',
 219                                 'remoteIp'    => '1.2.3.4',
 220                                 'serverArray' => ['REMOTE_ADDR' => '1.2.3.4',],
 221                                 'lifetime'    => null,
 222                         ],
 223                         'withLifetime0'   => [
 224                                 'serverKey'   => 23,
 225                                 'uid'         => 0,
 226                                 'password'    => '234',
 227                                 'privateKey'  => '124',
 228                                 'assertHash'  => 'b657a15cfe7ed1f7289c9aa51af14a9a26c966f4ddd74e495fba103d8e872a39',
 229                                 'remoteIp'    => '1.2.3.4',
 230                                 'serverArray' => ['REMOTE_ADDR' => '1.2.3.4',],
 231                                 'lifetime'    => 0,
 232                         ],
 233                         'withLifetime'     => [
 234                                 'serverKey'   => 23,
 235                                 'uid'         => 0,
 236                                 'password'    => '234',
 237                                 'privateKey'  => '124',
 238                                 'assertHash'  => 'b657a15cfe7ed1f7289c9aa51af14a9a26c966f4ddd74e495fba103d8e872a39',
 239                                 'remoteIp'    => '1.2.3.4',
 240                                 'serverArray' => ['REMOTE_ADDR' => '1.2.3.4',],
 241                                 'lifetime'    => 2 * 24 * 60 * 60,
 242                         ],
 243                 ];
 244         }
 245
 246         public function assertCookie($uid, $hash, $remoteIp, $lifetime)
 247         {
 248                 self::assertArrayHasKey(Cookie::NAME, StaticCookie::$_COOKIE);
 249
 250                 $data = json_decode(StaticCookie::$_COOKIE[Cookie::NAME]);
 251
 252                 self::assertObjectHasAttribute('uid', $data);
 253                 self::assertEquals($uid, $data->uid);
 254                 self::assertObjectHasAttribute('hash', $data);
 255                 self::assertEquals($hash, $data->hash);
 256                 self::assertObjectHasAttribute('ip', $data);
 257                 self::assertEquals($remoteIp, $data->ip);
 258
 259                 if (isset($lifetime) && $lifetime !== 0) {
 260                         self::assertLessThanOrEqual(time() + $lifetime, StaticCookie::$_EXPIRE);
 261                 } else {
 262                         self::assertLessThanOrEqual(time() + Cookie::DEFAULT_EXPIRE * 24 * 60 * 60, StaticCookie::$_EXPIRE);
 263                 }
 264         }
 265
 266         /**
 267          * Test the set() method of the cookie class
 268          *
 269          * @dataProvider dataSet
 270          */
 271         public function testSet($serverKey, $uid, $password, $privateKey, $assertHash, $remoteIp, $serverArray, $lifetime)
 272         {
 273                 $this->baseUrl->shouldReceive('getSSLPolicy')->andReturn(true)->once();
 274                 $this->config->shouldReceive('get')->with('system', 'site_prvkey')->andReturn($serverKey)->once();
 275                 $this->config->shouldReceive('get')->with('system', 'auth_cookie_lifetime', Cookie::DEFAULT_EXPIRE)->andReturn(Cookie::DEFAULT_EXPIRE)->once();
 276
 277                 $cookie = new StaticCookie($this->config, $this->baseUrl, $serverArray);
 278                 self::assertInstanceOf(Cookie::class, $cookie);
 279
 280                 $cookie->set($uid, $password, $privateKey, $lifetime);
 281
 282                 self::assertCookie($uid, $assertHash, $remoteIp, $lifetime);
 283         }
 284
 285         /**
 286          * Test two different set() of the cookie class (first set is invalid)
 287          *
 288          * @dataProvider dataSet
 289          */
 290         public function testDoubleSet($serverKey, $uid, $password, $privateKey, $assertHash, $remoteIp, $serverArray, $lifetime)
 291         {
 292                 $this->baseUrl->shouldReceive('getSSLPolicy')->andReturn(true)->once();
 293                 $this->config->shouldReceive('get')->with('system', 'site_prvkey')->andReturn($serverKey)->once();
 294                 $this->config->shouldReceive('get')->with('system', 'auth_cookie_lifetime', Cookie::DEFAULT_EXPIRE)->andReturn(Cookie::DEFAULT_EXPIRE)->once();
 295
 296                 $cookie = new StaticCookie($this->config, $this->baseUrl, $serverArray);
 297                 self::assertInstanceOf(Cookie::class, $cookie);
 298
 299                 // Invalid set, should get overwritten
 300                 $cookie->set(-1, 'invalid', 'nothing', -234);
 301
 302                 $cookie->set($uid, $password, $privateKey, $lifetime);
 303
 304                 self::assertCookie($uid, $assertHash, $remoteIp, $lifetime);
 305         }
 306
 307         /**
 308          * Test the clear() method of the cookie class
 309          */
 310         public function testClear()
 311         {
 312                 StaticCookie::$_COOKIE = [
 313                         Cookie::NAME => 'test'
 314                 ];
 315
 316                 $this->baseUrl->shouldReceive('getSSLPolicy')->andReturn(true)->once();
 317                 $this->config->shouldReceive('get')->with('system', 'site_prvkey')->andReturn(24)->once();
 318                 $this->config->shouldReceive('get')->with('system', 'auth_cookie_lifetime', Cookie::DEFAULT_EXPIRE)->andReturn(Cookie::DEFAULT_EXPIRE)->once();
 319
 320                 $cookie = new StaticCookie($this->config, $this->baseUrl);
 321                 self::assertInstanceOf(Cookie::class, $cookie);
 322
 323                 self::assertEquals('test', StaticCookie::$_COOKIE[Cookie::NAME]);
 324                 self::assertEquals(null, StaticCookie::$_EXPIRE);
 325
 326                 $cookie->clear();
 327
 328                 self::assertEmpty(StaticCookie::$_COOKIE[Cookie::NAME]);
 329                 self::assertEquals(-3600, StaticCookie::$_EXPIRE);
 330         }
 331 }