tests/src/Model/User/CookieTest.php

   1 <?php
   2 /**
   3  * @copyright Copyright (C) 2010-2021, the Friendica project
   4  *
   5  * @license GNU AGPL version 3 or any later version
   6  *
   7  * This program is free software: you can redistribute it and/or modify
   8  * it under the terms of the GNU Affero General Public License as
   9  * published by the Free Software Foundation, either version 3 of the
  10  * License, or (at your option) any later version.
  11  *
  12  * This program is distributed in the hope that it will be useful,
  13  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  15  * GNU Affero General Public License for more details.
  16  *
  17  * You should have received a copy of the GNU Affero General Public License
  18  * along with this program.  If not, see <https://www.gnu.org/licenses/>.
  19  *
  20  */
  21
  22 namespace Friendica\Test\src\Model\User;
  23
  24 use Friendica\App\BaseURL;
  25 use Friendica\Core\Config\Capability\IManageConfigValues;
  26 use Friendica\Model\User\Cookie;
  27 use Friendica\Test\MockedTest;
  28 use Friendica\Test\Util\StaticCookie;
  29 use Mockery\MockInterface;
  30
  31 class CookieTest extends MockedTest
  32 {
  33         /** @var MockInterface|IManageConfigValues */
  34         private $config;
  35         /** @var MockInterface|BaseURL */
  36         private $baseUrl;
  37
  38         protected function setUp(): void
  39         {
  40                 StaticCookie::clearStatic();
  41
  42                 parent::setUp();
  43
  44                 $this->config = \Mockery::mock(IManageConfigValues::class);
  45                 $this->baseUrl = \Mockery::mock(BaseURL::class);
  46         }
  47
  48         protected function tearDown(): void
  49         {
  50                 StaticCookie::clearStatic();
  51
  52                 parent::tearDown();
  53         }
  54
  55         /**
  56          * Test if we can create a basic cookie instance
  57          */
  58         public function testInstance()
  59         {
  60                 $this->baseUrl->shouldReceive('getSSLPolicy')->andReturn(true)->once();
  61                 $this->config->shouldReceive('get')->with('system', 'site_prvkey')->andReturn('1235')->once();
  62                 $this->config->shouldReceive('get')->with('system', 'auth_cookie_lifetime', Cookie::DEFAULT_EXPIRE)->andReturn('7')->once();
  63
  64                 $cookie = new Cookie($this->config, $this->baseUrl);
  65                 self::assertInstanceOf(Cookie::class, $cookie);
  66         }
  67
  68         public function dataGet()
  69         {
  70                 return [
  71                         'default'    => [
  72                                 'cookieData' => [
  73                                         Cookie::NAME => json_encode([
  74                                                 'uid'  => -1,
  75                                                 'hash' => 12345,
  76                                                 'ip'   => '127.0.0.1',
  77                                         ])
  78                                 ],
  79                                 'hasValues'  => true,
  80                                 'uid'        => -1,
  81                                 'hash'       => 12345,
  82                                 'ip'         => '127.0.0.1',
  83                         ],
  84                         'missing'    => [
  85                                 'cookieData' => [
  86
  87                                 ],
  88                                 'hasValues'  => false,
  89                                 'uid'        => null,
  90                                 'hash'       => null,
  91                                 'ip'         => null,
  92                         ],
  93                         'invalid'    => [
  94                                 'cookieData' => [
  95                                         Cookie::NAME => 'test',
  96                                 ],
  97                                 'hasValues'  => false,
  98                                 'uid'        => null,
  99                                 'hash'       => null,
 100                                 'ip'         => null,
 101                         ],
 102                         'incomplete' => [
 103                                 'cookieData' => [
 104                                         Cookie::NAME => json_encode([
 105                                                 'uid'  => -1,
 106                                                 'hash' => 12345,
 107                                         ])
 108                                 ],
 109                                 'hasValues'  => true,
 110                                 'uid'        => -1,
 111                                 'hash'       => 12345,
 112                                 'ip'         => null,
 113                         ],
 114                 ];
 115         }
 116
 117         /**
 118          * Test the get() method of the cookie class
 119          *
 120          * @dataProvider dataGet
 121          */
 122         public function testGet(array $cookieData, bool $hasValues, $uid, $hash, $ip)
 123         {
 124                 $this->baseUrl->shouldReceive('getSSLPolicy')->andReturn(true)->once();
 125                 $this->config->shouldReceive('get')->with('system', 'site_prvkey')->andReturn('1235')->once();
 126                 $this->config->shouldReceive('get')->with('system', 'auth_cookie_lifetime', Cookie::DEFAULT_EXPIRE)->andReturn('7')->once();
 127
 128                 $cookie = new Cookie($this->config, $this->baseUrl, [], $cookieData);
 129                 self::assertInstanceOf(Cookie::class, $cookie);
 130
 131                 if (isset($uid)) {
 132                         self::assertEquals($uid, $cookie->get('uid'));
 133                 } else {
 134                         self::assertNull($cookie->get('uid'));
 135                 }
 136                 if (isset($hash)) {
 137                         self::assertEquals($hash, $cookie->get('hash'));
 138                 } else {
 139                         self::assertNull($cookie->get('hash'));
 140                 }
 141                 if (isset($ip)) {
 142                         self::assertEquals($ip, $cookie->get('ip'));
 143                 } else {
 144                         self::assertNull($cookie->get('ip'));
 145                 }
 146         }
 147
 148         public function dataCheck()
 149         {
 150                 return [
 151                         'default'   => [
 152                                 'serverPrivateKey' => 'serverkey',
 153                                 'userPrivateKey'   => 'userkey',
 154                                 'password'         => 'test',
 155                                 'assertHash'       => 'e9b4eb16275a2907b5659d22905b248221d0517dde4a9d5c320b8fe051b1267b',
 156                                 'assertTrue'       => true,
 157                         ],
 158                         'emptyUser' => [
 159                                 'serverPrivateKey' => 'serverkey',
 160                                 'userPrivateKey'   => '',
 161                                 'password'         => '',
 162                                 'assertHash'       => '',
 163                                 'assertTrue'       => false,
 164                         ],
 165                         'invalid'   => [
 166                                 'serverPrivateKey' => 'serverkey',
 167                                 'userPrivateKey'   => 'bla',
 168                                 'password'         => 'nope',
 169                                 'assertHash'       => 'real wrong!',
 170                                 'assertTrue'       => false,
 171                         ]
 172                 ];
 173         }
 174
 175         /**
 176          * Test the check() method of the cookie class
 177          *
 178          * @dataProvider dataCheck
 179          */
 180         public function testCheck(string $serverPrivateKey, string $userPrivateKey, string $password, string $assertHash, bool $assertTrue)
 181         {
 182                 $this->baseUrl->shouldReceive('getSSLPolicy')->andReturn(true)->once();
 183                 $this->config->shouldReceive('get')->with('system', 'site_prvkey')->andReturn($serverPrivateKey)->once();
 184                 $this->config->shouldReceive('get')->with('system', 'auth_cookie_lifetime', Cookie::DEFAULT_EXPIRE)->andReturn('7')->once();
 185
 186                 $cookie = new Cookie($this->config, $this->baseUrl);
 187                 self::assertInstanceOf(Cookie::class, $cookie);
 188
 189                 self::assertEquals($assertTrue, $cookie->comparePrivateDataHash($assertHash, $password, $userPrivateKey));
 190         }
 191
 192         public function dataSet()
 193         {
 194                 return [
 195                         'default'         => [
 196                                 'serverKey'   => 23,
 197                                 'uid'         => 0,
 198                                 'password'    => '234',
 199                                 'privateKey'  => '124',
 200                                 'assertHash'  => 'b657a15cfe7ed1f7289c9aa51af14a9a26c966f4ddd74e495fba103d8e872a39',
 201                                 'remoteIp'    => '0.0.0.0',
 202                                 'serverArray' => [],
 203                         ],
 204                         'withServerArray' => [
 205                                 'serverKey'   => 23,
 206                                 'uid'         => 0,
 207                                 'password'    => '234',
 208                                 'privateKey'  => '124',
 209                                 'assertHash'  => 'b657a15cfe7ed1f7289c9aa51af14a9a26c966f4ddd74e495fba103d8e872a39',
 210                                 'remoteIp'    => '1.2.3.4',
 211                                 'serverArray' => ['REMOTE_ADDR' => '1.2.3.4',],
 212                         ],
 213                 ];
 214         }
 215
 216         public function assertCookie($uid, $hash, $remoteIp)
 217         {
 218                 self::assertArrayHasKey(Cookie::NAME, StaticCookie::$_COOKIE);
 219
 220                 $data = json_decode(StaticCookie::$_COOKIE[Cookie::NAME]);
 221
 222                 self::assertObjectHasAttribute('uid', $data);
 223                 self::assertEquals($uid, $data->uid);
 224                 self::assertObjectHasAttribute('hash', $data);
 225                 self::assertEquals($hash, $data->hash);
 226                 self::assertObjectHasAttribute('ip', $data);
 227                 self::assertEquals($remoteIp, $data->ip);
 228
 229                 self::assertLessThanOrEqual(time() + Cookie::DEFAULT_EXPIRE * 24 * 60 * 60, StaticCookie::$_EXPIRE);
 230         }
 231
 232         /**
 233          * Test the set() method of the cookie class
 234          *
 235          * @dataProvider dataSet
 236          */
 237         public function testSet($serverKey, $uid, $password, $privateKey, $assertHash, $remoteIp, $serverArray)
 238         {
 239                 $this->baseUrl->shouldReceive('getSSLPolicy')->andReturn(true)->once();
 240                 $this->config->shouldReceive('get')->with('system', 'site_prvkey')->andReturn($serverKey)->once();
 241                 $this->config->shouldReceive('get')->with('system', 'auth_cookie_lifetime', Cookie::DEFAULT_EXPIRE)->andReturn(Cookie::DEFAULT_EXPIRE)->once();
 242
 243                 $cookie = new StaticCookie($this->config, $this->baseUrl, $serverArray);
 244                 self::assertInstanceOf(Cookie::class, $cookie);
 245
 246                 $cookie->setMultiple([
 247                         'uid' => $uid,
 248                         'hash' => $assertHash,
 249                 ]);
 250
 251                 self::assertCookie($uid, $assertHash, $remoteIp);
 252         }
 253
 254         /**
 255          * Test the set() method of the cookie class
 256          *
 257          * @dataProvider dataSet
 258          */
 259         public function testDoubleSet($serverKey, $uid, $password, $privateKey, $assertHash, $remoteIp, $serverArray)
 260         {
 261                 $this->baseUrl->shouldReceive('getSSLPolicy')->andReturn(true)->once();
 262                 $this->config->shouldReceive('get')->with('system', 'site_prvkey')->andReturn($serverKey)->once();
 263                 $this->config->shouldReceive('get')->with('system', 'auth_cookie_lifetime', Cookie::DEFAULT_EXPIRE)->andReturn(Cookie::DEFAULT_EXPIRE)->once();
 264
 265                 $cookie = new StaticCookie($this->config, $this->baseUrl, $serverArray);
 266                 self::assertInstanceOf(Cookie::class, $cookie);
 267
 268                 $cookie->set('uid', $uid);
 269                 $cookie->set('hash', $assertHash);
 270
 271                 self::assertCookie($uid, $assertHash, $remoteIp);
 272         }
 273
 274         /**
 275          * Test the clear() method of the cookie class
 276          */
 277         public function testClear()
 278         {
 279                 StaticCookie::$_COOKIE = [
 280                         Cookie::NAME => 'test'
 281                 ];
 282
 283                 $this->baseUrl->shouldReceive('getSSLPolicy')->andReturn(true)->once();
 284                 $this->config->shouldReceive('get')->with('system', 'site_prvkey')->andReturn(24)->once();
 285                 $this->config->shouldReceive('get')->with('system', 'auth_cookie_lifetime', Cookie::DEFAULT_EXPIRE)->andReturn(Cookie::DEFAULT_EXPIRE)->once();
 286
 287                 $cookie = new StaticCookie($this->config, $this->baseUrl);
 288                 self::assertInstanceOf(Cookie::class, $cookie);
 289
 290                 self::assertEquals('test', StaticCookie::$_COOKIE[Cookie::NAME]);
 291                 self::assertEquals(null, StaticCookie::$_EXPIRE);
 292
 293                 $cookie->clear();
 294
 295                 self::assertEmpty(StaticCookie::$_COOKIE[Cookie::NAME]);
 296                 self::assertEquals(-3600, StaticCookie::$_EXPIRE);
 297         }
 298 }