3 * @copyright Copyright (C) 2020, Friendica
5 * @license GNU AGPL version 3 or any later version
7 * This program is free software: you can redistribute it and/or modify
8 * it under the terms of the GNU Affero General Public License as
9 * published by the Free Software Foundation, either version 3 of the
10 * License, or (at your option) any later version.
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU Affero General Public License for more details.
17 * You should have received a copy of the GNU Affero General Public License
18 * along with this program. If not, see <https://www.gnu.org/licenses/>.
22 namespace Friendica\Test\src\Model\User;
24 use Friendica\App\BaseURL;
25 use Friendica\Core\Config\IConfig;
26 use Friendica\Model\User\Cookie;
27 use Friendica\Test\MockedTest;
28 use Friendica\Test\Util\StaticCookie;
29 use Mockery\MockInterface;
31 class CookieTest extends MockedTest
33 /** @var MockInterface|IConfig */
35 /** @var MockInterface|BaseURL */
38 protected function setUp()
40 StaticCookie::clearStatic();
44 $this->config = \Mockery::mock(IConfig::class);
45 $this->baseUrl = \Mockery::mock(BaseURL::class);
48 protected function tearDown()
50 StaticCookie::clearStatic();
54 * Test if we can create a basic cookie instance
56 public function testInstance()
58 $this->baseUrl->shouldReceive('getSSLPolicy')->andReturn(true)->once();
59 $this->config->shouldReceive('get')->with('system', 'site_prvkey')->andReturn('1235')->once();
60 $this->config->shouldReceive('get')->with('system', 'auth_cookie_lifetime', Cookie::DEFAULT_EXPIRE)->andReturn('7')->once();
62 $cookie = new Cookie($this->config, $this->baseUrl);
63 $this->assertInstanceOf(Cookie::class, $cookie);
66 public function dataGet()
71 Cookie::NAME => json_encode([
93 Cookie::NAME => 'test',
102 Cookie::NAME => json_encode([
116 * Test the get() method of the cookie class
118 * @dataProvider dataGet
120 public function testGet(array $cookieData, bool $hasValues, $uid, $hash, $ip)
122 $this->baseUrl->shouldReceive('getSSLPolicy')->andReturn(true)->once();
123 $this->config->shouldReceive('get')->with('system', 'site_prvkey')->andReturn('1235')->once();
124 $this->config->shouldReceive('get')->with('system', 'auth_cookie_lifetime', Cookie::DEFAULT_EXPIRE)->andReturn('7')->once();
126 $cookie = new Cookie($this->config, $this->baseUrl, [], $cookieData);
127 $this->assertInstanceOf(Cookie::class, $cookie);
129 $assertData = $cookie->getData();
132 $this->assertEmpty($assertData);
134 $this->assertNotEmpty($assertData);
136 $this->assertObjectHasAttribute('uid', $assertData);
137 $this->assertEquals($uid, $assertData->uid);
139 $this->assertObjectNotHasAttribute('uid', $assertData);
142 $this->assertObjectHasAttribute('hash', $assertData);
143 $this->assertEquals($hash, $assertData->hash);
145 $this->assertObjectNotHasAttribute('hash', $assertData);
148 $this->assertObjectHasAttribute('ip', $assertData);
149 $this->assertEquals($ip, $assertData->ip);
151 $this->assertObjectNotHasAttribute('ip', $assertData);
156 public function dataCheck()
160 'serverPrivateKey' => 'serverkey',
161 'userPrivateKey' => 'userkey',
162 'password' => 'test',
163 'assertHash' => 'e9b4eb16275a2907b5659d22905b248221d0517dde4a9d5c320b8fe051b1267b',
164 'assertTrue' => true,
167 'serverPrivateKey' => 'serverkey',
168 'userPrivateKey' => '',
171 'assertTrue' => false,
174 'serverPrivateKey' => 'serverkey',
175 'userPrivateKey' => 'bla',
176 'password' => 'nope',
177 'assertHash' => 'real wrong!',
178 'assertTrue' => false,
184 * Test the check() method of the cookie class
186 * @dataProvider dataCheck
188 public function testCheck(string $serverPrivateKey, string $userPrivateKey, string $password, string $assertHash, bool $assertTrue)
190 $this->baseUrl->shouldReceive('getSSLPolicy')->andReturn(true)->once();
191 $this->config->shouldReceive('get')->with('system', 'site_prvkey')->andReturn($serverPrivateKey)->once();
192 $this->config->shouldReceive('get')->with('system', 'auth_cookie_lifetime', Cookie::DEFAULT_EXPIRE)->andReturn('7')->once();
194 $cookie = new Cookie($this->config, $this->baseUrl);
195 $this->assertInstanceOf(Cookie::class, $cookie);
197 $this->assertEquals($assertTrue, $cookie->check($assertHash, $password, $userPrivateKey));
200 public function dataSet()
207 'privateKey' => '124',
208 'assertHash' => 'b657a15cfe7ed1f7289c9aa51af14a9a26c966f4ddd74e495fba103d8e872a39',
209 'remoteIp' => '0.0.0.0',
213 'withServerArray' => [
217 'privateKey' => '124',
218 'assertHash' => 'b657a15cfe7ed1f7289c9aa51af14a9a26c966f4ddd74e495fba103d8e872a39',
219 'remoteIp' => '1.2.3.4',
220 'serverArray' => ['REMOTE_ADDR' => '1.2.3.4',],
227 'privateKey' => '124',
228 'assertHash' => 'b657a15cfe7ed1f7289c9aa51af14a9a26c966f4ddd74e495fba103d8e872a39',
229 'remoteIp' => '1.2.3.4',
230 'serverArray' => ['REMOTE_ADDR' => '1.2.3.4',],
237 'privateKey' => '124',
238 'assertHash' => 'b657a15cfe7ed1f7289c9aa51af14a9a26c966f4ddd74e495fba103d8e872a39',
239 'remoteIp' => '1.2.3.4',
240 'serverArray' => ['REMOTE_ADDR' => '1.2.3.4',],
241 'lifetime' => 2 * 24 * 60 * 60,
246 public function assertCookie($uid, $hash, $remoteIp, $lifetime)
248 $this->assertArrayHasKey(Cookie::NAME, StaticCookie::$_COOKIE);
250 $data = json_decode(StaticCookie::$_COOKIE[Cookie::NAME]);
252 $this->assertObjectHasAttribute('uid', $data);
253 $this->assertEquals($uid, $data->uid);
254 $this->assertObjectHasAttribute('hash', $data);
255 $this->assertEquals($hash, $data->hash);
256 $this->assertObjectHasAttribute('ip', $data);
257 $this->assertEquals($remoteIp, $data->ip);
259 if (isset($lifetime) && $lifetime !== 0) {
260 $this->assertLessThanOrEqual(time() + $lifetime, StaticCookie::$_EXPIRE);
262 $this->assertLessThanOrEqual(time() + Cookie::DEFAULT_EXPIRE * 24 * 60 * 60, StaticCookie::$_EXPIRE);
267 * Test the set() method of the cookie class
269 * @dataProvider dataSet
271 public function testSet($serverKey, $uid, $password, $privateKey, $assertHash, $remoteIp, $serverArray, $lifetime)
273 $this->baseUrl->shouldReceive('getSSLPolicy')->andReturn(true)->once();
274 $this->config->shouldReceive('get')->with('system', 'site_prvkey')->andReturn($serverKey)->once();
275 $this->config->shouldReceive('get')->with('system', 'auth_cookie_lifetime', Cookie::DEFAULT_EXPIRE)->andReturn(Cookie::DEFAULT_EXPIRE)->once();
277 $cookie = new StaticCookie($this->config, $this->baseUrl, $serverArray);
278 $this->assertInstanceOf(Cookie::class, $cookie);
280 $cookie->set($uid, $password, $privateKey, $lifetime);
282 $this->assertCookie($uid, $assertHash, $remoteIp, $lifetime);
286 * Test two different set() of the cookie class (first set is invalid)
288 * @dataProvider dataSet
290 public function testDoubleSet($serverKey, $uid, $password, $privateKey, $assertHash, $remoteIp, $serverArray, $lifetime)
292 $this->baseUrl->shouldReceive('getSSLPolicy')->andReturn(true)->once();
293 $this->config->shouldReceive('get')->with('system', 'site_prvkey')->andReturn($serverKey)->once();
294 $this->config->shouldReceive('get')->with('system', 'auth_cookie_lifetime', Cookie::DEFAULT_EXPIRE)->andReturn(Cookie::DEFAULT_EXPIRE)->once();
296 $cookie = new StaticCookie($this->config, $this->baseUrl, $serverArray);
297 $this->assertInstanceOf(Cookie::class, $cookie);
299 // Invalid set, should get overwritten
300 $cookie->set(-1, 'invalid', 'nothing', -234);
302 $cookie->set($uid, $password, $privateKey, $lifetime);
304 $this->assertCookie($uid, $assertHash, $remoteIp, $lifetime);
308 * Test the clear() method of the cookie class
310 public function testClear()
312 StaticCookie::$_COOKIE = [
313 Cookie::NAME => 'test'
316 $this->baseUrl->shouldReceive('getSSLPolicy')->andReturn(true)->once();
317 $this->config->shouldReceive('get')->with('system', 'site_prvkey')->andReturn(24)->once();
318 $this->config->shouldReceive('get')->with('system', 'auth_cookie_lifetime', Cookie::DEFAULT_EXPIRE)->andReturn(Cookie::DEFAULT_EXPIRE)->once();
320 $cookie = new StaticCookie($this->config, $this->baseUrl);
321 $this->assertInstanceOf(Cookie::class, $cookie);
323 $this->assertEquals('test', StaticCookie::$_COOKIE[Cookie::NAME]);
324 $this->assertEquals(null, StaticCookie::$_EXPIRE);
328 $this->assertEmpty(StaticCookie::$_COOKIE[Cookie::NAME]);
329 $this->assertEquals(-3600, StaticCookie::$_EXPIRE);