Home Explore Help
Sign In
compsci-industry
/
TechEmpower.FrameworkBenchmarks
mirror of https://github.com/TechEmpower/FrameworkBenchmarks.git
2
0
Fork 0
Files Issues 0 Wiki
Tree: 0bb3773de6
Branches Tags
TechEmpower.Fra...
/
php-lithium
/
libraries
/
lithium
/
tests
/
cases
/
security
/
validation
/
RequestTokenTest.php

RequestTokenTest.php 2.5 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990 
  1. <?php
    2. 

  2. /**
    3. 

  3.  * Lithium: the most rad php framework
    4. 

  4.  *
    5. 

  5.  * @copyright     Copyright 2013, Union of RAD (http://union-of-rad.org)
    6. 

  6.  * @license       http://opensource.org/licenses/bsd-license.php The BSD License
    7. 

  7.  */
    8. 

  8. 

  9. namespace lithium\tests\cases\security\validation;
    10. 

  10. 

  11. use lithium\action\Request;
    12. 

  12. use lithium\security\Password;
    13. 

  13. use lithium\security\validation\RequestToken;
    14. 

  14. 

  15. class RequestTokenTest extends \lithium\test\Unit {
    16. 

  16. 

  17. 	protected static $_storage = array();
    18. 

  18. 

  19. 	public function setUp() {
    20. 

  20. 		self::$_storage = array();
    21. 

  21. 		RequestToken::config(array('classes' => array('session' => __CLASS__)));
    22. 

  22. 	}
    23. 

  23. 

  24. 	public function tearDown() {
    25. 

  25. 		RequestToken::config(array('classes' => array('session' => 'lithium\storage\Session')));
    26. 

  26. 	}
    27. 

  27. 

  28. 	public static function read($key) {
    29. 

  29. 		return isset(static::$_storage[$key]) ? static::$_storage[$key] : null;
    30. 

  30. 	}
    31. 

  31. 

  32. 	public static function write($key, $val) {
    33. 

  33. 		return static::$_storage[$key] = $val;
    34. 

  34. 	}
    35. 

  35. 

  36. 	/**
    37. 

  37. 	 * Tests that class dependencies can be reconfigured.
    38. 

  38. 	 */
    39. 

  39. 	public function testConfiguration() {
    40. 

  40. 		$expected = array('classes' => array('session' => __CLASS__));
    41. 

  41. 		$this->assertEqual($expected, RequestToken::config());
    42. 

  42. 

  43. 		$new = array('classes' => array('session' => 'lithium\storage\Session'));
    44. 

  44. 		RequestToken::config($new);
    45. 

  45. 		$this->assertEqual($new, RequestToken::config());
    46. 

  46. 	}
    47. 

  47. 

  48. 	/**
    49. 

  49. 	 * Tests proper generation of secure tokens.
    50. 

  50. 	 */
    51. 

  51. 	public function testTokenGeneration() {
    52. 

  52. 		$token = RequestToken::get();
    53. 

  53. 		$this->assertPattern('/^[a-f0-9]{128}$/', $token);
    54. 

  54. 		$this->assertEqual(array('security.token' => $token), self::$_storage);
    55. 

  55. 

  56. 		$newToken = RequestToken::get();
    57. 

  57. 		$this->assertEqual($token, $newToken);
    58. 

  58. 

  59. 		$reallyNewToken = RequestToken::get(array('regenerate' => true));
    60. 

  60. 		$this->assertPattern('/^[a-f0-9]{128}$/', $reallyNewToken);
    61. 

  61. 		$this->assertNotEqual($token, $reallyNewToken);
    62. 

  62. 		$this->assertEqual(array('security.token' => $reallyNewToken), self::$_storage);
    63. 

  63. 	}
    64. 

  64. 

  65. 	/**
    66. 

  66. 	 * Tests that a random sequence of keys and tokens properly match one another.
    67. 

  67. 	 */
    68. 

  68. 	public function testKeyMatching() {
    69. 

  69. 		for ($i = 0; $i < 4; $i++) {
    70. 

  70. 			$token = RequestToken::get(array('regenerate' => true));
    71. 

  71. 

  72. 			for ($j = 0; $j < 4; $j++) {
    73. 

  73. 				$key = Password::hash($token);
    74. 

  74. 				$this->assertTrue(RequestToken::check($key));
    75. 

  75. 			}
    76. 

  76. 		}
    77. 

  77. 	}
    78. 

  78. 

  79. 	/**
    80. 

  80. 	 * Tests extracting a key from a `Request` object and matching it against a token.
    81. 

  81. 	 */
    82. 

  82. 	public function testTokenFromRequestObject() {
    83. 

  83. 		$request = new Request(array('data' => array(
    84. 

  84. 			'security' => array('token' => RequestToken::key())
    85. 

  85. 		)));
    86. 

  86. 		$this->assertTrue(RequestToken::check($request));
    87. 

  87. 	}
    88. 

  88. }
    89. 

  89. 

  90. ?>
    91.