<?php
// CSRFPTest.php
// Created: 2021-06-11
// Updated: 2023-07-11

declare(strict_types=1);

use PHPUnit\Framework\TestCase;
use Index\Security\CSRFP;

/**
 * @covers CSRFP
 */
final class CSRFPTest extends TestCase {
    private const SECRET_1 = 'oCtBmR7XS1dLOnGVoVi0wXwTLk7Ursn4';
    private const SECRET_2 = 'v6H37MPa8NHmxVvL4AzNSxrWLVkiTfPHouyTto1LXOfOyoqSU7EaSorjdM4gXlq3';

    private const TIMESTAMP_1 = 1689111761;
    private const TIMESTAMP_2 = 1689025361;

    private const P3M = 3 * 60;
    private const P5M = 5 * 60;
    private const P15M = 15 * 60;
    private const P30M = 30 * 60;
    private const P4M59S = (4 * 60) + 59;
    private const P5M30S = (5 * 60) + 30;
    private const P29M59S = (29 * 60) + 59;

    public function testCSRFP(): void {
        $csrfp1 = new CSRFP(self::SECRET_1, '8.8.8.8!12345');
        $csrfp2 = new CSRFP(self::SECRET_2, '127.0.0.1');

        $token1 = $csrfp1->createToken(self::TIMESTAMP_1);
        $token2 = $csrfp2->createToken(self::TIMESTAMP_1);
        $token3 = $csrfp1->createToken(self::TIMESTAMP_2);
        $token4 = $csrfp2->createToken(self::TIMESTAMP_2);

        $this->assertNotEquals($token1, $token2);
        $this->assertNotEquals($token2, $token3);
        $this->assertNotEquals($token3, $token4);
        $this->assertNotEquals($token4, $token1);

        $this->assertTrue($csrfp1->verifyToken($token1, -1, self::TIMESTAMP_1 + self::P15M));
        $this->assertTrue($csrfp2->verifyToken($token2, -1, self::TIMESTAMP_1 + self::P29M59S));
        $this->assertTrue($csrfp1->verifyToken($token3, -1, self::TIMESTAMP_2 + self::P15M));
        $this->assertTrue($csrfp2->verifyToken($token4, -1, self::TIMESTAMP_2 + self::P29M59S));

        $this->assertFalse($csrfp2->verifyToken($token1, -1, self::TIMESTAMP_1 + self::P15M));
        $this->assertFalse($csrfp1->verifyToken($token2, -1, self::TIMESTAMP_1 + self::P29M59S));
        $this->assertFalse($csrfp2->verifyToken($token3, -1, self::TIMESTAMP_2 + self::P15M));
        $this->assertFalse($csrfp1->verifyToken($token4, -1, self::TIMESTAMP_2 + self::P29M59S));

        $this->assertFalse($csrfp1->verifyToken($token1, -1, self::TIMESTAMP_1 + self::P30M));
        $this->assertFalse($csrfp2->verifyToken($token2, -1, self::TIMESTAMP_1 + self::P30M));
        $this->assertFalse($csrfp1->verifyToken($token3, -1, self::TIMESTAMP_2 + self::P30M));
        $this->assertFalse($csrfp2->verifyToken($token4, -1, self::TIMESTAMP_2 + self::P30M));

        $this->assertTrue($csrfp1->verifyToken($token1, self::P5M, self::TIMESTAMP_1 + self::P3M));
        $this->assertTrue($csrfp2->verifyToken($token2, self::P5M, self::TIMESTAMP_1 + self::P4M59S));
        $this->assertTrue($csrfp1->verifyToken($token3, self::P5M, self::TIMESTAMP_2 + self::P3M));
        $this->assertTrue($csrfp2->verifyToken($token4, self::P5M, self::TIMESTAMP_2 + self::P4M59S));

        $this->assertFalse($csrfp1->verifyToken($token1, self::P5M, self::TIMESTAMP_1 + self::P5M));
        $this->assertFalse($csrfp2->verifyToken($token2, self::P5M, self::TIMESTAMP_1 + self::P5M30S));
        $this->assertFalse($csrfp1->verifyToken($token3, self::P5M, self::TIMESTAMP_2 + self::P5M));
        $this->assertFalse($csrfp2->verifyToken($token4, self::P5M, self::TIMESTAMP_2 + self::P5M30S));
    }
}