80 lines
3.6 KiB
PHP
80 lines
3.6 KiB
PHP
<?php
|
|
// CSRFPTest.php
|
|
// Created: 2021-06-11
|
|
// Updated: 2022-02-03
|
|
|
|
declare(strict_types=1);
|
|
|
|
use PHPUnit\Framework\TestCase;
|
|
use Index\Security\CSRFP;
|
|
use Index\Security\CSRFPIdentity;
|
|
use Index\Security\CSRFPToken;
|
|
|
|
/**
|
|
* @covers CSRFP
|
|
* @covers CSRFPIdentity
|
|
* @covers CSRFPToken
|
|
*/
|
|
final class CSRFPTest extends TestCase {
|
|
private const SECRET_1 = 'pli4v2MgGI1DHP66hIBGEXyt6iCahANp';
|
|
private const SECRET_2 = 'WRp3MEWpb2vbcNBsx50184PXCg7tfH4D';
|
|
|
|
public function testCSRFP(): void {
|
|
$csrfp1 = new CSRFP(self::SECRET_1);
|
|
$csrfp2 = new CSRFP(self::SECRET_2);
|
|
|
|
$this->assertEquals(bin2hex($csrfp1->createHash('test', 1234, 12)), '965582c3bd762c22c18f99a5733cf9922166dbd2');
|
|
$this->assertEquals(bin2hex($csrfp2->createHash('test', 1234, 12)), '539b4e89e7313b91c66d5d18cc6e9ff6826cc7a2');
|
|
|
|
$token1 = $csrfp1->createToken('identity');
|
|
$token2 = $csrfp2->createToken('identity');
|
|
$token3 = $csrfp1->createToken('other');
|
|
$token4 = $csrfp2->createToken('other');
|
|
|
|
$this->assertTrue($csrfp1->verifyToken('identity', $token1));
|
|
$this->assertTrue($csrfp2->verifyToken('identity', $token2));
|
|
$this->assertTrue($csrfp1->verifyToken('other', $token3));
|
|
$this->assertTrue($csrfp2->verifyToken('other', $token4));
|
|
|
|
$this->assertFalse($csrfp2->verifyToken('identity', $token1));
|
|
$this->assertFalse($csrfp1->verifyToken('identity', $token2));
|
|
$this->assertFalse($csrfp2->verifyToken('other', $token3));
|
|
$this->assertFalse($csrfp1->verifyToken('other', $token4));
|
|
|
|
$this->assertFalse($csrfp1->verifyToken('other', $token1));
|
|
$this->assertFalse($csrfp2->verifyToken('other', $token2));
|
|
$this->assertFalse($csrfp1->verifyToken('identity', $token3));
|
|
$this->assertFalse($csrfp2->verifyToken('identity', $token4));
|
|
}
|
|
|
|
public function testTokenDecode(): void {
|
|
$token1 = CSRFPToken::decode('zCM1AAgHjTdDYLEcRgg5g0NHVsu69PTKurg'); // valid
|
|
$token2 = CSRFPToken::decode('AyQ1AAgHirhWJJJnQIwYKhWaF6zfv5NkhQ0'); // valid
|
|
$token3 = CSRFPToken::decode('KJFfkd39rrkf9Gs9g90sg90g3fdskfdsk34'); // random characters
|
|
$token4 = CSRFPToken::decode('zCM1AAgHjTdDY'); // incomplete data
|
|
$token5 = CSRFPToken::decode('AyQ'); // incomplete data
|
|
$token6 = CSRFPToken::decode(''); // empty
|
|
|
|
$this->assertEquals(bin2hex($token1->getHash()), '8d374360b11c46083983434756cbbaf4f4cabab8');
|
|
$this->assertEquals(bin2hex($token2->getHash()), '8ab856249267408c182a159a17acdfbf9364850d');
|
|
$this->assertEquals(bin2hex($token3->getHash()), 'aeb91ff46b3d83dd2c83dd20ddf76c91f76c937e');
|
|
$this->assertEquals(bin2hex($token4->getHash()), '8d3743'); // data may be incomplete, but there's still something
|
|
$this->assertEquals($token5->getHash(), '');
|
|
$this->assertEquals($token6->getHash(), '');
|
|
|
|
$this->assertEquals($token1->getTimestamp(), 3482572);
|
|
$this->assertEquals($token2->getTimestamp(), 3482627);
|
|
$this->assertEquals($token3->getTimestamp(), 2438959400);
|
|
$this->assertEquals($token4->getTimestamp(), 3482572);
|
|
$this->assertEquals($token5->getTimestamp(), -1);
|
|
$this->assertEquals($token6->getTimestamp(), -1);
|
|
|
|
$this->assertEquals($token1->getTolerance(), 1800);
|
|
$this->assertEquals($token2->getTolerance(), 1800);
|
|
$this->assertEquals($token3->getTolerance(), 64989);
|
|
$this->assertEquals($token4->getTolerance(), 1800);
|
|
$this->assertEquals($token5->getTolerance(), 0);
|
|
$this->assertEquals($token6->getTolerance(), 0);
|
|
}
|
|
}
|