<?php
// CSRFPTest.php
// Created: 2021-06-11
// Updated: 2022-02-03

declare(strict_types=1);

use PHPUnit\Framework\TestCase;
use Index\Security\CSRFP;
use Index\Security\CSRFPIdentity;
use Index\Security\CSRFPToken;

/**
 * @covers CSRFP
 * @covers CSRFPIdentity
 * @covers CSRFPToken
 */
final class CSRFPTest extends TestCase {
    private const SECRET_1 = 'pli4v2MgGI1DHP66hIBGEXyt6iCahANp';
    private const SECRET_2 = 'WRp3MEWpb2vbcNBsx50184PXCg7tfH4D';

    public function testCSRFP(): void {
        $csrfp1 = new CSRFP(self::SECRET_1);
        $csrfp2 = new CSRFP(self::SECRET_2);

        $this->assertEquals(bin2hex($csrfp1->createHash('test', 1234, 12)), '965582c3bd762c22c18f99a5733cf9922166dbd2');
        $this->assertEquals(bin2hex($csrfp2->createHash('test', 1234, 12)), '539b4e89e7313b91c66d5d18cc6e9ff6826cc7a2');

        $token1 = $csrfp1->createToken('identity');
        $token2 = $csrfp2->createToken('identity');
        $token3 = $csrfp1->createToken('other');
        $token4 = $csrfp2->createToken('other');

        $this->assertTrue($csrfp1->verifyToken('identity', $token1));
        $this->assertTrue($csrfp2->verifyToken('identity', $token2));
        $this->assertTrue($csrfp1->verifyToken('other', $token3));
        $this->assertTrue($csrfp2->verifyToken('other', $token4));

        $this->assertFalse($csrfp2->verifyToken('identity', $token1));
        $this->assertFalse($csrfp1->verifyToken('identity', $token2));
        $this->assertFalse($csrfp2->verifyToken('other', $token3));
        $this->assertFalse($csrfp1->verifyToken('other', $token4));

        $this->assertFalse($csrfp1->verifyToken('other', $token1));
        $this->assertFalse($csrfp2->verifyToken('other', $token2));
        $this->assertFalse($csrfp1->verifyToken('identity', $token3));
        $this->assertFalse($csrfp2->verifyToken('identity', $token4));
    }

    public function testTokenDecode(): void {
        $token1 = CSRFPToken::decode('zCM1AAgHjTdDYLEcRgg5g0NHVsu69PTKurg'); // valid
        $token2 = CSRFPToken::decode('AyQ1AAgHirhWJJJnQIwYKhWaF6zfv5NkhQ0'); // valid
        $token3 = CSRFPToken::decode('KJFfkd39rrkf9Gs9g90sg90g3fdskfdsk34'); // random characters
        $token4 = CSRFPToken::decode('zCM1AAgHjTdDY'); // incomplete data
        $token5 = CSRFPToken::decode('AyQ'); // incomplete data
        $token6 = CSRFPToken::decode(''); // empty

        $this->assertEquals(bin2hex($token1->getHash()), '8d374360b11c46083983434756cbbaf4f4cabab8');
        $this->assertEquals(bin2hex($token2->getHash()), '8ab856249267408c182a159a17acdfbf9364850d');
        $this->assertEquals(bin2hex($token3->getHash()), 'aeb91ff46b3d83dd2c83dd20ddf76c91f76c937e');
        $this->assertEquals(bin2hex($token4->getHash()), '8d3743'); // data may be incomplete, but there's still something
        $this->assertEquals($token5->getHash(), '');
        $this->assertEquals($token6->getHash(), '');

        $this->assertEquals($token1->getTimestamp(), 3482572);
        $this->assertEquals($token2->getTimestamp(), 3482627);
        $this->assertEquals($token3->getTimestamp(), 2438959400);
        $this->assertEquals($token4->getTimestamp(), 3482572);
        $this->assertEquals($token5->getTimestamp(), -1);
        $this->assertEquals($token6->getTimestamp(), -1);

        $this->assertEquals($token1->getTolerance(), 1800);
        $this->assertEquals($token2->getTolerance(), 1800);
        $this->assertEquals($token3->getTolerance(), 64989);
        $this->assertEquals($token4->getTolerance(), 1800);
        $this->assertEquals($token5->getTolerance(), 0);
        $this->assertEquals($token6->getTolerance(), 0);
    }
}