museum-digital/MD_STD
32
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
master
MD_STD/tests/MD_STD_SECTest.php

105 lines
2.7 KiB
PHP
Raw Permalink Normal View History

Set a cap to maximum delay in preventing brute force attacks This is necessary because PHP-FPM fails if sleep / usleep runs beyond the maximum execution time of php.ini, leading to whole vhosts falling over.
2022-08-14 13:08:40 +02:00
<?PHP
/**
* Tests for MD_STD_SEC.
*
* @author Joshua Ramon Enslin <joshua@museum-digital.de>
*/
declare(strict_types = 1);
use PHPUnit\Framework\TestCase;
Improve test coverage for MD_STD_SEC
2024-07-11 15:32:50 +02:00
use PHPUnit\Framework\Attributes\Large;
use PHPUnit\Framework\Attributes\CoversClass;
Set a cap to maximum delay in preventing brute force attacks This is necessary because PHP-FPM fails if sleep / usleep runs beyond the maximum execution time of php.ini, leading to whole vhosts falling over.
2022-08-14 13:08:40 +02:00
/**
* Tests for MD_STD_SEC.
*/
Improve test coverage for MD_STD_SEC
2024-07-11 15:32:50 +02:00
#[large]
#[CoversClass(\MD_STD_SEC::class)]
Set a cap to maximum delay in preventing brute force attacks This is necessary because PHP-FPM fails if sleep / usleep runs beyond the maximum execution time of php.ini, leading to whole vhosts falling over.
2022-08-14 13:08:40 +02:00
final class MD_STD_SECTest extends TestCase {
/**
* Function for testing if the page can be opened using invalid values for objektnum.
*
Annotate the available tests as @small
2023-11-06 23:26:21 +01:00
* @small
Set a cap to maximum delay in preventing brute force attacks This is necessary because PHP-FPM fails if sleep / usleep runs beyond the maximum execution time of php.ini, leading to whole vhosts falling over.
2022-08-14 13:08:40 +02:00
*
* @return void
*/
public function testComputeAntiBruteForceDelayDoesNotGoOverMax():void {
$delay = MD_STD_SEC::computeAntiBruteForceDelay(100, 100, 100);
self::assertGreaterThan(0, $delay);
# self::assertLessThan(10 * 1000000, $delay); // Smaller than 10 seconds
$delay_reduced = MD_STD_SEC::computeAntiBruteForceDelay(100, 100, 100, 3);
self::assertGreaterThan(0, $delay_reduced);
self::assertLessThan(3 * 1000000, $delay_reduced); // Smaller than 10 seconds
}
Improve test coverage for MD_STD_SEC
2024-07-11 15:32:50 +02:00
/**
* Ensure getAntiCsrfToken does not work without a
* started session.
*
* @return void
*/
public function testGetAntiCsrfTokenFailsWithoutActiveSession():void {
self::expectException(Exception::class);
MD_STD_SEC::getAntiCsrfToken();
}
/**
* Ensure getAntiCsrfToken works.
*
* @return void
*/
public function testGetAntiCsrfTokenWorks():void {
session_start();
self::assertEmpty($_SESSION);
$token = MD_STD_SEC::getAntiCsrfToken();
self::assertNotEmpty($_SESSION['csrf-token']);
self::assertEquals($token, MD_STD_SEC::getAntiCsrfToken());
$_POST = [
'csrf-token' => $token,
];
self::assertTrue(MD_STD_SEC::validateAntiCsrfToken());
}
/**
* Ensure preventBruteForce works.
*
* @return void
*/
public function testPreventBruteForce():void {
self::assertTrue(MD_STD_SEC::preventBruteForce("MD_STD_TEST_SUCCESS", "test_user", 0));
$logFile = \sys_get_temp_dir() . "/logins_MD_STD_TEST_SUCCESS.json";
self::assertFileExists($logFile);
MD_STD::unlink($logFile);
}
/**
* Ensure preventBruteForce returns false on many requests.
*
* @return void
*/
public function testPreventBruteForceReturnsFalseOnManyRequests():void {
for ($i = 0; $i < 10; $i++) {
MD_STD_SEC::preventBruteForce("MD_STD_TEST_FAILURE", "test_user", 3);
}
self::assertFalse(MD_STD_SEC::preventBruteForce("MD_STD_TEST_FAILURE", "test_user", 3));
$logFile = \sys_get_temp_dir() . "/logins_MD_STD_TEST_FAILURE.json";
self::assertFileExists($logFile);
MD_STD::unlink($logFile);
}
Set a cap to maximum delay in preventing brute force attacks This is necessary because PHP-FPM fails if sleep / usleep runs beyond the maximum execution time of php.ini, leading to whole vhosts falling over.
2022-08-14 13:08:40 +02:00
}
Reference in New Issue Copy Permalink