Improve test coverage for MD_STD_SEC

tests/MD_STD_SECTest.php

@@ -7,12 +7,14 @@
 declare(strict_types = 1);
 
 use PHPUnit\Framework\TestCase;
-
-require __DIR__ . '/../src/MD_STD_SEC.php';
+use PHPUnit\Framework\Attributes\Large;
+use PHPUnit\Framework\Attributes\CoversClass;
 
 /**
  * Tests for MD_STD_SEC.
  */
+#[large]
+#[CoversClass(\MD_STD_SEC::class)]
 final class MD_STD_SECTest extends TestCase {
     /**
      * Function for testing if the page can be opened using invalid values for objektnum.
@@ -32,4 +34,71 @@ final class MD_STD_SECTest extends TestCase {
         self::assertLessThan(3 * 1000000, $delay_reduced); // Smaller than 10 seconds
 
     }
+
+    /**
+     * Ensure getAntiCsrfToken does not work without a
+     * started session.
+     *
+     * @return void
+     */
+    public function testGetAntiCsrfTokenFailsWithoutActiveSession():void {
+
+        self::expectException(Exception::class);
+        MD_STD_SEC::getAntiCsrfToken();
+
+    }
+
+    /**
+     * Ensure getAntiCsrfToken works.
+     *
+     * @return void
+     */
+    public function testGetAntiCsrfTokenWorks():void {
+
+        session_start();
+        self::assertEmpty($_SESSION);
+        $token = MD_STD_SEC::getAntiCsrfToken();
+        self::assertNotEmpty($_SESSION['csrf-token']);
+        self::assertEquals($token, MD_STD_SEC::getAntiCsrfToken());
+
+        $_POST = [
+            'csrf-token' => $token,
+        ];
+        self::assertTrue(MD_STD_SEC::validateAntiCsrfToken());
+
+    }
+
+    /**
+     * Ensure preventBruteForce works.
+     *
+     * @return void
+     */
+    public function testPreventBruteForce():void {
+
+        self::assertTrue(MD_STD_SEC::preventBruteForce("MD_STD_TEST_SUCCESS", "test_user", 0));
+
+        $logFile = \sys_get_temp_dir() . "/logins_MD_STD_TEST_SUCCESS.json";
+        self::assertFileExists($logFile);
+        MD_STD::unlink($logFile);
+
+    }
+
+    /**
+     * Ensure preventBruteForce returns false on many requests.
+     *
+     * @return void
+     */
+    public function testPreventBruteForceReturnsFalseOnManyRequests():void {
+
+        for ($i = 0; $i < 10; $i++) {
+            MD_STD_SEC::preventBruteForce("MD_STD_TEST_FAILURE", "test_user", 3);
+        }
+
+        self::assertFalse(MD_STD_SEC::preventBruteForce("MD_STD_TEST_FAILURE", "test_user", 3));
+
+        $logFile = \sys_get_temp_dir() . "/logins_MD_STD_TEST_FAILURE.json";
+        self::assertFileExists($logFile);
+        MD_STD::unlink($logFile);
+
+    }
 }