<?PHP
/**
 * Tests for MD_STD_SEC.
 *
 * @author Joshua Ramon Enslin <joshua@museum-digital.de>
 */
declare(strict_types = 1);

use PHPUnit\Framework\TestCase;
use PHPUnit\Framework\Attributes\Large;
use PHPUnit\Framework\Attributes\CoversClass;

/**
 * Tests for MD_STD_SEC.
 */
#[large]
#[CoversClass(\MD_STD_SEC::class)]
final class MD_STD_SECTest extends TestCase {
    /**
     * Function for testing if the page can be opened using invalid values for objektnum.
     *
     * @small
     *
     * @return void
     */
    public function testComputeAntiBruteForceDelayDoesNotGoOverMax():void {

        $delay = MD_STD_SEC::computeAntiBruteForceDelay(100, 100, 100);
        self::assertGreaterThan(0, $delay);
        # self::assertLessThan(10 * 1000000, $delay); // Smaller than 10 seconds

        $delay_reduced = MD_STD_SEC::computeAntiBruteForceDelay(100, 100, 100, 3);
        self::assertGreaterThan(0, $delay_reduced);
        self::assertLessThan(3 * 1000000, $delay_reduced); // Smaller than 10 seconds

    }

    /**
     * Ensure getAntiCsrfToken does not work without a
     * started session.
     *
     * @return void
     */
    public function testGetAntiCsrfTokenFailsWithoutActiveSession():void {

        self::expectException(Exception::class);
        MD_STD_SEC::getAntiCsrfToken();

    }

    /**
     * Ensure getAntiCsrfToken works.
     *
     * @return void
     */
    public function testGetAntiCsrfTokenWorks():void {

        session_start();
        self::assertEmpty($_SESSION);
        $token = MD_STD_SEC::getAntiCsrfToken();
        self::assertNotEmpty($_SESSION['csrf-token']);
        self::assertEquals($token, MD_STD_SEC::getAntiCsrfToken());

        $_POST = [
            'csrf-token' => $token,
        ];
        self::assertTrue(MD_STD_SEC::validateAntiCsrfToken());

    }

    /**
     * Ensure preventBruteForce works.
     *
     * @return void
     */
    public function testPreventBruteForce():void {

        self::assertTrue(MD_STD_SEC::preventBruteForce("MD_STD_TEST_SUCCESS", "test_user", 0));

        $logFile = \sys_get_temp_dir() . "/logins_MD_STD_TEST_SUCCESS.json";
        self::assertFileExists($logFile);
        MD_STD::unlink($logFile);

    }

    /**
     * Ensure preventBruteForce returns false on many requests.
     *
     * @return void
     */
    public function testPreventBruteForceReturnsFalseOnManyRequests():void {

        for ($i = 0; $i < 10; $i++) {
            MD_STD_SEC::preventBruteForce("MD_STD_TEST_FAILURE", "test_user", 3);
        }

        self::assertFalse(MD_STD_SEC::preventBruteForce("MD_STD_TEST_FAILURE", "test_user", 3));

        $logFile = \sys_get_temp_dir() . "/logins_MD_STD_TEST_FAILURE.json";
        self::assertFileExists($logFile);
        MD_STD::unlink($logFile);

    }
}