MD_STD/tests/MD_STD_SECTest.php

105 lines
2.7 KiB
PHP

<?PHP
/**
* Tests for MD_STD_SEC.
*
* @author Joshua Ramon Enslin <joshua@museum-digital.de>
*/
declare(strict_types = 1);
use PHPUnit\Framework\TestCase;
use PHPUnit\Framework\Attributes\Large;
use PHPUnit\Framework\Attributes\CoversClass;
/**
* Tests for MD_STD_SEC.
*/
#[large]
#[CoversClass(\MD_STD_SEC::class)]
final class MD_STD_SECTest extends TestCase {
/**
* Function for testing if the page can be opened using invalid values for objektnum.
*
* @small
*
* @return void
*/
public function testComputeAntiBruteForceDelayDoesNotGoOverMax():void {
$delay = MD_STD_SEC::computeAntiBruteForceDelay(100, 100, 100);
self::assertGreaterThan(0, $delay);
# self::assertLessThan(10 * 1000000, $delay); // Smaller than 10 seconds
$delay_reduced = MD_STD_SEC::computeAntiBruteForceDelay(100, 100, 100, 3);
self::assertGreaterThan(0, $delay_reduced);
self::assertLessThan(3 * 1000000, $delay_reduced); // Smaller than 10 seconds
}
/**
* Ensure getAntiCsrfToken does not work without a
* started session.
*
* @return void
*/
public function testGetAntiCsrfTokenFailsWithoutActiveSession():void {
self::expectException(Exception::class);
MD_STD_SEC::getAntiCsrfToken();
}
/**
* Ensure getAntiCsrfToken works.
*
* @return void
*/
public function testGetAntiCsrfTokenWorks():void {
session_start();
self::assertEmpty($_SESSION);
$token = MD_STD_SEC::getAntiCsrfToken();
self::assertNotEmpty($_SESSION['csrf-token']);
self::assertEquals($token, MD_STD_SEC::getAntiCsrfToken());
$_POST = [
'csrf-token' => $token,
];
self::assertTrue(MD_STD_SEC::validateAntiCsrfToken());
}
/**
* Ensure preventBruteForce works.
*
* @return void
*/
public function testPreventBruteForce():void {
self::assertTrue(MD_STD_SEC::preventBruteForce("MD_STD_TEST_SUCCESS", "test_user", 0));
$logFile = \sys_get_temp_dir() . "/logins_MD_STD_TEST_SUCCESS.json";
self::assertFileExists($logFile);
MD_STD::unlink($logFile);
}
/**
* Ensure preventBruteForce returns false on many requests.
*
* @return void
*/
public function testPreventBruteForceReturnsFalseOnManyRequests():void {
for ($i = 0; $i < 10; $i++) {
MD_STD_SEC::preventBruteForce("MD_STD_TEST_FAILURE", "test_user", 3);
}
self::assertFalse(MD_STD_SEC::preventBruteForce("MD_STD_TEST_FAILURE", "test_user", 3));
$logFile = \sys_get_temp_dir() . "/logins_MD_STD_TEST_FAILURE.json";
self::assertFileExists($logFile);
MD_STD::unlink($logFile);
}
}