[Summary view] [Print] [Text view]

   1  <?php
   2  /**
   3   * Tests with signatures
   4   *
   5   * @since 0.1
   6   */
   7  #[\PHPUnit\Framework\Attributes\Group('auth')]
   8  #[\PHPUnit\Framework\Attributes\Group('signatures')]
   9  class SigTest extends PHPUnit\Framework\TestCase {
  10  
  11      protected $backup_request;
  12  
  13      protected function setUp(): void {
  14          $this->backup_request = $_REQUEST;
  15      }
  16  
  17      protected function tearDown(): void {
  18          $_REQUEST = $this->backup_request;
  19      }
  20  
  21      /**
  22       * Check that empty signature isn't valid
  23       *
  24       * @since 0.1
  25       */
  26      public function test_signature_empty() {
  27          unset( $_REQUEST['signature'] );
  28          $this->assertFalse( yourls_check_signature() );
  29      }
  30  
  31      /**
  32       * Check that random signature isn't valid
  33       *
  34       * @since 0.1
  35       */
  36      public function test_signature_random() {
  37          $_REQUEST['signature'] = rand_str();
  38          $this->assertFalse( yourls_check_signature() );
  39      }
  40  
  41      /**
  42       * Check that empty signature and timestamp isn't valid
  43       *
  44       * @since 0.1
  45       */
  46      public function test_signature_timestamp_empty() {
  47          unset( $_REQUEST['signature'] );
  48          unset( $_REQUEST['timestamp'] );
  49          $this->assertFalse( yourls_check_signature_timestamp() );
  50      }
  51  
  52      /**
  53       * Check that random signature and timestamp isn't valid
  54       *
  55       * @since 0.1
  56       */
  57      public function test_signature_timestamp_random() {
  58          $_REQUEST['signature'] = rand_str();
  59          $_REQUEST['timestamp'] = rand_str();
  60          $this->assertFalse( yourls_check_signature_timestamp() );
  61      }
  62  
  63      /**
  64       * Check that valid md5 timestamped sig is valid
  65       *
  66       * @since 0.1
  67       */
  68      public function test_signature_timestamp_md5() {
  69          $timestamp = time();
  70          $_REQUEST['timestamp'] = $timestamp;
  71  
  72          global $yourls_user_passwords;
  73          $random_user = array_rand($yourls_user_passwords);
  74          $signature = yourls_auth_signature($random_user);
  75  
  76          $md5 = md5( $timestamp . $signature );
  77          $_REQUEST['signature'] = $md5;
  78          $this->assertTrue( yourls_check_signature_timestamp() );
  79  
  80          $md5 = md5( $signature . $timestamp );
  81          $_REQUEST['signature'] = $md5;
  82          $this->assertTrue( yourls_check_signature_timestamp() );
  83      }
  84  
  85      /**
  86       * Check that valid hashed timestamped sig is valid
  87       *
  88       * @since 0.1
  89       */
  90      public function test_signature_timestamp_hash() {
  91          $timestamp = time();
  92          $_REQUEST['timestamp'] = $timestamp;
  93  
  94          global $yourls_user_passwords;
  95          $random_user = array_rand($yourls_user_passwords);
  96          $signature = yourls_auth_signature($random_user);
  97  
  98          $algos = hash_algos();
  99          $random_algo = $algos[array_rand($algos)];
 100          $_REQUEST['hash'] = $random_algo;
 101  
 102          $hash = hash($random_algo, $timestamp . $signature );
 103          $_REQUEST['signature'] = $hash;
 104          $this->assertTrue( yourls_check_signature_timestamp() );
 105  
 106          $hash = hash($random_algo, $signature . $timestamp );
 107          $_REQUEST['signature'] = $hash;
 108          $this->assertTrue( yourls_check_signature_timestamp() );
 109  
 110          $_REQUEST['hash'] = rand_str();
 111          $this->assertFalse( yourls_check_signature_timestamp() );
 112      }
 113  
 114      /**
 115       * Provide valid and invalid timestamps as compared to current time and nonce life
 116       */
 117      public static function timestamps(): \Iterator {
 118          $now = time();
 119          $little_in_the_future = $now + ( YOURLS_NONCE_LIFE / 2 );
 120          $little_in_the_past   = $now - ( YOURLS_NONCE_LIFE / 2 );
 121          $far_in_the_future    = $now + ( YOURLS_NONCE_LIFE * 2 );
 122          $far_in_the_past      = $now - ( YOURLS_NONCE_LIFE * 2 );
 123          yield array( 0, false );
 124          yield array( $now, true );
 125          yield array( $little_in_the_future, true );
 126          yield array( $little_in_the_past, true );
 127          yield array( $far_in_the_future, false );
 128          yield array( $far_in_the_past, false );
 129      }
 130  
 131      /**
 132       * Check that timestamps are correctly handled (too old = bad, too future = bad, ...)
 133       *
 134       * @since 0.1
 135       */
 136      #[\PHPUnit\Framework\Attributes\DataProvider('timestamps')]
 137      public function test_check_timestamp( $timestamp, $is_valid ) {
 138          $this->assertSame(yourls_check_timestamp( $timestamp ), $is_valid );
 139      }
 140  
 141  }