mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-10-22 14:05:37 +02:00
Test coverage for session data change
This commit is contained in:
parent
74b655d3fc
commit
73026292bf
@ -2,6 +2,8 @@
|
|||||||
|
|
||||||
namespace SilverStripe\Control\Tests;
|
namespace SilverStripe\Control\Tests;
|
||||||
|
|
||||||
|
use http\Exception\BadMessageException;
|
||||||
|
use SilverStripe\Control\Cookie;
|
||||||
use SilverStripe\Control\Session;
|
use SilverStripe\Control\Session;
|
||||||
use SilverStripe\Dev\SapphireTest;
|
use SilverStripe\Dev\SapphireTest;
|
||||||
use SilverStripe\Control\HTTPRequest;
|
use SilverStripe\Control\HTTPRequest;
|
||||||
@ -22,6 +24,127 @@ class SessionTest extends SapphireTest
|
|||||||
return parent::setUp();
|
return parent::setUp();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @runInSeparateProcess
|
||||||
|
* @preserveGlobalState disabled
|
||||||
|
*/
|
||||||
|
public function testInitDoesNotStartSessionWithoutIdentifier()
|
||||||
|
{
|
||||||
|
$req = new HTTPRequest('GET', '/');
|
||||||
|
$session = new Session(null); // unstarted session
|
||||||
|
$session->init($req);
|
||||||
|
$this->assertFalse($session->isStarted());
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @runInSeparateProcess
|
||||||
|
* @preserveGlobalState disabled
|
||||||
|
*/
|
||||||
|
public function testInitStartsSessionWithIdentifier()
|
||||||
|
{
|
||||||
|
$req = new HTTPRequest('GET', '/');
|
||||||
|
Cookie::set(session_name(), '1234');
|
||||||
|
$session = new Session(null); // unstarted session
|
||||||
|
$session->init($req);
|
||||||
|
$this->assertTrue($session->isStarted());
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @runInSeparateProcess
|
||||||
|
* @preserveGlobalState disabled
|
||||||
|
*/
|
||||||
|
public function testInitStartsSessionWithData()
|
||||||
|
{
|
||||||
|
$req = new HTTPRequest('GET', '/');
|
||||||
|
$session = new Session([]);
|
||||||
|
$session->init($req);
|
||||||
|
$this->assertTrue($session->isStarted());
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @runInSeparateProcess
|
||||||
|
* @preserveGlobalState disabled
|
||||||
|
*/
|
||||||
|
public function testStartUsesDefaultCookieNameWithHttp()
|
||||||
|
{
|
||||||
|
$req = (new HTTPRequest('GET', '/'))
|
||||||
|
->setScheme('http');
|
||||||
|
Cookie::set(session_name(), '1234');
|
||||||
|
$session = new Session(null); // unstarted session
|
||||||
|
$session->start($req);
|
||||||
|
$this->assertNotEquals(session_name(), $session->config()->get('cookie_name_secure'));
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @runInSeparateProcess
|
||||||
|
* @preserveGlobalState disabled
|
||||||
|
*/
|
||||||
|
public function testStartUsesDefaultCookieNameWithHttpsAndCookieSecureOff()
|
||||||
|
{
|
||||||
|
$req = (new HTTPRequest('GET', '/'))
|
||||||
|
->setScheme('https');
|
||||||
|
Cookie::set(session_name(), '1234');
|
||||||
|
$session = new Session(null); // unstarted session
|
||||||
|
$session->start($req);
|
||||||
|
$this->assertNotEquals(session_name(), $session->config()->get('cookie_name_secure'));
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @runInSeparateProcess
|
||||||
|
* @preserveGlobalState disabled
|
||||||
|
*/
|
||||||
|
public function testStartUsesSecureCookieNameWithHttpsAndCookieSecureOn()
|
||||||
|
{
|
||||||
|
$req = (new HTTPRequest('GET', '/'))
|
||||||
|
->setScheme('https');
|
||||||
|
Cookie::set(session_name(), '1234');
|
||||||
|
$session = new Session(null); // unstarted session
|
||||||
|
$session->config()->update('cookie_secure', true);
|
||||||
|
$session->start($req);
|
||||||
|
$this->assertEquals(session_name(), $session->config()->get('cookie_name_secure'));
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @runInSeparateProcess
|
||||||
|
* @preserveGlobalState disabled
|
||||||
|
* @expectedException BadMethodCallException
|
||||||
|
* @expectedExceptionMessage Session has already started
|
||||||
|
*/
|
||||||
|
public function testStartErrorsWhenStartingTwice()
|
||||||
|
{
|
||||||
|
$req = new HTTPRequest('GET', '/');
|
||||||
|
$session = new Session(null); // unstarted session
|
||||||
|
$session->start($req);
|
||||||
|
$session->start($req);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @runInSeparateProcess
|
||||||
|
* @preserveGlobalState disabled
|
||||||
|
*/
|
||||||
|
public function testStartRetainsInMemoryData()
|
||||||
|
{
|
||||||
|
$this->markTestIncomplete('Test');
|
||||||
|
// TODO Figure out how to simulate session vars without a session_start() resetting them
|
||||||
|
// $_SESSION['existing'] = true;
|
||||||
|
// $_SESSION['merge'] = 1;
|
||||||
|
$req = new HTTPRequest('GET', '/');
|
||||||
|
$session = new Session(null); // unstarted session
|
||||||
|
$session->set('new', true);
|
||||||
|
$session->set('merge', 2);
|
||||||
|
$session->start($req); // simulate lazy start
|
||||||
|
$this->assertEquals(
|
||||||
|
[
|
||||||
|
// 'existing' => true,
|
||||||
|
'new' => true,
|
||||||
|
'merge' => 2
|
||||||
|
],
|
||||||
|
$session->getAll()
|
||||||
|
);
|
||||||
|
|
||||||
|
unset($_SESSION);
|
||||||
|
}
|
||||||
|
|
||||||
public function testGetSetBasics()
|
public function testGetSetBasics()
|
||||||
{
|
{
|
||||||
$this->session->set('Test', 'Test');
|
$this->session->set('Test', 'Test');
|
||||||
@ -124,6 +247,25 @@ class SessionTest extends SapphireTest
|
|||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function testRequestContainsSessionId()
|
||||||
|
{
|
||||||
|
$req = new HTTPRequest('GET', '/');
|
||||||
|
$session = new Session(null); // unstarted session
|
||||||
|
$this->assertFalse($session->requestContainsSessionId($req));
|
||||||
|
Cookie::set(session_name(), '1234');
|
||||||
|
$this->assertTrue($session->requestContainsSessionId($req));
|
||||||
|
}
|
||||||
|
|
||||||
|
public function testRequestContainsSessionIdRespectsCookieNameSecure()
|
||||||
|
{
|
||||||
|
$req = (new HTTPRequest('GET', '/'))
|
||||||
|
->setScheme('https');
|
||||||
|
$session = new Session(null); // unstarted session
|
||||||
|
Cookie::set($session->config()->get('cookie_name_secure'), '1234');
|
||||||
|
$session->config()->update('cookie_secure', true);
|
||||||
|
$this->assertTrue($session->requestContainsSessionId($req));
|
||||||
|
}
|
||||||
|
|
||||||
public function testUserAgentLockout()
|
public function testUserAgentLockout()
|
||||||
{
|
{
|
||||||
// Set a user agent
|
// Set a user agent
|
||||||
|
@ -0,0 +1,61 @@
|
|||||||
|
<?php
|
||||||
|
namespace SilverStripe\Security\Tests\MemberAuthenticator;
|
||||||
|
|
||||||
|
use SilverStripe\Control\Cookie;
|
||||||
|
use SilverStripe\Control\HTTPRequest;
|
||||||
|
use SilverStripe\Control\Session;
|
||||||
|
use SilverStripe\Dev\SapphireTest;
|
||||||
|
|
||||||
|
use SilverStripe\Security\Member;
|
||||||
|
use SilverStripe\Security\MemberAuthenticator\SessionAuthenticationHandler;
|
||||||
|
|
||||||
|
class SessionAuthenticationHandlerTest extends SapphireTest
|
||||||
|
{
|
||||||
|
protected $usesDatabase = true;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @runInSeparateProcess
|
||||||
|
* @preserveGlobalState disabled
|
||||||
|
*/
|
||||||
|
public function testAuthenticateRequestDefersSessionStartWithoutSessionIdentifier()
|
||||||
|
{
|
||||||
|
$member = new Member(['Email' => 'test@example.com']);
|
||||||
|
$member->write();
|
||||||
|
|
||||||
|
$handler = new SessionAuthenticationHandler();
|
||||||
|
|
||||||
|
$session = new Session(null); // unstarted, simulates lack of session cookie
|
||||||
|
$session->set($handler->getSessionVariable(), $member->ID);
|
||||||
|
|
||||||
|
$req = new HTTPRequest('GET', '/');
|
||||||
|
$req->setSession($session);
|
||||||
|
|
||||||
|
$matchedMember = $handler->authenticateRequest($req);
|
||||||
|
$this->assertNull($matchedMember);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @runInSeparateProcess
|
||||||
|
* @preserveGlobalState disabled
|
||||||
|
*/
|
||||||
|
public function testAuthenticateRequestStartsSessionWithSessionIdentifier()
|
||||||
|
{
|
||||||
|
$member = new Member(['Email' => 'test@example.com']);
|
||||||
|
$member->write();
|
||||||
|
|
||||||
|
$handler = new SessionAuthenticationHandler();
|
||||||
|
|
||||||
|
$session = new Session(null); // unstarted
|
||||||
|
$session->set($handler->getSessionVariable(), $member->ID);
|
||||||
|
|
||||||
|
$req = new HTTPRequest('GET', '/');
|
||||||
|
$req->setSession($session);
|
||||||
|
|
||||||
|
Cookie::set(session_name(), '1234');
|
||||||
|
$session->start($req); // simulate detection of session cookie
|
||||||
|
|
||||||
|
$matchedMember = $handler->authenticateRequest($req);
|
||||||
|
$this->assertNotNull($matchedMember);
|
||||||
|
$this->assertEquals($matchedMember->Email, $member->Email);
|
||||||
|
}
|
||||||
|
}
|
Loading…
Reference in New Issue
Block a user