Test coverage for session data change

This commit is contained in:
Ingo Schommer 2018-07-18 21:16:06 +12:00 committed by Daniel Hensby
parent 74b655d3fc
commit 73026292bf
No known key found for this signature in database
GPG Key ID: D8DEBC4C8E7BC8B9
2 changed files with 203 additions and 0 deletions

View File

@ -2,6 +2,8 @@
namespace SilverStripe\Control\Tests; namespace SilverStripe\Control\Tests;
use http\Exception\BadMessageException;
use SilverStripe\Control\Cookie;
use SilverStripe\Control\Session; use SilverStripe\Control\Session;
use SilverStripe\Dev\SapphireTest; use SilverStripe\Dev\SapphireTest;
use SilverStripe\Control\HTTPRequest; use SilverStripe\Control\HTTPRequest;
@ -22,6 +24,127 @@ class SessionTest extends SapphireTest
return parent::setUp(); return parent::setUp();
} }
/**
* @runInSeparateProcess
* @preserveGlobalState disabled
*/
public function testInitDoesNotStartSessionWithoutIdentifier()
{
$req = new HTTPRequest('GET', '/');
$session = new Session(null); // unstarted session
$session->init($req);
$this->assertFalse($session->isStarted());
}
/**
* @runInSeparateProcess
* @preserveGlobalState disabled
*/
public function testInitStartsSessionWithIdentifier()
{
$req = new HTTPRequest('GET', '/');
Cookie::set(session_name(), '1234');
$session = new Session(null); // unstarted session
$session->init($req);
$this->assertTrue($session->isStarted());
}
/**
* @runInSeparateProcess
* @preserveGlobalState disabled
*/
public function testInitStartsSessionWithData()
{
$req = new HTTPRequest('GET', '/');
$session = new Session([]);
$session->init($req);
$this->assertTrue($session->isStarted());
}
/**
* @runInSeparateProcess
* @preserveGlobalState disabled
*/
public function testStartUsesDefaultCookieNameWithHttp()
{
$req = (new HTTPRequest('GET', '/'))
->setScheme('http');
Cookie::set(session_name(), '1234');
$session = new Session(null); // unstarted session
$session->start($req);
$this->assertNotEquals(session_name(), $session->config()->get('cookie_name_secure'));
}
/**
* @runInSeparateProcess
* @preserveGlobalState disabled
*/
public function testStartUsesDefaultCookieNameWithHttpsAndCookieSecureOff()
{
$req = (new HTTPRequest('GET', '/'))
->setScheme('https');
Cookie::set(session_name(), '1234');
$session = new Session(null); // unstarted session
$session->start($req);
$this->assertNotEquals(session_name(), $session->config()->get('cookie_name_secure'));
}
/**
* @runInSeparateProcess
* @preserveGlobalState disabled
*/
public function testStartUsesSecureCookieNameWithHttpsAndCookieSecureOn()
{
$req = (new HTTPRequest('GET', '/'))
->setScheme('https');
Cookie::set(session_name(), '1234');
$session = new Session(null); // unstarted session
$session->config()->update('cookie_secure', true);
$session->start($req);
$this->assertEquals(session_name(), $session->config()->get('cookie_name_secure'));
}
/**
* @runInSeparateProcess
* @preserveGlobalState disabled
* @expectedException BadMethodCallException
* @expectedExceptionMessage Session has already started
*/
public function testStartErrorsWhenStartingTwice()
{
$req = new HTTPRequest('GET', '/');
$session = new Session(null); // unstarted session
$session->start($req);
$session->start($req);
}
/**
* @runInSeparateProcess
* @preserveGlobalState disabled
*/
public function testStartRetainsInMemoryData()
{
$this->markTestIncomplete('Test');
// TODO Figure out how to simulate session vars without a session_start() resetting them
// $_SESSION['existing'] = true;
// $_SESSION['merge'] = 1;
$req = new HTTPRequest('GET', '/');
$session = new Session(null); // unstarted session
$session->set('new', true);
$session->set('merge', 2);
$session->start($req); // simulate lazy start
$this->assertEquals(
[
// 'existing' => true,
'new' => true,
'merge' => 2
],
$session->getAll()
);
unset($_SESSION);
}
public function testGetSetBasics() public function testGetSetBasics()
{ {
$this->session->set('Test', 'Test'); $this->session->set('Test', 'Test');
@ -124,6 +247,25 @@ class SessionTest extends SapphireTest
); );
} }
public function testRequestContainsSessionId()
{
$req = new HTTPRequest('GET', '/');
$session = new Session(null); // unstarted session
$this->assertFalse($session->requestContainsSessionId($req));
Cookie::set(session_name(), '1234');
$this->assertTrue($session->requestContainsSessionId($req));
}
public function testRequestContainsSessionIdRespectsCookieNameSecure()
{
$req = (new HTTPRequest('GET', '/'))
->setScheme('https');
$session = new Session(null); // unstarted session
Cookie::set($session->config()->get('cookie_name_secure'), '1234');
$session->config()->update('cookie_secure', true);
$this->assertTrue($session->requestContainsSessionId($req));
}
public function testUserAgentLockout() public function testUserAgentLockout()
{ {
// Set a user agent // Set a user agent

View File

@ -0,0 +1,61 @@
<?php
namespace SilverStripe\Security\Tests\MemberAuthenticator;
use SilverStripe\Control\Cookie;
use SilverStripe\Control\HTTPRequest;
use SilverStripe\Control\Session;
use SilverStripe\Dev\SapphireTest;
use SilverStripe\Security\Member;
use SilverStripe\Security\MemberAuthenticator\SessionAuthenticationHandler;
class SessionAuthenticationHandlerTest extends SapphireTest
{
protected $usesDatabase = true;
/**
* @runInSeparateProcess
* @preserveGlobalState disabled
*/
public function testAuthenticateRequestDefersSessionStartWithoutSessionIdentifier()
{
$member = new Member(['Email' => 'test@example.com']);
$member->write();
$handler = new SessionAuthenticationHandler();
$session = new Session(null); // unstarted, simulates lack of session cookie
$session->set($handler->getSessionVariable(), $member->ID);
$req = new HTTPRequest('GET', '/');
$req->setSession($session);
$matchedMember = $handler->authenticateRequest($req);
$this->assertNull($matchedMember);
}
/**
* @runInSeparateProcess
* @preserveGlobalState disabled
*/
public function testAuthenticateRequestStartsSessionWithSessionIdentifier()
{
$member = new Member(['Email' => 'test@example.com']);
$member->write();
$handler = new SessionAuthenticationHandler();
$session = new Session(null); // unstarted
$session->set($handler->getSessionVariable(), $member->ID);
$req = new HTTPRequest('GET', '/');
$req->setSession($session);
Cookie::set(session_name(), '1234');
$session->start($req); // simulate detection of session cookie
$matchedMember = $handler->authenticateRequest($req);
$this->assertNotNull($matchedMember);
$this->assertEquals($matchedMember->Email, $member->Email);
}
}