/test/phpunit/SecurityTest.php

https://github.com/asterix14/dolibarr · PHP · 216 lines · 131 code · 34 blank · 51 comment · 10 complexity · e6ae0132743d60c427d1e3051afc39fd MD5 · raw file

  1. <?php
  2. /* Copyright (C) 2010 Laurent Destailleur <eldy@users.sourceforge.net>
  3. *
  4. * This program is free software; you can redistribute it and/or modify
  5. * it under the terms of the GNU General Public License as published by
  6. * the Free Software Foundation; either version 2 of the License, or
  7. * (at your option) any later version.
  8. *
  9. * This program is distributed in the hope that it will be useful,
  10. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  11. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  12. * GNU General Public License for more details.
  13. *
  14. * You should have received a copy of the GNU General Public License
  15. * along with this program; if not, write to the Free Software
  16. * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
  17. */
  18. /**
  19. * \file test/phpunit/SecurityTest.php
  20. * \ingroup test
  21. * \brief PHPUnit test
  22. * \remarks To run this script as CLI: phpunit filename.php
  23. */
  24. global $conf,$user,$langs,$db;
  25. //define('TEST_DB_FORCE_TYPE','mysql'); // This is to force using mysql driver
  26. require_once 'PHPUnit/Autoload.php';
  27. require_once dirname(__FILE__).'/../../htdocs/master.inc.php';
  28. require_once dirname(__FILE__).'/../../htdocs/core/lib/functions.lib.php';
  29. require_once dirname(__FILE__).'/../../htdocs/core/lib/security.lib.php';
  30. if (! defined('NOREQUIREUSER')) define('NOREQUIREUSER','1');
  31. if (! defined('NOREQUIREDB')) define('NOREQUIREDB','1');
  32. if (! defined('NOREQUIRESOC')) define('NOREQUIRESOC','1');
  33. if (! defined('NOREQUIRETRAN')) define('NOREQUIRETRAN','1');
  34. if (! defined('NOCSRFCHECK')) define('NOCSRFCHECK','1');
  35. if (! defined('NOTOKENRENEWAL')) define('NOTOKENRENEWAL','1');
  36. if (! defined('NOREQUIREMENU')) define('NOREQUIREMENU','1'); // If there is no menu to show
  37. if (! defined('NOREQUIREHTML')) define('NOREQUIREHTML','1'); // If we don't need to load the html.form.class.php
  38. if (! defined('NOREQUIREAJAX')) define('NOREQUIREAJAX','1');
  39. if (! defined("NOLOGIN")) define("NOLOGIN",'1'); // If this page is public (can be called outside logged session)
  40. /**
  41. * Class for PHPUnit tests
  42. *
  43. * @backupGlobals disabled
  44. * @backupStaticAttributes enabled
  45. * @remarks backupGlobals must be disabled to have db,conf,user and lang not erased.
  46. */
  47. class SecurityTest extends PHPUnit_Framework_TestCase
  48. {
  49. protected $savconf;
  50. protected $savuser;
  51. protected $savlangs;
  52. protected $savdb;
  53. /**
  54. * Constructor
  55. * We save global variables into local variables
  56. *
  57. * @return SecurityTest
  58. */
  59. function SecurityTest()
  60. {
  61. //$this->sharedFixture
  62. global $conf,$user,$langs,$db;
  63. $this->savconf=$conf;
  64. $this->savuser=$user;
  65. $this->savlangs=$langs;
  66. $this->savdb=$db;
  67. print __METHOD__." db->type=".$db->type." user->id=".$user->id;
  68. //print " - db ".$db->db;
  69. print "\n";
  70. }
  71. // Static methods
  72. public static function setUpBeforeClass()
  73. {
  74. global $conf,$user,$langs,$db;
  75. $db->begin(); // This is to have all actions inside a transaction even if test launched without suite.
  76. print __METHOD__."\n";
  77. }
  78. public static function tearDownAfterClass()
  79. {
  80. global $conf,$user,$langs,$db;
  81. $db->rollback();
  82. print __METHOD__."\n";
  83. }
  84. /**
  85. */
  86. protected function setUp()
  87. {
  88. global $conf,$user,$langs,$db;
  89. $conf=$this->savconf;
  90. $user=$this->savuser;
  91. $langs=$this->savlangs;
  92. $db=$this->savdb;
  93. print __METHOD__."\n";
  94. }
  95. /**
  96. */
  97. protected function tearDown()
  98. {
  99. print __METHOD__."\n";
  100. }
  101. /**
  102. */
  103. public function testGETPOST()
  104. {
  105. global $conf,$user,$langs,$db;
  106. $conf=$this->savconf;
  107. $user=$this->savuser;
  108. $langs=$this->savlangs;
  109. $db=$this->savdb;
  110. $_COOKIE["id"]=111;
  111. $_GET["param1"]="222";
  112. $_POST["param1"]="333";
  113. $_GET["param2"]='a/b#e(pr)qq-rr\cc';
  114. $_GET["param3"]='"a/b#e(pr)qq-rr\cc'; // Same than param2 + "
  115. $result=GETPOST("id"); // Must return nothing
  116. print __METHOD__." result=".$result."\n";
  117. $this->assertEquals($result,'');
  118. $result=GETPOST("param1",'int');
  119. print __METHOD__." result=".$result."\n";
  120. $this->assertEquals($result,222);
  121. $result=GETPOST("param1",'int',2);
  122. print __METHOD__." result=".$result."\n";
  123. $this->assertEquals($result,333);
  124. $result=GETPOST("param2",'alpha');
  125. print __METHOD__." result=".$result."\n";
  126. $this->assertEquals($result,$_GET["param2"]);
  127. $result=GETPOST("param3",'alpha'); // Must return '' as there is a forbidden char
  128. print __METHOD__." result=".$result."\n";
  129. $this->assertEquals($result,'');
  130. return $result;
  131. }
  132. /**
  133. */
  134. public function testCheckLoginPassEntity()
  135. {
  136. $login=checkLoginPassEntity('loginbidon','passwordbidon',1,array('dolibarr'));
  137. print __METHOD__." login=".$login."\n";
  138. $this->assertEquals($login,'');
  139. $login=checkLoginPassEntity('admin','passwordbidon',1,array('dolibarr'));
  140. print __METHOD__." login=".$login."\n";
  141. $this->assertEquals($login,'');
  142. $login=checkLoginPassEntity('admin','admin',1,array('dolibarr')); // Should works because admin/admin exists
  143. print __METHOD__." login=".$login."\n";
  144. $this->assertEquals($login,'admin');
  145. $login=checkLoginPassEntity('admin','admin',1,array('http','dolibarr')); // Should work because of second authetntication method
  146. print __METHOD__." login=".$login."\n";
  147. $this->assertEquals($login,'admin');
  148. $login=checkLoginPassEntity('admin','admin',1,array('forceuser'));
  149. print __METHOD__." login=".$login."\n";
  150. $this->assertEquals($login,''); // Expected '' because should failed because login 'auto' does not exists
  151. }
  152. /**
  153. */
  154. public function testEncodeDecode()
  155. {
  156. $stringtotest="This is a string to test encode/decode";
  157. $encodedstring=dol_encode($stringtotest);
  158. $decodedstring=dol_decode($encodedstring);
  159. print __METHOD__." encodedstring=".$encodedstring." ".base64_encode($stringtotest)."\n";
  160. $this->assertEquals($stringtotest,$decodedstring);
  161. return $result;
  162. }
  163. /**
  164. */
  165. public function testGetRandomPassword()
  166. {
  167. global $conf;
  168. $genpass1=getRandomPassword(true); // Should be a MD5 string return by dol_hash
  169. print __METHOD__." genpass1=".$genpass1."\n";
  170. $this->assertEquals(strlen($genpass1),32);
  171. $conf->global->USER_PASSWORD_GENERATED='None';
  172. $genpass2=getRandomPassword(false); // Should be an empty string
  173. print __METHOD__." genpass2=".$genpass2."\n";
  174. $this->assertEquals($genpass2,'');
  175. $conf->global->USER_PASSWORD_GENERATED='Standard';
  176. $genpass3=getRandomPassword(false);
  177. print __METHOD__." genpass3=".$genpass3."\n";
  178. $this->assertEquals(strlen($genpass3),8);
  179. return $result;
  180. }
  181. }
  182. ?>