PageRenderTime 22ms CodeModel.GetById 23ms RepoModel.GetById 0ms app.codeStats 0ms

/cake/tests/cases/libs/cake_session.test.php

https://github.com/bb-dev/cakephp
PHP | 477 lines | 246 code | 68 blank | 163 comment | 1 complexity | e5a5aa65d872581fa99b3bc702c6620a MD5 | raw file
  1. <?php
  2. /**
  3. * SessionTest file
  4. *
  5. * PHP versions 4 and 5
  6. *
  7. * CakePHP(tm) Tests <http://book.cakephp.org/view/1196/Testing>
  8. * Copyright 2005-2010, Cake Software Foundation, Inc. (http://cakefoundation.org)
  9. *
  10. * Licensed under The Open Group Test Suite License
  11. * Redistributions of files must retain the above copyright notice.
  12. *
  13. * @copyright Copyright 2005-2010, Cake Software Foundation, Inc. (http://cakefoundation.org)
  14. * @link http://book.cakephp.org/view/1196/Testing CakePHP(tm) Tests
  15. * @package cake
  16. * @subpackage cake.tests.cases.libs
  17. * @since CakePHP(tm) v 1.2.0.4206
  18. * @license http://www.opensource.org/licenses/opengroup.php The Open Group Test Suite License
  19. */
  20. if (!class_exists('CakeSession')) {
  21. App::import('Core', 'CakeSession');
  22. }
  23. /**
  24. * CakeSessionTest class
  25. *
  26. * @package cake
  27. * @subpackage cake.tests.cases.libs
  28. */
  29. class CakeSessionTest extends CakeTestCase {
  30. /**
  31. * Fixtures used in the SessionTest
  32. *
  33. * @var array
  34. * @access public
  35. */
  36. var $fixtures = array('core.session');
  37. /**
  38. * startCase method
  39. *
  40. * @access public
  41. * @return void
  42. */
  43. function startCase() {
  44. // Make sure garbage colector will be called
  45. $this->__gc_divisor = ini_get('session.gc_divisor');
  46. ini_set('session.gc_divisor', '1');
  47. }
  48. /**
  49. * endCase method
  50. *
  51. * @access public
  52. * @return void
  53. */
  54. function endCase() {
  55. // Revert to the default setting
  56. ini_set('session.gc_divisor', $this->__gc_divisor);
  57. }
  58. /**
  59. * setUp method
  60. *
  61. * @access public
  62. * @return void
  63. */
  64. function setUp() {
  65. $this->Session =& new CakeSession();
  66. $this->Session->start();
  67. $this->Session->_checkValid();
  68. }
  69. /**
  70. * tearDown method
  71. *
  72. * @access public
  73. * @return void
  74. */
  75. function tearDown() {
  76. unset($_SESSION);
  77. session_destroy();
  78. }
  79. /**
  80. * testSessionPath
  81. *
  82. * @access public
  83. * @return void
  84. */
  85. function testSessionPath() {
  86. $Session = new CakeSession('/index.php');
  87. $this->assertEqual('/', $Session->path);
  88. $Session = new CakeSession('/sub_dir/index.php');
  89. $this->assertEqual('/sub_dir/', $Session->path);
  90. $Session = new CakeSession('');
  91. $this->assertEqual('/', $Session->path, 'Session path is empty, with "" as $base needs to be / %s');
  92. }
  93. /**
  94. * testCheck method
  95. *
  96. * @access public
  97. * @return void
  98. */
  99. function testCheck() {
  100. $this->Session->write('SessionTestCase', 'value');
  101. $this->assertTrue($this->Session->check('SessionTestCase'));
  102. $this->assertFalse($this->Session->check('NotExistingSessionTestCase'), false);
  103. }
  104. /**
  105. * testSimpleRead method
  106. *
  107. * @access public
  108. * @return void
  109. */
  110. function testSimpleRead() {
  111. $this->Session->write('testing', '1,2,3');
  112. $result = $this->Session->read('testing');
  113. $this->assertEqual($result, '1,2,3');
  114. $this->Session->write('testing', array('1' => 'one', '2' => 'two','3' => 'three'));
  115. $result = $this->Session->read('testing.1');
  116. $this->assertEqual($result, 'one');
  117. $result = $this->Session->read('testing');
  118. $this->assertEqual($result, array('1' => 'one', '2' => 'two', '3' => 'three'));
  119. $result = $this->Session->read();
  120. $this->assertTrue(isset($result['testing']));
  121. $this->assertTrue(isset($result['Config']));
  122. $this->assertTrue(isset($result['Config']['userAgent']));
  123. $this->Session->write('This.is.a.deep.array.my.friend', 'value');
  124. $result = $this->Session->read('This.is.a.deep.array.my.friend');
  125. $this->assertEqual('value', $result);
  126. }
  127. /**
  128. * testId method
  129. *
  130. * @access public
  131. * @return void
  132. */
  133. function testId() {
  134. $expected = session_id();
  135. $result = $this->Session->id();
  136. $this->assertEqual($result, $expected);
  137. $this->Session->id('MySessionId');
  138. $result = $this->Session->id();
  139. $this->assertEqual($result, 'MySessionId');
  140. }
  141. /**
  142. * testStarted method
  143. *
  144. * @access public
  145. * @return void
  146. */
  147. function testStarted() {
  148. $this->assertTrue($this->Session->started());
  149. unset($_SESSION);
  150. $_SESSION = null;
  151. $this->assertFalse($this->Session->started());
  152. $this->assertTrue($this->Session->start());
  153. $session = new CakeSession(null, false);
  154. $this->assertTrue($session->started());
  155. unset($session);
  156. }
  157. /**
  158. * testError method
  159. *
  160. * @access public
  161. * @return void
  162. */
  163. function testError() {
  164. $this->Session->read('Does.not.exist');
  165. $result = $this->Session->error();
  166. $this->assertEqual($result, "Does.not.exist doesn't exist");
  167. $this->Session->delete('Failing.delete');
  168. $result = $this->Session->error();
  169. $this->assertEqual($result, "Failing.delete doesn't exist");
  170. }
  171. /**
  172. * testDel method
  173. *
  174. * @access public
  175. * @return void
  176. */
  177. function testDelete() {
  178. $this->assertTrue($this->Session->write('Delete.me', 'Clearing out'));
  179. $this->assertTrue($this->Session->delete('Delete.me'));
  180. $this->assertFalse($this->Session->check('Delete.me'));
  181. $this->assertTrue($this->Session->check('Delete'));
  182. $this->assertTrue($this->Session->write('Clearing.sale', 'everything must go'));
  183. $this->assertTrue($this->Session->delete('Clearing'));
  184. $this->assertFalse($this->Session->check('Clearing.sale'));
  185. $this->assertFalse($this->Session->check('Clearing'));
  186. }
  187. /**
  188. * testWatchVar method
  189. *
  190. * @access public
  191. * @return void
  192. */
  193. function testWatchVar() {
  194. $this->assertFalse($this->Session->watch(null));
  195. $this->Session->write('Watching', "I'm watching you");
  196. $this->Session->watch('Watching');
  197. $this->expectError('Writing session key {Watching}: "They found us!"');
  198. $this->Session->write('Watching', 'They found us!');
  199. $this->expectError('Deleting session key {Watching}');
  200. $this->Session->delete('Watching');
  201. $this->assertFalse($this->Session->watch('Invalid.key'));
  202. }
  203. /**
  204. * testIgnore method
  205. *
  206. * @access public
  207. * @return void
  208. */
  209. function testIgnore() {
  210. $this->Session->write('Watching', "I'm watching you");
  211. $this->Session->watch('Watching');
  212. $this->Session->ignore('Watching');
  213. $this->assertTrue($this->Session->write('Watching', 'They found us!'));
  214. }
  215. /**
  216. * testDestroy method
  217. *
  218. * @access public
  219. * @return void
  220. */
  221. function testDestroy() {
  222. $this->Session->write('bulletProof', 'invicible');
  223. $id = $this->Session->id();
  224. $this->Session->destroy();
  225. $this->assertFalse($this->Session->check('bulletProof'));
  226. $this->assertNotEqual($id, $this->Session->id());
  227. $this->assertTrue($this->Session->started());
  228. $this->Session->cookieLifeTime = 'test';
  229. $this->Session->destroy();
  230. $this->assertNotEqual('test', $this->Session->cookieLifeTime);
  231. }
  232. /**
  233. * testCheckingSavedEmpty method
  234. *
  235. * @access public
  236. * @return void
  237. */
  238. function testCheckingSavedEmpty() {
  239. $this->assertTrue($this->Session->write('SessionTestCase', 0));
  240. $this->assertTrue($this->Session->check('SessionTestCase'));
  241. $this->assertTrue($this->Session->write('SessionTestCase', '0'));
  242. $this->assertTrue($this->Session->check('SessionTestCase'));
  243. $this->assertTrue($this->Session->write('SessionTestCase', false));
  244. $this->assertTrue($this->Session->check('SessionTestCase'));
  245. $this->assertTrue($this->Session->write('SessionTestCase', null));
  246. $this->assertFalse($this->Session->check('SessionTestCase'));
  247. }
  248. /**
  249. * testCheckKeyWithSpaces method
  250. *
  251. * @access public
  252. * @return void
  253. */
  254. function testCheckKeyWithSpaces() {
  255. $this->assertTrue($this->Session->write('Session Test', "test"));
  256. $this->assertEqual($this->Session->check('Session Test'), 'test');
  257. $this->Session->delete('Session Test');
  258. $this->assertTrue($this->Session->write('Session Test.Test Case', "test"));
  259. $this->assertTrue($this->Session->check('Session Test.Test Case'));
  260. }
  261. /**
  262. * test key exploitation
  263. *
  264. * @return void
  265. */
  266. function testKeyExploit() {
  267. $key = "a'] = 1; phpinfo(); \$_SESSION['a";
  268. $result = $this->Session->write($key, 'haxored');
  269. $this->assertTrue($result);
  270. $result = $this->Session->read($key);
  271. $this->assertEqual($result, 'haxored');
  272. }
  273. /**
  274. * testReadingSavedEmpty method
  275. *
  276. * @access public
  277. * @return void
  278. */
  279. function testReadingSavedEmpty() {
  280. $this->Session->write('SessionTestCase', 0);
  281. $this->assertEqual($this->Session->read('SessionTestCase'), 0);
  282. $this->Session->write('SessionTestCase', '0');
  283. $this->assertEqual($this->Session->read('SessionTestCase'), '0');
  284. $this->assertFalse($this->Session->read('SessionTestCase') === 0);
  285. $this->Session->write('SessionTestCase', false);
  286. $this->assertFalse($this->Session->read('SessionTestCase'));
  287. $this->Session->write('SessionTestCase', null);
  288. $this->assertEqual($this->Session->read('SessionTestCase'), null);
  289. }
  290. /**
  291. * testCheckUserAgentFalse method
  292. *
  293. * @access public
  294. * @return void
  295. */
  296. function testCheckUserAgentFalse() {
  297. Configure::write('Session.checkAgent', false);
  298. $this->Session->_userAgent = md5('http://randomdomainname.com' . Configure::read('Security.salt'));
  299. $this->assertTrue($this->Session->valid());
  300. }
  301. /**
  302. * testCheckUserAgentTrue method
  303. *
  304. * @access public
  305. * @return void
  306. */
  307. function testCheckUserAgentTrue() {
  308. Configure::write('Session.checkAgent', true);
  309. $this->Session->_userAgent = md5('http://randomdomainname.com' . Configure::read('Security.salt'));
  310. $this->assertFalse($this->Session->valid());
  311. }
  312. /**
  313. * testReadAndWriteWithDatabaseStorage method
  314. *
  315. * @access public
  316. * @return void
  317. */
  318. function testReadAndWriteWithCakeStorage() {
  319. unset($_SESSION);
  320. session_destroy();
  321. ini_set('session.save_handler', 'files');
  322. Configure::write('Session.save', 'cake');
  323. $this->setUp();
  324. $this->Session->write('SessionTestCase', 0);
  325. $this->assertEqual($this->Session->read('SessionTestCase'), 0);
  326. $this->Session->write('SessionTestCase', '0');
  327. $this->assertEqual($this->Session->read('SessionTestCase'), '0');
  328. $this->assertFalse($this->Session->read('SessionTestCase') === 0);
  329. $this->Session->write('SessionTestCase', false);
  330. $this->assertFalse($this->Session->read('SessionTestCase'));
  331. $this->Session->write('SessionTestCase', null);
  332. $this->assertEqual($this->Session->read('SessionTestCase'), null);
  333. $this->Session->write('SessionTestCase', 'This is a Test');
  334. $this->assertEqual($this->Session->read('SessionTestCase'), 'This is a Test');
  335. $this->Session->write('SessionTestCase', 'This is a Test');
  336. $this->Session->write('SessionTestCase', 'This was updated');
  337. $this->assertEqual($this->Session->read('SessionTestCase'), 'This was updated');
  338. $this->Session->destroy();
  339. $this->assertFalse($this->Session->read('SessionTestCase'));
  340. }
  341. /**
  342. * testReadAndWriteWithDatabaseStorage method
  343. *
  344. * @access public
  345. * @return void
  346. */
  347. function testReadAndWriteWithCacheStorage() {
  348. unset($_SESSION);
  349. session_destroy();
  350. ini_set('session.save_handler', 'files');
  351. Configure::write('Session.save', 'cache');
  352. $this->setUp();
  353. $this->Session->write('SessionTestCase', 0);
  354. $this->assertEqual($this->Session->read('SessionTestCase'), 0);
  355. $this->Session->write('SessionTestCase', '0');
  356. $this->assertEqual($this->Session->read('SessionTestCase'), '0');
  357. $this->assertFalse($this->Session->read('SessionTestCase') === 0);
  358. $this->Session->write('SessionTestCase', false);
  359. $this->assertFalse($this->Session->read('SessionTestCase'));
  360. $this->Session->write('SessionTestCase', null);
  361. $this->assertEqual($this->Session->read('SessionTestCase'), null);
  362. $this->Session->write('SessionTestCase', 'This is a Test');
  363. $this->assertEqual($this->Session->read('SessionTestCase'), 'This is a Test');
  364. $this->Session->write('SessionTestCase', 'This is a Test');
  365. $this->Session->write('SessionTestCase', 'This was updated');
  366. $this->assertEqual($this->Session->read('SessionTestCase'), 'This was updated');
  367. $this->Session->destroy();
  368. $this->assertFalse($this->Session->read('SessionTestCase'));
  369. }
  370. /**
  371. * testReadAndWriteWithDatabaseStorage method
  372. *
  373. * @access public
  374. * @return void
  375. */
  376. function testReadAndWriteWithDatabaseStorage() {
  377. unset($_SESSION);
  378. session_destroy();
  379. Configure::write('Session.table', 'sessions');
  380. Configure::write('Session.model', 'Session');
  381. Configure::write('Session.database', 'test_suite');
  382. Configure::write('Session.save', 'database');
  383. $this->setUp();
  384. $this->Session->write('SessionTestCase', 0);
  385. $this->assertEqual($this->Session->read('SessionTestCase'), 0);
  386. $this->Session->write('SessionTestCase', '0');
  387. $this->assertEqual($this->Session->read('SessionTestCase'), '0');
  388. $this->assertFalse($this->Session->read('SessionTestCase') === 0);
  389. $this->Session->write('SessionTestCase', false);
  390. $this->assertFalse($this->Session->read('SessionTestCase'));
  391. $this->Session->write('SessionTestCase', null);
  392. $this->assertEqual($this->Session->read('SessionTestCase'), null);
  393. $this->Session->write('SessionTestCase', 'This is a Test');
  394. $this->assertEqual($this->Session->read('SessionTestCase'), 'This is a Test');
  395. $this->Session->write('SessionTestCase', 'Some additional data');
  396. $this->assertEqual($this->Session->read('SessionTestCase'), 'Some additional data');
  397. $this->Session->destroy();
  398. $this->assertFalse($this->Session->read('SessionTestCase'));
  399. session_write_close();
  400. unset($_SESSION);
  401. ini_set('session.save_handler', 'files');
  402. Configure::write('Session.save', 'php');
  403. $this->setUp();
  404. }
  405. }