jcs.org / halfmoon
a tiny mvc framework for php using php-activerecord
0
fork

Configure Feed

Select the types of activity you want to include in your feed.

EncryptedCookieSessionStore: re-enable throwing an exception on bad data

fix test that was failing because headers_sent() was reporting true,
despite this just coming from phpunit itself.

joshua stein a40790ff 97505c73

+46 -9
+2 -1
lib/session_store/encrypted_cookie.php
··· 110 110 111 111 if (hash_hmac("sha1", $data, $this->key, $raw = true) === $hmac) 112 112 return $data; 113 - /* else throw new \HalfMoon\InvalidCookieData("invalid HMAC"); */ 113 + else 114 + throw new \HalfMoon\InvalidCookieData("invalid HMAC"); 114 115 } 115 116 } 116 117
+43 -7
test/EncryptedCookieTest.php
··· 6 6 array("encryption_key" => str_repeat("0", 32))); 7 7 8 8 class EncryptedCookieTest extends PHPUnit_Framework_TestCase { 9 - static $KEY = "ef55ede724792b59a04887f7956db4be"; 10 - static $COOKIE = "_4m_session"; 9 + static $str = "australia's darrell lea soft eating liquorice"; 10 + static $key = "3d737148b5d7c1a08e0e92d26f8d020b"; 11 + static $cookie = "test"; 11 12 12 - public function setupSS() { 13 - $this->ss = new HalfMoon\EncryptedCookieSessionStore(static::$KEY); 14 - $this->ss->open("", static::$COOKIE); 13 + public function setupSS($key, $cookie) { 14 + $this->ss = new HalfMoon\EncryptedCookieSessionStore($key); 15 + $this->ss->open("", $cookie); 15 16 } 16 17 17 18 public function testCookieEncryptionAndDecryption() { 18 19 for ($z = 0; $z < 5000; $z++) { 19 - $this->setupSS(); 20 + $key = bin2hex(openssl_random_pseudo_bytes(16)); 21 + $this->setupSS($key, "test_" . $z); 20 22 21 23 $ki = rand(20, 40); 22 24 for ($k = "", $x = 0; $x++ < $ki; $k .= bin2hex(chr(mt_rand(0,255)))) ··· 29 31 $data = var_export(array($k, $v), true); 30 32 $this->ss->write("", $data); 31 33 32 - $this->setupSS(); 34 + $this->setupSS($key, "test_" . $z); 33 35 $dec_data = $this->ss->read(""); 34 36 $this->assertEquals($data, $dec_data); 35 37 } 38 + } 39 + 40 + public function testExistingDecryption() { 41 + $this->setupSS(static::$key, static::$cookie); 42 + $this->ss->write("", static::$str); 43 + $enc = $_COOKIE[static::$cookie]; 44 + $this->assertEquals(0, preg_match("/liquorice/", $enc)); 45 + 46 + $this->setupSS(static::$key, static::$cookie); 47 + $_COOKIE[static::$cookie] = $enc; 48 + $this->assertEquals(static::$str, $this->ss->read("")); 49 + } 50 + 51 + public function testBadKey() { 52 + $this->setupSS(static::$key, static::$cookie); 53 + $this->ss->write("", static::$str); 54 + $enc = $_COOKIE[static::$cookie]; 55 + 56 + $this->setupSS(str_replace("3", "4", static::$key), static::$cookie); 57 + $_COOKIE[static::$cookie] = $enc; 58 + $this->assertEquals("", $this->ss->read("")); 59 + } 60 + 61 + /** 62 + * @expectedException HalfMoon\InvalidCookieData 63 + */ 64 + public function testBadData() { 65 + $this->setupSS(static::$key, static::$cookie); 66 + $this->ss->write("", static::$str); 67 + $enc = $_COOKIE[static::$cookie]; 68 + 69 + $this->setupSS(static::$key, static::$cookie); 70 + $_COOKIE[static::$cookie] = substr($enc, 0, strlen($enc) - 5); 71 + $this->assertEquals("", $this->ss->read("")); 36 72 } 37 73 } 38 74
+1 -1
test/Makefile
··· 1 1 all: 2 - for f in *.php; do echo $$f; phpunit --verbose $$f; done 2 + for f in *.php; do echo $$f; phpunit --stderr --verbose $$f; done