478 lines
13 KiB
PHP
478 lines
13 KiB
PHP
<?php
|
|
/**
|
|
* SessionTest file
|
|
*
|
|
* PHP versions 4 and 5
|
|
*
|
|
* CakePHP(tm) Tests <http://book.cakephp.org/view/1196/Testing>
|
|
* Copyright 2005-2010, Cake Software Foundation, Inc. (http://cakefoundation.org)
|
|
*
|
|
* Licensed under The Open Group Test Suite License
|
|
* Redistributions of files must retain the above copyright notice.
|
|
*
|
|
* @copyright Copyright 2005-2010, Cake Software Foundation, Inc. (http://cakefoundation.org)
|
|
* @link http://book.cakephp.org/view/1196/Testing CakePHP(tm) Tests
|
|
* @package cake
|
|
* @subpackage cake.tests.cases.libs
|
|
* @since CakePHP(tm) v 1.2.0.4206
|
|
* @license http://www.opensource.org/licenses/opengroup.php The Open Group Test Suite License
|
|
*/
|
|
if (!class_exists('CakeSession')) {
|
|
App::import('Core', 'CakeSession');
|
|
}
|
|
|
|
/**
|
|
* CakeSessionTest class
|
|
*
|
|
* @package cake
|
|
* @subpackage cake.tests.cases.libs
|
|
*/
|
|
class CakeSessionTest extends CakeTestCase {
|
|
|
|
/**
|
|
* Fixtures used in the SessionTest
|
|
*
|
|
* @var array
|
|
* @access public
|
|
*/
|
|
var $fixtures = array('core.session');
|
|
|
|
/**
|
|
* startCase method
|
|
*
|
|
* @access public
|
|
* @return void
|
|
*/
|
|
function startCase() {
|
|
// Make sure garbage colector will be called
|
|
$this->__gc_divisor = ini_get('session.gc_divisor');
|
|
ini_set('session.gc_divisor', '1');
|
|
}
|
|
|
|
/**
|
|
* endCase method
|
|
*
|
|
* @access public
|
|
* @return void
|
|
*/
|
|
function endCase() {
|
|
// Revert to the default setting
|
|
ini_set('session.gc_divisor', $this->__gc_divisor);
|
|
}
|
|
|
|
/**
|
|
* setUp method
|
|
*
|
|
* @access public
|
|
* @return void
|
|
*/
|
|
function setUp() {
|
|
$this->Session =& new CakeSession();
|
|
$this->Session->start();
|
|
$this->Session->_checkValid();
|
|
}
|
|
|
|
/**
|
|
* tearDown method
|
|
*
|
|
* @access public
|
|
* @return void
|
|
*/
|
|
function tearDown() {
|
|
unset($_SESSION);
|
|
session_destroy();
|
|
}
|
|
|
|
/**
|
|
* testSessionPath
|
|
*
|
|
* @access public
|
|
* @return void
|
|
*/
|
|
function testSessionPath() {
|
|
$Session = new CakeSession('/index.php');
|
|
$this->assertEqual('/', $Session->path);
|
|
|
|
$Session = new CakeSession('/sub_dir/index.php');
|
|
$this->assertEqual('/sub_dir/', $Session->path);
|
|
|
|
$Session = new CakeSession('');
|
|
$this->assertEqual('/', $Session->path, 'Session path is empty, with "" as $base needs to be / %s');
|
|
}
|
|
|
|
/**
|
|
* testCheck method
|
|
*
|
|
* @access public
|
|
* @return void
|
|
*/
|
|
function testCheck() {
|
|
$this->Session->write('SessionTestCase', 'value');
|
|
$this->assertTrue($this->Session->check('SessionTestCase'));
|
|
|
|
$this->assertFalse($this->Session->check('NotExistingSessionTestCase'), false);
|
|
}
|
|
|
|
/**
|
|
* testSimpleRead method
|
|
*
|
|
* @access public
|
|
* @return void
|
|
*/
|
|
function testSimpleRead() {
|
|
$this->Session->write('testing', '1,2,3');
|
|
$result = $this->Session->read('testing');
|
|
$this->assertEqual($result, '1,2,3');
|
|
|
|
$this->Session->write('testing', array('1' => 'one', '2' => 'two','3' => 'three'));
|
|
$result = $this->Session->read('testing.1');
|
|
$this->assertEqual($result, 'one');
|
|
|
|
$result = $this->Session->read('testing');
|
|
$this->assertEqual($result, array('1' => 'one', '2' => 'two', '3' => 'three'));
|
|
|
|
$result = $this->Session->read();
|
|
$this->assertTrue(isset($result['testing']));
|
|
$this->assertTrue(isset($result['Config']));
|
|
$this->assertTrue(isset($result['Config']['userAgent']));
|
|
|
|
$this->Session->write('This.is.a.deep.array.my.friend', 'value');
|
|
$result = $this->Session->read('This.is.a.deep.array.my.friend');
|
|
$this->assertEqual('value', $result);
|
|
}
|
|
|
|
/**
|
|
* testId method
|
|
*
|
|
* @access public
|
|
* @return void
|
|
*/
|
|
function testId() {
|
|
$expected = session_id();
|
|
$result = $this->Session->id();
|
|
$this->assertEqual($result, $expected);
|
|
|
|
$this->Session->id('MySessionId');
|
|
$result = $this->Session->id();
|
|
$this->assertEqual($result, 'MySessionId');
|
|
}
|
|
|
|
/**
|
|
* testStarted method
|
|
*
|
|
* @access public
|
|
* @return void
|
|
*/
|
|
function testStarted() {
|
|
$this->assertTrue($this->Session->started());
|
|
|
|
unset($_SESSION);
|
|
$_SESSION = null;
|
|
$this->assertFalse($this->Session->started());
|
|
$this->assertTrue($this->Session->start());
|
|
|
|
$session = new CakeSession(null, false);
|
|
$this->assertTrue($session->started());
|
|
unset($session);
|
|
}
|
|
|
|
/**
|
|
* testError method
|
|
*
|
|
* @access public
|
|
* @return void
|
|
*/
|
|
function testError() {
|
|
$this->Session->read('Does.not.exist');
|
|
$result = $this->Session->error();
|
|
$this->assertEqual($result, "Does.not.exist doesn't exist");
|
|
|
|
$this->Session->delete('Failing.delete');
|
|
$result = $this->Session->error();
|
|
$this->assertEqual($result, "Failing.delete doesn't exist");
|
|
}
|
|
|
|
/**
|
|
* testDel method
|
|
*
|
|
* @access public
|
|
* @return void
|
|
*/
|
|
function testDelete() {
|
|
$this->assertTrue($this->Session->write('Delete.me', 'Clearing out'));
|
|
$this->assertTrue($this->Session->delete('Delete.me'));
|
|
$this->assertFalse($this->Session->check('Delete.me'));
|
|
$this->assertTrue($this->Session->check('Delete'));
|
|
|
|
$this->assertTrue($this->Session->write('Clearing.sale', 'everything must go'));
|
|
$this->assertTrue($this->Session->delete('Clearing'));
|
|
$this->assertFalse($this->Session->check('Clearing.sale'));
|
|
$this->assertFalse($this->Session->check('Clearing'));
|
|
}
|
|
|
|
/**
|
|
* testWatchVar method
|
|
*
|
|
* @access public
|
|
* @return void
|
|
*/
|
|
function testWatchVar() {
|
|
$this->assertFalse($this->Session->watch(null));
|
|
|
|
$this->Session->write('Watching', "I'm watching you");
|
|
$this->Session->watch('Watching');
|
|
$this->expectError('Writing session key {Watching}: "They found us!"');
|
|
$this->Session->write('Watching', 'They found us!');
|
|
|
|
$this->expectError('Deleting session key {Watching}');
|
|
$this->Session->delete('Watching');
|
|
|
|
$this->assertFalse($this->Session->watch('Invalid.key'));
|
|
}
|
|
|
|
/**
|
|
* testIgnore method
|
|
*
|
|
* @access public
|
|
* @return void
|
|
*/
|
|
function testIgnore() {
|
|
$this->Session->write('Watching', "I'm watching you");
|
|
$this->Session->watch('Watching');
|
|
$this->Session->ignore('Watching');
|
|
$this->assertTrue($this->Session->write('Watching', 'They found us!'));
|
|
}
|
|
|
|
/**
|
|
* testDestroy method
|
|
*
|
|
* @access public
|
|
* @return void
|
|
*/
|
|
function testDestroy() {
|
|
$this->Session->write('bulletProof', 'invicible');
|
|
$id = $this->Session->id();
|
|
$this->Session->destroy();
|
|
$this->assertFalse($this->Session->check('bulletProof'));
|
|
$this->assertNotEqual($id, $this->Session->id());
|
|
$this->assertTrue($this->Session->started());
|
|
|
|
$this->Session->cookieLifeTime = 'test';
|
|
$this->Session->destroy();
|
|
$this->assertNotEqual('test', $this->Session->cookieLifeTime);
|
|
}
|
|
|
|
/**
|
|
* testCheckingSavedEmpty method
|
|
*
|
|
* @access public
|
|
* @return void
|
|
*/
|
|
function testCheckingSavedEmpty() {
|
|
$this->assertTrue($this->Session->write('SessionTestCase', 0));
|
|
$this->assertTrue($this->Session->check('SessionTestCase'));
|
|
|
|
$this->assertTrue($this->Session->write('SessionTestCase', '0'));
|
|
$this->assertTrue($this->Session->check('SessionTestCase'));
|
|
|
|
$this->assertTrue($this->Session->write('SessionTestCase', false));
|
|
$this->assertTrue($this->Session->check('SessionTestCase'));
|
|
|
|
$this->assertTrue($this->Session->write('SessionTestCase', null));
|
|
$this->assertFalse($this->Session->check('SessionTestCase'));
|
|
}
|
|
|
|
/**
|
|
* testCheckKeyWithSpaces method
|
|
*
|
|
* @access public
|
|
* @return void
|
|
*/
|
|
function testCheckKeyWithSpaces() {
|
|
$this->assertTrue($this->Session->write('Session Test', "test"));
|
|
$this->assertEqual($this->Session->check('Session Test'), 'test');
|
|
$this->Session->delete('Session Test');
|
|
|
|
$this->assertTrue($this->Session->write('Session Test.Test Case', "test"));
|
|
$this->assertTrue($this->Session->check('Session Test.Test Case'));
|
|
}
|
|
|
|
/**
|
|
* test key exploitation
|
|
*
|
|
* @return void
|
|
*/
|
|
function testKeyExploit() {
|
|
$key = "a'] = 1; phpinfo(); \$_SESSION['a";
|
|
$result = $this->Session->write($key, 'haxored');
|
|
$this->assertTrue($result);
|
|
|
|
$result = $this->Session->read($key);
|
|
$this->assertEqual($result, 'haxored');
|
|
}
|
|
|
|
/**
|
|
* testReadingSavedEmpty method
|
|
*
|
|
* @access public
|
|
* @return void
|
|
*/
|
|
function testReadingSavedEmpty() {
|
|
$this->Session->write('SessionTestCase', 0);
|
|
$this->assertEqual($this->Session->read('SessionTestCase'), 0);
|
|
|
|
$this->Session->write('SessionTestCase', '0');
|
|
$this->assertEqual($this->Session->read('SessionTestCase'), '0');
|
|
$this->assertFalse($this->Session->read('SessionTestCase') === 0);
|
|
|
|
$this->Session->write('SessionTestCase', false);
|
|
$this->assertFalse($this->Session->read('SessionTestCase'));
|
|
|
|
$this->Session->write('SessionTestCase', null);
|
|
$this->assertEqual($this->Session->read('SessionTestCase'), null);
|
|
}
|
|
|
|
/**
|
|
* testCheckUserAgentFalse method
|
|
*
|
|
* @access public
|
|
* @return void
|
|
*/
|
|
function testCheckUserAgentFalse() {
|
|
Configure::write('Session.checkAgent', false);
|
|
$this->Session->_userAgent = md5('http://randomdomainname.com' . Configure::read('Security.salt'));
|
|
$this->assertTrue($this->Session->valid());
|
|
}
|
|
|
|
/**
|
|
* testCheckUserAgentTrue method
|
|
*
|
|
* @access public
|
|
* @return void
|
|
*/
|
|
function testCheckUserAgentTrue() {
|
|
Configure::write('Session.checkAgent', true);
|
|
$this->Session->_userAgent = md5('http://randomdomainname.com' . Configure::read('Security.salt'));
|
|
$this->assertFalse($this->Session->valid());
|
|
}
|
|
|
|
/**
|
|
* testReadAndWriteWithDatabaseStorage method
|
|
*
|
|
* @access public
|
|
* @return void
|
|
*/
|
|
function testReadAndWriteWithCakeStorage() {
|
|
unset($_SESSION);
|
|
session_destroy();
|
|
ini_set('session.save_handler', 'files');
|
|
Configure::write('Session.save', 'cake');
|
|
$this->setUp();
|
|
|
|
$this->Session->write('SessionTestCase', 0);
|
|
$this->assertEqual($this->Session->read('SessionTestCase'), 0);
|
|
|
|
$this->Session->write('SessionTestCase', '0');
|
|
$this->assertEqual($this->Session->read('SessionTestCase'), '0');
|
|
$this->assertFalse($this->Session->read('SessionTestCase') === 0);
|
|
|
|
$this->Session->write('SessionTestCase', false);
|
|
$this->assertFalse($this->Session->read('SessionTestCase'));
|
|
|
|
$this->Session->write('SessionTestCase', null);
|
|
$this->assertEqual($this->Session->read('SessionTestCase'), null);
|
|
|
|
$this->Session->write('SessionTestCase', 'This is a Test');
|
|
$this->assertEqual($this->Session->read('SessionTestCase'), 'This is a Test');
|
|
|
|
$this->Session->write('SessionTestCase', 'This is a Test');
|
|
$this->Session->write('SessionTestCase', 'This was updated');
|
|
$this->assertEqual($this->Session->read('SessionTestCase'), 'This was updated');
|
|
|
|
$this->Session->destroy();
|
|
$this->assertFalse($this->Session->read('SessionTestCase'));
|
|
}
|
|
|
|
/**
|
|
* testReadAndWriteWithDatabaseStorage method
|
|
*
|
|
* @access public
|
|
* @return void
|
|
*/
|
|
function testReadAndWriteWithCacheStorage() {
|
|
unset($_SESSION);
|
|
session_destroy();
|
|
ini_set('session.save_handler', 'files');
|
|
Configure::write('Session.save', 'cache');
|
|
$this->setUp();
|
|
|
|
$this->Session->write('SessionTestCase', 0);
|
|
$this->assertEqual($this->Session->read('SessionTestCase'), 0);
|
|
|
|
$this->Session->write('SessionTestCase', '0');
|
|
$this->assertEqual($this->Session->read('SessionTestCase'), '0');
|
|
$this->assertFalse($this->Session->read('SessionTestCase') === 0);
|
|
|
|
$this->Session->write('SessionTestCase', false);
|
|
$this->assertFalse($this->Session->read('SessionTestCase'));
|
|
|
|
$this->Session->write('SessionTestCase', null);
|
|
$this->assertEqual($this->Session->read('SessionTestCase'), null);
|
|
|
|
$this->Session->write('SessionTestCase', 'This is a Test');
|
|
$this->assertEqual($this->Session->read('SessionTestCase'), 'This is a Test');
|
|
|
|
$this->Session->write('SessionTestCase', 'This is a Test');
|
|
$this->Session->write('SessionTestCase', 'This was updated');
|
|
$this->assertEqual($this->Session->read('SessionTestCase'), 'This was updated');
|
|
|
|
$this->Session->destroy();
|
|
$this->assertFalse($this->Session->read('SessionTestCase'));
|
|
}
|
|
|
|
/**
|
|
* testReadAndWriteWithDatabaseStorage method
|
|
*
|
|
* @access public
|
|
* @return void
|
|
*/
|
|
function testReadAndWriteWithDatabaseStorage() {
|
|
unset($_SESSION);
|
|
session_destroy();
|
|
Configure::write('Session.table', 'sessions');
|
|
Configure::write('Session.model', 'Session');
|
|
Configure::write('Session.database', 'test_suite');
|
|
Configure::write('Session.save', 'database');
|
|
$this->setUp();
|
|
|
|
$this->Session->write('SessionTestCase', 0);
|
|
$this->assertEqual($this->Session->read('SessionTestCase'), 0);
|
|
|
|
$this->Session->write('SessionTestCase', '0');
|
|
$this->assertEqual($this->Session->read('SessionTestCase'), '0');
|
|
$this->assertFalse($this->Session->read('SessionTestCase') === 0);
|
|
|
|
$this->Session->write('SessionTestCase', false);
|
|
$this->assertFalse($this->Session->read('SessionTestCase'));
|
|
|
|
$this->Session->write('SessionTestCase', null);
|
|
$this->assertEqual($this->Session->read('SessionTestCase'), null);
|
|
|
|
$this->Session->write('SessionTestCase', 'This is a Test');
|
|
$this->assertEqual($this->Session->read('SessionTestCase'), 'This is a Test');
|
|
|
|
$this->Session->write('SessionTestCase', 'Some additional data');
|
|
$this->assertEqual($this->Session->read('SessionTestCase'), 'Some additional data');
|
|
|
|
$this->Session->destroy();
|
|
$this->assertFalse($this->Session->read('SessionTestCase'));
|
|
session_write_close();
|
|
|
|
unset($_SESSION);
|
|
ini_set('session.save_handler', 'files');
|
|
Configure::write('Session.save', 'php');
|
|
$this->setUp();
|
|
}
|
|
|
|
}
|