Skip to content

Commit c9d996c

Browse files
slischkaslischka
committed
Added voucher security check
1 parent 5346d77 commit c9d996c

File tree

8 files changed

+102
-18
lines changed

8 files changed

+102
-18
lines changed

.circleci/config.yml

+1-1
Original file line numberDiff line numberDiff line change
@@ -22,7 +22,7 @@ jobs:
2222

2323
- run: bin/cs
2424
- run: bin/stan
25-
- run: vendor/bin/tester tests -c tests/php-ci.ini --coverage coverage.xml --coverage-src src
25+
- run: vendor/bin/tester tests -C --coverage coverage.xml --coverage-src src
2626
- run: bash <(curl -s https://codecov.io/bash) -t df85f2a9-bd16-49f2-bfb3-64f092dcca7a
2727

2828
- store_artifacts:

.gitignore

-1
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,5 @@
11
/composer.lock
22
/tests/locks/*
3-
/tests/php.ini
43
/vendor/*
54
.idea
65
/tests/**/output/*

bin/tests

+1-3
Original file line numberDiff line numberDiff line change
@@ -6,9 +6,7 @@ declare(strict_types = 1);
66
\escapeshellarg(
77
__DIR__ . '/../vendor/bin/tester'
88
)
9-
. ' -c ' . \escapeshellarg(
10-
'../tests/php.ini'
11-
)
9+
. ' -C '
1210
. ' '
1311
. '../tests',
1412
$return

src/Fapi/FapiClient/Tools/SecurityChecker.php

+22-1
Original file line numberDiff line numberDiff line change
@@ -8,9 +8,17 @@ final class SecurityChecker
88

99
/**
1010
* @param mixed[] $invoice
11-
* @return bool
11+
* @deprecated use isInvoiceSecurityValid instead
1212
*/
1313
public static function isValid(array $invoice, int $time, string $expectedSecurity): bool
14+
{
15+
return self::isInvoiceSecurityValid($invoice, $time, $expectedSecurity);
16+
}
17+
18+
/**
19+
* @param mixed[] $invoice
20+
*/
21+
public static function isInvoiceSecurityValid(array $invoice, int $time, string $expectedSecurity): bool
1422
{
1523
$id = $invoice['id'] ?? null;
1624
$number = $invoice['number'] ?? null;
@@ -29,4 +37,17 @@ public static function isValid(array $invoice, int $time, string $expectedSecuri
2937
return $expectedSecurity === \sha1($time . $id . $number . $itemsSecurityHash);
3038
}
3139

40+
/**
41+
* @param mixed[] $voucher
42+
* @param mixed[] $itemTemplate
43+
*/
44+
public static function isVoucherSecurityValid(array $voucher, array $itemTemplate, int $time, string $expectedSecurity): bool
45+
{
46+
$voucherId = $voucher['id'] ?? '';
47+
$voucherCode = $voucher['code'] ?? '';
48+
$itemSecurityHash = \md5(($itemTemplate['id'] ?? '') . ($itemTemplate['code'] ?? ''));
49+
50+
return $expectedSecurity === \sha1($time . $voucherId . $voucherCode . $itemSecurityHash);
51+
}
52+
3253
}

tests/Fapi/ToolsTest/SecurityCheckerTest.phpt

+78-6
Original file line numberDiff line numberDiff line change
@@ -13,27 +13,51 @@ final class SecurityCheckerTest extends TestCase
1313
{
1414

1515
/**
16-
* @dataProvider getIsValidData
16+
* @dataProvider getIsInvoiceSecurityValid
1717
* @param mixed[] $invoice
1818
*/
19-
public function testIsValid(array $invoice, int $time, string $expectedSecurity)
19+
public function testIsInvoiceSecurityValid(array $invoice, int $time, string $expectedSecurity)
2020
{
2121
Assert::true(SecurityChecker::isValid($invoice, $time, $expectedSecurity));
2222
}
2323

2424
/**
25-
* @dataProvider getInvalidData
25+
* @dataProvider getIsInvoiceSecurityInvalid
2626
* @param mixed[] $invoice
2727
*/
28-
public function testInvalid(array $invoice, int $time, string $expectedSecurity)
28+
public function testIsInvoiceSecurityInvalid(array $invoice, int $time, string $expectedSecurity)
2929
{
3030
Assert::false(SecurityChecker::isValid($invoice, $time, $expectedSecurity));
3131
}
3232

33+
/**
34+
* @dataProvider getIsVoucherSecurityValid
35+
* @param mixed[] $voucher
36+
* @param mixed[] $itemTemplate
37+
*/
38+
public function testIsVoucherSecurityValid(array $voucher, array $itemTemplate, int $time, string $expectedSecurity)
39+
{
40+
Assert::true(SecurityChecker::isVoucherSecurityValid($voucher, $itemTemplate, $time, $expectedSecurity));
41+
}
42+
43+
/**
44+
* @dataProvider getIsVoucherSecurityInvalid
45+
* @param mixed[] $voucher
46+
* @param mixed[] $itemTemplate
47+
*/
48+
public function testIsVoucherSecurityInvalid(
49+
array $voucher,
50+
array $itemTemplate,
51+
int $time,
52+
string $expectedSecurity
53+
) {
54+
Assert::false(SecurityChecker::isVoucherSecurityValid($voucher, $itemTemplate, $time, $expectedSecurity));
55+
}
56+
3357
/**
3458
* @return mixed[]
3559
*/
36-
public function getIsValidData(): array
60+
public function getIsInvoiceSecurityValid(): array
3761
{
3862
return [
3963
[
@@ -60,7 +84,7 @@ final class SecurityCheckerTest extends TestCase
6084
/**
6185
* @return mixed[]
6286
*/
63-
public function getInvalidData(): array
87+
public function getIsInvoiceSecurityInvalid(): array
6488
{
6589
return [
6690
[
@@ -85,6 +109,54 @@ final class SecurityCheckerTest extends TestCase
85109
];
86110
}
87111

112+
/**
113+
* @return mixed[]
114+
*/
115+
public function getIsVoucherSecurityValid(): array
116+
{
117+
return [
118+
[
119+
'voucher' => [
120+
'id' => 102,
121+
'code' => 'ZQSDP3',
122+
],
123+
'itemTemplate' => [
124+
'id' => 1,
125+
'code' => 'STARTY',
126+
],
127+
'time' => 1617179013,
128+
'expectedSecurity' => 'cf7550d28d2015944992225ae3a42752608060b7',
129+
],
130+
];
131+
}
132+
133+
/**
134+
* @return mixed[]
135+
*/
136+
public function getIsVoucherSecurityInvalid(): array
137+
{
138+
return [
139+
[
140+
'voucher' => [
141+
'id' => 1,
142+
'code' => "ABCD",
143+
],
144+
'itemTemplate' => [
145+
'id' => 1,
146+
'code' => 'test',
147+
],
148+
'time' => 1542298656,
149+
'expectedSecurity' => '35221e0d0168d282edc3768ed4b4e878dec3c921',
150+
],
151+
[
152+
'voucher' => [],
153+
'itemTemplate' => [],
154+
'time' => 1542298656,
155+
'expectedSecurity' => '35221e0d0168d282edc3768ed4b4e878dec3c921',
156+
],
157+
];
158+
}
159+
88160
}
89161

90162
(new SecurityCheckerTest())->run();

tests/php-ci.ini

-2
This file was deleted.

tests/php-unix.ini

-2
This file was deleted.

tests/php-win.ini

-2
This file was deleted.

0 commit comments

Comments
 (0)