minor improvements

linna · Mar 2, 2023 · 1ec2035 · 1ec2035
1 parent 82c12ec
commit 1ec2035
Show file tree

Hide file tree

Showing 8 changed files with 106 additions and 6 deletions.
diff --git a/.gitignore b/.gitignore
@@ -1,7 +1,7 @@
 composer.phar
 composer.lock
 clover.xml
-infection-log.txt
+infection-log.*
 .phpdoc/cache/
 .phpunit.cache/
 vendor/

diff --git a/infection.json b/infection.json
@@ -6,7 +6,8 @@
     },
     "timeout": 15,
     "logs": {
-        "text": "infection-log.txt"
+        "text": "infection-log.txt",
+        "html": "infection-log.html"
     },
     "phpUnit": {
         "customPath": "vendor/bin/phpunit"

diff --git a/src/Linna/Authentication/Authentication.php b/src/Linna/Authentication/Authentication.php
@@ -156,8 +156,16 @@ private function refresh(): bool
         //take time
         $time = \time();
 
+        //get login time and expiration
+        $loginTime = $this->session->get('loginTime');
+        $expire =  $this->session->get('expire');
+
+        if (!(\is_int($expire) && \is_int($loginTime))) {
+            return false;
+        }
+
         //check if login expired
-        if (((int) $this->session->get('loginTime') + (int) $this->session->get('expire')) < $time) {
+        if (($loginTime + $expire) < $time) {
             return false;
         }
 

diff --git a/src/Linna/Authentication/PasswordGenerator.php b/src/Linna/Authentication/PasswordGenerator.php
@@ -141,7 +141,7 @@ public function getFromTopology(string $topology): string
     }
 
     /**
-     * Get random char between.
+     * Get a random char from a string.
      *
      * @param string $interval The string where extract a random char.
      *

diff --git a/src/Linna/DataMapper/MapperInterface.php b/src/Linna/DataMapper/MapperInterface.php
@@ -27,6 +27,8 @@ interface MapperInterface
      * @param int|string $objectId The id or the uuid of the object which will be searched.
      *
      * @return DomainObjectInterface The domain object if exists, the null domain object otherwise.
+     *
+     * @todo Add null to the types of the parameter and return NullDomainObject if $objectId is null.
      */
     public function fetchById(int|string $objectId): DomainObjectInterface;
 }
diff --git a/tests/Linna/Authentication/AuthenticationTest.php b/tests/Linna/Authentication/AuthenticationTest.php
@@ -88,6 +88,56 @@ public function testLogin(): void
         self::$session->destroy();
     }
 
+    public static function tamperingProvider()
+    {
+        return [
+            [0],
+            [1],
+            [2]
+        ];
+    }
+
+    /**
+     * Test login.
+     *
+     * @dataProvider tamperingProvider
+     *
+     * @runInSeparateProcess
+     *
+     * @return void
+     */
+    public function testLoginTampering(int $case): void
+    {
+        self::$session->start();
+
+        //$sessionId = self::$session->getSessionId();
+
+        //attemp first login
+        $this->assertTrue(self::$authentication->login('root', 'password', 'root', self::$password->hash('password'), 1));
+        $this->assertTrue(self::$session->login['login']);
+
+        //attemp check if logged
+        $this->assertTrue(self::$authentication->isLogged());
+
+        //simulate tampering
+        if ($case === 0) {
+            self::$session->loginTime = "foo";
+            self::$session->expire = "foo";
+        } elseif ($case === 1) {
+            self::$session->loginTime = "foo";
+        } elseif ($case === 2) {
+            self::$session->expire = "foo";
+        } else {
+            //simulate expired login
+            self::$session->loginTime = \time() - 3600;
+        }
+
+        //attemp check if logged
+        $this->assertTrue((new Authentication(self::$session, self::$password))->isNotLogged());
+
+        self::$session->destroy();
+    }
+
     /**
      * Test login data.
      *

diff --git a/tests/Linna/Authentication/PasswordGeneratorTest.php b/tests/Linna/Authentication/PasswordGeneratorTest.php
@@ -14,6 +14,7 @@
 
 use InvalidArgumentException;
 use PHPUnit\Framework\TestCase;
+use ReflectionObject;
 
 /**
  * Password Generator Test.
@@ -70,8 +71,14 @@ public static function stringLengthProvider(): array
     public function testGetFromRandom(int $strLen): void
     {
         $password = self::$passwordGenerator->getFromRandom($strLen);
+        $topology = self::$passwordGenerator->getTopology($password);
+
+        $array = \str_split($topology);
+        $unique = \array_unique($array);
+        \sort($unique);
 
         $this->assertEquals($strLen, \strlen($password));
+        $this->assertSame(['d', 'l', 's', 'u'], $unique);
     }
 
     /**
@@ -191,7 +198,7 @@ public static function topologyProvider(): array
      */
     public function testGetFromTopology(string $topology): void
     {
-        $password = self::$passwordGenerator->getFromTopology($topology);
+        $password = self::$passwordGenerator->getFromTopology(\strtoupper($topology));
         $this->assertEquals($topology, self::$passwordGenerator->getTopology($password));
     }
 
@@ -229,4 +236,34 @@ public function testGetFromTopologyException(string $topology): void
 
         self::$passwordGenerator->getFromTopology($topology);
     }
+
+    /**
+     * Test private method getRandomChar.
+     */
+    public function testInternalGetRandomChar()
+    {
+        //password generator instance
+        $object = new PasswordGenerator();
+        //reflection for the object
+        $reflector = new ReflectionObject($object);
+        //get private method
+        $method = $reflector->getMethod('getRandomChar');
+        //change visibility
+        $method->setAccessible(true);
+
+        $this->assertSame('a', $method->invoke($object, 'a'));
+
+        $string = 'abcdefghijklmnopqrstuvwxyz';
+        $expected = \str_split($string);
+
+        //burn cpu using infection
+        while (\count($expected) > 0) {
+            $char = $method->invoke($object, $string);
+            if (($key = \array_search($char, $expected)) !== false) {
+                unset($expected[$key]);
+            }
+        }
+
+        $this->assertCount(0, $expected);
+    }
 }
diff --git a/tests/Linna/Authentication/ProtectedControllerTraitTest.php b/tests/Linna/Authentication/ProtectedControllerTraitTest.php
@@ -166,7 +166,9 @@ public function testAccessProtectedMethodWithRedirectWithoutLogin(): void
             $headers = \xdebug_get_headers();
 
             foreach ($headers as $value) {
-                if (\strstr($value, 'Location:') !== false) {
+                if (\strpos($value, 'Location:') === 0) {
+                    $this->assertSame('Location: http://localhost', $value);
+
                     $location = \str_replace('Location: ', '', $value);
                 }
             }
-Original file line number
+Diff line change
@@ Expand Up / @@ -141,7 +141,7 @@ public function getFromTopology(string $topology): string @@
         }
         /**
-         * Get random char between.
+         * Get a random char from a string.
          *
          * @param string $interval The string where extract a random char.
          *
@@ Expand Down @@