Mercurial > hg > Members > shoshi > webvirt
diff cake/tests/cases/libs/cake_session.test.php @ 0:261e66bd5a0c
hg init
author | Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp> |
---|---|
date | Sun, 24 Jul 2011 21:08:31 +0900 |
parents | |
children |
line wrap: on
line diff
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/cake/tests/cases/libs/cake_session.test.php Sun Jul 24 21:08:31 2011 +0900 @@ -0,0 +1,508 @@ +<?php +/** + * SessionTest file + * + * PHP versions 4 and 5 + * + * CakePHP(tm) Tests <http://book.cakephp.org/view/1196/Testing> + * Copyright 2005-2010, Cake Software Foundation, Inc. (http://cakefoundation.org) + * + * Licensed under The Open Group Test Suite License + * Redistributions of files must retain the above copyright notice. + * + * @copyright Copyright 2005-2010, Cake Software Foundation, Inc. (http://cakefoundation.org) + * @link http://book.cakephp.org/view/1196/Testing CakePHP(tm) Tests + * @package cake + * @subpackage cake.tests.cases.libs + * @since CakePHP(tm) v 1.2.0.4206 + * @license http://www.opensource.org/licenses/opengroup.php The Open Group Test Suite License + */ +if (!class_exists('CakeSession')) { + App::import('Core', 'CakeSession'); +} + +/** + * CakeSessionTest class + * + * @package cake + * @subpackage cake.tests.cases.libs + */ +class CakeSessionTest extends CakeTestCase { + +/** + * Fixtures used in the SessionTest + * + * @var array + * @access public + */ + var $fixtures = array('core.session'); + +/** + * startCase method + * + * @access public + * @return void + */ + function startCase() { + // Make sure garbage colector will be called + $this->__gc_divisor = ini_get('session.gc_divisor'); + ini_set('session.gc_divisor', '1'); + } + +/** + * endCase method + * + * @access public + * @return void + */ + function endCase() { + // Revert to the default setting + ini_set('session.gc_divisor', $this->__gc_divisor); + } + +/** + * setUp method + * + * @access public + * @return void + */ + function setUp() { + $this->Session =& new CakeSession(); + $this->Session->start(); + $this->Session->_checkValid(); + } + +/** + * tearDown method + * + * @access public + * @return void + */ + function tearDown() { + unset($_SESSION); + session_destroy(); + } + +/** + * testSessionPath + * + * @access public + * @return void + */ + function testSessionPath() { + $Session = new CakeSession('/index.php'); + $this->assertEqual('/', $Session->path); + + $Session = new CakeSession('/sub_dir/index.php'); + $this->assertEqual('/sub_dir/', $Session->path); + + $Session = new CakeSession(''); + $this->assertEqual('/', $Session->path, 'Session path is empty, with "" as $base needs to be / %s'); + } + +/** + * testCheck method + * + * @access public + * @return void + */ + function testCheck() { + $this->Session->write('SessionTestCase', 'value'); + $this->assertTrue($this->Session->check('SessionTestCase')); + + $this->assertFalse($this->Session->check('NotExistingSessionTestCase'), false); + } + +/** + * testSimpleRead method + * + * @access public + * @return void + */ + function testSimpleRead() { + $this->Session->write('testing', '1,2,3'); + $result = $this->Session->read('testing'); + $this->assertEqual($result, '1,2,3'); + + $this->Session->write('testing', array('1' => 'one', '2' => 'two','3' => 'three')); + $result = $this->Session->read('testing.1'); + $this->assertEqual($result, 'one'); + + $result = $this->Session->read('testing'); + $this->assertEqual($result, array('1' => 'one', '2' => 'two', '3' => 'three')); + + $result = $this->Session->read(); + $this->assertTrue(isset($result['testing'])); + $this->assertTrue(isset($result['Config'])); + $this->assertTrue(isset($result['Config']['userAgent'])); + + $this->Session->write('This.is.a.deep.array.my.friend', 'value'); + $result = $this->Session->read('This.is.a.deep.array.my.friend'); + $this->assertEqual('value', $result); + } + +/** + * testId method + * + * @access public + * @return void + */ + function testId() { + $expected = session_id(); + $result = $this->Session->id(); + $this->assertEqual($result, $expected); + + $this->Session->id('MySessionId'); + $result = $this->Session->id(); + $this->assertEqual($result, 'MySessionId'); + } + +/** + * testStarted method + * + * @access public + * @return void + */ + function testStarted() { + $this->assertTrue($this->Session->started()); + + unset($_SESSION); + $_SESSION = null; + $this->assertFalse($this->Session->started()); + $this->assertTrue($this->Session->start()); + + $session = new CakeSession(null, false); + $this->assertTrue($session->started()); + unset($session); + } + +/** + * testError method + * + * @access public + * @return void + */ + function testError() { + $this->Session->read('Does.not.exist'); + $result = $this->Session->error(); + $this->assertEqual($result, "Does.not.exist doesn't exist"); + + $this->Session->delete('Failing.delete'); + $result = $this->Session->error(); + $this->assertEqual($result, "Failing.delete doesn't exist"); + } + +/** + * testDel method + * + * @access public + * @return void + */ + function testDelete() { + $this->assertTrue($this->Session->write('Delete.me', 'Clearing out')); + $this->assertTrue($this->Session->delete('Delete.me')); + $this->assertFalse($this->Session->check('Delete.me')); + $this->assertTrue($this->Session->check('Delete')); + + $this->assertTrue($this->Session->write('Clearing.sale', 'everything must go')); + $this->assertTrue($this->Session->delete('Clearing')); + $this->assertFalse($this->Session->check('Clearing.sale')); + $this->assertFalse($this->Session->check('Clearing')); + } + +/** + * testWatchVar method + * + * @access public + * @return void + */ + function testWatchVar() { + $this->assertFalse($this->Session->watch(null)); + + $this->Session->write('Watching', "I'm watching you"); + $this->Session->watch('Watching'); + $this->expectError('Writing session key {Watching}: "They found us!"'); + $this->Session->write('Watching', 'They found us!'); + + $this->expectError('Deleting session key {Watching}'); + $this->Session->delete('Watching'); + + $this->assertFalse($this->Session->watch('Invalid.key')); + } + +/** + * testIgnore method + * + * @access public + * @return void + */ + function testIgnore() { + $this->Session->write('Watching', "I'm watching you"); + $this->Session->watch('Watching'); + $this->Session->ignore('Watching'); + $this->assertTrue($this->Session->write('Watching', 'They found us!')); + } + +/** + * testDestroy method + * + * @access public + * @return void + */ + function testDestroy() { + $this->Session->write('bulletProof', 'invicible'); + $id = $this->Session->id(); + $this->Session->destroy(); + $this->assertFalse($this->Session->check('bulletProof')); + $this->assertNotEqual($id, $this->Session->id()); + $this->assertTrue($this->Session->started()); + + $this->Session->cookieLifeTime = 'test'; + $this->Session->destroy(); + $this->assertNotEqual('test', $this->Session->cookieLifeTime); + } + +/** + * testCheckingSavedEmpty method + * + * @access public + * @return void + */ + function testCheckingSavedEmpty() { + $this->assertTrue($this->Session->write('SessionTestCase', 0)); + $this->assertTrue($this->Session->check('SessionTestCase')); + + $this->assertTrue($this->Session->write('SessionTestCase', '0')); + $this->assertTrue($this->Session->check('SessionTestCase')); + + $this->assertTrue($this->Session->write('SessionTestCase', false)); + $this->assertTrue($this->Session->check('SessionTestCase')); + + $this->assertTrue($this->Session->write('SessionTestCase', null)); + $this->assertFalse($this->Session->check('SessionTestCase')); + } + +/** + * testCheckKeyWithSpaces method + * + * @access public + * @return void + */ + function testCheckKeyWithSpaces() { + $this->assertTrue($this->Session->write('Session Test', "test")); + $this->assertEqual($this->Session->check('Session Test'), 'test'); + $this->Session->delete('Session Test'); + + $this->assertTrue($this->Session->write('Session Test.Test Case', "test")); + $this->assertTrue($this->Session->check('Session Test.Test Case')); + } + +/** + * test key exploitation + * + * @return void + */ + function testKeyExploit() { + $key = "a'] = 1; phpinfo(); \$_SESSION['a"; + $result = $this->Session->write($key, 'haxored'); + $this->assertTrue($result); + + $result = $this->Session->read($key); + $this->assertEqual($result, 'haxored'); + } + +/** + * testReadingSavedEmpty method + * + * @access public + * @return void + */ + function testReadingSavedEmpty() { + $this->Session->write('SessionTestCase', 0); + $this->assertEqual($this->Session->read('SessionTestCase'), 0); + + $this->Session->write('SessionTestCase', '0'); + $this->assertEqual($this->Session->read('SessionTestCase'), '0'); + $this->assertFalse($this->Session->read('SessionTestCase') === 0); + + $this->Session->write('SessionTestCase', false); + $this->assertFalse($this->Session->read('SessionTestCase')); + + $this->Session->write('SessionTestCase', null); + $this->assertEqual($this->Session->read('SessionTestCase'), null); + } + +/** + * testCheckUserAgentFalse method + * + * @access public + * @return void + */ + function testCheckUserAgentFalse() { + Configure::write('Session.checkAgent', false); + $this->Session->_userAgent = md5('http://randomdomainname.com' . Configure::read('Security.salt')); + $this->assertTrue($this->Session->valid()); + } + +/** + * testCheckUserAgentTrue method + * + * @access public + * @return void + */ + function testCheckUserAgentTrue() { + Configure::write('Session.checkAgent', true); + $this->Session->_userAgent = md5('http://randomdomainname.com' . Configure::read('Security.salt')); + $this->assertFalse($this->Session->valid()); + } + +/** + * testReadAndWriteWithDatabaseStorage method + * + * @access public + * @return void + */ + function testReadAndWriteWithCakeStorage() { + unset($_SESSION); + session_destroy(); + ini_set('session.save_handler', 'files'); + Configure::write('Session.save', 'cake'); + $this->setUp(); + + $this->Session->write('SessionTestCase', 0); + $this->assertEqual($this->Session->read('SessionTestCase'), 0); + + $this->Session->write('SessionTestCase', '0'); + $this->assertEqual($this->Session->read('SessionTestCase'), '0'); + $this->assertFalse($this->Session->read('SessionTestCase') === 0); + + $this->Session->write('SessionTestCase', false); + $this->assertFalse($this->Session->read('SessionTestCase')); + + $this->Session->write('SessionTestCase', null); + $this->assertEqual($this->Session->read('SessionTestCase'), null); + + $this->Session->write('SessionTestCase', 'This is a Test'); + $this->assertEqual($this->Session->read('SessionTestCase'), 'This is a Test'); + + $this->Session->write('SessionTestCase', 'This is a Test'); + $this->Session->write('SessionTestCase', 'This was updated'); + $this->assertEqual($this->Session->read('SessionTestCase'), 'This was updated'); + + $this->Session->destroy(); + $this->assertFalse($this->Session->read('SessionTestCase')); + } + +/** + * testReadAndWriteWithDatabaseStorage method + * + * @access public + * @return void + */ + function testReadAndWriteWithCacheStorage() { + unset($_SESSION); + session_destroy(); + ini_set('session.save_handler', 'files'); + Configure::write('Session.save', 'cache'); + $this->setUp(); + + $this->Session->write('SessionTestCase', 0); + $this->assertEqual($this->Session->read('SessionTestCase'), 0); + + $this->Session->write('SessionTestCase', '0'); + $this->assertEqual($this->Session->read('SessionTestCase'), '0'); + $this->assertFalse($this->Session->read('SessionTestCase') === 0); + + $this->Session->write('SessionTestCase', false); + $this->assertFalse($this->Session->read('SessionTestCase')); + + $this->Session->write('SessionTestCase', null); + $this->assertEqual($this->Session->read('SessionTestCase'), null); + + $this->Session->write('SessionTestCase', 'This is a Test'); + $this->assertEqual($this->Session->read('SessionTestCase'), 'This is a Test'); + + $this->Session->write('SessionTestCase', 'This is a Test'); + $this->Session->write('SessionTestCase', 'This was updated'); + $this->assertEqual($this->Session->read('SessionTestCase'), 'This was updated'); + + $this->Session->destroy(); + $this->assertFalse($this->Session->read('SessionTestCase')); + } + +/** + * testReadAndWriteWithDatabaseStorage method + * + * @access public + * @return void + */ + function testReadAndWriteWithDatabaseStorage() { + unset($_SESSION); + session_destroy(); + Configure::write('Session.table', 'sessions'); + Configure::write('Session.model', 'Session'); + Configure::write('Session.database', 'test_suite'); + Configure::write('Session.save', 'database'); + $this->setUp(); + + $this->Session->write('SessionTestCase', 0); + $this->assertEqual($this->Session->read('SessionTestCase'), 0); + + $this->Session->write('SessionTestCase', '0'); + $this->assertEqual($this->Session->read('SessionTestCase'), '0'); + $this->assertFalse($this->Session->read('SessionTestCase') === 0); + + $this->Session->write('SessionTestCase', false); + $this->assertFalse($this->Session->read('SessionTestCase')); + + $this->Session->write('SessionTestCase', null); + $this->assertEqual($this->Session->read('SessionTestCase'), null); + + $this->Session->write('SessionTestCase', 'This is a Test'); + $this->assertEqual($this->Session->read('SessionTestCase'), 'This is a Test'); + + $this->Session->write('SessionTestCase', 'Some additional data'); + $this->assertEqual($this->Session->read('SessionTestCase'), 'Some additional data'); + + $this->Session->destroy(); + $this->assertFalse($this->Session->read('SessionTestCase')); + session_write_close(); + + unset($_SESSION); + ini_set('session.save_handler', 'files'); + Configure::write('Session.save', 'php'); + $this->setUp(); + } + +/** + * testReadAndWriteWithDatabaseStorage method + * + * @access public + * @return void + */ + function testDatabaseStorageEmptySessionId() { + unset($_SESSION); + session_destroy(); + Configure::write('Session.table', 'sessions'); + Configure::write('Session.model', 'Session'); + Configure::write('Session.database', 'test_suite'); + Configure::write('Session.save', 'database'); + $this->setUp(); + $id = $this->Session->id(); + + $this->Session->id = ''; + session_id(''); + + $this->Session->write('SessionTestCase', 'This is a Test'); + $this->assertEqual($this->Session->read('SessionTestCase'), 'This is a Test'); + + session_write_close(); + + unset($_SESSION); + ini_set('session.save_handler', 'files'); + Configure::write('Session.save', 'php'); + session_id($id); + $this->setUp(); + } + +}