From c43f102aeef6faa5599832fba8f7a077b0b7eb7c Mon Sep 17 00:00:00 2001
From: Kijin Sung <kijin@kijinsung.com>
Date: Fri, 19 Aug 2016 23:07:26 +0900
Subject: [PATCH] Add unit tests for Session class

---
 tests/unit/framework/SessionTest.php | 291 +++++++++++++++++++++++++++
 1 file changed, 291 insertions(+)
 create mode 100644 tests/unit/framework/SessionTest.php

diff --git a/tests/unit/framework/SessionTest.php b/tests/unit/framework/SessionTest.php
new file mode 100644
index 000000000..35d550d65
--- /dev/null
+++ b/tests/unit/framework/SessionTest.php
@@ -0,0 +1,291 @@
+<?php
+
+class SessionTest extends \Codeception\TestCase\Test
+{
+	public function _before()
+	{
+		Rhymix\Framework\Session::close();
+		session_id('rhymix_test_session');
+		$_SESSION = array();
+		$_COOKIE = array();
+	}
+	
+	public function _after()
+	{
+		Rhymix\Framework\Session::close();
+		session_id('rhymix_test_session');
+		$_SESSION = array();
+		$_COOKIE = array();
+	}
+	
+	public function _failed()
+	{
+		Rhymix\Framework\Session::close();
+		session_id('rhymix_test_session');
+		$_SESSION = array();
+		$_COOKIE = array();
+	}
+	
+	public function testGetSet()
+	{
+		$this->assertFalse(isset($_SESSION['foo']['bar']));
+		$this->assertNull(Rhymix\Framework\Session::get('foo.bar'));
+		Rhymix\Framework\Session::set('foo.bar', 'bazz');
+		$this->assertTrue(isset($_SESSION['foo']['bar']));
+		$this->assertEquals('bazz', Rhymix\Framework\Session::get('foo.bar'));
+		Rhymix\Framework\Session::set('foo.baz', 'bazzzz');
+		$this->assertEquals(array('bar' => 'bazz', 'baz' => 'bazzzz'), Rhymix\Framework\Session::get('foo'));
+		$this->assertEquals(array('bar' => 'bazz', 'baz' => 'bazzzz'), $_SESSION['foo']);
+	}
+	
+	public function testStart()
+	{
+		// Test normal start.
+		$this->assertTrue(Rhymix\Framework\Session::start());
+		$this->assertTrue(isset($_COOKIE['rx_sesskey1']));
+		$this->assertTrue(isset($_COOKIE['rx_sesskey2']));
+		$this->assertNotEmpty($_SESSION['RHYMIX']['secret']);
+		$this->assertEquals($_SESSION['RHYMIX']['keys']['www.rhymix.org']['key1'], $_COOKIE['rx_sesskey1']);
+		$this->assertEquals($_SESSION['RHYMIX']['keys']['www.rhymix.org']['key2'], $_COOKIE['rx_sesskey2']);
+		$this->assertEquals(0, $_SESSION['RHYMIX']['keys']['www.rhymix.org']['trusted']);
+		$session_secret = $_SESSION['RHYMIX']['secret'];
+		Rhymix\Framework\Session::close();
+		
+		// Test normal restart.
+		$this->assertTrue(Rhymix\Framework\Session::start());
+		$this->assertEquals($session_secret, $_SESSION['RHYMIX']['secret']);
+		$session_secret = $_SESSION['RHYMIX']['secret'];
+		Rhymix\Framework\Session::close();
+		
+		// Test missing HTTP key.
+		unset($_COOKIE['rx_sesskey1']);
+		$this->assertTrue(Rhymix\Framework\Session::start());
+		$this->assertNotEquals($session_secret, $_SESSION['RHYMIX']['secret']);
+		$session_secret = $_SESSION['RHYMIX']['secret'];
+		Rhymix\Framework\Session::close();
+		
+		// Test missing HTTPS key.
+		unset($_COOKIE['rx_sesskey2']);
+		$this->assertTrue(Rhymix\Framework\Session::start());
+		$this->assertNotEquals($session_secret, $_SESSION['RHYMIX']['secret']);
+		$session_secret = $_SESSION['RHYMIX']['secret'];
+		Rhymix\Framework\Session::close();
+		
+		// Test invalid HTTP key.
+		$_COOKIE['rx_sesskey1'] = substr(md5(mt_rand()), 0, 24);
+		$this->assertTrue(Rhymix\Framework\Session::start());
+		$this->assertNotEquals($session_secret, $_SESSION['RHYMIX']['secret']);
+		$session_secret = $_SESSION['RHYMIX']['secret'];
+		Rhymix\Framework\Session::close();
+		
+		// Test invalid HTTPS key.
+		$_COOKIE['rx_sesskey2'] = substr(md5(mt_rand()), 0, 24);
+		$this->assertTrue(Rhymix\Framework\Session::start());
+		$this->assertNotEquals($session_secret, $_SESSION['RHYMIX']['secret']);
+		$session_secret = $_SESSION['RHYMIX']['secret'];
+		Rhymix\Framework\Session::close();
+		
+		// Test initial transition from HTTP to HTTPS.
+		session_start();
+		unset($_SESSION['RHYMIX']['keys']['www.rhymix.org']['key2']);
+		unset($_COOKIE['rx_sesskey2']);
+		session_write_close();
+		$this->assertTrue(Rhymix\Framework\Session::start());
+		$this->assertEquals($session_secret, $_SESSION['RHYMIX']['secret']);
+		$session_secret = $_SESSION['RHYMIX']['secret'];
+		Rhymix\Framework\Session::close();
+	}
+	
+	public function testRefresh()
+	{
+		Rhymix\Framework\Session::start();
+		$session_secret = $_SESSION['RHYMIX']['secret'];
+		$key1 = $_SESSION['RHYMIX']['keys']['www.rhymix.org']['key1'];
+		$key2 = $_SESSION['RHYMIX']['keys']['www.rhymix.org']['key2'];
+		$_SESSION['RHYMIX']['keys']['www.rhymix.org']['key1_time'] = time() - 3600;
+		$_SESSION['RHYMIX']['keys']['www.rhymix.org']['key2_time'] = time() - 3600;
+		Rhymix\Framework\Session::close();
+		
+		Rhymix\Framework\Session::start();
+		$this->assertNotEquals($key1, $_SESSION['RHYMIX']['keys']['www.rhymix.org']['key1']);
+		$this->assertNotEquals($key2, $_SESSION['RHYMIX']['keys']['www.rhymix.org']['key2']);
+		$this->assertEquals($key1, $_SESSION['RHYMIX']['keys']['www.rhymix.org']['key1_prev']);
+		$this->assertEquals($key2, $_SESSION['RHYMIX']['keys']['www.rhymix.org']['key2_prev']);
+		$this->assertEquals($session_secret, $_SESSION['RHYMIX']['secret']);
+		Rhymix\Framework\Session::close();
+	}
+	
+	public function testClose()
+	{
+		Rhymix\Framework\Session::start();
+		$this->assertEquals(\PHP_SESSION_ACTIVE, session_status());
+		Rhymix\Framework\Session::close();
+		$this->assertEquals(\PHP_SESSION_NONE, session_status());
+	}
+	
+	public function testDestroy()
+	{
+		Rhymix\Framework\Session::start();
+		$this->assertTrue(isset($_SESSION['RHYMIX']));
+		Rhymix\Framework\Session::destroy();
+		$this->assertFalse(isset($_SESSION['RHYMIX']));
+	}
+	
+	public function testLoginLogout()
+	{
+		Rhymix\Framework\Session::start();
+		$this->assertFalse($_SESSION['RHYMIX']['login']);
+		$this->assertFalse($_SESSION['member_srl']);
+		$this->assertFalse($_SESSION['is_logged']);
+		
+		Rhymix\Framework\Session::login(42);
+		$this->assertEquals(42, $_SESSION['RHYMIX']['login']);
+		$this->assertEquals(42, $_SESSION['member_srl']);
+		$this->assertTrue($_SESSION['is_logged']);
+		
+		Rhymix\Framework\Session::logout();
+		$this->assertFalse(isset($_SESSION['RHYMIX']['login']));
+		$this->assertFalse($_SESSION['member_srl']);
+		$this->assertFalse($_SESSION['is_logged']);
+		
+		Rhymix\Framework\Session::close();
+	}
+	
+	public function testIsStarted()
+	{
+		$this->assertFalse(Rhymix\Framework\Session::isStarted());
+		Rhymix\Framework\Session::start();
+		$this->assertTrue(Rhymix\Framework\Session::isStarted());
+		Rhymix\Framework\Session::close();
+		$this->assertFalse(Rhymix\Framework\Session::isStarted());
+	}
+	
+	public function testIsMember()
+	{
+		Rhymix\Framework\Session::start();
+		$this->assertFalse(Rhymix\Framework\Session::isMember());
+		
+		Rhymix\Framework\Session::login(42);
+		$this->assertTrue(Rhymix\Framework\Session::isMember());
+		
+		Rhymix\Framework\Session::close();
+	}
+	
+	public function testIsAdmin()
+	{
+		Rhymix\Framework\Session::start();
+		$this->assertFalse(Rhymix\Framework\Session::isAdmin());
+		
+		Rhymix\Framework\Session::login(42);
+		$this->assertFalse(Rhymix\Framework\Session::isAdmin());
+		
+		Rhymix\Framework\Session::setMemberInfo((object)array('member_srl' => 42, 'is_admin' => 'Y'));
+		$this->assertTrue(Rhymix\Framework\Session::isAdmin());
+		
+		Rhymix\Framework\Session::setMemberInfo((object)array('member_srl' => 99, 'is_admin' => 'Y'));
+		$this->assertFalse(Rhymix\Framework\Session::isAdmin());
+		
+		Rhymix\Framework\Session::close();
+	}
+	
+	public function testIsTrusted()
+	{
+		Rhymix\Framework\Session::start();
+		
+		$_SESSION['RHYMIX']['keys']['www.rhymix.org']['trusted'] = 0;
+		$this->assertFalse(Rhymix\Framework\Session::isTrusted());
+		$_SESSION['RHYMIX']['keys']['www.rhymix.org']['trusted'] = time() + 300;
+		$this->assertTrue(Rhymix\Framework\Session::isTrusted());
+		
+		Rhymix\Framework\Session::close();
+	}
+	
+	public function testGetMemberSrl()
+	{
+		Rhymix\Framework\Session::start();
+		$this->assertEquals(false, Rhymix\Framework\Session::getMemberSrl());
+		
+		Rhymix\Framework\Session::login(42);
+		$this->assertEquals(42, Rhymix\Framework\Session::getMemberSrl());
+		
+		Rhymix\Framework\Session::close();
+	}
+	
+	public function testGetMemberInfo()
+	{
+		Rhymix\Framework\Session::start();
+		$this->assertEquals(false, Rhymix\Framework\Session::getMemberInfo());
+		
+		Rhymix\Framework\Session::login(42);
+		$this->assertEquals(false, Rhymix\Framework\Session::getMemberInfo());
+		
+		Rhymix\Framework\Session::setMemberInfo((object)array('member_srl' => 42));
+		$this->assertEquals((object)array('member_srl' => 42), Rhymix\Framework\Session::getMemberInfo());
+		
+		Rhymix\Framework\Session::setMemberInfo((object)array('member_srl' => 99, 'is_admin' => 'Y'));
+		$this->assertEquals(false, Rhymix\Framework\Session::getMemberInfo());
+		
+		Rhymix\Framework\Session::close();
+	}
+	
+	public function testGetSetLanguage()
+	{
+		Rhymix\Framework\Session::start();
+		$this->assertEquals(config('locale.default_language'), Rhymix\Framework\Session::getLanguage());
+		
+		Rhymix\Framework\Session::setLanguage('ja');
+		$this->assertEquals('ja', Rhymix\Framework\Session::getLanguage());
+		
+		Rhymix\Framework\Session::close();
+	}
+	
+	public function testGetSetTimezone()
+	{
+		Rhymix\Framework\Session::start();
+		$this->assertEquals(config('locale.default_timezone'), Rhymix\Framework\Session::getTimezone());
+		
+		Rhymix\Framework\Session::setTimezone('Asia/Beijing');
+		$this->assertEquals('Asia/Beijing', Rhymix\Framework\Session::getTimezone());
+		
+		Rhymix\Framework\Session::close();
+	}
+	
+	public function testTokens()
+	{
+		Rhymix\Framework\Session::start();
+		
+		$token1 = Rhymix\Framework\Session::createToken();
+		$this->assertTrue(ctype_alnum($token1));
+		$this->assertEquals(16, strlen($token1));
+		$this->assertTrue(Rhymix\Framework\Session::verifyToken($token1));
+		$this->assertFalse(Rhymix\Framework\Session::verifyToken(strrev($token1)));
+		
+		$token2 = Rhymix\Framework\Session::createToken('/my/key');
+		$this->assertTrue(Rhymix\Framework\Session::verifyToken($token2, '/my/key'));
+		$this->assertFalse(Rhymix\Framework\Session::verifyToken($token2));
+		$this->assertFalse(Rhymix\Framework\Session::verifyToken($token2, '/wrong/key'));
+		$this->assertFalse(Rhymix\Framework\Session::verifyToken(strrev($token2)));
+		
+		Rhymix\Framework\Session::destroy();
+		$this->assertFalse(Rhymix\Framework\Session::verifyToken($token1));
+		$this->assertFalse(Rhymix\Framework\Session::verifyToken($token, '/my/key'));
+	}
+	
+	public function testEncryption()
+	{
+		Rhymix\Framework\Session::start();
+		
+		$plaintext = 'Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.';
+		$ciphertext = Rhymix\Framework\Session::encrypt($plaintext);
+		$this->assertNotEquals(false, $ciphertext);
+		$this->assertEquals($plaintext, Rhymix\Framework\Session::decrypt($ciphertext));
+		
+		Rhymix\Framework\Session::destroy();
+		$this->assertFalse(Rhymix\Framework\Session::decrypt($ciphertext));
+		
+		Rhymix\Framework\Session::start();
+		$this->assertFalse(Rhymix\Framework\Session::decrypt($ciphertext));
+		
+		Rhymix\Framework\Session::close();
+	}
+}