2008-05-30 11:40:08 +00:00
|
|
|
<?php
|
|
|
|
/**
|
2012-04-27 02:49:18 +00:00
|
|
|
* CakePHP(tm) Tests <http://book.cakephp.org/2.0/en/development/testing.html>
|
2012-03-13 02:46:07 +00:00
|
|
|
* Copyright 2005-2012, Cake Software Foundation, Inc. (http://cakefoundation.org)
|
2008-05-30 11:40:08 +00:00
|
|
|
*
|
2010-10-03 16:31:21 +00:00
|
|
|
* Licensed under The MIT License
|
|
|
|
* Redistributions of files must retain the above copyright notice
|
2008-05-30 11:40:08 +00:00
|
|
|
*
|
2012-03-13 02:46:07 +00:00
|
|
|
* @copyright Copyright 2005-2012, Cake Software Foundation, Inc. (http://cakefoundation.org)
|
2012-04-27 02:49:18 +00:00
|
|
|
* @link http://book.cakephp.org/2.0/en/development/testing.html CakePHP(tm) Tests
|
2008-10-30 17:30:26 +00:00
|
|
|
* @since CakePHP(tm) v 1.2.0.5432
|
2010-10-03 16:27:27 +00:00
|
|
|
* @license MIT License (http://www.opensource.org/licenses/mit-license.php)
|
2008-05-30 11:40:08 +00:00
|
|
|
*/
|
2010-12-10 06:23:27 +00:00
|
|
|
App::uses('Security', 'Utility');
|
2009-07-24 19:18:37 +00:00
|
|
|
|
2008-05-30 11:40:08 +00:00
|
|
|
/**
|
2009-03-18 17:55:58 +00:00
|
|
|
* SecurityTest class
|
2008-05-30 11:40:08 +00:00
|
|
|
*
|
2011-07-26 06:16:14 +00:00
|
|
|
* @package Cake.Test.Case.Utility
|
2008-05-30 11:40:08 +00:00
|
|
|
*/
|
2008-07-21 02:40:58 +00:00
|
|
|
class SecurityTest extends CakeTestCase {
|
2009-07-24 19:18:37 +00:00
|
|
|
|
2008-06-02 19:22:55 +00:00
|
|
|
/**
|
|
|
|
* sut property
|
2008-06-05 15:20:45 +00:00
|
|
|
*
|
2008-06-02 19:22:55 +00:00
|
|
|
* @var mixed null
|
|
|
|
*/
|
2010-04-04 07:14:00 +00:00
|
|
|
public $sut = null;
|
2009-07-24 19:18:37 +00:00
|
|
|
|
2008-06-05 15:20:45 +00:00
|
|
|
/**
|
2008-06-02 19:22:55 +00:00
|
|
|
* testInactiveMins method
|
2008-06-05 15:20:45 +00:00
|
|
|
*
|
2008-06-02 19:22:55 +00:00
|
|
|
* @return void
|
|
|
|
*/
|
2011-05-30 20:02:32 +00:00
|
|
|
public function testInactiveMins() {
|
2008-05-30 11:40:08 +00:00
|
|
|
Configure::write('Security.level', 'high');
|
2011-11-16 00:07:56 +00:00
|
|
|
$this->assertEquals(10, Security::inactiveMins());
|
2008-05-30 11:40:08 +00:00
|
|
|
|
|
|
|
Configure::write('Security.level', 'medium');
|
2011-11-16 00:07:56 +00:00
|
|
|
$this->assertEquals(100, Security::inactiveMins());
|
2008-05-30 11:40:08 +00:00
|
|
|
|
|
|
|
Configure::write('Security.level', 'low');
|
2011-11-16 00:07:56 +00:00
|
|
|
$this->assertEquals(300, Security::inactiveMins());
|
2008-05-30 11:40:08 +00:00
|
|
|
}
|
2009-07-24 19:18:37 +00:00
|
|
|
|
2008-06-05 15:20:45 +00:00
|
|
|
/**
|
2008-06-02 19:22:55 +00:00
|
|
|
* testGenerateAuthkey method
|
2008-06-05 15:20:45 +00:00
|
|
|
*
|
2008-06-02 19:22:55 +00:00
|
|
|
* @return void
|
|
|
|
*/
|
2011-05-30 20:02:32 +00:00
|
|
|
public function testGenerateAuthkey() {
|
2011-11-16 00:07:56 +00:00
|
|
|
$this->assertEquals(strlen(Security::generateAuthKey()), 40);
|
2008-05-30 11:40:08 +00:00
|
|
|
}
|
2009-07-24 19:18:37 +00:00
|
|
|
|
2008-06-05 15:20:45 +00:00
|
|
|
/**
|
2008-06-02 19:22:55 +00:00
|
|
|
* testValidateAuthKey method
|
2008-06-05 15:20:45 +00:00
|
|
|
*
|
2008-06-02 19:22:55 +00:00
|
|
|
* @return void
|
|
|
|
*/
|
2011-05-30 20:02:32 +00:00
|
|
|
public function testValidateAuthKey() {
|
2008-05-30 11:40:08 +00:00
|
|
|
$authKey = Security::generateAuthKey();
|
|
|
|
$this->assertTrue(Security::validateAuthKey($authKey));
|
|
|
|
}
|
2009-07-24 19:18:37 +00:00
|
|
|
|
2012-07-21 16:48:14 +00:00
|
|
|
/**
|
|
|
|
* testHashInvalidSalt method
|
|
|
|
*
|
|
|
|
* @expectedException PHPUnit_Framework_Error
|
|
|
|
* @return void
|
|
|
|
*/
|
|
|
|
public function testHashInvalidSalt() {
|
|
|
|
$result = Security::hash('someKey', 'blowfish', true);
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* testHashAnotherInvalidSalt
|
|
|
|
*
|
|
|
|
* @expectedException PHPUnit_Framework_Error
|
|
|
|
* @return void
|
|
|
|
*/
|
|
|
|
public function testHashAnotherInvalidSalt() {
|
|
|
|
$result = Security::hash('someKey', 'blowfish', '$1$lksdjoijfaoijs');
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* testHashYetAnotherInvalidSalt
|
|
|
|
*
|
|
|
|
* @expectedException PHPUnit_Framework_Error
|
|
|
|
* @return void
|
|
|
|
*/
|
|
|
|
public function testHashYetAnotherInvalidSalt() {
|
|
|
|
$result = Security::hash('someKey', 'blowfish', '$2a$10$123');
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* testHashInvalidCost method
|
|
|
|
*
|
|
|
|
* @expectedException PHPUnit_Framework_Error
|
|
|
|
* @return void
|
|
|
|
*/
|
|
|
|
public function testHashInvalidCost() {
|
|
|
|
Security::setCost(1000);
|
|
|
|
$result = Security::hash('somekey', 'blowfish', false);
|
|
|
|
}
|
2008-06-02 19:22:55 +00:00
|
|
|
/**
|
|
|
|
* testHash method
|
2008-06-05 15:20:45 +00:00
|
|
|
*
|
2008-06-02 19:22:55 +00:00
|
|
|
* @return void
|
|
|
|
*/
|
2011-05-30 20:02:32 +00:00
|
|
|
public function testHash() {
|
2010-04-24 01:28:54 +00:00
|
|
|
$_hashType = Security::$hashType;
|
2009-03-21 23:55:39 +00:00
|
|
|
|
2008-05-30 11:40:08 +00:00
|
|
|
$key = 'someKey';
|
2008-10-02 00:03:52 +00:00
|
|
|
$hash = 'someHash';
|
|
|
|
|
2011-11-16 00:07:56 +00:00
|
|
|
$this->assertSame(strlen(Security::hash($key, null, false)), 40);
|
|
|
|
$this->assertSame(strlen(Security::hash($key, 'sha1', false)), 40);
|
|
|
|
$this->assertSame(strlen(Security::hash($key, null, true)), 40);
|
|
|
|
$this->assertSame(strlen(Security::hash($key, 'sha1', true)), 40);
|
2008-05-30 11:40:08 +00:00
|
|
|
|
2008-10-02 00:03:52 +00:00
|
|
|
$result = Security::hash($key, null, $hash);
|
2011-11-16 00:07:56 +00:00
|
|
|
$this->assertSame($result, 'e38fcb877dccb6a94729a81523851c931a46efb1');
|
2008-10-02 00:03:52 +00:00
|
|
|
|
|
|
|
$result = Security::hash($key, 'sha1', $hash);
|
2011-11-16 00:07:56 +00:00
|
|
|
$this->assertSame($result, 'e38fcb877dccb6a94729a81523851c931a46efb1');
|
2008-10-02 00:03:52 +00:00
|
|
|
|
2008-05-30 11:40:08 +00:00
|
|
|
$hashType = 'sha1';
|
|
|
|
Security::setHash($hashType);
|
2011-11-16 00:07:56 +00:00
|
|
|
$this->assertSame(Security::$hashType, $hashType);
|
|
|
|
$this->assertSame(strlen(Security::hash($key, null, true)), 40);
|
|
|
|
$this->assertSame(strlen(Security::hash($key, null, false)), 40);
|
2008-05-30 11:40:08 +00:00
|
|
|
|
2011-11-16 00:07:56 +00:00
|
|
|
$this->assertSame(strlen(Security::hash($key, 'md5', false)), 32);
|
|
|
|
$this->assertSame(strlen(Security::hash($key, 'md5', true)), 32);
|
2008-05-30 11:40:08 +00:00
|
|
|
|
|
|
|
$hashType = 'md5';
|
|
|
|
Security::setHash($hashType);
|
2011-11-16 00:07:56 +00:00
|
|
|
$this->assertSame(Security::$hashType, $hashType);
|
|
|
|
$this->assertSame(strlen(Security::hash($key, null, false)), 32);
|
|
|
|
$this->assertSame(strlen(Security::hash($key, null, true)), 32);
|
2008-05-30 11:40:08 +00:00
|
|
|
|
2008-08-02 14:44:42 +00:00
|
|
|
if (!function_exists('hash') && !function_exists('mhash')) {
|
2011-11-16 00:07:56 +00:00
|
|
|
$this->assertSame(strlen(Security::hash($key, 'sha256', false)), 32);
|
|
|
|
$this->assertSame(strlen(Security::hash($key, 'sha256', true)), 32);
|
2008-08-02 14:44:42 +00:00
|
|
|
} else {
|
2011-11-16 00:07:56 +00:00
|
|
|
$this->assertSame(strlen(Security::hash($key, 'sha256', false)), 64);
|
|
|
|
$this->assertSame(strlen(Security::hash($key, 'sha256', true)), 64);
|
2008-05-30 11:40:08 +00:00
|
|
|
}
|
2009-03-21 23:55:39 +00:00
|
|
|
|
2012-09-27 02:23:01 +00:00
|
|
|
Security::setHash($_hashType);
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Test that hash() works with blowfish.
|
|
|
|
*
|
|
|
|
* @return void
|
|
|
|
*/
|
|
|
|
public function testHashBlowfish() {
|
|
|
|
Security::setCost(10);
|
|
|
|
$test = Security::hash('password', 'blowfish');
|
|
|
|
$this->skipIf(strpos($test, '$2a$') === false, 'Blowfish hashes are incorrect.');
|
|
|
|
|
|
|
|
$_hashType = Security::$hashType;
|
2012-09-28 01:42:15 +00:00
|
|
|
|
2012-09-27 02:23:01 +00:00
|
|
|
$key = 'someKey';
|
2012-07-21 16:48:14 +00:00
|
|
|
$hashType = 'blowfish';
|
|
|
|
Security::setHash($hashType);
|
2012-09-27 02:23:01 +00:00
|
|
|
|
2012-07-21 16:48:14 +00:00
|
|
|
$this->assertSame(Security::$hashType, $hashType);
|
|
|
|
$this->assertSame(strlen(Security::hash($key, null, false)), 60);
|
|
|
|
|
|
|
|
$password = $submittedPassword = $key;
|
|
|
|
$storedPassword = Security::hash($password);
|
|
|
|
|
|
|
|
$hashedPassword = Security::hash($submittedPassword, null, $storedPassword);
|
|
|
|
$this->assertSame($storedPassword, $hashedPassword);
|
|
|
|
|
|
|
|
$submittedPassword = 'someOtherKey';
|
|
|
|
$hashedPassword = Security::hash($submittedPassword, null, $storedPassword);
|
|
|
|
$this->assertNotSame($storedPassword, $hashedPassword);
|
|
|
|
|
2009-03-21 23:55:39 +00:00
|
|
|
Security::setHash($_hashType);
|
2008-05-30 11:40:08 +00:00
|
|
|
}
|
2009-07-24 19:18:37 +00:00
|
|
|
|
2008-06-05 15:20:45 +00:00
|
|
|
/**
|
|
|
|
* testCipher method
|
2008-07-05 14:31:22 +00:00
|
|
|
*
|
2008-06-05 15:20:45 +00:00
|
|
|
* @return void
|
|
|
|
*/
|
2011-05-30 20:02:32 +00:00
|
|
|
public function testCipher() {
|
2008-05-30 11:40:08 +00:00
|
|
|
$length = 10;
|
|
|
|
$txt = '';
|
2008-06-05 15:20:45 +00:00
|
|
|
for ($i = 0; $i < $length; $i++) {
|
2008-07-05 14:31:22 +00:00
|
|
|
$txt .= mt_rand(0, 255);
|
2008-05-30 11:40:08 +00:00
|
|
|
}
|
|
|
|
$key = 'my_key';
|
|
|
|
$result = Security::cipher($txt, $key);
|
2012-03-23 06:37:12 +00:00
|
|
|
$this->assertEquals($txt, Security::cipher($result, $key));
|
2008-05-30 11:40:08 +00:00
|
|
|
|
|
|
|
$txt = '';
|
|
|
|
$key = 'my_key';
|
|
|
|
$result = Security::cipher($txt, $key);
|
2012-03-23 06:37:12 +00:00
|
|
|
$this->assertEquals($txt, Security::cipher($result, $key));
|
2011-10-28 05:01:17 +00:00
|
|
|
|
2010-03-27 21:19:42 +00:00
|
|
|
$txt = 123456;
|
|
|
|
$key = 'my_key';
|
|
|
|
$result = Security::cipher($txt, $key);
|
2012-03-23 06:37:12 +00:00
|
|
|
$this->assertEquals($txt, Security::cipher($result, $key));
|
2010-03-27 21:19:42 +00:00
|
|
|
|
|
|
|
$txt = '123456';
|
|
|
|
$key = 'my_key';
|
|
|
|
$result = Security::cipher($txt, $key);
|
2012-03-23 06:37:12 +00:00
|
|
|
$this->assertEquals($txt, Security::cipher($result, $key));
|
2011-09-10 16:23:28 +00:00
|
|
|
}
|
2010-05-19 04:45:35 +00:00
|
|
|
|
2011-09-10 16:23:28 +00:00
|
|
|
/**
|
|
|
|
* testCipherEmptyKey method
|
|
|
|
*
|
|
|
|
* @expectedException PHPUnit_Framework_Error
|
|
|
|
* @return void
|
|
|
|
*/
|
|
|
|
public function testCipherEmptyKey() {
|
2010-05-19 04:45:35 +00:00
|
|
|
$txt = 'some_text';
|
|
|
|
$key = '';
|
|
|
|
$result = Security::cipher($txt, $key);
|
2008-05-30 11:40:08 +00:00
|
|
|
}
|
2012-05-29 23:25:01 +00:00
|
|
|
|
|
|
|
/**
|
|
|
|
* testRijndael method
|
|
|
|
*
|
|
|
|
* @return void
|
|
|
|
*/
|
|
|
|
public function testRijndael() {
|
2012-09-15 10:43:39 +00:00
|
|
|
$this->skipIf(!function_exists('mcrypt_encrypt'));
|
2012-05-29 23:25:01 +00:00
|
|
|
$txt = 'The quick brown fox jumped over the lazy dog.';
|
|
|
|
$key = 'DYhG93b0qyJfIxfs2guVoUubWwvniR2G0FgaC9mi';
|
|
|
|
|
|
|
|
$result = Security::rijndael($txt, $key, 'encrypt');
|
|
|
|
$this->assertEquals($txt, Security::rijndael($result, $key, 'decrypt'));
|
|
|
|
|
|
|
|
$result = Security::rijndael($key, $txt, 'encrypt');
|
|
|
|
$this->assertEquals($key, Security::rijndael($result, $txt, 'decrypt'));
|
|
|
|
|
|
|
|
$result = Security::rijndael('', $key, 'encrypt');
|
|
|
|
$this->assertEquals('', Security::rijndael($result, $key, 'decrypt'));
|
|
|
|
|
|
|
|
$result = Security::rijndael($txt, $key = 'this is my key of over 32 chars, yes it is', 'encrypt');
|
|
|
|
$this->assertEquals($txt, Security::rijndael($result, $key, 'decrypt'));
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* testRijndaelInvalidOperation method
|
|
|
|
*
|
|
|
|
* @expectedException PHPUnit_Framework_Error
|
|
|
|
* @return void
|
|
|
|
*/
|
|
|
|
public function testRijndaelInvalidOperation() {
|
|
|
|
$txt = 'The quick brown fox jumped over the lazy dog.';
|
|
|
|
$key = 'DYhG93b0qyJfIxfs2guVoUubWwvniR2G0FgaC9mi';
|
|
|
|
$result = Security::rijndael($txt, $key, 'foo');
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* testRijndaelInvalidKey method
|
|
|
|
*
|
|
|
|
* @expectedException PHPUnit_Framework_Error
|
|
|
|
* @return void
|
|
|
|
*/
|
|
|
|
public function testRijndaelInvalidKey() {
|
|
|
|
$txt = 'The quick brown fox jumped over the lazy dog.';
|
|
|
|
$key = 'too small';
|
|
|
|
$result = Security::rijndael($txt, $key, 'encrypt');
|
|
|
|
}
|
|
|
|
|
2008-05-30 11:40:08 +00:00
|
|
|
}
|