diff --git a/cake/libs/security.php b/cake/libs/security.php index 67a6b379c..797f94cee 100644 --- a/cake/libs/security.php +++ b/cake/libs/security.php @@ -89,7 +89,7 @@ class Security extends Object { function generateAuthKey() { $_this =& Security::getInstance(); if(!class_exists('String')) { - uses('string'); + App::import('Core', 'String'); } return $_this->hash(String::uuid()); } @@ -173,6 +173,11 @@ class Security extends Object { * @static */ function cipher($text, $key) { + if (empty($key)) { + trigger_error('You cannot use an empty key for Security::cipher()'); + return ''; + } + $_this =& Security::getInstance(); if (!defined('CIPHER_SEED')) { //This is temporary will change later diff --git a/cake/tests/cases/libs/security.test.php b/cake/tests/cases/libs/security.test.php index 3d8d3871d..536f13d2e 100644 --- a/cake/tests/cases/libs/security.test.php +++ b/cake/tests/cases/libs/security.test.php @@ -26,7 +26,7 @@ * @lastmodified $Date$ * @license http://www.opensource.org/licenses/opengroup.php The Open Group Test Suite License */ -uses('security'); +App::import('Core', 'Security'); /** * Short description for class. * @@ -34,9 +34,84 @@ uses('security'); * @subpackage cake.tests.cases.libs */ class SecurityTest extends UnitTestCase { + var $sut = null; + + function setUp() { + $this->sut =& Security::getInstance(); + } + + function testInactiveMins() { + Configure::write('Security.level', 'high'); + $this->assertEqual(10, Security::inactiveMins()); - function skip() { - $this->skipif (true, 'SecurityTest not implemented'); + Configure::write('Security.level', 'medium'); + $this->assertEqual(100, Security::inactiveMins()); + + Configure::write('Security.level', 'low'); + $this->assertEqual(300, Security::inactiveMins()); + } + + function testGenerateAuthkey() { + $this->assertEqual(strlen(Security::generateAuthKey()), 40); + } + + function testValidateAuthKey() { + $authKey = Security::generateAuthKey(); + $this->assertTrue(Security::validateAuthKey($authKey)); + } + + function testhash() { + $key = 'someKey'; + $this->assertIdentical(strlen(Security::hash($key, null, false)), 40); + $this->assertIdentical(strlen(Security::hash($key, 'sha1', false)), 40); + $this->assertIdentical(strlen(Security::hash($key, null, true)), 40); + $this->assertIdentical(strlen(Security::hash($key, 'sha1', true)), 40); + + $hashType = 'sha1'; + Security::setHash($hashType); + $this->assertIdentical($this->sut->hashType, $hashType); + $this->assertIdentical(strlen(Security::hash($key, null, true)), 40); + $this->assertIdentical(strlen(Security::hash($key, null, false)), 40); + + $this->assertIdentical(strlen(Security::hash($key, 'md5', false)), 32); + $this->assertIdentical(strlen(Security::hash($key, 'md5', true)), 32); + + $hashType = 'md5'; + Security::setHash($hashType); + $this->assertIdentical($this->sut->hashType, $hashType); + $this->assertIdentical(strlen(Security::hash($key, null, false)), 32); + $this->assertIdentical(strlen(Security::hash($key, null, true)), 32); + + + if (function_exists('sha256')) { + $this->assertIdentical(strlen(Security::hash($key, 'sha256', false)), 64); + $this->assertIdentical(strlen(Security::hash($key, 'sha256', true)), 64); + } else { + $this->assertIdentical(strlen(Security::hash($key, 'sha256', false)), 32); + $this->assertIdentical(strlen(Security::hash($key, 'sha256', true)), 32); + } + } + + function testCipher() { + $length = 10; + $txt = ''; + for ($i = 0; $i < $length; $i++) { + $txt .= rand(0, 255); + } + $key = 'my_key'; + $result = Security::cipher($txt, $key); + $this->assertEqual(Security::cipher($result, $key), $txt); + + $txt = ''; + $key = 'my_key'; + $result = Security::cipher($txt, $key); + $this->assertEqual(Security::cipher($result, $key), $txt); + + $txt = 'some_text'; + $key = ''; + $result = Security::cipher($txt, $key); + $this->assertError(); + $this->assertIdentical($result, ''); } } ?> \ No newline at end of file