adding tests for security library

adding check for empty key to Security::cipher()

git-svn-id: https://svn.cakephp.org/repo/branches/1.2.x.x@6820 3807eeeb-6ff5-0310-8944-8be069107fe0

cake/libs/security.php

@@ -89,7 +89,7 @@ class Security extends Object {
 	function generateAuthKey() {
 		$_this =& Security::getInstance();
 		if(!class_exists('String')) {
-			uses('string');
+			App::import('Core', 'String');
 		}
 		return $_this->hash(String::uuid());
 	}
@@ -173,6 +173,11 @@ class Security extends Object {
  * @static
  */
 	function cipher($text, $key) {
+		if (empty($key)) {
+			trigger_error('You cannot use an empty key for Security::cipher()');
+			return '';
+		}
+
 		$_this =& Security::getInstance();
 		if (!defined('CIPHER_SEED')) {
 			//This is temporary will change later

cake/tests/cases/libs/security.test.php

@@ -26,7 +26,7 @@
  * @lastmodified	$Date$
  * @license			http://www.opensource.org/licenses/opengroup.php The Open Group Test Suite License
  */
-uses('security');
+App::import('Core', 'Security');
 /**
  * Short description for class.
  *
@@ -34,9 +34,84 @@ uses('security');
  * @subpackage cake.tests.cases.libs
  */
 class SecurityTest extends UnitTestCase {
+	var $sut = null;
+	
+	function setUp() {
+		$this->sut =& Security::getInstance();
+	}
+	
+	function testInactiveMins() {
+		Configure::write('Security.level', 'high');
+		$this->assertEqual(10, Security::inactiveMins());
 
-	function skip() {
+		Configure::write('Security.level', 'medium');
-		$this->skipif (true, 'SecurityTest not implemented');
+		$this->assertEqual(100, Security::inactiveMins());
+
+		Configure::write('Security.level', 'low');
+		$this->assertEqual(300, Security::inactiveMins());
+	}
+	
+	function testGenerateAuthkey() {
+		$this->assertEqual(strlen(Security::generateAuthKey()), 40);
+	}
+	
+	function testValidateAuthKey() {
+		$authKey = Security::generateAuthKey();
+		$this->assertTrue(Security::validateAuthKey($authKey));
+	}
+
+	function testhash() {
+		$key = 'someKey';
+		$this->assertIdentical(strlen(Security::hash($key, null, false)), 40);
+		$this->assertIdentical(strlen(Security::hash($key, 'sha1', false)), 40);
+		$this->assertIdentical(strlen(Security::hash($key, null, true)), 40);
+		$this->assertIdentical(strlen(Security::hash($key, 'sha1', true)), 40);
+
+		$hashType = 'sha1';
+		Security::setHash($hashType);
+		$this->assertIdentical($this->sut->hashType, $hashType);
+		$this->assertIdentical(strlen(Security::hash($key, null, true)), 40);
+		$this->assertIdentical(strlen(Security::hash($key, null, false)), 40);
+
+		$this->assertIdentical(strlen(Security::hash($key, 'md5', false)), 32);
+		$this->assertIdentical(strlen(Security::hash($key, 'md5', true)), 32);
+
+		$hashType = 'md5';
+		Security::setHash($hashType);
+		$this->assertIdentical($this->sut->hashType, $hashType);
+		$this->assertIdentical(strlen(Security::hash($key, null, false)), 32);
+		$this->assertIdentical(strlen(Security::hash($key, null, true)), 32);
+
+
+		if (function_exists('sha256')) {
+			$this->assertIdentical(strlen(Security::hash($key, 'sha256', false)), 64);
+			$this->assertIdentical(strlen(Security::hash($key, 'sha256', true)), 64);
+		} else {
+			$this->assertIdentical(strlen(Security::hash($key, 'sha256', false)), 32);
+			$this->assertIdentical(strlen(Security::hash($key, 'sha256', true)), 32);
+		}
+	}
+	
+	function testCipher() {
+		$length = 10;
+		$txt = '';
+		for ($i = 0; $i < $length; $i++) { 
+			$txt .= rand(0, 255);
+		}
+		$key = 'my_key';
+		$result = Security::cipher($txt, $key);
+		$this->assertEqual(Security::cipher($result, $key), $txt);
+
+		$txt = '';
+		$key = 'my_key';
+		$result = Security::cipher($txt, $key);
+		$this->assertEqual(Security::cipher($result, $key), $txt);
+
+		$txt = 'some_text';
+		$key = '';
+		$result = Security::cipher($txt, $key);
+		$this->assertError();
+		$this->assertIdentical($result, '');
 	}
 }
 ?>