. namespace core; /** * Unit tests for sessionlib.php file. * * @package core * @category test * @author Petr Skoda * @copyright 2014 Totara Learning Solutions Ltd {@link http://www.totaralms.com/} * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later */ final class sessionlib_test extends \advanced_testcase { /** * Test provided for secure cookie * * @return array of config and secure result */ public static function moodle_cookie_secure_provider(): array { return array( array( // Non ssl, not set. 'config' => array( 'wwwroot' => 'http://example.com', 'sslproxy' => null, 'cookiesecure' => null, ), 'secure' => false, ), array( // Non ssl, off and ignored. 'config' => array( 'wwwroot' => 'http://example.com', 'sslproxy' => null, 'cookiesecure' => false, ), 'secure' => false, ), array( // Non ssl, on and ignored. 'config' => array( 'wwwroot' => 'http://example.com', 'sslproxy' => null, 'cookiesecure' => true, ), 'secure' => false, ), array( // SSL via proxy, off. 'config' => array( 'wwwroot' => 'http://example.com', 'sslproxy' => true, 'cookiesecure' => false, ), 'secure' => false, ), array( // SSL via proxy, on. 'config' => array( 'wwwroot' => 'http://example.com', 'sslproxy' => true, 'cookiesecure' => true, ), 'secure' => true, ), array( // SSL and off. 'config' => array( 'wwwroot' => 'https://example.com', 'sslproxy' => null, 'cookiesecure' => false, ), 'secure' => false, ), array( // SSL and on. 'config' => array( 'wwwroot' => 'https://example.com', 'sslproxy' => null, 'cookiesecure' => true, ), 'secure' => true, ), ); } /** * Test for secure cookie * * @dataProvider moodle_cookie_secure_provider * * @param array $config Array of key value config settings * @param bool $secure Wether cookies should be secure or not */ public function test_is_moodle_cookie_secure($config, $secure): void { global $CFG; $this->resetAfterTest(); foreach ($config as $key => $value) { $CFG->$key = $value; } $this->assertEquals($secure, is_moodle_cookie_secure()); } public function test_sesskey(): void { global $USER; $this->resetAfterTest(); $user = $this->getDataGenerator()->create_user(); \core\session\manager::init_empty_session(); $this->assertObjectNotHasProperty('sesskey', $USER); $sesskey = sesskey(); $this->assertNotEmpty($sesskey); $this->assertSame($sesskey, $USER->sesskey); $this->assertSame($GLOBALS['USER'], $_SESSION['USER']); $this->assertSame($GLOBALS['USER'], $USER); $this->assertSame($sesskey, sesskey()); // Test incomplete session init - the sesskeys should return random values. $_SESSION = array(); unset($GLOBALS['USER']); unset($GLOBALS['SESSION']); $this->assertFalse(sesskey()); $this->assertArrayNotHasKey('USER', $GLOBALS); $this->assertFalse(sesskey()); } public function test_confirm_sesskey(): void { $this->resetAfterTest(); $sesskey = sesskey(); try { confirm_sesskey(); $this->fail('Exception expected when sesskey not present'); } catch (\moodle_exception $e) { $this->assertSame('missingparam', $e->errorcode); } $this->assertTrue(confirm_sesskey($sesskey)); $this->assertFalse(confirm_sesskey('blahblah')); $_GET['sesskey'] = $sesskey; $this->assertTrue(confirm_sesskey()); $_GET['sesskey'] = 'blah'; $this->assertFalse(confirm_sesskey()); } public function test_require_sesskey(): void { $this->resetAfterTest(); $sesskey = sesskey(); try { require_sesskey(); $this->fail('Exception expected when sesskey not present'); } catch (\moodle_exception $e) { $this->assertSame('missingparam', $e->errorcode); } $_GET['sesskey'] = $sesskey; require_sesskey(); $_GET['sesskey'] = 'blah'; try { require_sesskey(); $this->fail('Exception expected when sesskey not incorrect'); } catch (\moodle_exception $e) { $this->assertSame('invalidsesskey', $e->errorcode); } } }