HmacValidatorTest - Code Metrics - jkphl/antibot - Measure and Improve Code Quality continuously with Scrutinizer

HmacValidatorTest A
last analyzed 2020-11-14 18:51 UTC

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	139
Duplicated Lines	0 %

Coupling/Cohesion

Components	1
Dependencies	5

Importance

Changes

Metric	Value
wmc	4
lcom	1
cbo	5
dl	0
loc	139
rs	10
c	0
b	0
f	0

4 Methods

Rating	Name	Size	Complexity
A	testGeneralValidation()	21	1
A	testRequestMethodOrderValidation()	25	1
A	testRequestTimingValidation()	45	1
A	testArmor()	18	1

<?php

/**
 * antibot
 *
 * @category   Jkphl
 * @package    Jkphl\Antibot
 * @subpackage Jkphl\Antibot\Tests\Ports
 * @author     Joschi Kuphal <[email protected]> / @jkphl
 * @copyright  Copyright © 2020 Joschi Kuphal <[email protected]> / @jkphl
 * @license    http://opensource.org/licenses/MIT The MIT License (MIT)
 */

/***********************************************************************************
 *  The MIT License (MIT)
 *
 *  Copyright © 2020 Joschi Kuphal <[email protected]>
 *
 *  Permission is hereby granted, free of charge, to any person obtaining a copy of
 *  this software and associated documentation files (the "Software"), to deal in
 *  the Software without restriction, including without limitation the rights to
 *  use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
 *  the Software, and to permit persons to whom the Software is furnished to do so,
 *  subject to the following conditions:
 *
 *  The above copyright notice and this permission notice shall be included in all
 *  copies or substantial portions of the Software.
 *
 *  THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 *  IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
 *  FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
 *  COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
 *  IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
 *  CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 ***********************************************************************************/

namespace Jkphl\Antibot\Tests\Ports;

use Exception;
use Jkphl\Antibot\Infrastructure\Exceptions\HmacValidationException;
use Jkphl\Antibot\Ports\Validators\HmacValidator;
use Jkphl\Antibot\Tests\AbstractTestBase;

/**
 * HMAC Validator Test
 *
 * @package    Jkphl\Antibot
 * @subpackage Jkphl\Antibot\Tests\Ports
 */
class HmacValidatorTest extends AbstractTestBase
{
    /**
     * Test the general HMAC validation
     *
     * @return void
     * @throws Exception
     */
    public function testGeneralValidation(): void
    {
        $session       = md5(rand());
        $antibot       = $this->createAntibot($session);
        $hmacValidator = new HmacValidator();
        $antibot->addValidator($hmacValidator);

        // Run a first validation: Should be skipped
        $request1         = $this->createRequest(['REQUEST_METHOD' => 'GET', 'REMOTE_ADDR' => '1.2.3.4']);
        $validationResult = $antibot->validate($request1);
        $this->assertFalse($validationResult->isValid());
        $this->assertFalse($validationResult->isFailed());
        $this->assertTrue($validationResult->isSkipped());

        // Arm & run a second request: Should succeed
        $armor            = $antibot->armorInputs($request1);
        $post             = $this->getArmorParams($armor);
        $request2         = $this->createRequest(['REQUEST_METHOD' => 'GET', 'REMOTE_ADDR' => '1.2.3.4'], [], $post);
        $validationResult = $antibot->validate($request2);
        $this->assertTrue($validationResult->isValid());
    }

    /**
     * Test the HMAC request method order validation
     *
     * @return void
     * @throws Exception
     */
    public function testRequestMethodOrderValidation(): void
    {
        $antibot       = $this->createAntibot();
        $hmacValidator = new HmacValidator();
        $hmacValidator->setMethodVector(HmacValidator::METHOD_GET, HmacValidator::METHOD_POST);
        $antibot->addValidator($hmacValidator);
        $request1 = $this->createRequest(['REQUEST_METHOD' => 'GET', 'REMOTE_ADDR' => '1.2.3.4']);
        $armor    = $antibot->armorInputs($request1);
        $post     = $this->getArmorParams($armor);

        // Second request
        $request2         = $this->createRequest(['REQUEST_METHOD' => 'POST', 'REMOTE_ADDR' => '1.2.3.4'], [], $post);
        $validationResult = $antibot->validate($request2);
        $this->assertTrue($validationResult->isValid());

        // Third request using the wrong request method
        $request3         = $this->createRequest(['REQUEST_METHOD' => 'GET', 'REMOTE_ADDR' => '1.2.3.4'], $post);
        $validationResult = $antibot->validate($request3);
        $this->assertFalse($validationResult->isValid());
        $this->assertTrue($validationResult->hasErrors());
        $errors = $validationResult->getErrors();
        $this->assertEquals(1, count($errors));
        $this->assertInstanceOf(HmacValidationException::class, $errors[0]);
        $this->assertEquals(1544292604, $errors[0]->getCode());
    }

    /**
     * Test the HMAC request timing validation
     *
     * @return void
     * @throws Exception
     */
    public function testRequestTimingValidation(): void
    {
        $session       = md5(rand());
        $antibot       = $this->createAntibot($session);
        $hmacValidator = new HmacValidator();
        $hmacValidator->setSubmissionTimes(10, 5, 1);
        $antibot->addValidator($hmacValidator);
        $request1 = $this->createRequest(['REQUEST_METHOD' => 'GET', 'REMOTE_ADDR' => '1.2.3.4']);
        $this->assertTrue($antibot->validate($request1)->isSkipped());

        // Create the armor for a second request, including submission time limits
        $armor = $antibot->armorInputs($request1);
        $post  = $this->getArmorParams($armor);

        // A second call after only 1 second should fail validation
        sleep(1);
        $request2         = $this->createRequest(['REQUEST_METHOD' => 'POST', 'REMOTE_ADDR' => '1.2.3.4'], [], $post);
        $validationResult = $antibot->validate($request2);
        $this->assertTrue($validationResult->isFailed());

        // Waiting for 4 more seconds should succeed
        sleep(5);
        $request3         = $this->createRequest(['REQUEST_METHOD' => 'POST', 'REMOTE_ADDR' => '1.2.3.4'], [], $post);
        $validationResult = $antibot->validate($request3);
        $this->assertTrue($validationResult->isValid());

        // Rearm, wait for 1 second and retry: Should succeed as it's a follow-up request
        $armor = $antibot->armorInputs($request3);
        $post  = $this->getArmorParams($armor);
        sleep(1);
        $request4         = $this->createRequest(['REQUEST_METHOD' => 'POST', 'REMOTE_ADDR' => '1.2.3.4'], [], $post);
        $validationResult = $antibot->validate($request4);
        $this->assertTrue($validationResult->isValid());

        // Wait for another 10 seconds and retry: Should fail as it exceeded the maximum time
        sleep(10);
        $request5         = $this->createRequest(['REQUEST_METHOD' => 'POST', 'REMOTE_ADDR' => '1.2.3.4'], [], $post);
        $validationResult = $antibot->validate($request5);
        $this->assertTrue($validationResult->isFailed());
        $this->assertTrue($validationResult->hasErrors());
        $errors = $validationResult->getErrors();
        $this->assertEquals(1, count($errors));
        $this->assertInstanceOf(HmacValidationException::class, $errors[0]);
        $this->assertEquals(1544292684, $errors[0]->getCode());
    }

    /**
     * Test the armoring
     *
     * @return void
     * @throws Exception
     */
    public function testArmor(): void
    {
        $sessionId     = md5(rand());
        $antibot       = $this->createAntibot($sessionId);
        $request       = $this->createRequest(
            ['REQUEST_METHOD' => 'GET', 'REMOTE_ADDR' => '1.2.3.4'],
            ['name' => 'John Doe', 'email' => '[email protected]']
        );
        $hmacValidator = new HmacValidator();
        $hmacValidator->setMethodVector(HmacValidator::METHOD_GET, HmacValidator::METHOD_POST);
        $hmacValidator->setSubmissionTimes(1800, 10, 3);
        $antibot->addValidator($hmacValidator);
        $armor = $antibot->armorInputs($request);
        $this->assertTrue(is_array($armor));
        $this->assertEquals(2, count($armor));
        $this->assertEquals(40, strlen($armor[0]->getAttributes()['value']));
        $this->assertTrue(is_int($armor[1]->getAttributes()['value']));
    }
}


1			<?php
2
3			/**
4			* antibot
5			*
6			* @category Jkphl
7			* @package Jkphl\Antibot
8			* @subpackage Jkphl\Antibot\Tests\Ports
9			* @author Joschi Kuphal <[email protected]> / @jkphl
10			* @copyright Copyright © 2020 Joschi Kuphal <[email protected]> / @jkphl
11			* @license http://opensource.org/licenses/MIT The MIT License (MIT)
12			*/
13
14			/***********************************************************************************
15			* The MIT License (MIT)
16			*
17			* Copyright © 2020 Joschi Kuphal <[email protected]>
18			*
19			* Permission is hereby granted, free of charge, to any person obtaining a copy of
20			* this software and associated documentation files (the "Software"), to deal in
21			* the Software without restriction, including without limitation the rights to
22			* use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
23			* the Software, and to permit persons to whom the Software is furnished to do so,
24			* subject to the following conditions:
25			*
26			* The above copyright notice and this permission notice shall be included in all
27			* copies or substantial portions of the Software.
28			*
29			* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
30			* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
31			* FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
32			* COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
33			* IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
34			* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
35			***********************************************************************************/
36
37			namespace Jkphl\Antibot\Tests\Ports;
38
39			use Exception;
40			use Jkphl\Antibot\Infrastructure\Exceptions\HmacValidationException;
41			use Jkphl\Antibot\Ports\Validators\HmacValidator;
42			use Jkphl\Antibot\Tests\AbstractTestBase;
43
44			/**
45			* HMAC Validator Test
46			*
47			* @package Jkphl\Antibot
48			* @subpackage Jkphl\Antibot\Tests\Ports
49			*/
50			class HmacValidatorTest extends AbstractTestBase
51			{
52			/**
53			* Test the general HMAC validation
54			*
55			* @return void
56			* @throws Exception
57			*/
58			public function testGeneralValidation(): void
59			{
60			$session = md5(rand());
61			$antibot = $this->createAntibot($session);
62			$hmacValidator = new HmacValidator();
63			$antibot->addValidator($hmacValidator);
64
65			// Run a first validation: Should be skipped
66			$request1 = $this->createRequest(['REQUEST_METHOD' => 'GET', 'REMOTE_ADDR' => '1.2.3.4']);
67			$validationResult = $antibot->validate($request1);
68			$this->assertFalse($validationResult->isValid());
69			$this->assertFalse($validationResult->isFailed());
70			$this->assertTrue($validationResult->isSkipped());
71
72			// Arm & run a second request: Should succeed
73			$armor = $antibot->armorInputs($request1);
74			$post = $this->getArmorParams($armor);
75			$request2 = $this->createRequest(['REQUEST_METHOD' => 'GET', 'REMOTE_ADDR' => '1.2.3.4'], [], $post);
76			$validationResult = $antibot->validate($request2);
77			$this->assertTrue($validationResult->isValid());
78			}
79
80			/**
81			* Test the HMAC request method order validation
82			*
83			* @return void
84			* @throws Exception
85			*/
86			public function testRequestMethodOrderValidation(): void
87			{
88			$antibot = $this->createAntibot();
89			$hmacValidator = new HmacValidator();
90			$hmacValidator->setMethodVector(HmacValidator::METHOD_GET, HmacValidator::METHOD_POST);
91			$antibot->addValidator($hmacValidator);
92			$request1 = $this->createRequest(['REQUEST_METHOD' => 'GET', 'REMOTE_ADDR' => '1.2.3.4']);
93			$armor = $antibot->armorInputs($request1);
94			$post = $this->getArmorParams($armor);
95
96			// Second request
97			$request2 = $this->createRequest(['REQUEST_METHOD' => 'POST', 'REMOTE_ADDR' => '1.2.3.4'], [], $post);
98			$validationResult = $antibot->validate($request2);
99			$this->assertTrue($validationResult->isValid());
100
101			// Third request using the wrong request method
102			$request3 = $this->createRequest(['REQUEST_METHOD' => 'GET', 'REMOTE_ADDR' => '1.2.3.4'], $post);
103			$validationResult = $antibot->validate($request3);
104			$this->assertFalse($validationResult->isValid());
105			$this->assertTrue($validationResult->hasErrors());
106			$errors = $validationResult->getErrors();
107			$this->assertEquals(1, count($errors));
108			$this->assertInstanceOf(HmacValidationException::class, $errors[0]);
109			$this->assertEquals(1544292604, $errors[0]->getCode());
110			}
111
112			/**
113			* Test the HMAC request timing validation
114			*
115			* @return void
116			* @throws Exception
117			*/
118			public function testRequestTimingValidation(): void
119			{
120			$session = md5(rand());
121			$antibot = $this->createAntibot($session);
122			$hmacValidator = new HmacValidator();
123			$hmacValidator->setSubmissionTimes(10, 5, 1);
124			$antibot->addValidator($hmacValidator);
125			$request1 = $this->createRequest(['REQUEST_METHOD' => 'GET', 'REMOTE_ADDR' => '1.2.3.4']);
126			$this->assertTrue($antibot->validate($request1)->isSkipped());
127
128			// Create the armor for a second request, including submission time limits
129			$armor = $antibot->armorInputs($request1);
130			$post = $this->getArmorParams($armor);
131
132			// A second call after only 1 second should fail validation
133			sleep(1);
134			$request2 = $this->createRequest(['REQUEST_METHOD' => 'POST', 'REMOTE_ADDR' => '1.2.3.4'], [], $post);
135			$validationResult = $antibot->validate($request2);
136			$this->assertTrue($validationResult->isFailed());
137
138			// Waiting for 4 more seconds should succeed
139			sleep(5);
140			$request3 = $this->createRequest(['REQUEST_METHOD' => 'POST', 'REMOTE_ADDR' => '1.2.3.4'], [], $post);
141			$validationResult = $antibot->validate($request3);
142			$this->assertTrue($validationResult->isValid());
143
144			// Rearm, wait for 1 second and retry: Should succeed as it's a follow-up request
145			$armor = $antibot->armorInputs($request3);
146			$post = $this->getArmorParams($armor);
147			sleep(1);
148			$request4 = $this->createRequest(['REQUEST_METHOD' => 'POST', 'REMOTE_ADDR' => '1.2.3.4'], [], $post);
149			$validationResult = $antibot->validate($request4);
150			$this->assertTrue($validationResult->isValid());
151
152			// Wait for another 10 seconds and retry: Should fail as it exceeded the maximum time
153			sleep(10);
154			$request5 = $this->createRequest(['REQUEST_METHOD' => 'POST', 'REMOTE_ADDR' => '1.2.3.4'], [], $post);
155			$validationResult = $antibot->validate($request5);
156			$this->assertTrue($validationResult->isFailed());
157			$this->assertTrue($validationResult->hasErrors());
158			$errors = $validationResult->getErrors();
159			$this->assertEquals(1, count($errors));
160			$this->assertInstanceOf(HmacValidationException::class, $errors[0]);
161			$this->assertEquals(1544292684, $errors[0]->getCode());
162			}
163
164			/**
165			* Test the armoring
166			*
167			* @return void
168			* @throws Exception
169			*/
170			public function testArmor(): void
171			{
172			$sessionId = md5(rand());
173			$antibot = $this->createAntibot($sessionId);
174			$request = $this->createRequest(
175			['REQUEST_METHOD' => 'GET', 'REMOTE_ADDR' => '1.2.3.4'],
176			['name' => 'John Doe', 'email' => '[email protected]']
177			);
178			$hmacValidator = new HmacValidator();
179			$hmacValidator->setMethodVector(HmacValidator::METHOD_GET, HmacValidator::METHOD_POST);
180			$hmacValidator->setSubmissionTimes(1800, 10, 3);
181			$antibot->addValidator($hmacValidator);
182			$armor = $antibot->armorInputs($request);
183			$this->assertTrue(is_array($armor));
184			$this->assertEquals(2, count($armor));
185			$this->assertEquals(40, strlen($armor[0]->getAttributes()['value']));
186			$this->assertTrue(is_int($armor[1]->getAttributes()['value']));
187			}
188			}
189

jkphl / antibot

HmacValidatorTest A last analyzed 2020-11-14 18:51 UTC

Complexity

Size/Duplication

Coupling/Cohesion

Importance

4 Methods

Duplication Side-by-Side

Filter issues like

HmacValidatorTest A
last analyzed 2020-11-14 18:51 UTC