HmacValidatorTest::testGeneralValidation() - Code Metrics - Inspection of "Add HMAC request method order" - jkphl/antibot - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( db3c82...df4949 )

by Joschi

created 2018-12-08 18:36 UTC

HmacValidatorTest::testGeneralValidation() A

↳ Parent: HmacValidatorTest

Complexity

Conditions	1
Paths	1

Size

Total Lines

Duplication

Lines	0
Ratio	0 %

Importance

Changes

Metric	Value
dl	0
loc	13
rs	9.8333
c	0
b	0
f	0
cc	1
nc	1
nop	0

<?php

/**
 * antibot
 *
 * @category   Jkphl
 * @package    Jkphl\Antibot
 * @subpackage Jkphl\Antibot\Tests\Ports
 * @author     Joschi Kuphal <[email protected]> / @jkphl
 * @copyright  Copyright © 2018 Joschi Kuphal <[email protected]> / @jkphl
 * @license    http://opensource.org/licenses/MIT The MIT License (MIT)
 */

/***********************************************************************************
 *  The MIT License (MIT)
 *
 *  Copyright © 2018 Joschi Kuphal <[email protected]>
 *
 *  Permission is hereby granted, free of charge, to any person obtaining a copy of
 *  this software and associated documentation files (the "Software"), to deal in
 *  the Software without restriction, including without limitation the rights to
 *  use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
 *  the Software, and to permit persons to whom the Software is furnished to do so,
 *  subject to the following conditions:
 *
 *  The above copyright notice and this permission notice shall be included in all
 *  copies or substantial portions of the Software.
 *
 *  THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 *  IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
 *  FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
 *  COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
 *  IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
 *  CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 ***********************************************************************************/

namespace Jkphl\Antibot\Tests\Ports;

use Jkphl\Antibot\Infrastructure\Exceptions\HmacValidationException;
use Jkphl\Antibot\Infrastructure\Model\InputElement;
use Jkphl\Antibot\Ports\Validators\HmacValidator;
use Jkphl\Antibot\Tests\AbstractTestBase;

/**
 * HMAC Validator Test
 *
 * @package    Jkphl\Antibot
 * @subpackage Jkphl\Antibot\Tests\Ports
 */
class HmacValidatorTest extends AbstractTestBase
{
    /**
     * Protected function test the general HMAC validation
     *
     */
    public function testGeneralValidation(): void
    {
        $session       = md5(rand());
        $antibot       = $this->createAntibot($session);
        $hmacValidator = new HmacValidator();
        $antibot->addValidator($hmacValidator);
        $request1         = $this->createRequest(['REQUEST_METHOD' => 'GET', 'REMOTE_ADDR' => '1.2.3.4']);
        $armor            = $antibot->armor($request1, true);
        $post             = $this->getArmorParams($armor);
/**
 * @return array|string
 */
function returnsDifferentValues($x) {
    if ($x) {
        return 'foo';
    }

    return array();
}

$x = returnsDifferentValues($y);
if (is_array($x)) {
    // $x is an array.
}
        $request2         = $this->createRequest(['REQUEST_METHOD' => 'GET', 'REMOTE_ADDR' => '1.2.3.4'], [], $post);
        $validationResult = $antibot->validate($request2);
        $this->assertTrue($validationResult->isValid());
    }

    /**
     * Protected function test the HMAC request method order validation
     */
    public function testRequestMethodOrderValidation(): void
    {
        $session       = md5(rand());
        $antibot       = $this->createAntibot($session);
        $hmacValidator = new HmacValidator();
        $hmacValidator->setMethodVector(HmacValidator::METHOD_GET, HmacValidator::METHOD_POST);
        $antibot->addValidator($hmacValidator);
        $request1 = $this->createRequest(['REQUEST_METHOD' => 'GET', 'REMOTE_ADDR' => '1.2.3.4']);
        $armor    = $antibot->armor($request1, true);
        $post     = $this->getArmorParams($armor);
/**
 * @return array|string
 */
function returnsDifferentValues($x) {
    if ($x) {
        return 'foo';
    }

    return array();
}

$x = returnsDifferentValues($y);
if (is_array($x)) {
    // $x is an array.
}

        // Second call
        $request2         = $this->createRequest(['REQUEST_METHOD' => 'POST', 'REMOTE_ADDR' => '1.2.3.4'], [], $post);
        $validationResult = $antibot->validate($request2);
        $this->assertTrue($validationResult->isValid());

        // Third call using the wrong request method
        $request3         = $this->createRequest(['REQUEST_METHOD' => 'GET', 'REMOTE_ADDR' => '1.2.3.4'], [], $post);
        $validationResult = $antibot->validate($request3);
        $this->assertFalse($validationResult->isValid());
        $this->assertTrue($validationResult->hasErrors());
        $errors = $validationResult->getErrors();
        $this->assertEquals(1, count($errors));
        $this->assertInstanceOf(HmacValidationException::class, $errors[0]);
        $this->assertEquals(1544292604, $errors[0]->getCode());
    }

    /**
     * Protected function test the HMAC request timing validation
     */
    public function atestRequestTimingValidation(): void
    {
        $session       = md5(rand());
        $antibot       = $this->createAntibot($session);
        $hmacValidator = new HmacValidator();
        $hmacValidator->setSubmissionTimes(10, 3, 1);
        $antibot->addValidator($hmacValidator);
        $request1 = $this->createRequest(['REQUEST_METHOD' => 'GET', 'REMOTE_ADDR' => '1.2.3.4']);
        $armor    = $antibot->armor($request1, true);
        $post     = $this->getArmorParams($armor);
/**
 * @return array|string
 */
function returnsDifferentValues($x) {
    if ($x) {
        return 'foo';
    }

    return array();
}

$x = returnsDifferentValues($y);
if (is_array($x)) {
    // $x is an array.
}
        print_r($post);

        // Wait for 4 seconds
//        sleep(4);

        // Second call
        $request2         = $this->createRequest(['REQUEST_METHOD' => 'POST', 'REMOTE_ADDR' => '1.2.3.4'], [], $post);
        $validationResult = $antibot->validate($request2);
        print_r($validationResult);
        $this->assertTrue($validationResult->isValid());

        // Third call using the wrong request method
        $request3         = $this->createRequest(['REQUEST_METHOD' => 'GET', 'REMOTE_ADDR' => '1.2.3.4'], [], $post);
        $validationResult = $antibot->validate($request3);
        $this->assertFalse($validationResult->isValid());
        $this->assertTrue($validationResult->hasErrors());
        $errors = $validationResult->getErrors();
        $this->assertEquals(1, count($errors));
        $this->assertInstanceOf(HmacValidationException::class, $errors[0]);
        $this->assertEquals(1544292604, $errors[0]->getCode());
    }

    /**
     * Test the armoring
     */
    public function testArmor(): void
    {
        $sessionId     = md5(rand());
        $antibot       = $this->createAntibot($sessionId);
        $request       = $this->createRequest(
            ['REQUEST_METHOD' => 'GET', 'REMOTE_ADDR' => '1.2.3.4'],
            ['name' => 'John Doe', 'email' => '[email protected]']
        );
        $hmacValidator = new HmacValidator();
        $hmacValidator->setMethodVector(HmacValidator::METHOD_GET, HmacValidator::METHOD_POST);
        $hmacValidator->setSubmissionTimes(1800, 10, 3);
        $antibot->addValidator($hmacValidator);
        $armor = $antibot->armor($request, true);
        $this->assertTrue(is_array($armor));
        $this->assertEquals(2, count($armor));
        $this->assertEquals(40, strlen($armor[0]->getAttributes()['value']));
        $this->assertTrue(is_int($armor[1]->getAttributes()['value']));
    }

    /**
     * Translate armor input elements to GET / POST parameters
     *
     * @param array $armor Armor input elements
     *
     * @return array GET / POST Parameters
     */
    protected function getArmorParams(array $armor): array
    {
        // Prepare the second call
        $params = [];
        /** @var InputElement $input */
        foreach ($armor as $input) {
            $inputAttrs                  = $input->getAttributes();
            $params[$inputAttrs['name']] = $inputAttrs['value'];
        }
        parse_str(http_build_query($params), $params);

        return $params;
    }
}


1			<?php
2
3			/**
4			* antibot
5			*
6			* @category Jkphl
7			* @package Jkphl\Antibot
8			* @subpackage Jkphl\Antibot\Tests\Ports
9			* @author Joschi Kuphal <[email protected]> / @jkphl
10			* @copyright Copyright © 2018 Joschi Kuphal <[email protected]> / @jkphl
11			* @license http://opensource.org/licenses/MIT The MIT License (MIT)
12			*/
13
14			/***********************************************************************************
15			* The MIT License (MIT)
16			*
17			* Copyright © 2018 Joschi Kuphal <[email protected]>
18			*
19			* Permission is hereby granted, free of charge, to any person obtaining a copy of
20			* this software and associated documentation files (the "Software"), to deal in
21			* the Software without restriction, including without limitation the rights to
22			* use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
23			* the Software, and to permit persons to whom the Software is furnished to do so,
24			* subject to the following conditions:
25			*
26			* The above copyright notice and this permission notice shall be included in all
27			* copies or substantial portions of the Software.
28			*
29			* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
30			* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
31			* FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
32			* COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
33			* IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
34			* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
35			***********************************************************************************/
36
37			namespace Jkphl\Antibot\Tests\Ports;
38
39			use Jkphl\Antibot\Infrastructure\Exceptions\HmacValidationException;
40			use Jkphl\Antibot\Infrastructure\Model\InputElement;
41			use Jkphl\Antibot\Ports\Validators\HmacValidator;
42			use Jkphl\Antibot\Tests\AbstractTestBase;
43
44			/**
45			* HMAC Validator Test
46			*
47			* @package Jkphl\Antibot
48			* @subpackage Jkphl\Antibot\Tests\Ports
49			*/
50			class HmacValidatorTest extends AbstractTestBase
51			{
52			/**
53			* Protected function test the general HMAC validation
54			*
55			*/
56			public function testGeneralValidation(): void
57			{
58			$session = md5(rand());
59			$antibot = $this->createAntibot($session);
60			$hmacValidator = new HmacValidator();
61			$antibot->addValidator($hmacValidator);
62			$request1 = $this->createRequest(['REQUEST_METHOD' => 'GET', 'REMOTE_ADDR' => '1.2.3.4']);
63			$armor = $antibot->armor($request1, true);
64			$post = $this->getArmorParams($armor);
			0 ignored issues – show Bug introduced 2018-12-08 18:39 UTC by Report Bug Copy Issue Report It seems like `$armor` defined by `$antibot->armor($request1, true)` on line `63` can also be of type `string`; however, `Jkphl\Antibot\Tests\Port...rTest::getArmorParams()` does only seem to accept `array`, maybe add an additional type check? If a method or function can return multiple different values and unless you are sure that you only can receive a single value in this context, we recommend to add an additional type check: /** * @return array\|string */ function returnsDifferentValues($x) { if ($x) { return 'foo'; } return array(); } $x = returnsDifferentValues($y); if (is_array($x)) { // $x is an array. } If this a common case that PHP Analyzer should handle natively, please let us know by opening an issue. Loading history...
65			$request2 = $this->createRequest(['REQUEST_METHOD' => 'GET', 'REMOTE_ADDR' => '1.2.3.4'], [], $post);
66			$validationResult = $antibot->validate($request2);
67			$this->assertTrue($validationResult->isValid());
68			}
69
70			/**
71			* Protected function test the HMAC request method order validation
72			*/
73			public function testRequestMethodOrderValidation(): void
74			{
75			$session = md5(rand());
76			$antibot = $this->createAntibot($session);
77			$hmacValidator = new HmacValidator();
78			$hmacValidator->setMethodVector(HmacValidator::METHOD_GET, HmacValidator::METHOD_POST);
79			$antibot->addValidator($hmacValidator);
80			$request1 = $this->createRequest(['REQUEST_METHOD' => 'GET', 'REMOTE_ADDR' => '1.2.3.4']);
81			$armor = $antibot->armor($request1, true);
82			$post = $this->getArmorParams($armor);
			0 ignored issues – show Bug introduced 2018-12-08 18:39 UTC by Report Bug Copy Issue Report It seems like `$armor` defined by `$antibot->armor($request1, true)` on line `81` can also be of type `string`; however, `Jkphl\Antibot\Tests\Port...rTest::getArmorParams()` does only seem to accept `array`, maybe add an additional type check? If a method or function can return multiple different values and unless you are sure that you only can receive a single value in this context, we recommend to add an additional type check: /** * @return array\|string */ function returnsDifferentValues($x) { if ($x) { return 'foo'; } return array(); } $x = returnsDifferentValues($y); if (is_array($x)) { // $x is an array. } If this a common case that PHP Analyzer should handle natively, please let us know by opening an issue. Loading history...
83
84			// Second call
85			$request2 = $this->createRequest(['REQUEST_METHOD' => 'POST', 'REMOTE_ADDR' => '1.2.3.4'], [], $post);
86			$validationResult = $antibot->validate($request2);
87			$this->assertTrue($validationResult->isValid());
88
89			// Third call using the wrong request method
90			$request3 = $this->createRequest(['REQUEST_METHOD' => 'GET', 'REMOTE_ADDR' => '1.2.3.4'], [], $post);
91			$validationResult = $antibot->validate($request3);
92			$this->assertFalse($validationResult->isValid());
93			$this->assertTrue($validationResult->hasErrors());
94			$errors = $validationResult->getErrors();
95			$this->assertEquals(1, count($errors));
96			$this->assertInstanceOf(HmacValidationException::class, $errors[0]);
97			$this->assertEquals(1544292604, $errors[0]->getCode());
98			}
99
100			/**
101			* Protected function test the HMAC request timing validation
102			*/
103			public function atestRequestTimingValidation(): void
104			{
105			$session = md5(rand());
106			$antibot = $this->createAntibot($session);
107			$hmacValidator = new HmacValidator();
108			$hmacValidator->setSubmissionTimes(10, 3, 1);
109			$antibot->addValidator($hmacValidator);
110			$request1 = $this->createRequest(['REQUEST_METHOD' => 'GET', 'REMOTE_ADDR' => '1.2.3.4']);
111			$armor = $antibot->armor($request1, true);
112			$post = $this->getArmorParams($armor);
			0 ignored issues – show Bug introduced 2018-12-08 18:39 UTC by Report Bug Copy Issue Report It seems like `$armor` defined by `$antibot->armor($request1, true)` on line `111` can also be of type `string`; however, `Jkphl\Antibot\Tests\Port...rTest::getArmorParams()` does only seem to accept `array`, maybe add an additional type check? If a method or function can return multiple different values and unless you are sure that you only can receive a single value in this context, we recommend to add an additional type check: /** * @return array\|string */ function returnsDifferentValues($x) { if ($x) { return 'foo'; } return array(); } $x = returnsDifferentValues($y); if (is_array($x)) { // $x is an array. } If this a common case that PHP Analyzer should handle natively, please let us know by opening an issue. Loading history...
113			print_r($post);
114
115			// Wait for 4 seconds
116			// sleep(4);
117
118			// Second call
119			$request2 = $this->createRequest(['REQUEST_METHOD' => 'POST', 'REMOTE_ADDR' => '1.2.3.4'], [], $post);
120			$validationResult = $antibot->validate($request2);
121			print_r($validationResult);
122			$this->assertTrue($validationResult->isValid());
123
124			// Third call using the wrong request method
125			$request3 = $this->createRequest(['REQUEST_METHOD' => 'GET', 'REMOTE_ADDR' => '1.2.3.4'], [], $post);
126			$validationResult = $antibot->validate($request3);
127			$this->assertFalse($validationResult->isValid());
128			$this->assertTrue($validationResult->hasErrors());
129			$errors = $validationResult->getErrors();
130			$this->assertEquals(1, count($errors));
131			$this->assertInstanceOf(HmacValidationException::class, $errors[0]);
132			$this->assertEquals(1544292604, $errors[0]->getCode());
133			}
134
135			/**
136			* Test the armoring
137			*/
138			public function testArmor(): void
139			{
140			$sessionId = md5(rand());
141			$antibot = $this->createAntibot($sessionId);
142			$request = $this->createRequest(
143			['REQUEST_METHOD' => 'GET', 'REMOTE_ADDR' => '1.2.3.4'],
144			['name' => 'John Doe', 'email' => '[email protected]']
145			);
146			$hmacValidator = new HmacValidator();
147			$hmacValidator->setMethodVector(HmacValidator::METHOD_GET, HmacValidator::METHOD_POST);
148			$hmacValidator->setSubmissionTimes(1800, 10, 3);
149			$antibot->addValidator($hmacValidator);
150			$armor = $antibot->armor($request, true);
151			$this->assertTrue(is_array($armor));
152			$this->assertEquals(2, count($armor));
153			$this->assertEquals(40, strlen($armor[0]->getAttributes()['value']));
154			$this->assertTrue(is_int($armor[1]->getAttributes()['value']));
155			}
156
157			/**
158			* Translate armor input elements to GET / POST parameters
159			*
160			* @param array $armor Armor input elements
161			*
162			* @return array GET / POST Parameters
163			*/
164			protected function getArmorParams(array $armor): array
165			{
166			// Prepare the second call
167			$params = [];
168			/** @var InputElement $input */
169			foreach ($armor as $input) {
170			$inputAttrs = $input->getAttributes();
171			$params[$inputAttrs['name']] = $inputAttrs['value'];
172			}
173			parse_str(http_build_query($params), $params);
174
175			return $params;
176			}
177			}
178

jkphl / antibot

Push — master ( db3c82...df4949 )

HmacValidatorTest::testGeneralValidation() A

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like