SessionTest::testUserAgentLockout() - Code Metrics - Inspection of "Merge pull request #47 from silverstripe-security/..." - silverstripe/silverstripe-framework - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — 3.5 ( 975d46...a84659 )

by Damian

created 2017-12-07 00:18 UTC

SessionTest::testUserAgentLockout() B

↳ Parent: SessionTest

Complexity

Conditions	2
Paths	2

Size

Total Lines	28
Code Lines	14

Duplication

Lines	0
Ratio	0 %

Importance

Changes

Metric	Value
cc	2
eloc	14
nc	2
nop	0
dl	0
loc	28
rs	8.8571
c	0
b	0
f	0

<?php

/**
 * Tests to cover the {@link Session} class
 *
 * @package framework
 * @subpackage tests
 */

class SessionTest extends SapphireTest {

	public function testGetSetBasics() {
		Session::set('Test', 'Test');

		$this->assertEquals(Session::get('Test'), 'Test');
	}

	public function testClearElement() {
		Session::set('Test', 'Test');
		Session::clear('Test');

		$this->assertEquals(Session::get('Test'), '');
	}

	public function testClearAllElements() {
		Session::set('Test', 'Test');
		Session::set('Test-1', 'Test-1');

		Session::clear_all();

		// should session get return null? The array key should probably be
		// unset from the data array
		$this->assertEquals(Session::get('Test'), '');
		$this->assertEquals(Session::get('Test-1'), '');
	}

	public function testGetAllElements() {
		Session::clear_all(); // Remove all session that might've been set by the test harness

		Session::set('Test', 'Test');
		Session::set('Test-2', 'Test-2');

		$session = Session::get_all();
		unset($session['HTTP_USER_AGENT']);

		$this->assertEquals($session, array('Test' => 'Test', 'Test-2' => 'Test-2'));
	}

	public function testSettingExistingDoesntClear() {
		$s = Injector::inst()->create('Session', array('something' => array('does' => 'exist')));

		$s->inst_set('something.does', 'exist');
		$result = $s->inst_changedData();
		unset($result['HTTP_USER_AGENT']);
		$this->assertEquals(array(), $result);
	}

	/**
	 * Check that changedData isn't populated with junk when clearing non-existent entries.
	 */
	public function testClearElementThatDoesntExist() {
		$s = Injector::inst()->create('Session', array('something' => array('does' => 'exist')));

		$s->inst_clear('something.doesnt.exist');
		$result = $s->inst_changedData();
		unset($result['HTTP_USER_AGENT']);
		$this->assertEquals(array(), $result);

		$s->inst_set('something-else', 'val');
		$s->inst_clear('something-new');
		$result = $s->inst_changedData();
		unset($result['HTTP_USER_AGENT']);
		$this->assertEquals(array('something-else' => 'val'), $result);
	}

	/**
	 * Check that changedData is populated with clearing data.
	 */
	public function testClearElementThatDoesExist() {
		$s = Injector::inst()->create('Session', array('something' => array('does' => 'exist')));

		$s->inst_clear('something.does');
		$result = $s->inst_changedData();
		unset($result['HTTP_USER_AGENT']);
		$this->assertEquals(array('something' => array('does' => null)), $result);
	}

	public function testNonStandardPath(){
// Bad
class Router
{
    public function generate($path)
    {
        return $_SERVER['HOST'].$path;
    }
}

// Better
class Router
{
    private $host;

    public function __construct($host)
    {
        $this->host = $host;
    }

    public function generate($path)
    {
        return $this->host.$path;
    }
}

class Controller
{
    public function myAction(Request $request)
    {
        // Instead of
        $page = isset($_GET['page']) ? intval($_GET['page']) : 1;

        // Better (assuming you use the Symfony2 request)
        $page = $request->query->get('page', 1);
    }
}
		Config::inst()->update('Session', 'store_path', (realpath(dirname($_SERVER['DOCUMENT_ROOT']) . '/../session')));
		Session::start();

		$this->assertEquals(Config::inst()->get('Session', 'store_path'), '');
	}

	public function testUserAgentLockout() {
// Bad
class Router
{
    public function generate($path)
    {
        return $_SERVER['HOST'].$path;
    }
}

// Better
class Router
{
    private $host;

    public function __construct($host)
    {
        $this->host = $host;
    }

    public function generate($path)
    {
        return $this->host.$path;
    }
}

class Controller
{
    public function myAction(Request $request)
    {
        // Instead of
        $page = isset($_GET['page']) ? intval($_GET['page']) : 1;

        // Better (assuming you use the Symfony2 request)
        $page = $request->query->get('page', 1);
    }
}
		// Set a user agent
		$_SERVER['HTTP_USER_AGENT'] = 'Test Agent';

		// Generate our session
		/** @var Session $s */
		$s = Injector::inst()->create('Session', array());
		$s->inst_set('val', 123);
		$s->inst_finalize();
		$data = $s->inst_getAll();

		// Change our UA
		$_SERVER['HTTP_USER_AGENT'] = 'Fake Agent';

		// Verify the new session reset our values (passed by constructor)
		/** @var Session $s2 */
		$s2 = Injector::inst()->create('Session', $data);
		$this->assertNotEquals($s2->inst_get('val'), 123);

		// Verify a started session resets our values (initiated by $_SESSION object)
		/** @var Session $s3 */
		$s3 = Injector::inst()->create('Session', []);
		foreach ($data as $key => $value) {
			$s3->inst_set($key, $value);
		}
		$s3->inst_start();
		$this->assertNotEquals($s3->inst_get('val'), 123);
	}
}


1			<?php
2
3			/**
4			* Tests to cover the {@link Session} class
5			*
6			* @package framework
7			* @subpackage tests
8			*/
9
10			class SessionTest extends SapphireTest {
11
12			public function testGetSetBasics() {
13			Session::set('Test', 'Test');
14
15			$this->assertEquals(Session::get('Test'), 'Test');
16			}
17
18			public function testClearElement() {
19			Session::set('Test', 'Test');
20			Session::clear('Test');
21
22			$this->assertEquals(Session::get('Test'), '');
23			}
24
25			public function testClearAllElements() {
26			Session::set('Test', 'Test');
27			Session::set('Test-1', 'Test-1');
28
29			Session::clear_all();
30
31			// should session get return null? The array key should probably be
32			// unset from the data array
33			$this->assertEquals(Session::get('Test'), '');
34			$this->assertEquals(Session::get('Test-1'), '');
35			}
36
37			public function testGetAllElements() {
38			Session::clear_all(); // Remove all session that might've been set by the test harness
39
40			Session::set('Test', 'Test');
41			Session::set('Test-2', 'Test-2');
42
43			$session = Session::get_all();
44			unset($session['HTTP_USER_AGENT']);
45
46			$this->assertEquals($session, array('Test' => 'Test', 'Test-2' => 'Test-2'));
47			}
48
49			public function testSettingExistingDoesntClear() {
50			$s = Injector::inst()->create('Session', array('something' => array('does' => 'exist')));
51
52			$s->inst_set('something.does', 'exist');
53			$result = $s->inst_changedData();
54			unset($result['HTTP_USER_AGENT']);
55			$this->assertEquals(array(), $result);
56			}
57
58			/**
59			* Check that changedData isn't populated with junk when clearing non-existent entries.
60			*/
61			public function testClearElementThatDoesntExist() {
62			$s = Injector::inst()->create('Session', array('something' => array('does' => 'exist')));
63
64			$s->inst_clear('something.doesnt.exist');
65			$result = $s->inst_changedData();
66			unset($result['HTTP_USER_AGENT']);
67			$this->assertEquals(array(), $result);
68
69			$s->inst_set('something-else', 'val');
70			$s->inst_clear('something-new');
71			$result = $s->inst_changedData();
72			unset($result['HTTP_USER_AGENT']);
73			$this->assertEquals(array('something-else' => 'val'), $result);
74			}
75
76			/**
77			* Check that changedData is populated with clearing data.
78			*/
79			public function testClearElementThatDoesExist() {
80			$s = Injector::inst()->create('Session', array('something' => array('does' => 'exist')));
81
82			$s->inst_clear('something.does');
83			$result = $s->inst_changedData();
84			unset($result['HTTP_USER_AGENT']);
85			$this->assertEquals(array('something' => array('does' => null)), $result);
86			}
87
88			public function testNonStandardPath(){
			0 ignored issues – show Coding Style introduced 2017-11-29 12:58 UTC by Report Bug Copy Issue Report `testNonStandardPath` uses the super-global variable `$_SERVER` which is generally not recommended. Instead of super-globals, we recommend to explicitly inject the dependencies of your class. This makes your code less dependent on global state and it becomes generally more testable: // Bad class Router { public function generate($path) { return $_SERVER['HOST'].$path; } } // Better class Router { private $host; public function __construct($host) { $this->host = $host; } public function generate($path) { return $this->host.$path; } } class Controller { public function myAction(Request $request) { // Instead of $page = isset($_GET['page']) ? intval($_GET['page']) : 1; // Better (assuming you use the Symfony2 request) $page = $request->query->get('page', 1); } } Loading history...
89			Config::inst()->update('Session', 'store_path', (realpath(dirname($_SERVER['DOCUMENT_ROOT']) . '/../session')));
90			Session::start();
91
92			$this->assertEquals(Config::inst()->get('Session', 'store_path'), '');
93			}
94
95			public function testUserAgentLockout() {
			0 ignored issues – show Coding Style introduced 2017-11-29 12:58 UTC by Report Bug Copy Issue Report `testUserAgentLockout` uses the super-global variable `$_SERVER` which is generally not recommended. Instead of super-globals, we recommend to explicitly inject the dependencies of your class. This makes your code less dependent on global state and it becomes generally more testable: // Bad class Router { public function generate($path) { return $_SERVER['HOST'].$path; } } // Better class Router { private $host; public function __construct($host) { $this->host = $host; } public function generate($path) { return $this->host.$path; } } class Controller { public function myAction(Request $request) { // Instead of $page = isset($_GET['page']) ? intval($_GET['page']) : 1; // Better (assuming you use the Symfony2 request) $page = $request->query->get('page', 1); } } Loading history...
96			// Set a user agent
97			$_SERVER['HTTP_USER_AGENT'] = 'Test Agent';
98
99			// Generate our session
100			/** @var Session $s */
101			$s = Injector::inst()->create('Session', array());
102			$s->inst_set('val', 123);
103			$s->inst_finalize();
104			$data = $s->inst_getAll();
105
106			// Change our UA
107			$_SERVER['HTTP_USER_AGENT'] = 'Fake Agent';
108
109			// Verify the new session reset our values (passed by constructor)
110			/** @var Session $s2 */
111			$s2 = Injector::inst()->create('Session', $data);
112			$this->assertNotEquals($s2->inst_get('val'), 123);
113
114			// Verify a started session resets our values (initiated by $_SESSION object)
115			/** @var Session $s3 */
116			$s3 = Injector::inst()->create('Session', []);
117			foreach ($data as $key => $value) {
118			$s3->inst_set($key, $value);
119			}
120			$s3->inst_start();
121			$this->assertNotEquals($s3->inst_get('val'), 123);
122			}
123			}
124

silverstripe / silverstripe-framework

Push — 3.5 ( 975d46...a84659 )

SessionTest::testUserAgentLockout() B

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like