* @copyright 2011 Josh Lockhart * @link http://www.slimframework.com * @license http://www.slimframework.com/license * @version 2.6.1 * * MIT LICENSE * * Permission is hereby granted, free of charge, to any person obtaining * a copy of this software and associated documentation files (the * "Software"), to deal in the Software without restriction, including * without limitation the rights to use, copy, modify, merge, publish, * distribute, sublicense, and/or sell copies of the Software, and to * permit persons to whom the Software is furnished to do so, subject to * the following conditions: * * The above copyright notice and this permission notice shall be * included in all copies or substantial portions of the Software. * * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE * LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ class SessionCookieTest extends PHPUnit_Framework_TestCase { public function setUp() { $_SESSION = array(); } /** * Test session cookie is set and constructed correctly * * We test for two things: * * 1) That the HTTP cookie exists with the correct name; * 2) That the HTTP cookie's value is the expected value; */ public function testSessionCookieIsCreated() { \Slim\Environment::mock(array( 'SCRIPT_NAME' => '/index.php', 'PATH_INFO' => '/foo' )); $app = new \Slim\Slim(); $app->get('/foo', function () { $_SESSION['foo'] = 'bar'; echo "Success"; }); $mw = new \Slim\Middleware\SessionCookie(array('expires' => '10 years')); $mw->setApplication($app); $mw->setNextMiddleware($app); $mw->call(); list($status, $header, $body) = $app->response()->finalize(); $this->assertTrue($app->response->cookies->has('slim_session')); $cookie = $app->response->cookies->get('slim_session'); $this->assertEquals('{"foo":"bar"}', $cookie['value']); } /** * Test $_SESSION is populated from an encrypted HTTP cookie * * The encrypted cookie contains the serialized array ['foo' => 'bar']. The * global secret, cipher, and cipher mode are assumed to be the default * values. */ // public function testSessionIsPopulatedFromEncryptedCookie() // { // \Slim\Environment::mock(array( // 'SCRIPT_NAME' => '/index.php', // 'PATH_INFO' => '/foo', // 'HTTP_COOKIE' => 'slim_session=1644004961%7CLKkYPwqKIMvBK7MWl6D%2BxeuhLuMaW4quN%2F512ZAaVIY%3D%7Ce0f007fa852c7101e8224bb529e26be4d0dfbd63', // )); // $app = new \Slim\Slim(); // // The cookie value in the test is encrypted, so cookies.encrypt must // // be set to true // $app->config('cookies.encrypt', true); // $app->get('/foo', function () { // echo "Success"; // }); // $mw = new \Slim\Middleware\SessionCookie(array('expires' => '10 years')); // $mw->setApplication($app); // $mw->setNextMiddleware($app); // $mw->call(); // $this->assertEquals(array('foo' => 'bar'), $_SESSION); // } /** * Test $_SESSION is populated from an unencrypted HTTP cookie * * The unencrypted cookie contains the serialized array ['foo' => 'bar']. * The global cookies.encrypt setting is set to false */ public function testSessionIsPopulatedFromUnencryptedCookie() { \Slim\Environment::mock(array( 'SCRIPT_NAME' => '/index.php', 'PATH_INFO' => '/foo', 'HTTP_COOKIE' => 'slim_session={"foo":"bar"}', )); $app = new \Slim\Slim(); // The cookie value in the test is unencrypted, so cookies.encrypt must // be set to false $app->config('cookies.encrypt', false); $app->get('/foo', function () { echo "Success"; }); $mw = new \Slim\Middleware\SessionCookie(array('expires' => '10 years')); $mw->setApplication($app); $mw->setNextMiddleware($app); $mw->call(); $this->assertEquals(array('foo' => 'bar'), $_SESSION); } /** * Test $_SESSION is populated from an unencrypted HTTP cookie * * The unencrypted cookie contains the serialized array ['foo' => 'bar']. * The global cookies.encrypt setting is set to false */ public function testSessionIsPopulatedFromMalformedCookieData() { \Slim\Environment::mock(array( 'SCRIPT_NAME' => '/index.php', 'PATH_INFO' => '/foo', 'HTTP_COOKIE' => 'slim_session={"foo":"bar"sdkhguy5y}', )); $app = new \Slim\Slim(); // The cookie value in the test is unencrypted, so cookies.encrypt must // be set to false $app->config('cookies.encrypt', false); $app->get('/foo', function () { echo "Success"; }); $mw = new \Slim\Middleware\SessionCookie(array('expires' => '10 years')); $mw->setApplication($app); $mw->setNextMiddleware($app); $mw->call(); $this->assertEquals(array(), $_SESSION); } /** * Test $_SESSION is populated as empty array if no HTTP cookie */ public function testSessionIsPopulatedAsEmptyIfNoCookie() { \Slim\Environment::mock(array( 'SCRIPT_NAME' => '/index.php', 'PATH_INFO' => '/foo' )); $app = new \Slim\Slim(); $app->get('/foo', function () { echo "Success"; }); $mw = new \Slim\Middleware\SessionCookie(array('expires' => '10 years')); $mw->setApplication($app); $mw->setNextMiddleware($app); $mw->call(); $this->assertEquals(array(), $_SESSION); } public function testSerializingTooLongValueWritesLogAndDoesntCreateCookie() { \Slim\Environment::mock(array( 'SCRIPT_NAME' => '/index.php', 'PATH_INFO' => '/foo' )); $logWriter = $this->getMockBuilder('Slim\LogWriter') ->disableOriginalConstructor() ->getMock(); $logWriter->expects($this->once()) ->method('write') ->with('WARNING! Slim\Middleware\SessionCookie data size is larger than 4KB. Content save failed.', \Slim\Log::ERROR); $app = new \Slim\Slim(array( 'log.writer' => $logWriter )); $tooLongValue = $this->getTooLongValue(); $app->get('/foo', function () use ($tooLongValue) { $_SESSION['test'] = $tooLongValue; echo "Success"; }); $mw = new \Slim\Middleware\SessionCookie(array('expires' => '10 years')); $mw->setApplication($app); $mw->setNextMiddleware($app); $mw->call(); list($status, $header, $body) = $app->response()->finalize(); $this->assertFalse($app->response->cookies->has('slim_session')); } /** * Generated by http://www.random.org/strings/ */ protected function getTooLongValue() { return <<