1: <?php
2:
3: /**
4: * Test cases for implementations of the AlphaFilterInterface
5: *
6: * @package alpha::tests
7: * @since 1.0
8: * @author John Collins <dev@alphaframework.org>
9: * @version $Id: AlphaFilters_Test.php 1548 2012-07-29 17:07:07Z alphadevx $
10: * @license http://www.opensource.org/licenses/bsd-license.php The BSD License
11: * @copyright Copyright (c) 2012, John Collins (founder of Alpha Framework).
12: * All rights reserved.
13: *
14: * <pre>
15: * Redistribution and use in source and binary forms, with or
16: * without modification, are permitted provided that the
17: * following conditions are met:
18: *
19: * * Redistributions of source code must retain the above
20: * copyright notice, this list of conditions and the
21: * following disclaimer.
22: * * Redistributions in binary form must reproduce the above
23: * copyright notice, this list of conditions and the
24: * following disclaimer in the documentation and/or other
25: * materials provided with the distribution.
26: * * Neither the name of the Alpha Framework nor the names
27: * of its contributors may be used to endorse or promote
28: * products derived from this software without specific
29: * prior written permission.
30: *
31: * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
32: * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
33: * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
34: * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
35: * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR
36: * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
37: * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
38: * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
39: * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
40: * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
41: * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
42: * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
43: * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
44: * </pre>
45: *
46: */
47: class AlphaFilters_Test extends PHPUnit_Framework_TestCase {
48: /**
49: * Blacklisted client string
50: *
51: * @var BlacklistedClientObject
52: * @since 1.0
53: */
54: private $blacklistedClient;
55:
56: /**
57: * A "bad" (banned) user agent string for us to test with
58: *
59: * @var string
60: * @since 1.0
61: */
62: private $badAgent = 'curl/7.16.2 (i686-redhat-linux-gnu) libcurl/7.16.2 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.8';
63:
64: /**
65: * Used to keep track of the real user-agent of the user running the tests
66: *
67: * @var string
68: * @since 1.0
69: */
70: private $oldAgent;
71:
72: /**
73: * Used to keep track of the real IP of the user running the tests
74: *
75: * @var string
76: * @since 1.0
77: */
78: private $oldIP;
79:
80: /**
81: * A test BadRequestObject
82: *
83: * @var BadRequestObject
84: * @since 1.0
85: */
86: private $badRequest1;
87:
88: /**
89: * A test BadRequestObject
90: *
91: * @var BadRequestObject
92: * @since 1.0
93: */
94: private $badRequest2;
95:
96: /**
97: * A test BadRequestObject
98: *
99: * @var BadRequestObject
100: * @since 1.0
101: */
102: private $badRequest3;
103:
104: /**
105: * A bad IP address
106: *
107: * @var string
108: * @since 1.0
109: */
110: private $badIP = '127.0.0.1';
111:
112: /**
113: * Called before the test functions will be executed
114: * this function is defined in PHPUnit_TestCase and overwritten
115: * here
116: *
117: * @since 1.0
118: */
119: protected function setUp() {
120: $this->blacklistedClient = new BlacklistedClientObject();
121: $this->blacklistedClient->rebuildTable();
122: $this->blacklistedClient->set('client', $this->badAgent);
123: $this->blacklistedClient->save();
124:
125: $this->badRequest1 = new BadRequestObject();
126: $this->badRequest1->rebuildTable();
127: $this->badRequest1->set('client', $this->badAgent);
128: $this->badRequest1->set('IP', $this->badIP);
129: $this->badRequest1->set('requestedResource', '/doesNotExist');
130: $this->badRequest1->save();
131:
132: $this->badRequest2 = new BadRequestObject();
133: $this->badRequest2->set('client', $this->badAgent);
134: $this->badRequest2->set('IP', $this->badIP);
135: $this->badRequest2->set('requestedResource', '/doesNotExist');
136: $this->badRequest2->save();
137:
138: $this->badRequest3 = new BadRequestObject();
139: $this->badRequest3->set('client', $this->badAgent);
140: $this->badRequest3->set('IP', $this->badIP);
141: $this->badRequest3->set('requestedResource', '/doesNotExist');
142: $this->badRequest3->save();
143:
144: $this->oldAgent = $_SERVER['HTTP_USER_AGENT'];
145: $this->oldIP = $_SERVER['REMOTE_ADDR'];
146: }
147:
148: /**
149: * Called after the test functions are executed
150: * this function is defined in PHPUnit_TestCase and overwritten
151: * here
152: *
153: * @since 1.0
154: */
155: protected function tearDown() {
156: $this->blacklistedClient->dropTable();
157: unset($this->blacklistedClient);
158:
159: $this->badRequest1->dropTable();
160: unset($this->badRequest1);
161:
162: unset($this->badRequest2);
163:
164: unset($this->badRequest3);
165:
166: $_SERVER['HTTP_USER_AGENT'] = $this->oldAgent;
167: $_SERVER['REMOTE_ADDR'] = $this->oldIP;
168: }
169:
170: /**
171: * Testing that a blacklisted user agent string cannot pass the ClientBlacklistFilter filter
172: *
173: * @since 1.0
174: */
175: public function testClientBlacklistFilter() {
176: $_SERVER['HTTP_USER_AGENT'] = $this->badAgent;
177: $_GET['act'] = 'Search';
178:
179: try {
180: $front = new FrontController();
181: $front->registerFilter(new ClientBlacklistFilter());
182: $front->loadController(false);
183: $this->fail('Testing that a blacklisted user agent string cannot pass the ClientBlacklistFilter filter');
184: }catch (ResourceNotAllowedException $e) {
185: $this->assertEquals('Not allowed!', $e->getMessage(), 'Testing that a blacklisted user agent string cannot pass the ClientBlacklistFilter filter');
186: }
187: }
188:
189: /**
190: * Testing that a user agent string/IP compbo cannot pass the ClientTempBlacklistFilter filter beyond the config limit
191: *
192: * @since 1.0
193: */
194: public function testClientTempBlacklistFilter() {
195: global $config;
196: $config->set('security.client.temp.blacklist.filter.limit', 3);
197:
198: $_SERVER['HTTP_USER_AGENT'] = $this->badAgent;
199: $_SERVER['REMOTE_ADDR'] = $this->badIP;
200: $_GET['act'] = 'doesNotExist';
201:
202: try {
203: $front = new FrontController();
204: $front->registerFilter(new ClientTempBlacklistFilter());
205: $front->loadController(false);
206: $this->fail('Testing that a user agent string/IP compbo cannot pass the ClientTempBlacklistFilter filter beyond the config limit');
207: }catch (ResourceNotAllowedException $e) {
208: $this->assertEquals('Not allowed!', $e->getMessage(), 'Testing that a user agent string/IP compbo cannot pass the ClientTempBlacklistFilter filter beyond the config limit');
209: }
210: }
211: }
212:
213: ?>