1: <?php
  2: 
  3: /**
  4:  * Test cases for implementations of the AlphaFilterInterface
  5:  *
  6:  * @package alpha::tests
  7:  * @since 1.0
  8:  * @author John Collins <dev@alphaframework.org>
  9:  * @version $Id: AlphaFilters_Test.php 1761 2014-04-10 21:09:05Z alphadevx $
 10:  * @license http://www.opensource.org/licenses/bsd-license.php The BSD License
 11:  * @copyright Copyright (c) 2014, John Collins (founder of Alpha Framework).
 12:  * All rights reserved.
 13:  *
 14:  * <pre>
 15:  * Redistribution and use in source and binary forms, with or
 16:  * without modification, are permitted provided that the
 17:  * following conditions are met:
 18:  *
 19:  * * Redistributions of source code must retain the above
 20:  *   copyright notice, this list of conditions and the
 21:  *   following disclaimer.
 22:  * * Redistributions in binary form must reproduce the above
 23:  *   copyright notice, this list of conditions and the
 24:  *   following disclaimer in the documentation and/or other
 25:  *   materials provided with the distribution.
 26:  * * Neither the name of the Alpha Framework nor the names
 27:  *   of its contributors may be used to endorse or promote
 28:  *   products derived from this software without specific
 29:  *   prior written permission.
 30:  *
 31:  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
 32:  * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
 33:  * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
 34:  * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
 35:  * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR
 36:  * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 37:  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 38:  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 39:  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 40:  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
 41:  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
 42:  * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
 43:  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 44:  * </pre>
 45:  *
 46:  */
 47: class AlphaFilters_Test extends PHPUnit_Framework_TestCase {
 48:     /**
 49:      * Blacklisted client string
 50:      *
 51:      * @var BlacklistedClientObject
 52:      * @since 1.0
 53:      */
 54:     private $blacklistedClient;
 55: 
 56:     /**
 57:      * Blacklisted IP
 58:      *
 59:      * @var BlacklistedIPObject
 60:      * @since 1.2.3
 61:      */
 62:     private $blacklistedIP;
 63: 
 64:     /**
 65:      * A "bad" (banned) user agent string for us to test with
 66:      *
 67:      * @var string
 68:      * @since 1.0
 69:      */
 70:     private $badAgent = 'curl/7.16.2 (i686-redhat-linux-gnu) libcurl/7.16.2 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.8';
 71: 
 72:     /**
 73:      * Used to keep track of the real user-agent of the user running the tests
 74:      *
 75:      * @var string
 76:      * @since 1.0
 77:      */
 78:     private $oldAgent;
 79: 
 80:     /**
 81:      * Used to keep track of the real IP of the user running the tests
 82:      *
 83:      * @var string
 84:      * @since 1.0
 85:      */
 86:     private $oldIP;
 87: 
 88:     /**
 89:      * A test BadRequestObject
 90:      *
 91:      * @var BadRequestObject
 92:      * @since 1.0
 93:      */
 94:     private $badRequest1;
 95: 
 96:     /**
 97:      * A test BadRequestObject
 98:      *
 99:      * @var BadRequestObject
100:      * @since 1.0
101:      */
102:     private $badRequest2;
103: 
104:     /**
105:      * A test BadRequestObject
106:      *
107:      * @var BadRequestObject
108:      * @since 1.0
109:      */
110:     private $badRequest3;
111: 
112:     /**
113:      * A bad IP address
114:      *
115:      * @var string
116:      * @since 1.0
117:      */
118:     private $badIP = '127.0.0.1';
119: 
120:     /**
121:      * Called before the test functions will be executed
122:      * this function is defined in PHPUnit_TestCase and overwritten
123:      * here
124:      *
125:      * @since 1.0
126:      */
127:     protected function setUp() {
128:         $this->blacklistedClient = new BlacklistedClientObject();
129:         $this->blacklistedClient->rebuildTable();
130:         $this->blacklistedClient->set('client', $this->badAgent);
131:         $this->blacklistedClient->save();
132: 
133:         $this->blacklistedIP = new BlacklistedIPObject();
134:         $this->blacklistedIP->rebuildTable();
135:         $this->blacklistedIP->set('IP', $this->badIP);
136:         $this->blacklistedIP->save();
137: 
138:         $this->badRequest1 = new BadRequestObject();
139:         $this->badRequest1->rebuildTable();
140:         $this->badRequest1->set('client', $this->badAgent);
141:         $this->badRequest1->set('IP', $this->badIP);
142:         $this->badRequest1->set('requestedResource', '/doesNotExist');
143:         $this->badRequest1->save();
144: 
145:         $this->badRequest2 = new BadRequestObject();
146:         $this->badRequest2->set('client', $this->badAgent);
147:         $this->badRequest2->set('IP', $this->badIP);
148:         $this->badRequest2->set('requestedResource', '/doesNotExist');
149:         $this->badRequest2->save();
150: 
151:         $this->badRequest3 = new BadRequestObject();
152:         $this->badRequest3->set('client', $this->badAgent);
153:         $this->badRequest3->set('IP', $this->badIP);
154:         $this->badRequest3->set('requestedResource', '/doesNotExist');
155:         $this->badRequest3->save();
156: 
157:         $this->oldAgent = $_SERVER['HTTP_USER_AGENT'];
158:         $this->oldIP = $_SERVER['REMOTE_ADDR'];
159:     }
160: 
161:     /**
162:      * Called after the test functions are executed
163:      * this function is defined in PHPUnit_TestCase and overwritten
164:      * here
165:      *
166:      * @since 1.0
167:      */
168:     protected function tearDown() {
169:         $this->blacklistedClient->dropTable();
170:         unset($this->blacklistedClient);
171: 
172:         $this->badRequest1->dropTable();
173:         unset($this->badRequest1);
174: 
175:         unset($this->badRequest2);
176: 
177:         unset($this->badRequest3);
178: 
179:         $_SERVER['HTTP_USER_AGENT'] = $this->oldAgent;
180:         $_SERVER['REMOTE_ADDR'] = $this->oldIP;
181:     }
182: 
183:     /**
184:      * Testing that a blacklisted user agent string cannot pass the ClientBlacklistFilter filter
185:      *
186:      * @since 1.0
187:      */
188:     public function testClientBlacklistFilter() {
189:         $_SERVER['HTTP_USER_AGENT'] = $this->badAgent;
190:         $_GET['act'] = 'Search';
191: 
192:         try {
193:             $front = new FrontController();
194:             $front->registerFilter(new ClientBlacklistFilter());
195:             $front->loadController(false);
196:             $this->fail('Testing that a blacklisted user agent string cannot pass the ClientBlacklistFilter filter');
197:         }catch (ResourceNotAllowedException $e) {
198:             $this->assertEquals('Not allowed!', $e->getMessage(), 'Testing that a blacklisted user agent string cannot pass the ClientBlacklistFilter filter');
199:         }
200:     }
201: 
202:     /**
203:      * Testing that a user agent string/IP compbo cannot pass the ClientTempBlacklistFilter filter beyond the config limit
204:      *
205:      * @since 1.0
206:      */
207:     public function testClientTempBlacklistFilter() {
208:         global $config;
209:         $config->set('security.client.temp.blacklist.filter.limit', 3);
210: 
211:         $_SERVER['HTTP_USER_AGENT'] = $this->badAgent;
212:         $_SERVER['REMOTE_ADDR'] = $this->badIP;
213:         $_GET['act'] = 'doesNotExist';
214: 
215:         try {
216:             $front = new FrontController();
217:             $front->registerFilter(new ClientTempBlacklistFilter());
218:             $front->loadController(false);
219:             $this->fail('Testing that a user agent string/IP compbo cannot pass the ClientTempBlacklistFilter filter beyond the config limit');
220:         }catch (ResourceNotAllowedException $e) {
221:             $this->assertEquals('Not allowed!', $e->getMessage(), 'Testing that a user agent string/IP compbo cannot pass the ClientTempBlacklistFilter filter beyond the config limit');
222:         }
223:     }
224: 
225:     /**
226:      * Testing that a blacklisted IP cannot pass the IPBlacklistFilter filter
227:      *
228:      * @since 1.2.3
229:      */
230:     public function testIPBlacklistFilter() {
231:         $_SERVER['REMOTE_ADDR'] = $this->badIP;
232:         $_GET['act'] = 'Search';
233: 
234:         try {
235:             $front = new FrontController();
236:             $front->registerFilter(new IPBlacklistFilter());
237:             $front->loadController(false);
238:             $this->fail('Testing that a blacklisted IP cannot pass the IPBlacklistFilter filter');
239:         }catch (ResourceNotAllowedException $e) {
240:             $this->assertEquals('Not allowed!', $e->getMessage(), 'Testing that a blacklisted IP cannot pass the IPBlacklistFilter filter');
241:         }
242:     }
243: }
244: 
245: ?>