Inicio Explorar Axuda
Iniciar sesión
chiappa
/
irdb
réplica de https://git.snix.ch/chiappa/irdb.git
1
0
Fork 0
Ficheiros Incidencias 0
Árbore: 024ddc8ac8
Ramas Etiquetas
irdb
/
api
/
tests
/
Unit
/
Auth
/
TokenIssuerTest.php

TokenIssuerTest.php 2.2 KB
Histórico Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162 
  1. <?php
    2. 

  2. 

  3. declare(strict_types=1);
    4. 

  4. 

  5. namespace App\Tests\Unit\Auth;
    6. 

  6. 

  7. use App\Domain\Auth\Token;
    8. 

  8. use App\Domain\Auth\TokenIssuer;
    9. 

  9. use App\Domain\Auth\TokenKind;
    10. 

  10. use PHPUnit\Framework\TestCase;
    11. 

  11. 

  12. final class TokenIssuerTest extends TestCase
    13. 

  13. {
    14. 

  14.     public function testIssuedTokenMatchesFormat(): void
    15. 

  15.     {
    16. 

  16.         $issuer = new TokenIssuer();
    17. 

  17. 

  18.         foreach (TokenKind::cases() as $kind) {
    19. 

  19.             $raw = $issuer->issue($kind);
    20. 

  20.             self::assertSame(1, preg_match('/^irdb_(rep|con|adm|svc)_[A-Z2-7]{32}$/', $raw), "format mismatch for {$kind->value}: {$raw}");
    21. 

  21.             self::assertStringStartsWith('irdb_' . $kind->code() . '_', $raw);
    22. 

  22.         }
    23. 

  23.     }
    24. 

  24. 

  25.     public function testIssuedTokensAreUnique(): void
    26. 

  26.     {
    27. 

  27.         $issuer = new TokenIssuer();
    28. 

  28.         $set = [];
    29. 

  29.         for ($i = 0; $i < 50; ++$i) {
    30. 

  30.             $set[$issuer->issue(TokenKind::Admin)] = true;
    31. 

  31.         }
    32. 

  32.         self::assertCount(50, $set);
    33. 

  33.     }
    34. 

  34. 

  35.     public function testIssuedTokenRoundTripsThroughParse(): void
    36. 

  36.     {
    37. 

  37.         $issuer = new TokenIssuer();
    38. 

  38.         foreach (TokenKind::cases() as $kind) {
    39. 

  39.             $raw = $issuer->issue($kind);
    40. 

  40.             $parsed = Token::parse($raw);
    41. 

  41.             self::assertNotNull($parsed, "parse failed for {$raw}");
    42. 

  42.             self::assertSame($kind, $parsed->kind);
    43. 

  43.             self::assertSame($raw, $parsed->raw);
    44. 

  44.         }
    45. 

  45.     }
    46. 

  46. 

  47.     public function testIssuedBodyAlwaysExactlyThirtyTwoBase32Chars(): void
    48. 

  48.     {
    49. 

  49.         // SEC_REVIEW F39: 20 bytes (160 bits) divides exactly by 5 → 32
    50. 

  50.         // base32 chars with zero trailing-bit ambiguity. The previous dead
    51. 

  51.         // `str_pad` branch in `base32Encode` (which prompted the F39
    52. 

  52.         // finding) is gone, but the property it implied — every char
    53. 

  53.         // carries 5 useful bits — must hold across many random samples.
    54. 

  54.         $issuer = new TokenIssuer();
    55. 

  55.         for ($i = 0; $i < 100; ++$i) {
    56. 

  56.             $raw = $issuer->issue(TokenKind::Admin);
    57. 

  57.             $body = substr($raw, strlen('irdb_adm_'));
    58. 

  58.             self::assertSame(32, strlen($body), "issued body must be 32 chars: {$raw}");
    59. 

  59.             self::assertSame(1, preg_match('/^[A-Z2-7]{32}$/', $body), "issued body must use canonical base32: {$raw}");
    60. 

  60.         }
    61. 

  61.     }
    62. 

  62. }
    63.