This commit is contained in:
@ -18,7 +18,7 @@ final class SecurityPathsTest extends QdbTestCase
|
||||
'INSERT INTO session (token, userID, role, entityID, createdAt, expiresAt, temp)
|
||||
VALUES (:t, :uid, :role, :eid, :ca, :ea, 0)'
|
||||
)->execute([
|
||||
':t' => $token,
|
||||
':t' => token_storage_key($token),
|
||||
':uid' => $f->adminUserId,
|
||||
':role' => 'admin',
|
||||
':eid' => 'ent',
|
||||
|
||||
@ -20,6 +20,11 @@ final class TokenTest extends QdbTestCase
|
||||
$rec = token_get_record($token);
|
||||
$this->assertNotNull($rec);
|
||||
$this->assertSame('admin', $rec['role']);
|
||||
[$pdo, $tmpDb, $lockFp] = qdb_open(false);
|
||||
$stored = $pdo->query('SELECT token FROM session LIMIT 1')->fetchColumn();
|
||||
qdb_discard($tmpDb, $lockFp);
|
||||
$this->assertSame(token_storage_key($token), $stored);
|
||||
$this->assertNotSame($token, $stored);
|
||||
|
||||
token_revoke($token);
|
||||
$this->assertNull(token_get_record($token));
|
||||
|
||||
@ -16,10 +16,24 @@ final class EncryptedPayloadTest extends TestCase
|
||||
$json = '{"clientCode":"X","answers":[]}';
|
||||
$env = qdb_sensitive_envelope($json, $token);
|
||||
$this->assertTrue($env['encrypted']);
|
||||
$this->assertSame('A256GCM', $env['alg']);
|
||||
$plain = qdb_decrypt_sensitive_envelope($env, $token);
|
||||
$this->assertSame($json, $plain);
|
||||
}
|
||||
|
||||
public function testLegacyCbcEnvelopeStillDecrypts(): void
|
||||
{
|
||||
require_once dirname(__DIR__, 2) . '/lib/encrypted_payload.php';
|
||||
$token = bin2hex(random_bytes(32));
|
||||
$json = '{"legacy":true}';
|
||||
$key = hkdf_session_key_from_token($token);
|
||||
$env = [
|
||||
'encrypted' => true,
|
||||
'payload' => base64_encode(aes256_cbc_encrypt_bytes($json, $key)),
|
||||
];
|
||||
$this->assertSame($json, qdb_decrypt_sensitive_envelope($env, $token));
|
||||
}
|
||||
|
||||
public function testWrongTokenFailsDecrypt(): void
|
||||
{
|
||||
require_once dirname(__DIR__, 2) . '/lib/encrypted_payload.php';
|
||||
|
||||
Reference in New Issue
Block a user