assertSame($plain, $dec); $this->assertGreaterThan(16, strlen($enc)); } public function testHkdfDeterministic(): void { $token = 'a1b2c3d4e5f60718293a4b5c6d7e8f90123456789abcdef0123456789abcdef'; $k1 = hkdf_session_key_from_token($token); $k2 = hkdf_session_key_from_token($token); $this->assertSame($k1, $k2); $this->assertSame(32, strlen($k1)); } public function testRbacClientFilter(): void { [$adminClause, $adminParams] = rbac_client_filter(['role' => 'admin', 'entityID' => 'x'], 'cl'); $this->assertSame('1=1', $adminClause); $this->assertSame([], $adminParams); [$supClause, $supParams] = rbac_client_filter(['role' => 'supervisor', 'entityID' => 'sup001'], 'cl'); $this->assertStringContainsString('supervisorID', $supClause); $this->assertSame([':rbac_eid' => 'sup001'], $supParams); [$coachClause, $coachParams] = rbac_client_filter(['role' => 'coach', 'entityID' => 'coach001'], 'cl'); $this->assertStringContainsString('coachID', $coachClause); $this->assertSame([':rbac_eid' => 'coach001'], $coachParams); [$denyClause, $denyParams] = rbac_client_filter(['role' => 'guest', 'entityID' => ''], 'cl'); $this->assertSame('0=1', $denyClause); } }