diff options
author | William Desportes <williamdes@wdes.fr> | 2019-06-13 08:43:48 +0300 |
---|---|---|
committer | William Desportes <williamdes@wdes.fr> | 2019-06-13 08:43:48 +0300 |
commit | fb4a8d61b7cb9e7057dd6b5684d1c3b501a9026b (patch) | |
tree | c50960686883b9abc90ab7be9f467a53e0cf5657 /test | |
parent | 80d88d2f1829f81fdc0d23f8d211378195525bce (diff) |
Add Unit test case for session renewal
Signed-off-by: William Desportes <williamdes@wdes.fr>
Diffstat (limited to 'test')
-rw-r--r-- | test/classes/CoreTest.php | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/test/classes/CoreTest.php b/test/classes/CoreTest.php index 615a50dc3a..85ff18faf1 100644 --- a/test/classes/CoreTest.php +++ b/test/classes/CoreTest.php @@ -1187,4 +1187,20 @@ class CoreTest extends PmaTestCase $hmac = '3333333380a640dc05944a2a24e6e630d3e9e3dba24464135f2fb954c3eeeeee'; $this->assertFalse(Core::checkSqlQuerySignature($sqlQuery, $hmac)); } + + /** + * Test for Core::checkSqlQuerySignature + * + * @return void + */ + function testCheckSqlQuerySignatureFailsFromAnotherSession() + { + $_SESSION[' PMA_token '] = hash('sha1', 'firstSession'); + $sqlQuery = 'SELECT * FROM `test`.`db` WHERE 1;'; + $hmac = Core::signSqlQuery($sqlQuery); + $this->assertTrue(Core::checkSqlQuerySignature($sqlQuery, $hmac)); + $_SESSION[' PMA_token '] = hash('sha1', 'secondSession'); + // Try to use the token (hmac) from the previous session + $this->assertFalse(Core::checkSqlQuerySignature($sqlQuery, $hmac)); + } } |