Add Unit test case for session renewal

Signed-off-by: William Desportes <williamdes@wdes.fr>
author: William Desportes <williamdes@wdes.fr> 2019-06-13 08:43:48 +0300
committer: William Desportes <williamdes@wdes.fr> 2019-06-13 08:43:48 +0300
commit: fb4a8d61b7cb9e7057dd6b5684d1c3b501a9026b (patch)
tree: c50960686883b9abc90ab7be9f467a53e0cf5657 /test
parent: 80d88d2f1829f81fdc0d23f8d211378195525bce (diff)
1 files changed, 16 insertions, 0 deletions
diff --git a/test/classes/CoreTest.php b/test/classes/CoreTest.php
index 615a50dc3a..85ff18faf1 100644
--- a/test/classes/CoreTest.php
+++ b/test/classes/CoreTest.php
@@ -1187,4 +1187,20 @@ class CoreTest extends PmaTestCase
         $hmac = '3333333380a640dc05944a2a24e6e630d3e9e3dba24464135f2fb954c3eeeeee';
         $this->assertFalse(Core::checkSqlQuerySignature($sqlQuery, $hmac));
     }
+
+    /**
+     * Test for Core::checkSqlQuerySignature
+     *
+     * @return void
+     */
+    function testCheckSqlQuerySignatureFailsFromAnotherSession()
+    {
+        $_SESSION[' PMA_token '] = hash('sha1', 'firstSession');
+        $sqlQuery = 'SELECT * FROM `test`.`db` WHERE 1;';
+        $hmac = Core::signSqlQuery($sqlQuery);
+        $this->assertTrue(Core::checkSqlQuerySignature($sqlQuery, $hmac));
+        $_SESSION[' PMA_token '] = hash('sha1', 'secondSession');
+        // Try to use the token (hmac) from the previous session
+        $this->assertFalse(Core::checkSqlQuerySignature($sqlQuery, $hmac));
+    }
 }
author	William Desportes <williamdes@wdes.fr>	2019-06-13 08:43:48 +0300
committer	William Desportes <williamdes@wdes.fr>	2019-06-13 08:43:48 +0300
commit	fb4a8d61b7cb9e7057dd6b5684d1c3b501a9026b (patch)
tree	c50960686883b9abc90ab7be9f467a53e0cf5657 /test
parent	80d88d2f1829f81fdc0d23f8d211378195525bce (diff)