public function testHash()
{
$input = 'random string';
$timestamp = date('c');
$iteration = 250;
$salt = 'sodium chrloride';
$control = OpauthStrategy::hash($input, $timestamp, $iteration, $salt);
$this->assertFalse(empty($control));
// Ensure iteration is taken into account and producing different hash
$diffIteration = OpauthStrategy::hash($input, $timestamp, 888, $salt);
$this->assertFalse(empty($diffIteration));
$this->assertFalse($diffIteration == $control);
$diffIteration2 = OpauthStrategy::hash($input, $timestamp, 99999, $salt);
$this->assertFalse(empty($diffIteration2));
$this->assertFalse($diffIteration2 == $control);
$this->assertFalse($diffIteration2 == $diffIteration);
$diffIteration3 = OpauthStrategy::hash($input, $timestamp, 0, $salt);
$this->assertFalse($diffIteration3);
// Ensure salt is taken into account and producing different hash
$diffSalt = OpauthStrategy::hash($input, $timestamp, $iteration, 'a98woj34 89789&SFDIU(@&*#(*@$');
$this->assertFalse(empty($diffSalt));
$this->assertFalse($diffSalt == $control);
$diffSalt2 = OpauthStrategy::hash($input, $timestamp, $iteration, null);
$this->assertFalse(empty($diffSalt2));
$this->assertFalse($diffSalt2 == $control);
$this->assertFalse($diffSalt2 == $diffSalt);
}
/**
* Validate $auth response
* Accepts either function call or HTTP-based call
*
* @param string $input = sha1(print_r($auth, true))
* @param string $timestamp = $_REQUEST['timestamp'])
* @param string $signature = $_REQUEST['signature']
* @param string $reason Sets reason for failure if validation fails
* @return boolean true: valid; false: not valid.
*/
public function validate($input = null, $timestamp = null, $signature = null, &$reason = null)
{
$functionCall = true;
if (!empty($_REQUEST['input']) && !empty($_REQUEST['timestamp']) && !empty($_REQUEST['signature'])) {
$functionCall = false;
$provider = $_REQUEST['input'];
$timestamp = $_REQUEST['timestamp'];
$signature = $_REQUEST['signature'];
}
$timestamp_int = strtotime($timestamp);
if ($timestamp_int < strtotime('-' . $this->env['security_timeout']) || $timestamp_int > time()) {
$reason = "Auth response expired";
return false;
}
$hash = OpauthStrategy::hash($input, $timestamp, $this->env['security_iteration'], $this->env['security_salt']);
if (strcasecmp($hash, $signature) !== 0) {
$reason = "Signature does not validate";
return false;
}
return true;
}
/**
* @depends testValidate
*/
public function testValidateTimeout(array $response)
{
$config = array('security_salt' => 'k9QVRc7R3woOOVyJgOFBv2Rp9bxQsGtRbaOraP7ePXuyzh0GkrNckKjI4MV1KOy', 'security_iteration' => 919, 'security_timeout' => '1 minute');
$response['timestamp'] = date('c', time() - 90);
$response['signature'] = OpauthStrategy::hash(sha1(print_r($response['auth'], true)), $response['timestamp'], $config['security_iteration'], $config['security_salt']);
$Opauth = self::instantiateOpauthForTesting($config);
$this->assertFalse($Opauth->validate(sha1(print_r($response['auth'], true)), $response['timestamp'], $response['signature'], $reason));
$this->assertEquals($reason, 'Auth response expired');
}
