public function testVizhashGeneratesUniquePngsPerIp()
{
$vz = new vizhash16x16();
$pngdata = $vz->generate('127.0.0.1');
file_put_contents($this->_file, $pngdata);
$finfo = new finfo(FILEINFO_MIME_TYPE);
$this->assertEquals('image/png', $finfo->file($this->_file));
$this->assertNotEquals($pngdata, $vz->generate('2001:1620:2057:dead:beef::cafe:babe'));
$this->assertEquals($pngdata, $vz->generate('127.0.0.1'));
// generating new salt
$salt = serversalt::get();
require 'mcrypt_mock.php';
$this->assertNotEquals($salt, serversalt::generate());
}
/**
* constructor
*
* @access public
* @return void
*/
public function __construct()
{
$this->width = 16;
$this->height = 16;
$this->salt = serversalt::get();
}
/**
* traffic limiter
*
* Make sure the IP address makes at most 1 request every 10 seconds.
*
* @access public
* @static
* @throws Exception
* @return bool
*/
public static function canPass()
{
// disable limits if set to less then 1
if (self::$_limit < 1) {
return true;
}
$ip = hash_hmac('sha256', self::getIp(), serversalt::get());
$file = 'traffic_limiter.php';
if (!self::_exists($file)) {
self::_store($file, '<?php' . PHP_EOL . '$GLOBALS[\'traffic_limiter\'] = array();' . PHP_EOL);
}
$path = self::getPath($file);
require $path;
$now = time();
$tl = $GLOBALS['traffic_limiter'];
// purge file of expired IPs to keep it small
foreach ($tl as $key => $time) {
if ($time + self::$_limit < $now) {
unset($tl[$key]);
}
}
if (array_key_exists($ip, $tl) && $tl[$ip] + self::$_limit >= $now) {
$result = false;
} else {
$tl[$ip] = time();
$result = true;
}
self::_store($file, '<?php' . PHP_EOL . '$GLOBALS[\'traffic_limiter\'] = ' . var_export($tl, true) . ';' . PHP_EOL);
return $result;
}
/**
* Delete an existing paste
*
* @access private
* @param string $dataid
* @param string $deletetoken
* @return void
*/
private function _delete($dataid, $deletetoken)
{
// Is this a valid paste identifier?
if (!filter::is_valid_paste_id($dataid)) {
$this->_error = 'Invalid paste ID.';
return;
}
// Check that paste exists.
if (!$this->_model()->exists($dataid)) {
$this->_error = 'Paste does not exist, has expired or has been deleted.';
return;
}
// Make sure token is valid.
if (filter::slow_equals($deletetoken, hash_hmac('sha1', $dataid, serversalt::get()))) {
$this->_error = 'Wrong deletion token. Paste was not deleted.';
return;
}
// Paste exists and deletion token is valid: Delete the paste.
$this->_model()->delete($dataid);
$this->_status = 'Paste was properly deleted.';
}
/**
* Delete an existing paste
*
* @access private
* @param string $dataid
* @param string $deletetoken
* @return void
*/
private function _delete($dataid, $deletetoken)
{
// Is this a valid paste identifier?
if (!filter::is_valid_paste_id($dataid)) {
$this->_error = 'Invalid paste ID.';
return;
}
// Check that paste exists.
if (!$this->_model()->exists($dataid)) {
$this->_error = self::GENERIC_ERROR;
return;
}
// Get the paste itself.
$paste = $this->_model()->read($dataid);
// See if paste has expired.
if (isset($paste->meta->expire_date) && $paste->meta->expire_date < time()) {
// Delete the paste
$this->_model()->delete($dataid);
$this->_error = self::GENERIC_ERROR;
return;
}
if ($deletetoken == 'burnafterreading') {
if (isset($paste->meta->burnafterreading) && $paste->meta->burnafterreading) {
// Delete the paste
$this->_model()->delete($dataid);
$this->_return_message(0, $dataid);
} else {
$this->_return_message(1, 'Paste is not of burn-after-reading type.');
}
return;
}
// Make sure token is valid.
serversalt::setPath($this->_conf['traffic']['dir']);
if (!filter::slow_equals($deletetoken, hash_hmac('sha1', $dataid, serversalt::get()))) {
$this->_error = 'Wrong deletion token. Paste was not deleted.';
return;
}
// Paste exists and deletion token is valid: Delete the paste.
$this->_model()->delete($dataid);
$this->_status = 'Paste was properly deleted.';
}
/**
* Generate the "delete" token.
*
* The token is the hmac of the pastes ID signed with the server salt.
* The paste can be deleted by calling:
* http://example.com/zerobin/?pasteid=<pasteid>&deletetoken=<deletetoken>
*
* @access public
* @return string
*/
public function getDeleteToken()
{
return hash_hmac('sha1', $this->getId(), serversalt::get());
}
/**
* @expectedException Exception
* @expectedExceptionCode 10
*/
public function testPermissionShenanigans()
{
// try creating an invalid path
chmod($this->_invalidPath, 00);
serversalt::setPath($this->_invalidPath . DIRECTORY_SEPARATOR . 'baz');
serversalt::get();
}
/**
* @runInSeparateProcess
*/
public function testDelete()
{
$this->reset();
$this->_model->create(helper::getPasteId(), helper::getPaste());
$this->assertTrue($this->_model->exists(helper::getPasteId()), 'paste exists before deleting data');
$_GET['pasteid'] = helper::getPasteId();
$_GET['deletetoken'] = hash_hmac('sha1', helper::getPasteId(), serversalt::get());
ob_start();
new zerobin();
$content = ob_get_contents();
$this->assertTag(array('id' => 'status', 'content' => 'Paste was properly deleted'), $content, 'outputs deleted status correctly');
$this->assertFalse($this->_model->exists(helper::getPasteId()), 'paste successfully deleted');
}
/**
* @runInSeparateProcess
*/
public function testDeleteWithPost()
{
$this->reset();
$this->_model->create(helper::getPasteId(), helper::getPaste());
$this->assertTrue($this->_model->exists(helper::getPasteId()), 'paste exists before deleting data');
$_POST = array('action' => 'delete', 'deletetoken' => hash_hmac('sha1', helper::getPasteId(), serversalt::get()));
$_SERVER['QUERY_STRING'] = helper::getPasteId();
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
$_SERVER['REQUEST_METHOD'] = 'POST';
ob_start();
new zerobin();
$content = ob_get_contents();
$response = json_decode($content, true);
$this->assertEquals(0, $response['status'], 'outputs status');
$this->assertFalse($this->_model->exists(helper::getPasteId()), 'paste successfully deleted');
}
