Started work on PHPUnit tests, crossing fingers...

auth.class.php

@@ -29,6 +29,8 @@ public function __construct(\PDO $dbh, $config, $lang)
 		if (version_compare(phpversion(), '5.5.0', '<')) {
 			require("files/password.php");
 		}
+
+		date_default_timezone_set($this->config->site_timezone);
 	}
 
 	/***
@@ -315,6 +317,7 @@ public function getHash($password)
 	* @return array $uid
 	*/
 
+
 	public function getUID($email)
 	{
 		$query = $this->dbh->prepare("SELECT id FROM {$this->config->table_users} WHERE email = ?");
@@ -377,8 +380,9 @@ private function addSession($uid, $remember)
 	private function deleteExistingSessions($uid)
 	{
 		$query = $this->dbh->prepare("DELETE FROM {$this->config->table_sessions} WHERE uid = ?");
+		$query->execute(array($uid));
 
-		return $query->execute(array($uid));
+		return $query->rowCount() == 1;
 	}
 
 	/***
@@ -390,8 +394,9 @@ private function deleteExistingSessions($uid)
 	private function deleteSession($hash)
 	{
 		$query = $this->dbh->prepare("DELETE FROM {$this->config->table_sessions} WHERE hash = ?");
+		$query->execute(array($hash));
 
-		return $query->execute(array($hash));
+		return $query->rowCount() == 1;
 	}
 
 	/**
@@ -487,7 +492,7 @@ public function isEmailTaken($email)
 	* Adds a new user to database
 	* @param string $email      -- email
 	* @param string $password   -- password
-  * @param array $params      -- additional params
+	* @param array $params      -- additional params
 	* @return int $uid
 	*/
 
@@ -505,18 +510,22 @@ private function addUser($email, $password, $params = array(), &$sendmail)
 		$uid = $this->dbh->lastInsertId();
 		$email = htmlentities(strtolower($email));
 
-		$addRequest = $this->addRequest($uid, $email, "activation", $sendmail);
+		if($sendmail) {
+			$addRequest = $this->addRequest($uid, $email, "activation", $sendmail);
 
-		if($addRequest['error'] == 1) {
-			$query = $this->dbh->prepare("DELETE FROM {$this->config->table_users} WHERE id = ?");
-			$query->execute(array($uid));
+			if($addRequest['error'] == 1) {
+				$query = $this->dbh->prepare("DELETE FROM {$this->config->table_users} WHERE id = ?");
+				$query->execute(array($uid));
 
-			$return['message'] = $addRequest['message'];
-			return $return;
+				$return['message'] = $addRequest['message'];
+				return $return;
+			}
+
+			$isactive = 0;
+		} else {
+			$isactive = 1;
 		}
 
-		$isactive = ($sendmail === false ? 1 : 0);
-
 		$password = $this->getHash($password);
 
 		if (is_array($params)&& count($params) > 0) {

phpunit.xml

@@ -2,7 +2,12 @@
 <phpunit colors="true">
     <testsuites>
         <testsuite name="PHP PHPAuth Test Suite">
-            <directory suffix=".php">.</directory>
+            <directory>tests/</directory>
         </testsuite>
     </testsuites>
+    <php>
+    	<ini name="sendmail_path" value="/bin/true" />
+    	<server name="REMOTE_ADDR" value="127.0.0.1" />
+    	<server name="HTTP_USER_AGENT" value="PHPUnit Test Browser" />
+    </php>
 </phpunit>

tests/AuthTest.php

@@ -0,0 +1,230 @@
+<?php
+
+class AuthTest extends PHPUnit_Framework_TestCase
+{
+	public $auth;
+	public $config;
+	public $dbh;
+
+	private $hash;
+
+	public function __construct()
+	{
+		require_once __DIR__ . '/../auth.class.php';
+		require_once __DIR__ . '/../config.class.php';
+		require_once __DIR__ . '/../languages/en_GB.php';
+
+		// $dbh = new PDO(sqlite::memory:);
+		$this->dbh = new PDO("mysql:host=127.0.0.1;dbname=phpauthtest", "root", "");
+
+		$this->config = new PHPAuth\Config($this->dbh);
+		$this->auth   = new PHPAuth\Auth($this->dbh, $this->config, $lang);
+
+		// Clean up the database
+		$this->dbh->exec("DELETE FROM attempts;");
+		$this->dbh->exec("DELETE FROM users;");
+		$this->dbh->exec("DELETE FROM sessions;");
+		$this->dbh->exec("DELETE FROM requests;");
+	}
+
+	public function testRegister()
+	{
+		// Successful registration
+		$this->assertFalse($this->auth->register("[email protected]", "TestPassword1", "TestPassword1", array(), NULL, false)['error']);
+
+		// Failed registration: same email
+		$this->assertTrue($this->auth->register("[email protected]", "TestPassword1", "TestPassword1", array(), NULL, false)['error']);
+
+		// Failed registration: invalid email address
+		$this->assertTrue($this->auth->register("InvalidEmail", "TestPassword1", "TestPassword1", array(), NULL, false)['error']);
+
+		// Failed registration: invalid password
+		$this->assertTrue($this->auth->register("[email protected]", "lamepass", "lamepass", array(), NULL, false)['error']);
+	}
+
+	/**
+     * @depends testRegister
+     */
+
+	public function testLogin()
+	{
+		// Empty attempts table
+		$this->dbh->exec("DELETE FROM attempts;");
+
+		// Successful login
+		$this->assertFalse($this->auth->login("[email protected]", "TestPassword1")['error']);
+
+		// Failed login: incorrect email
+		$this->assertTrue($this->auth->login("[email protected]", "IncorrectPassword1")['error']);
+
+		// Failed login: incorrect password
+		$this->assertTrue($this->auth->login("[email protected]", "IncorrectPassword1")['error']);
+	}
+
+	/**
+     * @depends testLogin
+     */
+
+	public function testCheckSession()
+	{
+		// Get the user's (created and logged in as earlier) session hash
+		$hash = $this->dbh->query("SELECT hash FROM sessions WHERE uid = (SELECT id FROM users WHERE email = '[email protected]');", PDO::FETCH_ASSOC)->fetch()['hash'];
+
+		// Successful checkSession
+		$this->assertTrue($this->auth->checkSession($hash));
+
+		// Failed checkSession: invalid session hash
+		$this->assertFalse($this->auth->checkSession("invalidhash"));
+
+		// Failed checkSession: inexistant session hash
+		$this->assertFalse($this->auth->checkSession("aaafda8ea2c65a596c7e089f256b1534f2298000"));
+	}
+
+	/**
+     * @depends testLogin
+     */
+
+	public function testGetSessionUID()
+	{
+		$uid = $this->dbh->query("SELECT id FROM users WHERE email = '[email protected]';", PDO::FETCH_ASSOC)->fetch()['id'];
+		$hash = $this->dbh->query("SELECT hash FROM sessions WHERE uid = {$uid};", PDO::FETCH_ASSOC)->fetch()['hash'];
+
+		// Successful getSessionUID
+		$this->assertEquals($uid, $this->auth->getSessionUID($hash));
+
+		// Failed getSessionUID: invalid session hash
+		$this->assertFalse($this->auth->getSessionUID("invalidhash"));
+
+		// Failed getSessionUID: inexistant session hash
+		$this->assertFalse($this->auth->getSessionUID("aaafda8ea2c65a596c7e089f256b1534f2298000"));
+	}
+
+	/**
+     * @depends testRegister
+     */
+
+	public function testIsEmailTaken()
+	{
+		// Successful isEmailTaken
+		$this->assertTrue($this->auth->isEmailTaken("[email protected]"));
+
+		// Failed isEmailTaken: unused email
+		$this->assertFalse($this->auth->isEmailTaken("[email protected]"));
+	}
+
+	/**
+     * @depends testRegister
+     */
+
+	public function testGetUser()
+	{
+		$uid = $this->dbh->query("SELECT id FROM users WHERE email = '[email protected]';", PDO::FETCH_ASSOC)->fetch()['id'];
+
+		// Successful getUser
+		$this->assertEquals("[email protected]", $this->auth->getUser($uid)['email']);
+
+		// Failed getUser: inexistant UID
+		$this->assertFalse($this->auth->getUser(9999999));
+	}
+
+	/**
+     * @depends testRegister
+     */
+
+	public function testChangePassword()
+	{
+		$uid = $this->dbh->query("SELECT id FROM users WHERE email = '[email protected]';", PDO::FETCH_ASSOC)->fetch()['id'];
+
+		// Successful changePassword
+		$this->assertFalse($this->auth->changePassword($uid, "TestPassword1", "TestPassword2", "TestPassword2")['error']);
+
+		// Failed changePassword: invalid current password
+		$this->assertTrue($this->auth->changePassword($uid, "lamepass", "TestPassword2", "TestPassword2")['error']);
+
+		// Failed changePassword: incorrect current password
+		$this->assertTrue($this->auth->changePassword($uid, "IncorrectPassword1", "TestPassword2", "TestPassword2")['error']);
+
+		// Failed changePassword: invalid new password
+		$this->assertTrue($this->auth->changePassword($uid, "TestPassword2", "lamepass", "lamepass")['error']);
+
+		// Failed changePassword: new password and confirmation do not match
+		$this->assertTrue($this->auth->changePassword($uid, "TestPassword2", "TestPassword3", "TestPassword4")['error']);
+
+		// Failed changePassword: incorrect UID
+		$this->assertTrue($this->auth->changePassword(9999999, "TestPassword2", "TestPassword3", "TestPassword3")['error']);
+	}
+
+	/**
+     * @depends testChangePassword
+     */
+
+	public function testChangeEmail()
+	{
+		$uid = $this->dbh->query("SELECT id FROM users WHERE email = '[email protected]';", PDO::FETCH_ASSOC)->fetch()['id'];
+
+		// Successful changeEmail
+		$this->assertFalse($this->auth->changeEmail($uid, "[email protected]", "TestPassword2")['error']);
+
+		// Failed changeEmail: invalid email
+		$this->assertTrue($this->auth->changeEmail($uid, "invalid.email", "TestPassword2")['error']);
+
+		// Failed changeEmail: new email is the same as current email
+		$this->assertTrue($this->auth->changeEmail($uid, "[email protected]", "TestPassword2")['error']);
+
+		// Failed changeEmail: password is invalid
+		$this->assertTrue($this->auth->changeEmail($uid, "[email protected]", "lamepass")['error']);
+
+		// Failed changeEmail: password is incorrect
+		$this->assertTrue($this->auth->changeEmail($uid, "[email protected]", "IncorrectPassword1")['error']);
+
+		// Failed changeEmail: UID is incorrect
+		$this->assertTrue($this->auth->changeEmail(9999999, "[email protected]", "IncorrectPassword1")['error']);
+	}
+
+	/**
+     * @depends testCheckSession
+     */
+
+	public function testLogout()
+	{
+		// Get the user's (created and logged in as earlier) session hash
+		$hash = $this->dbh->query("SELECT hash FROM sessions WHERE uid = (SELECT id FROM users WHERE email = '[email protected]');", PDO::FETCH_ASSOC)->fetch()['hash'];
+
+		// Successful logout
+		$this->assertTrue($this->auth->logout($hash));
+
+		// Failed logout: invalid session hash
+		$this->assertFalse($this->auth->logout("invalidhash"));
+
+		// Failed logout: inexistant session hash
+		$this->assertFalse($this->auth->logout("aaafda8ea2c65a596c7e089f256b1534f2298000"));
+	}
+
+	/**
+     * @depends testLogout
+     * @depends testChangePassword
+     * @depends testChangeEmail
+     */
+
+	public function testDeleteUser()
+	{
+		// Empty attempts table
+		$this->dbh->exec("DELETE FROM attempts;");
+
+		$uid = $this->dbh->query("SELECT id FROM users WHERE email = '[email protected]';", PDO::FETCH_ASSOC)->fetch()['id'];
+
+		// Failed deleteUser: invalid password
+		$this->assertTrue($this->auth->deleteUser($uid, "lamepass")['error']);
+
+		// Failed deleteUser: incorrect password
+		$this->assertTrue($this->auth->deleteUser($uid, "IncorrectPassword1")['error']);
+
+		// Successful deleteUser
+		$this->assertFalse($this->auth->deleteUser($uid, "TestPassword2")['error']);
+
+		// Failed deleteUser: incorrect UID
+		$this->assertTrue($this->auth->deleteUser(9999999, "IncorrectPassword1")['error']);
+	}
+}
+
+?>