47 lines
1.6 KiB
PHP
47 lines
1.6 KiB
PHP
<?php
|
|
use PHPUnit\Framework\TestCase;
|
|
|
|
class SecurityTest extends TestCase {
|
|
private $security;
|
|
|
|
protected function setUp(): void {
|
|
$this->security = Security::getInstance();
|
|
}
|
|
|
|
public function testSanitizeInput() {
|
|
$input = "<script>alert('XSS')</script>";
|
|
$expected = "<script>alert('XSS')</script>";
|
|
$this->assertEquals($expected, $this->security->sanitizeInput($input));
|
|
}
|
|
|
|
public function testCSRFToken() {
|
|
$token = $this->security->generateCSRFToken();
|
|
$this->assertTrue($this->security->validateCSRFToken($token));
|
|
$this->assertFalse($this->security->validateCSRFToken('invalid_token'));
|
|
}
|
|
|
|
public function testJWT() {
|
|
$payload = ['user_id' => 1, 'role' => 'admin'];
|
|
$token = $this->security->generateJWT($payload);
|
|
$decoded = $this->security->validateJWT($token);
|
|
|
|
$this->assertIsArray($decoded);
|
|
$this->assertEquals(1, $decoded['user_id']);
|
|
$this->assertEquals('admin', $decoded['role']);
|
|
}
|
|
|
|
public function testRateLimit() {
|
|
$ip = '127.0.0.1';
|
|
$endpoint = 'test_endpoint';
|
|
|
|
// Should allow first request
|
|
$this->assertTrue($this->security->checkRateLimit($ip, $endpoint, 2, 3600));
|
|
|
|
// Should allow second request
|
|
$this->assertTrue($this->security->checkRateLimit($ip, $endpoint, 2, 3600));
|
|
|
|
// Should block third request
|
|
$this->assertFalse($this->security->checkRateLimit($ip, $endpoint, 2, 3600));
|
|
}
|
|
}
|