From 2aeb4793414fd229eeeeb1f6c1d04bad2a97c7b4 Mon Sep 17 00:00:00 2001
From: Carsten Brandt <mail@cebe.cc>
Date: Thu, 28 Apr 2016 04:05:45 +0200
Subject: [PATCH] better unit test for generateRandomBytes()

---
 phpunit.xml.dist                      |  3 ++
 tests/framework/base/SecurityTest.php | 89 ++++++++++++++++++++++++++++++++++-
 2 files changed, 90 insertions(+), 2 deletions(-)

diff --git a/phpunit.xml.dist b/phpunit.xml.dist
index 6debe5e..eb6f339 100644
--- a/phpunit.xml.dist
+++ b/phpunit.xml.dist
@@ -11,6 +11,9 @@
 			</testsuite>
 		</testsuites>
 		<filter>
+            <whitelist>
+                <directory suffix=".php">framework/</directory>
+            </whitelist>
 			<blacklist>
 				<file>framework/helpers/Json.php</file>
 				<file>framework/helpers/StringHelper.php</file>
diff --git a/tests/framework/base/SecurityTest.php b/tests/framework/base/SecurityTest.php
index 762abec..6eb1b1e 100644
--- a/tests/framework/base/SecurityTest.php
+++ b/tests/framework/base/SecurityTest.php
@@ -5,6 +5,18 @@
  * @license http://www.yiiframework.com/license/
  */
 
+namespace yii\base;
+
+function function_exists($name) {
+
+    if (isset(\yiiunit\framework\base\SecurityTest::$functions[$name])) {
+        return \yiiunit\framework\base\SecurityTest::$functions[$name];
+    }
+    return \function_exists($name);
+}
+
+
+
 namespace yiiunit\framework\base;
 
 use yii\base\Security;
@@ -18,17 +30,29 @@ class SecurityTest extends TestCase
     const CRYPT_VECTORS = 'old';
 
     /**
+     * @var array set of functions for which a fake return value for `function_exists()` is provided.
+     */
+    public static $functions = [];
+
+    /**
      * @var ExposedSecurity
      */
     protected $security;
 
     protected function setUp()
     {
+        static::$functions = [];
         parent::setUp();
         $this->security = new ExposedSecurity();
         $this->security->derivationIterations = 1000; // speed up test running
     }
 
+    protected function tearDown()
+    {
+        static::$functions = [];
+        parent::tearDown();
+    }
+
     // Tests :
 
     public function testHashData()
@@ -799,9 +823,70 @@ TEXT;
         $this->assertEquals($data, $this->security->decryptByPassword($encrypted, $password));
     }
 
-    public function testGenerateRandomKey()
+
+    public function randomKeyInvalidInputs()
     {
-        $length = 21;
+        return [
+            [ 0 ],
+            [ -1 ],
+            [ '0' ],
+            [ '34' ],
+            [ [] ],
+        ];
+    }
+
+    /**
+     * @dataProvider randomKeyInvalidInputs
+     * @expectedException \yii\base\InvalidParamException
+     */
+    public function testRandomKeyInvalidInput($input)
+    {
+        $key1 = $this->security->generateRandomKey($input);
+    }
+
+
+    /**
+     * returns a set of different combinations of functions available.
+     */
+    public function randomKeyVariants()
+    {
+        return [
+            [ ['random_bytes' => true,  'openssl_random_pseudo_bytes' => true,  'mcrypt_create_iv' => true ] ],
+            [ ['random_bytes' => true,  'openssl_random_pseudo_bytes' => true,  'mcrypt_create_iv' => false ] ],
+            [ ['random_bytes' => true,  'openssl_random_pseudo_bytes' => false, 'mcrypt_create_iv' => true ] ],
+            [ ['random_bytes' => true,  'openssl_random_pseudo_bytes' => false, 'mcrypt_create_iv' => false ] ],
+            [ ['random_bytes' => false, 'openssl_random_pseudo_bytes' => true,  'mcrypt_create_iv' => true ] ],
+            [ ['random_bytes' => false, 'openssl_random_pseudo_bytes' => true,  'mcrypt_create_iv' => false ] ],
+            [ ['random_bytes' => false, 'openssl_random_pseudo_bytes' => false, 'mcrypt_create_iv' => true ] ],
+            [ ['random_bytes' => false, 'openssl_random_pseudo_bytes' => false, 'mcrypt_create_iv' => false ] ],
+        ];
+    }
+
+    /**
+     * @dataProvider randomKeyVariants
+     */
+    public function testGenerateRandomKey($functions)
+    {
+        foreach($functions as $fun => $available) {
+            if ($available && !\function_exists($fun)) {
+                $this->markTestSkipped("Can not test generateRandomKey() branch that includes $fun, because it is not available on your system.");
+            }
+        }
+        static::$functions = $functions;
+
+        // test various string lengths
+        for($length = 1; $length < 64; $length++) {
+            $key1 = $this->security->generateRandomKey($length);
+            $this->assertInternalType('string', $key1);
+            $this->assertEquals($length, strlen($key1));
+            $key2 = $this->security->generateRandomKey($length);
+            $this->assertInternalType('string', $key2);
+            $this->assertEquals($length, strlen($key2));
+            $this->assertTrue($key1 != $key2);
+        }
+
+        // test for /dev/urandom, reading larger data to see if loop works properly
+        $length = 1024 * 1024;
         $key1 = $this->security->generateRandomKey($length);
         $this->assertInternalType('string', $key1);
         $this->assertEquals($length, strlen($key1));