<?php
+/**
+ * The nonce handler.
+ *
+ * PHP version 5
+ *
+ * @category Horde
+ * @package Nonce
+ * @author Gunnar Wrobel <wrobel@pardus.de>
+ * @license http://www.fsf.org/copyleft/lgpl.html LGPL
+ * @link http://pear.horde.org/index.php?package=Nonce
+ */
+
+/**
+ * The nonce handler.
+ *
+ * Copyright 2010 The Horde Project (http://www.horde.org/)
+ *
+ * See the enclosed file COPYING for license information (LGPL). If you
+ * did not receive this file, see http://www.fsf.org/copyleft/lgpl.html.
+ *
+ * @category Horde
+ * @package Nonce
+ * @author Gunnar Wrobel <wrobel@pardus.de>
+ * @license http://www.fsf.org/copyleft/lgpl.html LGPL
+ * @link http://pear.horde.org/index.php?package=Nonce
+ */
+class Horde_Nonce
+{
+ /**
+ * Return a nonce.
+ *
+ * @return string The nonce.
+ */
+ public function get()
+ {
+ return pack('Nn2', time(), mt_rand(), mt_rand());
+ }
+}
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<package packagerversion="1.9.0" version="2.0" xmlns="http://pear.php.net/dtd/package-2.0" xmlns:tasks="http://pear.php.net/dtd/tasks-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://pear.php.net/dtd/tasks-1.0 http://pear.php.net/dtd/tasks-1.0.xsd http://pear.php.net/dtd/package-2.0 http://pear.php.net/dtd/package-2.0.xsd">
+ <name>Nonce</name>
+ <channel>pear.horde.org</channel>
+ <summary>Provides nonces (numbers used once)</summary>
+ <description>Nonces (numbers used once) protect against reuse. They
+ can be used to disallow sending forms or using links twice. They can
+ can also be combined with tokens protecting against XSRF (though they
+ do not neccesarily provide any additional security in that
+ context). Generation of nonces is trivial but storage of used nonces
+ can be complex. This library relies primarily on modified Bloom
+ filters as suggested by Martin Schönert (who in turn refers to Robert
+ Floyd as the first one suggesting such an approach).</description>
+ <lead>
+ <name>Chuck Hagenbuch</name>
+ <user>chuck</user>
+ <email>chuck@horde.org</email>
+ <active>yes</active>
+ </lead>
+ <lead>
+ <name>Jan Schneider</name>
+ <user>jan</user>
+ <email>jan@horde.org</email>
+ <active>yes</active>
+ </lead>
+ <lead>
+ <name>Gunnar Wrobel</name>
+ <user>wrobel</user>
+ <email>wrobel@pardus.de</email>
+ <active>yes</active>
+ </lead>
+ <date>2010-11-03</date>
+ <time>17:30:13</time>
+ <version>
+ <release>0.0.1</release>
+ <api>0.0.1</api>
+ </version>
+ <stability>
+ <release>alpha</release>
+ <api>alpha</api>
+ </stability>
+ <license uri="http://www.gnu.org/copyleft/lesser.html">LGPL</license>
+ <notes>
+* Initial release.
+ </notes>
+ <contents>
+ <dir baseinstalldir="/" name="/">
+ <dir name="lib">
+ <dir name="Horde">
+ <file name="Nonce.php" role="php" />
+ </dir> <!-- /lib/Horde -->
+ </dir> <!-- /lib -->
+ <dir name="test">
+ <dir name="Horde">
+ <dir name="Nonce">
+ <dir name="Integration">
+ <file name="NonceTest.php" role="test" />
+ </dir> <!-- /test/Horde/Nonce/Integration -->
+ <file name="AllTests.php" role="test" />
+ <file name="Autoload.php" role="test" />
+ <file name="phpunit.xml" role="test" />
+ <file name="StoryTestCase.php" role="test" />
+ </dir> <!-- /test/Horde/Nonce -->
+ </dir> <!-- /test/Horde -->
+ </dir> <!-- /test -->
+ </dir> <!-- / -->
+ </contents>
+ <dependencies>
+ <required>
+ <php>
+ <min>5.2.0</min>
+ </php>
+ <pearinstaller>
+ <min>1.9.0</min>
+ </pearinstaller>
+ </required>
+ </dependencies>
+ <phprelease>
+ <filelist>
+ <install as="Horde/Nonce.php" name="lib/Horde/Nonce.php" />
+ <install as="Horde/Nonce/AllTests.php" name="test/Horde/Nonce/AllTests.php" />
+ <install as="Horde/Nonce/Autoload.php" name="test/Horde/Nonce/Autoload.php" />
+ <install as="Horde/Nonce/phpunit.xml" name="test/Horde/Nonce/phpunit.xml" />
+ <install as="Horde/Nonce/StoryTestCase.php" name="test/Horde/Nonce/StoryTestCase.php" />
+ <install as="Horde/Nonce/Integration/NonceTest.php" name="test/Horde/Nonce/Integration/NonceTest.php" />
+ </filelist>
+ </phprelease>
+ <changelog>
+ <release>
+ <version>
+ <release>0.0.1</release>
+ <api>0.0.1</api>
+ </version>
+ <stability>
+ <release>alpha</release>
+ <api>alpha</api>
+ </stability>
+ <date>2010-11-03</date>
+ <license uri="http://www.gnu.org/copyleft/lesser.html">LGPL</license>
+ <notes>
+* Initial release.
+ </notes>
+ </release>
+ </changelog>
+</package>
/** Catch strict standards */
error_reporting(E_ALL | E_STRICT);
+
+/** Load the basic test definition */
+require_once dirname(__FILE__) . '/StoryTestCase.php';
--- /dev/null
+<?php
+/**
+ * Test the Nonce system.
+ *
+ * PHP version 5
+ *
+ * @category Horde
+ * @package Nonce
+ * @subpackage UnitTests
+ * @author Gunnar Wrobel <wrobel@pardus.de>
+ * @license http://www.fsf.org/copyleft/lgpl.html LGPL
+ * @link http://pear.horde.org/index.php?package=Nonce
+ */
+
+/**
+ * Prepare the test setup.
+ */
+require_once dirname(__FILE__) . '/../Autoload.php';
+
+/**
+ * Test the Nonce system.
+ *
+ * Copyright 2010 The Horde Project (http://www.horde.org/)
+ *
+ * See the enclosed file COPYING for license information (LGPL). If you
+ * did not receive this file, see http://www.fsf.org/copyleft/lgpl.html.
+ *
+ * @category Horde
+ * @package Nonce
+ * @subpackage UnitTests
+ * @author Gunnar Wrobel <wrobel@pardus.de>
+ * @license http://www.fsf.org/copyleft/lgpl.html LGPL
+ * @link http://pear.horde.org/index.php?package=Nonce
+ */
+class Horde_Nonce_Integration_NonceTest
+extends Horde_Nonce_StoryTestCase
+{
+ /**
+ * @scenario
+ */
+ public function aDefaultNonceHasADefinedLengthOf()
+ {
+ $this->given('the default nonce setup')
+ ->when('retrieving a nonce')
+ ->then('the nonce has a length of 8 bytes');
+ }
+}
\ No newline at end of file
--- /dev/null
+<?php
+/**
+ * Base for story based package testing.
+ *
+ * PHP version 5
+ *
+ * @category Horde
+ * @package Nonce
+ * @subpackage UnitTests
+ * @author Gunnar Wrobel <wrobel@pardus.de>
+ * @license http://www.fsf.org/copyleft/lgpl.html LGPL
+ * @link http://pear.horde.org/index.php?package=Nonce
+ */
+
+/**
+ * Base for story based package testing.
+ *
+ * Copyright 2010 The Horde Project (http://www.horde.org/)
+ *
+ * See the enclosed file COPYING for license information (LGPL). If you
+ * did not receive this file, see http://www.fsf.org/copyleft/lgpl.html.
+ *
+ * @category Horde
+ * @package Nonce
+ * @subpackage UnitTests
+ * @author Gunnar Wrobel <wrobel@pardus.de>
+ * @license http://www.fsf.org/copyleft/lgpl.html LGPL
+ * @link http://pear.horde.org/index.php?package=Nonce
+ */
+class Horde_Nonce_StoryTestCase
+extends PHPUnit_Extensions_Story_TestCase
+{
+ /**
+ * Handle a "given" step.
+ *
+ * @param array &$world Joined "world" of variables.
+ * @param string $action The description of the step.
+ * @param array $arguments Additional arguments to the step.
+ *
+ * @return mixed The outcome of the step.
+ */
+ public function runGiven(&$world, $action, $arguments)
+ {
+ switch($action) {
+ case 'the default nonce setup':
+ $world['nonce_handler'] = new Horde_Nonce();
+ break;
+ default:
+ return $this->notImplemented($action);
+ }
+ }
+
+ /**
+ * Handle a "when" step.
+ *
+ * @param array &$world Joined "world" of variables.
+ * @param string $action The description of the step.
+ * @param array $arguments Additional arguments to the step.
+ *
+ * @return mixed The outcome of the step.
+ */
+ public function runWhen(&$world, $action, $arguments)
+ {
+ switch($action) {
+ case 'retrieving a nonce':
+ $world['nonce'] = $world['nonce_handler']->get();
+ break;
+ default:
+ return $this->notImplemented($action);
+ }
+ }
+
+ /**
+ * Handle a "then" step.
+ *
+ * @param array &$world Joined "world" of variables.
+ * @param string $action The description of the step.
+ * @param array $arguments Additional arguments to the step.
+ *
+ * @return mixed The outcome of the step.
+ */
+ public function runThen(&$world, $action, $arguments)
+ {
+ switch($action) {
+ case 'the nonce has a length of 8 bytes':
+ $this->assertEquals(8, strlen($world['nonce']));
+ break;
+ default:
+ return $this->notImplemented($action);
+ }
+ }
+
+}
\ No newline at end of file
projects / horde.git / commitdiff