From 17c3c203f309f2d3170033708374d04eb77cb36b Mon Sep 17 00:00:00 2001
From: Gunnar Wrobel <p@rdus.de>
Date: Wed, 3 Nov 2010 17:32:53 +0100
Subject: [PATCH] Allow to create nonces.

---
 framework/Nonce/lib/Horde/Nonce.php                |  38 ++++++++
 framework/Nonce/package.xml                        | 105 +++++++++++++++++++++
 framework/Nonce/test/Horde/Nonce/Autoload.php      |   3 +
 .../test/Horde/Nonce/Integration/NonceTest.php     |  47 +++++++++
 framework/Nonce/test/Horde/Nonce/StoryTestCase.php |  93 ++++++++++++++++++
 5 files changed, 286 insertions(+)
 create mode 100644 framework/Nonce/package.xml
 create mode 100644 framework/Nonce/test/Horde/Nonce/Integration/NonceTest.php
 create mode 100644 framework/Nonce/test/Horde/Nonce/StoryTestCase.php
diff --git a/framework/Nonce/lib/Horde/Nonce.php b/framework/Nonce/lib/Horde/Nonce.php
index b3d9bbc7f..836045ac7 100644
--- a/framework/Nonce/lib/Horde/Nonce.php
+++ b/framework/Nonce/lib/Horde/Nonce.php
@@ -1 +1,39 @@
 <?php
+/**
+ * The nonce handler.
+ *
+ * PHP version 5
+ *
+ * @category Horde
+ * @package  Nonce
+ * @author   Gunnar Wrobel <wrobel@pardus.de>
+ * @license  http://www.fsf.org/copyleft/lgpl.html LGPL
+ * @link     http://pear.horde.org/index.php?package=Nonce
+ */
+
+/**
+ * The nonce handler.
+ *
+ * Copyright 2010 The Horde Project (http://www.horde.org/)
+ *
+ * See the enclosed file COPYING for license information (LGPL). If you
+ * did not receive this file, see http://www.fsf.org/copyleft/lgpl.html.
+ *
+ * @category Horde
+ * @package  Nonce
+ * @author   Gunnar Wrobel <wrobel@pardus.de>
+ * @license  http://www.fsf.org/copyleft/lgpl.html LGPL
+ * @link     http://pear.horde.org/index.php?package=Nonce
+ */
+class Horde_Nonce
+{
+    /**
+     * Return a nonce.
+     *
+     * @return string The nonce.
+     */
+    public function get()
+    {
+        return pack('Nn2', time(), mt_rand(), mt_rand());
+    }
+}
diff --git a/framework/Nonce/package.xml b/framework/Nonce/package.xml
new file mode 100644
index 000000000..e4b54a113
--- /dev/null
+++ b/framework/Nonce/package.xml
@@ -0,0 +1,105 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<package packagerversion="1.9.0" version="2.0" xmlns="http://pear.php.net/dtd/package-2.0" xmlns:tasks="http://pear.php.net/dtd/tasks-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://pear.php.net/dtd/tasks-1.0     http://pear.php.net/dtd/tasks-1.0.xsd     http://pear.php.net/dtd/package-2.0     http://pear.php.net/dtd/package-2.0.xsd">
+ <name>Nonce</name>
+ <channel>pear.horde.org</channel>
+ <summary>Provides nonces (numbers used once)</summary>
+ <description>Nonces (numbers used once) protect against reuse. They
+ can be used to disallow sending forms or using links twice. They can
+ can also be combined with tokens protecting against XSRF (though they
+ do not neccesarily provide any additional security in that
+ context). Generation of nonces is trivial but storage of used nonces
+ can be complex. This library relies primarily on modified Bloom
+ filters as suggested by Martin SchÃ¶nert (who in turn refers to Robert
+ Floyd as the first one suggesting such an approach).</description>
+ <lead>
+  <name>Chuck Hagenbuch</name>
+  <user>chuck</user>
+  <email>chuck@horde.org</email>
+  <active>yes</active>
+ </lead>
+ <lead>
+  <name>Jan Schneider</name>
+  <user>jan</user>
+  <email>jan@horde.org</email>
+  <active>yes</active>
+ </lead>
+ <lead>
+  <name>Gunnar Wrobel</name>
+  <user>wrobel</user>
+  <email>wrobel@pardus.de</email>
+  <active>yes</active>
+ </lead>
+ <date>2010-11-03</date>
+ <time>17:30:13</time>
+ <version>
+  <release>0.0.1</release>
+  <api>0.0.1</api>
+ </version>
+ <stability>
+  <release>alpha</release>
+  <api>alpha</api>
+ </stability>
+ <license uri="http://www.gnu.org/copyleft/lesser.html">LGPL</license>
+ <notes>
+* Initial release.
+ </notes>
+ <contents>
+  <dir baseinstalldir="/" name="/">
+   <dir name="lib">
+    <dir name="Horde">
+     <file name="Nonce.php" role="php" />
+    </dir> <!-- /lib/Horde -->
+   </dir> <!-- /lib -->
+   <dir name="test">
+    <dir name="Horde">
+     <dir name="Nonce">
+      <dir name="Integration">
+       <file name="NonceTest.php" role="test" />
+      </dir> <!-- /test/Horde/Nonce/Integration -->
+      <file name="AllTests.php" role="test" />
+      <file name="Autoload.php" role="test" />
+      <file name="phpunit.xml" role="test" />
+      <file name="StoryTestCase.php" role="test" />
+     </dir> <!-- /test/Horde/Nonce -->
+    </dir> <!-- /test/Horde -->
+   </dir> <!-- /test -->
+  </dir> <!-- / -->
+ </contents>
+ <dependencies>
+  <required>
+   <php>
+    <min>5.2.0</min>
+   </php>
+   <pearinstaller>
+    <min>1.9.0</min>
+   </pearinstaller>
+  </required>
+ </dependencies>
+ <phprelease>
+  <filelist>
+   <install as="Horde/Nonce.php" name="lib/Horde/Nonce.php" />
+   <install as="Horde/Nonce/AllTests.php" name="test/Horde/Nonce/AllTests.php" />
+   <install as="Horde/Nonce/Autoload.php" name="test/Horde/Nonce/Autoload.php" />
+   <install as="Horde/Nonce/phpunit.xml" name="test/Horde/Nonce/phpunit.xml" />
+   <install as="Horde/Nonce/StoryTestCase.php" name="test/Horde/Nonce/StoryTestCase.php" />
+   <install as="Horde/Nonce/Integration/NonceTest.php" name="test/Horde/Nonce/Integration/NonceTest.php" />
+  </filelist>
+ </phprelease>
+ <changelog>
+  <release>
+   <version>
+    <release>0.0.1</release>
+    <api>0.0.1</api>
+   </version>
+   <stability>
+    <release>alpha</release>
+    <api>alpha</api>
+   </stability>
+   <date>2010-11-03</date>
+   <license uri="http://www.gnu.org/copyleft/lesser.html">LGPL</license>
+   <notes>
+* Initial release.
+   </notes>
+  </release>
+ </changelog>
+</package>
diff --git a/framework/Nonce/test/Horde/Nonce/Autoload.php b/framework/Nonce/test/Horde/Nonce/Autoload.php
index 47545d441..09f45122c 100644
--- a/framework/Nonce/test/Horde/Nonce/Autoload.php
+++ b/framework/Nonce/test/Horde/Nonce/Autoload.php
@@ -21,3 +21,6 @@ require_once 'Horde/Test/Autoload.php';
 
 /** Catch strict standards */
 error_reporting(E_ALL | E_STRICT);
+
+/** Load the basic test definition */
+require_once dirname(__FILE__) . '/StoryTestCase.php';
diff --git a/framework/Nonce/test/Horde/Nonce/Integration/NonceTest.php b/framework/Nonce/test/Horde/Nonce/Integration/NonceTest.php
new file mode 100644
index 000000000..31f385cf7
--- /dev/null
+++ b/framework/Nonce/test/Horde/Nonce/Integration/NonceTest.php
@@ -0,0 +1,47 @@
+<?php
+/**
+ * Test the Nonce system.
+ *
+ * PHP version 5
+ *
+ * @category   Horde
+ * @package    Nonce
+ * @subpackage UnitTests
+ * @author     Gunnar Wrobel <wrobel@pardus.de>
+ * @license    http://www.fsf.org/copyleft/lgpl.html LGPL
+ * @link       http://pear.horde.org/index.php?package=Nonce
+ */
+
+/**
+ * Prepare the test setup.
+ */
+require_once dirname(__FILE__) . '/../Autoload.php';
+
+/**
+ * Test the Nonce system.
+ *
+ * Copyright 2010 The Horde Project (http://www.horde.org/)
+ *
+ * See the enclosed file COPYING for license information (LGPL). If you
+ * did not receive this file, see http://www.fsf.org/copyleft/lgpl.html.
+ *
+ * @category   Horde
+ * @package    Nonce
+ * @subpackage UnitTests
+ * @author     Gunnar Wrobel <wrobel@pardus.de>
+ * @license    http://www.fsf.org/copyleft/lgpl.html LGPL
+ * @link       http://pear.horde.org/index.php?package=Nonce
+ */
+class Horde_Nonce_Integration_NonceTest
+extends Horde_Nonce_StoryTestCase
+{
+    /**
+     * @scenario
+     */
+    public function aDefaultNonceHasADefinedLengthOf()
+    {
+        $this->given('the default nonce setup')
+            ->when('retrieving a nonce')
+            ->then('the nonce has a length of 8 bytes');
+    }
+}
\ No newline at end of file
diff --git a/framework/Nonce/test/Horde/Nonce/StoryTestCase.php b/framework/Nonce/test/Horde/Nonce/StoryTestCase.php
new file mode 100644
index 000000000..12cb12dc7
--- /dev/null
+++ b/framework/Nonce/test/Horde/Nonce/StoryTestCase.php
@@ -0,0 +1,93 @@
+<?php
+/**
+ * Base for story based package testing.
+ *
+ * PHP version 5
+ *
+ * @category   Horde
+ * @package    Nonce
+ * @subpackage UnitTests
+ * @author     Gunnar Wrobel <wrobel@pardus.de>
+ * @license    http://www.fsf.org/copyleft/lgpl.html LGPL
+ * @link       http://pear.horde.org/index.php?package=Nonce
+ */
+
+/**
+ * Base for story based package testing.
+ *
+ * Copyright 2010 The Horde Project (http://www.horde.org/)
+ *
+ * See the enclosed file COPYING for license information (LGPL). If you
+ * did not receive this file, see http://www.fsf.org/copyleft/lgpl.html.
+ *
+ * @category   Horde
+ * @package    Nonce
+ * @subpackage UnitTests
+ * @author     Gunnar Wrobel <wrobel@pardus.de>
+ * @license    http://www.fsf.org/copyleft/lgpl.html LGPL
+ * @link       http://pear.horde.org/index.php?package=Nonce
+ */
+class Horde_Nonce_StoryTestCase
+extends PHPUnit_Extensions_Story_TestCase
+{
+    /**
+     * Handle a "given" step.
+     *
+     * @param array  &$world    Joined "world" of variables.
+     * @param string $action    The description of the step.
+     * @param array  $arguments Additional arguments to the step.
+     *
+     * @return mixed The outcome of the step.
+     */
+    public function runGiven(&$world, $action, $arguments)
+    {
+        switch($action) {
+        case 'the default nonce setup':
+            $world['nonce_handler'] = new Horde_Nonce();
+            break;
+        default:
+            return $this->notImplemented($action);
+        }
+    }
+
+    /**
+     * Handle a "when" step.
+     *
+     * @param array  &$world    Joined "world" of variables.
+     * @param string $action    The description of the step.
+     * @param array  $arguments Additional arguments to the step.
+     *
+     * @return mixed The outcome of the step.
+     */
+    public function runWhen(&$world, $action, $arguments)
+    {
+        switch($action) {
+        case 'retrieving a nonce':
+            $world['nonce'] = $world['nonce_handler']->get();
+            break;
+        default:
+            return $this->notImplemented($action);
+        }
+    }
+
+    /**
+     * Handle a "then" step.
+     *
+     * @param array  &$world    Joined "world" of variables.
+     * @param string $action    The description of the step.
+     * @param array  $arguments Additional arguments to the step.
+     *
+     * @return mixed The outcome of the step.
+     */
+    public function runThen(&$world, $action, $arguments)
+    {
+        switch($action) {
+        case 'the nonce has a length of 8 bytes':
+            $this->assertEquals(8, strlen($world['nonce']));
+            break;
+        default:
+            return $this->notImplemented($action);
+        }
+    }
+
+}
\ No newline at end of file
-- 
2.11.0

