config_preview_deploy-1.0.0-alpha3/tests/src/Kernel/HashVerificationTest.php

<?php

declare(strict_types=1);

namespace Drupal\Tests\config_preview_deploy\Kernel;

use Drupal\config_preview_deploy\HashVerification;
use Drupal\Core\Url;
use Drupal\KernelTests\KernelTestBase;

/**
 * Tests the HashVerification service.
 *
 * @group config_preview_deploy
 */
class HashVerificationTest extends KernelTestBase {

  /**
   * {@inheritdoc}
   */
  protected static $modules = [
    'config_preview_deploy',
    'system',
    'user',
  ];

  /**
   * The hash verification service.
   *
   * @var \Drupal\config_preview_deploy\HashVerification
   */
  protected HashVerification $hashVerification;

  /**
   * {@inheritdoc}
   */
  protected function setUp(): void {
    parent::setUp();
    // Set HTTP_HOST for testing.
    $_SERVER['HTTP_HOST'] = 'example.com';
    $this->hashVerification = $this->container->get('config_preview_deploy.hash_verification');
  }

  /**
   * Tests hash generation.
   */
  public function testHashGeneration(): void {
    $productionHost = 'example.com';
    $timestamp = time();

    $hash = $this->hashVerification->generateVerificationHash($productionHost, $timestamp);

    $this->assertIsString($hash);
    $this->assertEquals(64, strlen($hash), 'Hash should be 64 characters (SHA256)');
    $this->assertMatchesRegularExpression('/^[a-f0-9]{64}$/', $hash, 'Hash should be hexadecimal');
  }

  /**
   * Tests hash verification with valid hash.
   */
  public function testValidHashVerification(): void {
    // Get the host from Drupal's base URL.
    $currentUrl = Url::fromRoute('system.admin', [], ['absolute' => TRUE])->toString();
    $productionHost = parse_url($currentUrl, PHP_URL_HOST);
    $timestamp = time();

    // Generate a hash.
    $hash = $this->hashVerification->generateVerificationHash($productionHost, $timestamp);

    // Verify the hash.
    $isValid = $this->hashVerification->verifyHash($hash, $timestamp);

    $this->assertTrue($isValid, 'Valid hash should be verified successfully');
  }

  /**
   * Tests hash verification with invalid hash.
   */
  public function testInvalidHashVerification(): void {
    $timestamp = time();

    // Use an invalid hash.
    $invalidHash = 'invalid1234567890abcdef1234567890abcdef1234567890abcdef1234567890';

    // Verify the hash.
    $isValid = $this->hashVerification->verifyHash($invalidHash, $timestamp);

    $this->assertFalse($isValid, 'Invalid hash should not be verified');
  }

  /**
   * Tests hash verification with wrong production host.
   */
  public function testWrongHostVerification(): void {
    $productionHost = 'example.com';
    $wrongHost = 'wrong.com';
    $timestamp = time();

    // Generate a hash for one host.
    $hash = $this->hashVerification->generateVerificationHash($productionHost, $timestamp);

    // Try to verify with a different host.
    $isValid = $this->hashVerification->verifyHash($hash, $timestamp, $wrongHost);

    $this->assertFalse($isValid, 'Hash should not verify with different host');
  }

  /**
   * Tests hash verification with expired timestamp.
   */
  public function testExpiredTimestampVerification(): void {
    $productionHost = 'example.com';
    // 400 seconds ago (exceeds 300 second max).
    $oldTimestamp = time() - 400;

    // Generate a hash with old timestamp.
    $hash = $this->hashVerification->generateVerificationHash($productionHost, $oldTimestamp);

    // Try to verify with expired timestamp.
    $isValid = $this->hashVerification->verifyHash($hash, $oldTimestamp);

    $this->assertFalse($isValid, 'Expired hash should not verify');
  }

  /**
   * Tests that hash verification uses Drupal base URL when host not provided.
   */
  public function testHashVerificationUsesCorrectHost(): void {
    // Get the expected host from Drupal's base URL (same as UI logic).
    $currentUrl = Url::fromRoute('system.admin', [], ['absolute' => TRUE])->toString();
    $expectedHost = parse_url($currentUrl, PHP_URL_HOST);

    // Generate a hash using the expected host.
    $timestamp = time();
    $hash = $this->hashVerification->generateVerificationHash($expectedHost, $timestamp);

    // Verify the hash without providing a host - should use Drupal base URL.
    $isValid = $this->hashVerification->verifyHash($hash, $timestamp);
    $this->assertTrue($isValid, 'Hash should verify when using Drupal base URL host');

    // Verify that using $_SERVER['HTTP_HOST'] would fail if different.
    $_SERVER['HTTP_HOST'] = 'different-host.example.com';
    $wrongHash = $this->hashVerification->generateVerificationHash($_SERVER['HTTP_HOST'], $timestamp);
    $this->assertNotEquals($hash, $wrongHash, 'Hash generated with different host should be different');

    // The verification should still work because it uses Drupal base URL,
    // not $_SERVER.
    $isValid = $this->hashVerification->verifyHash($hash, $timestamp);
    $this->assertTrue($isValid, 'Hash should still verify even when $_SERVER[HTTP_HOST] is different');
  }

}