update login scurity

This commit is contained in:
root
2026-05-08 00:17:42 -04:00
parent b01a4496e6
commit 76866ffe1e
17 changed files with 342 additions and 62 deletions
@@ -0,0 +1,35 @@
<?php
namespace Tests\App\Filters;
use App\Filters\ApiRateLimitFilter;
use CodeIgniter\HTTP\IncomingRequest;
use CodeIgniter\HTTP\Response;
use CodeIgniter\HTTP\URI;
use CodeIgniter\HTTP\UserAgent;
use CodeIgniter\Test\CIUnitTestCase;
use Config\App;
use Config\Services;
class ApiRateLimitFilterTest extends CIUnitTestCase
{
protected function setUp(): void
{
parent::setUp();
Services::resetSingle('throttler');
Services::resetSingle('session');
}
public function testBlocksRequestWhenThresholdIsExceeded(): void
{
$request = new IncomingRequest(config(App::class), new URI('https://example.test/api/health'), 'php://input', new UserAgent());
$filter = new ApiRateLimitFilter();
$first = $filter->before($request, [1, 60]);
$second = $filter->before($request, [1, 60]);
$this->assertNull($first);
$this->assertInstanceOf(Response::class, $second);
$this->assertSame(429, $second->getStatusCode());
}
}
@@ -0,0 +1,48 @@
<?php
namespace Tests\App\Filters;
use App\Filters\SanitizeInputFilter;
use CodeIgniter\HTTP\IncomingRequest;
use CodeIgniter\HTTP\Response;
use CodeIgniter\HTTP\URI;
use CodeIgniter\HTTP\UserAgent;
use CodeIgniter\Test\CIUnitTestCase;
use Config\App;
use Config\Services;
class SanitizeInputFilterTest extends CIUnitTestCase
{
public function testSanitizesGetPostAndJsonPayloads(): void
{
$request = new IncomingRequest(config(App::class), new URI('https://example.test/api/login'), 'php://input', new UserAgent());
$request->setHeader('Content-Type', 'application/json');
$request->setGlobal('get', ['q' => " hello\x00 "]);
$request->setGlobal('post', ['email' => " user@example.com \n"]);
$request->setGlobal('request', ['email' => " user@example.com \n"]);
$request->setGlobal('cookie', ['token' => " abc\t"]);
$request->setBody("{\"email\":\" user@example.com \",\"name\":\" Bob\\u0000 \"}");
$filter = new SanitizeInputFilter();
$result = $filter->before($request);
$this->assertNull($result);
$this->assertSame('hello', $request->getGet('q'));
$this->assertSame('user@example.com', $request->getPost('email'));
$this->assertSame('abc', $request->getCookie('token'));
$this->assertSame(['email' => 'user@example.com', 'name' => 'Bob'], $request->getJSON(true));
}
public function testRejectsMalformedJsonPayload(): void
{
$request = new IncomingRequest(config(App::class), new URI('https://example.test/api/login'), 'php://input', new UserAgent());
$request->setHeader('Content-Type', 'application/json');
$request->setBody('{invalid');
$filter = new SanitizeInputFilter();
$result = $filter->before($request);
$this->assertInstanceOf(Response::class, $result);
$this->assertSame(400, $result->getStatusCode());
}
}