
namespace Shaarli\Security;

use Psr\Log\LoggerInterface;
use Shaarli\Helper\FileUtils;
use Shaarli\TestCase;

 * Test coverage for BanManager
class BanManagerTest extends TestCase
    /** @var BanManager Ban Manager instance */
    protected $banManager;

    /** @var string Banned IP filename */
    protected $banFile = 'sandbox/ipbans.php';

    /** @var string Log filename */
    protected $logFile = 'sandbox/shaarli.log';

    /** @var string Local client IP address */
    protected $ipAddr = '';

    /** @var string Trusted proxy IP address */
    protected $trustedProxy = '';

    /** @var array Simulates the $_SERVER array */
    protected $server = [];

     * Prepare or reset test resources
    protected function setUp(): void
        if (file_exists($this->banFile)) {

        $this->banManager = $this->getNewBanManagerInstance();
        $this->server['REMOTE_ADDR'] = $this->ipAddr;

     * Test constructor with initial file.
    public function testInstantiateFromFile()
        $time = time() + 10;
                'failures' => [
                    $this->ipAddr => 2,
                    $ip = '' => 1,
                'bans' => [
                    $ip2 = '' => $time,
                    $ip3 = '' => $time + 1,
        $this->banManager = $this->getNewBanManagerInstance();

        $this->assertCount(2, $this->banManager->getFailures());
        $this->assertEquals(2, $this->banManager->getFailures()[$this->ipAddr]);
        $this->assertEquals(1, $this->banManager->getFailures()[$ip]);
        $this->assertCount(2, $this->banManager->getBans());
        $this->assertEquals($time, $this->banManager->getBans()[$ip2]);
        $this->assertEquals($time + 1, $this->banManager->getBans()[$ip3]);

     * Test constructor with initial file with invalid values
    public function testInstantiateFromCrappyFile()
        FileUtils::writeFlatDB($this->banFile, 'plop');
        $this->banManager = $this->getNewBanManagerInstance();

        $this->assertEquals([], $this->banManager->getFailures());
        $this->assertEquals([], $this->banManager->getBans());

     * Test failed attempt with a direct IP.
    public function testHandleFailedAttempt()
        $this->assertCount(0, $this->banManager->getFailures());

        $this->assertCount(1, $this->banManager->getFailures());
        $this->assertEquals(1, $this->banManager->getFailures()[$this->ipAddr]);

        $this->assertCount(1, $this->banManager->getFailures());
        $this->assertEquals(2, $this->banManager->getFailures()[$this->ipAddr]);

     * Test failed attempt behind a trusted proxy IP (with proper IP forwarding).
    public function testHandleFailedAttemptBehingProxy()
        $server = [
            'REMOTE_ADDR' => $this->trustedProxy,
            'HTTP_X_FORWARDED_FOR' => $this->ipAddr,
        $this->assertCount(0, $this->banManager->getFailures());

        $this->assertCount(1, $this->banManager->getFailures());
        $this->assertEquals(1, $this->banManager->getFailures()[$this->ipAddr]);

        $this->assertCount(1, $this->banManager->getFailures());
        $this->assertEquals(2, $this->banManager->getFailures()[$this->ipAddr]);

     * Test failed attempt behind a trusted proxy IP but without IP forwarding.
    public function testHandleFailedAttemptBehindNotConfiguredProxy()
        $server = [
            'REMOTE_ADDR' => $this->trustedProxy,
        $this->assertCount(0, $this->banManager->getFailures());

        $this->assertCount(0, $this->banManager->getFailures());

        $this->assertCount(0, $this->banManager->getFailures());

     * Test failed attempts with multiple direct IP.
    public function testHandleFailedAttemptMultipleIp()
        $this->assertCount(0, $this->banManager->getFailures());
        $this->server['REMOTE_ADDR'] = '';
        $this->assertCount(2, $this->banManager->getFailures());
        $this->assertEquals(1, $this->banManager->getFailures()[$this->ipAddr]);
        $this->assertEquals(2, $this->banManager->getFailures()[$this->server['REMOTE_ADDR']]);

     * Test clear failure for provided IP without any additional data.
    public function testClearFailuresEmpty()
        $this->assertCount(0, $this->banManager->getFailures());
        $this->assertCount(0, $this->banManager->getFailures());

     * Test clear failure for provided IP with failed attempts.
    public function testClearFailuresFromFile()
                'failures' => [
                    $this->ipAddr => 2,
                    $ip = '' => 1,
        $this->banManager = $this->getNewBanManagerInstance();

        $this->assertCount(2, $this->banManager->getFailures());
        $this->assertCount(1, $this->banManager->getFailures());
        $this->assertEquals(1, $this->banManager->getFailures()[$ip]);

     * Test clear failure for provided IP with failed attempts, behind a reverse proxy.
    public function testClearFailuresFromFileBehindProxy()
        $server = [
            'REMOTE_ADDR' => $this->trustedProxy,
            'HTTP_X_FORWARDED_FOR' => $this->ipAddr,

                'failures' => [
                    $this->ipAddr => 2,
                    $ip = '' => 1,
        $this->banManager = $this->getNewBanManagerInstance();

        $this->assertCount(2, $this->banManager->getFailures());
        $this->assertCount(1, $this->banManager->getFailures());
        $this->assertEquals(1, $this->banManager->getFailures()[$ip]);

     * Test clear failure for provided IP with failed attempts,
     * behind a reverse proxy without forwarding.
    public function testClearFailuresFromFileBehindNotConfiguredProxy()
        $server = [
            'REMOTE_ADDR' => $this->trustedProxy,

                'failures' => [
                    $this->ipAddr => 2,
                    $ip = '' => 1,
        $this->banManager = $this->getNewBanManagerInstance();

        $this->assertCount(2, $this->banManager->getFailures());
        $this->assertCount(2, $this->banManager->getFailures());

     * Test isBanned without any data
    public function testIsBannedEmpty()

     * Test isBanned with banned IP from file data
    public function testBannedFromFile()
                'bans' => [
                    $this->ipAddr => time() + 10,
        $this->banManager = $this->getNewBanManagerInstance();

        $this->assertCount(1, $this->banManager->getBans());

     * Test isBanned with banned IP from file data behind a reverse proxy
    public function testBannedFromFileBehindProxy()
        $server = [
            'REMOTE_ADDR' => $this->trustedProxy,
            'HTTP_X_FORWARDED_FOR' => $this->ipAddr,
                'bans' => [
                    $this->ipAddr => time() + 10,
        $this->banManager = $this->getNewBanManagerInstance();

        $this->assertCount(1, $this->banManager->getBans());

     * Test isBanned with banned IP from file data behind a reverse proxy,
     * without IP forwarding
    public function testBannedFromFileBehindNotConfiguredProxy()
        $server = [
            'REMOTE_ADDR' => $this->trustedProxy,
                'bans' => [
                    $this->ipAddr => time() + 10,
        $this->banManager = $this->getNewBanManagerInstance();

        $this->assertCount(1, $this->banManager->getBans());

     * Test isBanned with an expired ban
    public function testLiftBan()
                'bans' => [
                    $this->ipAddr => time() - 10,
        $this->banManager = $this->getNewBanManagerInstance();

        $this->assertCount(1, $this->banManager->getBans());

     * Test isBanned with an expired ban behind a reverse proxy
    public function testLiftBanBehindProxy()
        $server = [
            'REMOTE_ADDR' => $this->trustedProxy,
            'HTTP_X_FORWARDED_FOR' => $this->ipAddr,

                'bans' => [
                    $this->ipAddr => time() - 10,
        $this->banManager = $this->getNewBanManagerInstance();

        $this->assertCount(1, $this->banManager->getBans());

     * Test isBanned with an expired ban behind a reverse proxy
    public function testLiftBanBehindNotConfiguredProxy()
        $server = [
            'REMOTE_ADDR' => $this->trustedProxy,

                'bans' => [
                    $this->ipAddr => time() - 10,
        $this->banManager = $this->getNewBanManagerInstance();

        $this->assertCount(1, $this->banManager->getBans());

     * Build a new instance of BanManager, which will reread the ban file.
     * @return BanManager instance
    protected function getNewBanManagerInstance()
        return new BanManager(