fix: harden mx helper and cleanup flow
This commit is contained in:
@@ -0,0 +1,35 @@
|
||||
<?php
|
||||
declare(strict_types=1);
|
||||
|
||||
require_once PLUGIN_ROOT . '/mx-helper/cleanup-expired-login-urls.php';
|
||||
|
||||
test('cleanup deletes only expired login urls matching local mail-login state', function (): void {
|
||||
$state = [
|
||||
'timestamp' => 1782810000,
|
||||
'expires' => 1782810030,
|
||||
'correlation' => 'autologin-h4-mxtest-1782810000',
|
||||
'redirect_path' => '/',
|
||||
'client_ip' => '198.51.100.10',
|
||||
'ip_bound' => 1,
|
||||
'status' => 'created',
|
||||
];
|
||||
|
||||
$matching = [
|
||||
'id' => 'HASHURLMATCH',
|
||||
'created' => '2026-06-30T10:00:00Z',
|
||||
'expires' => '2026-06-30T10:00:30Z',
|
||||
'redirectURL' => '/',
|
||||
'allowNetworks' => ['198.51.100.10/32'],
|
||||
];
|
||||
$wrongRedirect = $matching;
|
||||
$wrongRedirect['id'] = 'HASHURLWRONG';
|
||||
$wrongRedirect['redirectURL'] = '/admin';
|
||||
$notExpired = $matching;
|
||||
$notExpired['id'] = 'HASHURLFRESH';
|
||||
$notExpired['expires'] = '2099-06-30T10:00:30Z';
|
||||
|
||||
assert_true(mailLoginCleanupShouldDelete($matching, [$state], strtotime('2026-06-30T10:01:00Z')));
|
||||
assert_false(mailLoginCleanupShouldDelete($wrongRedirect, [$state], strtotime('2026-06-30T10:01:00Z')));
|
||||
assert_false(mailLoginCleanupShouldDelete($notExpired, [$state], strtotime('2026-06-30T10:01:00Z')));
|
||||
});
|
||||
|
||||
Reference in New Issue
Block a user