From b60426b7cc733fad23d2a918bb64da14f5a304dd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?L=C3=A1szl=C3=B3=20Dob=C3=B3?= Date: Thu, 2 Aug 2018 08:37:28 +0200 Subject: [PATCH 1/8] Do not allow PHP 7.1 and HHVM to fail --- .travis.yml | 5 ----- 1 file changed, 5 deletions(-) diff --git a/.travis.yml b/.travis.yml index 54eaca7..92aa5e7 100644 --- a/.travis.yml +++ b/.travis.yml @@ -15,11 +15,6 @@ php: - 7.1 - hhvm -matrix: - allow_failures: - - php: hhvm - - php: 7.1 - env: - TYPE=mysql DSN=mysql://root@localhost/spot_test - TYPE=pgsql DSN=pgsql://postgres@localhost/spot_test" From db62fc6102284ba7657ae357d27d8bd4687b34bc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?L=C3=A1szl=C3=B3=20Dob=C3=B3?= Date: Thu, 2 Aug 2018 08:47:28 +0200 Subject: [PATCH 2/8] Fixes faling build caused by different DateTime values --- tests/Entity.php | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/tests/Entity.php b/tests/Entity.php index c51dbb8..1c10544 100644 --- a/tests/Entity.php +++ b/tests/Entity.php @@ -37,6 +37,7 @@ public static function tearDownAfterClass() public function testEntitySetDataProperties() { + $currentDateTime = new \DateTime(); $mapper = test_spot_mapper('SpotTest\Entity\Post'); $post = new \SpotTest\Entity\Post(); @@ -44,6 +45,7 @@ public function testEntitySetDataProperties() $post->title = "My Awesome Post"; $post->body = "

Body

"; $post->author_id = 1; + $post->date_created = $currentDateTime; $data = $post->data(); ksort($data); @@ -53,7 +55,7 @@ public function testEntitySetDataProperties() 'title' => 'My Awesome Post', 'body' => '

Body

', 'status' => 0, - 'date_created' => new \DateTime(), + 'date_created' => $currentDateTime, 'data' => null, 'author_id' => 1 ]; @@ -66,14 +68,15 @@ public function testEntitySetDataProperties() public function testEntitySetDataConstruct() { + $currentDateTime = new \DateTime(); $mapper = test_spot_mapper('SpotTest\Entity\Post'); $post = new \SpotTest\Entity\Post([ 'title' => 'My Awesome Post', 'body' => '

Body

', 'author_id' => 1, - 'date_created' => new \DateTime() + 'date_created' => $currentDateTime ]); - + $data = $post->data(); ksort($data); @@ -85,7 +88,7 @@ public function testEntitySetDataConstruct() 'date_created' => null, 'data' => null, 'author_id' => 1, - 'date_created' => new \DateTime() + 'date_created' => $currentDateTime ]; ksort($testData); From 277ba446ad10b3acea1f4d1f50c853c8fd7cfa96 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?L=C3=A1szl=C3=B3=20Dob=C3=B3?= Date: Thu, 2 Aug 2018 09:29:56 +0200 Subject: [PATCH 3/8] Fixes mcrypt_encrypt deprecation The mcrypt_encrypt function has been DEPRECATED as of PHP 7.1.0. We are encouraged to use openssl_encrypt instead. --- tests/Type/Encrypted.php | 42 ++++++++++++++++++++++++++-------------- 1 file changed, 28 insertions(+), 14 deletions(-) diff --git a/tests/Type/Encrypted.php b/tests/Type/Encrypted.php index 7cac484..b69aa99 100644 --- a/tests/Type/Encrypted.php +++ b/tests/Type/Encrypted.php @@ -7,11 +7,13 @@ class Encrypted extends Type { public static $key; + private static $hashing = 'SHA256'; + private static $cipher = 'AES-128-CBC'; public function convertToPHPValue($value, AbstractPlatform $platform) { if (is_string($value)) { - $value = self::aes256_decrypt(self::$key, base64_decode($value)); + $value = self::aes256_decrypt(self::$key, self::$hashing, self::$cipher, base64_decode($value)); } else { $value = null; } @@ -21,7 +23,7 @@ public function convertToPHPValue($value, AbstractPlatform $platform) public function convertToDatabaseValue($value, AbstractPlatform $platform) { - return base64_encode(self::aes256_encrypt(self::$key, $value)); + return base64_encode(self::aes256_encrypt(self::$key, self::$hashing, self::$cipher, $value)); } public function getName() @@ -34,21 +36,33 @@ public function getSqlDeclaration(array $fieldDeclaration, AbstractPlatform $pla return 'TEXT'; } - private function aes256_encrypt($key, $data) + private function aes256_encrypt($key, $hashing, $cipher, $data) { - if(32 !== strlen($key)) $key = hash('SHA256', $key, true); - $padding = 16 - (strlen($data) % 16); - $data .= str_repeat(chr($padding), $padding); - - return mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $key, $data, MCRYPT_MODE_CBC, str_repeat("\0", 16)); + if(32 !== strlen($key)) $key = hash($hashing, $key, true); + + $ivlen = openssl_cipher_iv_length($cipher); + $iv = openssl_random_pseudo_bytes($ivlen); + $ciphertext_raw = openssl_encrypt($data, $cipher, $key, $options = OPENSSL_RAW_DATA, $iv); + $hmac = hash_hmac($hashing, $ciphertext_raw, $key, $as_binary = true); + + return $iv.$hmac.$ciphertext_raw; } - private function aes256_decrypt($key, $data) + private function aes256_decrypt($key, $hashing, $cipher, $data) { - if(32 !== strlen($key)) $key = hash('SHA256', $key, true); - $data = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $key, $data, MCRYPT_MODE_CBC, str_repeat("\0", 16)); - $padding = ord($data[strlen($data) - 1]); - - return substr($data, 0, -$padding); + if(32 !== strlen($key)) $key = hash($hashing, $key, true); + + $ivlen = openssl_cipher_iv_length($cipher); + $iv = substr($data, 0, $ivlen); + $hmac = substr($data, $ivlen, $sha2len = 32); + $ciphertext_raw = substr($data, $ivlen + $sha2len); + $original = openssl_decrypt($ciphertext_raw, $cipher, $key, $options = OPENSSL_RAW_DATA, $iv); + $calcmac = hash_hmac($hashing, $ciphertext_raw, $key, $as_binary = true); + + if (hash_equals($hmac, $calcmac)) { // PHP 5.6+ timing attack safe comparison + return $original; + } else { + throw new \RuntimeException("Timing attack safe string comparison failed."); + } } } From 338497f235c377f54ccb2284b0e32c65a5069072 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?L=C3=A1szl=C3=B3=20Dob=C3=B3?= Date: Thu, 2 Aug 2018 09:51:47 +0200 Subject: [PATCH 4/8] Added hash_equals for PHP 5.4 and PHP 5.5 --- tests/Type/Encrypted.php | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/tests/Type/Encrypted.php b/tests/Type/Encrypted.php index b69aa99..0b380a7 100644 --- a/tests/Type/Encrypted.php +++ b/tests/Type/Encrypted.php @@ -66,3 +66,21 @@ private function aes256_decrypt($key, $hashing, $cipher, $data) } } } + +/* + * Added hash_equals to support PHP 5.4 and PHP 5.5 + * hash_equals is built-in from PHP 5.6 + * Source: http://php.net/manual/en/function.hash-equals.php + */ +if(!function_exists('hash_equals')) { + function hash_equals($str1, $str2) { + if(strlen($str1) != strlen($str2)) { + return false; + } else { + $res = $str1 ^ $str2; + $ret = 0; + for($i = strlen($res) - 1; $i >= 0; $i--) $ret |= ord($res[$i]); + return !$ret; + } + } +} From deba373fdda903f47c93426184fb094d98d9489e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?L=C3=A1szl=C3=B3=20Dob=C3=B3?= Date: Thu, 2 Aug 2018 11:14:20 +0200 Subject: [PATCH 5/8] Possible fix for HHVM safe_mode/open_basedir error --- .travis.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 92aa5e7..7109095 100644 --- a/.travis.yml +++ b/.travis.yml @@ -27,7 +27,8 @@ install: before_script: - if [[ "$TYPE" == "mysql" ]]; then mysql -e "create database IF NOT EXISTS spot_test;" -uroot; fi - if [[ "$TYPE" == "pgsql" ]]; then psql -c 'create database spot_test;' -U postgres; fi - + - if [[ "$TYPE" == "sqlite" && "$TRAVIS_PHP_VERSION" == "hhvm" ]]; then echo 'open_basedir = none' >> ~/.phpenv/versions/$(phpenv version-name)/etc/conf.d/travis.ini; fi + # omitting "script:" will default to phpunit # use the $TYPE env variable to determine the phpunit.xml to use script: vendor/bin/phpunit --configuration phpunit_$TYPE.xml --coverage-text From 1332e37b8c1815ff6d00539716678e23a61244b3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?L=C3=A1szl=C3=B3=20Dob=C3=B3?= Date: Fri, 3 Aug 2018 08:09:29 +0200 Subject: [PATCH 6/8] Added PHP 7.2 and nightly to .travis.yml --- .travis.yml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 7109095..3239c50 100644 --- a/.travis.yml +++ b/.travis.yml @@ -13,7 +13,14 @@ php: - 5.6 - 7.0 - 7.1 + - 7.2 + - nightly - hhvm + +matrix: + allow_failures: + - php: nightly + - php: hhvm env: - TYPE=mysql DSN=mysql://root@localhost/spot_test @@ -27,7 +34,6 @@ install: before_script: - if [[ "$TYPE" == "mysql" ]]; then mysql -e "create database IF NOT EXISTS spot_test;" -uroot; fi - if [[ "$TYPE" == "pgsql" ]]; then psql -c 'create database spot_test;' -U postgres; fi - - if [[ "$TYPE" == "sqlite" && "$TRAVIS_PHP_VERSION" == "hhvm" ]]; then echo 'open_basedir = none' >> ~/.phpenv/versions/$(phpenv version-name)/etc/conf.d/travis.ini; fi # omitting "script:" will default to phpunit # use the $TYPE env variable to determine the phpunit.xml to use From 7f105e5e34240a77731682ffd166bc861de5f3af Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?L=C3=A1szl=C3=B3=20Dob=C3=B3?= Date: Fri, 3 Aug 2018 11:45:59 +0200 Subject: [PATCH 7/8] Fixes PHP 7.2 build, possibly fixes HHVM build --- .travis.yml | 27 +++++++++++++++++++-------- lib/Config.php | 2 +- tests/Relations.php | 1 + 3 files changed, 21 insertions(+), 9 deletions(-) diff --git a/.travis.yml b/.travis.yml index 3239c50..8ef2dd4 100644 --- a/.travis.yml +++ b/.travis.yml @@ -8,33 +8,44 @@ cache: - $HOME/.composer/cache php: - - 5.4 - - 5.5 - - 5.6 - - 7.0 - - 7.1 - 7.2 + - 7.1 + - 7.0 + - 5.6 + - 5.5 + - 5.4 - nightly - hhvm matrix: allow_failures: - php: nightly - - php: hhvm + - php: hhvm # run build against hhvm but allow them to fail env: - TYPE=mysql DSN=mysql://root@localhost/spot_test - TYPE=pgsql DSN=pgsql://postgres@localhost/spot_test" - - TYPE=sqlite DSN=sqlite::memory + - TYPE=sqlite DSN=sqlite:/tmp/db.sqlite install: - composer install # execute any number of scripts before the test run, custom env's are available as variables before_script: + # Disable the HHVM JIT for faster Unit Testing + - if [[ $TRAVIS_PHP_VERSION = hhv* ]]; then + echo 'hhvm.jit = 0' >> /etc/hhvm/php.ini; + echo 'open_basedir = /tmp' >> /etc/hhvm/php.ini; + fi + # Disable DEPRECATE messages during PHPUnit initialization on PHP 7.2. To fix them, PHPUnit should be updated to 6.* + - if [[ $TRAVIS_PHP_VERSION == 7.2 ]] || [[ $TRAVIS_PHP_VERSION == "nightly" ]]; then + echo 'Disabled DEPRECATED notifications for PHP 7.2'; + echo 'error_reporting = E_ALL & ~E_DEPRECATED' >> /tmp/php-config.ini; + phpenv config-add /tmp/php-config.ini; + fi - if [[ "$TYPE" == "mysql" ]]; then mysql -e "create database IF NOT EXISTS spot_test;" -uroot; fi - if [[ "$TYPE" == "pgsql" ]]; then psql -c 'create database spot_test;' -U postgres; fi - + # omitting "script:" will default to phpunit # use the $TYPE env variable to determine the phpunit.xml to use script: vendor/bin/phpunit --configuration phpunit_$TYPE.xml --coverage-text diff --git a/lib/Config.php b/lib/Config.php index 2bb7b5a..703a50d 100644 --- a/lib/Config.php +++ b/lib/Config.php @@ -189,7 +189,7 @@ public static function parseDsn($dsn) $parsed['dbsyntax'] = $str; } - if ( !count( $dsn ) ) { + if ( !isset( $dsn ) ) { return $parsed; } diff --git a/tests/Relations.php b/tests/Relations.php index 8d8afdf..cd6208c 100644 --- a/tests/Relations.php +++ b/tests/Relations.php @@ -102,6 +102,7 @@ public function testHasManyRelationCountZero() $post = $mapper->get(); $post->title = "No Comments"; $post->body = "

Comments relation test

"; + $post->author_id = 1; $mapper->save($post); $this->assertSame(0, count($post->comments)); From da7a3dd65fc655977cecc7b53a94001364018432 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?L=C3=A1szl=C3=B3=20Dob=C3=B3?= Date: Fri, 3 Aug 2018 11:59:15 +0200 Subject: [PATCH 8/8] Fixes HHVM build --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 8ef2dd4..2434d90 100644 --- a/.travis.yml +++ b/.travis.yml @@ -35,7 +35,7 @@ before_script: # Disable the HHVM JIT for faster Unit Testing - if [[ $TRAVIS_PHP_VERSION = hhv* ]]; then echo 'hhvm.jit = 0' >> /etc/hhvm/php.ini; - echo 'open_basedir = /tmp' >> /etc/hhvm/php.ini; + echo 'open_basedir = /tmp:/home/travis/' >> /etc/hhvm/php.ini; fi # Disable DEPRECATE messages during PHPUnit initialization on PHP 7.2. To fix them, PHPUnit should be updated to 6.* - if [[ $TRAVIS_PHP_VERSION == 7.2 ]] || [[ $TRAVIS_PHP_VERSION == "nightly" ]]; then