From 9aa50ede1163d698942627815d4b1ced4e1f98bd Mon Sep 17 00:00:00 2001
From: Josh <josh.t.richards@gmail.com>
Date: Wed, 5 Nov 2025 12:10:14 -0500
Subject: [PATCH] chore: Expand SecureRandomTest unit test scenarios

New test coverage for:

- charset validation failures (duplicates, too short, non-ASCII).
- default charset (CHAR_BASE64_RFC4648).
- randomness/unique output.
- minimum-sized valid charsets and large printable ASCII charset.
- a caller-provided, valid (non-predefined) custom charset.

And adjusts the length ranges tests:

- Added some smaller / more frequently used ranges.
- Added an "oddball" range to possibly catch weird stuff.
- Dropped excessive 64K test which does not need to run within our CI during standard PR runs (if deemed desirable maybe add it to an occasional stress tester, but I don't think it's necessary for now)

Signed-off-by: Josh <josh.t.richards@gmail.com>
---
 tests/lib/Security/SecureRandomTest.php | 58 +++++++++++++++++++++++--
 1 file changed, 55 insertions(+), 3 deletions(-)

diff --git a/tests/lib/Security/SecureRandomTest.php b/tests/lib/Security/SecureRandomTest.php
index 954fd85eaf1..691eb53694b 100644
--- a/tests/lib/Security/SecureRandomTest.php
+++ b/tests/lib/Security/SecureRandomTest.php
@@ -16,11 +16,11 @@ class SecureRandomTest extends \Test\TestCase {
 	public static function stringGenerationProvider(): array {
 		return [
 			[1, 1],
+			[16, 16],
+			[31, 31],
+			[64, 64],
 			[128, 128],
-			[256, 256],
 			[1024, 1024],
-			[2048, 2048],
-			[64000, 64000],
 		];
 	}
 
@@ -81,4 +81,56 @@ class SecureRandomTest extends \Test\TestCase {
 		$generator = $this->rng;
 		$generator->generate($length);
 	}
+
+	public static function invalidCharProviders(): array {
+		return [
+			'invalid_too_short' => ['abc'],
+			'invalid_duplicates' => ['aabcd'],
+			'invalid_non_ascii' => ["abcd\xf0"],
+		];
+	}
+
+	/**
+	 * @dataProvider invalidCharProviders
+	 */
+	public function testInvalidCharacterSets(string $invalidCharset): void {
+		$this->expectException(\InvalidArgumentException::class);
+		$this->rng->generate(10, $invalidCharset);
+	}
+
+	public function testDefaultCharsetBase64Characters(): void {
+		$randomString = $this->rng->generate(100);
+		$this->assertMatchesRegularExpression('/^[A-Za-z0-9\+\/]+$/', $randomString);
+	}
+
+	public function testAllOutputsAreUnique(): void {
+		// While collisions are technically possible, extremely unlikely for these sizes
+		$first = $this->rng->generate(1000);
+		$second = $this->rng->generate(1000);
+		$this->assertNotEquals($first, $second, "Random output should not be repeated.");
+	}
+
+	public function testMinimumValidCharset(): void {
+		$charset = 'abcd';
+		$randomString = $this->rng->generate(500, $charset);
+		$this->assertMatchesRegularExpression('/^[abcd]+$/', $randomString);
+		$this->assertEquals(500, strlen($randomString));
+	}
+
+	public function testLargeCustomCharset(): void {
+		$charset = '';
+		for ($i = 32; $i <= 126; $i++) { // all printable ASCII
+			$charset .= chr($i);
+		}
+		$randomString = $this->rng->generate(200, $charset);
+		foreach (str_split($randomString) as $char) {
+			$this->assertStringContainsString($char, $charset);
+		}
+	}
+
+	public function testUserProvidedValidCharset(): void {
+		$charset = '@#$!';
+		$randomString = $this->rng->generate(64, $charset);
+		$this->assertMatchesRegularExpression('/^[@#$!]+$/', $randomString);
+	}
 }