X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=src%2FWallabag%2FCoreBundle%2FTests%2FController%2FSecurityControllerTest.php;h=2910fa4f739a27ab1347b577de28ffc518935b8c;hb=41c9eecfa728df7d8734ca1b0a69c55c93aafcea;hp=759ef01b0417b2e63f88d984b95f2737e6ec749f;hpb=7fc14130c706fae27c5643a016b23de2bf29910d;p=github%2Fwallabag%2Fwallabag.git diff --git a/src/Wallabag/CoreBundle/Tests/Controller/SecurityControllerTest.php b/src/Wallabag/CoreBundle/Tests/Controller/SecurityControllerTest.php index 759ef01b..2910fa4f 100644 --- a/src/Wallabag/CoreBundle/Tests/Controller/SecurityControllerTest.php +++ b/src/Wallabag/CoreBundle/Tests/Controller/SecurityControllerTest.php @@ -2,200 +2,71 @@ namespace Wallabag\CoreBundle\Tests\Controller; -use Symfony\Component\Filesystem\Filesystem; -use Symfony\Component\Finder\Finder; use Wallabag\CoreBundle\Tests\WallabagCoreTestCase; class SecurityControllerTest extends WallabagCoreTestCase { - public function testLogin() - { - $client = $this->getClient(); - - $crawler = $client->request('GET', '/new'); - - $this->assertEquals(302, $client->getResponse()->getStatusCode()); - $this->assertContains('login', $client->getResponse()->headers->get('location')); - } - - public function testLoginFail() - { - $client = $this->getClient(); - - $crawler = $client->request('GET', '/login'); - - $form = $crawler->filter('button[type=submit]')->form(); - $data = array( - '_username' => 'admin', - '_password' => 'admin', - ); - - $client->submit($form, $data); - - $this->assertEquals(302, $client->getResponse()->getStatusCode()); - $this->assertContains('login', $client->getResponse()->headers->get('location')); - - $crawler = $client->followRedirect(); - - $this->assertContains('Bad credentials', $client->getResponse()->getContent()); - } - - public function testRedirectionAfterLogin() + public function testLoginWithout2Factor() { + $this->logInAs('admin'); $client = $this->getClient(); $client->followRedirects(); $crawler = $client->request('GET', '/config'); - - $form = $crawler->filter('button[type=submit]')->form(); - - $data = array( - '_username' => 'admin', - '_password' => 'mypassword', - ); - - $client->submit($form, $data); - - $this->assertContains('RSS', $client->getResponse()->getContent()); + $this->assertContains('config.form_rss.description', $crawler->filter('body')->extract(['_text'])[0]); } - public function testForgotPassword() + public function testLoginWith2Factor() { $client = $this->getClient(); - $crawler = $client->request('GET', '/forgot-password'); - - $this->assertEquals(200, $client->getResponse()->getStatusCode()); - - $this->assertContains('Forgot password', $client->getResponse()->getContent()); - - $form = $crawler->filter('button[type=submit]'); - - $this->assertCount(1, $form); - - return array( - 'form' => $form->form(), - 'client' => $client, - ); - } - - /** - * @depends testForgotPassword - */ - public function testSubmitForgotPasswordFail($parameters) - { - $form = $parameters['form']; - $client = $parameters['client']; - - $data = array( - 'forgot_password[email]' => 'material', - ); + if (!$client->getContainer()->getParameter('twofactor_auth')) { + $this->markTestSkipped('twofactor_auth is not enabled.'); - $client->submit($form, $data); - - $this->assertEquals(200, $client->getResponse()->getStatusCode()); - $this->assertContains('No user found with this email', $client->getResponse()->getContent()); - } - - /** - * @depends testForgotPassword - * - * Instead of using collector which slow down the test suite - * http://symfony.com/doc/current/cookbook/email/testing.html - * - * Use a different way where Swift store email as file - */ - public function testSubmitForgotPassword($parameters) - { - $form = $parameters['form']; - $client = $parameters['client']; - - $spoolDir = $client->getKernel()->getContainer()->getParameter('swiftmailer.spool.default.file.path'); - - // cleanup pool dir - $filesystem = new Filesystem(); - $filesystem->remove($spoolDir); - - // to use `getCollector` since `collect: false` in config_test.yml - $client->enableProfiler(); - - $data = array( - 'forgot_password[email]' => 'bobby@wallabag.org', - ); - - $client->submit($form, $data); - - $this->assertEquals(302, $client->getResponse()->getStatusCode()); - - $crawler = $client->followRedirect(); - - $this->assertContains('An email has been sent to', $client->getResponse()->getContent()); - - // find every files (ie: emails) inside the spool dir except hidden files - $finder = new Finder(); - $finder - ->in($spoolDir) - ->ignoreDotFiles(true) - ->files(); - - $this->assertCount(1, $finder, 'Only one email has been sent'); - - foreach ($finder as $file) { - $message = unserialize(file_get_contents($file)); - - $this->assertInstanceOf('Swift_Message', $message); - $this->assertEquals('Reset Password', $message->getSubject()); - $this->assertEquals('no-reply@wallabag.org', key($message->getFrom())); - $this->assertEquals('bobby@wallabag.org', key($message->getTo())); - $this->assertContains( - 'To reset your password - please visit', - $message->getBody() - ); + return; } - } - - public function testReset() - { - $client = $this->getClient(); - $user = $client->getContainer() - ->get('doctrine.orm.entity_manager') - ->getRepository('WallabagCoreBundle:User') - ->findOneByEmail('bobby@wallabag.org'); - - $crawler = $client->request('GET', '/forgot-password/'.$user->getConfirmationToken()); - - $this->assertEquals(200, $client->getResponse()->getStatusCode()); - $this->assertCount(2, $crawler->filter('input[type=password]')); - $this->assertCount(1, $form = $crawler->filter('button[type=submit]')); - $this->assertCount(1, $form); - $data = array( - 'change_passwd[new_password][first]' => 'mypassword', - 'change_passwd[new_password][second]' => 'mypassword', - ); + $client->followRedirects(); - $client->submit($form->form(), $data); + $em = $client->getContainer()->get('doctrine.orm.entity_manager'); + $user = $em + ->getRepository('WallabagUserBundle:User') + ->findOneByUsername('admin'); + $user->setTwoFactorAuthentication(true); + $em->persist($user); + $em->flush(); - $this->assertEquals(302, $client->getResponse()->getStatusCode()); - $this->assertContains('login', $client->getResponse()->headers->get('location')); + $this->logInAs('admin'); + $crawler = $client->request('GET', '/config'); + $this->assertContains('scheb_two_factor.trusted', $crawler->filter('body')->extract(['_text'])[0]); + + // restore user + $user = $em + ->getRepository('WallabagUserBundle:User') + ->findOneByUsername('admin'); + $user->setTwoFactorAuthentication(false); + $em->persist($user); + $em->flush(); } - public function testResetBadToken() + public function testTrustedComputer() { $client = $this->getClient(); - $client->request('GET', '/forgot-password/UIZOAU29UE902IEPZO'); - - $this->assertEquals(404, $client->getResponse()->getStatusCode()); - } + if (!$client->getContainer()->getParameter('twofactor_auth')) { + $this->markTestSkipped('twofactor_auth is not enabled.'); - public function testCheckEmailWithoutEmail() - { - $client = $this->getClient(); + return; + } - $client->request('GET', '/forgot-password/check-email'); + $em = $client->getContainer()->get('doctrine.orm.entity_manager'); + $user = $em + ->getRepository('WallabagUserBundle:User') + ->findOneByUsername('admin'); - $this->assertEquals(302, $client->getResponse()->getStatusCode()); - $this->assertContains('forgot-password', $client->getResponse()->headers->get('location')); + $date = new \DateTime(); + $user->addTrustedComputer('ABCDEF', $date->add(new \DateInterval('P1M'))); + $this->assertTrue($user->isTrustedComputer('ABCDEF')); + $this->assertFalse($user->isTrustedComputer('FEDCBA')); } }