X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=src%2FWallabag%2FCoreBundle%2FTests%2FController%2FSecurityControllerTest.php;h=2910fa4f739a27ab1347b577de28ffc518935b8c;hb=733b2cf19b5d5a93617f24b2447b9a30ba22d303;hp=1dd05f89ba624fa83f5f03044b73fb379293cfe3;hpb=d0c2243b1099303be961c9d4b33eaaa95e663bef;p=github%2Fwallabag%2Fwallabag.git diff --git a/src/Wallabag/CoreBundle/Tests/Controller/SecurityControllerTest.php b/src/Wallabag/CoreBundle/Tests/Controller/SecurityControllerTest.php index 1dd05f89..2910fa4f 100644 --- a/src/Wallabag/CoreBundle/Tests/Controller/SecurityControllerTest.php +++ b/src/Wallabag/CoreBundle/Tests/Controller/SecurityControllerTest.php @@ -2,181 +2,71 @@ namespace Wallabag\CoreBundle\Tests\Controller; -use Wallabag\CoreBundle\Tests\WallabagTestCase; -use Symfony\Component\Filesystem\Filesystem; -use Symfony\Component\Finder\Finder; +use Wallabag\CoreBundle\Tests\WallabagCoreTestCase; -class SecurityControllerTest extends WallabagTestCase +class SecurityControllerTest extends WallabagCoreTestCase { - public function testLogin() + public function testLoginWithout2Factor() { + $this->logInAs('admin'); $client = $this->getClient(); + $client->followRedirects(); - $crawler = $client->request('GET', '/new'); - - $this->assertEquals(302, $client->getResponse()->getStatusCode()); - $this->assertContains('login', $client->getResponse()->headers->get('location')); + $crawler = $client->request('GET', '/config'); + $this->assertContains('config.form_rss.description', $crawler->filter('body')->extract(['_text'])[0]); } - public function testLoginFail() + public function testLoginWith2Factor() { $client = $this->getClient(); - $crawler = $client->request('GET', '/login'); - - $form = $crawler->filter('button[type=submit]')->form(); - $data = array( - '_username' => 'admin', - '_password' => 'admin', - ); - - $client->submit($form, $data); - - $this->assertEquals(302, $client->getResponse()->getStatusCode()); - $this->assertContains('login', $client->getResponse()->headers->get('location')); - - $crawler = $client->followRedirect(); - - $this->assertContains('Bad credentials', $client->getResponse()->getContent()); - } - - public function testForgotPassword() - { - $client = $this->getClient(); - - $crawler = $client->request('GET', '/forgot-password'); - - $this->assertEquals(200, $client->getResponse()->getStatusCode()); - - $this->assertContains('Forgot password', $client->getResponse()->getContent()); - - $form = $crawler->filter('button[type=submit]'); - - $this->assertCount(1, $form); - - return array( - 'form' => $form->form(), - 'client' => $client, - ); - } - - /** - * @depends testForgotPassword - */ - public function testSubmitForgotPasswordFail($parameters) - { - $form = $parameters['form']; - $client = $parameters['client']; - - $data = array( - 'forgot_password[email]' => 'baggy', - ); - - $client->submit($form, $data); - - $this->assertEquals(200, $client->getResponse()->getStatusCode()); - $this->assertContains('No user found with this email', $client->getResponse()->getContent()); - } - - /** - * @depends testForgotPassword - * - * Instead of using collector which slow down the test suite - * http://symfony.com/doc/current/cookbook/email/testing.html - * - * Use a different way where Swift store email as file - */ - public function testSubmitForgotPassword($parameters) - { - $form = $parameters['form']; - $client = $parameters['client']; + if (!$client->getContainer()->getParameter('twofactor_auth')) { + $this->markTestSkipped('twofactor_auth is not enabled.'); - $spoolDir = $client->getKernel()->getContainer()->getParameter('swiftmailer.spool.default.file.path'); - - // cleanup pool dir - $filesystem = new Filesystem(); - $filesystem->remove($spoolDir); - - // to use `getCollector` since `collect: false` in config_test.yml - $client->enableProfiler(); - - $data = array( - 'forgot_password[email]' => 'bobby@wallabag.org', - ); - - $client->submit($form, $data); - - $this->assertEquals(302, $client->getResponse()->getStatusCode()); - - $crawler = $client->followRedirect(); - - $this->assertContains('An email has been sent to', $client->getResponse()->getContent()); - - // find every files (ie: emails) inside the spool dir except hidden files - $finder = new Finder(); - $finder - ->in($spoolDir) - ->ignoreDotFiles(true) - ->files(); - - $this->assertCount(1, $finder, 'Only one email has been sent'); - - foreach ($finder as $file) { - $message = unserialize(file_get_contents($file)); - - $this->assertInstanceOf('Swift_Message', $message); - $this->assertEquals('Reset Password', $message->getSubject()); - $this->assertEquals('no-reply@wallabag.org', key($message->getFrom())); - $this->assertEquals('bobby@wallabag.org', key($message->getTo())); - $this->assertContains( - 'To reset your password - please visit', - $message->getBody() - ); + return; } - } - public function testReset() - { - $client = $this->getClient(); - $user = $client->getContainer() - ->get('doctrine.orm.entity_manager') - ->getRepository('WallabagCoreBundle:User') - ->findOneByEmail('bobby@wallabag.org'); - - $crawler = $client->request('GET', '/forgot-password/'.$user->getConfirmationToken()); - - $this->assertEquals(200, $client->getResponse()->getStatusCode()); - $this->assertCount(2, $crawler->filter('input[type=password]')); - $this->assertCount(1, $form = $crawler->filter('button[type=submit]')); - $this->assertCount(1, $form); - - $data = array( - 'change_passwd[new_password][first]' => 'mypassword', - 'change_passwd[new_password][second]' => 'mypassword', - ); - - $client->submit($form->form(), $data); - - $this->assertEquals(302, $client->getResponse()->getStatusCode()); - $this->assertContains('login', $client->getResponse()->headers->get('location')); + $client->followRedirects(); + + $em = $client->getContainer()->get('doctrine.orm.entity_manager'); + $user = $em + ->getRepository('WallabagUserBundle:User') + ->findOneByUsername('admin'); + $user->setTwoFactorAuthentication(true); + $em->persist($user); + $em->flush(); + + $this->logInAs('admin'); + $crawler = $client->request('GET', '/config'); + $this->assertContains('scheb_two_factor.trusted', $crawler->filter('body')->extract(['_text'])[0]); + + // restore user + $user = $em + ->getRepository('WallabagUserBundle:User') + ->findOneByUsername('admin'); + $user->setTwoFactorAuthentication(false); + $em->persist($user); + $em->flush(); } - public function testResetBadToken() + public function testTrustedComputer() { $client = $this->getClient(); - $client->request('GET', '/forgot-password/UIZOAU29UE902IEPZO'); - - $this->assertEquals(404, $client->getResponse()->getStatusCode()); - } + if (!$client->getContainer()->getParameter('twofactor_auth')) { + $this->markTestSkipped('twofactor_auth is not enabled.'); - public function testCheckEmailWithoutEmail() - { - $client = $this->getClient(); + return; + } - $client->request('GET', '/forgot-password/check-email'); + $em = $client->getContainer()->get('doctrine.orm.entity_manager'); + $user = $em + ->getRepository('WallabagUserBundle:User') + ->findOneByUsername('admin'); - $this->assertEquals(302, $client->getResponse()->getStatusCode()); - $this->assertContains('forgot-password', $client->getResponse()->headers->get('location')); + $date = new \DateTime(); + $user->addTrustedComputer('ABCDEF', $date->add(new \DateInterval('P1M'))); + $this->assertTrue($user->isTrustedComputer('ABCDEF')); + $this->assertFalse($user->isTrustedComputer('FEDCBA')); } }