X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=src%2FWallabag%2FCoreBundle%2FTests%2FController%2FSecurityControllerTest.php;h=3402b3402c73b33569bac7a77987cd4ad8eaf1ed;hb=0d6a7929e17c84052cbb3e494d5e5c195c24ca04;hp=759ef01b0417b2e63f88d984b95f2737e6ec749f;hpb=7fc14130c706fae27c5643a016b23de2bf29910d;p=github%2Fwallabag%2Fwallabag.git diff --git a/src/Wallabag/CoreBundle/Tests/Controller/SecurityControllerTest.php b/src/Wallabag/CoreBundle/Tests/Controller/SecurityControllerTest.php index 759ef01b..3402b340 100644 --- a/src/Wallabag/CoreBundle/Tests/Controller/SecurityControllerTest.php +++ b/src/Wallabag/CoreBundle/Tests/Controller/SecurityControllerTest.php @@ -2,200 +2,57 @@ namespace Wallabag\CoreBundle\Tests\Controller; -use Symfony\Component\Filesystem\Filesystem; -use Symfony\Component\Finder\Finder; use Wallabag\CoreBundle\Tests\WallabagCoreTestCase; class SecurityControllerTest extends WallabagCoreTestCase { - public function testLogin() - { - $client = $this->getClient(); - - $crawler = $client->request('GET', '/new'); - - $this->assertEquals(302, $client->getResponse()->getStatusCode()); - $this->assertContains('login', $client->getResponse()->headers->get('location')); - } - - public function testLoginFail() - { - $client = $this->getClient(); - - $crawler = $client->request('GET', '/login'); - - $form = $crawler->filter('button[type=submit]')->form(); - $data = array( - '_username' => 'admin', - '_password' => 'admin', - ); - - $client->submit($form, $data); - - $this->assertEquals(302, $client->getResponse()->getStatusCode()); - $this->assertContains('login', $client->getResponse()->headers->get('location')); - - $crawler = $client->followRedirect(); - - $this->assertContains('Bad credentials', $client->getResponse()->getContent()); - } - - public function testRedirectionAfterLogin() + public function testLoginWithout2Factor() { + $this->logInAs('admin'); $client = $this->getClient(); $client->followRedirects(); - $crawler = $client->request('GET', '/config'); - - $form = $crawler->filter('button[type=submit]')->form(); - - $data = array( - '_username' => 'admin', - '_password' => 'mypassword', - ); - - $client->submit($form, $data); - + $client->request('GET', '/config'); $this->assertContains('RSS', $client->getResponse()->getContent()); } - public function testForgotPassword() - { - $client = $this->getClient(); - - $crawler = $client->request('GET', '/forgot-password'); - - $this->assertEquals(200, $client->getResponse()->getStatusCode()); - - $this->assertContains('Forgot password', $client->getResponse()->getContent()); - - $form = $crawler->filter('button[type=submit]'); - - $this->assertCount(1, $form); - - return array( - 'form' => $form->form(), - 'client' => $client, - ); - } - - /** - * @depends testForgotPassword - */ - public function testSubmitForgotPasswordFail($parameters) - { - $form = $parameters['form']; - $client = $parameters['client']; - - $data = array( - 'forgot_password[email]' => 'material', - ); - - $client->submit($form, $data); - - $this->assertEquals(200, $client->getResponse()->getStatusCode()); - $this->assertContains('No user found with this email', $client->getResponse()->getContent()); - } - - /** - * @depends testForgotPassword - * - * Instead of using collector which slow down the test suite - * http://symfony.com/doc/current/cookbook/email/testing.html - * - * Use a different way where Swift store email as file - */ - public function testSubmitForgotPassword($parameters) - { - $form = $parameters['form']; - $client = $parameters['client']; - - $spoolDir = $client->getKernel()->getContainer()->getParameter('swiftmailer.spool.default.file.path'); - - // cleanup pool dir - $filesystem = new Filesystem(); - $filesystem->remove($spoolDir); - - // to use `getCollector` since `collect: false` in config_test.yml - $client->enableProfiler(); - - $data = array( - 'forgot_password[email]' => 'bobby@wallabag.org', - ); - - $client->submit($form, $data); - - $this->assertEquals(302, $client->getResponse()->getStatusCode()); - - $crawler = $client->followRedirect(); - - $this->assertContains('An email has been sent to', $client->getResponse()->getContent()); - - // find every files (ie: emails) inside the spool dir except hidden files - $finder = new Finder(); - $finder - ->in($spoolDir) - ->ignoreDotFiles(true) - ->files(); - - $this->assertCount(1, $finder, 'Only one email has been sent'); - - foreach ($finder as $file) { - $message = unserialize(file_get_contents($file)); - - $this->assertInstanceOf('Swift_Message', $message); - $this->assertEquals('Reset Password', $message->getSubject()); - $this->assertEquals('no-reply@wallabag.org', key($message->getFrom())); - $this->assertEquals('bobby@wallabag.org', key($message->getTo())); - $this->assertContains( - 'To reset your password - please visit', - $message->getBody() - ); - } - } - - public function testReset() + public function testLoginWith2Factor() { $client = $this->getClient(); - $user = $client->getContainer() - ->get('doctrine.orm.entity_manager') - ->getRepository('WallabagCoreBundle:User') - ->findOneByEmail('bobby@wallabag.org'); - - $crawler = $client->request('GET', '/forgot-password/'.$user->getConfirmationToken()); - - $this->assertEquals(200, $client->getResponse()->getStatusCode()); - $this->assertCount(2, $crawler->filter('input[type=password]')); - $this->assertCount(1, $form = $crawler->filter('button[type=submit]')); - $this->assertCount(1, $form); - - $data = array( - 'change_passwd[new_password][first]' => 'mypassword', - 'change_passwd[new_password][second]' => 'mypassword', - ); - - $client->submit($form->form(), $data); + $client->followRedirects(); - $this->assertEquals(302, $client->getResponse()->getStatusCode()); - $this->assertContains('login', $client->getResponse()->headers->get('location')); - } + $em = $client->getContainer()->get('doctrine.orm.entity_manager'); + $user = $em + ->getRepository('WallabagUserBundle:User') + ->findOneByUsername('admin'); + $user->setTwoFactorAuthentication(true); + $em->persist($user); + $em->flush(); - public function testResetBadToken() - { - $client = $this->getClient(); + $this->logInAs('admin'); + $client->request('GET', '/config'); + $this->assertContains('trusted computer', $client->getResponse()->getContent()); - $client->request('GET', '/forgot-password/UIZOAU29UE902IEPZO'); - - $this->assertEquals(404, $client->getResponse()->getStatusCode()); + // restore user + $user = $em + ->getRepository('WallabagUserBundle:User') + ->findOneByUsername('admin'); + $user->setTwoFactorAuthentication(false); + $em->persist($user); + $em->flush(); } - public function testCheckEmailWithoutEmail() + public function testTrustedComputer() { $client = $this->getClient(); - - $client->request('GET', '/forgot-password/check-email'); - - $this->assertEquals(302, $client->getResponse()->getStatusCode()); - $this->assertContains('forgot-password', $client->getResponse()->headers->get('location')); + $em = $client->getContainer()->get('doctrine.orm.entity_manager'); + $user = $em + ->getRepository('WallabagUserBundle:User') + ->findOneByUsername('admin'); + + $date = new \DateTime(); + $user->addTrustedComputer('ABCDEF', $date->add(new \DateInterval('P1M'))); + $this->assertTrue($user->isTrustedComputer('ABCDEF')); + $this->assertFalse($user->isTrustedComputer('FEDCBA')); } }