X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=src%2FWallabag%2FCoreBundle%2FTests%2FController%2FSecurityControllerTest.php;h=b9f5d835589676beb6890612a2e39d6ee93e1a06;hb=d2b4f01d7435e8a8f99b15a2487916427c04e58d;hp=a51e836d1586c74659a5145175f59b35dff1a38e;hpb=4ab58dcf6c833170c307de120698740fe0685efb;p=github%2Fwallabag%2Fwallabag.git diff --git a/src/Wallabag/CoreBundle/Tests/Controller/SecurityControllerTest.php b/src/Wallabag/CoreBundle/Tests/Controller/SecurityControllerTest.php index a51e836d..b9f5d835 100644 --- a/src/Wallabag/CoreBundle/Tests/Controller/SecurityControllerTest.php +++ b/src/Wallabag/CoreBundle/Tests/Controller/SecurityControllerTest.php @@ -2,181 +2,63 @@ namespace Wallabag\CoreBundle\Tests\Controller; -use Symfony\Component\Filesystem\Filesystem; -use Symfony\Component\Finder\Finder; use Wallabag\CoreBundle\Tests\WallabagCoreTestCase; class SecurityControllerTest extends WallabagCoreTestCase { - public function testLogin() + public function testLoginWithout2Factor() { + $this->logInAs('admin'); $client = $this->getClient(); + $client->followRedirects(); - $crawler = $client->request('GET', '/new'); - - $this->assertEquals(302, $client->getResponse()->getStatusCode()); - $this->assertContains('login', $client->getResponse()->headers->get('location')); - } - - public function testLoginFail() - { - $client = $this->getClient(); - - $crawler = $client->request('GET', '/login'); - - $form = $crawler->filter('button[type=submit]')->form(); - $data = array( - '_username' => 'admin', - '_password' => 'admin', - ); - - $client->submit($form, $data); - - $this->assertEquals(302, $client->getResponse()->getStatusCode()); - $this->assertContains('login', $client->getResponse()->headers->get('location')); - - $crawler = $client->followRedirect(); - - $this->assertContains('Bad credentials', $client->getResponse()->getContent()); + $client->request('GET', '/config'); + $this->assertContains('RSS', $client->getResponse()->getContent()); } - public function testForgotPassword() + public function testLoginWith2Factor() { $client = $this->getClient(); - $crawler = $client->request('GET', '/forgot-password'); - - $this->assertEquals(200, $client->getResponse()->getStatusCode()); - - $this->assertContains('Forgot password', $client->getResponse()->getContent()); - - $form = $crawler->filter('button[type=submit]'); - - $this->assertCount(1, $form); - - return array( - 'form' => $form->form(), - 'client' => $client, - ); - } - - /** - * @depends testForgotPassword - */ - public function testSubmitForgotPasswordFail($parameters) - { - $form = $parameters['form']; - $client = $parameters['client']; - - $data = array( - 'forgot_password[email]' => 'material', - ); - - $client->submit($form, $data); - - $this->assertEquals(200, $client->getResponse()->getStatusCode()); - $this->assertContains('No user found with this email', $client->getResponse()->getContent()); - } - - /** - * @depends testForgotPassword - * - * Instead of using collector which slow down the test suite - * http://symfony.com/doc/current/cookbook/email/testing.html - * - * Use a different way where Swift store email as file - */ - public function testSubmitForgotPassword($parameters) - { - $form = $parameters['form']; - $client = $parameters['client']; - - $spoolDir = $client->getKernel()->getContainer()->getParameter('swiftmailer.spool.default.file.path'); - - // cleanup pool dir - $filesystem = new Filesystem(); - $filesystem->remove($spoolDir); - - // to use `getCollector` since `collect: false` in config_test.yml - $client->enableProfiler(); - - $data = array( - 'forgot_password[email]' => 'bobby@wallabag.org', - ); - - $client->submit($form, $data); - - $this->assertEquals(302, $client->getResponse()->getStatusCode()); - - $crawler = $client->followRedirect(); - - $this->assertContains('An email has been sent to', $client->getResponse()->getContent()); - - // find every files (ie: emails) inside the spool dir except hidden files - $finder = new Finder(); - $finder - ->in($spoolDir) - ->ignoreDotFiles(true) - ->files(); - - $this->assertCount(1, $finder, 'Only one email has been sent'); - - foreach ($finder as $file) { - $message = unserialize(file_get_contents($file)); - - $this->assertInstanceOf('Swift_Message', $message); - $this->assertEquals('Reset Password', $message->getSubject()); - $this->assertEquals('no-reply@wallabag.org', key($message->getFrom())); - $this->assertEquals('bobby@wallabag.org', key($message->getTo())); - $this->assertContains( - 'To reset your password - please visit', - $message->getBody() - ); + if ($client->getContainer()->getParameter('twofactor_auth')) { + $client->followRedirects(); + + $em = $client->getContainer()->get('doctrine.orm.entity_manager'); + $user = $em + ->getRepository('WallabagUserBundle:User') + ->findOneByUsername('admin'); + $user->setTwoFactorAuthentication(true); + $em->persist($user); + $em->flush(); + + $this->logInAs('admin'); + $client->request('GET', '/config'); + $this->assertContains('trusted computer', $client->getResponse()->getContent()); + + // restore user + $user = $em + ->getRepository('WallabagUserBundle:User') + ->findOneByUsername('admin'); + $user->setTwoFactorAuthentication(false); + $em->persist($user); + $em->flush(); } } - public function testReset() - { - $client = $this->getClient(); - $user = $client->getContainer() - ->get('doctrine.orm.entity_manager') - ->getRepository('WallabagCoreBundle:User') - ->findOneByEmail('bobby@wallabag.org'); - - $crawler = $client->request('GET', '/forgot-password/'.$user->getConfirmationToken()); - - $this->assertEquals(200, $client->getResponse()->getStatusCode()); - $this->assertCount(2, $crawler->filter('input[type=password]')); - $this->assertCount(1, $form = $crawler->filter('button[type=submit]')); - $this->assertCount(1, $form); - - $data = array( - 'change_passwd[new_password][first]' => 'mypassword', - 'change_passwd[new_password][second]' => 'mypassword', - ); - - $client->submit($form->form(), $data); - - $this->assertEquals(302, $client->getResponse()->getStatusCode()); - $this->assertContains('login', $client->getResponse()->headers->get('location')); - } - - public function testResetBadToken() + public function testTrustedComputer() { $client = $this->getClient(); - $client->request('GET', '/forgot-password/UIZOAU29UE902IEPZO'); + if ($client->getContainer()->getParameter('twofactor_auth')) { + $em = $client->getContainer()->get('doctrine.orm.entity_manager'); + $user = $em + ->getRepository('WallabagUserBundle:User') + ->findOneByUsername('admin'); - $this->assertEquals(404, $client->getResponse()->getStatusCode()); - } - - public function testCheckEmailWithoutEmail() - { - $client = $this->getClient(); - - $client->request('GET', '/forgot-password/check-email'); - - $this->assertEquals(302, $client->getResponse()->getStatusCode()); - $this->assertContains('forgot-password', $client->getResponse()->headers->get('location')); + $date = new \DateTime(); + $user->addTrustedComputer('ABCDEF', $date->add(new \DateInterval('P1M'))); + $this->assertTrue($user->isTrustedComputer('ABCDEF')); + $this->assertFalse($user->isTrustedComputer('FEDCBA')); + } } }