diff options
author | Jeremy Benoist <jeremy.benoist@gmail.com> | 2018-12-02 12:43:05 +0100 |
---|---|---|
committer | Jeremy Benoist <jeremy.benoist@gmail.com> | 2019-01-23 13:28:02 +0100 |
commit | a6b242a1fd6f8900d80354361449f1bf62506ef9 (patch) | |
tree | f69d87208d0ebbdb8517529582280b174af74a16 /tests/Wallabag/CoreBundle/Controller | |
parent | acd4412080dfb73ecaa7f9983728d1d55bc27ea4 (diff) | |
download | wallabag-a6b242a1fd6f8900d80354361449f1bf62506ef9.tar.gz wallabag-a6b242a1fd6f8900d80354361449f1bf62506ef9.tar.zst wallabag-a6b242a1fd6f8900d80354361449f1bf62506ef9.zip |
Enable OTP 2FA
- Update SchebTwoFactorBundle to version 3
- Enable Google 2fa on the bundle
- Disallow ability to use both email and google as 2fa
- Update Ocramius Proxy Manager to handle typed function & attributes (from PHP 7)
- use `$this->addFlash` shortcut instead of `$this->get('session')->getFlashBag()->add`
- update admin to be able to create/reset the 2fa
Diffstat (limited to 'tests/Wallabag/CoreBundle/Controller')
-rw-r--r-- | tests/Wallabag/CoreBundle/Controller/ConfigControllerTest.php | 113 | ||||
-rw-r--r-- | tests/Wallabag/CoreBundle/Controller/SecurityControllerTest.php | 28 |
2 files changed, 133 insertions, 8 deletions
diff --git a/tests/Wallabag/CoreBundle/Controller/ConfigControllerTest.php b/tests/Wallabag/CoreBundle/Controller/ConfigControllerTest.php index c9dbbaa3..9ca52c64 100644 --- a/tests/Wallabag/CoreBundle/Controller/ConfigControllerTest.php +++ b/tests/Wallabag/CoreBundle/Controller/ConfigControllerTest.php | |||
@@ -297,6 +297,119 @@ class ConfigControllerTest extends WallabagCoreTestCase | |||
297 | $this->assertContains('flashes.config.notice.user_updated', $alert[0]); | 297 | $this->assertContains('flashes.config.notice.user_updated', $alert[0]); |
298 | } | 298 | } |
299 | 299 | ||
300 | public function testUserEnable2faEmail() | ||
301 | { | ||
302 | $this->logInAs('admin'); | ||
303 | $client = $this->getClient(); | ||
304 | |||
305 | $crawler = $client->request('GET', '/config'); | ||
306 | |||
307 | $this->assertSame(200, $client->getResponse()->getStatusCode()); | ||
308 | |||
309 | $form = $crawler->filter('button[id=update_user_save]')->form(); | ||
310 | |||
311 | $data = [ | ||
312 | 'update_user[emailTwoFactor]' => '1', | ||
313 | ]; | ||
314 | |||
315 | $client->submit($form, $data); | ||
316 | |||
317 | $this->assertSame(302, $client->getResponse()->getStatusCode()); | ||
318 | |||
319 | $crawler = $client->followRedirect(); | ||
320 | |||
321 | $this->assertGreaterThan(1, $alert = $crawler->filter('body')->extract(['_text'])); | ||
322 | $this->assertContains('flashes.config.notice.user_updated', $alert[0]); | ||
323 | |||
324 | // restore user | ||
325 | $em = $this->getEntityManager(); | ||
326 | $user = $em | ||
327 | ->getRepository('WallabagUserBundle:User') | ||
328 | ->findOneByUsername('admin'); | ||
329 | |||
330 | $this->assertTrue($user->isEmailTwoFactor()); | ||
331 | |||
332 | $user->setEmailTwoFactor(false); | ||
333 | $em->persist($user); | ||
334 | $em->flush(); | ||
335 | } | ||
336 | |||
337 | public function testUserEnable2faGoogle() | ||
338 | { | ||
339 | $this->logInAs('admin'); | ||
340 | $client = $this->getClient(); | ||
341 | |||
342 | $crawler = $client->request('GET', '/config'); | ||
343 | |||
344 | $this->assertSame(200, $client->getResponse()->getStatusCode()); | ||
345 | |||
346 | $form = $crawler->filter('button[id=update_user_save]')->form(); | ||
347 | |||
348 | $data = [ | ||
349 | 'update_user[googleTwoFactor]' => '1', | ||
350 | ]; | ||
351 | |||
352 | $client->submit($form, $data); | ||
353 | |||
354 | $this->assertSame(302, $client->getResponse()->getStatusCode()); | ||
355 | |||
356 | $crawler = $client->followRedirect(); | ||
357 | |||
358 | $this->assertGreaterThan(1, $alert = $crawler->filter('body')->extract(['_text'])); | ||
359 | $this->assertContains('flashes.config.notice.user_updated', $alert[0]); | ||
360 | |||
361 | // restore user | ||
362 | $em = $this->getEntityManager(); | ||
363 | $user = $em | ||
364 | ->getRepository('WallabagUserBundle:User') | ||
365 | ->findOneByUsername('admin'); | ||
366 | |||
367 | $this->assertTrue($user->isGoogleAuthenticatorEnabled()); | ||
368 | |||
369 | $user->setGoogleAuthenticatorSecret(null); | ||
370 | $em->persist($user); | ||
371 | $em->flush(); | ||
372 | } | ||
373 | |||
374 | public function testUserEnable2faBoth() | ||
375 | { | ||
376 | $this->logInAs('admin'); | ||
377 | $client = $this->getClient(); | ||
378 | |||
379 | $crawler = $client->request('GET', '/config'); | ||
380 | |||
381 | $this->assertSame(200, $client->getResponse()->getStatusCode()); | ||
382 | |||
383 | $form = $crawler->filter('button[id=update_user_save]')->form(); | ||
384 | |||
385 | $data = [ | ||
386 | 'update_user[googleTwoFactor]' => '1', | ||
387 | 'update_user[emailTwoFactor]' => '1', | ||
388 | ]; | ||
389 | |||
390 | $client->submit($form, $data); | ||
391 | |||
392 | $this->assertSame(302, $client->getResponse()->getStatusCode()); | ||
393 | |||
394 | $crawler = $client->followRedirect(); | ||
395 | |||
396 | $this->assertGreaterThan(1, $alert = $crawler->filter('body')->extract(['_text'])); | ||
397 | $this->assertContains('flashes.config.notice.user_updated', $alert[0]); | ||
398 | |||
399 | // restore user | ||
400 | $em = $this->getEntityManager(); | ||
401 | $user = $em | ||
402 | ->getRepository('WallabagUserBundle:User') | ||
403 | ->findOneByUsername('admin'); | ||
404 | |||
405 | $this->assertTrue($user->isGoogleAuthenticatorEnabled()); | ||
406 | $this->assertFalse($user->isEmailTwoFactor()); | ||
407 | |||
408 | $user->setGoogleAuthenticatorSecret(null); | ||
409 | $em->persist($user); | ||
410 | $em->flush(); | ||
411 | } | ||
412 | |||
300 | public function testRssUpdateResetToken() | 413 | public function testRssUpdateResetToken() |
301 | { | 414 | { |
302 | $this->logInAs('admin'); | 415 | $this->logInAs('admin'); |
diff --git a/tests/Wallabag/CoreBundle/Controller/SecurityControllerTest.php b/tests/Wallabag/CoreBundle/Controller/SecurityControllerTest.php index 395208a2..b03c7550 100644 --- a/tests/Wallabag/CoreBundle/Controller/SecurityControllerTest.php +++ b/tests/Wallabag/CoreBundle/Controller/SecurityControllerTest.php | |||
@@ -26,7 +26,7 @@ class SecurityControllerTest extends WallabagCoreTestCase | |||
26 | $this->assertContains('config.form_rss.description', $crawler->filter('body')->extract(['_text'])[0]); | 26 | $this->assertContains('config.form_rss.description', $crawler->filter('body')->extract(['_text'])[0]); |
27 | } | 27 | } |
28 | 28 | ||
29 | public function testLoginWith2Factor() | 29 | public function testLoginWith2FactorEmail() |
30 | { | 30 | { |
31 | $client = $this->getClient(); | 31 | $client = $this->getClient(); |
32 | 32 | ||
@@ -42,7 +42,7 @@ class SecurityControllerTest extends WallabagCoreTestCase | |||
42 | $user = $em | 42 | $user = $em |
43 | ->getRepository('WallabagUserBundle:User') | 43 | ->getRepository('WallabagUserBundle:User') |
44 | ->findOneByUsername('admin'); | 44 | ->findOneByUsername('admin'); |
45 | $user->setTwoFactorAuthentication(true); | 45 | $user->setEmailTwoFactor(true); |
46 | $em->persist($user); | 46 | $em->persist($user); |
47 | $em->flush(); | 47 | $em->flush(); |
48 | 48 | ||
@@ -54,12 +54,12 @@ class SecurityControllerTest extends WallabagCoreTestCase | |||
54 | $user = $em | 54 | $user = $em |
55 | ->getRepository('WallabagUserBundle:User') | 55 | ->getRepository('WallabagUserBundle:User') |
56 | ->findOneByUsername('admin'); | 56 | ->findOneByUsername('admin'); |
57 | $user->setTwoFactorAuthentication(false); | 57 | $user->setEmailTwoFactor(false); |
58 | $em->persist($user); | 58 | $em->persist($user); |
59 | $em->flush(); | 59 | $em->flush(); |
60 | } | 60 | } |
61 | 61 | ||
62 | public function testTrustedComputer() | 62 | public function testLoginWith2FactorGoogle() |
63 | { | 63 | { |
64 | $client = $this->getClient(); | 64 | $client = $this->getClient(); |
65 | 65 | ||
@@ -69,15 +69,27 @@ class SecurityControllerTest extends WallabagCoreTestCase | |||
69 | return; | 69 | return; |
70 | } | 70 | } |
71 | 71 | ||
72 | $client->followRedirects(); | ||
73 | |||
72 | $em = $client->getContainer()->get('doctrine.orm.entity_manager'); | 74 | $em = $client->getContainer()->get('doctrine.orm.entity_manager'); |
73 | $user = $em | 75 | $user = $em |
74 | ->getRepository('WallabagUserBundle:User') | 76 | ->getRepository('WallabagUserBundle:User') |
75 | ->findOneByUsername('admin'); | 77 | ->findOneByUsername('admin'); |
78 | $user->setGoogleAuthenticatorSecret('26LDIHYGHNELOQEM'); | ||
79 | $em->persist($user); | ||
80 | $em->flush(); | ||
81 | |||
82 | $this->logInAsUsingHttp('admin'); | ||
83 | $crawler = $client->request('GET', '/config'); | ||
84 | $this->assertContains('scheb_two_factor.trusted', $crawler->filter('body')->extract(['_text'])[0]); | ||
76 | 85 | ||
77 | $date = new \DateTime(); | 86 | // restore user |
78 | $user->addTrustedComputer('ABCDEF', $date->add(new \DateInterval('P1M'))); | 87 | $user = $em |
79 | $this->assertTrue($user->isTrustedComputer('ABCDEF')); | 88 | ->getRepository('WallabagUserBundle:User') |
80 | $this->assertFalse($user->isTrustedComputer('FEDCBA')); | 89 | ->findOneByUsername('admin'); |
90 | $user->setGoogleAuthenticatorSecret(null); | ||
91 | $em->persist($user); | ||
92 | $em->flush(); | ||
81 | } | 93 | } |
82 | 94 | ||
83 | public function testEnabledRegistration() | 95 | public function testEnabledRegistration() |