diff options
| author | Jeremy Benoist <jeremy.benoist@gmail.com> | 2018-12-02 12:43:05 +0100 |
|---|---|---|
| committer | Jeremy Benoist <jeremy.benoist@gmail.com> | 2019-01-23 13:28:02 +0100 |
| commit | a6b242a1fd6f8900d80354361449f1bf62506ef9 (patch) | |
| tree | f69d87208d0ebbdb8517529582280b174af74a16 /tests | |
| parent | acd4412080dfb73ecaa7f9983728d1d55bc27ea4 (diff) | |
| download | wallabag-a6b242a1fd6f8900d80354361449f1bf62506ef9.tar.gz wallabag-a6b242a1fd6f8900d80354361449f1bf62506ef9.tar.zst wallabag-a6b242a1fd6f8900d80354361449f1bf62506ef9.zip | |
Enable OTP 2FA
- Update SchebTwoFactorBundle to version 3
- Enable Google 2fa on the bundle
- Disallow ability to use both email and google as 2fa
- Update Ocramius Proxy Manager to handle typed function & attributes (from PHP 7)
- use `$this->addFlash` shortcut instead of `$this->get('session')->getFlashBag()->add`
- update admin to be able to create/reset the 2fa
Diffstat (limited to 'tests')
4 files changed, 136 insertions, 10 deletions
diff --git a/tests/Wallabag/CoreBundle/Command/ShowUserCommandTest.php b/tests/Wallabag/CoreBundle/Command/ShowUserCommandTest.php index 9b34f2a0..ed383a2c 100644 --- a/tests/Wallabag/CoreBundle/Command/ShowUserCommandTest.php +++ b/tests/Wallabag/CoreBundle/Command/ShowUserCommandTest.php | |||
| @@ -59,7 +59,8 @@ class ShowUserCommandTest extends WallabagCoreTestCase | |||
| 59 | $this->assertContains('Username: admin', $tester->getDisplay()); | 59 | $this->assertContains('Username: admin', $tester->getDisplay()); |
| 60 | $this->assertContains('Email: bigboss@wallabag.org', $tester->getDisplay()); | 60 | $this->assertContains('Email: bigboss@wallabag.org', $tester->getDisplay()); |
| 61 | $this->assertContains('Display name: Big boss', $tester->getDisplay()); | 61 | $this->assertContains('Display name: Big boss', $tester->getDisplay()); |
| 62 | $this->assertContains('2FA activated: no', $tester->getDisplay()); | 62 | $this->assertContains('2FA (email) activated', $tester->getDisplay()); |
| 63 | $this->assertContains('2FA (OTP) activated', $tester->getDisplay()); | ||
| 63 | } | 64 | } |
| 64 | 65 | ||
| 65 | public function testShowUser() | 66 | public function testShowUser() |
diff --git a/tests/Wallabag/CoreBundle/Controller/ConfigControllerTest.php b/tests/Wallabag/CoreBundle/Controller/ConfigControllerTest.php index c9dbbaa3..9ca52c64 100644 --- a/tests/Wallabag/CoreBundle/Controller/ConfigControllerTest.php +++ b/tests/Wallabag/CoreBundle/Controller/ConfigControllerTest.php | |||
| @@ -297,6 +297,119 @@ class ConfigControllerTest extends WallabagCoreTestCase | |||
| 297 | $this->assertContains('flashes.config.notice.user_updated', $alert[0]); | 297 | $this->assertContains('flashes.config.notice.user_updated', $alert[0]); |
| 298 | } | 298 | } |
| 299 | 299 | ||
| 300 | public function testUserEnable2faEmail() | ||
| 301 | { | ||
| 302 | $this->logInAs('admin'); | ||
| 303 | $client = $this->getClient(); | ||
| 304 | |||
| 305 | $crawler = $client->request('GET', '/config'); | ||
| 306 | |||
| 307 | $this->assertSame(200, $client->getResponse()->getStatusCode()); | ||
| 308 | |||
| 309 | $form = $crawler->filter('button[id=update_user_save]')->form(); | ||
| 310 | |||
| 311 | $data = [ | ||
| 312 | 'update_user[emailTwoFactor]' => '1', | ||
| 313 | ]; | ||
| 314 | |||
| 315 | $client->submit($form, $data); | ||
| 316 | |||
| 317 | $this->assertSame(302, $client->getResponse()->getStatusCode()); | ||
| 318 | |||
| 319 | $crawler = $client->followRedirect(); | ||
| 320 | |||
| 321 | $this->assertGreaterThan(1, $alert = $crawler->filter('body')->extract(['_text'])); | ||
| 322 | $this->assertContains('flashes.config.notice.user_updated', $alert[0]); | ||
| 323 | |||
| 324 | // restore user | ||
| 325 | $em = $this->getEntityManager(); | ||
| 326 | $user = $em | ||
| 327 | ->getRepository('WallabagUserBundle:User') | ||
| 328 | ->findOneByUsername('admin'); | ||
| 329 | |||
| 330 | $this->assertTrue($user->isEmailTwoFactor()); | ||
| 331 | |||
| 332 | $user->setEmailTwoFactor(false); | ||
| 333 | $em->persist($user); | ||
| 334 | $em->flush(); | ||
| 335 | } | ||
| 336 | |||
| 337 | public function testUserEnable2faGoogle() | ||
| 338 | { | ||
| 339 | $this->logInAs('admin'); | ||
| 340 | $client = $this->getClient(); | ||
| 341 | |||
| 342 | $crawler = $client->request('GET', '/config'); | ||
| 343 | |||
| 344 | $this->assertSame(200, $client->getResponse()->getStatusCode()); | ||
| 345 | |||
| 346 | $form = $crawler->filter('button[id=update_user_save]')->form(); | ||
| 347 | |||
| 348 | $data = [ | ||
| 349 | 'update_user[googleTwoFactor]' => '1', | ||
| 350 | ]; | ||
| 351 | |||
| 352 | $client->submit($form, $data); | ||
| 353 | |||
| 354 | $this->assertSame(302, $client->getResponse()->getStatusCode()); | ||
| 355 | |||
| 356 | $crawler = $client->followRedirect(); | ||
| 357 | |||
| 358 | $this->assertGreaterThan(1, $alert = $crawler->filter('body')->extract(['_text'])); | ||
| 359 | $this->assertContains('flashes.config.notice.user_updated', $alert[0]); | ||
| 360 | |||
| 361 | // restore user | ||
| 362 | $em = $this->getEntityManager(); | ||
| 363 | $user = $em | ||
| 364 | ->getRepository('WallabagUserBundle:User') | ||
| 365 | ->findOneByUsername('admin'); | ||
| 366 | |||
| 367 | $this->assertTrue($user->isGoogleAuthenticatorEnabled()); | ||
| 368 | |||
| 369 | $user->setGoogleAuthenticatorSecret(null); | ||
| 370 | $em->persist($user); | ||
| 371 | $em->flush(); | ||
| 372 | } | ||
| 373 | |||
| 374 | public function testUserEnable2faBoth() | ||
| 375 | { | ||
| 376 | $this->logInAs('admin'); | ||
| 377 | $client = $this->getClient(); | ||
| 378 | |||
| 379 | $crawler = $client->request('GET', '/config'); | ||
| 380 | |||
| 381 | $this->assertSame(200, $client->getResponse()->getStatusCode()); | ||
| 382 | |||
| 383 | $form = $crawler->filter('button[id=update_user_save]')->form(); | ||
| 384 | |||
| 385 | $data = [ | ||
| 386 | 'update_user[googleTwoFactor]' => '1', | ||
| 387 | 'update_user[emailTwoFactor]' => '1', | ||
| 388 | ]; | ||
| 389 | |||
| 390 | $client->submit($form, $data); | ||
| 391 | |||
| 392 | $this->assertSame(302, $client->getResponse()->getStatusCode()); | ||
| 393 | |||
| 394 | $crawler = $client->followRedirect(); | ||
| 395 | |||
| 396 | $this->assertGreaterThan(1, $alert = $crawler->filter('body')->extract(['_text'])); | ||
| 397 | $this->assertContains('flashes.config.notice.user_updated', $alert[0]); | ||
| 398 | |||
| 399 | // restore user | ||
| 400 | $em = $this->getEntityManager(); | ||
| 401 | $user = $em | ||
| 402 | ->getRepository('WallabagUserBundle:User') | ||
| 403 | ->findOneByUsername('admin'); | ||
| 404 | |||
| 405 | $this->assertTrue($user->isGoogleAuthenticatorEnabled()); | ||
| 406 | $this->assertFalse($user->isEmailTwoFactor()); | ||
| 407 | |||
| 408 | $user->setGoogleAuthenticatorSecret(null); | ||
| 409 | $em->persist($user); | ||
| 410 | $em->flush(); | ||
| 411 | } | ||
| 412 | |||
| 300 | public function testRssUpdateResetToken() | 413 | public function testRssUpdateResetToken() |
| 301 | { | 414 | { |
| 302 | $this->logInAs('admin'); | 415 | $this->logInAs('admin'); |
diff --git a/tests/Wallabag/CoreBundle/Controller/SecurityControllerTest.php b/tests/Wallabag/CoreBundle/Controller/SecurityControllerTest.php index 395208a2..b03c7550 100644 --- a/tests/Wallabag/CoreBundle/Controller/SecurityControllerTest.php +++ b/tests/Wallabag/CoreBundle/Controller/SecurityControllerTest.php | |||
| @@ -26,7 +26,7 @@ class SecurityControllerTest extends WallabagCoreTestCase | |||
| 26 | $this->assertContains('config.form_rss.description', $crawler->filter('body')->extract(['_text'])[0]); | 26 | $this->assertContains('config.form_rss.description', $crawler->filter('body')->extract(['_text'])[0]); |
| 27 | } | 27 | } |
| 28 | 28 | ||
| 29 | public function testLoginWith2Factor() | 29 | public function testLoginWith2FactorEmail() |
| 30 | { | 30 | { |
| 31 | $client = $this->getClient(); | 31 | $client = $this->getClient(); |
| 32 | 32 | ||
| @@ -42,7 +42,7 @@ class SecurityControllerTest extends WallabagCoreTestCase | |||
| 42 | $user = $em | 42 | $user = $em |
| 43 | ->getRepository('WallabagUserBundle:User') | 43 | ->getRepository('WallabagUserBundle:User') |
| 44 | ->findOneByUsername('admin'); | 44 | ->findOneByUsername('admin'); |
| 45 | $user->setTwoFactorAuthentication(true); | 45 | $user->setEmailTwoFactor(true); |
| 46 | $em->persist($user); | 46 | $em->persist($user); |
| 47 | $em->flush(); | 47 | $em->flush(); |
| 48 | 48 | ||
| @@ -54,12 +54,12 @@ class SecurityControllerTest extends WallabagCoreTestCase | |||
| 54 | $user = $em | 54 | $user = $em |
| 55 | ->getRepository('WallabagUserBundle:User') | 55 | ->getRepository('WallabagUserBundle:User') |
| 56 | ->findOneByUsername('admin'); | 56 | ->findOneByUsername('admin'); |
| 57 | $user->setTwoFactorAuthentication(false); | 57 | $user->setEmailTwoFactor(false); |
| 58 | $em->persist($user); | 58 | $em->persist($user); |
| 59 | $em->flush(); | 59 | $em->flush(); |
| 60 | } | 60 | } |
| 61 | 61 | ||
| 62 | public function testTrustedComputer() | 62 | public function testLoginWith2FactorGoogle() |
| 63 | { | 63 | { |
| 64 | $client = $this->getClient(); | 64 | $client = $this->getClient(); |
| 65 | 65 | ||
| @@ -69,15 +69,27 @@ class SecurityControllerTest extends WallabagCoreTestCase | |||
| 69 | return; | 69 | return; |
| 70 | } | 70 | } |
| 71 | 71 | ||
| 72 | $client->followRedirects(); | ||
| 73 | |||
| 72 | $em = $client->getContainer()->get('doctrine.orm.entity_manager'); | 74 | $em = $client->getContainer()->get('doctrine.orm.entity_manager'); |
| 73 | $user = $em | 75 | $user = $em |
| 74 | ->getRepository('WallabagUserBundle:User') | 76 | ->getRepository('WallabagUserBundle:User') |
| 75 | ->findOneByUsername('admin'); | 77 | ->findOneByUsername('admin'); |
| 78 | $user->setGoogleAuthenticatorSecret('26LDIHYGHNELOQEM'); | ||
| 79 | $em->persist($user); | ||
| 80 | $em->flush(); | ||
| 81 | |||
| 82 | $this->logInAsUsingHttp('admin'); | ||
| 83 | $crawler = $client->request('GET', '/config'); | ||
| 84 | $this->assertContains('scheb_two_factor.trusted', $crawler->filter('body')->extract(['_text'])[0]); | ||
| 76 | 85 | ||
| 77 | $date = new \DateTime(); | 86 | // restore user |
| 78 | $user->addTrustedComputer('ABCDEF', $date->add(new \DateInterval('P1M'))); | 87 | $user = $em |
| 79 | $this->assertTrue($user->isTrustedComputer('ABCDEF')); | 88 | ->getRepository('WallabagUserBundle:User') |
| 80 | $this->assertFalse($user->isTrustedComputer('FEDCBA')); | 89 | ->findOneByUsername('admin'); |
| 90 | $user->setGoogleAuthenticatorSecret(null); | ||
| 91 | $em->persist($user); | ||
| 92 | $em->flush(); | ||
| 81 | } | 93 | } |
| 82 | 94 | ||
| 83 | public function testEnabledRegistration() | 95 | public function testEnabledRegistration() |
diff --git a/tests/Wallabag/UserBundle/Mailer/AuthCodeMailerTest.php b/tests/Wallabag/UserBundle/Mailer/AuthCodeMailerTest.php index e34e13a8..1713c10c 100644 --- a/tests/Wallabag/UserBundle/Mailer/AuthCodeMailerTest.php +++ b/tests/Wallabag/UserBundle/Mailer/AuthCodeMailerTest.php | |||
| @@ -33,7 +33,7 @@ TWIG; | |||
| 33 | public function testSendEmail() | 33 | public function testSendEmail() |
| 34 | { | 34 | { |
| 35 | $user = new User(); | 35 | $user = new User(); |
| 36 | $user->setTwoFactorAuthentication(true); | 36 | $user->setEmailTwoFactor(true); |
| 37 | $user->setEmailAuthCode(666666); | 37 | $user->setEmailAuthCode(666666); |
| 38 | $user->setEmail('test@wallabag.io'); | 38 | $user->setEmail('test@wallabag.io'); |
| 39 | $user->setName('Bob'); | 39 | $user->setName('Bob'); |