From a6b242a1fd6f8900d80354361449f1bf62506ef9 Mon Sep 17 00:00:00 2001 From: Jeremy Benoist Date: Sun, 2 Dec 2018 12:43:05 +0100 Subject: Enable OTP 2FA - Update SchebTwoFactorBundle to version 3 - Enable Google 2fa on the bundle - Disallow ability to use both email and google as 2fa - Update Ocramius Proxy Manager to handle typed function & attributes (from PHP 7) - use `$this->addFlash` shortcut instead of `$this->get('session')->getFlashBag()->add` - update admin to be able to create/reset the 2fa --- .../CoreBundle/Controller/ConfigControllerTest.php | 113 +++++++++++++++++++++ 1 file changed, 113 insertions(+) (limited to 'tests/Wallabag/CoreBundle/Controller/ConfigControllerTest.php') diff --git a/tests/Wallabag/CoreBundle/Controller/ConfigControllerTest.php b/tests/Wallabag/CoreBundle/Controller/ConfigControllerTest.php index c9dbbaa3..9ca52c64 100644 --- a/tests/Wallabag/CoreBundle/Controller/ConfigControllerTest.php +++ b/tests/Wallabag/CoreBundle/Controller/ConfigControllerTest.php @@ -297,6 +297,119 @@ class ConfigControllerTest extends WallabagCoreTestCase $this->assertContains('flashes.config.notice.user_updated', $alert[0]); } + public function testUserEnable2faEmail() + { + $this->logInAs('admin'); + $client = $this->getClient(); + + $crawler = $client->request('GET', '/config'); + + $this->assertSame(200, $client->getResponse()->getStatusCode()); + + $form = $crawler->filter('button[id=update_user_save]')->form(); + + $data = [ + 'update_user[emailTwoFactor]' => '1', + ]; + + $client->submit($form, $data); + + $this->assertSame(302, $client->getResponse()->getStatusCode()); + + $crawler = $client->followRedirect(); + + $this->assertGreaterThan(1, $alert = $crawler->filter('body')->extract(['_text'])); + $this->assertContains('flashes.config.notice.user_updated', $alert[0]); + + // restore user + $em = $this->getEntityManager(); + $user = $em + ->getRepository('WallabagUserBundle:User') + ->findOneByUsername('admin'); + + $this->assertTrue($user->isEmailTwoFactor()); + + $user->setEmailTwoFactor(false); + $em->persist($user); + $em->flush(); + } + + public function testUserEnable2faGoogle() + { + $this->logInAs('admin'); + $client = $this->getClient(); + + $crawler = $client->request('GET', '/config'); + + $this->assertSame(200, $client->getResponse()->getStatusCode()); + + $form = $crawler->filter('button[id=update_user_save]')->form(); + + $data = [ + 'update_user[googleTwoFactor]' => '1', + ]; + + $client->submit($form, $data); + + $this->assertSame(302, $client->getResponse()->getStatusCode()); + + $crawler = $client->followRedirect(); + + $this->assertGreaterThan(1, $alert = $crawler->filter('body')->extract(['_text'])); + $this->assertContains('flashes.config.notice.user_updated', $alert[0]); + + // restore user + $em = $this->getEntityManager(); + $user = $em + ->getRepository('WallabagUserBundle:User') + ->findOneByUsername('admin'); + + $this->assertTrue($user->isGoogleAuthenticatorEnabled()); + + $user->setGoogleAuthenticatorSecret(null); + $em->persist($user); + $em->flush(); + } + + public function testUserEnable2faBoth() + { + $this->logInAs('admin'); + $client = $this->getClient(); + + $crawler = $client->request('GET', '/config'); + + $this->assertSame(200, $client->getResponse()->getStatusCode()); + + $form = $crawler->filter('button[id=update_user_save]')->form(); + + $data = [ + 'update_user[googleTwoFactor]' => '1', + 'update_user[emailTwoFactor]' => '1', + ]; + + $client->submit($form, $data); + + $this->assertSame(302, $client->getResponse()->getStatusCode()); + + $crawler = $client->followRedirect(); + + $this->assertGreaterThan(1, $alert = $crawler->filter('body')->extract(['_text'])); + $this->assertContains('flashes.config.notice.user_updated', $alert[0]); + + // restore user + $em = $this->getEntityManager(); + $user = $em + ->getRepository('WallabagUserBundle:User') + ->findOneByUsername('admin'); + + $this->assertTrue($user->isGoogleAuthenticatorEnabled()); + $this->assertFalse($user->isEmailTwoFactor()); + + $user->setGoogleAuthenticatorSecret(null); + $em->persist($user); + $em->flush(); + } + public function testRssUpdateResetToken() { $this->logInAs('admin'); -- cgit v1.2.3 From a0c5eb003f1cbeef10d5620e98870c7556e17c75 Mon Sep 17 00:00:00 2001 From: Jeremy Benoist Date: Fri, 18 Jan 2019 22:46:44 +0100 Subject: Change the way to enable 2FA And add a step to validate a generated code from the OTP app --- .../CoreBundle/Controller/ConfigControllerTest.php | 194 +++++++++------------ 1 file changed, 81 insertions(+), 113 deletions(-) (limited to 'tests/Wallabag/CoreBundle/Controller/ConfigControllerTest.php') diff --git a/tests/Wallabag/CoreBundle/Controller/ConfigControllerTest.php b/tests/Wallabag/CoreBundle/Controller/ConfigControllerTest.php index 9ca52c64..1090a686 100644 --- a/tests/Wallabag/CoreBundle/Controller/ConfigControllerTest.php +++ b/tests/Wallabag/CoreBundle/Controller/ConfigControllerTest.php @@ -297,119 +297,6 @@ class ConfigControllerTest extends WallabagCoreTestCase $this->assertContains('flashes.config.notice.user_updated', $alert[0]); } - public function testUserEnable2faEmail() - { - $this->logInAs('admin'); - $client = $this->getClient(); - - $crawler = $client->request('GET', '/config'); - - $this->assertSame(200, $client->getResponse()->getStatusCode()); - - $form = $crawler->filter('button[id=update_user_save]')->form(); - - $data = [ - 'update_user[emailTwoFactor]' => '1', - ]; - - $client->submit($form, $data); - - $this->assertSame(302, $client->getResponse()->getStatusCode()); - - $crawler = $client->followRedirect(); - - $this->assertGreaterThan(1, $alert = $crawler->filter('body')->extract(['_text'])); - $this->assertContains('flashes.config.notice.user_updated', $alert[0]); - - // restore user - $em = $this->getEntityManager(); - $user = $em - ->getRepository('WallabagUserBundle:User') - ->findOneByUsername('admin'); - - $this->assertTrue($user->isEmailTwoFactor()); - - $user->setEmailTwoFactor(false); - $em->persist($user); - $em->flush(); - } - - public function testUserEnable2faGoogle() - { - $this->logInAs('admin'); - $client = $this->getClient(); - - $crawler = $client->request('GET', '/config'); - - $this->assertSame(200, $client->getResponse()->getStatusCode()); - - $form = $crawler->filter('button[id=update_user_save]')->form(); - - $data = [ - 'update_user[googleTwoFactor]' => '1', - ]; - - $client->submit($form, $data); - - $this->assertSame(302, $client->getResponse()->getStatusCode()); - - $crawler = $client->followRedirect(); - - $this->assertGreaterThan(1, $alert = $crawler->filter('body')->extract(['_text'])); - $this->assertContains('flashes.config.notice.user_updated', $alert[0]); - - // restore user - $em = $this->getEntityManager(); - $user = $em - ->getRepository('WallabagUserBundle:User') - ->findOneByUsername('admin'); - - $this->assertTrue($user->isGoogleAuthenticatorEnabled()); - - $user->setGoogleAuthenticatorSecret(null); - $em->persist($user); - $em->flush(); - } - - public function testUserEnable2faBoth() - { - $this->logInAs('admin'); - $client = $this->getClient(); - - $crawler = $client->request('GET', '/config'); - - $this->assertSame(200, $client->getResponse()->getStatusCode()); - - $form = $crawler->filter('button[id=update_user_save]')->form(); - - $data = [ - 'update_user[googleTwoFactor]' => '1', - 'update_user[emailTwoFactor]' => '1', - ]; - - $client->submit($form, $data); - - $this->assertSame(302, $client->getResponse()->getStatusCode()); - - $crawler = $client->followRedirect(); - - $this->assertGreaterThan(1, $alert = $crawler->filter('body')->extract(['_text'])); - $this->assertContains('flashes.config.notice.user_updated', $alert[0]); - - // restore user - $em = $this->getEntityManager(); - $user = $em - ->getRepository('WallabagUserBundle:User') - ->findOneByUsername('admin'); - - $this->assertTrue($user->isGoogleAuthenticatorEnabled()); - $this->assertFalse($user->isEmailTwoFactor()); - - $user->setGoogleAuthenticatorSecret(null); - $em->persist($user); - $em->flush(); - } - public function testRssUpdateResetToken() { $this->logInAs('admin'); @@ -1113,4 +1000,85 @@ class ConfigControllerTest extends WallabagCoreTestCase $this->assertNotSame('yuyuyuyu', $client->getRequest()->getLocale()); $this->assertNotSame('yuyuyuyu', $client->getContainer()->get('session')->get('_locale')); } + + public function testUserEnable2faEmail() + { + $this->logInAs('admin'); + $client = $this->getClient(); + + $crawler = $client->request('GET', '/config/otp/email'); + + $this->assertSame(302, $client->getResponse()->getStatusCode()); + + $crawler = $client->followRedirect(); + + $this->assertGreaterThan(1, $alert = $crawler->filter('body')->extract(['_text'])); + $this->assertContains('flashes.config.notice.otp_enabled', $alert[0]); + + // restore user + $em = $this->getEntityManager(); + $user = $em + ->getRepository('WallabagUserBundle:User') + ->findOneByUsername('admin'); + + $this->assertTrue($user->isEmailTwoFactor()); + + $user->setEmailTwoFactor(false); + $em->persist($user); + $em->flush(); + } + + public function testUserEnable2faGoogle() + { + $this->logInAs('admin'); + $client = $this->getClient(); + + $crawler = $client->request('GET', '/config/otp/app'); + + $this->assertSame(200, $client->getResponse()->getStatusCode()); + + // restore user + $em = $this->getEntityManager(); + $user = $em + ->getRepository('WallabagUserBundle:User') + ->findOneByUsername('admin'); + + $this->assertTrue($user->isGoogleTwoFactor()); + $this->assertGreaterThan(0, $user->getBackupCodes()); + + $user->setGoogleAuthenticatorSecret(false); + $user->setBackupCodes(null); + $em->persist($user); + $em->flush(); + } + + public function testUserEnable2faGoogleCancel() + { + $this->logInAs('admin'); + $client = $this->getClient(); + + $crawler = $client->request('GET', '/config/otp/app'); + + $this->assertSame(200, $client->getResponse()->getStatusCode()); + + // restore user + $em = $this->getEntityManager(); + $user = $em + ->getRepository('WallabagUserBundle:User') + ->findOneByUsername('admin'); + + $this->assertTrue($user->isGoogleTwoFactor()); + $this->assertGreaterThan(0, $user->getBackupCodes()); + + $crawler = $client->request('GET', '/config/otp/app/cancel'); + + $this->assertSame(302, $client->getResponse()->getStatusCode()); + + $user = $em + ->getRepository('WallabagUserBundle:User') + ->findOneByUsername('admin'); + + $this->assertFalse($user->isGoogleTwoFactor()); + $this->assertEmpty($user->getBackupCodes()); + } } -- cgit v1.2.3