wbrawner/server
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
server/tests/lib/Authentication/TwoFactorAuth/ManagerTest.php
Christoph Wurst 6af2efb679
prevent infinite redirect loops if the there is no 2fa provider to pass 
This fixes infinite loops that are caused whenever a user is about to solve a 2FA
challenge, but the provider app is disabled at the same time. Since the session
value usually indicates that the challenge needs to be solved before we grant access
we have to remove that value instead in this special case.
2016-08-24 10:49:23 +02:00

255 lines
7.3 KiB
PHP
Raw Blame History

<?php
/**
* @author Christoph Wurst <christoph@owncloud.com>
*
* @copyright Copyright (c) 2016, ownCloud, Inc.
* @license AGPL-3.0
*
* This code is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License, version 3,
* as published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License, version 3,
* along with this program. If not, see <http://www.gnu.org/licenses/>
*
*/
namespace Test\Authentication\TwoFactorAuth;
use Test\TestCase;
use OC\Authentication\TwoFactorAuth\Manager;
class ManagerTest extends TestCase {
/** @var \OCP\IUser|\PHPUnit_Framework_MockObject_MockObject */
private $user;
/** @var \OC\App\AppManager|\PHPUnit_Framework_MockObject_MockObject */
private $appManager;
/** @var \OCP\ISession|\PHPUnit_Framework_MockObject_MockObject */
private $session;
/** @var Manager */
private $manager;
/** @var \OCP\IConfig|\PHPUnit_Framework_MockObject_MockObject */
private $config;
/** @var \OCP\Authentication\TwoFactorAuth\IProvider|\PHPUnit_Framework_MockObject_MockObject */
private $fakeProvider;
protected function setUp() {
parent::setUp();
$this->user = $this->getMock('\OCP\IUser');
$this->appManager = $this->getMockBuilder('\OC\App\AppManager')
->disableOriginalConstructor()
->getMock();
$this->session = $this->getMock('\OCP\ISession');
$this->config = $this->getMock('\OCP\IConfig');
$this->manager = $this->getMockBuilder('\OC\Authentication\TwoFactorAuth\Manager')
->setConstructorArgs([$this->appManager, $this->session, $this->config])
->setMethods(['loadTwoFactorApp']) // Do not actually load the apps
->getMock();
$this->fakeProvider = $this->getMock('\OCP\Authentication\TwoFactorAuth\IProvider');
$this->fakeProvider->expects($this->any())
->method('getId')
->will($this->returnValue('email'));
$this->fakeProvider->expects($this->any())
->method('isTwoFactorAuthEnabledForUser')
->will($this->returnValue(true));
\OC::$server->registerService('\OCA\MyCustom2faApp\FakeProvider', function() {
return $this->fakeProvider;
});
}
private function prepareNoProviders() {
$this->appManager->expects($this->any())
->method('getEnabledAppsForUser')
->with($this->user)
->will($this->returnValue([]));
$this->appManager->expects($this->never())
->method('getAppInfo');
$this->manager->expects($this->never())
->method('loadTwoFactorApp');
}
private function prepareProviders() {
$this->appManager->expects($this->any())
->method('getEnabledAppsForUser')
->with($this->user)
->will($this->returnValue(['mycustom2faapp']));
$this->appManager->expects($this->once())
->method('getAppInfo')
->with('mycustom2faapp')
->will($this->returnValue([
'two-factor-providers' => [
'\OCA\MyCustom2faApp\FakeProvider',
],
]));
$this->manager->expects($this->once())
->method('loadTwoFactorApp')
->with('mycustom2faapp');
}
/**
* @expectedException \Exception
* @expectedExceptionMessage Could not load two-factor auth provider \OCA\MyFaulty2faApp\DoesNotExist
*/
public function testFailHardIfProviderCanNotBeLoaded() {
$this->appManager->expects($this->once())
->method('getEnabledAppsForUser')
->with($this->user)
->will($this->returnValue(['faulty2faapp']));
$this->manager->expects($this->once())
->method('loadTwoFactorApp')
->with('faulty2faapp');
$this->appManager->expects($this->once())
->method('getAppInfo')
->with('faulty2faapp')
->will($this->returnValue([
'two-factor-providers' => [
'\OCA\MyFaulty2faApp\DoesNotExist',
],
]));
$this->manager->getProviders($this->user);
}
public function testIsTwoFactorAuthenticated() {
$this->prepareProviders();
$this->user->expects($this->once())
->method('getUID')
->will($this->returnValue('user123'));
$this->config->expects($this->once())
->method('getUserValue')
->with('user123', 'core', 'two_factor_auth_disabled', 0)
->will($this->returnValue(0));
$this->assertTrue($this->manager->isTwoFactorAuthenticated($this->user));
}
public function testGetProvider() {
$this->prepareProviders();
$this->assertSame($this->fakeProvider, $this->manager->getProvider($this->user, 'email'));
}
public function testGetInvalidProvider() {
$this->prepareProviders();
$this->assertSame(null, $this->manager->getProvider($this->user, 'nonexistent'));
}
public function testGetProviders() {
$this->prepareProviders();
$expectedProviders = [
'email' => $this->fakeProvider,
];
$this->assertEquals($expectedProviders, $this->manager->getProviders($this->user));
}
public function testVerifyChallenge() {
$this->prepareProviders();
$challenge = 'passme';
$this->fakeProvider->expects($this->once())
->method('verifyChallenge')
->with($this->user, $challenge)
->will($this->returnValue(true));
$this->session->expects($this->once())
->method('remove')
->with('two_factor_auth_uid');
$this->assertTrue($this->manager->verifyChallenge('email', $this->user, $challenge));
}
public function testVerifyChallengeInvalidProviderId() {
$this->prepareProviders();
$challenge = 'passme';
$this->fakeProvider->expects($this->never())
->method('verifyChallenge')
->with($this->user, $challenge);
$this->session->expects($this->never())
->method('remove');
$this->assertFalse($this->manager->verifyChallenge('dontexist', $this->user, $challenge));
}
public function testVerifyInvalidChallenge() {
$this->prepareProviders();
$challenge = 'dontpassme';
$this->fakeProvider->expects($this->once())
->method('verifyChallenge')
->with($this->user, $challenge)
->will($this->returnValue(false));
$this->session->expects($this->never())
->method('remove');
$this->assertFalse($this->manager->verifyChallenge('email', $this->user, $challenge));
}
public function testNeedsSecondFactor() {
$user = $this->getMock('\OCP\IUser');
$this->session->expects($this->once())
->method('exists')
->with('two_factor_auth_uid')
->will($this->returnValue(false));
$this->assertFalse($this->manager->needsSecondFactor($user));
}
public function testNeedsSecondFactorUserIsNull() {
$user = null;
$this->session->expects($this->never())
->method('exists');
$this->assertFalse($this->manager->needsSecondFactor($user));
}
public function testNeedsSecondFactorWithNoProviderAvailableAnymore() {
$this->prepareNoProviders();
$user = null;
$this->session->expects($this->never())
->method('exists')
->with('two_factor_auth_uid')
->will($this->returnValue(true));
$this->session->expects($this->never())
->method('remove')
->with('two_factor_auth_uid');
$this->assertFalse($this->manager->needsSecondFactor($user));
}
public function testPrepareTwoFactorLogin() {
$this->user->expects($this->once())
->method('getUID')
->will($this->returnValue('ferdinand'));
$this->session->expects($this->once())
->method('set')
->with('two_factor_auth_uid', 'ferdinand');
$this->manager->prepareTwoFactorLogin($this->user);
}
}
Reference in a new issue View git blame Copy permalink