mirror of
https://github.com/nextcloud/server.git
synced 2026-03-22 18:33:46 -04:00
1806baaeaf
In 2f87fb6b45 this header was introduced. The referenced documentation says:
> When delivered with a response from https://example.com/clear, the following header will cause cookies associated with the origin https://example.com to be cleared, as well as cookies on any origin in the same registered domain (e.g. https://www.example.com/ and https://more.subdomains.example.com/).
This also applies if `https://nextcloud.example.com/` sends the `Clear-Site-Data: "cookies"` header.
This is not the behavior we want at this point!
So I removed the deletion of cookies from the header. This has no effect on the logout process as this header is supported only recently and the logout works in old browsers as well.
Signed-off-by: Patrick Conrad <conrad@iza.org>
734 lines
22 KiB
PHP
734 lines
22 KiB
PHP
<?php
|
|
/**
|
|
* @author Lukas Reschke <lukas@owncloud.com>
|
|
*
|
|
* @copyright Copyright (c) 2016, ownCloud, Inc.
|
|
* @license AGPL-3.0
|
|
*
|
|
* This code is free software: you can redistribute it and/or modify
|
|
* it under the terms of the GNU Affero General Public License, version 3,
|
|
* as published by the Free Software Foundation.
|
|
*
|
|
* This program is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU Affero General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU Affero General Public License, version 3,
|
|
* along with this program. If not, see <http://www.gnu.org/licenses/>
|
|
*
|
|
*/
|
|
|
|
namespace Tests\Core\Controller;
|
|
|
|
use OC\Authentication\Token\IToken;
|
|
use OC\Authentication\TwoFactorAuth\Manager;
|
|
use OC\Authentication\TwoFactorAuth\ProviderSet;
|
|
use OC\Core\Controller\LoginController;
|
|
use OC\Security\Bruteforce\Throttler;
|
|
use OC\User\Session;
|
|
use OCA\TwoFactorBackupCodes\Provider\BackupCodesProvider;
|
|
use OCP\AppFramework\Http\RedirectResponse;
|
|
use OCP\AppFramework\Http\TemplateResponse;
|
|
use OCP\Authentication\TwoFactorAuth\IProvider;
|
|
use OCP\Defaults;
|
|
use OCP\IConfig;
|
|
use OCP\ILogger;
|
|
use OCP\IRequest;
|
|
use OCP\ISession;
|
|
use OCP\IURLGenerator;
|
|
use OCP\IUser;
|
|
use OCP\IUserManager;
|
|
use Test\TestCase;
|
|
|
|
class LoginControllerTest extends TestCase {
|
|
/** @var LoginController */
|
|
private $loginController;
|
|
/** @var IRequest|\PHPUnit_Framework_MockObject_MockObject */
|
|
private $request;
|
|
/** @var IUserManager|\PHPUnit_Framework_MockObject_MockObject */
|
|
private $userManager;
|
|
/** @var IConfig|\PHPUnit_Framework_MockObject_MockObject */
|
|
private $config;
|
|
/** @var ISession|\PHPUnit_Framework_MockObject_MockObject */
|
|
private $session;
|
|
/** @var Session|\PHPUnit_Framework_MockObject_MockObject */
|
|
private $userSession;
|
|
/** @var IURLGenerator|\PHPUnit_Framework_MockObject_MockObject */
|
|
private $urlGenerator;
|
|
/** @var ILogger|\PHPUnit_Framework_MockObject_MockObject */
|
|
private $logger;
|
|
/** @var Manager|\PHPUnit_Framework_MockObject_MockObject */
|
|
private $twoFactorManager;
|
|
/** @var Defaults|\PHPUnit_Framework_MockObject_MockObject */
|
|
private $defaults;
|
|
/** @var Throttler|\PHPUnit_Framework_MockObject_MockObject */
|
|
private $throttler;
|
|
|
|
public function setUp() {
|
|
parent::setUp();
|
|
$this->request = $this->createMock(IRequest::class);
|
|
$this->userManager = $this->createMock(\OC\User\Manager::class);
|
|
$this->config = $this->createMock(IConfig::class);
|
|
$this->session = $this->createMock(ISession::class);
|
|
$this->userSession = $this->createMock(Session::class);
|
|
$this->urlGenerator = $this->createMock(IURLGenerator::class);
|
|
$this->logger = $this->createMock(ILogger::class);
|
|
$this->twoFactorManager = $this->createMock(Manager::class);
|
|
$this->defaults = $this->createMock(Defaults::class);
|
|
$this->throttler = $this->createMock(Throttler::class);
|
|
|
|
$this->request->method('getRemoteAddress')
|
|
->willReturn('1.2.3.4');
|
|
$this->throttler->method('getDelay')
|
|
->with(
|
|
$this->equalTo('1.2.3.4'),
|
|
$this->equalTo('')
|
|
)->willReturn(1000);
|
|
|
|
$this->loginController = new LoginController(
|
|
'core',
|
|
$this->request,
|
|
$this->userManager,
|
|
$this->config,
|
|
$this->session,
|
|
$this->userSession,
|
|
$this->urlGenerator,
|
|
$this->logger,
|
|
$this->twoFactorManager,
|
|
$this->defaults,
|
|
$this->throttler
|
|
);
|
|
}
|
|
|
|
public function testLogoutWithoutToken() {
|
|
$this->request
|
|
->expects($this->once())
|
|
->method('getCookie')
|
|
->with('nc_token')
|
|
->willReturn(null);
|
|
$this->config
|
|
->expects($this->never())
|
|
->method('deleteUserValue');
|
|
$this->urlGenerator
|
|
->expects($this->once())
|
|
->method('linkToRouteAbsolute')
|
|
->with('core.login.showLoginForm')
|
|
->willReturn('/login');
|
|
|
|
$expected = new RedirectResponse('/login');
|
|
$expected->addHeader('Clear-Site-Data', '"cache", "storage", "executionContexts"');
|
|
$this->assertEquals($expected, $this->loginController->logout());
|
|
}
|
|
|
|
public function testLogoutWithToken() {
|
|
$this->request
|
|
->expects($this->once())
|
|
->method('getCookie')
|
|
->with('nc_token')
|
|
->willReturn('MyLoginToken');
|
|
$user = $this->createMock(IUser::class);
|
|
$user
|
|
->expects($this->once())
|
|
->method('getUID')
|
|
->willReturn('JohnDoe');
|
|
$this->userSession
|
|
->expects($this->once())
|
|
->method('getUser')
|
|
->willReturn($user);
|
|
$this->config
|
|
->expects($this->once())
|
|
->method('deleteUserValue')
|
|
->with('JohnDoe', 'login_token', 'MyLoginToken');
|
|
$this->urlGenerator
|
|
->expects($this->once())
|
|
->method('linkToRouteAbsolute')
|
|
->with('core.login.showLoginForm')
|
|
->willReturn('/login');
|
|
|
|
$expected = new RedirectResponse('/login');
|
|
$expected->addHeader('Clear-Site-Data', '"cache", "storage", "executionContexts"');
|
|
$this->assertEquals($expected, $this->loginController->logout());
|
|
}
|
|
|
|
public function testShowLoginFormForLoggedInUsers() {
|
|
$this->userSession
|
|
->expects($this->once())
|
|
->method('isLoggedIn')
|
|
->willReturn(true);
|
|
|
|
$expectedResponse = new RedirectResponse(\OC_Util::getDefaultPageUrl());
|
|
$this->assertEquals($expectedResponse, $this->loginController->showLoginForm('', '', ''));
|
|
}
|
|
|
|
public function testShowLoginFormWithErrorsInSession() {
|
|
$this->userSession
|
|
->expects($this->once())
|
|
->method('isLoggedIn')
|
|
->willReturn(false);
|
|
$this->session
|
|
->expects($this->once())
|
|
->method('get')
|
|
->with('loginMessages')
|
|
->willReturn(
|
|
[
|
|
[
|
|
'ErrorArray1',
|
|
'ErrorArray2',
|
|
],
|
|
[
|
|
'MessageArray1',
|
|
'MessageArray2',
|
|
],
|
|
]
|
|
);
|
|
|
|
$expectedResponse = new TemplateResponse(
|
|
'core',
|
|
'login',
|
|
[
|
|
'ErrorArray1' => true,
|
|
'ErrorArray2' => true,
|
|
'messages' => [
|
|
'MessageArray1',
|
|
'MessageArray2',
|
|
],
|
|
'loginName' => '',
|
|
'user_autofocus' => true,
|
|
'canResetPassword' => true,
|
|
'alt_login' => [],
|
|
'resetPasswordLink' => null,
|
|
'throttle_delay' => 1000,
|
|
],
|
|
'guest'
|
|
);
|
|
$this->assertEquals($expectedResponse, $this->loginController->showLoginForm('', '', ''));
|
|
}
|
|
|
|
public function testShowLoginFormForFlowAuth() {
|
|
$this->userSession
|
|
->expects($this->once())
|
|
->method('isLoggedIn')
|
|
->willReturn(false);
|
|
|
|
$expectedResponse = new TemplateResponse(
|
|
'core',
|
|
'login',
|
|
[
|
|
'messages' => [],
|
|
'redirect_url' => 'login/flow',
|
|
'loginName' => '',
|
|
'user_autofocus' => true,
|
|
'canResetPassword' => true,
|
|
'alt_login' => [],
|
|
'resetPasswordLink' => null,
|
|
'throttle_delay' => 1000,
|
|
],
|
|
'guest'
|
|
);
|
|
$this->assertEquals($expectedResponse, $this->loginController->showLoginForm('', 'login/flow', ''));
|
|
}
|
|
|
|
/**
|
|
* @return array
|
|
*/
|
|
public function passwordResetDataProvider() {
|
|
return [
|
|
[
|
|
true,
|
|
true,
|
|
],
|
|
[
|
|
false,
|
|
false,
|
|
],
|
|
];
|
|
}
|
|
|
|
/**
|
|
* @dataProvider passwordResetDataProvider
|
|
*/
|
|
public function testShowLoginFormWithPasswordResetOption($canChangePassword,
|
|
$expectedResult) {
|
|
$this->userSession
|
|
->expects($this->once())
|
|
->method('isLoggedIn')
|
|
->willReturn(false);
|
|
$this->config
|
|
->expects($this->once())
|
|
->method('getSystemValue')
|
|
->with('lost_password_link')
|
|
->willReturn(false);
|
|
$user = $this->createMock(IUser::class);
|
|
$user
|
|
->expects($this->once())
|
|
->method('canChangePassword')
|
|
->willReturn($canChangePassword);
|
|
$this->userManager
|
|
->expects($this->once())
|
|
->method('get')
|
|
->with('LdapUser')
|
|
->willReturn($user);
|
|
|
|
$expectedResponse = new TemplateResponse(
|
|
'core',
|
|
'login',
|
|
[
|
|
'messages' => [],
|
|
'loginName' => 'LdapUser',
|
|
'user_autofocus' => false,
|
|
'canResetPassword' => $expectedResult,
|
|
'alt_login' => [],
|
|
'resetPasswordLink' => false,
|
|
'throttle_delay' => 1000,
|
|
],
|
|
'guest'
|
|
);
|
|
$this->assertEquals($expectedResponse, $this->loginController->showLoginForm('LdapUser', '', ''));
|
|
}
|
|
|
|
/**
|
|
* Asserts that a disabled user can't login and gets the expected response.
|
|
*/
|
|
public function testLoginForDisabledUser() {
|
|
/** @var IUser|\PHPUnit_Framework_MockObject_MockObject $user */
|
|
$user = $this->createMock(IUser::class);
|
|
$user->method('getUID')
|
|
->willReturn('uid');
|
|
$user->method('isEnabled')
|
|
->willReturn(false);
|
|
|
|
$this->request
|
|
->expects($this->once())
|
|
->method('passesCSRFCheck')
|
|
->willReturn(true);
|
|
|
|
$this->userSession
|
|
->method('isLoggedIn')
|
|
->willReturn(false);
|
|
|
|
$loginName = 'iMDisabled';
|
|
$password = 'secret';
|
|
|
|
$this->session
|
|
->expects($this->once())
|
|
->method('set')
|
|
->with('loginMessages', [
|
|
[LoginController::LOGIN_MSG_USERDISABLED], []
|
|
]);
|
|
|
|
$this->userManager
|
|
->expects($this->once())
|
|
->method('get')
|
|
->with($loginName)
|
|
->willReturn($user);
|
|
|
|
$expected = new RedirectResponse('');
|
|
$expected->throttle(['user' => $loginName]);
|
|
|
|
$response = $this->loginController->tryLogin(
|
|
$loginName, $password, null, false, 'Europe/Berlin', '1'
|
|
);
|
|
$this->assertEquals($expected, $response);
|
|
}
|
|
|
|
public function testShowLoginFormForUserNamed0() {
|
|
$this->userSession
|
|
->expects($this->once())
|
|
->method('isLoggedIn')
|
|
->willReturn(false);
|
|
$this->config
|
|
->expects($this->once())
|
|
->method('getSystemValue')
|
|
->with('lost_password_link')
|
|
->willReturn(false);
|
|
$user = $this->createMock(IUser::class);
|
|
$user->expects($this->once())
|
|
->method('canChangePassword')
|
|
->willReturn(false);
|
|
$this->userManager
|
|
->expects($this->once())
|
|
->method('get')
|
|
->with('0')
|
|
->willReturn($user);
|
|
|
|
$expectedResponse = new TemplateResponse(
|
|
'core',
|
|
'login',
|
|
[
|
|
'messages' => [],
|
|
'loginName' => '0',
|
|
'user_autofocus' => false,
|
|
'canResetPassword' => false,
|
|
'alt_login' => [],
|
|
'resetPasswordLink' => false,
|
|
'throttle_delay' => 1000,
|
|
],
|
|
'guest'
|
|
);
|
|
$this->assertEquals($expectedResponse, $this->loginController->showLoginForm('0', '', ''));
|
|
}
|
|
|
|
public function testLoginWithInvalidCredentials() {
|
|
$user = 'MyUserName';
|
|
$password = 'secret';
|
|
$loginPageUrl = '/login?redirect_url=/apps/files';
|
|
|
|
$this->request
|
|
->expects($this->once())
|
|
->method('passesCSRFCheck')
|
|
->willReturn(true);
|
|
$this->userManager->expects($this->once())
|
|
->method('checkPasswordNoLogging')
|
|
->will($this->returnValue(false));
|
|
$this->userManager->expects($this->once())
|
|
->method('getByEmail')
|
|
->with($user)
|
|
->willReturn([]);
|
|
$this->urlGenerator->expects($this->once())
|
|
->method('linkToRoute')
|
|
->with('core.login.showLoginForm', [
|
|
'user' => 'MyUserName',
|
|
'redirect_url' => '/apps/files',
|
|
])
|
|
->will($this->returnValue($loginPageUrl));
|
|
|
|
$this->userSession->expects($this->never())
|
|
->method('createSessionToken');
|
|
$this->userSession->expects($this->never())
|
|
->method('createRememberMeToken');
|
|
$this->config->expects($this->never())
|
|
->method('deleteUserValue');
|
|
|
|
$expected = new \OCP\AppFramework\Http\RedirectResponse($loginPageUrl);
|
|
$expected->throttle(['user' => 'MyUserName']);
|
|
$this->assertEquals($expected, $this->loginController->tryLogin($user, $password, '/apps/files'));
|
|
}
|
|
|
|
public function testLoginWithValidCredentials() {
|
|
/** @var IUser|\PHPUnit_Framework_MockObject_MockObject $user */
|
|
$user = $this->createMock(IUser::class);
|
|
$user->expects($this->any())
|
|
->method('getUID')
|
|
->will($this->returnValue('uid'));
|
|
$loginName = 'loginli';
|
|
$user->expects($this->any())
|
|
->method('getLastLogin')
|
|
->willReturn(123456);
|
|
$password = 'secret';
|
|
$indexPageUrl = \OC_Util::getDefaultPageUrl();
|
|
|
|
$this->request
|
|
->expects($this->once())
|
|
->method('passesCSRFCheck')
|
|
->willReturn(true);
|
|
$this->userManager->expects($this->once())
|
|
->method('checkPasswordNoLogging')
|
|
->will($this->returnValue($user));
|
|
$this->userSession->expects($this->once())
|
|
->method('completeLogin')
|
|
->with($user, ['loginName' => $loginName, 'password' => $password]);
|
|
$this->userSession->expects($this->once())
|
|
->method('createSessionToken')
|
|
->with($this->request, $user->getUID(), $loginName, $password, IToken::REMEMBER);
|
|
$this->twoFactorManager->expects($this->once())
|
|
->method('isTwoFactorAuthenticated')
|
|
->with($user)
|
|
->will($this->returnValue(false));
|
|
$this->config->expects($this->once())
|
|
->method('deleteUserValue')
|
|
->with('uid', 'core', 'lostpassword');
|
|
$this->config->expects($this->once())
|
|
->method('setUserValue')
|
|
->with('uid', 'core', 'timezone', 'Europe/Berlin');
|
|
$this->userSession->expects($this->never())
|
|
->method('createRememberMeToken');
|
|
|
|
$this->session->expects($this->exactly(2))
|
|
->method('set')
|
|
->withConsecutive(
|
|
['last-password-confirm', 123456],
|
|
['timezone', '1']
|
|
);
|
|
|
|
$expected = new \OCP\AppFramework\Http\RedirectResponse($indexPageUrl);
|
|
$this->assertEquals($expected, $this->loginController->tryLogin($loginName, $password, null, false, 'Europe/Berlin', '1'));
|
|
}
|
|
|
|
public function testLoginWithValidCredentialsAndRememberMe() {
|
|
/** @var IUser|\PHPUnit_Framework_MockObject_MockObject $user */
|
|
$user = $this->createMock(IUser::class);
|
|
$user->expects($this->any())
|
|
->method('getUID')
|
|
->will($this->returnValue('uid'));
|
|
$loginName = 'loginli';
|
|
$password = 'secret';
|
|
$indexPageUrl = \OC_Util::getDefaultPageUrl();
|
|
|
|
$this->request
|
|
->expects($this->once())
|
|
->method('passesCSRFCheck')
|
|
->willReturn(true);
|
|
$this->userManager->expects($this->once())
|
|
->method('checkPasswordNoLogging')
|
|
->will($this->returnValue($user));
|
|
$this->userSession->expects($this->once())
|
|
->method('completeLogin')
|
|
->with($user, ['loginName' => $loginName, 'password' => $password]);
|
|
$this->userSession->expects($this->once())
|
|
->method('createSessionToken')
|
|
->with($this->request, $user->getUID(), $loginName, $password, true);
|
|
$this->twoFactorManager->expects($this->once())
|
|
->method('isTwoFactorAuthenticated')
|
|
->with($user)
|
|
->will($this->returnValue(false));
|
|
$this->config->expects($this->once())
|
|
->method('deleteUserValue')
|
|
->with('uid', 'core', 'lostpassword');
|
|
$this->userSession->expects($this->once())
|
|
->method('createRememberMeToken')
|
|
->with($user);
|
|
|
|
$expected = new \OCP\AppFramework\Http\RedirectResponse($indexPageUrl);
|
|
$this->assertEquals($expected, $this->loginController->tryLogin($loginName, $password, null, true));
|
|
}
|
|
|
|
public function testLoginWithoutPassedCsrfCheckAndNotLoggedIn() {
|
|
/** @var IUser|\PHPUnit_Framework_MockObject_MockObject $user */
|
|
$user = $this->createMock(IUser::class);
|
|
$user->expects($this->any())
|
|
->method('getUID')
|
|
->will($this->returnValue('jane'));
|
|
$password = 'secret';
|
|
$originalUrl = 'another%20url';
|
|
|
|
$this->request
|
|
->expects($this->once())
|
|
->method('passesCSRFCheck')
|
|
->willReturn(false);
|
|
$this->userSession->expects($this->once())
|
|
->method('isLoggedIn')
|
|
->with()
|
|
->will($this->returnValue(false));
|
|
$this->config->expects($this->never())
|
|
->method('deleteUserValue');
|
|
$this->userSession->expects($this->never())
|
|
->method('createRememberMeToken');
|
|
|
|
$expected = new \OCP\AppFramework\Http\RedirectResponse(\OC_Util::getDefaultPageUrl());
|
|
$this->assertEquals($expected, $this->loginController->tryLogin('Jane', $password, $originalUrl));
|
|
}
|
|
|
|
public function testLoginWithoutPassedCsrfCheckAndLoggedIn() {
|
|
/** @var IUser|\PHPUnit_Framework_MockObject_MockObject $user */
|
|
$user = $this->createMock(IUser::class);
|
|
$user->expects($this->any())
|
|
->method('getUID')
|
|
->will($this->returnValue('jane'));
|
|
$password = 'secret';
|
|
$originalUrl = 'another%20url';
|
|
$redirectUrl = 'http://localhost/another url';
|
|
|
|
$this->request
|
|
->expects($this->once())
|
|
->method('passesCSRFCheck')
|
|
->willReturn(false);
|
|
$this->userSession->expects($this->once())
|
|
->method('isLoggedIn')
|
|
->with()
|
|
->will($this->returnValue(true));
|
|
$this->urlGenerator->expects($this->once())
|
|
->method('getAbsoluteURL')
|
|
->with(urldecode($originalUrl))
|
|
->will($this->returnValue($redirectUrl));
|
|
$this->config->expects($this->never())
|
|
->method('deleteUserValue');
|
|
$this->userSession->expects($this->never())
|
|
->method('createRememberMeToken');
|
|
|
|
$expected = new \OCP\AppFramework\Http\RedirectResponse($redirectUrl);
|
|
$this->assertEquals($expected, $this->loginController->tryLogin('Jane', $password, $originalUrl));
|
|
}
|
|
|
|
public function testLoginWithValidCredentialsAndRedirectUrl() {
|
|
/** @var IUser|\PHPUnit_Framework_MockObject_MockObject $user */
|
|
$user = $this->createMock(IUser::class);
|
|
$user->expects($this->any())
|
|
->method('getUID')
|
|
->will($this->returnValue('jane'));
|
|
$password = 'secret';
|
|
$originalUrl = 'another%20url';
|
|
$redirectUrl = 'http://localhost/another url';
|
|
|
|
$this->request
|
|
->expects($this->once())
|
|
->method('passesCSRFCheck')
|
|
->willReturn(true);
|
|
$this->userManager->expects($this->once())
|
|
->method('checkPasswordNoLogging')
|
|
->with('Jane', $password)
|
|
->will($this->returnValue($user));
|
|
$this->userSession->expects($this->once())
|
|
->method('createSessionToken')
|
|
->with($this->request, $user->getUID(), 'Jane', $password, IToken::REMEMBER);
|
|
$this->userSession->expects($this->once())
|
|
->method('isLoggedIn')
|
|
->with()
|
|
->will($this->returnValue(true));
|
|
$this->urlGenerator->expects($this->once())
|
|
->method('getAbsoluteURL')
|
|
->with(urldecode($originalUrl))
|
|
->will($this->returnValue($redirectUrl));
|
|
$this->config->expects($this->once())
|
|
->method('deleteUserValue')
|
|
->with('jane', 'core', 'lostpassword');
|
|
|
|
$expected = new \OCP\AppFramework\Http\RedirectResponse(urldecode($redirectUrl));
|
|
$this->assertEquals($expected, $this->loginController->tryLogin('Jane', $password, $originalUrl));
|
|
}
|
|
|
|
public function testLoginWithOneTwoFactorProvider() {
|
|
/** @var IUser|\PHPUnit_Framework_MockObject_MockObject $user */
|
|
$user = $this->createMock(IUser::class);
|
|
$user->expects($this->any())
|
|
->method('getUID')
|
|
->will($this->returnValue('john'));
|
|
$password = 'secret';
|
|
$challengeUrl = 'challenge/url';
|
|
$provider1 = $this->createMock(IProvider::class);
|
|
$provider1->method('getId')->willReturn('u2f');
|
|
$provider2 = $this->createMock(BackupCodesProvider::class);
|
|
$provider2->method('getId')->willReturn('backup');
|
|
|
|
$this->request
|
|
->expects($this->once())
|
|
->method('passesCSRFCheck')
|
|
->willReturn(true);
|
|
$this->userManager->expects($this->once())
|
|
->method('checkPasswordNoLogging')
|
|
->will($this->returnValue($user));
|
|
$this->userSession->expects($this->once())
|
|
->method('completeLogin')
|
|
->with($user, ['loginName' => 'john@doe.com', 'password' => $password]);
|
|
$this->userSession->expects($this->once())
|
|
->method('createSessionToken')
|
|
->with($this->request, $user->getUID(), 'john@doe.com', $password, IToken::REMEMBER);
|
|
$this->twoFactorManager->expects($this->once())
|
|
->method('isTwoFactorAuthenticated')
|
|
->with($user)
|
|
->will($this->returnValue(true));
|
|
$this->twoFactorManager->expects($this->once())
|
|
->method('prepareTwoFactorLogin')
|
|
->with($user);
|
|
$providerSet = new ProviderSet([$provider1, $provider2], false);
|
|
$this->twoFactorManager->expects($this->once())
|
|
->method('getProviderSet')
|
|
->with($user)
|
|
->willReturn($providerSet);
|
|
$this->urlGenerator->expects($this->once())
|
|
->method('linkToRoute')
|
|
->with('core.TwoFactorChallenge.showChallenge', [
|
|
'challengeProviderId' => 'u2f',
|
|
])
|
|
->will($this->returnValue($challengeUrl));
|
|
$this->config->expects($this->once())
|
|
->method('deleteUserValue')
|
|
->with('john', 'core', 'lostpassword');
|
|
$this->userSession->expects($this->never())
|
|
->method('createRememberMeToken');
|
|
|
|
$expected = new RedirectResponse($challengeUrl);
|
|
$this->assertEquals($expected, $this->loginController->tryLogin('john@doe.com', $password, null));
|
|
}
|
|
|
|
public function testLoginWithMultipleTwoFactorProviders() {
|
|
/** @var IUser|\PHPUnit_Framework_MockObject_MockObject $user */
|
|
$user = $this->createMock(IUser::class);
|
|
$user->expects($this->any())
|
|
->method('getUID')
|
|
->will($this->returnValue('john'));
|
|
$password = 'secret';
|
|
$challengeUrl = 'challenge/url';
|
|
$provider1 = $this->createMock(IProvider::class);
|
|
$provider2 = $this->createMock(IProvider::class);
|
|
$provider1->method('getId')->willReturn('prov1');
|
|
$provider2->method('getId')->willReturn('prov2');
|
|
|
|
$this->request
|
|
->expects($this->once())
|
|
->method('passesCSRFCheck')
|
|
->willReturn(true);
|
|
$this->userManager->expects($this->once())
|
|
->method('checkPasswordNoLogging')
|
|
->will($this->returnValue($user));
|
|
$this->userSession->expects($this->once())
|
|
->method('completeLogin')
|
|
->with($user, ['loginName' => 'john@doe.com', 'password' => $password]);
|
|
$this->userSession->expects($this->once())
|
|
->method('createSessionToken')
|
|
->with($this->request, $user->getUID(), 'john@doe.com', $password, IToken::REMEMBER);
|
|
$this->twoFactorManager->expects($this->once())
|
|
->method('isTwoFactorAuthenticated')
|
|
->with($user)
|
|
->will($this->returnValue(true));
|
|
$this->twoFactorManager->expects($this->once())
|
|
->method('prepareTwoFactorLogin')
|
|
->with($user);
|
|
$providerSet = new ProviderSet([$provider1, $provider2], false);
|
|
$this->twoFactorManager->expects($this->once())
|
|
->method('getProviderSet')
|
|
->with($user)
|
|
->willReturn($providerSet);
|
|
$this->urlGenerator->expects($this->once())
|
|
->method('linkToRoute')
|
|
->with('core.TwoFactorChallenge.selectChallenge')
|
|
->will($this->returnValue($challengeUrl));
|
|
$this->config->expects($this->once())
|
|
->method('deleteUserValue')
|
|
->with('john', 'core', 'lostpassword');
|
|
$this->userSession->expects($this->never())
|
|
->method('createRememberMeToken');
|
|
|
|
$expected = new RedirectResponse($challengeUrl);
|
|
$this->assertEquals($expected, $this->loginController->tryLogin('john@doe.com', $password, null));
|
|
}
|
|
|
|
public function testToNotLeakLoginName() {
|
|
/** @var IUser|\PHPUnit_Framework_MockObject_MockObject $user */
|
|
$user = $this->createMock(IUser::class);
|
|
$user->expects($this->any())
|
|
->method('getUID')
|
|
->will($this->returnValue('john'));
|
|
|
|
$this->userManager->expects($this->once())
|
|
->method('checkPasswordNoLogging')
|
|
->with('john@doe.com', 'just wrong')
|
|
->willReturn(false);
|
|
$this->userManager->expects($this->once())
|
|
->method('checkPassword')
|
|
->with('john', 'just wrong')
|
|
->willReturn(false);
|
|
|
|
$this->userManager->expects($this->once())
|
|
->method('getByEmail')
|
|
->with('john@doe.com')
|
|
->willReturn([$user]);
|
|
|
|
$this->urlGenerator->expects($this->once())
|
|
->method('linkToRoute')
|
|
->with('core.login.showLoginForm', ['user' => 'john@doe.com'])
|
|
->will($this->returnValue(''));
|
|
$this->request
|
|
->expects($this->once())
|
|
->method('passesCSRFCheck')
|
|
->willReturn(true);
|
|
$this->config->expects($this->never())
|
|
->method('deleteUserValue');
|
|
$this->userSession->expects($this->never())
|
|
->method('createRememberMeToken');
|
|
|
|
$expected = new RedirectResponse('');
|
|
$expected->throttle(['user' => 'john']);
|
|
$this->assertEquals($expected, $this->loginController->tryLogin('john@doe.com', 'just wrong', null));
|
|
}
|
|
}
|