mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-10-13 16:05:34 +02:00
Code Issues Releases Wiki Activity

[ticket/15085] Extend unit tests for http_auth_subscriber

Browse Source 
PHPBB-15085
This commit is contained in:
Marc Alexander
2025-10-04 13:21:06 +02:00
parent 82b72016aa
commit 2bc90da687
2 changed files with 303 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
phpBB/phpbb/feed/event/http_auth_subscriber.php
View File

@@ -190,6 +190,7 @@ class http_auth_subscriber implements EventSubscriberInterface
protected function send_auth_challenge(GetResponseEvent $event) protected function send_auth_challenge(GetResponseEvent $event)
{ {
$realm = $this->config['sitename']; $realm = $this->config['sitename'];
// Filter out non-ASCII characters per RFC2616 // Filter out non-ASCII characters per RFC2616
$realm = preg_replace('/[\x80-\xFF]/', '?', $realm); $realm = preg_replace('/[\x80-\xFF]/', '?', $realm);

327
tests/feed/http_auth_subscriber_test.php
View File

@@ -1,26 +1,33 @@
<?php <?php
use phpbb\config\config;
use phpbb\feed\event\http_auth_subscriber;
use phpbb\request\request_interface;
use Symfony\Component\HttpFoundation\Response;
/** /**
* *
* This file is part of the phpBB Forum Software package. * This file is part of the phpBB Forum Software package.
* *
* @copyright (c) phpBB Limited <https://www.phpbb.com> * @copyright (c) phpBB Limited <https://www.phpbb.com>
* @license GNU General Public License, version 2 (GPL-2.0) * @license GNU General Public License, version 2 (GPL-2.0)
* *
* For full copyright and license information, please see * For full copyright and license information, please see
* the docs/CREDITS.txt file. * the docs/CREDITS.txt file.
* *
*/ */
namespace phpbb\feed\event; class phpbb_feed_http_auth_subscriber_test extends \phpbb_test_case
class http_auth_subscriber_test extends \phpbb_test_case
{ {
/** @var \PHPUnit\Framework\MockObject\MockObject|\phpbb\auth\auth */ /** @var \PHPUnit\Framework\MockObject\MockObject|\phpbb\auth\auth */
protected $auth; protected $auth;
/** @var \PHPUnit\Framework\MockObject\MockObject|\phpbb\config\config */ /** @var \PHPUnit\Framework\MockObject\MockObject|config */
protected $config; protected $config;
/** @var \PHPUnit\Framework\MockObject\MockObject|\phpbb\language\language */
protected $language;
/** @var \PHPUnit\Framework\MockObject\MockObject|\phpbb\request\request_interface */ /** @var \PHPUnit\Framework\MockObject\MockObject|\phpbb\request\request_interface */
protected $request; protected $request;
@@ -37,12 +44,26 @@ class http_auth_subscriber_test extends \phpbb_test_case
$this->auth = $this->getMockBuilder('\phpbb\auth\auth') $this->auth = $this->getMockBuilder('\phpbb\auth\auth')
->disableOriginalConstructor() ->disableOriginalConstructor()
->getMock(); ->getMock();
$this->auth->method('login')
->willReturnMap([
['valid_user', 'valid_password', false, true, false, ['status' => LOGIN_SUCCESS]],
['invalid_user', 'invalid_password', false, true, false, ['status' => LOGIN_ERROR_USERNAME]],
['attempts_user', 'valid_password', false, true, false, ['status' => LOGIN_ERROR_ATTEMPTS]],
]);
$this->config = new \phpbb\config\config(array( $this->config = new config(array(
'feed_http_auth' => 1, 'feed_http_auth' => 1,
'sitename' => 'Test Site', 'sitename' => 'Test Site',
)); ));
$this->language = $this->getMockBuilder('\phpbb\language\language')
->disableOriginalConstructor()
->getMock();
$this->language->method('lang')
->willReturnMap([
['NOT_AUTHORISED', 'NOT_AUTHORISED'],
]);
$this->request = $this->getMockBuilder('\phpbb\request\request_interface') $this->request = $this->getMockBuilder('\phpbb\request\request_interface')
->getMock(); ->getMock();
@@ -55,6 +76,7 @@ class http_auth_subscriber_test extends \phpbb_test_case
$this->subscriber = new http_auth_subscriber( $this->subscriber = new http_auth_subscriber(
$this->auth, $this->auth,
$this->config, $this->config,
$this->language,
$this->request, $this->request,
$this->user $this->user
); );
@@ -140,22 +162,18 @@ class http_auth_subscriber_test extends \phpbb_test_case
->disableOriginalConstructor() ->disableOriginalConstructor()
->getMock(); ->getMock();
$request->attributes->expects($this->once()) $request->attributes->expects($this->never())
->method('get') ->method('get');
->with('_route')
->willReturn('phpbb_feed_overall');
$request->expects($this->once()) $request->expects($this->never())
->method('isSecure') ->method('isSecure');
->willReturn(true);
$event = $this->getMockBuilder('\Symfony\Component\HttpKernel\Event\GetResponseEvent') $event = $this->getMockBuilder('\Symfony\Component\HttpKernel\Event\GetResponseEvent')
->disableOriginalConstructor() ->disableOriginalConstructor()
->getMock(); ->getMock();
$event->expects($this->once()) $event->expects($this->never())
->method('getRequest') ->method('getRequest');
->willReturn($request);
$event->expects($this->never()) $event->expects($this->never())
->method('setResponse'); ->method('setResponse');
@@ -197,4 +215,263 @@ class http_auth_subscriber_test extends \phpbb_test_case
$this->subscriber->on_kernel_request($event); $this->subscriber->on_kernel_request($event);
} }
public function test_no_credentials()
{
$this->user->data = ['is_registered' => false];
$request = $this->getMockBuilder('\Symfony\Component\HttpFoundation\Request')
->disableOriginalConstructor()
->getMock();
$request->attributes = $this->getMockBuilder('\Symfony\Component\HttpFoundation\ParameterBag')
->disableOriginalConstructor()
->getMock();
$request->attributes->expects($this->once())
->method('get')
->with('_route')
->willReturn('phpbb_feed_overall');
$request->expects($this->once())
->method('isSecure')
->willReturn(true);
$event = $this->getMockBuilder('\Symfony\Component\HttpKernel\Event\GetResponseEvent')
->disableOriginalConstructor()
->getMock();
$event->expects($this->once())
->method('getRequest')
->willReturn($request);
/** @var Response $response */
$response = null;
$event->expects($this->once())
->method('setResponse')
->with($this->isInstanceOf('\Symfony\Component\HttpFoundation\Response'))
->will($this->returnCallback(function ($newResponse) use (&$response) {
$response = $newResponse;
}));
$this->subscriber->on_kernel_request($event);
$this->assertEquals(Response::HTTP_UNAUTHORIZED, $response->getStatusCode());
$this->assertEquals('NOT_AUTHORISED', $response->getContent());
$this->assertTrue($response->headers->has('WWW-Authenticate'));
}
public function test_valid_credentials()
{
$this->user->data = ['is_registered' => false];
$request = $this->getMockBuilder('\Symfony\Component\HttpFoundation\Request')
->disableOriginalConstructor()
->getMock();
$request->attributes = $this->getMockBuilder('\Symfony\Component\HttpFoundation\ParameterBag')
->disableOriginalConstructor()
->getMock();
$request->attributes->expects($this->once())
->method('get')
->with('_route')
->willReturn('phpbb_feed_overall');
$this->request->method('is_set')
->willReturnMap([
['PHP_AUTH_USER', request_interface::SERVER, true],
['PHP_AUTH_PW', request_interface::SERVER, true],
]);
$this->request->method('server')
->willReturnMap([
['PHP_AUTH_USER', '', 'valid_user'],
['PHP_AUTH_PW', '', 'valid_password'],
]);
$request->expects($this->once())
->method('isSecure')
->willReturn(true);
$event = $this->getMockBuilder('\Symfony\Component\HttpKernel\Event\GetResponseEvent')
->disableOriginalConstructor()
->getMock();
$event->expects($this->once())
->method('getRequest')
->willReturn($request);
/** @var Response $response */
$response = null;
$event->expects($this->never())
->method('setResponse');
$this->subscriber->on_kernel_request($event);
$this->assertNull($response);
}
public function test_valid_credentials_base64()
{
$this->user->data = ['is_registered' => false];
$request = $this->getMockBuilder('\Symfony\Component\HttpFoundation\Request')
->disableOriginalConstructor()
->getMock();
$request->attributes = $this->getMockBuilder('\Symfony\Component\HttpFoundation\ParameterBag')
->disableOriginalConstructor()
->getMock();
$request->attributes->expects($this->once())
->method('get')
->with('_route')
->willReturn('phpbb_feed_overall');
$this->request->method('is_set')
->willReturnMap([
['Authorization', request_interface::SERVER, true],
]);
$this->request->method('server')
->willReturnMap([
['Authorization', '', 'Basic dmFsaWRfdXNlcjp2YWxpZF9wYXNzd29yZA=='],
]);
$request->expects($this->once())
->method('isSecure')
->willReturn(true);
$event = $this->getMockBuilder('\Symfony\Component\HttpKernel\Event\GetResponseEvent')
->disableOriginalConstructor()
->getMock();
$event->expects($this->once())
->method('getRequest')
->willReturn($request);
/** @var Response $response */
$response = null;
$event->expects($this->never())
->method('setResponse');
$this->subscriber->on_kernel_request($event);
$this->assertNull($response);
}
public function test_too_many_attempts()
{
$this->user->data = ['is_registered' => false];
$request = $this->getMockBuilder('\Symfony\Component\HttpFoundation\Request')
->disableOriginalConstructor()
->getMock();
$request->attributes = $this->getMockBuilder('\Symfony\Component\HttpFoundation\ParameterBag')
->disableOriginalConstructor()
->getMock();
$request->attributes->expects($this->once())
->method('get')
->with('_route')
->willReturn('phpbb_feed_overall');
$this->request->method('is_set')
->willReturnMap([
['PHP_AUTH_USER', request_interface::SERVER, true],
['PHP_AUTH_PW', request_interface::SERVER, true],
]);
$this->request->method('server')
->willReturnMap([
['PHP_AUTH_USER', '', 'attempts_user'],
['PHP_AUTH_PW', '', 'valid_password'],
]);
$request->expects($this->once())
->method('isSecure')
->willReturn(true);
$event = $this->getMockBuilder('\Symfony\Component\HttpKernel\Event\GetResponseEvent')
->disableOriginalConstructor()
->getMock();
$event->expects($this->once())
->method('getRequest')
->willReturn($request);
/** @var Response $response */
$response = null;
$event->expects($this->once())
->method('setResponse')
->with($this->isInstanceOf('\Symfony\Component\HttpFoundation\Response'))
->will($this->returnCallback(function ($newResponse) use (&$response) {
$response = $newResponse;
}));
$this->subscriber->on_kernel_request($event);
$this->assertEquals(Response::HTTP_UNAUTHORIZED, $response->getStatusCode());
$this->assertEquals('NOT_AUTHORISED', $response->getContent());
$this->assertFalse($response->headers->has('WWW-Authenticate'));
}
public function test_wrong_credentials()
{
$this->user->data = ['is_registered' => false];
$request = $this->getMockBuilder('\Symfony\Component\HttpFoundation\Request')
->disableOriginalConstructor()
->getMock();
$request->attributes = $this->getMockBuilder('\Symfony\Component\HttpFoundation\ParameterBag')
->disableOriginalConstructor()
->getMock();
$request->attributes->expects($this->once())
->method('get')
->with('_route')
->willReturn('phpbb_feed_overall');
$this->request->method('is_set')
->willReturnMap([
['PHP_AUTH_USER', request_interface::SERVER, true],
['PHP_AUTH_PW', request_interface::SERVER, true],
]);
$this->request->method('server')
->willReturnMap([
['PHP_AUTH_USER', '', 'invalid_user'],
['PHP_AUTH_PW', '', 'invalid_password'],
]);
$request->expects($this->once())
->method('isSecure')
->willReturn(true);
$event = $this->getMockBuilder('\Symfony\Component\HttpKernel\Event\GetResponseEvent')
->disableOriginalConstructor()
->getMock();
$event->expects($this->once())
->method('getRequest')
->willReturn($request);
/** @var Response $response */
$response = null;
$event->expects($this->once())
->method('setResponse')
->with($this->isInstanceOf('\Symfony\Component\HttpFoundation\Response'))
->will($this->returnCallback(function ($newResponse) use (&$response) {
$response = $newResponse;
}));
$this->subscriber->on_kernel_request($event);
$this->assertEquals(Response::HTTP_UNAUTHORIZED, $response->getStatusCode());
$this->assertEquals('NOT_AUTHORISED', $response->getContent());
$this->assertTrue($response->headers->has('WWW-Authenticate'));
}
} }