mirror of
https://github.com/phpbb/phpbb.git
synced 2025-10-12 23:44:32 +02:00
480 lines
13 KiB
PHP
480 lines
13 KiB
PHP
<?php
|
|
|
|
use phpbb\config\config;
|
|
use phpbb\feed\event\http_auth_subscriber;
|
|
use phpbb\request\request_interface;
|
|
use Symfony\Component\HttpFoundation\Response;
|
|
|
|
/**
|
|
*
|
|
* This file is part of the phpBB Forum Software package.
|
|
*
|
|
* @copyright (c) phpBB Limited <https://www.phpbb.com>
|
|
* @license GNU General Public License, version 2 (GPL-2.0)
|
|
*
|
|
* For full copyright and license information, please see
|
|
* the docs/CREDITS.txt file.
|
|
*
|
|
*/
|
|
|
|
class phpbb_feed_http_auth_subscriber_test extends \phpbb_test_case
|
|
{
|
|
/** @var \PHPUnit\Framework\MockObject\MockObject|\phpbb\auth\auth */
|
|
protected $auth;
|
|
|
|
/** @var \PHPUnit\Framework\MockObject\MockObject|config */
|
|
protected $config;
|
|
|
|
/** @var \PHPUnit\Framework\MockObject\MockObject|\phpbb\language\language */
|
|
protected $language;
|
|
|
|
/** @var \PHPUnit\Framework\MockObject\MockObject|\phpbb\request\request_interface */
|
|
protected $request;
|
|
|
|
/** @var \PHPUnit\Framework\MockObject\MockObject|\phpbb\user */
|
|
protected $user;
|
|
|
|
/** @var http_auth_subscriber */
|
|
protected $subscriber;
|
|
|
|
protected function setUp(): void
|
|
{
|
|
parent::setUp();
|
|
|
|
$this->auth = $this->getMockBuilder('\phpbb\auth\auth')
|
|
->disableOriginalConstructor()
|
|
->getMock();
|
|
$this->auth->method('login')
|
|
->willReturnMap([
|
|
['valid_user', 'valid_password', false, true, false, ['status' => LOGIN_SUCCESS]],
|
|
['invalid_user', 'invalid_password', false, true, false, ['status' => LOGIN_ERROR_USERNAME]],
|
|
['attempts_user', 'valid_password', false, true, false, ['status' => LOGIN_ERROR_ATTEMPTS]],
|
|
]);
|
|
|
|
$this->config = new config(array(
|
|
'feed_http_auth' => 1,
|
|
'sitename' => 'Test Site',
|
|
));
|
|
|
|
$this->language = $this->getMockBuilder('\phpbb\language\language')
|
|
->disableOriginalConstructor()
|
|
->getMock();
|
|
$this->language->method('lang')
|
|
->willReturnMap([
|
|
['NOT_AUTHORISED', 'NOT_AUTHORISED'],
|
|
['LOGIN_ERROR_ATTEMPTS', 'LOGIN_ERROR_ATTEMPTS']
|
|
]);
|
|
|
|
$this->request = $this->getMockBuilder('\phpbb\request\request_interface')
|
|
->getMock();
|
|
|
|
$this->user = $this->getMockBuilder('\phpbb\user')
|
|
->disableOriginalConstructor()
|
|
->getMock();
|
|
|
|
$this->user->data = array('is_registered' => false);
|
|
|
|
$this->subscriber = new http_auth_subscriber(
|
|
$this->auth,
|
|
$this->config,
|
|
$this->language,
|
|
$this->request,
|
|
$this->user
|
|
);
|
|
}
|
|
|
|
public function test_subscriber_events()
|
|
{
|
|
$events = http_auth_subscriber::getSubscribedEvents();
|
|
$this->assertArrayHasKey(\Symfony\Component\HttpKernel\KernelEvents::REQUEST, $events);
|
|
}
|
|
|
|
public function test_non_feed_route_skipped()
|
|
{
|
|
$request = $this->getMockBuilder('\Symfony\Component\HttpFoundation\Request')
|
|
->disableOriginalConstructor()
|
|
->getMock();
|
|
|
|
$request->attributes = $this->getMockBuilder('\Symfony\Component\HttpFoundation\ParameterBag')
|
|
->disableOriginalConstructor()
|
|
->getMock();
|
|
|
|
$request->attributes->expects($this->once())
|
|
->method('get')
|
|
->with('_route')
|
|
->willReturn('not_a_feed_route');
|
|
|
|
$event = $this->getMockBuilder('\Symfony\Component\HttpKernel\Event\RequestEvent')
|
|
->onlyMethods(['getRequest', 'setResponse'])
|
|
->disableOriginalConstructor()
|
|
->getMock();
|
|
|
|
$event->expects($this->once())
|
|
->method('getRequest')
|
|
->willReturn($request);
|
|
|
|
$event->expects($this->never())
|
|
->method('setResponse');
|
|
|
|
$this->subscriber->on_kernel_request($event);
|
|
}
|
|
|
|
public function test_insecure_connection_skipped()
|
|
{
|
|
$request = $this->getMockBuilder('\Symfony\Component\HttpFoundation\Request')
|
|
->disableOriginalConstructor()
|
|
->getMock();
|
|
|
|
$request->attributes = $this->getMockBuilder('\Symfony\Component\HttpFoundation\ParameterBag')
|
|
->disableOriginalConstructor()
|
|
->getMock();
|
|
|
|
$request->attributes->expects($this->once())
|
|
->method('get')
|
|
->with('_route')
|
|
->willReturn('phpbb_feed_overall');
|
|
|
|
$request->expects($this->once())
|
|
->method('isSecure')
|
|
->willReturn(false);
|
|
|
|
$event = $this->getMockBuilder('\Symfony\Component\HttpKernel\Event\RequestEvent')
|
|
->disableOriginalConstructor()
|
|
->getMock();
|
|
|
|
$event->expects($this->once())
|
|
->method('getRequest')
|
|
->willReturn($request);
|
|
|
|
$event->expects($this->never())
|
|
->method('setResponse');
|
|
|
|
$this->subscriber->on_kernel_request($event);
|
|
}
|
|
|
|
public function test_http_auth_disabled()
|
|
{
|
|
$this->config['feed_http_auth'] = 0;
|
|
|
|
$request = $this->getMockBuilder('\Symfony\Component\HttpFoundation\Request')
|
|
->disableOriginalConstructor()
|
|
->getMock();
|
|
|
|
$request->attributes = $this->getMockBuilder('\Symfony\Component\HttpFoundation\ParameterBag')
|
|
->disableOriginalConstructor()
|
|
->getMock();
|
|
|
|
$request->attributes->expects($this->never())
|
|
->method('get');
|
|
|
|
$request->expects($this->never())
|
|
->method('isSecure');
|
|
|
|
$event = $this->getMockBuilder('\Symfony\Component\HttpKernel\Event\RequestEvent')
|
|
->disableOriginalConstructor()
|
|
->getMock();
|
|
|
|
$event->expects($this->never())
|
|
->method('getRequest');
|
|
|
|
$event->expects($this->never())
|
|
->method('setResponse');
|
|
|
|
$this->subscriber->on_kernel_request($event);
|
|
}
|
|
|
|
public function test_user_already_logged_in()
|
|
{
|
|
$this->user->data = array('is_registered' => true);
|
|
|
|
$request = $this->getMockBuilder('\Symfony\Component\HttpFoundation\Request')
|
|
->disableOriginalConstructor()
|
|
->getMock();
|
|
|
|
$request->attributes = $this->getMockBuilder('\Symfony\Component\HttpFoundation\ParameterBag')
|
|
->disableOriginalConstructor()
|
|
->getMock();
|
|
|
|
$request->attributes->expects($this->once())
|
|
->method('get')
|
|
->with('_route')
|
|
->willReturn('phpbb_feed_overall');
|
|
|
|
$request->expects($this->once())
|
|
->method('isSecure')
|
|
->willReturn(true);
|
|
|
|
$event = $this->getMockBuilder('\Symfony\Component\HttpKernel\Event\RequestEvent')
|
|
->disableOriginalConstructor()
|
|
->getMock();
|
|
|
|
$event->expects($this->once())
|
|
->method('getRequest')
|
|
->willReturn($request);
|
|
|
|
$event->expects($this->never())
|
|
->method('setResponse');
|
|
|
|
$this->subscriber->on_kernel_request($event);
|
|
}
|
|
|
|
public function test_no_credentials()
|
|
{
|
|
$this->user->data = ['is_registered' => false];
|
|
|
|
$request = $this->getMockBuilder('\Symfony\Component\HttpFoundation\Request')
|
|
->disableOriginalConstructor()
|
|
->getMock();
|
|
|
|
$request->attributes = $this->getMockBuilder('\Symfony\Component\HttpFoundation\ParameterBag')
|
|
->disableOriginalConstructor()
|
|
->getMock();
|
|
|
|
$request->attributes->expects($this->once())
|
|
->method('get')
|
|
->with('_route')
|
|
->willReturn('phpbb_feed_overall');
|
|
|
|
$request->expects($this->once())
|
|
->method('isSecure')
|
|
->willReturn(true);
|
|
|
|
$event = $this->getMockBuilder('\Symfony\Component\HttpKernel\Event\RequestEvent')
|
|
->disableOriginalConstructor()
|
|
->getMock();
|
|
|
|
$event->expects($this->once())
|
|
->method('getRequest')
|
|
->willReturn($request);
|
|
|
|
/** @var Response $response */
|
|
$response = null;
|
|
$event->expects($this->once())
|
|
->method('setResponse')
|
|
->with($this->isInstanceOf('\Symfony\Component\HttpFoundation\Response'))
|
|
->willReturnCallback(function ($newResponse) use (&$response) {
|
|
$response = $newResponse;
|
|
});
|
|
|
|
$this->subscriber->on_kernel_request($event);
|
|
|
|
$this->assertEquals(Response::HTTP_UNAUTHORIZED, $response->getStatusCode());
|
|
$this->assertEquals('NOT_AUTHORISED', $response->getContent());
|
|
$this->assertTrue($response->headers->has('WWW-Authenticate'));
|
|
}
|
|
|
|
public function test_valid_credentials()
|
|
{
|
|
$this->user->data = ['is_registered' => false];
|
|
|
|
$request = $this->getMockBuilder('\Symfony\Component\HttpFoundation\Request')
|
|
->disableOriginalConstructor()
|
|
->getMock();
|
|
|
|
$request->attributes = $this->getMockBuilder('\Symfony\Component\HttpFoundation\ParameterBag')
|
|
->disableOriginalConstructor()
|
|
->getMock();
|
|
|
|
$request->attributes->expects($this->once())
|
|
->method('get')
|
|
->with('_route')
|
|
->willReturn('phpbb_feed_overall');
|
|
|
|
$this->request->method('is_set')
|
|
->willReturnMap([
|
|
['PHP_AUTH_USER', request_interface::SERVER, true],
|
|
['PHP_AUTH_PW', request_interface::SERVER, true],
|
|
]);
|
|
|
|
$this->request->method('server')
|
|
->willReturnMap([
|
|
['PHP_AUTH_USER', '', 'valid_user'],
|
|
['PHP_AUTH_PW', '', 'valid_password'],
|
|
]);
|
|
|
|
$request->expects($this->once())
|
|
->method('isSecure')
|
|
->willReturn(true);
|
|
|
|
$event = $this->getMockBuilder('\Symfony\Component\HttpKernel\Event\RequestEvent')
|
|
->disableOriginalConstructor()
|
|
->getMock();
|
|
|
|
$event->expects($this->once())
|
|
->method('getRequest')
|
|
->willReturn($request);
|
|
|
|
/** @var Response $response */
|
|
$response = null;
|
|
$event->expects($this->never())
|
|
->method('setResponse');
|
|
|
|
$this->subscriber->on_kernel_request($event);
|
|
|
|
$this->assertNull($response);
|
|
}
|
|
|
|
public function test_valid_credentials_base64()
|
|
{
|
|
$this->user->data = ['is_registered' => false];
|
|
|
|
$request = $this->getMockBuilder('\Symfony\Component\HttpFoundation\Request')
|
|
->disableOriginalConstructor()
|
|
->getMock();
|
|
|
|
$request->attributes = $this->getMockBuilder('\Symfony\Component\HttpFoundation\ParameterBag')
|
|
->disableOriginalConstructor()
|
|
->getMock();
|
|
|
|
$request->attributes->expects($this->once())
|
|
->method('get')
|
|
->with('_route')
|
|
->willReturn('phpbb_feed_overall');
|
|
|
|
$this->request->method('is_set')
|
|
->willReturnMap([
|
|
['Authorization', request_interface::SERVER, true],
|
|
]);
|
|
|
|
$this->request->method('server')
|
|
->willReturnMap([
|
|
['Authorization', '', 'Basic dmFsaWRfdXNlcjp2YWxpZF9wYXNzd29yZA=='],
|
|
]);
|
|
|
|
$request->expects($this->once())
|
|
->method('isSecure')
|
|
->willReturn(true);
|
|
|
|
$event = $this->getMockBuilder('\Symfony\Component\HttpKernel\Event\RequestEvent')
|
|
->disableOriginalConstructor()
|
|
->getMock();
|
|
|
|
$event->expects($this->once())
|
|
->method('getRequest')
|
|
->willReturn($request);
|
|
|
|
/** @var Response $response */
|
|
$response = null;
|
|
$event->expects($this->never())
|
|
->method('setResponse');
|
|
|
|
$this->subscriber->on_kernel_request($event);
|
|
|
|
$this->assertNull($response);
|
|
}
|
|
|
|
public function test_too_many_attempts()
|
|
{
|
|
$this->user->data = ['is_registered' => false];
|
|
|
|
$request = $this->getMockBuilder('\Symfony\Component\HttpFoundation\Request')
|
|
->disableOriginalConstructor()
|
|
->getMock();
|
|
|
|
$request->attributes = $this->getMockBuilder('\Symfony\Component\HttpFoundation\ParameterBag')
|
|
->disableOriginalConstructor()
|
|
->getMock();
|
|
|
|
$request->attributes->expects($this->once())
|
|
->method('get')
|
|
->with('_route')
|
|
->willReturn('phpbb_feed_overall');
|
|
|
|
$this->request->method('is_set')
|
|
->willReturnMap([
|
|
['PHP_AUTH_USER', request_interface::SERVER, true],
|
|
['PHP_AUTH_PW', request_interface::SERVER, true],
|
|
]);
|
|
|
|
$this->request->method('server')
|
|
->willReturnMap([
|
|
['PHP_AUTH_USER', '', 'attempts_user'],
|
|
['PHP_AUTH_PW', '', 'valid_password'],
|
|
]);
|
|
|
|
$request->expects($this->once())
|
|
->method('isSecure')
|
|
->willReturn(true);
|
|
|
|
$event = $this->getMockBuilder('\Symfony\Component\HttpKernel\Event\RequestEvent')
|
|
->disableOriginalConstructor()
|
|
->getMock();
|
|
|
|
$event->expects($this->once())
|
|
->method('getRequest')
|
|
->willReturn($request);
|
|
|
|
/** @var Response $response */
|
|
$response = null;
|
|
$event->expects($this->once())
|
|
->method('setResponse')
|
|
->with($this->isInstanceOf('\Symfony\Component\HttpFoundation\Response'))
|
|
->willReturnCallback(function ($newResponse) use (&$response) {
|
|
$response = $newResponse;
|
|
});
|
|
|
|
$this->subscriber->on_kernel_request($event);
|
|
|
|
$this->assertEquals(Response::HTTP_UNAUTHORIZED, $response->getStatusCode());
|
|
$this->assertEquals('LOGIN_ERROR_ATTEMPTS', $response->getContent());
|
|
$this->assertFalse($response->headers->has('WWW-Authenticate'));
|
|
}
|
|
|
|
public function test_wrong_credentials()
|
|
{
|
|
$this->user->data = ['is_registered' => false];
|
|
|
|
$request = $this->getMockBuilder('\Symfony\Component\HttpFoundation\Request')
|
|
->disableOriginalConstructor()
|
|
->getMock();
|
|
|
|
$request->attributes = $this->getMockBuilder('\Symfony\Component\HttpFoundation\ParameterBag')
|
|
->disableOriginalConstructor()
|
|
->getMock();
|
|
|
|
$request->attributes->expects($this->once())
|
|
->method('get')
|
|
->with('_route')
|
|
->willReturn('phpbb_feed_overall');
|
|
|
|
$this->request->method('is_set')
|
|
->willReturnMap([
|
|
['PHP_AUTH_USER', request_interface::SERVER, true],
|
|
['PHP_AUTH_PW', request_interface::SERVER, true],
|
|
]);
|
|
|
|
$this->request->method('server')
|
|
->willReturnMap([
|
|
['PHP_AUTH_USER', '', 'invalid_user'],
|
|
['PHP_AUTH_PW', '', 'invalid_password'],
|
|
]);
|
|
|
|
$request->expects($this->once())
|
|
->method('isSecure')
|
|
->willReturn(true);
|
|
|
|
$event = $this->getMockBuilder('\Symfony\Component\HttpKernel\Event\RequestEvent')
|
|
->disableOriginalConstructor()
|
|
->getMock();
|
|
|
|
$event->expects($this->once())
|
|
->method('getRequest')
|
|
->willReturn($request);
|
|
|
|
/** @var Response $response */
|
|
$response = null;
|
|
$event->expects($this->once())
|
|
->method('setResponse')
|
|
->with($this->isInstanceOf('\Symfony\Component\HttpFoundation\Response'))
|
|
->willReturnCallback(function ($newResponse) use (&$response) {
|
|
$response = $newResponse;
|
|
});
|
|
|
|
$this->subscriber->on_kernel_request($event);
|
|
|
|
$this->assertEquals(Response::HTTP_UNAUTHORIZED, $response->getStatusCode());
|
|
$this->assertEquals('NOT_AUTHORISED', $response->getContent());
|
|
$this->assertTrue($response->headers->has('WWW-Authenticate'));
|
|
}
|
|
}
|