قرینه از
https://github.com/matomo-org/matomo.git
synced 2025-08-22 23:17:46 +00:00
d6d72d1fa7
* [Coding Style] Enable rule PSR1.Methods.CamelCapsMethodName.NotCamelCaps * [Coding Style] Use camel case for method names in API plugin tests (#22145) * [Coding Style] Use camel case for method names in Core* plugin tests (#22147) * [Coding Style] Use camel case for method names in core Unit tests (#22149) * [Coding Style] Use camel case for method names in Actions and BulkTracking plugin tests (#22146) * [Coding Style] Use camel case for method names in CustomDimensions and CustomJSTracker plugin tests (#22148) * [Coding Style] Use camel case for method names in core Integration tests (#22151) * [Coding Style] Use camel case for method names in more core plugin tests (#22153) * [Coding Style] Use camel case for method names in more core plugin tests (#22157) * [Coding Style] Use camel case for method names in more core plugin tests * Update plugins/Monolog/tests/Unit/Processor/ExceptionToTextProcessorTest.php Co-authored-by: Michal Kleiner <michal@innocraft.com> --------- Co-authored-by: Michal Kleiner <michal@innocraft.com> * [Coding Style] Use camel case for method names in more core plugin tests (#22159) * [Coding Style] Use camel case for method names in remaining tests (#22160) * [Coding Style] Use camel case for method names in remaining tests * rename expected test files --------- Co-authored-by: Michal Kleiner <michal@innocraft.com>
155 خطوط
5.2 KiB
PHP
155 خطوط
5.2 KiB
PHP
<?php
|
|
|
|
/**
|
|
* Matomo - free/libre analytics platform
|
|
*
|
|
* @link https://matomo.org
|
|
* @license https://www.gnu.org/licenses/gpl-3.0.html GPL v3 or later
|
|
*/
|
|
|
|
namespace Piwik\Plugins\TwoFactorAuth\tests\Integration;
|
|
|
|
use Piwik\API\Request;
|
|
use Piwik\Container\StaticContainer;
|
|
use Piwik\Plugins\TwoFactorAuth\Dao\RecoveryCodeDao;
|
|
use Piwik\Plugins\TwoFactorAuth\Dao\TwoFaSecretRandomGenerator;
|
|
use Piwik\Plugins\TwoFactorAuth\SystemSettings;
|
|
use Piwik\Plugins\TwoFactorAuth\TwoFactorAuthentication;
|
|
use Piwik\Plugins\UsersManager\API;
|
|
use Piwik\Plugins\UsersManager\UserUpdater;
|
|
use Piwik\Tests\Framework\TestCase\IntegrationTestCase;
|
|
|
|
/**
|
|
* @group TwoFactorAuth
|
|
* @group Plugins
|
|
*/
|
|
class TwoFactorAuthTest extends IntegrationTestCase
|
|
{
|
|
/**
|
|
* @var RecoveryCodeDao
|
|
*/
|
|
private $dao;
|
|
|
|
/**
|
|
* @var SystemSettings
|
|
*/
|
|
private $settings;
|
|
|
|
/**
|
|
* @var TwoFactorAuthentication
|
|
*/
|
|
private $twoFa;
|
|
|
|
private $userWith2Fa = 'myloginWith';
|
|
private $userWithout2Fa = 'myloginWithout';
|
|
private $userPassword = '123abcDk3_l3';
|
|
private $user2faSecret = '123456';
|
|
|
|
public function setUp(): void
|
|
{
|
|
parent::setUp();
|
|
|
|
foreach ([$this->userWith2Fa, $this->userWithout2Fa] as $user) {
|
|
API::getInstance()->addUser($user, $this->userPassword, $user . '@matomo.org');
|
|
$userUpdater = new UserUpdater();
|
|
$userUpdater->setSuperUserAccessWithoutCurrentPassword($user, 1);
|
|
}
|
|
|
|
$this->dao = StaticContainer::get(RecoveryCodeDao::class);
|
|
$this->settings = new SystemSettings();
|
|
$secretGenerator = new TwoFaSecretRandomGenerator();
|
|
$this->twoFa = new TwoFactorAuthentication($this->settings, $this->dao, $secretGenerator);
|
|
|
|
$this->dao->createRecoveryCodesForLogin($this->userWith2Fa);
|
|
$this->twoFa->saveSecret($this->userWith2Fa, $this->user2faSecret);
|
|
unset($_GET['authCode']);
|
|
}
|
|
|
|
public function tearDown(): void
|
|
{
|
|
unset($_GET['authCode']);
|
|
}
|
|
|
|
public function testOnCreateAppSpecificTokenAuthCanAuthenticateWhenUserNotUsesTwoFA()
|
|
{
|
|
$token = Request::processRequest('UsersManager.createAppSpecificTokenAuth', array(
|
|
'userLogin' => $this->userWithout2Fa,
|
|
'passwordConfirmation' => $this->userPassword,
|
|
'description' => 'twofa test'
|
|
));
|
|
$this->assertEquals(32, strlen($token));
|
|
}
|
|
|
|
public function testOnCreateAppSpecificTokenAuthFailsWhenNotAuthenticatedEvenWhen2FAenabled()
|
|
{
|
|
$this->expectException(\Exception::class);
|
|
$this->expectExceptionMessage('UsersManager_CurrentPasswordNotCorrect');
|
|
|
|
Request::processRequest('UsersManager.createAppSpecificTokenAuth', array(
|
|
'userLogin' => $this->userWith2Fa,
|
|
'passwordConfirmation' => 'invalidPAssword',
|
|
'description' => 'twofa test'
|
|
));
|
|
}
|
|
|
|
public function testOnCreateAppSpecificTokenAuthThrowsErrorWhenMissingTokenWhenUsing2FaAndAuthenticatedCorrectly()
|
|
{
|
|
$this->expectException(\Exception::class);
|
|
$this->expectExceptionMessage('TwoFactorAuth_MissingAuthCodeAPI');
|
|
|
|
Request::processRequest('UsersManager.createAppSpecificTokenAuth', array(
|
|
|
|
'userLogin' => $this->userWith2Fa,
|
|
'passwordConfirmation' => $this->userPassword,
|
|
'description' => 'twofa test'
|
|
));
|
|
}
|
|
|
|
public function testOnCreateAppSpecificTokenAuthThrowsErrorWhenInvalidTokenWhenUsing2FaAndAuthenticatedCorrectly()
|
|
{
|
|
$this->expectException(\Exception::class);
|
|
$this->expectExceptionMessage('TwoFactorAuth_InvalidAuthCode');
|
|
|
|
$_GET['authCode'] = '111222';
|
|
Request::processRequest('UsersManager.createAppSpecificTokenAuth', array(
|
|
'userLogin' => $this->userWith2Fa,
|
|
'passwordConfirmation' => $this->userPassword,
|
|
'description' => 'twofa test'
|
|
));
|
|
}
|
|
|
|
public function testOnCreateAppSpecificTokenAuthReturnsCorrectTokenWhenProvidingCorrectAuthTokenOnAuthentication()
|
|
{
|
|
$_GET['authCode'] = $this->generateValidAuthCode($this->user2faSecret);
|
|
$token = Request::processRequest('UsersManager.createAppSpecificTokenAuth', array(
|
|
'userLogin' => $this->userWith2Fa,
|
|
'passwordConfirmation' => $this->userPassword,
|
|
'description' => 'twofa test'
|
|
));
|
|
$this->assertEquals(32, strlen($token));
|
|
}
|
|
|
|
public function testOnDeleteUserRemovesAllRecoveryCodesWhenUsingTwoFa()
|
|
{
|
|
$this->assertNotEmpty($this->dao->getAllRecoveryCodesForLogin($this->userWith2Fa));
|
|
Request::processRequest('UsersManager.deleteUser', array(
|
|
'userLogin' => $this->userWith2Fa,
|
|
));
|
|
$this->assertEmpty($this->dao->getAllRecoveryCodesForLogin($this->userWith2Fa));
|
|
}
|
|
|
|
public function testOnDeleteUserDoesNotFailToDeleteUserNotUsingTwoFa()
|
|
{
|
|
$this->expectNotToPerformAssertions();
|
|
Request::processRequest('UsersManager.deleteUser', array(
|
|
'userLogin' => $this->userWithout2Fa,
|
|
));
|
|
}
|
|
|
|
private function generateValidAuthCode($secret)
|
|
{
|
|
$code = new \TwoFactorAuthenticator();
|
|
return $code->getCode($secret);
|
|
}
|
|
}
|