mirrors
/
nextcloud
mirror of https://github.com/nextcloud/server.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 984 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
71649 Commits
400 Branches
Tree: 26d343d33a
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '26d343d33a'
${ noResults }
nextcloud/tests/lib/Authentication/TwoFactorAuth/ManagerTest.php

ManagerTest.php 20KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718 
  1. <?php

  2. 

  3. /**

  4.  * @author Christoph Wurst <christoph@owncloud.com>

  5.  *

  6.  * @copyright Copyright (c) 2016, ownCloud, Inc.

  7.  * @license AGPL-3.0

  8.  *

  9.  * This code is free software: you can redistribute it and/or modify

  10.  * it under the terms of the GNU Affero General Public License, version 3,

  11.  * as published by the Free Software Foundation.

  12.  *

  13.  * This program is distributed in the hope that it will be useful,

  14.  * but WITHOUT ANY WARRANTY; without even the implied warranty of

  15.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

  16.  * GNU Affero General Public License for more details.

  17.  *

  18.  * You should have received a copy of the GNU Affero General Public License, version 3,

  19.  * along with this program.  If not, see <http://www.gnu.org/licenses/>

  20.  *

  21.  */

  22. 

  23. namespace Test\Authentication\TwoFactorAuth;

  24. 

  25. use OC;

  26. use OC\Authentication\Token\IProvider as TokenProvider;

  27. use OC\Authentication\TwoFactorAuth\Manager;

  28. use OC\Authentication\TwoFactorAuth\MandatoryTwoFactor;

  29. use OC\Authentication\TwoFactorAuth\ProviderLoader;

  30. use OCP\Activity\IEvent;

  31. use OCP\Activity\IManager;

  32. use OCP\AppFramework\Utility\ITimeFactory;

  33. use OCP\Authentication\TwoFactorAuth\IActivatableAtLogin;

  34. use OCP\Authentication\TwoFactorAuth\IProvider;

  35. use OCP\Authentication\TwoFactorAuth\IRegistry;

  36. use OCP\EventDispatcher\IEventDispatcher;

  37. use OCP\IConfig;

  38. use OCP\ISession;

  39. use OCP\IUser;

  40. use PHPUnit\Framework\MockObject\MockObject;

  41. use Psr\Log\LoggerInterface;

  42. use Test\TestCase;

  43. use function reset;

  44. 

  45. class ManagerTest extends TestCase {

  46. 	/** @var IUser|MockObject */

  47. 	private $user;

  48. 

  49. 	/** @var ProviderLoader|MockObject */

  50. 	private $providerLoader;

  51. 

  52. 	/** @var IRegistry|MockObject */

  53. 	private $providerRegistry;

  54. 

  55. 	/** @var MandatoryTwoFactor|MockObject */

  56. 	private $mandatoryTwoFactor;

  57. 

  58. 	/** @var ISession|MockObject */

  59. 	private $session;

  60. 

  61. 	/** @var Manager */

  62. 	private $manager;

  63. 

  64. 	/** @var IConfig|MockObject */

  65. 	private $config;

  66. 

  67. 	/** @var IManager|MockObject */

  68. 	private $activityManager;

  69. 

  70. 	/** @var LoggerInterface|MockObject */

  71. 	private $logger;

  72. 

  73. 	/** @var IProvider|MockObject */

  74. 	private $fakeProvider;

  75. 

  76. 	/** @var IProvider|MockObject */

  77. 	private $backupProvider;

  78. 

  79. 	/** @var TokenProvider|MockObject */

  80. 	private $tokenProvider;

  81. 

  82. 	/** @var ITimeFactory|MockObject */

  83. 	private $timeFactory;

  84. 

  85. 	/** @var IEventDispatcher|MockObject */

  86. 	private $dispatcher;

  87. 

  88. 	protected function setUp(): void {

  89. 		parent::setUp();

  90. 

  91. 		$this->user = $this->createMock(IUser::class);

  92. 		$this->providerLoader = $this->createMock(ProviderLoader::class);

  93. 		$this->providerRegistry = $this->createMock(IRegistry::class);

  94. 		$this->mandatoryTwoFactor = $this->createMock(MandatoryTwoFactor::class);

  95. 		$this->session = $this->createMock(ISession::class);

  96. 		$this->config = $this->createMock(IConfig::class);

  97. 		$this->activityManager = $this->createMock(IManager::class);

  98. 		$this->logger = $this->createMock(LoggerInterface::class);

  99. 		$this->tokenProvider = $this->createMock(TokenProvider::class);

  100. 		$this->timeFactory = $this->createMock(ITimeFactory::class);

  101. 		$this->dispatcher = $this->createMock(IEventDispatcher::class);

  102. 

  103. 		$this->manager = new Manager(

  104. 			$this->providerLoader,

  105. 			$this->providerRegistry,

  106. 			$this->mandatoryTwoFactor,

  107. 			$this->session,

  108. 			$this->config,

  109. 			$this->activityManager,

  110. 			$this->logger,

  111. 			$this->tokenProvider,

  112. 			$this->timeFactory,

  113. 			$this->dispatcher,

  114. 		);

  115. 

  116. 		$this->fakeProvider = $this->createMock(IProvider::class);

  117. 		$this->fakeProvider->method('getId')->willReturn('email');

  118. 

  119. 		$this->backupProvider = $this->getMockBuilder('\OCP\Authentication\TwoFactorAuth\IProvider')->getMock();

  120. 		$this->backupProvider->method('getId')->willReturn('backup_codes');

  121. 		$this->backupProvider->method('isTwoFactorAuthEnabledForUser')->willReturn(true);

  122. 	}

  123. 

  124. 	private function prepareNoProviders() {

  125. 		$this->providerLoader->method('getProviders')

  126. 			->with($this->user)

  127. 			->willReturn([]);

  128. 	}

  129. 

  130. 	private function prepareProviders() {

  131. 		$this->providerRegistry->expects($this->once())

  132. 			->method('getProviderStates')

  133. 			->with($this->user)

  134. 			->willReturn([

  135. 				$this->fakeProvider->getId() => true,

  136. 			]);

  137. 		$this->providerLoader->expects($this->once())

  138. 			->method('getProviders')

  139. 			->with($this->user)

  140. 			->willReturn([$this->fakeProvider]);

  141. 	}

  142. 

  143. 	private function prepareProvidersWitBackupProvider() {

  144. 		$this->providerLoader->method('getProviders')

  145. 			->with($this->user)

  146. 			->willReturn([

  147. 				$this->fakeProvider,

  148. 				$this->backupProvider,

  149. 			]);

  150. 	}

  151. 

  152. 	public function testIsTwoFactorAuthenticatedEnforced() {

  153. 		$this->mandatoryTwoFactor->expects($this->once())

  154. 			->method('isEnforcedFor')

  155. 			->with($this->user)

  156. 			->willReturn(true);

  157. 

  158. 		$enabled = $this->manager->isTwoFactorAuthenticated($this->user);

  159. 

  160. 		$this->assertTrue($enabled);

  161. 	}

  162. 

  163. 	public function testIsTwoFactorAuthenticatedNoProviders() {

  164. 		$this->mandatoryTwoFactor->expects($this->once())

  165. 			->method('isEnforcedFor')

  166. 			->with($this->user)

  167. 			->willReturn(false);

  168. 		$this->providerRegistry->expects($this->once())

  169. 			->method('getProviderStates')

  170. 			->willReturn([]); // No providers registered

  171. 		$this->providerLoader->expects($this->once())

  172. 			->method('getProviders')

  173. 			->willReturn([]); // No providers loadable

  174. 

  175. 		$this->assertFalse($this->manager->isTwoFactorAuthenticated($this->user));

  176. 	}

  177. 

  178. 	public function testIsTwoFactorAuthenticatedOnlyBackupCodes() {

  179. 		$this->mandatoryTwoFactor->expects($this->once())

  180. 			->method('isEnforcedFor')

  181. 			->with($this->user)

  182. 			->willReturn(false);

  183. 		$this->providerRegistry->expects($this->once())

  184. 			->method('getProviderStates')

  185. 			->willReturn([

  186. 				'backup_codes' => true,

  187. 			]);

  188. 		$backupCodesProvider = $this->createMock(IProvider::class);

  189. 		$backupCodesProvider

  190. 			->method('getId')

  191. 			->willReturn('backup_codes');

  192. 		$this->providerLoader->expects($this->once())

  193. 			->method('getProviders')

  194. 			->willReturn([

  195. 				$backupCodesProvider,

  196. 			]);

  197. 

  198. 		$this->assertFalse($this->manager->isTwoFactorAuthenticated($this->user));

  199. 	}

  200. 

  201. 	public function testIsTwoFactorAuthenticatedFailingProviders() {

  202. 		$this->mandatoryTwoFactor->expects($this->once())

  203. 			->method('isEnforcedFor')

  204. 			->with($this->user)

  205. 			->willReturn(false);

  206. 		$this->providerRegistry->expects($this->once())

  207. 			->method('getProviderStates')

  208. 			->willReturn([

  209. 				'twofactor_totp' => true,

  210. 				'twofactor_u2f' => false,

  211. 			]); // Two providers registered, but …

  212. 		$this->providerLoader->expects($this->once())

  213. 			->method('getProviders')

  214. 			->willReturn([]); // … none of them is able to load, however …

  215. 

  216. 		// … 2FA is still enforced

  217. 		$this->assertTrue($this->manager->isTwoFactorAuthenticated($this->user));

  218. 	}

  219. 

  220. 	public function providerStatesFixData(): array {

  221. 		return [

  222. 			[false, false],

  223. 			[true, true],

  224. 		];

  225. 	}

  226. 

  227. 	/**

  228. 	 * If the 2FA registry has not been populated when a user logs in,

  229. 	 * the 2FA manager has to first fix the state before it checks for

  230. 	 * enabled providers.

  231. 	 *

  232. 	 * If any of these providers is active, 2FA is enabled

  233. 	 *

  234. 	 * @dataProvider providerStatesFixData

  235. 	 */

  236. 	public function testIsTwoFactorAuthenticatedFixesProviderStates(bool $providerEnabled, bool $expected) {

  237. 		$this->providerRegistry->expects($this->once())

  238. 			->method('getProviderStates')

  239. 			->willReturn([]); // Nothing registered yet

  240. 		$this->providerLoader->expects($this->once())

  241. 			->method('getProviders')

  242. 			->willReturn([

  243. 				$this->fakeProvider

  244. 			]);

  245. 		$this->fakeProvider->expects($this->once())

  246. 			->method('isTwoFactorAuthEnabledForUser')

  247. 			->with($this->user)

  248. 			->willReturn($providerEnabled);

  249. 		if ($providerEnabled) {

  250. 			$this->providerRegistry->expects($this->once())

  251. 				->method('enableProviderFor')

  252. 				->with(

  253. 					$this->fakeProvider,

  254. 					$this->user

  255. 				);

  256. 		} else {

  257. 			$this->providerRegistry->expects($this->once())

  258. 				->method('disableProviderFor')

  259. 				->with(

  260. 					$this->fakeProvider,

  261. 					$this->user

  262. 				);

  263. 		}

  264. 

  265. 		$this->assertEquals($expected, $this->manager->isTwoFactorAuthenticated($this->user));

  266. 	}

  267. 

  268. 	public function testGetProvider() {

  269. 		$this->providerRegistry->expects($this->once())

  270. 			->method('getProviderStates')

  271. 			->with($this->user)

  272. 			->willReturn([

  273. 				$this->fakeProvider->getId() => true,

  274. 			]);

  275. 		$this->providerLoader->expects($this->once())

  276. 			->method('getProviders')

  277. 			->with($this->user)

  278. 			->willReturn([$this->fakeProvider]);

  279. 

  280. 		$provider = $this->manager->getProvider($this->user, $this->fakeProvider->getId());

  281. 

  282. 		$this->assertSame($this->fakeProvider, $provider);

  283. 	}

  284. 

  285. 	public function testGetInvalidProvider() {

  286. 		$this->providerRegistry->expects($this->once())

  287. 			->method('getProviderStates')

  288. 			->with($this->user)

  289. 			->willReturn([]);

  290. 		$this->providerLoader->expects($this->once())

  291. 			->method('getProviders')

  292. 			->with($this->user)

  293. 			->willReturn([]);

  294. 

  295. 		$provider = $this->manager->getProvider($this->user, 'nonexistent');

  296. 

  297. 		$this->assertNull($provider);

  298. 	}

  299. 

  300. 	public function testGetLoginSetupProviders() {

  301. 		$provider1 = $this->createMock(IProvider::class);

  302. 		$provider2 = $this->createMock(IActivatableAtLogin::class);

  303. 		$this->providerLoader->expects($this->once())

  304. 			->method('getProviders')

  305. 			->with($this->user)

  306. 			->willReturn([

  307. 				$provider1,

  308. 				$provider2,

  309. 			]);

  310. 

  311. 		$providers = $this->manager->getLoginSetupProviders($this->user);

  312. 

  313. 		$this->assertCount(1, $providers);

  314. 		$this->assertSame($provider2, reset($providers));

  315. 	}

  316. 

  317. 	public function testGetProviders() {

  318. 		$this->providerRegistry->expects($this->once())

  319. 			->method('getProviderStates')

  320. 			->with($this->user)

  321. 			->willReturn([

  322. 				$this->fakeProvider->getId() => true,

  323. 			]);

  324. 		$this->providerLoader->expects($this->once())

  325. 			->method('getProviders')

  326. 			->with($this->user)

  327. 			->willReturn([$this->fakeProvider]);

  328. 		$expectedProviders = [

  329. 			'email' => $this->fakeProvider,

  330. 		];

  331. 

  332. 		$providerSet = $this->manager->getProviderSet($this->user);

  333. 		$providers = $providerSet->getProviders();

  334. 

  335. 		$this->assertEquals($expectedProviders, $providers);

  336. 		$this->assertFalse($providerSet->isProviderMissing());

  337. 	}

  338. 

  339. 	public function testGetProvidersOneMissing() {

  340. 		$this->providerRegistry->expects($this->once())

  341. 			->method('getProviderStates')

  342. 			->with($this->user)

  343. 			->willReturn([

  344. 				$this->fakeProvider->getId() => true,

  345. 			]);

  346. 		$this->providerLoader->expects($this->once())

  347. 			->method('getProviders')

  348. 			->with($this->user)

  349. 			->willReturn([]);

  350. 		$expectedProviders = [

  351. 			'email' => $this->fakeProvider,

  352. 		];

  353. 

  354. 		$providerSet = $this->manager->getProviderSet($this->user);

  355. 

  356. 		$this->assertTrue($providerSet->isProviderMissing());

  357. 	}

  358. 

  359. 	public function testVerifyChallenge() {

  360. 		$this->prepareProviders();

  361. 

  362. 		$challenge = 'passme';

  363. 		$event = $this->createMock(IEvent::class);

  364. 		$this->fakeProvider->expects($this->once())

  365. 			->method('verifyChallenge')

  366. 			->with($this->user, $challenge)

  367. 			->willReturn(true);

  368. 		$this->session->expects($this->once())

  369. 			->method('get')

  370. 			->with('two_factor_remember_login')

  371. 			->willReturn(false);

  372. 		$this->session->expects($this->exactly(2))

  373. 			->method('remove')

  374. 			->withConsecutive(

  375. 				['two_factor_auth_uid'],

  376. 				['two_factor_remember_login']

  377. 			);

  378. 		$this->session->expects($this->once())

  379. 			->method('set')

  380. 			->with(Manager::SESSION_UID_DONE, 'jos');

  381. 		$this->session->method('getId')

  382. 			->willReturn('mysessionid');

  383. 		$this->activityManager->expects($this->once())

  384. 			->method('generateEvent')

  385. 			->willReturn($event);

  386. 		$this->user->expects($this->any())

  387. 			->method('getUID')

  388. 			->willReturn('jos');

  389. 		$event->expects($this->once())

  390. 			->method('setApp')

  391. 			->with($this->equalTo('core'))

  392. 			->willReturnSelf();

  393. 		$event->expects($this->once())

  394. 			->method('setType')

  395. 			->with($this->equalTo('security'))

  396. 			->willReturnSelf();

  397. 		$event->expects($this->once())

  398. 			->method('setAuthor')

  399. 			->with($this->equalTo('jos'))

  400. 			->willReturnSelf();

  401. 		$event->expects($this->once())

  402. 			->method('setAffectedUser')

  403. 			->with($this->equalTo('jos'))

  404. 			->willReturnSelf();

  405. 		$this->fakeProvider

  406. 			->method('getDisplayName')

  407. 			->willReturn('Fake 2FA');

  408. 		$event->expects($this->once())

  409. 			->method('setSubject')

  410. 			->with($this->equalTo('twofactor_success'), $this->equalTo([

  411. 				'provider' => 'Fake 2FA',

  412. 			]))

  413. 			->willReturnSelf();

  414. 		$token = $this->createMock(OC\Authentication\Token\IToken::class);

  415. 		$this->tokenProvider->method('getToken')

  416. 			->with('mysessionid')

  417. 			->willReturn($token);

  418. 		$token->method('getId')

  419. 			->willReturn(42);

  420. 		$this->config->expects($this->once())

  421. 			->method('deleteUserValue')

  422. 			->with('jos', 'login_token_2fa', '42');

  423. 

  424. 		$result = $this->manager->verifyChallenge('email', $this->user, $challenge);

  425. 

  426. 		$this->assertTrue($result);

  427. 	}

  428. 

  429. 	public function testVerifyChallengeInvalidProviderId() {

  430. 		$this->prepareProviders();

  431. 

  432. 		$challenge = 'passme';

  433. 		$this->fakeProvider->expects($this->never())

  434. 			->method('verifyChallenge')

  435. 			->with($this->user, $challenge);

  436. 		$this->session->expects($this->never())

  437. 			->method('remove');

  438. 

  439. 		$this->assertFalse($this->manager->verifyChallenge('dontexist', $this->user, $challenge));

  440. 	}

  441. 

  442. 	public function testVerifyInvalidChallenge() {

  443. 		$this->prepareProviders();

  444. 

  445. 		$challenge = 'dontpassme';

  446. 		$event = $this->createMock(IEvent::class);

  447. 		$this->fakeProvider->expects($this->once())

  448. 			->method('verifyChallenge')

  449. 			->with($this->user, $challenge)

  450. 			->willReturn(false);

  451. 		$this->session->expects($this->never())

  452. 			->method('remove');

  453. 		$this->activityManager->expects($this->once())

  454. 			->method('generateEvent')

  455. 			->willReturn($event);

  456. 		$this->user->expects($this->any())

  457. 			->method('getUID')

  458. 			->willReturn('jos');

  459. 		$event->expects($this->once())

  460. 			->method('setApp')

  461. 			->with($this->equalTo('core'))

  462. 			->willReturnSelf();

  463. 		$event->expects($this->once())

  464. 			->method('setType')

  465. 			->with($this->equalTo('security'))

  466. 			->willReturnSelf();

  467. 		$event->expects($this->once())

  468. 			->method('setAuthor')

  469. 			->with($this->equalTo('jos'))

  470. 			->willReturnSelf();

  471. 		$event->expects($this->once())

  472. 			->method('setAffectedUser')

  473. 			->with($this->equalTo('jos'))

  474. 			->willReturnSelf();

  475. 		$this->fakeProvider

  476. 			->method('getDisplayName')

  477. 			->willReturn('Fake 2FA');

  478. 		$event->expects($this->once())

  479. 			->method('setSubject')

  480. 			->with($this->equalTo('twofactor_failed'), $this->equalTo([

  481. 				'provider' => 'Fake 2FA',

  482. 			]))

  483. 			->willReturnSelf();

  484. 

  485. 		$this->assertFalse($this->manager->verifyChallenge('email', $this->user, $challenge));

  486. 	}

  487. 

  488. 	public function testNeedsSecondFactor() {

  489. 		$user = $this->createMock(IUser::class);

  490. 		$this->session->expects($this->exactly(3))

  491. 			->method('exists')

  492. 			->withConsecutive(

  493. 				['app_password'],

  494. 				['two_factor_auth_uid'],

  495. 				[Manager::SESSION_UID_DONE],

  496. 			)

  497. 			->willReturn(false);

  498. 

  499. 		$this->session->method('getId')

  500. 			->willReturn('mysessionid');

  501. 		$token = $this->createMock(OC\Authentication\Token\IToken::class);

  502. 		$this->tokenProvider->method('getToken')

  503. 			->with('mysessionid')

  504. 			->willReturn($token);

  505. 		$token->method('getId')

  506. 			->willReturn(42);

  507. 

  508. 		$user->method('getUID')

  509. 			->willReturn('user');

  510. 		$this->config->method('getUserKeys')

  511. 			->with('user', 'login_token_2fa')

  512. 			->willReturn([

  513. 				'42'

  514. 			]);

  515. 

  516. 		$manager = $this->getMockBuilder(Manager::class)

  517. 			->setConstructorArgs([

  518. 				$this->providerLoader,

  519. 				$this->providerRegistry,

  520. 				$this->mandatoryTwoFactor,

  521. 				$this->session,

  522. 				$this->config,

  523. 				$this->activityManager,

  524. 				$this->logger,

  525. 				$this->tokenProvider,

  526. 				$this->timeFactory,

  527. 				$this->dispatcher,

  528. 			])

  529. 			->setMethods(['loadTwoFactorApp', 'isTwoFactorAuthenticated'])// Do not actually load the apps

  530. 			->getMock();

  531. 

  532. 		$manager->method('isTwoFactorAuthenticated')

  533. 			->with($user)

  534. 			->willReturn(true);

  535. 

  536. 		$this->assertTrue($manager->needsSecondFactor($user));

  537. 	}

  538. 

  539. 	public function testNeedsSecondFactorUserIsNull() {

  540. 		$user = null;

  541. 		$this->session->expects($this->never())

  542. 			->method('exists');

  543. 

  544. 		$this->assertFalse($this->manager->needsSecondFactor($user));

  545. 	}

  546. 

  547. 	public function testNeedsSecondFactorWithNoProviderAvailableAnymore() {

  548. 		$this->prepareNoProviders();

  549. 

  550. 		$user = null;

  551. 		$this->session->expects($this->never())

  552. 			->method('exists')

  553. 			->with('two_factor_auth_uid')

  554. 			->willReturn(true);

  555. 		$this->session->expects($this->never())

  556. 			->method('remove')

  557. 			->with('two_factor_auth_uid');

  558. 

  559. 		$this->assertFalse($this->manager->needsSecondFactor($user));

  560. 	}

  561. 

  562. 	public function testPrepareTwoFactorLogin() {

  563. 		$this->user->method('getUID')

  564. 			->willReturn('ferdinand');

  565. 

  566. 		$this->session->expects($this->exactly(2))

  567. 			->method('set')

  568. 			->withConsecutive(

  569. 				['two_factor_auth_uid', 'ferdinand'],

  570. 				['two_factor_remember_login', true]

  571. 			);

  572. 

  573. 		$this->session->method('getId')

  574. 			->willReturn('mysessionid');

  575. 		$token = $this->createMock(OC\Authentication\Token\IToken::class);

  576. 		$this->tokenProvider->method('getToken')

  577. 			->with('mysessionid')

  578. 			->willReturn($token);

  579. 		$token->method('getId')

  580. 			->willReturn(42);

  581. 

  582. 		$this->timeFactory->method('getTime')

  583. 			->willReturn(1337);

  584. 

  585. 		$this->config->method('setUserValue')

  586. 			->with('ferdinand', 'login_token_2fa', '42', '1337');

  587. 

  588. 

  589. 		$this->manager->prepareTwoFactorLogin($this->user, true);

  590. 	}

  591. 

  592. 	public function testPrepareTwoFactorLoginDontRemember() {

  593. 		$this->user->method('getUID')

  594. 			->willReturn('ferdinand');

  595. 

  596. 		$this->session->expects($this->exactly(2))

  597. 			->method('set')

  598. 			->withConsecutive(

  599. 				['two_factor_auth_uid', 'ferdinand'],

  600. 				['two_factor_remember_login', false]

  601. 			);

  602. 

  603. 		$this->session->method('getId')

  604. 			->willReturn('mysessionid');

  605. 		$token = $this->createMock(OC\Authentication\Token\IToken::class);

  606. 		$this->tokenProvider->method('getToken')

  607. 			->with('mysessionid')

  608. 			->willReturn($token);

  609. 		$token->method('getId')

  610. 			->willReturn(42);

  611. 

  612. 		$this->timeFactory->method('getTime')

  613. 			->willReturn(1337);

  614. 

  615. 		$this->config->method('setUserValue')

  616. 			->with('ferdinand', 'login_token_2fa', '42', '1337');

  617. 

  618. 		$this->manager->prepareTwoFactorLogin($this->user, false);

  619. 	}

  620. 

  621. 	public function testNeedsSecondFactorSessionAuth() {

  622. 		$user = $this->createMock(IUser::class);

  623. 		$user->method('getUID')

  624. 			->willReturn('user');

  625. 

  626. 		$this->session->method('exists')

  627. 			->willReturnCallback(function ($var) {

  628. 				if ($var === Manager::SESSION_UID_KEY) {

  629. 					return false;

  630. 				} elseif ($var === 'app_password') {

  631. 					return false;

  632. 				} elseif ($var === 'app_api') {

  633. 					return false;

  634. 				}

  635. 				return true;

  636. 			});

  637. 		$this->session->method('get')

  638. 			->willReturnCallback(function ($var) {

  639. 				if ($var === Manager::SESSION_UID_KEY) {

  640. 					return 'user';

  641. 				} elseif ($var === 'app_api') {

  642. 					return true;

  643. 				}

  644. 				return null;

  645. 			});

  646. 		$this->session->expects($this->once())

  647. 			->method('get')

  648. 			->willReturnMap([

  649. 				[Manager::SESSION_UID_DONE, 'user'],

  650. 				['app_api', true]

  651. 			]);

  652. 

  653. 		$this->assertFalse($this->manager->needsSecondFactor($user));

  654. 	}

  655. 

  656. 	public function testNeedsSecondFactorSessionAuthFailDBPass() {

  657. 		$user = $this->createMock(IUser::class);

  658. 		$user->method('getUID')

  659. 			->willReturn('user');

  660. 

  661. 		$this->session->method('exists')

  662. 			->willReturn(false);

  663. 		$this->session->method('getId')

  664. 			->willReturn('mysessionid');

  665. 

  666. 		$token = $this->createMock(OC\Authentication\Token\IToken::class);

  667. 		$token->method('getId')

  668. 			->willReturn(40);

  669. 

  670. 		$this->tokenProvider->method('getToken')

  671. 			->with('mysessionid')

  672. 			->willReturn($token);

  673. 

  674. 		$this->config->method('getUserKeys')

  675. 			->with('user', 'login_token_2fa')

  676. 			->willReturn([

  677. 				'42', '43', '44'

  678. 			]);

  679. 

  680. 		$this->session->expects($this->once())

  681. 			->method('set')

  682. 			->with(Manager::SESSION_UID_DONE, 'user');

  683. 

  684. 		$this->assertFalse($this->manager->needsSecondFactor($user));

  685. 	}

  686. 

  687. 	public function testNeedsSecondFactorInvalidToken() {

  688. 		$this->prepareNoProviders();

  689. 

  690. 		$user = $this->createMock(IUser::class);

  691. 		$user->method('getUID')

  692. 			->willReturn('user');

  693. 

  694. 		$this->session->method('exists')

  695. 			->willReturn(false);

  696. 		$this->session->method('getId')

  697. 			->willReturn('mysessionid');

  698. 

  699. 		$this->tokenProvider->method('getToken')

  700. 			->with('mysessionid')

  701. 			->willThrowException(new OC\Authentication\Exceptions\InvalidTokenException());

  702. 

  703. 		$this->config->method('getUserKeys')->willReturn([]);

  704. 

  705. 		$this->assertFalse($this->manager->needsSecondFactor($user));

  706. 	}

  707. 

  708. 	public function testNeedsSecondFactorAppPassword() {

  709. 		$user = $this->createMock(IUser::class);

  710. 		$this->session->method('exists')

  711. 			->willReturnMap([

  712. 				['app_password', true],

  713. 				['app_api', true]

  714. 			]);

  715. 

  716. 		$this->assertFalse($this->manager->needsSecondFactor($user));

  717. 	}

  718. }