mirrors
/
nextcloud
mirror of https://github.com/nextcloud/server.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 984 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
50321 Commits
372 Branches
Tree: 6d20876eb2
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '6d20876eb2'
${ noResults }
nextcloud/tests/Core/Controller/LostControllerTest.php

LostControllerTest.php 29KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900 
  1. <?php

  2. /**

  3.  * @author Lukas Reschke <lukas@owncloud.com>

  4.  *

  5.  * @copyright Copyright (c) 2015, ownCloud, Inc.

  6.  * @license AGPL-3.0

  7.  *

  8.  * This code is free software: you can redistribute it and/or modify

  9.  * it under the terms of the GNU Affero General Public License, version 3,

  10.  * as published by the Free Software Foundation.

  11.  *

  12.  * This program is distributed in the hope that it will be useful,

  13.  * but WITHOUT ANY WARRANTY; without even the implied warranty of

  14.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

  15.  * GNU Affero General Public License for more details.

  16.  *

  17.  * You should have received a copy of the GNU Affero General Public License, version 3,

  18.  * along with this program.  If not, see <http://www.gnu.org/licenses/>

  19.  *

  20.  */

  21. 

  22. namespace Tests\Core\Controller;

  23. 

  24. use OC\Authentication\TwoFactorAuth\Manager;

  25. use OC\Core\Controller\LostController;

  26. use OC\Mail\Message;

  27. use OCP\AppFramework\Http\JSONResponse;

  28. use OCP\AppFramework\Http\TemplateResponse;

  29. use OCP\AppFramework\Utility\ITimeFactory;

  30. use OCP\Defaults;

  31. use OCP\Encryption\IEncryptionModule;

  32. use OCP\Encryption\IManager;

  33. use OCP\IConfig;

  34. use OCP\IInitialStateService;

  35. use OCP\IL10N;

  36. use OCP\ILogger;

  37. use OCP\IRequest;

  38. use OCP\IURLGenerator;

  39. use OCP\IUser;

  40. use OCP\IUserManager;

  41. use OCP\Mail\IEMailTemplate;

  42. use OCP\Mail\IMailer;

  43. use OCP\Security\ICrypto;

  44. use OCP\Security\ISecureRandom;

  45. use PHPUnit_Framework_MockObject_MockObject;

  46. 

  47. /**

  48.  * Class LostControllerTest

  49.  *

  50.  * @package OC\Core\Controller

  51.  */

  52. class LostControllerTest extends \Test\TestCase {

  53. 

  54. 	/** @var LostController */

  55. 	private $lostController;

  56. 	/** @var IUser */

  57. 	private $existingUser;

  58. 	/** @var IURLGenerator | PHPUnit_Framework_MockObject_MockObject */

  59. 	private $urlGenerator;

  60. 	/** @var IL10N */

  61. 	private $l10n;

  62. 	/** @var IUserManager | PHPUnit_Framework_MockObject_MockObject */

  63. 	private $userManager;

  64. 	/** @var Defaults */

  65. 	private $defaults;

  66. 	/** @var IConfig | PHPUnit_Framework_MockObject_MockObject */

  67. 	private $config;

  68. 	/** @var IMailer | PHPUnit_Framework_MockObject_MockObject */

  69. 	private $mailer;

  70. 	/** @var ISecureRandom | PHPUnit_Framework_MockObject_MockObject */

  71. 	private $secureRandom;

  72. 	/** @var IManager|PHPUnit_Framework_MockObject_MockObject */

  73. 	private $encryptionManager;

  74. 	/** @var ITimeFactory | PHPUnit_Framework_MockObject_MockObject */

  75. 	private $timeFactory;

  76. 	/** @var IRequest */

  77. 	private $request;

  78. 	/** @var ICrypto|\PHPUnit_Framework_MockObject_MockObject */

  79. 	private $crypto;

  80. 	/** @var ILogger|\PHPUnit_Framework_MockObject_MockObject */

  81. 	private $logger;

  82. 	/** @var Manager|\PHPUnit_Framework_MockObject_MockObject */

  83. 	private $twofactorManager;

  84. 	/** @var IInitialStateService|\PHPUnit_Framework_MockObject_MockObject */

  85. 	private $initialStateService;

  86. 

  87. 	protected function setUp() {

  88. 		parent::setUp();

  89. 

  90. 		$this->existingUser = $this->createMock(IUser::class);

  91. 		$this->existingUser->expects($this->any())

  92. 			->method('getEMailAddress')

  93. 			->willReturn('test@example.com');

  94. 		$this->existingUser->expects($this->any())

  95. 			->method('getUID')

  96. 			->willReturn('ExistingUser');

  97. 		$this->existingUser->expects($this->any())

  98. 			->method('isEnabled')

  99. 			->willReturn(true);

  100. 

  101. 		$this->config = $this->createMock(IConfig::class);

  102. 		$this->config->expects($this->any())

  103. 			->method('getSystemValue')

  104. 			->willReturnMap([

  105. 				['secret', null, 'SECRET'],

  106. 				['secret', '', 'SECRET'],

  107. 				['lost_password_link', '', ''],

  108. 			]);

  109. 		$this->l10n = $this->createMock(IL10N::class);

  110. 		$this->l10n

  111. 			->expects($this->any())

  112. 			->method('t')

  113. 			->will($this->returnCallback(function($text, $parameters = array()) {

  114. 				return vsprintf($text, $parameters);

  115. 			}));

  116. 		$this->defaults = $this->getMockBuilder('\OCP\Defaults')

  117. 			->disableOriginalConstructor()->getMock();

  118. 		$this->userManager = $this->getMockBuilder(IUserManager::class)

  119. 			->disableOriginalConstructor()->getMock();

  120. 		$this->urlGenerator = $this->getMockBuilder(IURLGenerator::class)

  121. 			->disableOriginalConstructor()->getMock();

  122. 		$this->mailer = $this->getMockBuilder('\OCP\Mail\IMailer')

  123. 			->disableOriginalConstructor()->getMock();

  124. 		$this->secureRandom = $this->getMockBuilder('\OCP\Security\ISecureRandom')

  125. 			->disableOriginalConstructor()->getMock();

  126. 		$this->timeFactory = $this->getMockBuilder('\OCP\AppFramework\Utility\ITimeFactory')

  127. 			->disableOriginalConstructor()->getMock();

  128. 		$this->request = $this->getMockBuilder(IRequest::class)

  129. 			->disableOriginalConstructor()->getMock();

  130. 		$this->encryptionManager = $this->getMockBuilder(IManager::class)

  131. 			->disableOriginalConstructor()->getMock();

  132. 		$this->encryptionManager->expects($this->any())

  133. 			->method('isEnabled')

  134. 			->willReturn(true);

  135. 		$this->crypto = $this->createMock(ICrypto::class);

  136. 		$this->logger = $this->createMock(ILogger::class);

  137. 		$this->twofactorManager = $this->createMock(Manager::class);

  138. 		$this->initialStateService = $this->createMock(IInitialStateService::class);

  139. 		$this->lostController = new LostController(

  140. 			'Core',

  141. 			$this->request,

  142. 			$this->urlGenerator,

  143. 			$this->userManager,

  144. 			$this->defaults,

  145. 			$this->l10n,

  146. 			$this->config,

  147. 			$this->secureRandom,

  148. 			'lostpassword-noreply@localhost',

  149. 			$this->encryptionManager,

  150. 			$this->mailer,

  151. 			$this->timeFactory,

  152. 			$this->crypto,

  153. 			$this->logger,

  154. 			$this->twofactorManager,

  155. 			$this->initialStateService

  156. 		);

  157. 	}

  158. 

  159. 	public function testResetFormWithNotExistingUser() {

  160. 		$this->userManager->method('get')

  161. 			->with('NotExistingUser')

  162. 			->willReturn(null);

  163. 

  164. 		$expectedResponse = new TemplateResponse(

  165. 			'core',

  166. 			'error',

  167. 			[

  168. 				'errors' => [

  169. 					['error' => 'Couldn\'t reset password because the token is invalid'],

  170. 				]

  171. 			],

  172. 			'guest'

  173. 		);

  174. 		$this->assertEquals($expectedResponse, $this->lostController->resetform('MySecretToken', 'NotExistingUser'));

  175. 	}

  176. 

  177. 	public function testResetFormInvalidTokenMatch() {

  178. 		$this->config->method('getUserValue')

  179. 			->with('ValidTokenUser', 'core', 'lostpassword', null)

  180. 			->willReturn('encryptedToken');

  181. 		$this->existingUser->method('getLastLogin')

  182. 			->will($this->returnValue(12344));

  183. 		$this->userManager->method('get')

  184. 			->with('ValidTokenUser')

  185. 			->willReturn($this->existingUser);

  186. 		$this->crypto->method('decrypt')

  187. 			->with(

  188. 				$this->equalTo('encryptedToken'),

  189. 				$this->equalTo('test@example.comSECRET')

  190. 			)->willReturn('12345:TheOnlyAndOnlyOneTokenToResetThePassword');

  191. 

  192. 		$response = $this->lostController->resetform('12345:MySecretToken', 'ValidTokenUser');

  193. 		$expectedResponse = new TemplateResponse('core',

  194. 			'error',

  195. 			[

  196. 				'errors' => [

  197. 					['error' => 'Couldn\'t reset password because the token is invalid'],

  198. 				]

  199. 			],

  200. 			'guest');

  201. 		$this->assertEquals($expectedResponse, $response);

  202. 	}

  203. 

  204. 

  205. 	public function testResetFormExpiredToken() {

  206. 		$this->userManager->method('get')

  207. 			->with('ValidTokenUser')

  208. 			->willReturn($this->existingUser);

  209. 		$this->config

  210. 			->expects($this->once())

  211. 			->method('getUserValue')

  212. 			->with('ValidTokenUser', 'core', 'lostpassword', null)

  213. 			->will($this->returnValue('encryptedToken'));

  214. 		$this->crypto->method('decrypt')

  215. 			->with(

  216. 				$this->equalTo('encryptedToken'),

  217. 				$this->equalTo('test@example.comSECRET')

  218. 			)->willReturn('12345:TheOnlyAndOnlyOneTokenToResetThePassword');

  219. 		$this->timeFactory

  220. 			->expects($this->once())

  221. 			->method('getTime')

  222. 			->willReturn(999999);

  223. 

  224. 		$response = $this->lostController->resetform('TheOnlyAndOnlyOneTokenToResetThePassword', 'ValidTokenUser');

  225. 		$expectedResponse = new TemplateResponse('core',

  226. 			'error',

  227. 			[

  228. 				'errors' => [

  229. 					['error' => 'Couldn\'t reset password because the token is expired'],

  230. 				]

  231. 			],

  232. 			'guest');

  233. 		$this->assertEquals($expectedResponse, $response);

  234. 	}

  235. 

  236. 	public function testResetFormValidToken() {

  237. 		$this->existingUser->method('getLastLogin')

  238. 			->willReturn(12344);

  239. 		$this->userManager->method('get')

  240. 			->with('ValidTokenUser')

  241. 			->willReturn($this->existingUser);

  242. 		$this->timeFactory

  243. 			->expects($this->once())

  244. 			->method('getTime')

  245. 			->willReturn(12348);

  246. 

  247. 		$this->config->method('getUserValue')

  248. 			->with('ValidTokenUser', 'core', 'lostpassword', null)

  249. 			->willReturn('encryptedToken');

  250. 

  251. 		$this->crypto->method('decrypt')

  252. 			->with(

  253. 				$this->equalTo('encryptedToken'),

  254. 				$this->equalTo('test@example.comSECRET')

  255. 			)->willReturn('12345:TheOnlyAndOnlyOneTokenToResetThePassword');

  256. 		$this->urlGenerator

  257. 			->expects($this->once())

  258. 			->method('linkToRouteAbsolute')

  259. 			->with('core.lost.setPassword', array('userId' => 'ValidTokenUser', 'token' => 'TheOnlyAndOnlyOneTokenToResetThePassword'))

  260. 			->will($this->returnValue('https://example.tld/index.php/lostpassword/'));

  261. 

  262. 		$this->initialStateService->expects($this->at(0))

  263. 			->method('provideInitialState')

  264. 			->with('core', 'resetPasswordUser', 'ValidTokenUser');

  265. 		$this->initialStateService->expects($this->at(1))

  266. 			->method('provideInitialState')

  267. 			->with('core', 'resetPasswordTarget', 'https://example.tld/index.php/lostpassword/');

  268. 

  269. 		$response = $this->lostController->resetform('TheOnlyAndOnlyOneTokenToResetThePassword', 'ValidTokenUser');

  270. 		$expectedResponse = new TemplateResponse('core',

  271. 			'login',

  272. 			[],

  273. 			'guest');

  274. 		$this->assertEquals($expectedResponse, $response);

  275. 	}

  276. 

  277. 	public function testEmailUnsuccessful() {

  278. 		$existingUser = 'ExistingUser';

  279. 		$nonExistingUser = 'NonExistingUser';

  280. 		$this->userManager

  281. 			->expects($this->any())

  282. 			->method('userExists')

  283. 			->will($this->returnValueMap(array(

  284. 				array(true, $existingUser),

  285. 				array(false, $nonExistingUser)

  286. 			)));

  287. 

  288. 		$this->logger->expects($this->exactly(0))

  289. 			->method('logException');

  290. 		$this->logger->expects($this->exactly(2))

  291. 			->method('warning');

  292. 

  293. 		$this->userManager

  294. 			->method('getByEmail')

  295. 			->willReturn([]);

  296. 

  297. 		// With a non existing user

  298. 		$response = $this->lostController->email($nonExistingUser);

  299. 		$expectedResponse = new JSONResponse([

  300. 			'status' => 'success',

  301. 		]);

  302. 		$expectedResponse->throttle();

  303. 		$this->assertEquals($expectedResponse, $response);

  304. 

  305. 		// With no mail address

  306. 		$this->config

  307. 			->expects($this->any())

  308. 			->method('getUserValue')

  309. 			->with($existingUser, 'settings', 'email')

  310. 			->will($this->returnValue(null));

  311. 		$response = $this->lostController->email($existingUser);

  312. 		$expectedResponse = new JSONResponse([

  313. 			'status' => 'success',

  314. 		]);

  315. 		$expectedResponse->throttle();

  316. 		$this->assertEquals($expectedResponse, $response);

  317. 	}

  318. 

  319. 	public function testEmailSuccessful() {

  320. 		$this->secureRandom

  321. 			->expects($this->once())

  322. 			->method('generate')

  323. 			->with('21')

  324. 			->will($this->returnValue('ThisIsMaybeANotSoSecretToken!'));

  325. 		$this->userManager

  326. 				->expects($this->any())

  327. 				->method('get')

  328. 				->with('ExistingUser')

  329. 				->willReturn($this->existingUser);

  330. 		$this->timeFactory

  331. 			->expects($this->once())

  332. 			->method('getTime')

  333. 			->will($this->returnValue(12348));

  334. 		$this->config

  335. 			->expects($this->once())

  336. 			->method('setUserValue')

  337. 			->with('ExistingUser', 'core', 'lostpassword', 'encryptedToken');

  338. 		$this->urlGenerator

  339. 			->expects($this->once())

  340. 			->method('linkToRouteAbsolute')

  341. 			->with('core.lost.resetform', array('userId' => 'ExistingUser', 'token' => 'ThisIsMaybeANotSoSecretToken!'))

  342. 			->will($this->returnValue('https://example.tld/index.php/lostpassword/'));

  343. 		$message = $this->getMockBuilder('\OC\Mail\Message')

  344. 			->disableOriginalConstructor()->getMock();

  345. 		$message

  346. 			->expects($this->at(0))

  347. 			->method('setTo')

  348. 			->with(['test@example.com' => 'ExistingUser']);

  349. 		$message

  350. 			->expects($this->at(1))

  351. 			->method('setFrom')

  352. 			->with(['lostpassword-noreply@localhost' => null]);

  353. 

  354. 		$emailTemplate = $this->createMock(IEMailTemplate::class);

  355. 		$emailTemplate->expects($this->any())

  356. 			->method('renderHtml')

  357. 			->willReturn('HTML body');

  358. 		$emailTemplate->expects($this->any())

  359. 			->method('renderText')

  360. 			->willReturn('text body');

  361. 

  362. 		$message

  363. 			->expects($this->at(2))

  364. 			->method('useTemplate')

  365. 			->with($emailTemplate);

  366. 

  367. 		$this->mailer

  368. 			->expects($this->at(0))

  369. 			->method('createEMailTemplate')

  370. 			->willReturn($emailTemplate);

  371. 		$this->mailer

  372. 			->expects($this->at(1))

  373. 			->method('createMessage')

  374. 			->will($this->returnValue($message));

  375. 		$this->mailer

  376. 			->expects($this->at(2))

  377. 			->method('send')

  378. 			->with($message);

  379. 

  380. 		$this->crypto->method('encrypt')

  381. 			->with(

  382. 				$this->equalTo('12348:ThisIsMaybeANotSoSecretToken!'),

  383. 				$this->equalTo('test@example.comSECRET')

  384. 			)->willReturn('encryptedToken');

  385. 

  386. 		$response = $this->lostController->email('ExistingUser');

  387. 		$expectedResponse = new JSONResponse(['status' => 'success']);

  388. 		$expectedResponse->throttle();

  389. 		$this->assertEquals($expectedResponse, $response);

  390. 	}

  391. 

  392. 	public function testEmailWithMailSuccessful() {

  393. 		$this->secureRandom

  394. 			->expects($this->once())

  395. 			->method('generate')

  396. 			->with('21')

  397. 			->will($this->returnValue('ThisIsMaybeANotSoSecretToken!'));

  398. 		$this->userManager

  399. 				->expects($this->any())

  400. 				->method('get')

  401. 				->with('test@example.com')

  402. 				->willReturn(null);

  403. 		$this->userManager

  404. 				->expects($this->any())

  405. 				->method('getByEmail')

  406. 				->with('test@example.com')

  407. 				->willReturn([$this->existingUser]);

  408. 		$this->timeFactory

  409. 			->expects($this->once())

  410. 			->method('getTime')

  411. 			->will($this->returnValue(12348));

  412. 		$this->config

  413. 			->expects($this->once())

  414. 			->method('setUserValue')

  415. 			->with('ExistingUser', 'core', 'lostpassword', 'encryptedToken');

  416. 		$this->urlGenerator

  417. 			->expects($this->once())

  418. 			->method('linkToRouteAbsolute')

  419. 			->with('core.lost.resetform', array('userId' => 'ExistingUser', 'token' => 'ThisIsMaybeANotSoSecretToken!'))

  420. 			->will($this->returnValue('https://example.tld/index.php/lostpassword/'));

  421. 		$message = $this->getMockBuilder('\OC\Mail\Message')

  422. 			->disableOriginalConstructor()->getMock();

  423. 		$message

  424. 			->expects($this->at(0))

  425. 			->method('setTo')

  426. 			->with(['test@example.com' => 'ExistingUser']);

  427. 		$message

  428. 			->expects($this->at(1))

  429. 			->method('setFrom')

  430. 			->with(['lostpassword-noreply@localhost' => null]);

  431. 

  432. 		$emailTemplate = $this->createMock(IEMailTemplate::class);

  433. 		$emailTemplate->expects($this->any())

  434. 			->method('renderHtml')

  435. 			->willReturn('HTML body');

  436. 		$emailTemplate->expects($this->any())

  437. 			->method('renderText')

  438. 			->willReturn('text body');

  439. 

  440. 		$message

  441. 			->expects($this->at(2))

  442. 			->method('useTemplate')

  443. 			->with($emailTemplate);

  444. 

  445. 		$this->mailer

  446. 			->expects($this->at(0))

  447. 			->method('createEMailTemplate')

  448. 			->willReturn($emailTemplate);

  449. 		$this->mailer

  450. 			->expects($this->at(1))

  451. 			->method('createMessage')

  452. 			->will($this->returnValue($message));

  453. 		$this->mailer

  454. 			->expects($this->at(2))

  455. 			->method('send')

  456. 			->with($message);

  457. 

  458. 		$this->crypto->method('encrypt')

  459. 			->with(

  460. 				$this->equalTo('12348:ThisIsMaybeANotSoSecretToken!'),

  461. 				$this->equalTo('test@example.comSECRET')

  462. 			)->willReturn('encryptedToken');

  463. 

  464. 		$response = $this->lostController->email('test@example.com');

  465. 		$expectedResponse = new JSONResponse(['status' => 'success']);

  466. 		$expectedResponse->throttle();

  467. 		$this->assertEquals($expectedResponse, $response);

  468. 	}

  469. 

  470. 	public function testEmailCantSendException() {

  471. 		$this->secureRandom

  472. 			->expects($this->once())

  473. 			->method('generate')

  474. 			->with('21')

  475. 			->will($this->returnValue('ThisIsMaybeANotSoSecretToken!'));

  476. 		$this->userManager

  477. 				->expects($this->any())

  478. 				->method('get')

  479. 				->with('ExistingUser')

  480. 				->willReturn($this->existingUser);

  481. 		$this->config

  482. 			->expects($this->once())

  483. 			->method('setUserValue')

  484. 			->with('ExistingUser', 'core', 'lostpassword', 'encryptedToken');

  485. 		$this->timeFactory

  486. 			->expects($this->once())

  487. 			->method('getTime')

  488. 			->will($this->returnValue(12348));

  489. 		$this->urlGenerator

  490. 			->expects($this->once())

  491. 			->method('linkToRouteAbsolute')

  492. 			->with('core.lost.resetform', array('userId' => 'ExistingUser', 'token' => 'ThisIsMaybeANotSoSecretToken!'))

  493. 			->will($this->returnValue('https://example.tld/index.php/lostpassword/'));

  494. 		$message = $this->createMock(Message::class);

  495. 		$message

  496. 			->expects($this->at(0))

  497. 			->method('setTo')

  498. 			->with(['test@example.com' => 'ExistingUser']);

  499. 		$message

  500. 			->expects($this->at(1))

  501. 			->method('setFrom')

  502. 			->with(['lostpassword-noreply@localhost' => null]);

  503. 

  504. 		$emailTemplate = $this->createMock(IEMailTemplate::class);

  505. 		$emailTemplate->expects($this->any())

  506. 			->method('renderHtml')

  507. 			->willReturn('HTML body');

  508. 		$emailTemplate->expects($this->any())

  509. 			->method('renderText')

  510. 			->willReturn('text body');

  511. 

  512. 		$message

  513. 			->expects($this->at(2))

  514. 			->method('useTemplate')

  515. 			->with($emailTemplate);

  516. 

  517. 		$this->mailer

  518. 			->expects($this->at(0))

  519. 			->method('createEMailTemplate')

  520. 			->willReturn($emailTemplate);

  521. 		$this->mailer

  522. 			->expects($this->at(1))

  523. 			->method('createMessage')

  524. 			->will($this->returnValue($message));

  525. 		$this->mailer

  526. 			->expects($this->at(2))

  527. 			->method('send')

  528. 			->with($message)

  529. 			->will($this->throwException(new \Exception()));

  530. 

  531. 		$this->crypto->method('encrypt')

  532. 			->with(

  533. 				$this->equalTo('12348:ThisIsMaybeANotSoSecretToken!'),

  534. 				$this->equalTo('test@example.comSECRET')

  535. 			)->willReturn('encryptedToken');

  536. 

  537. 		$this->logger->expects($this->exactly(1))

  538. 			->method('logException');

  539. 

  540. 		$response = $this->lostController->email('ExistingUser');

  541. 		$expectedResponse = new JSONResponse(['status' => 'success']);

  542. 		$expectedResponse->throttle();

  543. 		$this->assertEquals($expectedResponse, $response);

  544. 	}

  545. 

  546. 	public function testSetPasswordUnsuccessful() {

  547. 		$this->config->method('getUserValue')

  548. 			->with('ValidTokenUser', 'core', 'lostpassword', null)

  549. 			->willReturn('encryptedData');

  550. 		$this->existingUser->method('getLastLogin')

  551. 			->will($this->returnValue(12344));

  552. 		$this->existingUser->expects($this->once())

  553. 			->method('setPassword')

  554. 			->with('NewPassword')

  555. 			->willReturn(false);

  556. 		$this->userManager->method('get')

  557. 			->with('ValidTokenUser')

  558. 			->willReturn($this->existingUser);

  559. 		$this->config->expects($this->never())

  560. 			->method('deleteUserValue');

  561. 		$this->timeFactory->method('getTime')

  562. 			->will($this->returnValue(12348));

  563. 

  564. 		$this->crypto->method('decrypt')

  565. 			->with(

  566. 				$this->equalTo('encryptedData'),

  567. 				$this->equalTo('test@example.comSECRET')

  568. 			)->willReturn('12345:TheOnlyAndOnlyOneTokenToResetThePassword');

  569. 

  570. 		$response = $this->lostController->setPassword('TheOnlyAndOnlyOneTokenToResetThePassword', 'ValidTokenUser', 'NewPassword', true);

  571. 		$expectedResponse = array('status' => 'error', 'msg' => '');

  572. 		$this->assertSame($expectedResponse, $response);

  573. 	}

  574. 

  575. 	public function testSetPasswordSuccessful() {

  576. 		$this->config->method('getUserValue')

  577. 			->with('ValidTokenUser', 'core', 'lostpassword', null)

  578. 			->willReturn('encryptedData');

  579. 		$this->existingUser->method('getLastLogin')

  580. 			->will($this->returnValue(12344));

  581. 		$this->existingUser->expects($this->once())

  582. 			->method('setPassword')

  583. 			->with('NewPassword')

  584. 			->willReturn(true);

  585. 		$this->userManager->method('get')

  586. 			->with('ValidTokenUser')

  587. 			->willReturn($this->existingUser);

  588. 		$this->config->expects($this->once())

  589. 			->method('deleteUserValue')

  590. 			->with('ValidTokenUser', 'core', 'lostpassword');

  591. 		$this->timeFactory->method('getTime')

  592. 			->will($this->returnValue(12348));

  593. 

  594. 		$this->crypto->method('decrypt')

  595. 			->with(

  596. 				$this->equalTo('encryptedData'),

  597. 				$this->equalTo('test@example.comSECRET')

  598. 			)->willReturn('12345:TheOnlyAndOnlyOneTokenToResetThePassword');

  599. 

  600. 		$response = $this->lostController->setPassword('TheOnlyAndOnlyOneTokenToResetThePassword', 'ValidTokenUser', 'NewPassword', true);

  601. 		$expectedResponse = array('user' => 'ValidTokenUser', 'status' => 'success');

  602. 		$this->assertSame($expectedResponse, $response);

  603. 	}

  604. 

  605. 	public function testSetPasswordExpiredToken() {

  606. 		$this->config->method('getUserValue')

  607. 			->with('ValidTokenUser', 'core', 'lostpassword', null)

  608. 			->willReturn('encryptedData');

  609. 		$this->userManager->method('get')

  610. 			->with('ValidTokenUser')

  611. 			->willReturn($this->existingUser);

  612. 		$this->timeFactory->method('getTime')

  613. 			->willReturn(617146);

  614. 

  615. 		$this->crypto->method('decrypt')

  616. 			->with(

  617. 				$this->equalTo('encryptedData'),

  618. 				$this->equalTo('test@example.comSECRET')

  619. 			)->willReturn('12345:TheOnlyAndOnlyOneTokenToResetThePassword');

  620. 

  621. 		$response = $this->lostController->setPassword('TheOnlyAndOnlyOneTokenToResetThePassword', 'ValidTokenUser', 'NewPassword', true);

  622. 		$expectedResponse = [

  623. 			'status' => 'error',

  624. 			'msg' => 'Couldn\'t reset password because the token is expired',

  625. 		];

  626. 		$this->assertSame($expectedResponse, $response);

  627. 	}

  628. 

  629. 	public function testSetPasswordInvalidDataInDb() {

  630. 		$this->config->method('getUserValue')

  631. 			->with('ValidTokenUser', 'core', 'lostpassword', null)

  632. 			->willReturn('invalidEncryptedData');

  633. 		$this->userManager

  634. 			->method('get')

  635. 			->with('ValidTokenUser')

  636. 			->willReturn($this->existingUser);

  637. 

  638. 		$this->crypto->method('decrypt')

  639. 			->with(

  640. 				$this->equalTo('invalidEncryptedData'),

  641. 				$this->equalTo('test@example.comSECRET')

  642. 			)->willReturn('TheOnlyAndOnlyOneTokenToResetThePassword');

  643. 

  644. 		$response = $this->lostController->setPassword('TheOnlyAndOnlyOneTokenToResetThePassword', 'ValidTokenUser', 'NewPassword', true);

  645. 		$expectedResponse = [

  646. 			'status' => 'error',

  647. 			'msg' => 'Couldn\'t reset password because the token is invalid',

  648. 		];

  649. 		$this->assertSame($expectedResponse, $response);

  650. 	}

  651. 

  652. 	public function testSetPasswordExpiredTokenDueToLogin() {

  653. 		$this->config->method('getUserValue')

  654. 			->with('ValidTokenUser', 'core', 'lostpassword', null)

  655. 			->willReturn('encryptedData');

  656. 		$this->existingUser->method('getLastLogin')

  657. 			->will($this->returnValue(12346));

  658. 		$this->userManager

  659. 			->method('get')

  660. 			->with('ValidTokenUser')

  661. 			->willReturn($this->existingUser);

  662. 		$this->timeFactory

  663. 			->method('getTime')

  664. 			->will($this->returnValue(12345));

  665. 

  666. 		$this->crypto->method('decrypt')

  667. 			->with(

  668. 				$this->equalTo('encryptedData'),

  669. 				$this->equalTo('test@example.comSECRET')

  670. 			)->willReturn('12345:TheOnlyAndOnlyOneTokenToResetThePassword');

  671. 

  672. 		$response = $this->lostController->setPassword('TheOnlyAndOnlyOneTokenToResetThePassword', 'ValidTokenUser', 'NewPassword', true);

  673. 		$expectedResponse = [

  674. 			'status' => 'error',

  675. 			'msg' => 'Couldn\'t reset password because the token is expired',

  676. 		];

  677. 		$this->assertSame($expectedResponse, $response);

  678. 	}

  679. 

  680. 	public function testIsSetPasswordWithoutTokenFailing() {

  681. 		$this->config->method('getUserValue')

  682. 			->with('ValidTokenUser', 'core', 'lostpassword', null)

  683. 			->willReturn('aValidtoken');

  684. 		$this->userManager->method('get')

  685. 			->with('ValidTokenUser')

  686. 			->willReturn($this->existingUser);

  687. 

  688. 		$this->crypto->method('decrypt')

  689. 			->with(

  690. 				$this->equalTo('aValidtoken'),

  691. 				$this->equalTo('test@example.comSECRET')

  692. 			)->willThrowException(new \Exception());

  693. 

  694. 		$response = $this->lostController->setPassword('', 'ValidTokenUser', 'NewPassword', true);

  695. 		$expectedResponse = [

  696. 			'status' => 'error',

  697. 			'msg' => 'Couldn\'t reset password because the token is invalid'

  698. 			];

  699. 		$this->assertSame($expectedResponse, $response);

  700. 	}

  701. 

  702. 	public function testIsSetPasswordTokenNullFailing() {

  703. 		$this->config->method('getUserValue')

  704. 			->with('ValidTokenUser', 'core', 'lostpassword', null)

  705. 			->willReturn(null);

  706. 		$this->userManager->method('get')

  707. 			->with('ValidTokenUser')

  708. 			->willReturn($this->existingUser);

  709. 

  710. 		$response = $this->lostController->setPassword('', 'ValidTokenUser', 'NewPassword', true);

  711. 		$expectedResponse = [

  712. 			'status' => 'error',

  713. 			'msg' => 'Couldn\'t reset password because the token is invalid'

  714. 		];

  715. 		$this->assertSame($expectedResponse, $response);

  716. 	}

  717. 

  718. 	public function testSetPasswordForDisabledUser() {

  719. 		$user = $this->createMock(IUser::class);

  720. 		$user->expects($this->any())

  721. 			->method('isEnabled')

  722. 			->willReturn(false);

  723. 		$user->expects($this->never())

  724. 			->method('setPassword');

  725. 

  726. 		$this->config->method('getUserValue')

  727. 			->with('ValidTokenUser', 'core', 'lostpassword', null)

  728. 			->willReturn('encryptedData');

  729. 		$this->userManager->method('get')

  730. 			->with('DisabledUser')

  731. 			->willReturn($user);

  732. 

  733. 		$response = $this->lostController->setPassword('TheOnlyAndOnlyOneTokenToResetThePassword', 'DisabledUser', 'NewPassword', true);

  734. 		$expectedResponse = [

  735. 			'status' => 'error',

  736. 			'msg' => 'Couldn\'t reset password because the token is invalid'

  737. 			];

  738. 		$this->assertSame($expectedResponse, $response);

  739. 	}

  740. 

  741. 	public function testSendEmailNoEmail() {

  742. 		$user = $this->createMock(IUser::class);

  743. 		$user->expects($this->any())

  744. 			->method('isEnabled')

  745. 			->willReturn(true);

  746. 		$this->userManager->method('userExists')

  747. 			->with('ExistingUser')

  748. 			->willReturn(true);

  749. 		$this->userManager->method('get')

  750. 			->with('ExistingUser')

  751. 			->willReturn($user);

  752. 

  753. 		$this->logger->expects($this->exactly(0))

  754. 			->method('logException');

  755. 		$this->logger->expects($this->once())

  756. 			->method('warning');

  757. 

  758. 		$response = $this->lostController->email('ExistingUser');

  759. 		$expectedResponse = new JSONResponse(['status' => 'success']);

  760. 		$expectedResponse->throttle();

  761. 		$this->assertEquals($expectedResponse, $response);

  762. 	}

  763. 

  764. 	public function testSetPasswordEncryptionDontProceedPerUserKey() {

  765. 		/** @var IEncryptionModule|PHPUnit_Framework_MockObject_MockObject $encryptionModule */

  766. 		$encryptionModule = $this->createMock(IEncryptionModule::class);

  767. 		$encryptionModule->expects($this->once())->method('needDetailedAccessList')->willReturn(true);

  768. 		$this->encryptionManager->expects($this->once())->method('getEncryptionModules')

  769. 			->willReturn([0 => ['callback' => function() use ($encryptionModule) { return $encryptionModule; }]]);

  770. 		$response = $this->lostController->setPassword('myToken', 'user', 'newpass', false);

  771. 		$expectedResponse = ['status' => 'error', 'msg' => '', 'encryption' => true];

  772. 		$this->assertSame($expectedResponse, $response);

  773. 	}

  774. 

  775. 	public function testSetPasswordDontProceedMasterKey() {

  776. 		$encryptionModule = $this->createMock(IEncryptionModule::class);

  777. 		$encryptionModule->expects($this->once())->method('needDetailedAccessList')->willReturn(false);

  778. 		$this->encryptionManager->expects($this->once())->method('getEncryptionModules')

  779. 			->willReturn([0 => ['callback' => function() use ($encryptionModule) { return $encryptionModule; }]]);

  780. 		$this->config->method('getUserValue')

  781. 			->with('ValidTokenUser', 'core', 'lostpassword', null)

  782. 			->willReturn('encryptedData');

  783. 		$this->existingUser->method('getLastLogin')

  784. 			->will($this->returnValue(12344));

  785. 		$this->existingUser->expects($this->once())

  786. 			->method('setPassword')

  787. 			->with('NewPassword')

  788. 			->willReturn(true);

  789. 		$this->userManager->method('get')

  790. 			->with('ValidTokenUser')

  791. 			->willReturn($this->existingUser);

  792. 		$this->config->expects($this->once())

  793. 			->method('deleteUserValue')

  794. 			->with('ValidTokenUser', 'core', 'lostpassword');

  795. 		$this->timeFactory->method('getTime')

  796. 			->will($this->returnValue(12348));

  797. 

  798. 		$this->crypto->method('decrypt')

  799. 			->with(

  800. 				$this->equalTo('encryptedData'),

  801. 				$this->equalTo('test@example.comSECRET')

  802. 			)->willReturn('12345:TheOnlyAndOnlyOneTokenToResetThePassword');

  803. 

  804. 		$response = $this->lostController->setPassword('TheOnlyAndOnlyOneTokenToResetThePassword', 'ValidTokenUser', 'NewPassword', false);

  805. 		$expectedResponse = array('user' => 'ValidTokenUser', 'status' => 'success');

  806. 		$this->assertSame($expectedResponse, $response);

  807. 	}

  808. 

  809. 	public function testTwoUsersWithSameEmail() {

  810. 		$user1 = $this->createMock(IUser::class);

  811. 		$user1->expects($this->any())

  812. 			->method('getEMailAddress')

  813. 			->willReturn('test@example.com');

  814. 		$user1->expects($this->any())

  815. 			->method('getUID')

  816. 			->willReturn('User1');

  817. 		$user1->expects($this->any())

  818. 			->method('isEnabled')

  819. 			->willReturn(true);

  820. 

  821. 		$user2 = $this->createMock(IUser::class);

  822. 		$user2->expects($this->any())

  823. 			->method('getEMailAddress')

  824. 			->willReturn('test@example.com');

  825. 		$user2->expects($this->any())

  826. 			->method('getUID')

  827. 			->willReturn('User2');

  828. 		$user2->expects($this->any())

  829. 			->method('isEnabled')

  830. 			->willReturn(true);

  831. 

  832. 		$this->userManager

  833. 			->method('get')

  834. 			->willReturn(null);

  835. 

  836. 		$this->userManager

  837. 			->method('getByEmail')

  838. 			->willReturn([$user1, $user2]);

  839. 

  840. 		$this->logger->expects($this->exactly(0))

  841. 			->method('logException');

  842. 		$this->logger->expects($this->once())

  843. 			->method('warning');

  844. 

  845. 		// request password reset for test@example.com

  846. 		$response = $this->lostController->email('test@example.com');

  847. 

  848. 		$expectedResponse = new JSONResponse([

  849. 			'status' => 'success'

  850. 		]);

  851. 		$expectedResponse->throttle();

  852. 

  853. 		$this->assertEquals($expectedResponse, $response);

  854. 	}

  855. 

  856. 

  857. 	/**

  858. 	 * @return array

  859. 	 */

  860. 	public function dataTwoUserswithSameEmailOneDisabled(): array {

  861. 		return [

  862. 			['user1' => true, 'user2' => false],

  863. 			['user1' => false, 'user2' => true]

  864. 		];

  865. 	}

  866. 

  867. 	/**

  868. 	 * @dataProvider dataTwoUserswithSameEmailOneDisabled

  869. 	 * @param bool $userEnabled1

  870. 	 * @param bool $userEnabled2

  871. 	 */

  872. 	public function testTwoUsersWithSameEmailOneDisabled(bool $userEnabled1, bool $userEnabled2): void {

  873. 		$user1 = $this->createMock(IUser::class);

  874. 		$user1->method('getEMailAddress')

  875. 			->willReturn('test@example.com');

  876. 		$user1->method('getUID')

  877. 			->willReturn('User1');

  878. 		$user1->method('isEnabled')

  879. 			->willReturn($userEnabled1);

  880. 

  881. 		$user2 = $this->createMock(IUser::class);

  882. 		$user2->method('getEMailAddress')

  883. 			->willReturn('test@example.com');

  884. 		$user2->method('getUID')

  885. 			->willReturn('User2');

  886. 		$user2->method('isEnabled')

  887. 			->willReturn($userEnabled2);

  888. 

  889. 		$this->userManager

  890. 			->method('get')

  891. 			->willReturn(null);

  892. 

  893. 		$this->userManager

  894. 			->method('getByEmail')

  895. 			->willReturn([$user1, $user2]);

  896. 

  897. 		$result = self::invokePrivate($this->lostController, 'findUserByIdOrMail', ['test@example.com']);

  898. 		$this->assertInstanceOf(IUser::class, $result);

  899. 	}

  900. }