mirrors
/
nextcloud
mirror of https://github.com/nextcloud/server.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 997 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
44235 Commits
370 Branches
Tree: 9444a3fad1
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '9444a3fad1'
${ noResults }
nextcloud/tests/Core/Controller/LoginControllerTest.php

LoginControllerTest.php 21KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689 
  1. <?php

  2. /**

  3.  * @author Lukas Reschke <lukas@owncloud.com>

  4.  *

  5.  * @copyright Copyright (c) 2016, ownCloud, Inc.

  6.  * @license AGPL-3.0

  7.  *

  8.  * This code is free software: you can redistribute it and/or modify

  9.  * it under the terms of the GNU Affero General Public License, version 3,

  10.  * as published by the Free Software Foundation.

  11.  *

  12.  * This program is distributed in the hope that it will be useful,

  13.  * but WITHOUT ANY WARRANTY; without even the implied warranty of

  14.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

  15.  * GNU Affero General Public License for more details.

  16.  *

  17.  * You should have received a copy of the GNU Affero General Public License, version 3,

  18.  * along with this program.  If not, see <http://www.gnu.org/licenses/>

  19.  *

  20.  */

  21. 

  22. namespace Tests\Core\Controller;

  23. 

  24. use OC\Authentication\Token\IToken;

  25. use OC\Authentication\TwoFactorAuth\Manager;

  26. use OC\Authentication\TwoFactorAuth\ProviderSet;

  27. use OC\Core\Controller\LoginController;

  28. use OC\Security\Bruteforce\Throttler;

  29. use OC\User\Session;

  30. use OCP\AppFramework\Http\RedirectResponse;

  31. use OCP\AppFramework\Http\TemplateResponse;

  32. use OCP\Authentication\TwoFactorAuth\IProvider;

  33. use OCP\Defaults;

  34. use OCP\IConfig;

  35. use OCP\ILogger;

  36. use OCP\IRequest;

  37. use OCP\ISession;

  38. use OCP\IURLGenerator;

  39. use OCP\IUser;

  40. use OCP\IUserManager;

  41. use Test\TestCase;

  42. 

  43. class LoginControllerTest extends TestCase {

  44. 	/** @var LoginController */

  45. 	private $loginController;

  46. 	/** @var IRequest|\PHPUnit_Framework_MockObject_MockObject */

  47. 	private $request;

  48. 	/** @var IUserManager|\PHPUnit_Framework_MockObject_MockObject */

  49. 	private $userManager;

  50. 	/** @var IConfig|\PHPUnit_Framework_MockObject_MockObject */

  51. 	private $config;

  52. 	/** @var ISession|\PHPUnit_Framework_MockObject_MockObject */

  53. 	private $session;

  54. 	/** @var Session|\PHPUnit_Framework_MockObject_MockObject */

  55. 	private $userSession;

  56. 	/** @var IURLGenerator|\PHPUnit_Framework_MockObject_MockObject */

  57. 	private $urlGenerator;

  58. 	/** @var ILogger|\PHPUnit_Framework_MockObject_MockObject */

  59. 	private $logger;

  60. 	/** @var Manager|\PHPUnit_Framework_MockObject_MockObject */

  61. 	private $twoFactorManager;

  62. 	/** @var Defaults|\PHPUnit_Framework_MockObject_MockObject */

  63. 	private $defaults;

  64. 	/** @var Throttler|\PHPUnit_Framework_MockObject_MockObject */

  65. 	private $throttler;

  66. 

  67. 	public function setUp() {

  68. 		parent::setUp();

  69. 		$this->request = $this->createMock(IRequest::class);

  70. 		$this->userManager = $this->createMock(\OC\User\Manager::class);

  71. 		$this->config = $this->createMock(IConfig::class);

  72. 		$this->session = $this->createMock(ISession::class);

  73. 		$this->userSession = $this->createMock(Session::class);

  74. 		$this->urlGenerator = $this->createMock(IURLGenerator::class);

  75. 		$this->logger = $this->createMock(ILogger::class);

  76. 		$this->twoFactorManager = $this->createMock(Manager::class);

  77. 		$this->defaults = $this->createMock(Defaults::class);

  78. 		$this->throttler = $this->createMock(Throttler::class);

  79. 

  80. 		$this->request->method('getRemoteAddress')

  81. 			->willReturn('1.2.3.4');

  82. 		$this->throttler->method('getDelay')

  83. 			->with(

  84. 				$this->equalTo('1.2.3.4'),

  85. 				$this->equalTo('')

  86. 			)->willReturn(1000);

  87. 

  88. 		$this->loginController = new LoginController(

  89. 			'core',

  90. 			$this->request,

  91. 			$this->userManager,

  92. 			$this->config,

  93. 			$this->session,

  94. 			$this->userSession,

  95. 			$this->urlGenerator,

  96. 			$this->logger,

  97. 			$this->twoFactorManager,

  98. 			$this->defaults,

  99. 			$this->throttler

  100. 		);

  101. 	}

  102. 

  103. 	public function testLogoutWithoutToken() {

  104. 		$this->request

  105. 			->expects($this->once())

  106. 			->method('getCookie')

  107. 			->with('nc_token')

  108. 			->willReturn(null);

  109. 		$this->config

  110. 			->expects($this->never())

  111. 			->method('deleteUserValue');

  112. 		$this->urlGenerator

  113. 			->expects($this->once())

  114. 			->method('linkToRouteAbsolute')

  115. 			->with('core.login.showLoginForm')

  116. 			->willReturn('/login');

  117. 

  118. 		$expected = new RedirectResponse('/login');

  119. 		$expected->addHeader('Clear-Site-Data', '"cache", "cookies", "storage", "executionContexts"');

  120. 		$this->assertEquals($expected, $this->loginController->logout());

  121. 	}

  122. 

  123. 	public function testLogoutWithToken() {

  124. 		$this->request

  125. 			->expects($this->once())

  126. 			->method('getCookie')

  127. 			->with('nc_token')

  128. 			->willReturn('MyLoginToken');

  129. 		$user = $this->createMock(IUser::class);

  130. 		$user

  131. 			->expects($this->once())

  132. 			->method('getUID')

  133. 			->willReturn('JohnDoe');

  134. 		$this->userSession

  135. 			->expects($this->once())

  136. 			->method('getUser')

  137. 			->willReturn($user);

  138. 		$this->config

  139. 			->expects($this->once())

  140. 			->method('deleteUserValue')

  141. 			->with('JohnDoe', 'login_token', 'MyLoginToken');

  142. 		$this->urlGenerator

  143. 			->expects($this->once())

  144. 			->method('linkToRouteAbsolute')

  145. 			->with('core.login.showLoginForm')

  146. 			->willReturn('/login');

  147. 

  148. 		$expected = new RedirectResponse('/login');

  149. 		$expected->addHeader('Clear-Site-Data', '"cache", "cookies", "storage", "executionContexts"');

  150. 		$this->assertEquals($expected, $this->loginController->logout());

  151. 	}

  152. 

  153. 	public function testShowLoginFormForLoggedInUsers() {

  154. 		$this->userSession

  155. 			->expects($this->once())

  156. 			->method('isLoggedIn')

  157. 			->willReturn(true);

  158. 

  159. 		$expectedResponse = new RedirectResponse(\OC_Util::getDefaultPageUrl());

  160. 		$this->assertEquals($expectedResponse, $this->loginController->showLoginForm('', '', ''));

  161. 	}

  162. 

  163. 	public function testShowLoginFormWithErrorsInSession() {

  164. 		$this->userSession

  165. 			->expects($this->once())

  166. 			->method('isLoggedIn')

  167. 			->willReturn(false);

  168. 		$this->session

  169. 			->expects($this->once())

  170. 			->method('get')

  171. 			->with('loginMessages')

  172. 			->willReturn(

  173. 				[

  174. 					[

  175. 						'ErrorArray1',

  176. 						'ErrorArray2',

  177. 					],

  178. 					[

  179. 						'MessageArray1',

  180. 						'MessageArray2',

  181. 					],

  182. 				]

  183. 			);

  184. 

  185. 		$expectedResponse = new TemplateResponse(

  186. 			'core',

  187. 			'login',

  188. 			[

  189. 				'ErrorArray1' => true,

  190. 				'ErrorArray2' => true,

  191. 				'messages' => [

  192. 					'MessageArray1',

  193. 					'MessageArray2',

  194. 				],

  195. 				'loginName' => '',

  196. 				'user_autofocus' => true,

  197. 				'canResetPassword' => true,

  198. 				'alt_login' => [],

  199. 				'resetPasswordLink' => null,

  200. 				'throttle_delay' => 1000,

  201. 			],

  202. 			'guest'

  203. 		);

  204. 		$this->assertEquals($expectedResponse, $this->loginController->showLoginForm('', '', ''));

  205. 	}

  206. 

  207. 	public function testShowLoginFormForFlowAuth() {

  208. 		$this->userSession

  209. 			->expects($this->once())

  210. 			->method('isLoggedIn')

  211. 			->willReturn(false);

  212. 

  213. 		$expectedResponse = new TemplateResponse(

  214. 			'core',

  215. 			'login',

  216. 			[

  217. 				'messages' => [],

  218. 				'redirect_url' => 'login/flow',

  219. 				'loginName' => '',

  220. 				'user_autofocus' => true,

  221. 				'canResetPassword' => true,

  222. 				'alt_login' => [],

  223. 				'resetPasswordLink' => null,

  224. 				'throttle_delay' => 1000,

  225. 			],

  226. 			'guest'

  227. 		);

  228. 		$this->assertEquals($expectedResponse, $this->loginController->showLoginForm('', 'login/flow', ''));

  229. 	}

  230. 

  231. 	/**

  232. 	 * @return array

  233. 	 */

  234. 	public function passwordResetDataProvider() {

  235. 		return [

  236. 			[

  237. 				true,

  238. 				true,

  239. 			],

  240. 			[

  241. 				false,

  242. 				false,

  243. 			],

  244. 		];

  245. 	}

  246. 

  247. 	/**

  248. 	 * @dataProvider passwordResetDataProvider

  249. 	 */

  250. 	public function testShowLoginFormWithPasswordResetOption($canChangePassword,

  251. 															 $expectedResult) {

  252. 		$this->userSession

  253. 			->expects($this->once())

  254. 			->method('isLoggedIn')

  255. 			->willReturn(false);

  256. 		$this->config

  257. 			->expects($this->once())

  258. 			->method('getSystemValue')

  259. 			->with('lost_password_link')

  260. 			->willReturn(false);

  261. 		$user = $this->createMock(IUser::class);

  262. 		$user

  263. 			->expects($this->once())

  264. 			->method('canChangePassword')

  265. 			->willReturn($canChangePassword);

  266. 		$this->userManager

  267. 			->expects($this->once())

  268. 			->method('get')

  269. 			->with('LdapUser')

  270. 			->willReturn($user);

  271. 

  272. 		$expectedResponse = new TemplateResponse(

  273. 			'core',

  274. 			'login',

  275. 			[

  276. 				'messages' => [],

  277. 				'loginName' => 'LdapUser',

  278. 				'user_autofocus' => false,

  279. 				'canResetPassword' => $expectedResult,

  280. 				'alt_login' => [],

  281. 				'resetPasswordLink' => false,

  282. 				'throttle_delay' => 1000,

  283. 			],

  284. 			'guest'

  285. 		);

  286. 		$this->assertEquals($expectedResponse, $this->loginController->showLoginForm('LdapUser', '', ''));

  287. 	}

  288. 

  289. 	public function testShowLoginFormForUserNamedNull() {

  290. 		$this->userSession

  291. 			->expects($this->once())

  292. 			->method('isLoggedIn')

  293. 			->willReturn(false);

  294. 		$this->config

  295. 			->expects($this->once())

  296. 			->method('getSystemValue')

  297. 			->with('lost_password_link')

  298. 			->willReturn(false);

  299. 		$user = $this->createMock(IUser::class);

  300. 		$user

  301. 			->expects($this->once())

  302. 			->method('canChangePassword')

  303. 			->willReturn(false);

  304. 		$this->userManager

  305. 			->expects($this->once())

  306. 			->method('get')

  307. 			->with('0')

  308. 			->willReturn($user);

  309. 

  310. 		$expectedResponse = new TemplateResponse(

  311. 			'core',

  312. 			'login',

  313. 			[

  314. 				'messages' => [],

  315. 				'loginName' => '0',

  316. 				'user_autofocus' => false,

  317. 				'canResetPassword' => false,

  318. 				'alt_login' => [],

  319. 				'resetPasswordLink' => false,

  320. 				'throttle_delay' => 1000,

  321. 			],

  322. 			'guest'

  323. 		);

  324. 		$this->assertEquals($expectedResponse, $this->loginController->showLoginForm('0', '', ''));

  325. 	}

  326. 

  327. 	public function testLoginWithInvalidCredentials() {

  328. 		$user = 'MyUserName';

  329. 		$password = 'secret';

  330. 		$loginPageUrl = '/login?redirect_url=/apps/files';

  331. 

  332. 		$this->request

  333. 			->expects($this->once())

  334. 			->method('passesCSRFCheck')

  335. 			->willReturn(true);

  336. 		$this->userManager->expects($this->once())

  337. 			->method('checkPasswordNoLogging')

  338. 			->will($this->returnValue(false));

  339. 		$this->userManager->expects($this->once())

  340. 			->method('getByEmail')

  341. 			->with($user)

  342. 			->willReturn([]);

  343. 		$this->urlGenerator->expects($this->once())

  344. 			->method('linkToRoute')

  345. 			->with('core.login.showLoginForm', [

  346. 				'user' => 'MyUserName',

  347. 				'redirect_url' => '/apps/files',

  348. 			])

  349. 			->will($this->returnValue($loginPageUrl));

  350. 

  351. 		$this->userSession->expects($this->never())

  352. 			->method('createSessionToken');

  353. 		$this->userSession->expects($this->never())

  354. 			->method('createRememberMeToken');

  355. 		$this->config->expects($this->never())

  356. 			->method('deleteUserValue');

  357. 

  358. 		$expected = new \OCP\AppFramework\Http\RedirectResponse($loginPageUrl);

  359. 		$expected->throttle(['user' => 'MyUserName']);

  360. 		$this->assertEquals($expected, $this->loginController->tryLogin($user, $password, '/apps/files'));

  361. 	}

  362. 

  363. 	public function testLoginWithValidCredentials() {

  364. 		/** @var IUser|\PHPUnit_Framework_MockObject_MockObject $user */

  365. 		$user = $this->createMock(IUser::class);

  366. 		$user->expects($this->any())

  367. 			->method('getUID')

  368. 			->will($this->returnValue('uid'));

  369. 		$loginName = 'loginli';

  370. 		$user->expects($this->any())

  371. 			->method('getLastLogin')

  372. 			->willReturn(123456);

  373. 		$password = 'secret';

  374. 		$indexPageUrl = \OC_Util::getDefaultPageUrl();

  375. 

  376. 		$this->request

  377. 			->expects($this->once())

  378. 			->method('passesCSRFCheck')

  379. 			->willReturn(true);

  380. 		$this->userManager->expects($this->once())

  381. 			->method('checkPasswordNoLogging')

  382. 			->will($this->returnValue($user));

  383. 		$this->userSession->expects($this->once())

  384. 			->method('completeLogin')

  385. 			->with($user, ['loginName' => $loginName, 'password' => $password]);

  386. 		$this->userSession->expects($this->once())

  387. 			->method('createSessionToken')

  388. 			->with($this->request, $user->getUID(), $loginName, $password, IToken::REMEMBER);

  389. 		$this->twoFactorManager->expects($this->once())

  390. 			->method('isTwoFactorAuthenticated')

  391. 			->with($user)

  392. 			->will($this->returnValue(false));

  393. 		$this->config->expects($this->once())

  394. 			->method('deleteUserValue')

  395. 			->with('uid', 'core', 'lostpassword');

  396. 		$this->config->expects($this->once())

  397. 			->method('setUserValue')

  398. 			->with('uid', 'core', 'timezone', 'Europe/Berlin');

  399. 		$this->userSession->expects($this->never())

  400. 			->method('createRememberMeToken');

  401. 

  402. 		$this->session->expects($this->exactly(2))

  403. 			->method('set')

  404. 			->withConsecutive(

  405. 				['last-password-confirm', 123456],

  406. 				['timezone', '1']

  407. 			);

  408. 

  409. 		$expected = new \OCP\AppFramework\Http\RedirectResponse($indexPageUrl);

  410. 		$this->assertEquals($expected, $this->loginController->tryLogin($loginName, $password, null, false, 'Europe/Berlin', '1'));

  411. 	}

  412. 

  413. 	public function testLoginWithValidCredentialsAndRememberMe() {

  414. 		/** @var IUser|\PHPUnit_Framework_MockObject_MockObject $user */

  415. 		$user = $this->createMock(IUser::class);

  416. 		$user->expects($this->any())

  417. 			->method('getUID')

  418. 			->will($this->returnValue('uid'));

  419. 		$loginName = 'loginli';

  420. 		$password = 'secret';

  421. 		$indexPageUrl = \OC_Util::getDefaultPageUrl();

  422. 

  423. 		$this->request

  424. 			->expects($this->once())

  425. 			->method('passesCSRFCheck')

  426. 			->willReturn(true);

  427. 		$this->userManager->expects($this->once())

  428. 			->method('checkPasswordNoLogging')

  429. 			->will($this->returnValue($user));

  430. 		$this->userSession->expects($this->once())

  431. 			->method('completeLogin')

  432. 			->with($user, ['loginName' => $loginName, 'password' => $password]);

  433. 		$this->userSession->expects($this->once())

  434. 			->method('createSessionToken')

  435. 			->with($this->request, $user->getUID(), $loginName, $password, true);

  436. 		$this->twoFactorManager->expects($this->once())

  437. 			->method('isTwoFactorAuthenticated')

  438. 			->with($user)

  439. 			->will($this->returnValue(false));

  440. 		$this->config->expects($this->once())

  441. 			->method('deleteUserValue')

  442. 			->with('uid', 'core', 'lostpassword');

  443. 		$this->userSession->expects($this->once())

  444. 			->method('createRememberMeToken')

  445. 			->with($user);

  446. 

  447. 		$expected = new \OCP\AppFramework\Http\RedirectResponse($indexPageUrl);

  448. 		$this->assertEquals($expected, $this->loginController->tryLogin($loginName, $password, null, true));

  449. 	}

  450. 

  451. 	public function testLoginWithoutPassedCsrfCheckAndNotLoggedIn() {

  452. 		/** @var IUser|\PHPUnit_Framework_MockObject_MockObject $user */

  453. 		$user = $this->createMock(IUser::class);

  454. 		$user->expects($this->any())

  455. 			->method('getUID')

  456. 			->will($this->returnValue('jane'));

  457. 		$password = 'secret';

  458. 		$originalUrl = 'another%20url';

  459. 

  460. 		$this->request

  461. 			->expects($this->once())

  462. 			->method('passesCSRFCheck')

  463. 			->willReturn(false);

  464. 		$this->userSession->expects($this->once())

  465. 			->method('isLoggedIn')

  466. 			->with()

  467. 			->will($this->returnValue(false));

  468. 		$this->config->expects($this->never())

  469. 			->method('deleteUserValue');

  470. 		$this->userSession->expects($this->never())

  471. 			->method('createRememberMeToken');

  472. 

  473. 		$expected = new \OCP\AppFramework\Http\RedirectResponse(\OC_Util::getDefaultPageUrl());

  474. 		$this->assertEquals($expected, $this->loginController->tryLogin('Jane', $password, $originalUrl));

  475. 	}

  476. 

  477. 	public function testLoginWithoutPassedCsrfCheckAndLoggedIn() {

  478. 		/** @var IUser|\PHPUnit_Framework_MockObject_MockObject $user */

  479. 		$user = $this->createMock(IUser::class);

  480. 		$user->expects($this->any())

  481. 			->method('getUID')

  482. 			->will($this->returnValue('jane'));

  483. 		$password = 'secret';

  484. 		$originalUrl = 'another%20url';

  485. 		$redirectUrl = 'http://localhost/another url';

  486. 

  487. 		$this->request

  488. 			->expects($this->once())

  489. 			->method('passesCSRFCheck')

  490. 			->willReturn(false);

  491. 		$this->userSession->expects($this->once())

  492. 			->method('isLoggedIn')

  493. 			->with()

  494. 			->will($this->returnValue(true));

  495. 		$this->urlGenerator->expects($this->once())

  496. 			->method('getAbsoluteURL')

  497. 			->with(urldecode($originalUrl))

  498. 			->will($this->returnValue($redirectUrl));

  499. 		$this->config->expects($this->never())

  500. 			->method('deleteUserValue');

  501. 		$this->userSession->expects($this->never())

  502. 			->method('createRememberMeToken');

  503. 

  504. 		$expected = new \OCP\AppFramework\Http\RedirectResponse($redirectUrl);

  505. 		$this->assertEquals($expected, $this->loginController->tryLogin('Jane', $password, $originalUrl));

  506. 	}

  507. 

  508. 	public function testLoginWithValidCredentialsAndRedirectUrl() {

  509. 		/** @var IUser|\PHPUnit_Framework_MockObject_MockObject $user */

  510. 		$user = $this->createMock(IUser::class);

  511. 		$user->expects($this->any())

  512. 			->method('getUID')

  513. 			->will($this->returnValue('jane'));

  514. 		$password = 'secret';

  515. 		$originalUrl = 'another%20url';

  516. 		$redirectUrl = 'http://localhost/another url';

  517. 

  518. 		$this->request

  519. 			->expects($this->once())

  520. 			->method('passesCSRFCheck')

  521. 			->willReturn(true);

  522. 		$this->userManager->expects($this->once())

  523. 			->method('checkPasswordNoLogging')

  524. 			->with('Jane', $password)

  525. 			->will($this->returnValue($user));

  526. 		$this->userSession->expects($this->once())

  527. 			->method('createSessionToken')

  528. 			->with($this->request, $user->getUID(), 'Jane', $password, IToken::REMEMBER);

  529. 		$this->userSession->expects($this->once())

  530. 			->method('isLoggedIn')

  531. 			->with()

  532. 			->will($this->returnValue(true));

  533. 		$this->urlGenerator->expects($this->once())

  534. 			->method('getAbsoluteURL')

  535. 			->with(urldecode($originalUrl))

  536. 			->will($this->returnValue($redirectUrl));

  537. 		$this->config->expects($this->once())

  538. 			->method('deleteUserValue')

  539. 			->with('jane', 'core', 'lostpassword');

  540. 

  541. 		$expected = new \OCP\AppFramework\Http\RedirectResponse(urldecode($redirectUrl));

  542. 		$this->assertEquals($expected, $this->loginController->tryLogin('Jane', $password, $originalUrl));

  543. 	}

  544. 

  545. 	public function testLoginWithOneTwoFactorProvider() {

  546. 		/** @var IUser|\PHPUnit_Framework_MockObject_MockObject $user */

  547. 		$user = $this->createMock(IUser::class);

  548. 		$user->expects($this->any())

  549. 			->method('getUID')

  550. 			->will($this->returnValue('john'));

  551. 		$password = 'secret';

  552. 		$challengeUrl = 'challenge/url';

  553. 		$provider = $this->createMock(IProvider::class);

  554. 

  555. 		$this->request

  556. 			->expects($this->once())

  557. 			->method('passesCSRFCheck')

  558. 			->willReturn(true);

  559. 		$this->userManager->expects($this->once())

  560. 			->method('checkPasswordNoLogging')

  561. 			->will($this->returnValue($user));

  562. 		$this->userSession->expects($this->once())

  563. 			->method('completeLogin')

  564. 			->with($user, ['loginName' => 'john@doe.com', 'password' => $password]);

  565. 		$this->userSession->expects($this->once())

  566. 			->method('createSessionToken')

  567. 			->with($this->request, $user->getUID(), 'john@doe.com', $password, IToken::REMEMBER);

  568. 		$this->twoFactorManager->expects($this->once())

  569. 			->method('isTwoFactorAuthenticated')

  570. 			->with($user)

  571. 			->will($this->returnValue(true));

  572. 		$this->twoFactorManager->expects($this->once())

  573. 			->method('prepareTwoFactorLogin')

  574. 			->with($user);

  575. 		$providerSet = new ProviderSet([$provider], false);

  576. 		$this->twoFactorManager->expects($this->once())

  577. 			->method('getProviderSet')

  578. 			->with($user)

  579. 			->willReturn($providerSet);

  580. 		$provider->expects($this->once())

  581. 			->method('getId')

  582. 			->will($this->returnValue('u2f'));

  583. 		$this->urlGenerator->expects($this->once())

  584. 			->method('linkToRoute')

  585. 			->with('core.TwoFactorChallenge.showChallenge', [

  586. 				'challengeProviderId' => 'u2f',

  587. 			])

  588. 			->will($this->returnValue($challengeUrl));

  589. 		$this->config->expects($this->once())

  590. 			->method('deleteUserValue')

  591. 			->with('john', 'core', 'lostpassword');

  592. 		$this->userSession->expects($this->never())

  593. 			->method('createRememberMeToken');

  594. 

  595. 		$expected = new RedirectResponse($challengeUrl);

  596. 		$this->assertEquals($expected, $this->loginController->tryLogin('john@doe.com', $password, null));

  597. 	}

  598. 

  599. 	public function testLoginWithMultipleTwoFactorProviders() {

  600. 		/** @var IUser|\PHPUnit_Framework_MockObject_MockObject $user */

  601. 		$user = $this->createMock(IUser::class);

  602. 		$user->expects($this->any())

  603. 			->method('getUID')

  604. 			->will($this->returnValue('john'));

  605. 		$password = 'secret';

  606. 		$challengeUrl = 'challenge/url';

  607. 		$provider1 = $this->createMock(IProvider::class);

  608. 		$provider2 = $this->createMock(IProvider::class);

  609. 		$provider1->method('getId')->willReturn('prov1');

  610. 		$provider2->method('getId')->willReturn('prov2');

  611. 

  612. 		$this->request

  613. 			->expects($this->once())

  614. 			->method('passesCSRFCheck')

  615. 			->willReturn(true);

  616. 		$this->userManager->expects($this->once())

  617. 			->method('checkPasswordNoLogging')

  618. 			->will($this->returnValue($user));

  619. 		$this->userSession->expects($this->once())

  620. 			->method('completeLogin')

  621. 			->with($user, ['loginName' => 'john@doe.com', 'password' => $password]);

  622. 		$this->userSession->expects($this->once())

  623. 			->method('createSessionToken')

  624. 			->with($this->request, $user->getUID(), 'john@doe.com', $password, IToken::REMEMBER);

  625. 		$this->twoFactorManager->expects($this->once())

  626. 			->method('isTwoFactorAuthenticated')

  627. 			->with($user)

  628. 			->will($this->returnValue(true));

  629. 		$this->twoFactorManager->expects($this->once())

  630. 			->method('prepareTwoFactorLogin')

  631. 			->with($user);

  632. 		$providerSet = new ProviderSet([$provider1, $provider2], false);

  633. 		$this->twoFactorManager->expects($this->once())

  634. 			->method('getProviderSet')

  635. 			->with($user)

  636. 			->willReturn($providerSet);

  637. 		$this->urlGenerator->expects($this->once())

  638. 			->method('linkToRoute')

  639. 			->with('core.TwoFactorChallenge.selectChallenge')

  640. 			->will($this->returnValue($challengeUrl));

  641. 		$this->config->expects($this->once())

  642. 			->method('deleteUserValue')

  643. 			->with('john', 'core', 'lostpassword');

  644. 		$this->userSession->expects($this->never())

  645. 			->method('createRememberMeToken');

  646. 

  647. 		$expected = new RedirectResponse($challengeUrl);

  648. 		$this->assertEquals($expected, $this->loginController->tryLogin('john@doe.com', $password, null));

  649. 	}

  650. 

  651. 	public function testToNotLeakLoginName() {

  652. 		/** @var IUser|\PHPUnit_Framework_MockObject_MockObject $user */

  653. 		$user = $this->createMock(IUser::class);

  654. 		$user->expects($this->any())

  655. 			->method('getUID')

  656. 			->will($this->returnValue('john'));

  657. 

  658. 		$this->userManager->expects($this->once())

  659. 			->method('checkPasswordNoLogging')

  660. 			->with('john@doe.com', 'just wrong')

  661. 			->willReturn(false);

  662. 		$this->userManager->expects($this->once())

  663. 			->method('checkPassword')

  664. 			->with('john', 'just wrong')

  665. 			->willReturn(false);

  666. 

  667. 		$this->userManager->expects($this->once())

  668. 			->method('getByEmail')

  669. 			->with('john@doe.com')

  670. 			->willReturn([$user]);

  671. 

  672. 		$this->urlGenerator->expects($this->once())

  673. 			->method('linkToRoute')

  674. 			->with('core.login.showLoginForm', ['user' => 'john@doe.com'])

  675. 			->will($this->returnValue(''));

  676. 		$this->request

  677. 			->expects($this->once())

  678. 			->method('passesCSRFCheck')

  679. 			->willReturn(true);

  680. 		$this->config->expects($this->never())

  681. 			->method('deleteUserValue');

  682. 		$this->userSession->expects($this->never())

  683. 			->method('createRememberMeToken');

  684. 

  685. 		$expected = new RedirectResponse('');

  686. 		$expected->throttle(['user' => 'john']);

  687. 		$this->assertEquals($expected, $this->loginController->tryLogin('john@doe.com', 'just wrong', null));

  688. 	}

  689. }