diff options
| author | Christoph Wurst <christoph@winzerhof-wurst.at> | 2018-09-10 17:02:37 +0200 |
|---|---|---|
| committer | Roeland Jago Douma <roeland@famdouma.nl> | 2018-09-25 09:54:20 +0200 |
| commit | 7586b19e524761c1e8aab5170375a0d6c9e8f7a2 (patch) | |
| tree | e2a0fc5fa9754c12cfd226bf7aa48964fce18237 /tests/Core/Command | |
| parent | 92fa373314e77dc905036812253f6b776a9e1aaf (diff) | |
| download | nextcloud-server-7586b19e524761c1e8aab5170375a0d6c9e8f7a2.tar.gz nextcloud-server-7586b19e524761c1e8aab5170375a0d6c9e8f7a2.zip | |
Only allow 2FA state changs if providers support the operation
Ref https://github.com/nextcloud/server/issues/11019.
Add `twofactorauth:cleanup` command
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
Diffstat (limited to 'tests/Core/Command')
| -rw-r--r-- | tests/Core/Command/TwoFactorAuth/CleanupTest.php | 66 | ||||
| -rw-r--r-- | tests/Core/Command/TwoFactorAuth/DisableTest.php | 113 | ||||
| -rw-r--r-- | tests/Core/Command/TwoFactorAuth/EnableTest.php | 114 | ||||
| -rw-r--r-- | tests/Core/Command/TwoFactorAuth/StateTest.php | 113 |
4 files changed, 306 insertions, 100 deletions
diff --git a/tests/Core/Command/TwoFactorAuth/CleanupTest.php b/tests/Core/Command/TwoFactorAuth/CleanupTest.php new file mode 100644 index 00000000000..227283decf6 --- /dev/null +++ b/tests/Core/Command/TwoFactorAuth/CleanupTest.php @@ -0,0 +1,66 @@ +<?php + +declare(strict_types=1); + +/** + * @copyright 2018 Christoph Wurst <christoph@winzerhof-wurst.at> + * + * @author 2018 Christoph Wurst <christoph@winzerhof-wurst.at> + * + * @license GNU AGPL version 3 or any later version + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + */ + +namespace Core\Command\TwoFactorAuth; + +use OC\Core\Command\TwoFactorAuth\Cleanup; +use OCP\Authentication\TwoFactorAuth\IRegistry; +use PHPUnit\Framework\MockObject\MockObject; +use Symfony\Component\Console\Tester\CommandTester; +use Test\TestCase; + +class CleanupTest extends TestCase { + + /** @var IRegistry|MockObject */ + private $registry; + + /** @var CommandTester */ + private $cmd; + + protected function setUp() { + parent::setUp(); + + $this->registry = $this->createMock(IRegistry::class); + + $cmd = new Cleanup($this->registry); + $this->cmd = new CommandTester($cmd); + } + + public function testCleanup() { + $this->registry->expects($this->once()) + ->method('cleanUp') + ->with('u2f'); + + $rc = $this->cmd->execute([ + 'provider-id' => 'u2f', + ]); + + $this->assertEquals(0, $rc); + $output = $this->cmd->getDisplay(); + $this->assertContains("All user-provider associations for provider u2f have been removed", $output); + } + +} diff --git a/tests/Core/Command/TwoFactorAuth/DisableTest.php b/tests/Core/Command/TwoFactorAuth/DisableTest.php index 1a0bbc6c3d3..30ebc007dc1 100644 --- a/tests/Core/Command/TwoFactorAuth/DisableTest.php +++ b/tests/Core/Command/TwoFactorAuth/DisableTest.php @@ -1,8 +1,11 @@ <?php + +declare(strict_types=1); + /** - * @copyright 2016, Roeland Jago Douma <roeland@famdouma.nl> + * @copyright 2018 Christoph Wurst <christoph@winzerhof-wurst.at> * - * @author Roeland Jago Douma <roeland@famdouma.nl> + * @author 2018 Christoph Wurst <christoph@winzerhof-wurst.at> * * @license GNU AGPL version 3 or any later version * @@ -20,80 +23,90 @@ * along with this program. If not, see <http://www.gnu.org/licenses/>. * */ + namespace Test\Core\Command\TwoFactorAuth; -use OC\Authentication\TwoFactorAuth\Manager; +use OC\Authentication\TwoFactorAuth\ProviderManager; use OC\Core\Command\TwoFactorAuth\Disable; use OCP\IUser; use OCP\IUserManager; -use Symfony\Component\Console\Input\InputInterface; -use Symfony\Component\Console\Output\OutputInterface; +use PHPUnit\Framework\MockObject\MockObject; +use Symfony\Component\Console\Tester\CommandTester; use Test\TestCase; class DisableTest extends TestCase { - /** @var Manager|\PHPUnit_Framework_MockObject_MockObject */ - private $manager; + /** @var ProviderManager|MockObject */ + private $providerManager; - /** @var IUserManager|\PHPUnit_Framework_MockObject_MockObject */ + /** @var IUserManager|MockObject */ private $userManager; - /** @var Disable */ + /** @var CommandTester */ private $command; public function setUp() { parent::setUp(); - $this->manager = $this->createMock(Manager::class); + $this->providerManager = $this->createMock(ProviderManager::class); $this->userManager = $this->createMock(IUserManager::class); - $this->command = new Disable($this->manager, $this->userManager); + $cmd = new Disable($this->providerManager, $this->userManager); + $this->command = new CommandTester($cmd); } - public function testDisableSuccess() { - $user = $this->createMock(IUser::class); + public function testInvalidUID() { + $this->userManager->expects($this->once()) + ->method('get') + ->with('nope') + ->willReturn(null); - $input = $this->createMock(InputInterface::class); - $output = $this->createMock(OutputInterface::class); + $rc = $this->command->execute([ + 'uid' => 'nope', + 'provider_id' => 'nope', + ]); - $input->method('getArgument') - ->with($this->equalTo('uid')) - ->willReturn('user'); + $this->assertEquals(1, $rc); + $this->assertContains("Invalid UID", $this->command->getDisplay()); + } - $this->userManager->method('get') - ->with('user') + public function testEnableNotSupported() { + $user = $this->createMock(IUser::class); + $this->userManager->expects($this->once()) + ->method('get') + ->with('ricky') ->willReturn($user); - - $this->manager->expects($this->once()) - ->method('disableTwoFactorAuthentication') - ->with($this->equalTo($user)); - - $output->expects($this->once()) - ->method('writeln') - ->with('Two-factor authentication disabled for user user'); - - $this->invokePrivate($this->command, 'execute', [$input, $output]); + $this->providerManager->expects($this->once()) + ->method('tryDisableProviderFor') + ->with('totp', $user) + ->willReturn(false); + + $rc = $this->command->execute([ + 'uid' => 'ricky', + 'provider_id' => 'totp', + ]); + + $this->assertEquals(2, $rc); + $this->assertContains("The provider does not support this operation", $this->command->getDisplay()); } - public function testEnableFail() { - $input = $this->createMock(InputInterface::class); - $output = $this->createMock(OutputInterface::class); - - $input->method('getArgument') - ->with($this->equalTo('uid')) - ->willReturn('user'); - - $this->userManager->method('get') - ->with('user') - ->willReturn(null); - - $this->manager->expects($this->never()) - ->method($this->anything()); - - $output->expects($this->once()) - ->method('writeln') - ->with('<error>Invalid UID</error>'); - - $this->invokePrivate($this->command, 'execute', [$input, $output]); + public function testEnabled() { + $user = $this->createMock(IUser::class); + $this->userManager->expects($this->once()) + ->method('get') + ->with('ricky') + ->willReturn($user); + $this->providerManager->expects($this->once()) + ->method('tryDisableProviderFor') + ->with('totp', $user) + ->willReturn(true); + + $rc = $this->command->execute([ + 'uid' => 'ricky', + 'provider_id' => 'totp', + ]); + + $this->assertEquals(0, $rc); + $this->assertContains("Two-factor provider totp disabled for user ricky", $this->command->getDisplay()); } } diff --git a/tests/Core/Command/TwoFactorAuth/EnableTest.php b/tests/Core/Command/TwoFactorAuth/EnableTest.php index ebca40df9a5..f31f92da4a5 100644 --- a/tests/Core/Command/TwoFactorAuth/EnableTest.php +++ b/tests/Core/Command/TwoFactorAuth/EnableTest.php @@ -1,8 +1,11 @@ <?php + +declare(strict_types=1); + /** - * @copyright 2016, Roeland Jago Douma <roeland@famdouma.nl> + * @copyright 2018 Christoph Wurst <christoph@winzerhof-wurst.at> * - * @author Roeland Jago Douma <roeland@famdouma.nl> + * @author 2018 Christoph Wurst <christoph@winzerhof-wurst.at> * * @license GNU AGPL version 3 or any later version * @@ -20,80 +23,91 @@ * along with this program. If not, see <http://www.gnu.org/licenses/>. * */ + namespace Test\Core\Command\TwoFactorAuth; -use OC\Authentication\TwoFactorAuth\Manager; +use OC\Authentication\TwoFactorAuth\ProviderManager; use OC\Core\Command\TwoFactorAuth\Enable; use OCP\IUser; use OCP\IUserManager; -use Symfony\Component\Console\Input\InputInterface; -use Symfony\Component\Console\Output\OutputInterface; +use PHPUnit\Framework\MockObject\MockObject; +use Symfony\Component\Console\Tester\CommandTester; use Test\TestCase; class EnableTest extends TestCase { - /** @var Manager|\PHPUnit_Framework_MockObject_MockObject */ - private $manager; + /** @var ProviderManager|MockObject */ + private $providerManager; - /** @var IUserManager|\PHPUnit_Framework_MockObject_MockObject */ + /** @var IUserManager|MockObject */ private $userManager; - /** @var Enable */ + /** @var CommandTester */ private $command; public function setUp() { parent::setUp(); - $this->manager = $this->createMock(Manager::class); + $this->providerManager = $this->createMock(ProviderManager::class); $this->userManager = $this->createMock(IUserManager::class); - $this->command = new Enable($this->manager, $this->userManager); + $cmd = new Enable($this->providerManager, $this->userManager); + $this->command = new CommandTester($cmd); } - public function testEnableSuccess() { - $user = $this->createMock(IUser::class); + public function testInvalidUID() { + $this->userManager->expects($this->once()) + ->method('get') + ->with('nope') + ->willReturn(null); - $input = $this->createMock(InputInterface::class); - $output = $this->createMock(OutputInterface::class); + $rc = $this->command->execute([ + 'uid' => 'nope', + 'provider_id' => 'nope', + ]); - $input->method('getArgument') - ->with($this->equalTo('uid')) - ->willReturn('user'); + $this->assertEquals(1, $rc); + $this->assertContains("Invalid UID", $this->command->getDisplay()); + } - $this->userManager->method('get') - ->with('user') + public function testEnableNotSupported() { + $user = $this->createMock(IUser::class); + $this->userManager->expects($this->once()) + ->method('get') + ->with('belle') ->willReturn($user); - - $this->manager->expects($this->once()) - ->method('enableTwoFactorAuthentication') - ->with($this->equalTo($user)); - - $output->expects($this->once()) - ->method('writeln') - ->with('Two-factor authentication enabled for user user'); - - $this->invokePrivate($this->command, 'execute', [$input, $output]); + $this->providerManager->expects($this->once()) + ->method('tryEnableProviderFor') + ->with('totp', $user) + ->willReturn(false); + + $rc = $this->command->execute([ + 'uid' => 'belle', + 'provider_id' => 'totp', + ]); + + $this->assertEquals(2, $rc); + $this->assertContains("The provider does not support this operation", $this->command->getDisplay()); } - public function testEnableFail() { - $input = $this->createMock(InputInterface::class); - $output = $this->createMock(OutputInterface::class); - - $input->method('getArgument') - ->with($this->equalTo('uid')) - ->willReturn('user'); - - $this->userManager->method('get') - ->with('user') - ->willReturn(null); - - $this->manager->expects($this->never()) - ->method($this->anything()); - - $output->expects($this->once()) - ->method('writeln') - ->with('<error>Invalid UID</error>'); - - $this->invokePrivate($this->command, 'execute', [$input, $output]); + public function testEnabled() { + $user = $this->createMock(IUser::class); + $this->userManager->expects($this->once()) + ->method('get') + ->with('belle') + ->willReturn($user); + $this->providerManager->expects($this->once()) + ->method('tryEnableProviderFor') + ->with('totp', $user) + ->willReturn(true); + + $rc = $this->command->execute([ + 'uid' => 'belle', + 'provider_id' => 'totp', + ]); + + $this->assertEquals(0, $rc); + $this->assertContains("Two-factor provider totp enabled for user belle", $this->command->getDisplay()); } + } diff --git a/tests/Core/Command/TwoFactorAuth/StateTest.php b/tests/Core/Command/TwoFactorAuth/StateTest.php new file mode 100644 index 00000000000..580e137fe32 --- /dev/null +++ b/tests/Core/Command/TwoFactorAuth/StateTest.php @@ -0,0 +1,113 @@ +<?php + +declare(strict_types=1); + +/** + * @copyright 2018 Christoph Wurst <christoph@winzerhof-wurst.at> + * + * @author 2018 Christoph Wurst <christoph@winzerhof-wurst.at> + * + * @license GNU AGPL version 3 or any later version + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + */ + +namespace Core\Command\TwoFactorAuth; + +use OC\Core\Command\TwoFactorAuth\State; +use OCP\Authentication\TwoFactorAuth\IRegistry; +use OCP\IUser; +use OCP\IUserManager; +use PHPUnit\Framework\MockObject\MockObject; +use Symfony\Component\Console\Tester\CommandTester; +use Test\TestCase; + +class StateTest extends TestCase { + + /** @var IRegistry|MockObject */ + private $registry; + + /** @var IUserManager|MockObject */ + private $userManager; + + /** @var CommandTester|MockObject */ + private $cmd; + + protected function setUp() { + parent::setUp(); + + $this->registry = $this->createMock(IRegistry::class); + $this->userManager = $this->createMock(IUserManager::class); + + $cmd = new State($this->registry, $this->userManager); + $this->cmd = new CommandTester($cmd); + } + + public function testWrongUID() { + $this->cmd->execute([ + 'uid' => 'nope', + ]); + + $output = $this->cmd->getDisplay(); + $this->assertContains("Invalid UID", $output); + } + + public function testStateNoProvidersActive() { + $user = $this->createMock(IUser::class); + $this->userManager->expects($this->once()) + ->method('get') + ->with('eldora') + ->willReturn($user); + $states = [ + 'u2f' => false, + 'totp' => false, + ]; + $this->registry->expects($this->once()) + ->method('getProviderStates') + ->with($user) + ->willReturn($states); + + $this->cmd->execute([ + 'uid' => 'eldora', + ]); + + $output = $this->cmd->getDisplay(); + $this->assertContains("Two-factor authentication is not enabled for user eldora", $output); + } + + public function testStateOneProviderActive() { + $user = $this->createMock(IUser::class); + $this->userManager->expects($this->once()) + ->method('get') + ->with('mohamed') + ->willReturn($user); + $states = [ + 'u2f' => true, + 'totp' => false, + ]; + $this->registry->expects($this->once()) + ->method('getProviderStates') + ->with($user) + ->willReturn($states); + + $this->cmd->execute([ + 'uid' => 'mohamed', + ]); + + $output = $this->cmd->getDisplay(); + $this->assertContains("Two-factor authentication is enabled for user mohamed", $output); + } + +} |