summaryrefslogtreecommitdiffstats
path: root/tests/Core
diff options
context:
space:
mode:
authorChristoph Wurst <christoph@winzerhof-wurst.at>2018-09-10 17:02:37 +0200
committerRoeland Jago Douma <roeland@famdouma.nl>2018-09-25 09:54:20 +0200
commit7586b19e524761c1e8aab5170375a0d6c9e8f7a2 (patch)
treee2a0fc5fa9754c12cfd226bf7aa48964fce18237 /tests/Core
parent92fa373314e77dc905036812253f6b776a9e1aaf (diff)
downloadnextcloud-server-7586b19e524761c1e8aab5170375a0d6c9e8f7a2.tar.gz
nextcloud-server-7586b19e524761c1e8aab5170375a0d6c9e8f7a2.zip
Only allow 2FA state changs if providers support the operation
Ref https://github.com/nextcloud/server/issues/11019. Add `twofactorauth:cleanup` command Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
Diffstat (limited to 'tests/Core')
-rw-r--r--tests/Core/Command/TwoFactorAuth/CleanupTest.php66
-rw-r--r--tests/Core/Command/TwoFactorAuth/DisableTest.php113
-rw-r--r--tests/Core/Command/TwoFactorAuth/EnableTest.php114
-rw-r--r--tests/Core/Command/TwoFactorAuth/StateTest.php113
4 files changed, 306 insertions, 100 deletions
diff --git a/tests/Core/Command/TwoFactorAuth/CleanupTest.php b/tests/Core/Command/TwoFactorAuth/CleanupTest.php
new file mode 100644
index 00000000000..227283decf6
--- /dev/null
+++ b/tests/Core/Command/TwoFactorAuth/CleanupTest.php
@@ -0,0 +1,66 @@
+<?php
+
+declare(strict_types=1);
+
+/**
+ * @copyright 2018 Christoph Wurst <christoph@winzerhof-wurst.at>
+ *
+ * @author 2018 Christoph Wurst <christoph@winzerhof-wurst.at>
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+namespace Core\Command\TwoFactorAuth;
+
+use OC\Core\Command\TwoFactorAuth\Cleanup;
+use OCP\Authentication\TwoFactorAuth\IRegistry;
+use PHPUnit\Framework\MockObject\MockObject;
+use Symfony\Component\Console\Tester\CommandTester;
+use Test\TestCase;
+
+class CleanupTest extends TestCase {
+
+ /** @var IRegistry|MockObject */
+ private $registry;
+
+ /** @var CommandTester */
+ private $cmd;
+
+ protected function setUp() {
+ parent::setUp();
+
+ $this->registry = $this->createMock(IRegistry::class);
+
+ $cmd = new Cleanup($this->registry);
+ $this->cmd = new CommandTester($cmd);
+ }
+
+ public function testCleanup() {
+ $this->registry->expects($this->once())
+ ->method('cleanUp')
+ ->with('u2f');
+
+ $rc = $this->cmd->execute([
+ 'provider-id' => 'u2f',
+ ]);
+
+ $this->assertEquals(0, $rc);
+ $output = $this->cmd->getDisplay();
+ $this->assertContains("All user-provider associations for provider u2f have been removed", $output);
+ }
+
+}
diff --git a/tests/Core/Command/TwoFactorAuth/DisableTest.php b/tests/Core/Command/TwoFactorAuth/DisableTest.php
index 1a0bbc6c3d3..30ebc007dc1 100644
--- a/tests/Core/Command/TwoFactorAuth/DisableTest.php
+++ b/tests/Core/Command/TwoFactorAuth/DisableTest.php
@@ -1,8 +1,11 @@
<?php
+
+declare(strict_types=1);
+
/**
- * @copyright 2016, Roeland Jago Douma <roeland@famdouma.nl>
+ * @copyright 2018 Christoph Wurst <christoph@winzerhof-wurst.at>
*
- * @author Roeland Jago Douma <roeland@famdouma.nl>
+ * @author 2018 Christoph Wurst <christoph@winzerhof-wurst.at>
*
* @license GNU AGPL version 3 or any later version
*
@@ -20,80 +23,90 @@
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
*/
+
namespace Test\Core\Command\TwoFactorAuth;
-use OC\Authentication\TwoFactorAuth\Manager;
+use OC\Authentication\TwoFactorAuth\ProviderManager;
use OC\Core\Command\TwoFactorAuth\Disable;
use OCP\IUser;
use OCP\IUserManager;
-use Symfony\Component\Console\Input\InputInterface;
-use Symfony\Component\Console\Output\OutputInterface;
+use PHPUnit\Framework\MockObject\MockObject;
+use Symfony\Component\Console\Tester\CommandTester;
use Test\TestCase;
class DisableTest extends TestCase {
- /** @var Manager|\PHPUnit_Framework_MockObject_MockObject */
- private $manager;
+ /** @var ProviderManager|MockObject */
+ private $providerManager;
- /** @var IUserManager|\PHPUnit_Framework_MockObject_MockObject */
+ /** @var IUserManager|MockObject */
private $userManager;
- /** @var Disable */
+ /** @var CommandTester */
private $command;
public function setUp() {
parent::setUp();
- $this->manager = $this->createMock(Manager::class);
+ $this->providerManager = $this->createMock(ProviderManager::class);
$this->userManager = $this->createMock(IUserManager::class);
- $this->command = new Disable($this->manager, $this->userManager);
+ $cmd = new Disable($this->providerManager, $this->userManager);
+ $this->command = new CommandTester($cmd);
}
- public function testDisableSuccess() {
- $user = $this->createMock(IUser::class);
+ public function testInvalidUID() {
+ $this->userManager->expects($this->once())
+ ->method('get')
+ ->with('nope')
+ ->willReturn(null);
- $input = $this->createMock(InputInterface::class);
- $output = $this->createMock(OutputInterface::class);
+ $rc = $this->command->execute([
+ 'uid' => 'nope',
+ 'provider_id' => 'nope',
+ ]);
- $input->method('getArgument')
- ->with($this->equalTo('uid'))
- ->willReturn('user');
+ $this->assertEquals(1, $rc);
+ $this->assertContains("Invalid UID", $this->command->getDisplay());
+ }
- $this->userManager->method('get')
- ->with('user')
+ public function testEnableNotSupported() {
+ $user = $this->createMock(IUser::class);
+ $this->userManager->expects($this->once())
+ ->method('get')
+ ->with('ricky')
->willReturn($user);
-
- $this->manager->expects($this->once())
- ->method('disableTwoFactorAuthentication')
- ->with($this->equalTo($user));
-
- $output->expects($this->once())
- ->method('writeln')
- ->with('Two-factor authentication disabled for user user');
-
- $this->invokePrivate($this->command, 'execute', [$input, $output]);
+ $this->providerManager->expects($this->once())
+ ->method('tryDisableProviderFor')
+ ->with('totp', $user)
+ ->willReturn(false);
+
+ $rc = $this->command->execute([
+ 'uid' => 'ricky',
+ 'provider_id' => 'totp',
+ ]);
+
+ $this->assertEquals(2, $rc);
+ $this->assertContains("The provider does not support this operation", $this->command->getDisplay());
}
- public function testEnableFail() {
- $input = $this->createMock(InputInterface::class);
- $output = $this->createMock(OutputInterface::class);
-
- $input->method('getArgument')
- ->with($this->equalTo('uid'))
- ->willReturn('user');
-
- $this->userManager->method('get')
- ->with('user')
- ->willReturn(null);
-
- $this->manager->expects($this->never())
- ->method($this->anything());
-
- $output->expects($this->once())
- ->method('writeln')
- ->with('<error>Invalid UID</error>');
-
- $this->invokePrivate($this->command, 'execute', [$input, $output]);
+ public function testEnabled() {
+ $user = $this->createMock(IUser::class);
+ $this->userManager->expects($this->once())
+ ->method('get')
+ ->with('ricky')
+ ->willReturn($user);
+ $this->providerManager->expects($this->once())
+ ->method('tryDisableProviderFor')
+ ->with('totp', $user)
+ ->willReturn(true);
+
+ $rc = $this->command->execute([
+ 'uid' => 'ricky',
+ 'provider_id' => 'totp',
+ ]);
+
+ $this->assertEquals(0, $rc);
+ $this->assertContains("Two-factor provider totp disabled for user ricky", $this->command->getDisplay());
}
}
diff --git a/tests/Core/Command/TwoFactorAuth/EnableTest.php b/tests/Core/Command/TwoFactorAuth/EnableTest.php
index ebca40df9a5..f31f92da4a5 100644
--- a/tests/Core/Command/TwoFactorAuth/EnableTest.php
+++ b/tests/Core/Command/TwoFactorAuth/EnableTest.php
@@ -1,8 +1,11 @@
<?php
+
+declare(strict_types=1);
+
/**
- * @copyright 2016, Roeland Jago Douma <roeland@famdouma.nl>
+ * @copyright 2018 Christoph Wurst <christoph@winzerhof-wurst.at>
*
- * @author Roeland Jago Douma <roeland@famdouma.nl>
+ * @author 2018 Christoph Wurst <christoph@winzerhof-wurst.at>
*
* @license GNU AGPL version 3 or any later version
*
@@ -20,80 +23,91 @@
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
*/
+
namespace Test\Core\Command\TwoFactorAuth;
-use OC\Authentication\TwoFactorAuth\Manager;
+use OC\Authentication\TwoFactorAuth\ProviderManager;
use OC\Core\Command\TwoFactorAuth\Enable;
use OCP\IUser;
use OCP\IUserManager;
-use Symfony\Component\Console\Input\InputInterface;
-use Symfony\Component\Console\Output\OutputInterface;
+use PHPUnit\Framework\MockObject\MockObject;
+use Symfony\Component\Console\Tester\CommandTester;
use Test\TestCase;
class EnableTest extends TestCase {
- /** @var Manager|\PHPUnit_Framework_MockObject_MockObject */
- private $manager;
+ /** @var ProviderManager|MockObject */
+ private $providerManager;
- /** @var IUserManager|\PHPUnit_Framework_MockObject_MockObject */
+ /** @var IUserManager|MockObject */
private $userManager;
- /** @var Enable */
+ /** @var CommandTester */
private $command;
public function setUp() {
parent::setUp();
- $this->manager = $this->createMock(Manager::class);
+ $this->providerManager = $this->createMock(ProviderManager::class);
$this->userManager = $this->createMock(IUserManager::class);
- $this->command = new Enable($this->manager, $this->userManager);
+ $cmd = new Enable($this->providerManager, $this->userManager);
+ $this->command = new CommandTester($cmd);
}
- public function testEnableSuccess() {
- $user = $this->createMock(IUser::class);
+ public function testInvalidUID() {
+ $this->userManager->expects($this->once())
+ ->method('get')
+ ->with('nope')
+ ->willReturn(null);
- $input = $this->createMock(InputInterface::class);
- $output = $this->createMock(OutputInterface::class);
+ $rc = $this->command->execute([
+ 'uid' => 'nope',
+ 'provider_id' => 'nope',
+ ]);
- $input->method('getArgument')
- ->with($this->equalTo('uid'))
- ->willReturn('user');
+ $this->assertEquals(1, $rc);
+ $this->assertContains("Invalid UID", $this->command->getDisplay());
+ }
- $this->userManager->method('get')
- ->with('user')
+ public function testEnableNotSupported() {
+ $user = $this->createMock(IUser::class);
+ $this->userManager->expects($this->once())
+ ->method('get')
+ ->with('belle')
->willReturn($user);
-
- $this->manager->expects($this->once())
- ->method('enableTwoFactorAuthentication')
- ->with($this->equalTo($user));
-
- $output->expects($this->once())
- ->method('writeln')
- ->with('Two-factor authentication enabled for user user');
-
- $this->invokePrivate($this->command, 'execute', [$input, $output]);
+ $this->providerManager->expects($this->once())
+ ->method('tryEnableProviderFor')
+ ->with('totp', $user)
+ ->willReturn(false);
+
+ $rc = $this->command->execute([
+ 'uid' => 'belle',
+ 'provider_id' => 'totp',
+ ]);
+
+ $this->assertEquals(2, $rc);
+ $this->assertContains("The provider does not support this operation", $this->command->getDisplay());
}
- public function testEnableFail() {
- $input = $this->createMock(InputInterface::class);
- $output = $this->createMock(OutputInterface::class);
-
- $input->method('getArgument')
- ->with($this->equalTo('uid'))
- ->willReturn('user');
-
- $this->userManager->method('get')
- ->with('user')
- ->willReturn(null);
-
- $this->manager->expects($this->never())
- ->method($this->anything());
-
- $output->expects($this->once())
- ->method('writeln')
- ->with('<error>Invalid UID</error>');
-
- $this->invokePrivate($this->command, 'execute', [$input, $output]);
+ public function testEnabled() {
+ $user = $this->createMock(IUser::class);
+ $this->userManager->expects($this->once())
+ ->method('get')
+ ->with('belle')
+ ->willReturn($user);
+ $this->providerManager->expects($this->once())
+ ->method('tryEnableProviderFor')
+ ->with('totp', $user)
+ ->willReturn(true);
+
+ $rc = $this->command->execute([
+ 'uid' => 'belle',
+ 'provider_id' => 'totp',
+ ]);
+
+ $this->assertEquals(0, $rc);
+ $this->assertContains("Two-factor provider totp enabled for user belle", $this->command->getDisplay());
}
+
}
diff --git a/tests/Core/Command/TwoFactorAuth/StateTest.php b/tests/Core/Command/TwoFactorAuth/StateTest.php
new file mode 100644
index 00000000000..580e137fe32
--- /dev/null
+++ b/tests/Core/Command/TwoFactorAuth/StateTest.php
@@ -0,0 +1,113 @@
+<?php
+
+declare(strict_types=1);
+
+/**
+ * @copyright 2018 Christoph Wurst <christoph@winzerhof-wurst.at>
+ *
+ * @author 2018 Christoph Wurst <christoph@winzerhof-wurst.at>
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+namespace Core\Command\TwoFactorAuth;
+
+use OC\Core\Command\TwoFactorAuth\State;
+use OCP\Authentication\TwoFactorAuth\IRegistry;
+use OCP\IUser;
+use OCP\IUserManager;
+use PHPUnit\Framework\MockObject\MockObject;
+use Symfony\Component\Console\Tester\CommandTester;
+use Test\TestCase;
+
+class StateTest extends TestCase {
+
+ /** @var IRegistry|MockObject */
+ private $registry;
+
+ /** @var IUserManager|MockObject */
+ private $userManager;
+
+ /** @var CommandTester|MockObject */
+ private $cmd;
+
+ protected function setUp() {
+ parent::setUp();
+
+ $this->registry = $this->createMock(IRegistry::class);
+ $this->userManager = $this->createMock(IUserManager::class);
+
+ $cmd = new State($this->registry, $this->userManager);
+ $this->cmd = new CommandTester($cmd);
+ }
+
+ public function testWrongUID() {
+ $this->cmd->execute([
+ 'uid' => 'nope',
+ ]);
+
+ $output = $this->cmd->getDisplay();
+ $this->assertContains("Invalid UID", $output);
+ }
+
+ public function testStateNoProvidersActive() {
+ $user = $this->createMock(IUser::class);
+ $this->userManager->expects($this->once())
+ ->method('get')
+ ->with('eldora')
+ ->willReturn($user);
+ $states = [
+ 'u2f' => false,
+ 'totp' => false,
+ ];
+ $this->registry->expects($this->once())
+ ->method('getProviderStates')
+ ->with($user)
+ ->willReturn($states);
+
+ $this->cmd->execute([
+ 'uid' => 'eldora',
+ ]);
+
+ $output = $this->cmd->getDisplay();
+ $this->assertContains("Two-factor authentication is not enabled for user eldora", $output);
+ }
+
+ public function testStateOneProviderActive() {
+ $user = $this->createMock(IUser::class);
+ $this->userManager->expects($this->once())
+ ->method('get')
+ ->with('mohamed')
+ ->willReturn($user);
+ $states = [
+ 'u2f' => true,
+ 'totp' => false,
+ ];
+ $this->registry->expects($this->once())
+ ->method('getProviderStates')
+ ->with($user)
+ ->willReturn($states);
+
+ $this->cmd->execute([
+ 'uid' => 'mohamed',
+ ]);
+
+ $output = $this->cmd->getDisplay();
+ $this->assertContains("Two-factor authentication is enabled for user mohamed", $output);
+ }
+
+}