diff options
author | Christoph Wurst <christoph@winzerhof-wurst.at> | 2018-09-10 17:02:37 +0200 |
---|---|---|
committer | Roeland Jago Douma <roeland@famdouma.nl> | 2018-09-25 09:54:20 +0200 |
commit | 7586b19e524761c1e8aab5170375a0d6c9e8f7a2 (patch) | |
tree | e2a0fc5fa9754c12cfd226bf7aa48964fce18237 /tests/lib/Authentication | |
parent | 92fa373314e77dc905036812253f6b776a9e1aaf (diff) | |
download | nextcloud-server-7586b19e524761c1e8aab5170375a0d6c9e8f7a2.tar.gz nextcloud-server-7586b19e524761c1e8aab5170375a0d6c9e8f7a2.zip |
Only allow 2FA state changs if providers support the operation
Ref https://github.com/nextcloud/server/issues/11019.
Add `twofactorauth:cleanup` command
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
Diffstat (limited to 'tests/lib/Authentication')
4 files changed, 176 insertions, 28 deletions
diff --git a/tests/lib/Authentication/TwoFactorAuth/Db/ProviderUserAssignmentDaoTest.php b/tests/lib/Authentication/TwoFactorAuth/Db/ProviderUserAssignmentDaoTest.php index b46bce719fa..2402fcf9f7b 100644 --- a/tests/lib/Authentication/TwoFactorAuth/Db/ProviderUserAssignmentDaoTest.php +++ b/tests/lib/Authentication/TwoFactorAuth/Db/ProviderUserAssignmentDaoTest.php @@ -131,4 +131,18 @@ class ProviderUserAssignmentDaoTest extends TestCase { $this->assertCount(1, $data); } + public function testDeleteAll() { + $this->dao->persist('twofactor_fail', 'user1', 1); + $this->dao->persist('twofactor_u2f', 'user1', 1); + $this->dao->persist('twofactor_fail', 'user2', 0); + $this->dao->persist('twofactor_u2f', 'user1', 0); + + $this->dao->deleteAll('twofactor_fail'); + + $statesUser1 = $this->dao->getState('user1'); + $statesUser2 = $this->dao->getState('user2'); + $this->assertCount(1, $statesUser1); + $this->assertCount(0, $statesUser2); + } + } diff --git a/tests/lib/Authentication/TwoFactorAuth/ManagerTest.php b/tests/lib/Authentication/TwoFactorAuth/ManagerTest.php index 1d7c147d9ce..301b4cc09db 100644 --- a/tests/lib/Authentication/TwoFactorAuth/ManagerTest.php +++ b/tests/lib/Authentication/TwoFactorAuth/ManagerTest.php @@ -143,13 +143,6 @@ class ManagerTest extends TestCase { } public function testIsTwoFactorAuthenticatedNoProviders() { - $this->user->expects($this->once()) - ->method('getUID') - ->will($this->returnValue('user123')); - $this->config->expects($this->once()) - ->method('getUserValue') - ->with('user123', 'core', 'two_factor_auth_disabled', 0) - ->willReturn(0); $this->providerRegistry->expects($this->once()) ->method('getProviderStates') ->willReturn([]); // No providers registered @@ -161,13 +154,6 @@ class ManagerTest extends TestCase { } public function testIsTwoFactorAuthenticatedOnlyBackupCodes() { - $this->user->expects($this->once()) - ->method('getUID') - ->will($this->returnValue('user123')); - $this->config->expects($this->once()) - ->method('getUserValue') - ->with('user123', 'core', 'two_factor_auth_disabled', 0) - ->willReturn(0); $this->providerRegistry->expects($this->once()) ->method('getProviderStates') ->willReturn([ @@ -187,13 +173,6 @@ class ManagerTest extends TestCase { } public function testIsTwoFactorAuthenticatedFailingProviders() { - $this->user->expects($this->once()) - ->method('getUID') - ->will($this->returnValue('user123')); - $this->config->expects($this->once()) - ->method('getUserValue') - ->with('user123', 'core', 'two_factor_auth_disabled', 0) - ->willReturn(0); $this->providerRegistry->expects($this->once()) ->method('getProviderStates') ->willReturn([ @@ -225,13 +204,6 @@ class ManagerTest extends TestCase { * @dataProvider providerStatesFixData */ public function testIsTwoFactorAuthenticatedFixesProviderStates(bool $providerEnabled, bool $expected) { - $this->user->expects($this->once()) - ->method('getUID') - ->will($this->returnValue('user123')); - $this->config->expects($this->once()) - ->method('getUserValue') - ->with('user123', 'core', 'two_factor_auth_disabled', 0) - ->willReturn(0); $this->providerRegistry->expects($this->once()) ->method('getProviderStates') ->willReturn([]); // Nothing registered yet diff --git a/tests/lib/Authentication/TwoFactorAuth/ProviderManagerTest.php b/tests/lib/Authentication/TwoFactorAuth/ProviderManagerTest.php new file mode 100644 index 00000000000..736dfdb913b --- /dev/null +++ b/tests/lib/Authentication/TwoFactorAuth/ProviderManagerTest.php @@ -0,0 +1,154 @@ +<?php + +declare(strict_types=1); + +/** + * @copyright 2018 Christoph Wurst <christoph@winzerhof-wurst.at> + * + * @author 2018 Christoph Wurst <christoph@winzerhof-wurst.at> + * + * @license GNU AGPL version 3 or any later version + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + */ + +namespace lib\Authentication\TwoFactorAuth; + +use OC\Authentication\TwoFactorAuth\ProviderLoader; +use OC\Authentication\TwoFactorAuth\ProviderManager; +use OCP\Authentication\TwoFactorAuth\IActivatableByAdmin; +use OCP\Authentication\TwoFactorAuth\IDeactivatableByAdmin; +use OCP\Authentication\TwoFactorAuth\IProvider; +use OCP\Authentication\TwoFactorAuth\IRegistry; +use OCP\IUser; +use PHPUnit\Framework\MockObject\MockObject; +use Test\TestCase; + +class ProviderManagerTest extends TestCase { + + /** @var ProviderLoader|MockObject */ + private $providerLoader; + + /** @var IRegistry|MockObject */ + private $registry; + + /** @var ProviderManager */ + private $providerManager; + + protected function setUp() { + parent::setUp(); + + $this->providerLoader = $this->createMock(ProviderLoader::class); + $this->registry = $this->createMock(IRegistry::class); + + $this->providerManager = new ProviderManager( + $this->providerLoader, + $this->registry + ); + } + + /** + * @expectedException \OC\Authentication\Exceptions\InvalidProviderException + */ + public function testTryEnableInvalidProvider() { + $user = $this->createMock(IUser::class); + $this->providerManager->tryEnableProviderFor('none', $user); + } + + public function testTryEnableUnsupportedProvider() { + $user = $this->createMock(IUser::class); + $provider = $this->createMock(IProvider::class); + $this->providerLoader->expects($this->once()) + ->method('getProviders') + ->with($user) + ->willReturn([ + 'u2f' => $provider, + ]); + $this->registry->expects($this->never()) + ->method('enableProviderFor'); + + $res = $this->providerManager->tryEnableProviderFor('u2f', $user); + + $this->assertFalse($res); + } + + public function testTryEnableProvider() { + $user = $this->createMock(IUser::class); + $provider = $this->createMock(IActivatableByAdmin::class); + $this->providerLoader->expects($this->once()) + ->method('getProviders') + ->with($user) + ->willReturn([ + 'u2f' => $provider, + ]); + $provider->expects($this->once()) + ->method('enableFor') + ->with($user); + $this->registry->expects($this->once()) + ->method('enableProviderFor') + ->with($provider, $user); + + $res = $this->providerManager->tryEnableProviderFor('u2f', $user); + + $this->assertTrue($res); + } + + /** + * @expectedException \OC\Authentication\Exceptions\InvalidProviderException + */ + public function testTryDisableInvalidProvider() { + $user = $this->createMock(IUser::class); + $this->providerManager->tryDisableProviderFor('none', $user); + } + + public function testTryDisableUnsupportedProvider() { + $user = $this->createMock(IUser::class); + $provider = $this->createMock(IProvider::class); + $this->providerLoader->expects($this->once()) + ->method('getProviders') + ->with($user) + ->willReturn([ + 'u2f' => $provider, + ]); + $this->registry->expects($this->never()) + ->method('disableProviderFor'); + + $res = $this->providerManager->tryDisableProviderFor('u2f', $user); + + $this->assertFalse($res); + } + + public function testTryDisableProvider() { + $user = $this->createMock(IUser::class); + $provider = $this->createMock(IDeactivatableByAdmin::class); + $this->providerLoader->expects($this->once()) + ->method('getProviders') + ->with($user) + ->willReturn([ + 'u2f' => $provider, + ]); + $provider->expects($this->once()) + ->method('disableFor') + ->with($user); + $this->registry->expects($this->once()) + ->method('disableProviderFor') + ->with($provider, $user); + + $res = $this->providerManager->tryDisableProviderFor('u2f', $user); + + $this->assertTrue($res); + } + +} diff --git a/tests/lib/Authentication/TwoFactorAuth/RegistryTest.php b/tests/lib/Authentication/TwoFactorAuth/RegistryTest.php index 71f104ca429..3d2941e009a 100644 --- a/tests/lib/Authentication/TwoFactorAuth/RegistryTest.php +++ b/tests/lib/Authentication/TwoFactorAuth/RegistryTest.php @@ -82,4 +82,12 @@ class RegistryTest extends TestCase { $this->registry->disableProviderFor($provider, $user); } + public function testCleanUp() { + $this->dao->expects($this->once()) + ->method('deleteAll') + ->with('twofactor_u2f'); + + $this->registry->cleanUp('twofactor_u2f'); + } + } |