summaryrefslogtreecommitdiffstats
path: root/tests/lib/Authentication
diff options
context:
space:
mode:
authorChristoph Wurst <christoph@winzerhof-wurst.at>2018-09-10 17:02:37 +0200
committerRoeland Jago Douma <roeland@famdouma.nl>2018-09-25 09:54:20 +0200
commit7586b19e524761c1e8aab5170375a0d6c9e8f7a2 (patch)
treee2a0fc5fa9754c12cfd226bf7aa48964fce18237 /tests/lib/Authentication
parent92fa373314e77dc905036812253f6b776a9e1aaf (diff)
downloadnextcloud-server-7586b19e524761c1e8aab5170375a0d6c9e8f7a2.tar.gz
nextcloud-server-7586b19e524761c1e8aab5170375a0d6c9e8f7a2.zip
Only allow 2FA state changs if providers support the operation
Ref https://github.com/nextcloud/server/issues/11019. Add `twofactorauth:cleanup` command Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
Diffstat (limited to 'tests/lib/Authentication')
-rw-r--r--tests/lib/Authentication/TwoFactorAuth/Db/ProviderUserAssignmentDaoTest.php14
-rw-r--r--tests/lib/Authentication/TwoFactorAuth/ManagerTest.php28
-rw-r--r--tests/lib/Authentication/TwoFactorAuth/ProviderManagerTest.php154
-rw-r--r--tests/lib/Authentication/TwoFactorAuth/RegistryTest.php8
4 files changed, 176 insertions, 28 deletions
diff --git a/tests/lib/Authentication/TwoFactorAuth/Db/ProviderUserAssignmentDaoTest.php b/tests/lib/Authentication/TwoFactorAuth/Db/ProviderUserAssignmentDaoTest.php
index b46bce719fa..2402fcf9f7b 100644
--- a/tests/lib/Authentication/TwoFactorAuth/Db/ProviderUserAssignmentDaoTest.php
+++ b/tests/lib/Authentication/TwoFactorAuth/Db/ProviderUserAssignmentDaoTest.php
@@ -131,4 +131,18 @@ class ProviderUserAssignmentDaoTest extends TestCase {
$this->assertCount(1, $data);
}
+ public function testDeleteAll() {
+ $this->dao->persist('twofactor_fail', 'user1', 1);
+ $this->dao->persist('twofactor_u2f', 'user1', 1);
+ $this->dao->persist('twofactor_fail', 'user2', 0);
+ $this->dao->persist('twofactor_u2f', 'user1', 0);
+
+ $this->dao->deleteAll('twofactor_fail');
+
+ $statesUser1 = $this->dao->getState('user1');
+ $statesUser2 = $this->dao->getState('user2');
+ $this->assertCount(1, $statesUser1);
+ $this->assertCount(0, $statesUser2);
+ }
+
}
diff --git a/tests/lib/Authentication/TwoFactorAuth/ManagerTest.php b/tests/lib/Authentication/TwoFactorAuth/ManagerTest.php
index 1d7c147d9ce..301b4cc09db 100644
--- a/tests/lib/Authentication/TwoFactorAuth/ManagerTest.php
+++ b/tests/lib/Authentication/TwoFactorAuth/ManagerTest.php
@@ -143,13 +143,6 @@ class ManagerTest extends TestCase {
}
public function testIsTwoFactorAuthenticatedNoProviders() {
- $this->user->expects($this->once())
- ->method('getUID')
- ->will($this->returnValue('user123'));
- $this->config->expects($this->once())
- ->method('getUserValue')
- ->with('user123', 'core', 'two_factor_auth_disabled', 0)
- ->willReturn(0);
$this->providerRegistry->expects($this->once())
->method('getProviderStates')
->willReturn([]); // No providers registered
@@ -161,13 +154,6 @@ class ManagerTest extends TestCase {
}
public function testIsTwoFactorAuthenticatedOnlyBackupCodes() {
- $this->user->expects($this->once())
- ->method('getUID')
- ->will($this->returnValue('user123'));
- $this->config->expects($this->once())
- ->method('getUserValue')
- ->with('user123', 'core', 'two_factor_auth_disabled', 0)
- ->willReturn(0);
$this->providerRegistry->expects($this->once())
->method('getProviderStates')
->willReturn([
@@ -187,13 +173,6 @@ class ManagerTest extends TestCase {
}
public function testIsTwoFactorAuthenticatedFailingProviders() {
- $this->user->expects($this->once())
- ->method('getUID')
- ->will($this->returnValue('user123'));
- $this->config->expects($this->once())
- ->method('getUserValue')
- ->with('user123', 'core', 'two_factor_auth_disabled', 0)
- ->willReturn(0);
$this->providerRegistry->expects($this->once())
->method('getProviderStates')
->willReturn([
@@ -225,13 +204,6 @@ class ManagerTest extends TestCase {
* @dataProvider providerStatesFixData
*/
public function testIsTwoFactorAuthenticatedFixesProviderStates(bool $providerEnabled, bool $expected) {
- $this->user->expects($this->once())
- ->method('getUID')
- ->will($this->returnValue('user123'));
- $this->config->expects($this->once())
- ->method('getUserValue')
- ->with('user123', 'core', 'two_factor_auth_disabled', 0)
- ->willReturn(0);
$this->providerRegistry->expects($this->once())
->method('getProviderStates')
->willReturn([]); // Nothing registered yet
diff --git a/tests/lib/Authentication/TwoFactorAuth/ProviderManagerTest.php b/tests/lib/Authentication/TwoFactorAuth/ProviderManagerTest.php
new file mode 100644
index 00000000000..736dfdb913b
--- /dev/null
+++ b/tests/lib/Authentication/TwoFactorAuth/ProviderManagerTest.php
@@ -0,0 +1,154 @@
+<?php
+
+declare(strict_types=1);
+
+/**
+ * @copyright 2018 Christoph Wurst <christoph@winzerhof-wurst.at>
+ *
+ * @author 2018 Christoph Wurst <christoph@winzerhof-wurst.at>
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+namespace lib\Authentication\TwoFactorAuth;
+
+use OC\Authentication\TwoFactorAuth\ProviderLoader;
+use OC\Authentication\TwoFactorAuth\ProviderManager;
+use OCP\Authentication\TwoFactorAuth\IActivatableByAdmin;
+use OCP\Authentication\TwoFactorAuth\IDeactivatableByAdmin;
+use OCP\Authentication\TwoFactorAuth\IProvider;
+use OCP\Authentication\TwoFactorAuth\IRegistry;
+use OCP\IUser;
+use PHPUnit\Framework\MockObject\MockObject;
+use Test\TestCase;
+
+class ProviderManagerTest extends TestCase {
+
+ /** @var ProviderLoader|MockObject */
+ private $providerLoader;
+
+ /** @var IRegistry|MockObject */
+ private $registry;
+
+ /** @var ProviderManager */
+ private $providerManager;
+
+ protected function setUp() {
+ parent::setUp();
+
+ $this->providerLoader = $this->createMock(ProviderLoader::class);
+ $this->registry = $this->createMock(IRegistry::class);
+
+ $this->providerManager = new ProviderManager(
+ $this->providerLoader,
+ $this->registry
+ );
+ }
+
+ /**
+ * @expectedException \OC\Authentication\Exceptions\InvalidProviderException
+ */
+ public function testTryEnableInvalidProvider() {
+ $user = $this->createMock(IUser::class);
+ $this->providerManager->tryEnableProviderFor('none', $user);
+ }
+
+ public function testTryEnableUnsupportedProvider() {
+ $user = $this->createMock(IUser::class);
+ $provider = $this->createMock(IProvider::class);
+ $this->providerLoader->expects($this->once())
+ ->method('getProviders')
+ ->with($user)
+ ->willReturn([
+ 'u2f' => $provider,
+ ]);
+ $this->registry->expects($this->never())
+ ->method('enableProviderFor');
+
+ $res = $this->providerManager->tryEnableProviderFor('u2f', $user);
+
+ $this->assertFalse($res);
+ }
+
+ public function testTryEnableProvider() {
+ $user = $this->createMock(IUser::class);
+ $provider = $this->createMock(IActivatableByAdmin::class);
+ $this->providerLoader->expects($this->once())
+ ->method('getProviders')
+ ->with($user)
+ ->willReturn([
+ 'u2f' => $provider,
+ ]);
+ $provider->expects($this->once())
+ ->method('enableFor')
+ ->with($user);
+ $this->registry->expects($this->once())
+ ->method('enableProviderFor')
+ ->with($provider, $user);
+
+ $res = $this->providerManager->tryEnableProviderFor('u2f', $user);
+
+ $this->assertTrue($res);
+ }
+
+ /**
+ * @expectedException \OC\Authentication\Exceptions\InvalidProviderException
+ */
+ public function testTryDisableInvalidProvider() {
+ $user = $this->createMock(IUser::class);
+ $this->providerManager->tryDisableProviderFor('none', $user);
+ }
+
+ public function testTryDisableUnsupportedProvider() {
+ $user = $this->createMock(IUser::class);
+ $provider = $this->createMock(IProvider::class);
+ $this->providerLoader->expects($this->once())
+ ->method('getProviders')
+ ->with($user)
+ ->willReturn([
+ 'u2f' => $provider,
+ ]);
+ $this->registry->expects($this->never())
+ ->method('disableProviderFor');
+
+ $res = $this->providerManager->tryDisableProviderFor('u2f', $user);
+
+ $this->assertFalse($res);
+ }
+
+ public function testTryDisableProvider() {
+ $user = $this->createMock(IUser::class);
+ $provider = $this->createMock(IDeactivatableByAdmin::class);
+ $this->providerLoader->expects($this->once())
+ ->method('getProviders')
+ ->with($user)
+ ->willReturn([
+ 'u2f' => $provider,
+ ]);
+ $provider->expects($this->once())
+ ->method('disableFor')
+ ->with($user);
+ $this->registry->expects($this->once())
+ ->method('disableProviderFor')
+ ->with($provider, $user);
+
+ $res = $this->providerManager->tryDisableProviderFor('u2f', $user);
+
+ $this->assertTrue($res);
+ }
+
+}
diff --git a/tests/lib/Authentication/TwoFactorAuth/RegistryTest.php b/tests/lib/Authentication/TwoFactorAuth/RegistryTest.php
index 71f104ca429..3d2941e009a 100644
--- a/tests/lib/Authentication/TwoFactorAuth/RegistryTest.php
+++ b/tests/lib/Authentication/TwoFactorAuth/RegistryTest.php
@@ -82,4 +82,12 @@ class RegistryTest extends TestCase {
$this->registry->disableProviderFor($provider, $user);
}
+ public function testCleanUp() {
+ $this->dao->expects($this->once())
+ ->method('deleteAll')
+ ->with('twofactor_u2f');
+
+ $this->registry->cleanUp('twofactor_u2f');
+ }
+
}