123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412 |
- <?php
- /**
- * @author Christoph Wurst <christoph@owncloud.com>
- *
- * @copyright Copyright (c) 2016, ownCloud, Inc.
- * @license AGPL-3.0
- *
- * This code is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License, version 3,
- * as published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License, version 3,
- * along with this program. If not, see <http://www.gnu.org/licenses/>
- *
- */
- namespace Test\Authentication\TwoFactorAuth;
- use Exception;
- use OC;
- use OC\App\AppManager;
- use OC\Authentication\TwoFactorAuth\Manager;
- use OCP\Activity\IEvent;
- use OCP\Activity\IManager;
- use OCP\Authentication\TwoFactorAuth\IProvider;
- use OCP\IConfig;
- use OCP\ILogger;
- use OCP\ISession;
- use OCP\IUser;
- use Test\TestCase;
- class ManagerTest extends TestCase {
- /** @var IUser|PHPUnit_Framework_MockObject_MockObject */
- private $user;
- /** @var AppManager|PHPUnit_Framework_MockObject_MockObject */
- private $appManager;
- /** @var ISession|PHPUnit_Framework_MockObject_MockObject */
- private $session;
- /** @var Manager */
- private $manager;
- /** @var IConfig|PHPUnit_Framework_MockObject_MockObject */
- private $config;
- /** @var IManager|PHPUnit_Framework_MockObject_MockObject */
- private $activityManager;
- /** @var ILogger|PHPUnit_Framework_MockObject_MockObject */
- private $logger;
- /** @var IProvider|PHPUnit_Framework_MockObject_MockObject */
- private $fakeProvider;
- /** @var IProvider|PHPUnit_Framework_MockObject_MockObject */
- private $backupProvider;
- protected function setUp() {
- parent::setUp();
- $this->user = $this->createMock(IUser::class);
- $this->appManager = $this->createMock(AppManager::class);
- $this->session = $this->createMock(ISession::class);
- $this->config = $this->createMock(IConfig::class);
- $this->activityManager = $this->createMock(IManager::class);
- $this->logger = $this->createMock(ILogger::class);
- $this->manager = $this->getMockBuilder('\OC\Authentication\TwoFactorAuth\Manager')
- ->setConstructorArgs([$this->appManager, $this->session, $this->config, $this->activityManager, $this->logger])
- ->setMethods(['loadTwoFactorApp']) // Do not actually load the apps
- ->getMock();
- $this->fakeProvider = $this->createMock(IProvider::class);
- $this->fakeProvider->expects($this->any())
- ->method('getId')
- ->will($this->returnValue('email'));
- $this->fakeProvider->expects($this->any())
- ->method('isTwoFactorAuthEnabledForUser')
- ->will($this->returnValue(true));
- OC::$server->registerService('\OCA\MyCustom2faApp\FakeProvider', function() {
- return $this->fakeProvider;
- });
- $this->backupProvider = $this->getMockBuilder('\OCP\Authentication\TwoFactorAuth\IProvider')->getMock();
- $this->backupProvider->expects($this->any())
- ->method('getId')
- ->will($this->returnValue('backup_codes'));
- $this->backupProvider->expects($this->any())
- ->method('isTwoFactorAuthEnabledForUser')
- ->will($this->returnValue(true));
- OC::$server->registerService('\OCA\TwoFactorBackupCodes\Provider\FakeBackupCodesProvider', function () {
- return $this->backupProvider;
- });
- }
- private function prepareNoProviders() {
- $this->appManager->expects($this->any())
- ->method('getEnabledAppsForUser')
- ->with($this->user)
- ->will($this->returnValue([]));
- $this->appManager->expects($this->never())
- ->method('getAppInfo');
- $this->manager->expects($this->never())
- ->method('loadTwoFactorApp');
- }
- private function prepareProviders() {
- $this->appManager->expects($this->any())
- ->method('getEnabledAppsForUser')
- ->with($this->user)
- ->will($this->returnValue(['mycustom2faapp']));
- $this->appManager->expects($this->once())
- ->method('getAppInfo')
- ->with('mycustom2faapp')
- ->will($this->returnValue([
- 'two-factor-providers' => [
- '\OCA\MyCustom2faApp\FakeProvider',
- ],
- ]));
- $this->manager->expects($this->once())
- ->method('loadTwoFactorApp')
- ->with('mycustom2faapp');
- }
- private function prepareProvidersWitBackupProvider() {
- $this->appManager->expects($this->any())
- ->method('getEnabledAppsForUser')
- ->with($this->user)
- ->will($this->returnValue([
- 'mycustom2faapp',
- 'twofactor_backupcodes',
- ]));
- $this->appManager->expects($this->exactly(2))
- ->method('getAppInfo')
- ->will($this->returnValueMap([
- [
- 'mycustom2faapp',
- ['two-factor-providers' => [
- '\OCA\MyCustom2faApp\FakeProvider',
- ]
- ]
- ],
- [
- 'twofactor_backupcodes',
- ['two-factor-providers' => [
- '\OCA\TwoFactorBackupCodes\Provider\FakeBackupCodesProvider',
- ]
- ]
- ],
- ]));
- $this->manager->expects($this->exactly(2))
- ->method('loadTwoFactorApp');
- }
- /**
- * @expectedException Exception
- * @expectedExceptionMessage Could not load two-factor auth provider \OCA\MyFaulty2faApp\DoesNotExist
- */
- public function testFailHardIfProviderCanNotBeLoaded() {
- $this->appManager->expects($this->once())
- ->method('getEnabledAppsForUser')
- ->with($this->user)
- ->will($this->returnValue(['faulty2faapp']));
- $this->manager->expects($this->once())
- ->method('loadTwoFactorApp')
- ->with('faulty2faapp');
- $this->appManager->expects($this->once())
- ->method('getAppInfo')
- ->with('faulty2faapp')
- ->will($this->returnValue([
- 'two-factor-providers' => [
- '\OCA\MyFaulty2faApp\DoesNotExist',
- ],
- ]));
- $this->manager->getProviders($this->user);
- }
- public function testIsTwoFactorAuthenticated() {
- $this->prepareProviders();
- $this->user->expects($this->once())
- ->method('getUID')
- ->will($this->returnValue('user123'));
- $this->config->expects($this->once())
- ->method('getUserValue')
- ->with('user123', 'core', 'two_factor_auth_disabled', 0)
- ->will($this->returnValue(0));
- $this->assertTrue($this->manager->isTwoFactorAuthenticated($this->user));
- }
- public function testGetProvider() {
- $this->prepareProviders();
- $this->assertSame($this->fakeProvider, $this->manager->getProvider($this->user, 'email'));
- }
- public function testGetBackupProvider() {
- $this->prepareProvidersWitBackupProvider();
- $this->assertSame($this->backupProvider, $this->manager->getBackupProvider($this->user));
- }
- public function testGetInvalidProvider() {
- $this->prepareProviders();
- $this->assertSame(null, $this->manager->getProvider($this->user, 'nonexistent'));
- }
- public function testGetProviders() {
- $this->prepareProviders();
- $expectedProviders = [
- 'email' => $this->fakeProvider,
- ];
- $this->assertEquals($expectedProviders, $this->manager->getProviders($this->user));
- }
- public function testVerifyChallenge() {
- $this->prepareProviders();
- $challenge = 'passme';
- $event = $this->createMock(IEvent::class);
- $this->fakeProvider->expects($this->once())
- ->method('verifyChallenge')
- ->with($this->user, $challenge)
- ->will($this->returnValue(true));
- $this->session->expects($this->once())
- ->method('get')
- ->with('two_factor_remember_login')
- ->will($this->returnValue(false));
- $this->session->expects($this->at(1))
- ->method('remove')
- ->with('two_factor_auth_uid');
- $this->session->expects($this->at(2))
- ->method('remove')
- ->with('two_factor_remember_login');
- $this->activityManager->expects($this->once())
- ->method('generateEvent')
- ->willReturn($event);
- $this->user->expects($this->any())
- ->method('getUID')
- ->willReturn('jos');
- $event->expects($this->once())
- ->method('setApp')
- ->with($this->equalTo('twofactor_generic'))
- ->willReturnSelf();
- $event->expects($this->once())
- ->method('setType')
- ->with($this->equalTo('twofactor'))
- ->willReturnSelf();
- $event->expects($this->once())
- ->method('setAuthor')
- ->with($this->equalTo('jos'))
- ->willReturnSelf();
- $event->expects($this->once())
- ->method('setAffectedUser')
- ->with($this->equalTo('jos'))
- ->willReturnSelf();
- $this->fakeProvider->expects($this->once())
- ->method('getDisplayName')
- ->willReturn('Fake 2FA');
- $event->expects($this->once())
- ->method('setSubject')
- ->with($this->equalTo('twofactor_success'), $this->equalTo([
- 'provider' => 'Fake 2FA',
- ]))
- ->willReturnSelf();
- $this->assertTrue($this->manager->verifyChallenge('email', $this->user, $challenge));
- }
- public function testVerifyChallengeInvalidProviderId() {
- $this->prepareProviders();
- $challenge = 'passme';
- $this->fakeProvider->expects($this->never())
- ->method('verifyChallenge')
- ->with($this->user, $challenge);
- $this->session->expects($this->never())
- ->method('remove');
- $this->assertFalse($this->manager->verifyChallenge('dontexist', $this->user, $challenge));
- }
- public function testVerifyInvalidChallenge() {
- $this->prepareProviders();
- $challenge = 'dontpassme';
- $event = $this->createMock(IEvent::class);
- $this->fakeProvider->expects($this->once())
- ->method('verifyChallenge')
- ->with($this->user, $challenge)
- ->will($this->returnValue(false));
- $this->session->expects($this->never())
- ->method('remove');
- $this->activityManager->expects($this->once())
- ->method('generateEvent')
- ->willReturn($event);
- $this->user->expects($this->any())
- ->method('getUID')
- ->willReturn('jos');
- $event->expects($this->once())
- ->method('setApp')
- ->with($this->equalTo('twofactor_generic'))
- ->willReturnSelf();
- $event->expects($this->once())
- ->method('setType')
- ->with($this->equalTo('twofactor'))
- ->willReturnSelf();
- $event->expects($this->once())
- ->method('setAuthor')
- ->with($this->equalTo('jos'))
- ->willReturnSelf();
- $event->expects($this->once())
- ->method('setAffectedUser')
- ->with($this->equalTo('jos'))
- ->willReturnSelf();
- $this->fakeProvider->expects($this->once())
- ->method('getDisplayName')
- ->willReturn('Fake 2FA');
- $event->expects($this->once())
- ->method('setSubject')
- ->with($this->equalTo('twofactor_failed'), $this->equalTo([
- 'provider' => 'Fake 2FA',
- ]))
- ->willReturnSelf();
- $this->assertFalse($this->manager->verifyChallenge('email', $this->user, $challenge));
- }
- public function testNeedsSecondFactor() {
- $user = $this->createMock(IUser::class);
- $this->session->expects($this->once())
- ->method('exists')
- ->with('two_factor_auth_uid')
- ->will($this->returnValue(false));
- $this->assertFalse($this->manager->needsSecondFactor($user));
- }
- public function testNeedsSecondFactorUserIsNull() {
- $user = null;
- $this->session->expects($this->never())
- ->method('exists');
- $this->assertFalse($this->manager->needsSecondFactor($user));
- }
- public function testNeedsSecondFactorWithNoProviderAvailableAnymore() {
- $this->prepareNoProviders();
- $user = null;
- $this->session->expects($this->never())
- ->method('exists')
- ->with('two_factor_auth_uid')
- ->will($this->returnValue(true));
- $this->session->expects($this->never())
- ->method('remove')
- ->with('two_factor_auth_uid');
- $this->assertFalse($this->manager->needsSecondFactor($user));
- }
- public function testPrepareTwoFactorLogin() {
- $this->user->expects($this->once())
- ->method('getUID')
- ->will($this->returnValue('ferdinand'));
- $this->session->expects($this->at(0))
- ->method('set')
- ->with('two_factor_auth_uid', 'ferdinand');
- $this->session->expects($this->at(1))
- ->method('set')
- ->with('two_factor_remember_login', true);
- $this->manager->prepareTwoFactorLogin($this->user, true);
- }
- public function testPrepareTwoFactorLoginDontRemember() {
- $this->user->expects($this->once())
- ->method('getUID')
- ->will($this->returnValue('ferdinand'));
- $this->session->expects($this->at(0))
- ->method('set')
- ->with('two_factor_auth_uid', 'ferdinand');
- $this->session->expects($this->at(1))
- ->method('set')
- ->with('two_factor_remember_login', false);
- $this->manager->prepareTwoFactorLogin($this->user, false);
- }
- }
|