1
0

LostControllerTest.php 24 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760
  1. <?php
  2. /**
  3. * @author Lukas Reschke <lukas@owncloud.com>
  4. * @author Joshua Trees <me@jtrees.io>
  5. *
  6. * @copyright Copyright (c) 2015, ownCloud, Inc.
  7. * @copyright Copyright (c) 2023, Joshua Trees <me@jtrees.io>
  8. * @license AGPL-3.0
  9. *
  10. * This code is free software: you can redistribute it and/or modify
  11. * it under the terms of the GNU Affero General Public License, version 3,
  12. * as published by the Free Software Foundation.
  13. *
  14. * This program is distributed in the hope that it will be useful,
  15. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  16. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  17. * GNU Affero General Public License for more details.
  18. *
  19. * You should have received a copy of the GNU Affero General Public License, version 3,
  20. * along with this program. If not, see <http://www.gnu.org/licenses/>
  21. *
  22. */
  23. namespace Tests\Core\Controller;
  24. use OC\Authentication\TwoFactorAuth\Manager;
  25. use OC\Core\Controller\LostController;
  26. use OC\Core\Events\BeforePasswordResetEvent;
  27. use OC\Core\Events\PasswordResetEvent;
  28. use OC\Mail\Message;
  29. use OC\Security\RateLimiting\Limiter;
  30. use OCP\AppFramework\Http\JSONResponse;
  31. use OCP\AppFramework\Http\TemplateResponse;
  32. use OCP\AppFramework\Services\IInitialState;
  33. use OCP\Defaults;
  34. use OCP\Encryption\IEncryptionModule;
  35. use OCP\Encryption\IManager;
  36. use OCP\EventDispatcher\IEventDispatcher;
  37. use OCP\IConfig;
  38. use OCP\IL10N;
  39. use OCP\IRequest;
  40. use OCP\IURLGenerator;
  41. use OCP\IUser;
  42. use OCP\IUserManager;
  43. use OCP\Mail\IEMailTemplate;
  44. use OCP\Mail\IMailer;
  45. use OCP\Security\VerificationToken\InvalidTokenException;
  46. use OCP\Security\VerificationToken\IVerificationToken;
  47. use PHPUnit\Framework\MockObject\MockObject;
  48. use Psr\Log\LoggerInterface;
  49. use Test\TestCase;
  50. /**
  51. * Class LostControllerTest
  52. *
  53. * @package OC\Core\Controller
  54. */
  55. class LostControllerTest extends TestCase {
  56. private LostController $lostController;
  57. /** @var IUser */
  58. private $existingUser;
  59. /** @var IURLGenerator | MockObject */
  60. private $urlGenerator;
  61. /** @var IL10N */
  62. private $l10n;
  63. /** @var IUserManager | MockObject */
  64. private $userManager;
  65. /** @var Defaults */
  66. private $defaults;
  67. /** @var IConfig | MockObject */
  68. private $config;
  69. /** @var IMailer | MockObject */
  70. private $mailer;
  71. /** @var IManager|MockObject */
  72. private $encryptionManager;
  73. /** @var IRequest|MockObject */
  74. private $request;
  75. /** @var LoggerInterface|MockObject */
  76. private $logger;
  77. /** @var Manager|MockObject */
  78. private $twofactorManager;
  79. /** @var IInitialState|MockObject */
  80. private $initialState;
  81. /** @var IVerificationToken|MockObject */
  82. private $verificationToken;
  83. /** @var IEventDispatcher|MockObject */
  84. private $eventDispatcher;
  85. /** @var Limiter|MockObject */
  86. private $limiter;
  87. protected function setUp(): void {
  88. parent::setUp();
  89. $this->existingUser = $this->createMock(IUser::class);
  90. $this->existingUser->expects($this->any())
  91. ->method('getEMailAddress')
  92. ->willReturn('test@example.com');
  93. $this->existingUser->expects($this->any())
  94. ->method('getUID')
  95. ->willReturn('ExistingUser');
  96. $this->existingUser->expects($this->any())
  97. ->method('getDisplayName')
  98. ->willReturn('Existing User');
  99. $this->existingUser->expects($this->any())
  100. ->method('isEnabled')
  101. ->willReturn(true);
  102. $this->config = $this->createMock(IConfig::class);
  103. $this->config->expects($this->any())
  104. ->method('getSystemValue')
  105. ->willReturnMap([
  106. ['secret', null, 'SECRET'],
  107. ['secret', '', 'SECRET'],
  108. ['lost_password_link', '', ''],
  109. ]);
  110. $this->l10n = $this->createMock(IL10N::class);
  111. $this->l10n
  112. ->expects($this->any())
  113. ->method('t')
  114. ->willReturnCallback(function ($text, $parameters = []) {
  115. return vsprintf($text, $parameters);
  116. });
  117. $this->defaults = $this->createMock(Defaults::class);
  118. $this->userManager = $this->createMock(IUserManager::class);
  119. $this->urlGenerator = $this->createMock(IURLGenerator::class);
  120. $this->mailer = $this->createMock(IMailer::class);
  121. $this->request = $this->createMock(IRequest::class);
  122. $this->encryptionManager = $this->createMock(IManager::class);
  123. $this->encryptionManager->expects($this->any())
  124. ->method('isEnabled')
  125. ->willReturn(true);
  126. $this->logger = $this->createMock(LoggerInterface::class);
  127. $this->twofactorManager = $this->createMock(Manager::class);
  128. $this->initialState = $this->createMock(IInitialState::class);
  129. $this->verificationToken = $this->createMock(IVerificationToken::class);
  130. $this->eventDispatcher = $this->createMock(IEventDispatcher::class);
  131. $this->limiter = $this->createMock(Limiter::class);
  132. $this->lostController = new LostController(
  133. 'Core',
  134. $this->request,
  135. $this->urlGenerator,
  136. $this->userManager,
  137. $this->defaults,
  138. $this->l10n,
  139. $this->config,
  140. 'lostpassword-noreply@localhost',
  141. $this->encryptionManager,
  142. $this->mailer,
  143. $this->logger,
  144. $this->twofactorManager,
  145. $this->initialState,
  146. $this->verificationToken,
  147. $this->eventDispatcher,
  148. $this->limiter
  149. );
  150. }
  151. public function testResetFormTokenError() {
  152. $this->userManager->method('get')
  153. ->with('ValidTokenUser')
  154. ->willReturn($this->existingUser);
  155. $this->verificationToken->expects($this->once())
  156. ->method('check')
  157. ->with('12345:MySecretToken', $this->existingUser, 'lostpassword', 'test@example.com')
  158. ->willThrowException(new InvalidTokenException(InvalidTokenException::TOKEN_DECRYPTION_ERROR));
  159. $response = $this->lostController->resetform('12345:MySecretToken', 'ValidTokenUser');
  160. $expectedResponse = new TemplateResponse('core',
  161. 'error',
  162. [
  163. 'errors' => [
  164. ['error' => 'Could not reset password because the token is invalid'],
  165. ]
  166. ],
  167. 'guest');
  168. $expectedResponse->throttle();
  169. $this->assertEquals($expectedResponse, $response);
  170. }
  171. public function testResetFormValidToken() {
  172. $this->userManager->method('get')
  173. ->with('ValidTokenUser')
  174. ->willReturn($this->existingUser);
  175. $this->verificationToken->expects($this->once())
  176. ->method('check')
  177. ->with('MySecretToken', $this->existingUser, 'lostpassword', 'test@example.com');
  178. $this->urlGenerator
  179. ->expects($this->once())
  180. ->method('linkToRouteAbsolute')
  181. ->with('core.lost.setPassword', ['userId' => 'ValidTokenUser', 'token' => 'MySecretToken'])
  182. ->willReturn('https://example.tld/index.php/lostpassword/set/sometoken/someuser');
  183. $this->initialState
  184. ->expects($this->exactly(2))
  185. ->method('provideInitialState')
  186. ->withConsecutive(
  187. ['resetPasswordUser', 'ValidTokenUser'],
  188. ['resetPasswordTarget', 'https://example.tld/index.php/lostpassword/set/sometoken/someuser']
  189. );
  190. $response = $this->lostController->resetform('MySecretToken', 'ValidTokenUser');
  191. $expectedResponse = new TemplateResponse('core',
  192. 'login',
  193. [],
  194. 'guest');
  195. $this->assertEquals($expectedResponse, $response);
  196. }
  197. public function testEmailUnsuccessful() {
  198. $existingUser = 'ExistingUser';
  199. $nonExistingUser = 'NonExistingUser';
  200. $this->userManager
  201. ->expects($this->any())
  202. ->method('userExists')
  203. ->willReturnMap([
  204. [true, $existingUser],
  205. [false, $nonExistingUser]
  206. ]);
  207. $this->logger->expects($this->exactly(0))
  208. ->method('error');
  209. $this->logger->expects($this->exactly(2))
  210. ->method('warning');
  211. $this->userManager
  212. ->method('getByEmail')
  213. ->willReturn([]);
  214. // With a non existing user
  215. $response = $this->lostController->email($nonExistingUser);
  216. $expectedResponse = new JSONResponse([
  217. 'status' => 'success',
  218. ]);
  219. $expectedResponse->throttle();
  220. $this->assertEquals($expectedResponse, $response);
  221. // With no mail address
  222. $this->config
  223. ->expects($this->any())
  224. ->method('getUserValue')
  225. ->with($existingUser, 'settings', 'email')
  226. ->willReturn(null);
  227. $response = $this->lostController->email($existingUser);
  228. $expectedResponse = new JSONResponse([
  229. 'status' => 'success',
  230. ]);
  231. $expectedResponse->throttle();
  232. $this->assertEquals($expectedResponse, $response);
  233. }
  234. public function testEmailSuccessful() {
  235. $this->userManager
  236. ->expects($this->any())
  237. ->method('get')
  238. ->with('ExistingUser')
  239. ->willReturn($this->existingUser);
  240. $this->verificationToken->expects($this->once())
  241. ->method('create')
  242. ->willReturn('ThisIsMaybeANotSoSecretToken!');
  243. $this->urlGenerator
  244. ->expects($this->once())
  245. ->method('linkToRouteAbsolute')
  246. ->with('core.lost.resetform', ['userId' => 'ExistingUser', 'token' => 'ThisIsMaybeANotSoSecretToken!'])
  247. ->willReturn('https://example.tld/index.php/lostpassword/');
  248. $message = $this->getMockBuilder('\OC\Mail\Message')
  249. ->disableOriginalConstructor()->getMock();
  250. $message
  251. ->expects($this->once())
  252. ->method('setTo')
  253. ->with(['test@example.com' => 'Existing User']);
  254. $message
  255. ->expects($this->once())
  256. ->method('setFrom')
  257. ->with(['lostpassword-noreply@localhost' => null]);
  258. $emailTemplate = $this->createMock(IEMailTemplate::class);
  259. $emailTemplate->expects($this->any())
  260. ->method('renderHtml')
  261. ->willReturn('HTML body');
  262. $emailTemplate->expects($this->any())
  263. ->method('renderText')
  264. ->willReturn('text body');
  265. $message
  266. ->expects($this->once())
  267. ->method('useTemplate')
  268. ->with($emailTemplate);
  269. $this->mailer
  270. ->expects($this->once())
  271. ->method('createEMailTemplate')
  272. ->willReturn($emailTemplate);
  273. $this->mailer
  274. ->expects($this->once())
  275. ->method('createMessage')
  276. ->willReturn($message);
  277. $this->mailer
  278. ->expects($this->once())
  279. ->method('send')
  280. ->with($message);
  281. $response = $this->lostController->email('ExistingUser');
  282. $expectedResponse = new JSONResponse(['status' => 'success']);
  283. $expectedResponse->throttle();
  284. $this->assertEquals($expectedResponse, $response);
  285. }
  286. public function testEmailWithMailSuccessful() {
  287. $this->userManager
  288. ->expects($this->any())
  289. ->method('get')
  290. ->with('test@example.com')
  291. ->willReturn(null);
  292. $this->userManager
  293. ->expects($this->any())
  294. ->method('getByEmail')
  295. ->with('test@example.com')
  296. ->willReturn([$this->existingUser]);
  297. $this->verificationToken->expects($this->once())
  298. ->method('create')
  299. ->willReturn('ThisIsMaybeANotSoSecretToken!');
  300. $this->urlGenerator
  301. ->expects($this->once())
  302. ->method('linkToRouteAbsolute')
  303. ->with('core.lost.resetform', ['userId' => 'ExistingUser', 'token' => 'ThisIsMaybeANotSoSecretToken!'])
  304. ->willReturn('https://example.tld/index.php/lostpassword/');
  305. $message = $this->getMockBuilder('\OC\Mail\Message')
  306. ->disableOriginalConstructor()->getMock();
  307. $message
  308. ->expects($this->once())
  309. ->method('setTo')
  310. ->with(['test@example.com' => 'Existing User']);
  311. $message
  312. ->expects($this->once())
  313. ->method('setFrom')
  314. ->with(['lostpassword-noreply@localhost' => null]);
  315. $emailTemplate = $this->createMock(IEMailTemplate::class);
  316. $emailTemplate->expects($this->any())
  317. ->method('renderHtml')
  318. ->willReturn('HTML body');
  319. $emailTemplate->expects($this->any())
  320. ->method('renderText')
  321. ->willReturn('text body');
  322. $message
  323. ->expects($this->once())
  324. ->method('useTemplate')
  325. ->with($emailTemplate);
  326. $this->mailer
  327. ->expects($this->once())
  328. ->method('createEMailTemplate')
  329. ->willReturn($emailTemplate);
  330. $this->mailer
  331. ->expects($this->once())
  332. ->method('createMessage')
  333. ->willReturn($message);
  334. $this->mailer
  335. ->expects($this->once())
  336. ->method('send')
  337. ->with($message);
  338. $response = $this->lostController->email('test@example.com');
  339. $expectedResponse = new JSONResponse(['status' => 'success']);
  340. $expectedResponse->throttle();
  341. $this->assertEquals($expectedResponse, $response);
  342. }
  343. public function testEmailCantSendException() {
  344. $this->userManager
  345. ->expects($this->any())
  346. ->method('get')
  347. ->with('ExistingUser')
  348. ->willReturn($this->existingUser);
  349. $this->verificationToken->expects($this->once())
  350. ->method('create')
  351. ->willReturn('ThisIsMaybeANotSoSecretToken!');
  352. $this->urlGenerator
  353. ->expects($this->once())
  354. ->method('linkToRouteAbsolute')
  355. ->with('core.lost.resetform', ['userId' => 'ExistingUser', 'token' => 'ThisIsMaybeANotSoSecretToken!'])
  356. ->willReturn('https://example.tld/index.php/lostpassword/');
  357. $message = $this->createMock(Message::class);
  358. $message
  359. ->expects($this->once())
  360. ->method('setTo')
  361. ->with(['test@example.com' => 'Existing User']);
  362. $message
  363. ->expects($this->once())
  364. ->method('setFrom')
  365. ->with(['lostpassword-noreply@localhost' => null]);
  366. $emailTemplate = $this->createMock(IEMailTemplate::class);
  367. $emailTemplate->expects($this->any())
  368. ->method('renderHtml')
  369. ->willReturn('HTML body');
  370. $emailTemplate->expects($this->any())
  371. ->method('renderText')
  372. ->willReturn('text body');
  373. $message
  374. ->expects($this->once())
  375. ->method('useTemplate')
  376. ->with($emailTemplate);
  377. $this->mailer
  378. ->expects($this->once())
  379. ->method('createEMailTemplate')
  380. ->willReturn($emailTemplate);
  381. $this->mailer
  382. ->expects($this->once())
  383. ->method('createMessage')
  384. ->willReturn($message);
  385. $this->mailer
  386. ->expects($this->once())
  387. ->method('send')
  388. ->with($message)
  389. ->will($this->throwException(new \Exception()));
  390. $this->logger->expects($this->exactly(1))
  391. ->method('error');
  392. $response = $this->lostController->email('ExistingUser');
  393. $expectedResponse = new JSONResponse(['status' => 'success']);
  394. $expectedResponse->throttle();
  395. $this->assertEquals($expectedResponse, $response);
  396. }
  397. public function testSetPasswordUnsuccessful() {
  398. $this->config->method('getUserValue')
  399. ->with('ValidTokenUser', 'core', 'lostpassword', null)
  400. ->willReturn('encryptedData');
  401. $this->existingUser->method('getLastLogin')
  402. ->willReturn(12344);
  403. $this->existingUser->expects($this->once())
  404. ->method('setPassword')
  405. ->with('NewPassword')
  406. ->willReturn(false);
  407. $this->userManager->method('get')
  408. ->with('ValidTokenUser')
  409. ->willReturn($this->existingUser);
  410. $beforePasswordResetEvent = new BeforePasswordResetEvent($this->existingUser, 'NewPassword');
  411. $this->eventDispatcher
  412. ->expects($this->once())
  413. ->method('dispatchTyped')
  414. ->with($beforePasswordResetEvent);
  415. $this->config->expects($this->never())
  416. ->method('deleteUserValue');
  417. $response = $this->lostController->setPassword('TheOnlyAndOnlyOneTokenToResetThePassword', 'ValidTokenUser', 'NewPassword', true);
  418. $expectedResponse = ['status' => 'error', 'msg' => ''];
  419. $this->assertSame($expectedResponse, $response->getData());
  420. }
  421. public function testSetPasswordSuccessful() {
  422. $this->config->method('getUserValue')
  423. ->with('ValidTokenUser', 'core', 'lostpassword', null)
  424. ->willReturn('encryptedData');
  425. $this->existingUser->method('getLastLogin')
  426. ->willReturn(12344);
  427. $this->existingUser->expects($this->once())
  428. ->method('setPassword')
  429. ->with('NewPassword')
  430. ->willReturn(true);
  431. $this->userManager->method('get')
  432. ->with('ValidTokenUser')
  433. ->willReturn($this->existingUser);
  434. $beforePasswordResetEvent = new BeforePasswordResetEvent($this->existingUser, 'NewPassword');
  435. $passwordResetEvent = new PasswordResetEvent($this->existingUser, 'NewPassword');
  436. $this->eventDispatcher
  437. ->expects($this->exactly(2))
  438. ->method('dispatchTyped')
  439. ->withConsecutive([$beforePasswordResetEvent], [$passwordResetEvent]);
  440. $this->config->expects($this->once())
  441. ->method('deleteUserValue')
  442. ->with('ValidTokenUser', 'core', 'lostpassword');
  443. $response = $this->lostController->setPassword('TheOnlyAndOnlyOneTokenToResetThePassword', 'ValidTokenUser', 'NewPassword', true);
  444. $expectedResponse = ['user' => 'ValidTokenUser', 'status' => 'success'];
  445. $this->assertSame($expectedResponse, $response->getData());
  446. }
  447. public function testSetPasswordExpiredToken() {
  448. $this->config->method('getUserValue')
  449. ->with('ValidTokenUser', 'core', 'lostpassword', null)
  450. ->willReturn('encryptedData');
  451. $this->userManager->method('get')
  452. ->with('ValidTokenUser')
  453. ->willReturn($this->existingUser);
  454. $this->verificationToken->expects($this->atLeastOnce())
  455. ->method('check')
  456. ->willThrowException(new InvalidTokenException(InvalidTokenException::TOKEN_EXPIRED));
  457. $response = $this->lostController->setPassword('TheOnlyAndOnlyOneTokenToResetThePassword', 'ValidTokenUser', 'NewPassword', true);
  458. $expectedResponse = [
  459. 'status' => 'error',
  460. 'msg' => 'Could not reset password because the token is expired',
  461. ];
  462. $this->assertSame($expectedResponse, $response->getData());
  463. }
  464. public function testSetPasswordInvalidDataInDb() {
  465. $this->config->method('getUserValue')
  466. ->with('ValidTokenUser', 'core', 'lostpassword', null)
  467. ->willReturn('invalidEncryptedData');
  468. $this->userManager
  469. ->method('get')
  470. ->with('ValidTokenUser')
  471. ->willReturn($this->existingUser);
  472. $this->verificationToken->expects($this->atLeastOnce())
  473. ->method('check')
  474. ->willThrowException(new InvalidTokenException(InvalidTokenException::TOKEN_INVALID_FORMAT));
  475. $response = $this->lostController->setPassword('TheOnlyAndOnlyOneTokenToResetThePassword', 'ValidTokenUser', 'NewPassword', true);
  476. $expectedResponse = [
  477. 'status' => 'error',
  478. 'msg' => 'Could not reset password because the token is invalid',
  479. ];
  480. $this->assertSame($expectedResponse, $response->getData());
  481. }
  482. public function testIsSetPasswordWithoutTokenFailing() {
  483. $this->config->method('getUserValue')
  484. ->with('ValidTokenUser', 'core', 'lostpassword', null)
  485. ->willReturn('aValidtoken');
  486. $this->userManager->method('get')
  487. ->with('ValidTokenUser')
  488. ->willReturn($this->existingUser);
  489. $this->verificationToken->expects($this->atLeastOnce())
  490. ->method('check')
  491. ->willThrowException(new InvalidTokenException(InvalidTokenException::TOKEN_MISMATCH));
  492. $response = $this->lostController->setPassword('', 'ValidTokenUser', 'NewPassword', true);
  493. $expectedResponse = [
  494. 'status' => 'error',
  495. 'msg' => 'Could not reset password because the token is invalid'
  496. ];
  497. $this->assertSame($expectedResponse, $response->getData());
  498. }
  499. public function testSetPasswordForDisabledUser() {
  500. $user = $this->createMock(IUser::class);
  501. $user->expects($this->any())
  502. ->method('isEnabled')
  503. ->willReturn(false);
  504. $user->expects($this->never())
  505. ->method('setPassword');
  506. $user->expects($this->any())
  507. ->method('getEMailAddress')
  508. ->willReturn('random@example.org');
  509. $this->config->method('getUserValue')
  510. ->with('ValidTokenUser', 'core', 'lostpassword', null)
  511. ->willReturn('encryptedData');
  512. $this->userManager->method('get')
  513. ->with('DisabledUser')
  514. ->willReturn($user);
  515. $this->verificationToken->expects($this->atLeastOnce())
  516. ->method('check')
  517. ->willThrowException(new InvalidTokenException(InvalidTokenException::USER_UNKNOWN));
  518. $response = $this->lostController->setPassword('TheOnlyAndOnlyOneTokenToResetThePassword', 'DisabledUser', 'NewPassword', true);
  519. $expectedResponse = [
  520. 'status' => 'error',
  521. 'msg' => 'Could not reset password because the token is invalid'
  522. ];
  523. $this->assertSame($expectedResponse, $response->getData());
  524. }
  525. public function testSendEmailNoEmail() {
  526. $user = $this->createMock(IUser::class);
  527. $user->expects($this->any())
  528. ->method('isEnabled')
  529. ->willReturn(true);
  530. $this->userManager->method('userExists')
  531. ->with('ExistingUser')
  532. ->willReturn(true);
  533. $this->userManager->method('get')
  534. ->with('ExistingUser')
  535. ->willReturn($user);
  536. $this->logger->expects($this->exactly(0))
  537. ->method('error');
  538. $this->logger->expects($this->once())
  539. ->method('warning');
  540. $response = $this->lostController->email('ExistingUser');
  541. $expectedResponse = new JSONResponse(['status' => 'success']);
  542. $expectedResponse->throttle();
  543. $this->assertEquals($expectedResponse, $response);
  544. }
  545. public function testSetPasswordEncryptionDontProceedPerUserKey() {
  546. /** @var IEncryptionModule|MockObject $encryptionModule */
  547. $encryptionModule = $this->createMock(IEncryptionModule::class);
  548. $encryptionModule->expects($this->once())->method('needDetailedAccessList')->willReturn(true);
  549. $this->encryptionManager->expects($this->once())->method('getEncryptionModules')
  550. ->willReturn([0 => ['callback' => function () use ($encryptionModule) {
  551. return $encryptionModule;
  552. }]]);
  553. $response = $this->lostController->setPassword('myToken', 'user', 'newpass', false);
  554. $expectedResponse = ['status' => 'error', 'msg' => '', 'encryption' => true];
  555. $this->assertSame($expectedResponse, $response->getData());
  556. }
  557. public function testSetPasswordDontProceedMasterKey() {
  558. $encryptionModule = $this->createMock(IEncryptionModule::class);
  559. $encryptionModule->expects($this->once())->method('needDetailedAccessList')->willReturn(false);
  560. $this->encryptionManager->expects($this->once())->method('getEncryptionModules')
  561. ->willReturn([0 => ['callback' => function () use ($encryptionModule) {
  562. return $encryptionModule;
  563. }]]);
  564. $this->config->method('getUserValue')
  565. ->with('ValidTokenUser', 'core', 'lostpassword', null)
  566. ->willReturn('encryptedData');
  567. $this->existingUser->method('getLastLogin')
  568. ->willReturn(12344);
  569. $this->existingUser->expects($this->once())
  570. ->method('setPassword')
  571. ->with('NewPassword')
  572. ->willReturn(true);
  573. $this->userManager->method('get')
  574. ->with('ValidTokenUser')
  575. ->willReturn($this->existingUser);
  576. $this->config->expects($this->once())
  577. ->method('deleteUserValue')
  578. ->with('ValidTokenUser', 'core', 'lostpassword');
  579. $response = $this->lostController->setPassword('TheOnlyAndOnlyOneTokenToResetThePassword', 'ValidTokenUser', 'NewPassword', false);
  580. $expectedResponse = ['user' => 'ValidTokenUser', 'status' => 'success'];
  581. $this->assertSame($expectedResponse, $response->getData());
  582. }
  583. public function testTwoUsersWithSameEmail() {
  584. $user1 = $this->createMock(IUser::class);
  585. $user1->expects($this->any())
  586. ->method('getEMailAddress')
  587. ->willReturn('test@example.com');
  588. $user1->expects($this->any())
  589. ->method('getUID')
  590. ->willReturn('User1');
  591. $user1->expects($this->any())
  592. ->method('isEnabled')
  593. ->willReturn(true);
  594. $user2 = $this->createMock(IUser::class);
  595. $user2->expects($this->any())
  596. ->method('getEMailAddress')
  597. ->willReturn('test@example.com');
  598. $user2->expects($this->any())
  599. ->method('getUID')
  600. ->willReturn('User2');
  601. $user2->expects($this->any())
  602. ->method('isEnabled')
  603. ->willReturn(true);
  604. $this->userManager
  605. ->method('get')
  606. ->willReturn(null);
  607. $this->userManager
  608. ->method('getByEmail')
  609. ->willReturn([$user1, $user2]);
  610. $this->logger->expects($this->exactly(0))
  611. ->method('error');
  612. $this->logger->expects($this->once())
  613. ->method('warning');
  614. // request password reset for test@example.com
  615. $response = $this->lostController->email('test@example.com');
  616. $expectedResponse = new JSONResponse([
  617. 'status' => 'success'
  618. ]);
  619. $expectedResponse->throttle();
  620. $this->assertEquals($expectedResponse, $response);
  621. }
  622. /**
  623. * @return array
  624. */
  625. public function dataTwoUserswithSameEmailOneDisabled(): array {
  626. return [
  627. ['user1' => true, 'user2' => false],
  628. ['user1' => false, 'user2' => true]
  629. ];
  630. }
  631. /**
  632. * @dataProvider dataTwoUserswithSameEmailOneDisabled
  633. * @param bool $userEnabled1
  634. * @param bool $userEnabled2
  635. */
  636. public function testTwoUsersWithSameEmailOneDisabled(bool $userEnabled1, bool $userEnabled2): void {
  637. $user1 = $this->createMock(IUser::class);
  638. $user1->method('getEMailAddress')
  639. ->willReturn('test@example.com');
  640. $user1->method('getUID')
  641. ->willReturn('User1');
  642. $user1->method('isEnabled')
  643. ->willReturn($userEnabled1);
  644. $user2 = $this->createMock(IUser::class);
  645. $user2->method('getEMailAddress')
  646. ->willReturn('test@example.com');
  647. $user2->method('getUID')
  648. ->willReturn('User2');
  649. $user2->method('isEnabled')
  650. ->willReturn($userEnabled2);
  651. $this->userManager
  652. ->method('get')
  653. ->willReturn(null);
  654. $this->userManager
  655. ->method('getByEmail')
  656. ->willReturn([$user1, $user2]);
  657. $result = self::invokePrivate($this->lostController, 'findUserByIdOrMail', ['test@example.com']);
  658. $this->assertInstanceOf(IUser::class, $result);
  659. }
  660. public function testTrimEmailInput() {
  661. $this->userManager
  662. ->expects($this->once())
  663. ->method('getByEmail')
  664. ->with('test@example.com')
  665. ->willReturn([$this->existingUser]);
  666. $this->mailer
  667. ->expects($this->once())
  668. ->method('send');
  669. $response = $this->lostController->email(' test@example.com ');
  670. $expectedResponse = new JSONResponse(['status' => 'success']);
  671. $expectedResponse->throttle();
  672. $this->assertEquals($expectedResponse, $response);
  673. }
  674. public function testUsernameInput() {
  675. $this->userManager
  676. ->expects($this->once())
  677. ->method('get')
  678. ->with('ExistingUser')
  679. ->willReturn($this->existingUser);
  680. $this->mailer
  681. ->expects($this->once())
  682. ->method('send');
  683. $response = $this->lostController->email(' ExistingUser ');
  684. $expectedResponse = new JSONResponse(['status' => 'success']);
  685. $expectedResponse->throttle();
  686. $this->assertEquals($expectedResponse, $response);
  687. }
  688. }