1
0

ManagerTest.php 20 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725
  1. <?php
  2. /**
  3. * @author Christoph Wurst <christoph@owncloud.com>
  4. *
  5. * @copyright Copyright (c) 2016, ownCloud, Inc.
  6. * @license AGPL-3.0
  7. *
  8. * This code is free software: you can redistribute it and/or modify
  9. * it under the terms of the GNU Affero General Public License, version 3,
  10. * as published by the Free Software Foundation.
  11. *
  12. * This program is distributed in the hope that it will be useful,
  13. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  14. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  15. * GNU Affero General Public License for more details.
  16. *
  17. * You should have received a copy of the GNU Affero General Public License, version 3,
  18. * along with this program. If not, see <http://www.gnu.org/licenses/>
  19. *
  20. */
  21. namespace Test\Authentication\TwoFactorAuth;
  22. use OC;
  23. use OC\Authentication\Token\IProvider as TokenProvider;
  24. use OC\Authentication\TwoFactorAuth\Manager;
  25. use OC\Authentication\TwoFactorAuth\MandatoryTwoFactor;
  26. use OC\Authentication\TwoFactorAuth\ProviderLoader;
  27. use OCP\Activity\IEvent;
  28. use OCP\Activity\IManager;
  29. use OCP\AppFramework\Utility\ITimeFactory;
  30. use OCP\Authentication\TwoFactorAuth\IActivatableAtLogin;
  31. use OCP\Authentication\TwoFactorAuth\IProvider;
  32. use OCP\Authentication\TwoFactorAuth\IRegistry;
  33. use OCP\EventDispatcher\IEventDispatcher;
  34. use OCP\IConfig;
  35. use OCP\ISession;
  36. use OCP\IUser;
  37. use PHPUnit\Framework\MockObject\MockObject;
  38. use Psr\Log\LoggerInterface;
  39. use function reset;
  40. use Symfony\Component\EventDispatcher\EventDispatcherInterface;
  41. use Test\TestCase;
  42. class ManagerTest extends TestCase {
  43. /** @var IUser|MockObject */
  44. private $user;
  45. /** @var ProviderLoader|MockObject */
  46. private $providerLoader;
  47. /** @var IRegistry|MockObject */
  48. private $providerRegistry;
  49. /** @var MandatoryTwoFactor|MockObject */
  50. private $mandatoryTwoFactor;
  51. /** @var ISession|MockObject */
  52. private $session;
  53. /** @var Manager */
  54. private $manager;
  55. /** @var IConfig|MockObject */
  56. private $config;
  57. /** @var IManager|MockObject */
  58. private $activityManager;
  59. /** @var LoggerInterface|MockObject */
  60. private $logger;
  61. /** @var IProvider|MockObject */
  62. private $fakeProvider;
  63. /** @var IProvider|MockObject */
  64. private $backupProvider;
  65. /** @var TokenProvider|MockObject */
  66. private $tokenProvider;
  67. /** @var ITimeFactory|MockObject */
  68. private $timeFactory;
  69. /** @var IEventDispatcher|MockObject */
  70. private $newDispatcher;
  71. /** @var EventDispatcherInterface|MockObject */
  72. private $eventDispatcher;
  73. protected function setUp(): void {
  74. parent::setUp();
  75. $this->user = $this->createMock(IUser::class);
  76. $this->providerLoader = $this->createMock(ProviderLoader::class);
  77. $this->providerRegistry = $this->createMock(IRegistry::class);
  78. $this->mandatoryTwoFactor = $this->createMock(MandatoryTwoFactor::class);
  79. $this->session = $this->createMock(ISession::class);
  80. $this->config = $this->createMock(IConfig::class);
  81. $this->activityManager = $this->createMock(IManager::class);
  82. $this->logger = $this->createMock(LoggerInterface::class);
  83. $this->tokenProvider = $this->createMock(TokenProvider::class);
  84. $this->timeFactory = $this->createMock(ITimeFactory::class);
  85. $this->newDispatcher = $this->createMock(IEventDispatcher::class);
  86. $this->eventDispatcher = $this->createMock(EventDispatcherInterface::class);
  87. $this->manager = new Manager(
  88. $this->providerLoader,
  89. $this->providerRegistry,
  90. $this->mandatoryTwoFactor,
  91. $this->session,
  92. $this->config,
  93. $this->activityManager,
  94. $this->logger,
  95. $this->tokenProvider,
  96. $this->timeFactory,
  97. $this->newDispatcher,
  98. $this->eventDispatcher
  99. );
  100. $this->fakeProvider = $this->createMock(IProvider::class);
  101. $this->fakeProvider->method('getId')->willReturn('email');
  102. $this->backupProvider = $this->getMockBuilder('\OCP\Authentication\TwoFactorAuth\IProvider')->getMock();
  103. $this->backupProvider->method('getId')->willReturn('backup_codes');
  104. $this->backupProvider->method('isTwoFactorAuthEnabledForUser')->willReturn(true);
  105. }
  106. private function prepareNoProviders() {
  107. $this->providerLoader->method('getProviders')
  108. ->with($this->user)
  109. ->willReturn([]);
  110. }
  111. private function prepareProviders() {
  112. $this->providerRegistry->expects($this->once())
  113. ->method('getProviderStates')
  114. ->with($this->user)
  115. ->willReturn([
  116. $this->fakeProvider->getId() => true,
  117. ]);
  118. $this->providerLoader->expects($this->once())
  119. ->method('getProviders')
  120. ->with($this->user)
  121. ->willReturn([$this->fakeProvider]);
  122. }
  123. private function prepareProvidersWitBackupProvider() {
  124. $this->providerLoader->method('getProviders')
  125. ->with($this->user)
  126. ->willReturn([
  127. $this->fakeProvider,
  128. $this->backupProvider,
  129. ]);
  130. }
  131. public function testIsTwoFactorAuthenticatedEnforced() {
  132. $this->mandatoryTwoFactor->expects($this->once())
  133. ->method('isEnforcedFor')
  134. ->with($this->user)
  135. ->willReturn(true);
  136. $enabled = $this->manager->isTwoFactorAuthenticated($this->user);
  137. $this->assertTrue($enabled);
  138. }
  139. public function testIsTwoFactorAuthenticatedNoProviders() {
  140. $this->mandatoryTwoFactor->expects($this->once())
  141. ->method('isEnforcedFor')
  142. ->with($this->user)
  143. ->willReturn(false);
  144. $this->providerRegistry->expects($this->once())
  145. ->method('getProviderStates')
  146. ->willReturn([]); // No providers registered
  147. $this->providerLoader->expects($this->once())
  148. ->method('getProviders')
  149. ->willReturn([]); // No providers loadable
  150. $this->assertFalse($this->manager->isTwoFactorAuthenticated($this->user));
  151. }
  152. public function testIsTwoFactorAuthenticatedOnlyBackupCodes() {
  153. $this->mandatoryTwoFactor->expects($this->once())
  154. ->method('isEnforcedFor')
  155. ->with($this->user)
  156. ->willReturn(false);
  157. $this->providerRegistry->expects($this->once())
  158. ->method('getProviderStates')
  159. ->willReturn([
  160. 'backup_codes' => true,
  161. ]);
  162. $backupCodesProvider = $this->createMock(IProvider::class);
  163. $backupCodesProvider
  164. ->method('getId')
  165. ->willReturn('backup_codes');
  166. $this->providerLoader->expects($this->once())
  167. ->method('getProviders')
  168. ->willReturn([
  169. $backupCodesProvider,
  170. ]);
  171. $this->assertFalse($this->manager->isTwoFactorAuthenticated($this->user));
  172. }
  173. public function testIsTwoFactorAuthenticatedFailingProviders() {
  174. $this->mandatoryTwoFactor->expects($this->once())
  175. ->method('isEnforcedFor')
  176. ->with($this->user)
  177. ->willReturn(false);
  178. $this->providerRegistry->expects($this->once())
  179. ->method('getProviderStates')
  180. ->willReturn([
  181. 'twofactor_totp' => true,
  182. 'twofactor_u2f' => false,
  183. ]); // Two providers registered, but …
  184. $this->providerLoader->expects($this->once())
  185. ->method('getProviders')
  186. ->willReturn([]); // … none of them is able to load, however …
  187. // … 2FA is still enforced
  188. $this->assertTrue($this->manager->isTwoFactorAuthenticated($this->user));
  189. }
  190. public function providerStatesFixData(): array {
  191. return [
  192. [false, false],
  193. [true, true],
  194. ];
  195. }
  196. /**
  197. * If the 2FA registry has not been populated when a user logs in,
  198. * the 2FA manager has to first fix the state before it checks for
  199. * enabled providers.
  200. *
  201. * If any of these providers is active, 2FA is enabled
  202. *
  203. * @dataProvider providerStatesFixData
  204. */
  205. public function testIsTwoFactorAuthenticatedFixesProviderStates(bool $providerEnabled, bool $expected) {
  206. $this->providerRegistry->expects($this->once())
  207. ->method('getProviderStates')
  208. ->willReturn([]); // Nothing registered yet
  209. $this->providerLoader->expects($this->once())
  210. ->method('getProviders')
  211. ->willReturn([
  212. $this->fakeProvider
  213. ]);
  214. $this->fakeProvider->expects($this->once())
  215. ->method('isTwoFactorAuthEnabledForUser')
  216. ->with($this->user)
  217. ->willReturn($providerEnabled);
  218. if ($providerEnabled) {
  219. $this->providerRegistry->expects($this->once())
  220. ->method('enableProviderFor')
  221. ->with(
  222. $this->fakeProvider,
  223. $this->user
  224. );
  225. } else {
  226. $this->providerRegistry->expects($this->once())
  227. ->method('disableProviderFor')
  228. ->with(
  229. $this->fakeProvider,
  230. $this->user
  231. );
  232. }
  233. $this->assertEquals($expected, $this->manager->isTwoFactorAuthenticated($this->user));
  234. }
  235. public function testGetProvider() {
  236. $this->providerRegistry->expects($this->once())
  237. ->method('getProviderStates')
  238. ->with($this->user)
  239. ->willReturn([
  240. $this->fakeProvider->getId() => true,
  241. ]);
  242. $this->providerLoader->expects($this->once())
  243. ->method('getProviders')
  244. ->with($this->user)
  245. ->willReturn([$this->fakeProvider]);
  246. $provider = $this->manager->getProvider($this->user, $this->fakeProvider->getId());
  247. $this->assertSame($this->fakeProvider, $provider);
  248. }
  249. public function testGetInvalidProvider() {
  250. $this->providerRegistry->expects($this->once())
  251. ->method('getProviderStates')
  252. ->with($this->user)
  253. ->willReturn([]);
  254. $this->providerLoader->expects($this->once())
  255. ->method('getProviders')
  256. ->with($this->user)
  257. ->willReturn([]);
  258. $provider = $this->manager->getProvider($this->user, 'nonexistent');
  259. $this->assertNull($provider);
  260. }
  261. public function testGetLoginSetupProviders() {
  262. $provider1 = $this->createMock(IProvider::class);
  263. $provider2 = $this->createMock(IActivatableAtLogin::class);
  264. $this->providerLoader->expects($this->once())
  265. ->method('getProviders')
  266. ->with($this->user)
  267. ->willReturn([
  268. $provider1,
  269. $provider2,
  270. ]);
  271. $providers = $this->manager->getLoginSetupProviders($this->user);
  272. $this->assertCount(1, $providers);
  273. $this->assertSame($provider2, reset($providers));
  274. }
  275. public function testGetProviders() {
  276. $this->providerRegistry->expects($this->once())
  277. ->method('getProviderStates')
  278. ->with($this->user)
  279. ->willReturn([
  280. $this->fakeProvider->getId() => true,
  281. ]);
  282. $this->providerLoader->expects($this->once())
  283. ->method('getProviders')
  284. ->with($this->user)
  285. ->willReturn([$this->fakeProvider]);
  286. $expectedProviders = [
  287. 'email' => $this->fakeProvider,
  288. ];
  289. $providerSet = $this->manager->getProviderSet($this->user);
  290. $providers = $providerSet->getProviders();
  291. $this->assertEquals($expectedProviders, $providers);
  292. $this->assertFalse($providerSet->isProviderMissing());
  293. }
  294. public function testGetProvidersOneMissing() {
  295. $this->providerRegistry->expects($this->once())
  296. ->method('getProviderStates')
  297. ->with($this->user)
  298. ->willReturn([
  299. $this->fakeProvider->getId() => true,
  300. ]);
  301. $this->providerLoader->expects($this->once())
  302. ->method('getProviders')
  303. ->with($this->user)
  304. ->willReturn([]);
  305. $expectedProviders = [
  306. 'email' => $this->fakeProvider,
  307. ];
  308. $providerSet = $this->manager->getProviderSet($this->user);
  309. $this->assertTrue($providerSet->isProviderMissing());
  310. }
  311. public function testVerifyChallenge() {
  312. $this->prepareProviders();
  313. $challenge = 'passme';
  314. $event = $this->createMock(IEvent::class);
  315. $this->fakeProvider->expects($this->once())
  316. ->method('verifyChallenge')
  317. ->with($this->user, $challenge)
  318. ->willReturn(true);
  319. $this->session->expects($this->once())
  320. ->method('get')
  321. ->with('two_factor_remember_login')
  322. ->willReturn(false);
  323. $this->session->expects($this->exactly(2))
  324. ->method('remove')
  325. ->withConsecutive(
  326. ['two_factor_auth_uid'],
  327. ['two_factor_remember_login']
  328. );
  329. $this->session->expects($this->once())
  330. ->method('set')
  331. ->with(Manager::SESSION_UID_DONE, 'jos');
  332. $this->session->method('getId')
  333. ->willReturn('mysessionid');
  334. $this->activityManager->expects($this->once())
  335. ->method('generateEvent')
  336. ->willReturn($event);
  337. $this->user->expects($this->any())
  338. ->method('getUID')
  339. ->willReturn('jos');
  340. $event->expects($this->once())
  341. ->method('setApp')
  342. ->with($this->equalTo('core'))
  343. ->willReturnSelf();
  344. $event->expects($this->once())
  345. ->method('setType')
  346. ->with($this->equalTo('security'))
  347. ->willReturnSelf();
  348. $event->expects($this->once())
  349. ->method('setAuthor')
  350. ->with($this->equalTo('jos'))
  351. ->willReturnSelf();
  352. $event->expects($this->once())
  353. ->method('setAffectedUser')
  354. ->with($this->equalTo('jos'))
  355. ->willReturnSelf();
  356. $this->fakeProvider
  357. ->method('getDisplayName')
  358. ->willReturn('Fake 2FA');
  359. $event->expects($this->once())
  360. ->method('setSubject')
  361. ->with($this->equalTo('twofactor_success'), $this->equalTo([
  362. 'provider' => 'Fake 2FA',
  363. ]))
  364. ->willReturnSelf();
  365. $token = $this->createMock(OC\Authentication\Token\IToken::class);
  366. $this->tokenProvider->method('getToken')
  367. ->with('mysessionid')
  368. ->willReturn($token);
  369. $token->method('getId')
  370. ->willReturn(42);
  371. $this->config->expects($this->once())
  372. ->method('deleteUserValue')
  373. ->with('jos', 'login_token_2fa', '42');
  374. $result = $this->manager->verifyChallenge('email', $this->user, $challenge);
  375. $this->assertTrue($result);
  376. }
  377. public function testVerifyChallengeInvalidProviderId() {
  378. $this->prepareProviders();
  379. $challenge = 'passme';
  380. $this->fakeProvider->expects($this->never())
  381. ->method('verifyChallenge')
  382. ->with($this->user, $challenge);
  383. $this->session->expects($this->never())
  384. ->method('remove');
  385. $this->assertFalse($this->manager->verifyChallenge('dontexist', $this->user, $challenge));
  386. }
  387. public function testVerifyInvalidChallenge() {
  388. $this->prepareProviders();
  389. $challenge = 'dontpassme';
  390. $event = $this->createMock(IEvent::class);
  391. $this->fakeProvider->expects($this->once())
  392. ->method('verifyChallenge')
  393. ->with($this->user, $challenge)
  394. ->willReturn(false);
  395. $this->session->expects($this->never())
  396. ->method('remove');
  397. $this->activityManager->expects($this->once())
  398. ->method('generateEvent')
  399. ->willReturn($event);
  400. $this->user->expects($this->any())
  401. ->method('getUID')
  402. ->willReturn('jos');
  403. $event->expects($this->once())
  404. ->method('setApp')
  405. ->with($this->equalTo('core'))
  406. ->willReturnSelf();
  407. $event->expects($this->once())
  408. ->method('setType')
  409. ->with($this->equalTo('security'))
  410. ->willReturnSelf();
  411. $event->expects($this->once())
  412. ->method('setAuthor')
  413. ->with($this->equalTo('jos'))
  414. ->willReturnSelf();
  415. $event->expects($this->once())
  416. ->method('setAffectedUser')
  417. ->with($this->equalTo('jos'))
  418. ->willReturnSelf();
  419. $this->fakeProvider
  420. ->method('getDisplayName')
  421. ->willReturn('Fake 2FA');
  422. $event->expects($this->once())
  423. ->method('setSubject')
  424. ->with($this->equalTo('twofactor_failed'), $this->equalTo([
  425. 'provider' => 'Fake 2FA',
  426. ]))
  427. ->willReturnSelf();
  428. $this->assertFalse($this->manager->verifyChallenge('email', $this->user, $challenge));
  429. }
  430. public function testNeedsSecondFactor() {
  431. $user = $this->createMock(IUser::class);
  432. $this->session->expects($this->exactly(3))
  433. ->method('exists')
  434. ->withConsecutive(
  435. ['app_password'],
  436. ['two_factor_auth_uid'],
  437. [Manager::SESSION_UID_DONE],
  438. )
  439. ->willReturn(false);
  440. $this->session->method('getId')
  441. ->willReturn('mysessionid');
  442. $token = $this->createMock(OC\Authentication\Token\IToken::class);
  443. $this->tokenProvider->method('getToken')
  444. ->with('mysessionid')
  445. ->willReturn($token);
  446. $token->method('getId')
  447. ->willReturn(42);
  448. $user->method('getUID')
  449. ->willReturn('user');
  450. $this->config->method('getUserKeys')
  451. ->with('user', 'login_token_2fa')
  452. ->willReturn([
  453. '42'
  454. ]);
  455. $manager = $this->getMockBuilder(Manager::class)
  456. ->setConstructorArgs([
  457. $this->providerLoader,
  458. $this->providerRegistry,
  459. $this->mandatoryTwoFactor,
  460. $this->session,
  461. $this->config,
  462. $this->activityManager,
  463. $this->logger,
  464. $this->tokenProvider,
  465. $this->timeFactory,
  466. $this->newDispatcher,
  467. $this->eventDispatcher
  468. ])
  469. ->setMethods(['loadTwoFactorApp', 'isTwoFactorAuthenticated'])// Do not actually load the apps
  470. ->getMock();
  471. $manager->method('isTwoFactorAuthenticated')
  472. ->with($user)
  473. ->willReturn(true);
  474. $this->assertTrue($manager->needsSecondFactor($user));
  475. }
  476. public function testNeedsSecondFactorUserIsNull() {
  477. $user = null;
  478. $this->session->expects($this->never())
  479. ->method('exists');
  480. $this->assertFalse($this->manager->needsSecondFactor($user));
  481. }
  482. public function testNeedsSecondFactorWithNoProviderAvailableAnymore() {
  483. $this->prepareNoProviders();
  484. $user = null;
  485. $this->session->expects($this->never())
  486. ->method('exists')
  487. ->with('two_factor_auth_uid')
  488. ->willReturn(true);
  489. $this->session->expects($this->never())
  490. ->method('remove')
  491. ->with('two_factor_auth_uid');
  492. $this->assertFalse($this->manager->needsSecondFactor($user));
  493. }
  494. public function testPrepareTwoFactorLogin() {
  495. $this->user->method('getUID')
  496. ->willReturn('ferdinand');
  497. $this->session->expects($this->exactly(2))
  498. ->method('set')
  499. ->withConsecutive(
  500. ['two_factor_auth_uid', 'ferdinand'],
  501. ['two_factor_remember_login', true]
  502. );
  503. $this->session->method('getId')
  504. ->willReturn('mysessionid');
  505. $token = $this->createMock(OC\Authentication\Token\IToken::class);
  506. $this->tokenProvider->method('getToken')
  507. ->with('mysessionid')
  508. ->willReturn($token);
  509. $token->method('getId')
  510. ->willReturn(42);
  511. $this->timeFactory->method('getTime')
  512. ->willReturn(1337);
  513. $this->config->method('setUserValue')
  514. ->with('ferdinand', 'login_token_2fa', '42', '1337');
  515. $this->manager->prepareTwoFactorLogin($this->user, true);
  516. }
  517. public function testPrepareTwoFactorLoginDontRemember() {
  518. $this->user->method('getUID')
  519. ->willReturn('ferdinand');
  520. $this->session->expects($this->exactly(2))
  521. ->method('set')
  522. ->withConsecutive(
  523. ['two_factor_auth_uid', 'ferdinand'],
  524. ['two_factor_remember_login', false]
  525. );
  526. $this->session->method('getId')
  527. ->willReturn('mysessionid');
  528. $token = $this->createMock(OC\Authentication\Token\IToken::class);
  529. $this->tokenProvider->method('getToken')
  530. ->with('mysessionid')
  531. ->willReturn($token);
  532. $token->method('getId')
  533. ->willReturn(42);
  534. $this->timeFactory->method('getTime')
  535. ->willReturn(1337);
  536. $this->config->method('setUserValue')
  537. ->with('ferdinand', 'login_token_2fa', '42', '1337');
  538. $this->manager->prepareTwoFactorLogin($this->user, false);
  539. }
  540. public function testNeedsSecondFactorSessionAuth() {
  541. $user = $this->createMock(IUser::class);
  542. $user->method('getUID')
  543. ->willReturn('user');
  544. $this->session->method('exists')
  545. ->willReturnCallback(function ($var) {
  546. if ($var === Manager::SESSION_UID_KEY) {
  547. return false;
  548. } elseif ($var === 'app_password') {
  549. return false;
  550. } elseif ($var === 'app_api') {
  551. return false;
  552. }
  553. return true;
  554. });
  555. $this->session->method('get')
  556. ->willReturnCallback(function ($var) {
  557. if ($var === Manager::SESSION_UID_KEY) {
  558. return 'user';
  559. } elseif ($var === 'app_api') {
  560. return true;
  561. }
  562. return null;
  563. });
  564. $this->session->expects($this->once())
  565. ->method('get')
  566. ->willReturnMap([
  567. [Manager::SESSION_UID_DONE, 'user'],
  568. ['app_api', true]
  569. ]);
  570. $this->assertFalse($this->manager->needsSecondFactor($user));
  571. }
  572. public function testNeedsSecondFactorSessionAuthFailDBPass() {
  573. $user = $this->createMock(IUser::class);
  574. $user->method('getUID')
  575. ->willReturn('user');
  576. $this->session->method('exists')
  577. ->willReturn(false);
  578. $this->session->method('getId')
  579. ->willReturn('mysessionid');
  580. $token = $this->createMock(OC\Authentication\Token\IToken::class);
  581. $token->method('getId')
  582. ->willReturn(40);
  583. $this->tokenProvider->method('getToken')
  584. ->with('mysessionid')
  585. ->willReturn($token);
  586. $this->config->method('getUserKeys')
  587. ->with('user', 'login_token_2fa')
  588. ->willReturn([
  589. '42', '43', '44'
  590. ]);
  591. $this->session->expects($this->once())
  592. ->method('set')
  593. ->with(Manager::SESSION_UID_DONE, 'user');
  594. $this->assertFalse($this->manager->needsSecondFactor($user));
  595. }
  596. public function testNeedsSecondFactorInvalidToken() {
  597. $this->prepareNoProviders();
  598. $user = $this->createMock(IUser::class);
  599. $user->method('getUID')
  600. ->willReturn('user');
  601. $this->session->method('exists')
  602. ->willReturn(false);
  603. $this->session->method('getId')
  604. ->willReturn('mysessionid');
  605. $this->tokenProvider->method('getToken')
  606. ->with('mysessionid')
  607. ->willThrowException(new OC\Authentication\Exceptions\InvalidTokenException());
  608. $this->config->method('getUserKeys')->willReturn([]);
  609. $this->assertFalse($this->manager->needsSecondFactor($user));
  610. }
  611. public function testNeedsSecondFactorAppPassword() {
  612. $user = $this->createMock(IUser::class);
  613. $this->session->method('exists')
  614. ->willReturnMap([
  615. ['app_password', true],
  616. ['app_api', true]
  617. ]);
  618. $this->assertFalse($this->manager->needsSecondFactor($user));
  619. }
  620. }