1
0

ManagerTest.php 21 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776
  1. <?php
  2. /**
  3. * @author Christoph Wurst <christoph@owncloud.com>
  4. *
  5. * @copyright Copyright (c) 2016, ownCloud, Inc.
  6. * @license AGPL-3.0
  7. *
  8. * This code is free software: you can redistribute it and/or modify
  9. * it under the terms of the GNU Affero General Public License, version 3,
  10. * as published by the Free Software Foundation.
  11. *
  12. * This program is distributed in the hope that it will be useful,
  13. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  14. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  15. * GNU Affero General Public License for more details.
  16. *
  17. * You should have received a copy of the GNU Affero General Public License, version 3,
  18. * along with this program. If not, see <http://www.gnu.org/licenses/>
  19. *
  20. */
  21. namespace Test\Authentication\TwoFactorAuth;
  22. use OC;
  23. use OC\Authentication\Token\IProvider as TokenProvider;
  24. use OC\Authentication\TwoFactorAuth\Manager;
  25. use OC\Authentication\TwoFactorAuth\MandatoryTwoFactor;
  26. use OC\Authentication\TwoFactorAuth\ProviderLoader;
  27. use OCP\Activity\IEvent;
  28. use OCP\Activity\IManager;
  29. use OCP\AppFramework\Db\DoesNotExistException;
  30. use OCP\AppFramework\Utility\ITimeFactory;
  31. use OCP\Authentication\TwoFactorAuth\IActivatableAtLogin;
  32. use OCP\Authentication\TwoFactorAuth\IProvider;
  33. use OCP\Authentication\TwoFactorAuth\IRegistry;
  34. use OCP\EventDispatcher\IEventDispatcher;
  35. use OCP\IConfig;
  36. use OCP\ISession;
  37. use OCP\IUser;
  38. use PHPUnit\Framework\MockObject\MockObject;
  39. use Psr\Log\LoggerInterface;
  40. use Test\TestCase;
  41. use function reset;
  42. class ManagerTest extends TestCase {
  43. /** @var IUser|MockObject */
  44. private $user;
  45. /** @var ProviderLoader|MockObject */
  46. private $providerLoader;
  47. /** @var IRegistry|MockObject */
  48. private $providerRegistry;
  49. /** @var MandatoryTwoFactor|MockObject */
  50. private $mandatoryTwoFactor;
  51. /** @var ISession|MockObject */
  52. private $session;
  53. /** @var Manager */
  54. private $manager;
  55. /** @var IConfig|MockObject */
  56. private $config;
  57. /** @var IManager|MockObject */
  58. private $activityManager;
  59. /** @var LoggerInterface|MockObject */
  60. private $logger;
  61. /** @var IProvider|MockObject */
  62. private $fakeProvider;
  63. /** @var IProvider|MockObject */
  64. private $backupProvider;
  65. /** @var TokenProvider|MockObject */
  66. private $tokenProvider;
  67. /** @var ITimeFactory|MockObject */
  68. private $timeFactory;
  69. /** @var IEventDispatcher|MockObject */
  70. private $dispatcher;
  71. protected function setUp(): void {
  72. parent::setUp();
  73. $this->user = $this->createMock(IUser::class);
  74. $this->providerLoader = $this->createMock(ProviderLoader::class);
  75. $this->providerRegistry = $this->createMock(IRegistry::class);
  76. $this->mandatoryTwoFactor = $this->createMock(MandatoryTwoFactor::class);
  77. $this->session = $this->createMock(ISession::class);
  78. $this->config = $this->createMock(IConfig::class);
  79. $this->activityManager = $this->createMock(IManager::class);
  80. $this->logger = $this->createMock(LoggerInterface::class);
  81. $this->tokenProvider = $this->createMock(TokenProvider::class);
  82. $this->timeFactory = $this->createMock(ITimeFactory::class);
  83. $this->dispatcher = $this->createMock(IEventDispatcher::class);
  84. $this->manager = new Manager(
  85. $this->providerLoader,
  86. $this->providerRegistry,
  87. $this->mandatoryTwoFactor,
  88. $this->session,
  89. $this->config,
  90. $this->activityManager,
  91. $this->logger,
  92. $this->tokenProvider,
  93. $this->timeFactory,
  94. $this->dispatcher,
  95. );
  96. $this->fakeProvider = $this->createMock(IProvider::class);
  97. $this->fakeProvider->method('getId')->willReturn('email');
  98. $this->backupProvider = $this->getMockBuilder('\OCP\Authentication\TwoFactorAuth\IProvider')->getMock();
  99. $this->backupProvider->method('getId')->willReturn('backup_codes');
  100. $this->backupProvider->method('isTwoFactorAuthEnabledForUser')->willReturn(true);
  101. }
  102. private function prepareNoProviders() {
  103. $this->providerLoader->method('getProviders')
  104. ->with($this->user)
  105. ->willReturn([]);
  106. }
  107. private function prepareProviders() {
  108. $this->providerRegistry->expects($this->once())
  109. ->method('getProviderStates')
  110. ->with($this->user)
  111. ->willReturn([
  112. $this->fakeProvider->getId() => true,
  113. ]);
  114. $this->providerLoader->expects($this->once())
  115. ->method('getProviders')
  116. ->with($this->user)
  117. ->willReturn([$this->fakeProvider]);
  118. }
  119. private function prepareProvidersWitBackupProvider() {
  120. $this->providerLoader->method('getProviders')
  121. ->with($this->user)
  122. ->willReturn([
  123. $this->fakeProvider,
  124. $this->backupProvider,
  125. ]);
  126. }
  127. public function testIsTwoFactorAuthenticatedEnforced() {
  128. $this->mandatoryTwoFactor->expects($this->once())
  129. ->method('isEnforcedFor')
  130. ->with($this->user)
  131. ->willReturn(true);
  132. $enabled = $this->manager->isTwoFactorAuthenticated($this->user);
  133. $this->assertTrue($enabled);
  134. }
  135. public function testIsTwoFactorAuthenticatedNoProviders() {
  136. $this->mandatoryTwoFactor->expects($this->once())
  137. ->method('isEnforcedFor')
  138. ->with($this->user)
  139. ->willReturn(false);
  140. $this->providerRegistry->expects($this->once())
  141. ->method('getProviderStates')
  142. ->willReturn([]); // No providers registered
  143. $this->providerLoader->expects($this->once())
  144. ->method('getProviders')
  145. ->willReturn([]); // No providers loadable
  146. $this->assertFalse($this->manager->isTwoFactorAuthenticated($this->user));
  147. }
  148. public function testIsTwoFactorAuthenticatedOnlyBackupCodes() {
  149. $this->mandatoryTwoFactor->expects($this->once())
  150. ->method('isEnforcedFor')
  151. ->with($this->user)
  152. ->willReturn(false);
  153. $this->providerRegistry->expects($this->once())
  154. ->method('getProviderStates')
  155. ->willReturn([
  156. 'backup_codes' => true,
  157. ]);
  158. $backupCodesProvider = $this->createMock(IProvider::class);
  159. $backupCodesProvider
  160. ->method('getId')
  161. ->willReturn('backup_codes');
  162. $this->providerLoader->expects($this->once())
  163. ->method('getProviders')
  164. ->willReturn([
  165. $backupCodesProvider,
  166. ]);
  167. $this->assertFalse($this->manager->isTwoFactorAuthenticated($this->user));
  168. }
  169. public function testIsTwoFactorAuthenticatedFailingProviders() {
  170. $this->mandatoryTwoFactor->expects($this->once())
  171. ->method('isEnforcedFor')
  172. ->with($this->user)
  173. ->willReturn(false);
  174. $this->providerRegistry->expects($this->once())
  175. ->method('getProviderStates')
  176. ->willReturn([
  177. 'twofactor_totp' => true,
  178. 'twofactor_u2f' => false,
  179. ]); // Two providers registered, but …
  180. $this->providerLoader->expects($this->once())
  181. ->method('getProviders')
  182. ->willReturn([]); // … none of them is able to load, however …
  183. // … 2FA is still enforced
  184. $this->assertTrue($this->manager->isTwoFactorAuthenticated($this->user));
  185. }
  186. public function providerStatesFixData(): array {
  187. return [
  188. [false, false],
  189. [true, true],
  190. ];
  191. }
  192. /**
  193. * If the 2FA registry has not been populated when a user logs in,
  194. * the 2FA manager has to first fix the state before it checks for
  195. * enabled providers.
  196. *
  197. * If any of these providers is active, 2FA is enabled
  198. *
  199. * @dataProvider providerStatesFixData
  200. */
  201. public function testIsTwoFactorAuthenticatedFixesProviderStates(bool $providerEnabled, bool $expected) {
  202. $this->providerRegistry->expects($this->once())
  203. ->method('getProviderStates')
  204. ->willReturn([]); // Nothing registered yet
  205. $this->providerLoader->expects($this->once())
  206. ->method('getProviders')
  207. ->willReturn([
  208. $this->fakeProvider
  209. ]);
  210. $this->fakeProvider->expects($this->once())
  211. ->method('isTwoFactorAuthEnabledForUser')
  212. ->with($this->user)
  213. ->willReturn($providerEnabled);
  214. if ($providerEnabled) {
  215. $this->providerRegistry->expects($this->once())
  216. ->method('enableProviderFor')
  217. ->with(
  218. $this->fakeProvider,
  219. $this->user
  220. );
  221. } else {
  222. $this->providerRegistry->expects($this->once())
  223. ->method('disableProviderFor')
  224. ->with(
  225. $this->fakeProvider,
  226. $this->user
  227. );
  228. }
  229. $this->assertEquals($expected, $this->manager->isTwoFactorAuthenticated($this->user));
  230. }
  231. public function testGetProvider() {
  232. $this->providerRegistry->expects($this->once())
  233. ->method('getProviderStates')
  234. ->with($this->user)
  235. ->willReturn([
  236. $this->fakeProvider->getId() => true,
  237. ]);
  238. $this->providerLoader->expects($this->once())
  239. ->method('getProviders')
  240. ->with($this->user)
  241. ->willReturn([$this->fakeProvider]);
  242. $provider = $this->manager->getProvider($this->user, $this->fakeProvider->getId());
  243. $this->assertSame($this->fakeProvider, $provider);
  244. }
  245. public function testGetInvalidProvider() {
  246. $this->providerRegistry->expects($this->once())
  247. ->method('getProviderStates')
  248. ->with($this->user)
  249. ->willReturn([]);
  250. $this->providerLoader->expects($this->once())
  251. ->method('getProviders')
  252. ->with($this->user)
  253. ->willReturn([]);
  254. $provider = $this->manager->getProvider($this->user, 'nonexistent');
  255. $this->assertNull($provider);
  256. }
  257. public function testGetLoginSetupProviders() {
  258. $provider1 = $this->createMock(IProvider::class);
  259. $provider2 = $this->createMock(IActivatableAtLogin::class);
  260. $this->providerLoader->expects($this->once())
  261. ->method('getProviders')
  262. ->with($this->user)
  263. ->willReturn([
  264. $provider1,
  265. $provider2,
  266. ]);
  267. $providers = $this->manager->getLoginSetupProviders($this->user);
  268. $this->assertCount(1, $providers);
  269. $this->assertSame($provider2, reset($providers));
  270. }
  271. public function testGetProviders() {
  272. $this->providerRegistry->expects($this->once())
  273. ->method('getProviderStates')
  274. ->with($this->user)
  275. ->willReturn([
  276. $this->fakeProvider->getId() => true,
  277. ]);
  278. $this->providerLoader->expects($this->once())
  279. ->method('getProviders')
  280. ->with($this->user)
  281. ->willReturn([$this->fakeProvider]);
  282. $expectedProviders = [
  283. 'email' => $this->fakeProvider,
  284. ];
  285. $providerSet = $this->manager->getProviderSet($this->user);
  286. $providers = $providerSet->getProviders();
  287. $this->assertEquals($expectedProviders, $providers);
  288. $this->assertFalse($providerSet->isProviderMissing());
  289. }
  290. public function testGetProvidersOneMissing() {
  291. $this->providerRegistry->expects($this->once())
  292. ->method('getProviderStates')
  293. ->with($this->user)
  294. ->willReturn([
  295. $this->fakeProvider->getId() => true,
  296. ]);
  297. $this->providerLoader->expects($this->once())
  298. ->method('getProviders')
  299. ->with($this->user)
  300. ->willReturn([]);
  301. $expectedProviders = [
  302. 'email' => $this->fakeProvider,
  303. ];
  304. $providerSet = $this->manager->getProviderSet($this->user);
  305. $this->assertTrue($providerSet->isProviderMissing());
  306. }
  307. public function testVerifyChallenge() {
  308. $this->prepareProviders();
  309. $challenge = 'passme';
  310. $event = $this->createMock(IEvent::class);
  311. $this->fakeProvider->expects($this->once())
  312. ->method('verifyChallenge')
  313. ->with($this->user, $challenge)
  314. ->willReturn(true);
  315. $this->session->expects($this->once())
  316. ->method('get')
  317. ->with('two_factor_remember_login')
  318. ->willReturn(false);
  319. $this->session->expects($this->exactly(2))
  320. ->method('remove')
  321. ->withConsecutive(
  322. ['two_factor_auth_uid'],
  323. ['two_factor_remember_login']
  324. );
  325. $this->session->expects($this->once())
  326. ->method('set')
  327. ->with(Manager::SESSION_UID_DONE, 'jos');
  328. $this->session->method('getId')
  329. ->willReturn('mysessionid');
  330. $this->activityManager->expects($this->once())
  331. ->method('generateEvent')
  332. ->willReturn($event);
  333. $this->user->expects($this->any())
  334. ->method('getUID')
  335. ->willReturn('jos');
  336. $event->expects($this->once())
  337. ->method('setApp')
  338. ->with($this->equalTo('core'))
  339. ->willReturnSelf();
  340. $event->expects($this->once())
  341. ->method('setType')
  342. ->with($this->equalTo('security'))
  343. ->willReturnSelf();
  344. $event->expects($this->once())
  345. ->method('setAuthor')
  346. ->with($this->equalTo('jos'))
  347. ->willReturnSelf();
  348. $event->expects($this->once())
  349. ->method('setAffectedUser')
  350. ->with($this->equalTo('jos'))
  351. ->willReturnSelf();
  352. $this->fakeProvider
  353. ->method('getDisplayName')
  354. ->willReturn('Fake 2FA');
  355. $event->expects($this->once())
  356. ->method('setSubject')
  357. ->with($this->equalTo('twofactor_success'), $this->equalTo([
  358. 'provider' => 'Fake 2FA',
  359. ]))
  360. ->willReturnSelf();
  361. $token = $this->createMock(OC\Authentication\Token\IToken::class);
  362. $this->tokenProvider->method('getToken')
  363. ->with('mysessionid')
  364. ->willReturn($token);
  365. $token->method('getId')
  366. ->willReturn(42);
  367. $this->config->expects($this->once())
  368. ->method('deleteUserValue')
  369. ->with('jos', 'login_token_2fa', '42');
  370. $result = $this->manager->verifyChallenge('email', $this->user, $challenge);
  371. $this->assertTrue($result);
  372. }
  373. public function testVerifyChallengeInvalidProviderId() {
  374. $this->prepareProviders();
  375. $challenge = 'passme';
  376. $this->fakeProvider->expects($this->never())
  377. ->method('verifyChallenge')
  378. ->with($this->user, $challenge);
  379. $this->session->expects($this->never())
  380. ->method('remove');
  381. $this->assertFalse($this->manager->verifyChallenge('dontexist', $this->user, $challenge));
  382. }
  383. public function testVerifyInvalidChallenge() {
  384. $this->prepareProviders();
  385. $challenge = 'dontpassme';
  386. $event = $this->createMock(IEvent::class);
  387. $this->fakeProvider->expects($this->once())
  388. ->method('verifyChallenge')
  389. ->with($this->user, $challenge)
  390. ->willReturn(false);
  391. $this->session->expects($this->never())
  392. ->method('remove');
  393. $this->activityManager->expects($this->once())
  394. ->method('generateEvent')
  395. ->willReturn($event);
  396. $this->user->expects($this->any())
  397. ->method('getUID')
  398. ->willReturn('jos');
  399. $event->expects($this->once())
  400. ->method('setApp')
  401. ->with($this->equalTo('core'))
  402. ->willReturnSelf();
  403. $event->expects($this->once())
  404. ->method('setType')
  405. ->with($this->equalTo('security'))
  406. ->willReturnSelf();
  407. $event->expects($this->once())
  408. ->method('setAuthor')
  409. ->with($this->equalTo('jos'))
  410. ->willReturnSelf();
  411. $event->expects($this->once())
  412. ->method('setAffectedUser')
  413. ->with($this->equalTo('jos'))
  414. ->willReturnSelf();
  415. $this->fakeProvider
  416. ->method('getDisplayName')
  417. ->willReturn('Fake 2FA');
  418. $event->expects($this->once())
  419. ->method('setSubject')
  420. ->with($this->equalTo('twofactor_failed'), $this->equalTo([
  421. 'provider' => 'Fake 2FA',
  422. ]))
  423. ->willReturnSelf();
  424. $this->assertFalse($this->manager->verifyChallenge('email', $this->user, $challenge));
  425. }
  426. public function testNeedsSecondFactor() {
  427. $user = $this->createMock(IUser::class);
  428. $this->session->expects($this->exactly(3))
  429. ->method('exists')
  430. ->withConsecutive(
  431. ['app_password'],
  432. ['two_factor_auth_uid'],
  433. [Manager::SESSION_UID_DONE],
  434. )
  435. ->willReturn(false);
  436. $this->session->method('getId')
  437. ->willReturn('mysessionid');
  438. $token = $this->createMock(OC\Authentication\Token\IToken::class);
  439. $this->tokenProvider->method('getToken')
  440. ->with('mysessionid')
  441. ->willReturn($token);
  442. $token->method('getId')
  443. ->willReturn(42);
  444. $user->method('getUID')
  445. ->willReturn('user');
  446. $this->config->method('getUserKeys')
  447. ->with('user', 'login_token_2fa')
  448. ->willReturn([
  449. '42'
  450. ]);
  451. $manager = $this->getMockBuilder(Manager::class)
  452. ->setConstructorArgs([
  453. $this->providerLoader,
  454. $this->providerRegistry,
  455. $this->mandatoryTwoFactor,
  456. $this->session,
  457. $this->config,
  458. $this->activityManager,
  459. $this->logger,
  460. $this->tokenProvider,
  461. $this->timeFactory,
  462. $this->dispatcher,
  463. ])
  464. ->setMethods(['loadTwoFactorApp', 'isTwoFactorAuthenticated'])// Do not actually load the apps
  465. ->getMock();
  466. $manager->method('isTwoFactorAuthenticated')
  467. ->with($user)
  468. ->willReturn(true);
  469. $this->assertTrue($manager->needsSecondFactor($user));
  470. }
  471. public function testNeedsSecondFactorUserIsNull() {
  472. $user = null;
  473. $this->session->expects($this->never())
  474. ->method('exists');
  475. $this->assertFalse($this->manager->needsSecondFactor($user));
  476. }
  477. public function testNeedsSecondFactorWithNoProviderAvailableAnymore() {
  478. $this->prepareNoProviders();
  479. $user = null;
  480. $this->session->expects($this->never())
  481. ->method('exists')
  482. ->with('two_factor_auth_uid')
  483. ->willReturn(true);
  484. $this->session->expects($this->never())
  485. ->method('remove')
  486. ->with('two_factor_auth_uid');
  487. $this->assertFalse($this->manager->needsSecondFactor($user));
  488. }
  489. public function testPrepareTwoFactorLogin() {
  490. $this->user->method('getUID')
  491. ->willReturn('ferdinand');
  492. $this->session->expects($this->exactly(2))
  493. ->method('set')
  494. ->withConsecutive(
  495. ['two_factor_auth_uid', 'ferdinand'],
  496. ['two_factor_remember_login', true]
  497. );
  498. $this->session->method('getId')
  499. ->willReturn('mysessionid');
  500. $token = $this->createMock(OC\Authentication\Token\IToken::class);
  501. $this->tokenProvider->method('getToken')
  502. ->with('mysessionid')
  503. ->willReturn($token);
  504. $token->method('getId')
  505. ->willReturn(42);
  506. $this->timeFactory->method('getTime')
  507. ->willReturn(1337);
  508. $this->config->method('setUserValue')
  509. ->with('ferdinand', 'login_token_2fa', '42', '1337');
  510. $this->manager->prepareTwoFactorLogin($this->user, true);
  511. }
  512. public function testPrepareTwoFactorLoginDontRemember() {
  513. $this->user->method('getUID')
  514. ->willReturn('ferdinand');
  515. $this->session->expects($this->exactly(2))
  516. ->method('set')
  517. ->withConsecutive(
  518. ['two_factor_auth_uid', 'ferdinand'],
  519. ['two_factor_remember_login', false]
  520. );
  521. $this->session->method('getId')
  522. ->willReturn('mysessionid');
  523. $token = $this->createMock(OC\Authentication\Token\IToken::class);
  524. $this->tokenProvider->method('getToken')
  525. ->with('mysessionid')
  526. ->willReturn($token);
  527. $token->method('getId')
  528. ->willReturn(42);
  529. $this->timeFactory->method('getTime')
  530. ->willReturn(1337);
  531. $this->config->method('setUserValue')
  532. ->with('ferdinand', 'login_token_2fa', '42', '1337');
  533. $this->manager->prepareTwoFactorLogin($this->user, false);
  534. }
  535. public function testNeedsSecondFactorSessionAuth() {
  536. $user = $this->createMock(IUser::class);
  537. $user->method('getUID')
  538. ->willReturn('user');
  539. $this->session->method('exists')
  540. ->willReturnCallback(function ($var) {
  541. if ($var === Manager::SESSION_UID_KEY) {
  542. return false;
  543. } elseif ($var === 'app_password') {
  544. return false;
  545. } elseif ($var === 'app_api') {
  546. return false;
  547. }
  548. return true;
  549. });
  550. $this->session->method('get')
  551. ->willReturnCallback(function ($var) {
  552. if ($var === Manager::SESSION_UID_KEY) {
  553. return 'user';
  554. } elseif ($var === 'app_api') {
  555. return true;
  556. }
  557. return null;
  558. });
  559. $this->session->expects($this->once())
  560. ->method('get')
  561. ->willReturnMap([
  562. [Manager::SESSION_UID_DONE, 'user'],
  563. ['app_api', true]
  564. ]);
  565. $this->assertFalse($this->manager->needsSecondFactor($user));
  566. }
  567. public function testNeedsSecondFactorSessionAuthFailDBPass() {
  568. $user = $this->createMock(IUser::class);
  569. $user->method('getUID')
  570. ->willReturn('user');
  571. $this->session->method('exists')
  572. ->willReturn(false);
  573. $this->session->method('getId')
  574. ->willReturn('mysessionid');
  575. $token = $this->createMock(OC\Authentication\Token\IToken::class);
  576. $token->method('getId')
  577. ->willReturn(40);
  578. $this->tokenProvider->method('getToken')
  579. ->with('mysessionid')
  580. ->willReturn($token);
  581. $this->config->method('getUserKeys')
  582. ->with('user', 'login_token_2fa')
  583. ->willReturn([
  584. '42', '43', '44'
  585. ]);
  586. $this->session->expects($this->once())
  587. ->method('set')
  588. ->with(Manager::SESSION_UID_DONE, 'user');
  589. $this->assertFalse($this->manager->needsSecondFactor($user));
  590. }
  591. public function testNeedsSecondFactorInvalidToken() {
  592. $this->prepareNoProviders();
  593. $user = $this->createMock(IUser::class);
  594. $user->method('getUID')
  595. ->willReturn('user');
  596. $this->session->method('exists')
  597. ->willReturn(false);
  598. $this->session->method('getId')
  599. ->willReturn('mysessionid');
  600. $this->tokenProvider->method('getToken')
  601. ->with('mysessionid')
  602. ->willThrowException(new OC\Authentication\Exceptions\InvalidTokenException());
  603. $this->config->method('getUserKeys')->willReturn([]);
  604. $this->assertFalse($this->manager->needsSecondFactor($user));
  605. }
  606. public function testNeedsSecondFactorAppPassword() {
  607. $user = $this->createMock(IUser::class);
  608. $this->session->method('exists')
  609. ->willReturnMap([
  610. ['app_password', true],
  611. ['app_api', true]
  612. ]);
  613. $this->assertFalse($this->manager->needsSecondFactor($user));
  614. }
  615. public function testClearTwoFactorPending() {
  616. $this->config->method('getUserKeys')
  617. ->with('theUserId', 'login_token_2fa')
  618. ->willReturn([
  619. '42', '43', '44'
  620. ]);
  621. $this->config->expects($this->exactly(3))
  622. ->method('deleteUserValue')
  623. ->withConsecutive(
  624. ['theUserId', 'login_token_2fa', '42'],
  625. ['theUserId', 'login_token_2fa', '43'],
  626. ['theUserId', 'login_token_2fa', '44'],
  627. );
  628. $this->tokenProvider->expects($this->exactly(3))
  629. ->method('invalidateTokenById')
  630. ->withConsecutive(
  631. ['theUserId', 42],
  632. ['theUserId', 43],
  633. ['theUserId', 44],
  634. );
  635. $this->manager->clearTwoFactorPending('theUserId');
  636. }
  637. public function testClearTwoFactorPendingTokenDoesNotExist() {
  638. $this->config->method('getUserKeys')
  639. ->with('theUserId', 'login_token_2fa')
  640. ->willReturn([
  641. '42', '43', '44'
  642. ]);
  643. $this->config->expects($this->exactly(3))
  644. ->method('deleteUserValue')
  645. ->withConsecutive(
  646. ['theUserId', 'login_token_2fa', '42'],
  647. ['theUserId', 'login_token_2fa', '43'],
  648. ['theUserId', 'login_token_2fa', '44'],
  649. );
  650. $this->tokenProvider->expects($this->exactly(3))
  651. ->method('invalidateTokenById')
  652. ->withConsecutive(
  653. ['theUserId', 42],
  654. ['theUserId', 43],
  655. ['theUserId', 44],
  656. )
  657. ->willReturnCallback(function ($user, $tokenId) {
  658. if ($tokenId === 43) {
  659. throw new DoesNotExistException('token does not exist');
  660. }
  661. });
  662. $this->manager->clearTwoFactorPending('theUserId');
  663. }
  664. }