MandatoryTwoFactorTest.php 4.9 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179
  1. <?php
  2. declare(strict_types=1);
  3. /**
  4. * SPDX-FileCopyrightText: 2018 Nextcloud GmbH and Nextcloud contributors
  5. * SPDX-License-Identifier: AGPL-3.0-or-later
  6. */
  7. namespace Tests\Authentication\TwoFactorAuth;
  8. use OC\Authentication\TwoFactorAuth\EnforcementState;
  9. use OC\Authentication\TwoFactorAuth\MandatoryTwoFactor;
  10. use OCP\IConfig;
  11. use OCP\IGroupManager;
  12. use OCP\IUser;
  13. use PHPUnit\Framework\MockObject\MockObject;
  14. use Test\TestCase;
  15. class MandatoryTwoFactorTest extends TestCase {
  16. /** @var IConfig|MockObject */
  17. private $config;
  18. /** @var IGroupManager|MockObject */
  19. private $groupManager;
  20. /** @var MandatoryTwoFactor */
  21. private $mandatoryTwoFactor;
  22. protected function setUp(): void {
  23. parent::setUp();
  24. $this->config = $this->createMock(IConfig::class);
  25. $this->groupManager = $this->createMock(IGroupManager::class);
  26. $this->mandatoryTwoFactor = new MandatoryTwoFactor($this->config, $this->groupManager);
  27. }
  28. public function testIsNotEnforced(): void {
  29. $this->config
  30. ->method('getSystemValue')
  31. ->willReturnMap([
  32. ['twofactor_enforced', 'false', 'false'],
  33. ['twofactor_enforced_groups', [], []],
  34. ['twofactor_enforced_excluded_groups', [], []],
  35. ]);
  36. $state = $this->mandatoryTwoFactor->getState();
  37. $this->assertFalse($state->isEnforced());
  38. }
  39. public function testIsEnforced(): void {
  40. $this->config
  41. ->method('getSystemValue')
  42. ->willReturnMap([
  43. ['twofactor_enforced', 'false', 'true'],
  44. ['twofactor_enforced_groups', [], []],
  45. ['twofactor_enforced_excluded_groups', [], []],
  46. ]);
  47. $state = $this->mandatoryTwoFactor->getState();
  48. $this->assertTrue($state->isEnforced());
  49. }
  50. public function testIsNotEnforcedForAnybody(): void {
  51. $user = $this->createMock(IUser::class);
  52. $user->method('getUID')->willReturn('user123');
  53. $this->config
  54. ->method('getSystemValue')
  55. ->willReturnMap([
  56. ['twofactor_enforced', 'false', 'false'],
  57. ['twofactor_enforced_groups', [], []],
  58. ['twofactor_enforced_excluded_groups', [], []],
  59. ]);
  60. $isEnforced = $this->mandatoryTwoFactor->isEnforcedFor($user);
  61. $this->assertFalse($isEnforced);
  62. }
  63. public function testIsEnforcedForAGroupMember(): void {
  64. $user = $this->createMock(IUser::class);
  65. $user->method('getUID')->willReturn('user123');
  66. $this->config
  67. ->method('getSystemValue')
  68. ->willReturnMap([
  69. ['twofactor_enforced', 'false', 'true'],
  70. ['twofactor_enforced_groups', [], ['twofactorers']],
  71. ['twofactor_enforced_excluded_groups', [], []],
  72. ]);
  73. $this->groupManager->method('isInGroup')
  74. ->willReturnCallback(function ($user, $group) {
  75. return $user === 'user123' && $group === 'twofactorers';
  76. });
  77. $isEnforced = $this->mandatoryTwoFactor->isEnforcedFor($user);
  78. $this->assertTrue($isEnforced);
  79. }
  80. public function testIsEnforcedForOtherGroups(): void {
  81. $user = $this->createMock(IUser::class);
  82. $user->method('getUID')->willReturn('user123');
  83. $this->config
  84. ->method('getSystemValue')
  85. ->willReturnMap([
  86. ['twofactor_enforced', 'false', 'true'],
  87. ['twofactor_enforced_groups', [], ['twofactorers']],
  88. ['twofactor_enforced_excluded_groups', [], []],
  89. ]);
  90. $this->groupManager->method('isInGroup')
  91. ->willReturn(false);
  92. $isEnforced = $this->mandatoryTwoFactor->isEnforcedFor($user);
  93. $this->assertFalse($isEnforced);
  94. }
  95. public function testIsEnforcedButMemberOfExcludedGroup(): void {
  96. $user = $this->createMock(IUser::class);
  97. $user->method('getUID')->willReturn('user123');
  98. $this->config
  99. ->method('getSystemValue')
  100. ->willReturnMap([
  101. ['twofactor_enforced', 'false', 'true'],
  102. ['twofactor_enforced_groups', [], []],
  103. ['twofactor_enforced_excluded_groups', [], ['yoloers']],
  104. ]);
  105. $this->groupManager->method('isInGroup')
  106. ->willReturnCallback(function ($user, $group) {
  107. return $user === 'user123' && $group === 'yoloers';
  108. });
  109. $isEnforced = $this->mandatoryTwoFactor->isEnforcedFor($user);
  110. $this->assertFalse($isEnforced);
  111. }
  112. public function testSetEnforced(): void {
  113. $this->config
  114. ->expects($this->exactly(3))
  115. ->method('setSystemValue')
  116. ->willReturnMap([
  117. ['twofactor_enforced', 'true'],
  118. ['twofactor_enforced_groups', []],
  119. ['twofactor_enforced_excluded_groups', []],
  120. ]);
  121. $this->mandatoryTwoFactor->setState(new EnforcementState(true));
  122. }
  123. public function testSetEnforcedForGroups(): void {
  124. $this->config
  125. ->expects($this->exactly(3))
  126. ->method('setSystemValue')
  127. ->willReturnMap([
  128. ['twofactor_enforced', 'true'],
  129. ['twofactor_enforced_groups', ['twofactorers']],
  130. ['twofactor_enforced_excluded_groups', ['yoloers']],
  131. ]);
  132. $this->mandatoryTwoFactor->setState(new EnforcementState(true, ['twofactorers'], ['yoloers']));
  133. }
  134. public function testSetNotEnforced(): void {
  135. $this->config
  136. ->expects($this->exactly(3))
  137. ->method('setSystemValue')
  138. ->willReturnMap([
  139. ['twofactor_enforced', 'false'],
  140. ['twofactor_enforced_groups', []],
  141. ['twofactor_enforced_excluded_groups', []],
  142. ]);
  143. $this->mandatoryTwoFactor->setState(new EnforcementState(false));
  144. }
  145. }