LostControllerTest.php 24 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743
  1. <?php
  2. /**
  3. * SPDX-FileCopyrightText: 2023 Nextcloud GmbH and Nextcloud contributors
  4. * SPDX-License-Identifier: AGPL-3.0-only
  5. */
  6. namespace Tests\Core\Controller;
  7. use OC\Authentication\TwoFactorAuth\Manager;
  8. use OC\Core\Controller\LostController;
  9. use OC\Core\Events\BeforePasswordResetEvent;
  10. use OC\Core\Events\PasswordResetEvent;
  11. use OC\Mail\Message;
  12. use OC\Security\RateLimiting\Limiter;
  13. use OCP\AppFramework\Http\JSONResponse;
  14. use OCP\AppFramework\Http\TemplateResponse;
  15. use OCP\AppFramework\Services\IInitialState;
  16. use OCP\Defaults;
  17. use OCP\Encryption\IEncryptionModule;
  18. use OCP\Encryption\IManager;
  19. use OCP\EventDispatcher\IEventDispatcher;
  20. use OCP\IConfig;
  21. use OCP\IL10N;
  22. use OCP\IRequest;
  23. use OCP\IURLGenerator;
  24. use OCP\IUser;
  25. use OCP\IUserManager;
  26. use OCP\Mail\IEMailTemplate;
  27. use OCP\Mail\IMailer;
  28. use OCP\Security\VerificationToken\InvalidTokenException;
  29. use OCP\Security\VerificationToken\IVerificationToken;
  30. use PHPUnit\Framework\MockObject\MockObject;
  31. use Psr\Log\LoggerInterface;
  32. use Test\TestCase;
  33. /**
  34. * Class LostControllerTest
  35. *
  36. * @package OC\Core\Controller
  37. */
  38. class LostControllerTest extends TestCase {
  39. private LostController $lostController;
  40. /** @var IUser */
  41. private $existingUser;
  42. /** @var IURLGenerator | MockObject */
  43. private $urlGenerator;
  44. /** @var IL10N */
  45. private $l10n;
  46. /** @var IUserManager | MockObject */
  47. private $userManager;
  48. /** @var Defaults */
  49. private $defaults;
  50. /** @var IConfig | MockObject */
  51. private $config;
  52. /** @var IMailer | MockObject */
  53. private $mailer;
  54. /** @var IManager|MockObject */
  55. private $encryptionManager;
  56. /** @var IRequest|MockObject */
  57. private $request;
  58. /** @var LoggerInterface|MockObject */
  59. private $logger;
  60. /** @var Manager|MockObject */
  61. private $twofactorManager;
  62. /** @var IInitialState|MockObject */
  63. private $initialState;
  64. /** @var IVerificationToken|MockObject */
  65. private $verificationToken;
  66. /** @var IEventDispatcher|MockObject */
  67. private $eventDispatcher;
  68. /** @var Limiter|MockObject */
  69. private $limiter;
  70. protected function setUp(): void {
  71. parent::setUp();
  72. $this->existingUser = $this->createMock(IUser::class);
  73. $this->existingUser->expects($this->any())
  74. ->method('getEMailAddress')
  75. ->willReturn('test@example.com');
  76. $this->existingUser->expects($this->any())
  77. ->method('getUID')
  78. ->willReturn('ExistingUser');
  79. $this->existingUser->expects($this->any())
  80. ->method('getDisplayName')
  81. ->willReturn('Existing User');
  82. $this->existingUser->expects($this->any())
  83. ->method('isEnabled')
  84. ->willReturn(true);
  85. $this->config = $this->createMock(IConfig::class);
  86. $this->config->expects($this->any())
  87. ->method('getSystemValue')
  88. ->willReturnMap([
  89. ['secret', null, 'SECRET'],
  90. ['secret', '', 'SECRET'],
  91. ['lost_password_link', '', ''],
  92. ]);
  93. $this->l10n = $this->createMock(IL10N::class);
  94. $this->l10n
  95. ->expects($this->any())
  96. ->method('t')
  97. ->willReturnCallback(function ($text, $parameters = []) {
  98. return vsprintf($text, $parameters);
  99. });
  100. $this->defaults = $this->createMock(Defaults::class);
  101. $this->userManager = $this->createMock(IUserManager::class);
  102. $this->urlGenerator = $this->createMock(IURLGenerator::class);
  103. $this->mailer = $this->createMock(IMailer::class);
  104. $this->request = $this->createMock(IRequest::class);
  105. $this->encryptionManager = $this->createMock(IManager::class);
  106. $this->encryptionManager->expects($this->any())
  107. ->method('isEnabled')
  108. ->willReturn(true);
  109. $this->logger = $this->createMock(LoggerInterface::class);
  110. $this->twofactorManager = $this->createMock(Manager::class);
  111. $this->initialState = $this->createMock(IInitialState::class);
  112. $this->verificationToken = $this->createMock(IVerificationToken::class);
  113. $this->eventDispatcher = $this->createMock(IEventDispatcher::class);
  114. $this->limiter = $this->createMock(Limiter::class);
  115. $this->lostController = new LostController(
  116. 'Core',
  117. $this->request,
  118. $this->urlGenerator,
  119. $this->userManager,
  120. $this->defaults,
  121. $this->l10n,
  122. $this->config,
  123. 'lostpassword-noreply@localhost',
  124. $this->encryptionManager,
  125. $this->mailer,
  126. $this->logger,
  127. $this->twofactorManager,
  128. $this->initialState,
  129. $this->verificationToken,
  130. $this->eventDispatcher,
  131. $this->limiter
  132. );
  133. }
  134. public function testResetFormTokenError(): void {
  135. $this->userManager->method('get')
  136. ->with('ValidTokenUser')
  137. ->willReturn($this->existingUser);
  138. $this->verificationToken->expects($this->once())
  139. ->method('check')
  140. ->with('12345:MySecretToken', $this->existingUser, 'lostpassword', 'test@example.com')
  141. ->willThrowException(new InvalidTokenException(InvalidTokenException::TOKEN_DECRYPTION_ERROR));
  142. $response = $this->lostController->resetform('12345:MySecretToken', 'ValidTokenUser');
  143. $expectedResponse = new TemplateResponse('core',
  144. 'error',
  145. [
  146. 'errors' => [
  147. ['error' => 'Could not reset password because the token is invalid'],
  148. ]
  149. ],
  150. 'guest');
  151. $expectedResponse->throttle();
  152. $this->assertEquals($expectedResponse, $response);
  153. }
  154. public function testResetFormValidToken(): void {
  155. $this->userManager->method('get')
  156. ->with('ValidTokenUser')
  157. ->willReturn($this->existingUser);
  158. $this->verificationToken->expects($this->once())
  159. ->method('check')
  160. ->with('MySecretToken', $this->existingUser, 'lostpassword', 'test@example.com');
  161. $this->urlGenerator
  162. ->expects($this->once())
  163. ->method('linkToRouteAbsolute')
  164. ->with('core.lost.setPassword', ['userId' => 'ValidTokenUser', 'token' => 'MySecretToken'])
  165. ->willReturn('https://example.tld/index.php/lostpassword/set/sometoken/someuser');
  166. $this->initialState
  167. ->expects($this->exactly(2))
  168. ->method('provideInitialState')
  169. ->withConsecutive(
  170. ['resetPasswordUser', 'ValidTokenUser'],
  171. ['resetPasswordTarget', 'https://example.tld/index.php/lostpassword/set/sometoken/someuser']
  172. );
  173. $response = $this->lostController->resetform('MySecretToken', 'ValidTokenUser');
  174. $expectedResponse = new TemplateResponse('core',
  175. 'login',
  176. [],
  177. 'guest');
  178. $this->assertEquals($expectedResponse, $response);
  179. }
  180. public function testEmailUnsuccessful(): void {
  181. $existingUser = 'ExistingUser';
  182. $nonExistingUser = 'NonExistingUser';
  183. $this->userManager
  184. ->expects($this->any())
  185. ->method('userExists')
  186. ->willReturnMap([
  187. [true, $existingUser],
  188. [false, $nonExistingUser]
  189. ]);
  190. $this->logger->expects($this->exactly(0))
  191. ->method('error');
  192. $this->logger->expects($this->exactly(2))
  193. ->method('warning');
  194. $this->userManager
  195. ->method('getByEmail')
  196. ->willReturn([]);
  197. // With a non existing user
  198. $response = $this->lostController->email($nonExistingUser);
  199. $expectedResponse = new JSONResponse([
  200. 'status' => 'success',
  201. ]);
  202. $expectedResponse->throttle();
  203. $this->assertEquals($expectedResponse, $response);
  204. // With no mail address
  205. $this->config
  206. ->expects($this->any())
  207. ->method('getUserValue')
  208. ->with($existingUser, 'settings', 'email')
  209. ->willReturn(null);
  210. $response = $this->lostController->email($existingUser);
  211. $expectedResponse = new JSONResponse([
  212. 'status' => 'success',
  213. ]);
  214. $expectedResponse->throttle();
  215. $this->assertEquals($expectedResponse, $response);
  216. }
  217. public function testEmailSuccessful(): void {
  218. $this->userManager
  219. ->expects($this->any())
  220. ->method('get')
  221. ->with('ExistingUser')
  222. ->willReturn($this->existingUser);
  223. $this->verificationToken->expects($this->once())
  224. ->method('create')
  225. ->willReturn('ThisIsMaybeANotSoSecretToken!');
  226. $this->urlGenerator
  227. ->expects($this->once())
  228. ->method('linkToRouteAbsolute')
  229. ->with('core.lost.resetform', ['userId' => 'ExistingUser', 'token' => 'ThisIsMaybeANotSoSecretToken!'])
  230. ->willReturn('https://example.tld/index.php/lostpassword/');
  231. $message = $this->getMockBuilder('\OC\Mail\Message')
  232. ->disableOriginalConstructor()->getMock();
  233. $message
  234. ->expects($this->once())
  235. ->method('setTo')
  236. ->with(['test@example.com' => 'Existing User']);
  237. $message
  238. ->expects($this->once())
  239. ->method('setFrom')
  240. ->with(['lostpassword-noreply@localhost' => null]);
  241. $emailTemplate = $this->createMock(IEMailTemplate::class);
  242. $emailTemplate->expects($this->any())
  243. ->method('renderHtml')
  244. ->willReturn('HTML body');
  245. $emailTemplate->expects($this->any())
  246. ->method('renderText')
  247. ->willReturn('text body');
  248. $message
  249. ->expects($this->once())
  250. ->method('useTemplate')
  251. ->with($emailTemplate);
  252. $this->mailer
  253. ->expects($this->once())
  254. ->method('createEMailTemplate')
  255. ->willReturn($emailTemplate);
  256. $this->mailer
  257. ->expects($this->once())
  258. ->method('createMessage')
  259. ->willReturn($message);
  260. $this->mailer
  261. ->expects($this->once())
  262. ->method('send')
  263. ->with($message);
  264. $response = $this->lostController->email('ExistingUser');
  265. $expectedResponse = new JSONResponse(['status' => 'success']);
  266. $expectedResponse->throttle();
  267. $this->assertEquals($expectedResponse, $response);
  268. }
  269. public function testEmailWithMailSuccessful(): void {
  270. $this->userManager
  271. ->expects($this->any())
  272. ->method('get')
  273. ->with('test@example.com')
  274. ->willReturn(null);
  275. $this->userManager
  276. ->expects($this->any())
  277. ->method('getByEmail')
  278. ->with('test@example.com')
  279. ->willReturn([$this->existingUser]);
  280. $this->verificationToken->expects($this->once())
  281. ->method('create')
  282. ->willReturn('ThisIsMaybeANotSoSecretToken!');
  283. $this->urlGenerator
  284. ->expects($this->once())
  285. ->method('linkToRouteAbsolute')
  286. ->with('core.lost.resetform', ['userId' => 'ExistingUser', 'token' => 'ThisIsMaybeANotSoSecretToken!'])
  287. ->willReturn('https://example.tld/index.php/lostpassword/');
  288. $message = $this->getMockBuilder('\OC\Mail\Message')
  289. ->disableOriginalConstructor()->getMock();
  290. $message
  291. ->expects($this->once())
  292. ->method('setTo')
  293. ->with(['test@example.com' => 'Existing User']);
  294. $message
  295. ->expects($this->once())
  296. ->method('setFrom')
  297. ->with(['lostpassword-noreply@localhost' => null]);
  298. $emailTemplate = $this->createMock(IEMailTemplate::class);
  299. $emailTemplate->expects($this->any())
  300. ->method('renderHtml')
  301. ->willReturn('HTML body');
  302. $emailTemplate->expects($this->any())
  303. ->method('renderText')
  304. ->willReturn('text body');
  305. $message
  306. ->expects($this->once())
  307. ->method('useTemplate')
  308. ->with($emailTemplate);
  309. $this->mailer
  310. ->expects($this->once())
  311. ->method('createEMailTemplate')
  312. ->willReturn($emailTemplate);
  313. $this->mailer
  314. ->expects($this->once())
  315. ->method('createMessage')
  316. ->willReturn($message);
  317. $this->mailer
  318. ->expects($this->once())
  319. ->method('send')
  320. ->with($message);
  321. $response = $this->lostController->email('test@example.com');
  322. $expectedResponse = new JSONResponse(['status' => 'success']);
  323. $expectedResponse->throttle();
  324. $this->assertEquals($expectedResponse, $response);
  325. }
  326. public function testEmailCantSendException(): void {
  327. $this->userManager
  328. ->expects($this->any())
  329. ->method('get')
  330. ->with('ExistingUser')
  331. ->willReturn($this->existingUser);
  332. $this->verificationToken->expects($this->once())
  333. ->method('create')
  334. ->willReturn('ThisIsMaybeANotSoSecretToken!');
  335. $this->urlGenerator
  336. ->expects($this->once())
  337. ->method('linkToRouteAbsolute')
  338. ->with('core.lost.resetform', ['userId' => 'ExistingUser', 'token' => 'ThisIsMaybeANotSoSecretToken!'])
  339. ->willReturn('https://example.tld/index.php/lostpassword/');
  340. $message = $this->createMock(Message::class);
  341. $message
  342. ->expects($this->once())
  343. ->method('setTo')
  344. ->with(['test@example.com' => 'Existing User']);
  345. $message
  346. ->expects($this->once())
  347. ->method('setFrom')
  348. ->with(['lostpassword-noreply@localhost' => null]);
  349. $emailTemplate = $this->createMock(IEMailTemplate::class);
  350. $emailTemplate->expects($this->any())
  351. ->method('renderHtml')
  352. ->willReturn('HTML body');
  353. $emailTemplate->expects($this->any())
  354. ->method('renderText')
  355. ->willReturn('text body');
  356. $message
  357. ->expects($this->once())
  358. ->method('useTemplate')
  359. ->with($emailTemplate);
  360. $this->mailer
  361. ->expects($this->once())
  362. ->method('createEMailTemplate')
  363. ->willReturn($emailTemplate);
  364. $this->mailer
  365. ->expects($this->once())
  366. ->method('createMessage')
  367. ->willReturn($message);
  368. $this->mailer
  369. ->expects($this->once())
  370. ->method('send')
  371. ->with($message)
  372. ->will($this->throwException(new \Exception()));
  373. $this->logger->expects($this->exactly(1))
  374. ->method('error');
  375. $response = $this->lostController->email('ExistingUser');
  376. $expectedResponse = new JSONResponse(['status' => 'success']);
  377. $expectedResponse->throttle();
  378. $this->assertEquals($expectedResponse, $response);
  379. }
  380. public function testSetPasswordUnsuccessful(): void {
  381. $this->config->method('getUserValue')
  382. ->with('ValidTokenUser', 'core', 'lostpassword', null)
  383. ->willReturn('encryptedData');
  384. $this->existingUser->method('getLastLogin')
  385. ->willReturn(12344);
  386. $this->existingUser->expects($this->once())
  387. ->method('setPassword')
  388. ->with('NewPassword')
  389. ->willReturn(false);
  390. $this->userManager->method('get')
  391. ->with('ValidTokenUser')
  392. ->willReturn($this->existingUser);
  393. $beforePasswordResetEvent = new BeforePasswordResetEvent($this->existingUser, 'NewPassword');
  394. $this->eventDispatcher
  395. ->expects($this->once())
  396. ->method('dispatchTyped')
  397. ->with($beforePasswordResetEvent);
  398. $this->config->expects($this->never())
  399. ->method('deleteUserValue');
  400. $response = $this->lostController->setPassword('TheOnlyAndOnlyOneTokenToResetThePassword', 'ValidTokenUser', 'NewPassword', true);
  401. $expectedResponse = ['status' => 'error', 'msg' => ''];
  402. $this->assertSame($expectedResponse, $response->getData());
  403. }
  404. public function testSetPasswordSuccessful(): void {
  405. $this->config->method('getUserValue')
  406. ->with('ValidTokenUser', 'core', 'lostpassword', null)
  407. ->willReturn('encryptedData');
  408. $this->existingUser->method('getLastLogin')
  409. ->willReturn(12344);
  410. $this->existingUser->expects($this->once())
  411. ->method('setPassword')
  412. ->with('NewPassword')
  413. ->willReturn(true);
  414. $this->userManager->method('get')
  415. ->with('ValidTokenUser')
  416. ->willReturn($this->existingUser);
  417. $beforePasswordResetEvent = new BeforePasswordResetEvent($this->existingUser, 'NewPassword');
  418. $passwordResetEvent = new PasswordResetEvent($this->existingUser, 'NewPassword');
  419. $this->eventDispatcher
  420. ->expects($this->exactly(2))
  421. ->method('dispatchTyped')
  422. ->withConsecutive([$beforePasswordResetEvent], [$passwordResetEvent]);
  423. $this->config->expects($this->once())
  424. ->method('deleteUserValue')
  425. ->with('ValidTokenUser', 'core', 'lostpassword');
  426. $response = $this->lostController->setPassword('TheOnlyAndOnlyOneTokenToResetThePassword', 'ValidTokenUser', 'NewPassword', true);
  427. $expectedResponse = ['user' => 'ValidTokenUser', 'status' => 'success'];
  428. $this->assertSame($expectedResponse, $response->getData());
  429. }
  430. public function testSetPasswordExpiredToken(): void {
  431. $this->config->method('getUserValue')
  432. ->with('ValidTokenUser', 'core', 'lostpassword', null)
  433. ->willReturn('encryptedData');
  434. $this->userManager->method('get')
  435. ->with('ValidTokenUser')
  436. ->willReturn($this->existingUser);
  437. $this->verificationToken->expects($this->atLeastOnce())
  438. ->method('check')
  439. ->willThrowException(new InvalidTokenException(InvalidTokenException::TOKEN_EXPIRED));
  440. $response = $this->lostController->setPassword('TheOnlyAndOnlyOneTokenToResetThePassword', 'ValidTokenUser', 'NewPassword', true);
  441. $expectedResponse = [
  442. 'status' => 'error',
  443. 'msg' => 'Could not reset password because the token is expired',
  444. ];
  445. $this->assertSame($expectedResponse, $response->getData());
  446. }
  447. public function testSetPasswordInvalidDataInDb(): void {
  448. $this->config->method('getUserValue')
  449. ->with('ValidTokenUser', 'core', 'lostpassword', null)
  450. ->willReturn('invalidEncryptedData');
  451. $this->userManager
  452. ->method('get')
  453. ->with('ValidTokenUser')
  454. ->willReturn($this->existingUser);
  455. $this->verificationToken->expects($this->atLeastOnce())
  456. ->method('check')
  457. ->willThrowException(new InvalidTokenException(InvalidTokenException::TOKEN_INVALID_FORMAT));
  458. $response = $this->lostController->setPassword('TheOnlyAndOnlyOneTokenToResetThePassword', 'ValidTokenUser', 'NewPassword', true);
  459. $expectedResponse = [
  460. 'status' => 'error',
  461. 'msg' => 'Could not reset password because the token is invalid',
  462. ];
  463. $this->assertSame($expectedResponse, $response->getData());
  464. }
  465. public function testIsSetPasswordWithoutTokenFailing(): void {
  466. $this->config->method('getUserValue')
  467. ->with('ValidTokenUser', 'core', 'lostpassword', null)
  468. ->willReturn('aValidtoken');
  469. $this->userManager->method('get')
  470. ->with('ValidTokenUser')
  471. ->willReturn($this->existingUser);
  472. $this->verificationToken->expects($this->atLeastOnce())
  473. ->method('check')
  474. ->willThrowException(new InvalidTokenException(InvalidTokenException::TOKEN_MISMATCH));
  475. $response = $this->lostController->setPassword('', 'ValidTokenUser', 'NewPassword', true);
  476. $expectedResponse = [
  477. 'status' => 'error',
  478. 'msg' => 'Could not reset password because the token is invalid'
  479. ];
  480. $this->assertSame($expectedResponse, $response->getData());
  481. }
  482. public function testSetPasswordForDisabledUser(): void {
  483. $user = $this->createMock(IUser::class);
  484. $user->expects($this->any())
  485. ->method('isEnabled')
  486. ->willReturn(false);
  487. $user->expects($this->never())
  488. ->method('setPassword');
  489. $user->expects($this->any())
  490. ->method('getEMailAddress')
  491. ->willReturn('random@example.org');
  492. $this->config->method('getUserValue')
  493. ->with('ValidTokenUser', 'core', 'lostpassword', null)
  494. ->willReturn('encryptedData');
  495. $this->userManager->method('get')
  496. ->with('DisabledUser')
  497. ->willReturn($user);
  498. $this->verificationToken->expects($this->atLeastOnce())
  499. ->method('check')
  500. ->willThrowException(new InvalidTokenException(InvalidTokenException::USER_UNKNOWN));
  501. $response = $this->lostController->setPassword('TheOnlyAndOnlyOneTokenToResetThePassword', 'DisabledUser', 'NewPassword', true);
  502. $expectedResponse = [
  503. 'status' => 'error',
  504. 'msg' => 'Could not reset password because the token is invalid'
  505. ];
  506. $this->assertSame($expectedResponse, $response->getData());
  507. }
  508. public function testSendEmailNoEmail(): void {
  509. $user = $this->createMock(IUser::class);
  510. $user->expects($this->any())
  511. ->method('isEnabled')
  512. ->willReturn(true);
  513. $this->userManager->method('userExists')
  514. ->with('ExistingUser')
  515. ->willReturn(true);
  516. $this->userManager->method('get')
  517. ->with('ExistingUser')
  518. ->willReturn($user);
  519. $this->logger->expects($this->exactly(0))
  520. ->method('error');
  521. $this->logger->expects($this->once())
  522. ->method('warning');
  523. $response = $this->lostController->email('ExistingUser');
  524. $expectedResponse = new JSONResponse(['status' => 'success']);
  525. $expectedResponse->throttle();
  526. $this->assertEquals($expectedResponse, $response);
  527. }
  528. public function testSetPasswordEncryptionDontProceedPerUserKey(): void {
  529. /** @var IEncryptionModule|MockObject $encryptionModule */
  530. $encryptionModule = $this->createMock(IEncryptionModule::class);
  531. $encryptionModule->expects($this->once())->method('needDetailedAccessList')->willReturn(true);
  532. $this->encryptionManager->expects($this->once())->method('getEncryptionModules')
  533. ->willReturn([0 => ['callback' => function () use ($encryptionModule) {
  534. return $encryptionModule;
  535. }]]);
  536. $response = $this->lostController->setPassword('myToken', 'user', 'newpass', false);
  537. $expectedResponse = ['status' => 'error', 'msg' => '', 'encryption' => true];
  538. $this->assertSame($expectedResponse, $response->getData());
  539. }
  540. public function testSetPasswordDontProceedMasterKey(): void {
  541. $encryptionModule = $this->createMock(IEncryptionModule::class);
  542. $encryptionModule->expects($this->once())->method('needDetailedAccessList')->willReturn(false);
  543. $this->encryptionManager->expects($this->once())->method('getEncryptionModules')
  544. ->willReturn([0 => ['callback' => function () use ($encryptionModule) {
  545. return $encryptionModule;
  546. }]]);
  547. $this->config->method('getUserValue')
  548. ->with('ValidTokenUser', 'core', 'lostpassword', null)
  549. ->willReturn('encryptedData');
  550. $this->existingUser->method('getLastLogin')
  551. ->willReturn(12344);
  552. $this->existingUser->expects($this->once())
  553. ->method('setPassword')
  554. ->with('NewPassword')
  555. ->willReturn(true);
  556. $this->userManager->method('get')
  557. ->with('ValidTokenUser')
  558. ->willReturn($this->existingUser);
  559. $this->config->expects($this->once())
  560. ->method('deleteUserValue')
  561. ->with('ValidTokenUser', 'core', 'lostpassword');
  562. $response = $this->lostController->setPassword('TheOnlyAndOnlyOneTokenToResetThePassword', 'ValidTokenUser', 'NewPassword', false);
  563. $expectedResponse = ['user' => 'ValidTokenUser', 'status' => 'success'];
  564. $this->assertSame($expectedResponse, $response->getData());
  565. }
  566. public function testTwoUsersWithSameEmail(): void {
  567. $user1 = $this->createMock(IUser::class);
  568. $user1->expects($this->any())
  569. ->method('getEMailAddress')
  570. ->willReturn('test@example.com');
  571. $user1->expects($this->any())
  572. ->method('getUID')
  573. ->willReturn('User1');
  574. $user1->expects($this->any())
  575. ->method('isEnabled')
  576. ->willReturn(true);
  577. $user2 = $this->createMock(IUser::class);
  578. $user2->expects($this->any())
  579. ->method('getEMailAddress')
  580. ->willReturn('test@example.com');
  581. $user2->expects($this->any())
  582. ->method('getUID')
  583. ->willReturn('User2');
  584. $user2->expects($this->any())
  585. ->method('isEnabled')
  586. ->willReturn(true);
  587. $this->userManager
  588. ->method('get')
  589. ->willReturn(null);
  590. $this->userManager
  591. ->method('getByEmail')
  592. ->willReturn([$user1, $user2]);
  593. $this->logger->expects($this->exactly(0))
  594. ->method('error');
  595. $this->logger->expects($this->once())
  596. ->method('warning');
  597. // request password reset for test@example.com
  598. $response = $this->lostController->email('test@example.com');
  599. $expectedResponse = new JSONResponse([
  600. 'status' => 'success'
  601. ]);
  602. $expectedResponse->throttle();
  603. $this->assertEquals($expectedResponse, $response);
  604. }
  605. /**
  606. * @return array
  607. */
  608. public function dataTwoUserswithSameEmailOneDisabled(): array {
  609. return [
  610. ['user1' => true, 'user2' => false],
  611. ['user1' => false, 'user2' => true]
  612. ];
  613. }
  614. /**
  615. * @dataProvider dataTwoUserswithSameEmailOneDisabled
  616. * @param bool $userEnabled1
  617. * @param bool $userEnabled2
  618. */
  619. public function testTwoUsersWithSameEmailOneDisabled(bool $userEnabled1, bool $userEnabled2): void {
  620. $user1 = $this->createMock(IUser::class);
  621. $user1->method('getEMailAddress')
  622. ->willReturn('test@example.com');
  623. $user1->method('getUID')
  624. ->willReturn('User1');
  625. $user1->method('isEnabled')
  626. ->willReturn($userEnabled1);
  627. $user2 = $this->createMock(IUser::class);
  628. $user2->method('getEMailAddress')
  629. ->willReturn('test@example.com');
  630. $user2->method('getUID')
  631. ->willReturn('User2');
  632. $user2->method('isEnabled')
  633. ->willReturn($userEnabled2);
  634. $this->userManager
  635. ->method('get')
  636. ->willReturn(null);
  637. $this->userManager
  638. ->method('getByEmail')
  639. ->willReturn([$user1, $user2]);
  640. $result = self::invokePrivate($this->lostController, 'findUserByIdOrMail', ['test@example.com']);
  641. $this->assertInstanceOf(IUser::class, $result);
  642. }
  643. public function testTrimEmailInput(): void {
  644. $this->userManager
  645. ->expects($this->once())
  646. ->method('getByEmail')
  647. ->with('test@example.com')
  648. ->willReturn([$this->existingUser]);
  649. $this->mailer
  650. ->expects($this->once())
  651. ->method('send');
  652. $response = $this->lostController->email(' test@example.com ');
  653. $expectedResponse = new JSONResponse(['status' => 'success']);
  654. $expectedResponse->throttle();
  655. $this->assertEquals($expectedResponse, $response);
  656. }
  657. public function testUsernameInput(): void {
  658. $this->userManager
  659. ->expects($this->once())
  660. ->method('get')
  661. ->with('ExistingUser')
  662. ->willReturn($this->existingUser);
  663. $this->mailer
  664. ->expects($this->once())
  665. ->method('send');
  666. $response = $this->lostController->email(' ExistingUser ');
  667. $expectedResponse = new JSONResponse(['status' => 'success']);
  668. $expectedResponse->throttle();
  669. $this->assertEquals($expectedResponse, $response);
  670. }
  671. }