Firesphere /
silverstripe-haveibeenpwnd
| Conditions | 3 |
| Paths | 2 |
| Total Lines | 82 |
| Code Lines | 48 |
| Lines | 0 |
| Ratio | 0 % |
| Changes | 1 | ||
| Bugs | 0 | Features | 0 |
Small methods make your code easier to understand, in particular if combined with a good name. Besides, if your method is small, finding a good name is usually much easier.
For example, if you find yourself adding comments to a method's body, this is usually a good sign to extract the commented part to a new method, and use the comment as a starting point when coming up with a good name for this new method.
Commonly applied refactorings include:
If many parameters/temporary variables are present:
| 1 | <?php |
||
| 59 | public function testDoLogin() |
||
| 60 | { |
||
| 61 | $body = file_get_contents(__DIR__ . '/../fixtures/pwnd123.txt'); |
||
| 62 | // This sets up the mock client to respond to the request it gets |
||
| 63 | // with an HTTP 200 containing your mock body. |
||
| 64 | $mock = new MockHandler([ |
||
| 65 | new Response(200, [], $body), |
||
| 66 | new Response(200, [], $body), |
||
| 67 | new Response(200, [], $body), |
||
| 68 | new Response(200, [], $body), |
||
| 69 | new Response(200, [], $body), |
||
| 70 | ]); |
||
| 71 | |||
| 72 | $this->handler->getService()->setArgs(['handler' => $mock]); |
||
| 73 | |||
| 74 | $form = MemberLoginForm::create(Controller::curr(), get_class($this->authenticator), 'LoginForm'); |
||
| 75 | /** @var HTTPRequest $request */ |
||
| 76 | $request = Injector::inst()->createWithArgs(HTTPRequest::class, ['GET', '/login']); |
||
| 77 | $request->setSession(Injector::inst()->createWithArgs(Session::class, [['bla' => 'bla']])); |
||
| 78 | $this->handler->setRequest($request); |
||
| 79 | |||
| 80 | // Login allowed |
||
| 81 | $response = $this->handler->doLogin(['Email' => '[email protected]', 'Password' => '1234567890'], $form, $request); |
||
| 82 | |||
| 83 | $this->assertEquals(302, $response->getStatusCode()); |
||
| 84 | $this->assertNotContains('lostpassword', $response->getHeader('location')); |
||
| 85 | |||
| 86 | Config::modify()->set(HaveIBeenPwnedService::class, 'allow_pwnd', false); |
||
| 87 | |||
| 88 | // Login with breached is not allowed |
||
| 89 | $response = $this->handler->doLogin(['Email' => '[email protected]', 'Password' => '1234567890'], $form, $request); |
||
| 90 | |||
| 91 | $this->assertEquals(302, $response->getStatusCode()); |
||
| 92 | $this->assertContains('lostpassword', $response->getHeader('location')); |
||
| 93 | /** @var Member $member */ |
||
| 94 | $member = Member::get()->byID($this->memberId); |
||
| 95 | |||
| 96 | // Password should be properly expired |
||
| 97 | $this->assertEquals('1970-01-01', $member->PasswordExpiry); |
||
| 98 | // The password is now null, but can't be tested due to salting |
||
| 99 | Injector::inst()->get(IdentityStore::class)->logOut(); |
||
| 100 | |||
| 101 | // Login with non-breached password |
||
| 102 | $response = $this->handler->doLogin(['Email' => '[email protected]', 'Password' => '12345678'], $form, $request); |
||
| 103 | |||
| 104 | $this->assertEquals(302, $response->getStatusCode()); |
||
| 105 | $this->assertNotContains('lostpassword', $response->getHeader('location')); |
||
| 106 | Injector::inst()->get(IdentityStore::class)->logOut(); |
||
| 107 | |||
| 108 | // Login with non-existing member |
||
| 109 | $response = $this->handler->doLogin( |
||
| 110 | ['Email' => '[email protected]', 'Password' => '1234567890'], |
||
| 111 | $form, |
||
| 112 | $request |
||
| 113 | ); |
||
| 114 | |||
| 115 | $this->assertEquals(302, $response->getStatusCode()); |
||
| 116 | $this->assertContains('lostpassword', $response->getHeader('location')); |
||
| 117 | |||
| 118 | $passwordForm = LostPasswordForm::create($this->handler, Authenticator::class, 'lostPasswordForm'); |
||
| 119 | |||
| 120 | $this->assertContains('You can read more here', $passwordForm->getMessage()); |
||
| 121 | |||
| 122 | // Default Admin is always allowed |
||
| 123 | $admin = Environment::getEnv('SS_DEFAULT_ADMIN_USERNAME'); |
||
| 124 | |||
| 125 | $password = Environment::getEnv('SS_DEFAULT_ADMIN_PASSWORD'); |
||
| 126 | $this->assertEquals(302, $response->getStatusCode()); |
||
| 127 | |||
| 128 | $this->assertNotContains('lostpassword', $response->getHeader('location')); |
||
| 129 | //don't run the test if default admin or password are missing |
||
| 130 | $member = Security::getCurrentUser(); |
||
| 131 | if (!$admin || !$password) { |
||
| 132 | $this->assertTrue(DefaultAdminService::isDefaultAdmin($member->Email)); |
||
| 133 | $this->markTestSkipped(); |
||
| 134 | } else { |
||
| 135 | $response = $this->handler->doLogin(['Email' => $admin, 'Password' => $password], $form, $request); |
||
| 136 | |||
| 137 | $this->assertEquals(302, $response->getStatusCode()); |
||
| 138 | $this->assertNotContains('lostpassword', $response->getHeader('location')); |
||
| 139 | $member = Security::getCurrentUser(); |
||
| 140 | $this->assertTrue(DefaultAdminService::isDefaultAdmin($member->Email)); |
||
| 141 | } |
||
| 173 |
