UsersModuleTest::testHasTotpSecret() - Code Metrics - Inspection of "update tests" - eduVPN/vpn-server-api - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( 932629...d7a7a8 )

by François

created 2017-04-21 20:43 UTC

UsersModuleTest::testHasTotpSecret() A

↳ Parent: UsersModuleTest

Complexity

Conditions	1
Paths	1

Size

Total Lines	14
Code Lines	7

Duplication

Lines	0
Ratio	0 %

Importance

Changes

Metric	Value
dl	0
loc	14
rs	9.4285
c	0
b	0
f	0
cc	1
eloc	7
nc	1
nop	0

<?php
/**
 *  Copyright (C) 2016 SURFnet.
 *
 *  This program is free software: you can redistribute it and/or modify
 *  it under the terms of the GNU Affero General Public License as
 *  published by the Free Software Foundation, either version 3 of the
 *  License, or (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU Affero General Public License for more details.
 *
 *  You should have received a copy of the GNU Affero General Public License
 *  along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */

namespace SURFnet\VPN\Server\Tests\Api;

use DateTime;
use fkooman\OAuth\Client\AccessToken;
use Otp\Otp;
use ParagonIE\ConstantTime\Encoding;
use PDO;
use PHPUnit_Framework_TestCase;
use SURFnet\VPN\Common\Config;
use SURFnet\VPN\Common\Http\BasicAuthenticationHook;
use SURFnet\VPN\Common\Http\Request;
use SURFnet\VPN\Common\Http\Service;
use SURFnet\VPN\Server\Acl\Provider\StaticProvider;
use SURFnet\VPN\Server\Api\UsersModule;
use SURFnet\VPN\Server\Storage;

class UsersModuleTest extends PHPUnit_Framework_TestCase
{
    /** @var \SURFnet\VPN\Common\Http\Service */
    private $service;

    public function setUp()
// Bad
class Router
{
    public function generate($path)
    {
        return $_SERVER['HOST'].$path;
    }
}

// Better
class Router
{
    private $host;

    public function __construct($host)
    {
        $this->host = $host;
    }

    public function generate($path)
    {
        return $this->host.$path;
    }
}

class Controller
{
    public function myAction(Request $request)
    {
        // Instead of
        $page = isset($_GET['page']) ? intval($_GET['page']) : 1;

        // Better (assuming you use the Symfony2 request)
        $page = $request->query->get('page', 1);
    }
}
    {
        $storage = new Storage(
            new PDO(
                $GLOBALS['DB_DSN'],
                $GLOBALS['DB_USER'],
                $GLOBALS['DB_PASSWD']
            ),
            new DateTime()
        );
        $storage->init();
        $storage->addCertificate('foo', 'abcd1234', 'ABCD1234', new DateTime('@12345678'), new DateTime('@23456789'));
        $storage->disableUser('bar');
        $storage->setTotpSecret('bar', 'CN2XAL23SIFTDFXZ');

        $vootToken = new AccessToken('12345', 'bearer', 'foo', null, new DateTime('2016-01-01'));
        $storage->setVootToken('bar', $vootToken);

        // user "baz" has a secret, and already used a key for replay testing
        $storage->setTotpSecret('baz', 'SWIXJ4V7VYALWH6E');
        $otp = new Otp();
        $storage->recordTotpKey('baz', $otp->totp(Encoding::base32DecodeUpper('SWIXJ4V7VYALWH6E')));

        $config = Config::fromFile(sprintf('%s/data/user_groups_config.php', __DIR__));
        $groupProviders = [
            new StaticProvider(
                $config->getSection('groupProviders')->getSection('StaticProvider')
            ),
        ];

        $this->service = new Service();
        $this->service->addModule(
            new UsersModule(
                $config,
                $storage,
                $groupProviders
            )
        );

        $bearerAuthentication = new BasicAuthenticationHook(
            [
                'vpn-user-portal' => 'aabbcc',
                'vpn-admin-portal' => 'bbccdd',
            ]
        );

        $this->service->addBeforeHook('auth', $bearerAuthentication);
    }

    public function testListUsers()
    {
        $this->assertSame(
            [
                [
                    'user_id' => 'foo',
                    'is_disabled' => false,
                    'has_yubi_key_id' => false,
                    'has_totp_secret' => false,
                ],
                [
                    'user_id' => 'bar',
                    'is_disabled' => true,
                    'has_yubi_key_id' => false,
                    'has_totp_secret' => true,
                ],
                [
                    'user_id' => 'baz',
                    'is_disabled' => false,
                    'has_yubi_key_id' => false,
                    'has_totp_secret' => true,
                ],
            ],
            $this->makeRequest(
                ['vpn-admin-portal', 'bbccdd'],
                'GET',
                'user_list',
                ['profile_id' => 'internet'],
                []
            )
        );
    }

    public function testSetTotpSecret()

    {
        $otp = new Otp();
        $totpSecret = 'MM7TTLHPA7WZOJFB';
        $totpKey = $otp->totp(Encoding::base32DecodeUpper($totpSecret));

        $this->assertTrue(
            $this->makeRequest(
                ['vpn-user-portal', 'aabbcc'],
                'POST',
                'set_totp_secret',
                [],
                [
                    'user_id' => 'foo',
                    'totp_secret' => $totpSecret,
                    'totp_key' => $totpKey,
                ]
            )
        );
    }

    public function testVerifyOtpKey()

    {
        $otp = new Otp();
        $totpSecret = 'CN2XAL23SIFTDFXZ';
        $totpKey = $otp->totp(Encoding::base32DecodeUpper($totpSecret));

        $this->assertTrue(
            $this->makeRequest(
                ['vpn-user-portal', 'aabbcc'],
                'POST',
                'verify_totp_key',
                [],
                [
                    'user_id' => 'bar',
                    'totp_key' => $totpKey,
                ]
            )
        );
    }

    public function testVerifyOtpKeyWrong()
    {
        // in theory this totp_key, 123456 could be correct at one point in
        // time... then this test will fail!
        $this->assertSame(
            [
                'ok' => false,
                'error' => 'TOTP validation failed: invalid TOTP key',
            ],
            $this->makeRequest(
                ['vpn-user-portal', 'aabbcc'],
                'POST',
                'verify_totp_key',
                [],
                [
                    'user_id' => 'bar',
                    'totp_key' => '123456',
                ]
            )
        );
    }

    public function testVerifyOtpKeyReplay()
    {
        $otp = new Otp();
        $totpKey = $otp->totp(Encoding::base32DecodeUpper('SWIXJ4V7VYALWH6E'));

        $this->assertSame(
            [
                'ok' => false,
                'error' => 'TOTP validation failed: TOTP key replay',
            ],
            $this->makeRequest(
                ['vpn-user-portal', 'aabbcc'],
                'POST',
                'verify_totp_key',
                [],
                [
                    'user_id' => 'baz',
                    'totp_key' => $totpKey,
                ]
            )
        );
    }

    public function testHasTotpSecret()
    {
        $this->assertTrue(
            $this->makeRequest(
                ['vpn-user-portal', 'aabbcc'],
                'GET',
                'has_totp_secret',
                [
                    'user_id' => 'bar',
                ],
                []
            )
        );
    }

    public function testDeleteTotpSecret()

    {
        $this->assertTrue(
            $this->makeRequest(
                ['vpn-admin-portal', 'bbccdd'],
                'POST',
                'delete_totp_secret',
                [],
                [
                    'user_id' => 'bar',
                ]
            )
        );
    }

    public function testSetVootToken()
    {
        $this->assertTrue(
            $this->makeRequest(
                ['vpn-user-portal', 'aabbcc'],
                'POST',
                'set_voot_token',
                [],
                [
                    'user_id' => 'foo',
                    'voot_token' => 'bar',
                ]
            )
        );
    }

    public function testDeleteVootToken()

    {
        $this->assertTrue(
            $this->makeRequest(
                ['vpn-admin-portal', 'bbccdd'],
                'POST',
                'delete_voot_token',
                [],
                [
                    'user_id' => 'bar',
                ]
            )
        );
    }

    public function testDisableUser()

    {
        $this->assertTrue(
            $this->makeRequest(
                ['vpn-admin-portal', 'bbccdd'],
                'POST',
                'disable_user',
                [],
                [
                    'user_id' => 'foo',
                ]
            )
        );
    }

    public function testEnableUser()

    {
        $this->assertTrue(
            $this->makeRequest(
                ['vpn-admin-portal', 'bbccdd'],
                'POST',
                'enable_user',
                [],
                [
                    'user_id' => 'bar',
                ]
            )
        );
    }

    public function testDeleteUser()

    {
        $this->assertTrue(
            $this->makeRequest(
                ['vpn-admin-portal', 'bbccdd'],
                'POST',
                'delete_user',
                [],
                [
                    'user_id' => 'foo',
                ]
            )
        );
    }

    public function testUserGroups()
    {
        $this->assertSame(
            [
                [
                    'id' => 'all',
                    'displayName' => 'All',
                ],
                [
                    'id' => 'employees',
                    'displayName' => 'Employees',
                ],
            ],
            $this->makeRequest(
                ['vpn-user-portal', 'aabbcc'],
                'GET',
                'user_groups',
                [
                    'user_id' => 'bar',
                ],
                []
            )
        );
    }

    private function makeRequest(array $basicAuth, $requestMethod, $pathInfo, array $getData = [], array $postData = [])

    {
        $response = $this->service->run(
            new Request(
                [
                    'SERVER_PORT' => 80,
                    'SERVER_NAME' => 'vpn.example',
                    'REQUEST_METHOD' => $requestMethod,
                    'SCRIPT_NAME' => '/index.php',
                    'REQUEST_URI' => sprintf('/%s', $pathInfo),
                    'PHP_AUTH_USER' => $basicAuth[0],
                    'PHP_AUTH_PW' => $basicAuth[1],
                ],
                $getData,
                $postData
            )
        );

        $responseArray = json_decode($response->getBody(), true)[$pathInfo];
        if ($responseArray['ok']) {
            if (array_key_exists('data', $responseArray)) {
                return $responseArray['data'];
            }

            return true;
        }

        // in case of errors...
        return $responseArray;
    }
}


1		<?php
2		/**
3		* Copyright (C) 2016 SURFnet.
4		*
5		* This program is free software: you can redistribute it and/or modify
6		* it under the terms of the GNU Affero General Public License as
7		* published by the Free Software Foundation, either version 3 of the
8		* License, or (at your option) any later version.
9		*
10		* This program is distributed in the hope that it will be useful,
11		* but WITHOUT ANY WARRANTY; without even the implied warranty of
12		* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13		* GNU Affero General Public License for more details.
14		*
15		* You should have received a copy of the GNU Affero General Public License
16		* along with this program. If not, see <http://www.gnu.org/licenses/>.
17		*/
18
19		namespace SURFnet\VPN\Server\Tests\Api;
20
21		use DateTime;
22		use fkooman\OAuth\Client\AccessToken;
23		use Otp\Otp;
24		use ParagonIE\ConstantTime\Encoding;
25		use PDO;
26		use PHPUnit_Framework_TestCase;
27		use SURFnet\VPN\Common\Config;
28		use SURFnet\VPN\Common\Http\BasicAuthenticationHook;
29		use SURFnet\VPN\Common\Http\Request;
30		use SURFnet\VPN\Common\Http\Service;
31		use SURFnet\VPN\Server\Acl\Provider\StaticProvider;
32		use SURFnet\VPN\Server\Api\UsersModule;
33		use SURFnet\VPN\Server\Storage;
34
35		class UsersModuleTest extends PHPUnit_Framework_TestCase
36		{
37		/** @var \SURFnet\VPN\Common\Http\Service */
38		private $service;
39
40		public function setUp()
		0 ignored issues – show Coding Style introduced 2016-12-22 13:49 UTC by Report Bug Copy Issue Report `setUp` uses the super-global variable `$GLOBALS` which is generally not recommended. Instead of super-globals, we recommend to explicitly inject the dependencies of your class. This makes your code less dependent on global state and it becomes generally more testable: // Bad class Router { public function generate($path) { return $_SERVER['HOST'].$path; } } // Better class Router { private $host; public function __construct($host) { $this->host = $host; } public function generate($path) { return $this->host.$path; } } class Controller { public function myAction(Request $request) { // Instead of $page = isset($_GET['page']) ? intval($_GET['page']) : 1; // Better (assuming you use the Symfony2 request) $page = $request->query->get('page', 1); } } Loading history...
41		{
42		$storage = new Storage(
43		new PDO(
44		$GLOBALS['DB_DSN'],
45		$GLOBALS['DB_USER'],
46		$GLOBALS['DB_PASSWD']
47		),
48		new DateTime()
49		);
50		$storage->init();
51		$storage->addCertificate('foo', 'abcd1234', 'ABCD1234', new DateTime('@12345678'), new DateTime('@23456789'));
52		$storage->disableUser('bar');
53		$storage->setTotpSecret('bar', 'CN2XAL23SIFTDFXZ');
54
55		$vootToken = new AccessToken('12345', 'bearer', 'foo', null, new DateTime('2016-01-01'));
56		$storage->setVootToken('bar', $vootToken);
57
58		// user "baz" has a secret, and already used a key for replay testing
59		$storage->setTotpSecret('baz', 'SWIXJ4V7VYALWH6E');
60		$otp = new Otp();
61		$storage->recordTotpKey('baz', $otp->totp(Encoding::base32DecodeUpper('SWIXJ4V7VYALWH6E')));
62
63		$config = Config::fromFile(sprintf('%s/data/user_groups_config.php', __DIR__));
64		$groupProviders = [
65		new StaticProvider(
66		$config->getSection('groupProviders')->getSection('StaticProvider')
67		),
68		];
69
70		$this->service = new Service();
71		$this->service->addModule(
72		new UsersModule(
73		$config,
74		$storage,
75		$groupProviders
76		)
77		);
78
79		$bearerAuthentication = new BasicAuthenticationHook(
80		[
81		'vpn-user-portal' => 'aabbcc',
82		'vpn-admin-portal' => 'bbccdd',
83		]
84		);
85
86		$this->service->addBeforeHook('auth', $bearerAuthentication);
87		}
88
89		public function testListUsers()
90		{
91		$this->assertSame(
92		[
93		[
94		'user_id' => 'foo',
95		'is_disabled' => false,
96		'has_yubi_key_id' => false,
97		'has_totp_secret' => false,
98		],
99		[
100		'user_id' => 'bar',
101		'is_disabled' => true,
102		'has_yubi_key_id' => false,
103		'has_totp_secret' => true,
104		],
105		[
106		'user_id' => 'baz',
107		'is_disabled' => false,
108		'has_yubi_key_id' => false,
109		'has_totp_secret' => true,
110		],
111		],
112		$this->makeRequest(
113		['vpn-admin-portal', 'bbccdd'],
114		'GET',
115		'user_list',
116		['profile_id' => 'internet'],
117		[]
118		)
119		);
120		}
121
122	View Code Duplication	public function testSetTotpSecret()
		0 ignored issues – show Duplication introduced 2016-11-29 22:01 UTC by Report Bug Copy Issue Report This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
123		{
124		$otp = new Otp();
125		$totpSecret = 'MM7TTLHPA7WZOJFB';
126		$totpKey = $otp->totp(Encoding::base32DecodeUpper($totpSecret));
127
128		$this->assertTrue(
129		$this->makeRequest(
130		['vpn-user-portal', 'aabbcc'],
131		'POST',
132		'set_totp_secret',
133		[],
134		[
135		'user_id' => 'foo',
136		'totp_secret' => $totpSecret,
137		'totp_key' => $totpKey,
138		]
139		)
140		);
141		}
142
143	View Code Duplication	public function testVerifyOtpKey()
		0 ignored issues – show Duplication introduced 2016-11-29 22:01 UTC by Report Bug Copy Issue Report This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
144		{
145		$otp = new Otp();
146		$totpSecret = 'CN2XAL23SIFTDFXZ';
147		$totpKey = $otp->totp(Encoding::base32DecodeUpper($totpSecret));
148
149		$this->assertTrue(
150		$this->makeRequest(
151		['vpn-user-portal', 'aabbcc'],
152		'POST',
153		'verify_totp_key',
154		[],
155		[
156		'user_id' => 'bar',
157		'totp_key' => $totpKey,
158		]
159		)
160		);
161		}
162
163		public function testVerifyOtpKeyWrong()
164		{
165		// in theory this totp_key, 123456 could be correct at one point in
166		// time... then this test will fail!
167		$this->assertSame(
168		[
169		'ok' => false,
170		'error' => 'TOTP validation failed: invalid TOTP key',
171		],
172		$this->makeRequest(
173		['vpn-user-portal', 'aabbcc'],
174		'POST',
175		'verify_totp_key',
176		[],
177		[
178		'user_id' => 'bar',
179		'totp_key' => '123456',
180		]
181		)
182		);
183		}
184
185		public function testVerifyOtpKeyReplay()
186		{
187		$otp = new Otp();
188		$totpKey = $otp->totp(Encoding::base32DecodeUpper('SWIXJ4V7VYALWH6E'));
189
190		$this->assertSame(
191		[
192		'ok' => false,
193		'error' => 'TOTP validation failed: TOTP key replay',
194		],
195		$this->makeRequest(
196		['vpn-user-portal', 'aabbcc'],
197		'POST',
198		'verify_totp_key',
199		[],
200		[
201		'user_id' => 'baz',
202		'totp_key' => $totpKey,
203		]
204		)
205		);
206		}
207
208		public function testHasTotpSecret()
209		{
210		$this->assertTrue(
211		$this->makeRequest(
212		['vpn-user-portal', 'aabbcc'],
213		'GET',
214		'has_totp_secret',
215		[
216		'user_id' => 'bar',
217		],
218		[]
219		)
220		);
221		}
222
223	View Code Duplication	public function testDeleteTotpSecret()
		0 ignored issues – show Duplication introduced 2016-11-29 22:01 UTC by Report Bug Copy Issue Report This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
224		{
225		$this->assertTrue(
226		$this->makeRequest(
227		['vpn-admin-portal', 'bbccdd'],
228		'POST',
229		'delete_totp_secret',
230		[],
231		[
232		'user_id' => 'bar',
233		]
234		)
235		);
236		}
237
238		public function testSetVootToken()
239		{
240		$this->assertTrue(
241		$this->makeRequest(
242		['vpn-user-portal', 'aabbcc'],
243		'POST',
244		'set_voot_token',
245		[],
246		[
247		'user_id' => 'foo',
248		'voot_token' => 'bar',
249		]
250		)
251		);
252		}
253
254	View Code Duplication	public function testDeleteVootToken()
		0 ignored issues – show Duplication introduced 2016-11-29 22:01 UTC by Report Bug Copy Issue Report This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
255		{
256		$this->assertTrue(
257		$this->makeRequest(
258		['vpn-admin-portal', 'bbccdd'],
259		'POST',
260		'delete_voot_token',
261		[],
262		[
263		'user_id' => 'bar',
264		]
265		)
266		);
267		}
268
269	View Code Duplication	public function testDisableUser()
		0 ignored issues – show Duplication introduced 2016-11-29 22:01 UTC by Report Bug Copy Issue Report This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
270		{
271		$this->assertTrue(
272		$this->makeRequest(
273		['vpn-admin-portal', 'bbccdd'],
274		'POST',
275		'disable_user',
276		[],
277		[
278		'user_id' => 'foo',
279		]
280		)
281		);
282		}
283
284	View Code Duplication	public function testEnableUser()
		0 ignored issues – show Duplication introduced 2016-11-29 22:01 UTC by Report Bug Copy Issue Report This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
285		{
286		$this->assertTrue(
287		$this->makeRequest(
288		['vpn-admin-portal', 'bbccdd'],
289		'POST',
290		'enable_user',
291		[],
292		[
293		'user_id' => 'bar',
294		]
295		)
296		);
297		}
298
299	View Code Duplication	public function testDeleteUser()
		0 ignored issues – show Duplication introduced 2016-11-29 22:01 UTC by Report Bug Copy Issue Report This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
300		{
301		$this->assertTrue(
302		$this->makeRequest(
303		['vpn-admin-portal', 'bbccdd'],
304		'POST',
305		'delete_user',
306		[],
307		[
308		'user_id' => 'foo',
309		]
310		)
311		);
312		}
313
314		public function testUserGroups()
315		{
316		$this->assertSame(
317		[
318		[
319		'id' => 'all',
320		'displayName' => 'All',
321		],
322		[
323		'id' => 'employees',
324		'displayName' => 'Employees',
325		],
326		],
327		$this->makeRequest(
328		['vpn-user-portal', 'aabbcc'],
329		'GET',
330		'user_groups',
331		[
332		'user_id' => 'bar',
333		],
334		[]
335		)
336		);
337		}
338
339	View Code Duplication	private function makeRequest(array $basicAuth, $requestMethod, $pathInfo, array $getData = [], array $postData = [])
		0 ignored issues – show Duplication introduced 2016-11-29 22:01 UTC by Report Bug Copy Issue Report This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
340		{
341		$response = $this->service->run(
342		new Request(
343		[
344		'SERVER_PORT' => 80,
345		'SERVER_NAME' => 'vpn.example',
346		'REQUEST_METHOD' => $requestMethod,
347		'SCRIPT_NAME' => '/index.php',
348		'REQUEST_URI' => sprintf('/%s', $pathInfo),
349		'PHP_AUTH_USER' => $basicAuth[0],
350		'PHP_AUTH_PW' => $basicAuth[1],
351		],
352		$getData,
353		$postData
354		)
355		);
356
357		$responseArray = json_decode($response->getBody(), true)[$pathInfo];
358		if ($responseArray['ok']) {
359		if (array_key_exists('data', $responseArray)) {
360		return $responseArray['data'];
361		}
362
363		return true;
364		}
365
366		// in case of errors...
367		return $responseArray;
368		}
369		}
370

eduVPN / vpn-server-api

GitHub Access Token became invalid

Push — master ( 932629...d7a7a8 )

UsersModuleTest::testHasTotpSecret() A

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like