SecurityAdminExtensionTest::testResetCanBeInitiatedByAdmin() - Code Metrics - Inspection of "Merge pull request #165 from creative-commoners/pu..." - silverstripe/silverstripe-mfa - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( f0b03a...fa0cb8 )

by Robbie

created 2019-06-11 23:13 UTC

testResetCanBeInitiatedByAdmin() A

↳ Parent: SecurityAdminExtensionTest

Complexity

Conditions	1
Paths	1

Size

Total Lines	17
Code Lines	10

Duplication

Lines	0
Ratio	0 %

Importance

Changes

Metric	Value
cc	1
eloc	10
nc	1
nop	0
dl	0
loc	17
rs	9.9332
c	0
b	0
f	0

<?php

namespace SilverStripe\MFA\Tests\Extension\AccountReset;

use SilverStripe\Admin\SecurityAdmin;
use SilverStripe\Dev\FunctionalTest;
use SilverStripe\MFA\Extension\AccountReset\SecurityAdminExtension;
use SilverStripe\Security\Member;
use SilverStripe\Security\SecurityToken;

/**
 * Class SecurityAdminExtensionTest
 *
 * @see SecurityAdminExtension
 */
class SecurityAdminExtensionTest extends FunctionalTest
{
    protected static $fixture_file = 'SecurityAdminExtensionTest.yml';

    protected function setUp()
    {
        parent::setUp();

        SecurityToken::enable();
    }

    protected function tearDown()
    {
        parent::tearDown();

        SecurityToken::disable();
    }

    public function testEndpointRequiresCSRF()
    {
        $this->logInAs('admin');

        /** @var Member $member */
        $member = $this->objFromFixture(Member::class, 'squib');

        $response = $this->post(SecurityAdmin::singleton()->Link("reset/{$member->ID}"), [true]);

        $this->assertEquals(400, $response->getStatusCode(), $response->getBody());
        $this->assertContains('Invalid or missing CSRF', $response->getBody());
    }

    public function testResetCanBeInitiatedByAdmin()
    {
        $this->logInAs('admin');

        /** @var Member $member */
        $member = $this->objFromFixture(Member::class, 'squib');

        $response = $this->post(
            SecurityAdmin::singleton()->Link("reset/{$member->ID}"),
            [true],
            null,
            null,
            json_encode(['csrf_token' => SecurityToken::inst()->getValue()])
        );

        $this->assertEquals(200, $response->getStatusCode(), $response->getBody());
        $this->assertEmailSent($member->Email);
    }

    public function testResetCannotBeInitiatedByStandardUser()
    {
        $this->logInAs('squib');

        /** @var Member $member */
        $member = $this->objFromFixture(Member::class, 'admin');

        $response = $this->post(
            SecurityAdmin::singleton()->Link("reset/{$member->ID}"),
            [true],
            null,
            null,
            json_encode(['csrf_token' => SecurityToken::inst()->getValue()])
        );

        $this->assertEquals(403, $response->getStatusCode(), $response->getBody());
        $this->assertContains('Insufficient permissions', $response->getBody());
    }
}


1			<?php
2
3			namespace SilverStripe\MFA\Tests\Extension\AccountReset;
4
5			use SilverStripe\Admin\SecurityAdmin;
6			use SilverStripe\Dev\FunctionalTest;
7			use SilverStripe\MFA\Extension\AccountReset\SecurityAdminExtension;
8			use SilverStripe\Security\Member;
9			use SilverStripe\Security\SecurityToken;
10
11			/**
12			* Class SecurityAdminExtensionTest
13			*
14			* @see SecurityAdminExtension
15			*/
16			class SecurityAdminExtensionTest extends FunctionalTest
17			{
18			protected static $fixture_file = 'SecurityAdminExtensionTest.yml';
19
20			protected function setUp()
21			{
22			parent::setUp();
23
24			SecurityToken::enable();
25			}
26
27			protected function tearDown()
28			{
29			parent::tearDown();
30
31			SecurityToken::disable();
32			}
33
34			public function testEndpointRequiresCSRF()
35			{
36			$this->logInAs('admin');
37
38			/** @var Member $member */
39			$member = $this->objFromFixture(Member::class, 'squib');
40
41			$response = $this->post(SecurityAdmin::singleton()->Link("reset/{$member->ID}"), [true]);
42
43			$this->assertEquals(400, $response->getStatusCode(), $response->getBody());
44			$this->assertContains('Invalid or missing CSRF', $response->getBody());
45			}
46
47			public function testResetCanBeInitiatedByAdmin()
48			{
49			$this->logInAs('admin');
50
51			/** @var Member $member */
52			$member = $this->objFromFixture(Member::class, 'squib');
53
54			$response = $this->post(
55			SecurityAdmin::singleton()->Link("reset/{$member->ID}"),
56			[true],
57			null,
58			null,
59			json_encode(['csrf_token' => SecurityToken::inst()->getValue()])
60			);
61
62			$this->assertEquals(200, $response->getStatusCode(), $response->getBody());
63			$this->assertEmailSent($member->Email);
64			}
65
66			public function testResetCannotBeInitiatedByStandardUser()
67			{
68			$this->logInAs('squib');
69
70			/** @var Member $member */
71			$member = $this->objFromFixture(Member::class, 'admin');
72
73			$response = $this->post(
74			SecurityAdmin::singleton()->Link("reset/{$member->ID}"),
75			[true],
76			null,
77			null,
78			json_encode(['csrf_token' => SecurityToken::inst()->getValue()])
79			);
80
81			$this->assertEquals(403, $response->getStatusCode(), $response->getBody());
82			$this->assertContains('Insufficient permissions', $response->getBody());
83			}
84			}
85

silverstripe / silverstripe-mfa

Push — master ( f0b03a...fa0cb8 )

testResetCanBeInitiatedByAdmin() A

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like