1
|
|
|
<?php |
2
|
|
|
|
3
|
|
|
namespace SilverStripe\MFA\Tests\Extension\AccountReset; |
4
|
|
|
|
5
|
|
|
use SilverStripe\Admin\SecurityAdmin; |
6
|
|
|
use SilverStripe\Dev\FunctionalTest; |
7
|
|
|
use SilverStripe\MFA\Extension\AccountReset\SecurityAdminExtension; |
8
|
|
|
use SilverStripe\Security\Member; |
9
|
|
|
use SilverStripe\Security\SecurityToken; |
10
|
|
|
|
11
|
|
|
/** |
12
|
|
|
* Class SecurityAdminExtensionTest |
13
|
|
|
* |
14
|
|
|
* @see SecurityAdminExtension |
15
|
|
|
*/ |
16
|
|
|
class SecurityAdminExtensionTest extends FunctionalTest |
17
|
|
|
{ |
18
|
|
|
protected static $fixture_file = 'SecurityAdminExtensionTest.yml'; |
19
|
|
|
|
20
|
|
|
protected function setUp() |
21
|
|
|
{ |
22
|
|
|
parent::setUp(); |
23
|
|
|
|
24
|
|
|
SecurityToken::enable(); |
25
|
|
|
} |
26
|
|
|
|
27
|
|
|
protected function tearDown() |
28
|
|
|
{ |
29
|
|
|
parent::tearDown(); |
30
|
|
|
|
31
|
|
|
SecurityToken::disable(); |
32
|
|
|
} |
33
|
|
|
|
34
|
|
|
public function testEndpointRequiresCSRF() |
35
|
|
|
{ |
36
|
|
|
$this->logInAs('admin'); |
37
|
|
|
|
38
|
|
|
/** @var Member $member */ |
39
|
|
|
$member = $this->objFromFixture(Member::class, 'squib'); |
40
|
|
|
|
41
|
|
|
$response = $this->post(SecurityAdmin::singleton()->Link("reset/{$member->ID}"), [true]); |
42
|
|
|
|
43
|
|
|
$this->assertEquals(400, $response->getStatusCode(), $response->getBody()); |
44
|
|
|
$this->assertContains('Invalid or missing CSRF', $response->getBody()); |
45
|
|
|
} |
46
|
|
|
|
47
|
|
|
public function testResetCanBeInitiatedByAdmin() |
48
|
|
|
{ |
49
|
|
|
$this->logInAs('admin'); |
50
|
|
|
|
51
|
|
|
/** @var Member $member */ |
52
|
|
|
$member = $this->objFromFixture(Member::class, 'squib'); |
53
|
|
|
|
54
|
|
|
$response = $this->post( |
55
|
|
|
SecurityAdmin::singleton()->Link("reset/{$member->ID}"), |
56
|
|
|
[true], |
57
|
|
|
null, |
58
|
|
|
null, |
59
|
|
|
json_encode(['csrf_token' => SecurityToken::inst()->getValue()]) |
60
|
|
|
); |
61
|
|
|
|
62
|
|
|
$this->assertEquals(200, $response->getStatusCode(), $response->getBody()); |
63
|
|
|
$this->assertEmailSent($member->Email); |
64
|
|
|
} |
65
|
|
|
|
66
|
|
|
public function testResetCannotBeInitiatedByStandardUser() |
67
|
|
|
{ |
68
|
|
|
$this->logInAs('squib'); |
69
|
|
|
|
70
|
|
|
/** @var Member $member */ |
71
|
|
|
$member = $this->objFromFixture(Member::class, 'admin'); |
72
|
|
|
|
73
|
|
|
$response = $this->post( |
74
|
|
|
SecurityAdmin::singleton()->Link("reset/{$member->ID}"), |
75
|
|
|
[true], |
76
|
|
|
null, |
77
|
|
|
null, |
78
|
|
|
json_encode(['csrf_token' => SecurityToken::inst()->getValue()]) |
79
|
|
|
); |
80
|
|
|
|
81
|
|
|
$this->assertEquals(403, $response->getStatusCode(), $response->getBody()); |
82
|
|
|
$this->assertContains('Insufficient permissions', $response->getBody()); |
83
|
|
|
} |
84
|
|
|
} |
85
|
|
|
|