SecurityAdminAccountResetExtensionTest::setUp() - Code Metrics - Inspection of "NEW Add AccountResetUI, with supporting endpoint f..." - silverstripe/silverstripe-mfa - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Pull Request — master (#127)

by Garion

created 2019-05-28 10:26 UTC

SecurityAdminAccountResetExtensionTest::setUp() A

↳ Parent: SecurityAdminAccountResetExtensionTest

Complexity

Conditions	1
Paths	1

Size

Total Lines	5
Code Lines	2

Duplication

Lines	0
Ratio	0 %

Importance

Changes

Metric	Value
eloc	2
dl	0
loc	5
rs	10
c	0
b	0
f	0
cc	1
nc	1
nop	0

<?php

namespace SilverStripe\MFA\Tests\Extension;

use SilverStripe\Admin\SecurityAdmin;
use SilverStripe\Dev\FunctionalTest;
use SilverStripe\MFA\Extension\SecurityAdminAccountResetExtension;
use SilverStripe\Security\Member;
use SilverStripe\Security\SecurityToken;

class SecurityAdminAccountResetExtensionTest extends FunctionalTest
{
    protected static $fixture_file = 'SecurityAdminAccountResetExtensionTest.yml';

    protected function setUp()
    {
        parent::setUp();

        SecurityToken::enable();
    }

    protected function tearDown()
    {
        parent::tearDown();

        SecurityToken::disable();
    }

    public function testEndpointRequiresCSRF()
    {
        $this->logInAs('admin');

        /** @var Member $member */
        $member = $this->objFromFixture(Member::class, 'squib');

        $response = $this->post(SecurityAdmin::singleton()->Link("reset/{$member->ID}"), [true]);

        $this->assertEquals(400, $response->getStatusCode(), $response->getBody());
        $this->assertContains('Invalid or missing CSRF', $response->getBody());
    }

    public function testResetCanBeInitiatedByAdmin()
    {
        $this->logInAs('admin');

        /** @var Member $member */
        $member = $this->objFromFixture(Member::class, 'squib');

        $response = $this->post(
            SecurityAdmin::singleton()->Link("reset/{$member->ID}"),
            [true],
            null,
            null,
            json_encode(['csrf_token' => SecurityToken::inst()->getValue()])
        );

        $this->assertEquals(200, $response->getStatusCode(), $response->getBody());
        $this->assertEmailSent($member->Email);
    }

    public function testResetCannotBeInitiatedByStandardUser()
    {
        $this->logInAs('squib');

        /** @var Member $member */
        $member = $this->objFromFixture(Member::class, 'admin');

        $response = $this->post(
            SecurityAdmin::singleton()->Link("reset/{$member->ID}"),
            [true],
            null,
            null,
            json_encode(['csrf_token' => SecurityToken::inst()->getValue()])
        );

        $this->assertEquals(403, $response->getStatusCode(), $response->getBody());
        $this->assertContains('Insufficient permissions', $response->getBody());
    }
}


1			<?php
2
3			namespace SilverStripe\MFA\Tests\Extension;
4
5			use SilverStripe\Admin\SecurityAdmin;
6			use SilverStripe\Dev\FunctionalTest;
7			use SilverStripe\MFA\Extension\SecurityAdminAccountResetExtension;
8			use SilverStripe\Security\Member;
9			use SilverStripe\Security\SecurityToken;
10
11			class SecurityAdminAccountResetExtensionTest extends FunctionalTest
12			{
13			protected static $fixture_file = 'SecurityAdminAccountResetExtensionTest.yml';
14
15			protected function setUp()
16			{
17			parent::setUp();
18
19			SecurityToken::enable();
20			}
21
22			protected function tearDown()
23			{
24			parent::tearDown();
25
26			SecurityToken::disable();
27			}
28
29			public function testEndpointRequiresCSRF()
30			{
31			$this->logInAs('admin');
32
33			/** @var Member $member */
34			$member = $this->objFromFixture(Member::class, 'squib');
35
36			$response = $this->post(SecurityAdmin::singleton()->Link("reset/{$member->ID}"), [true]);
37
38			$this->assertEquals(400, $response->getStatusCode(), $response->getBody());
39			$this->assertContains('Invalid or missing CSRF', $response->getBody());
40			}
41
42			public function testResetCanBeInitiatedByAdmin()
43			{
44			$this->logInAs('admin');
45
46			/** @var Member $member */
47			$member = $this->objFromFixture(Member::class, 'squib');
48
49			$response = $this->post(
50			SecurityAdmin::singleton()->Link("reset/{$member->ID}"),
51			[true],
52			null,
53			null,
54			json_encode(['csrf_token' => SecurityToken::inst()->getValue()])
55			);
56
57			$this->assertEquals(200, $response->getStatusCode(), $response->getBody());
58			$this->assertEmailSent($member->Email);
59			}
60
61			public function testResetCannotBeInitiatedByStandardUser()
62			{
63			$this->logInAs('squib');
64
65			/** @var Member $member */
66			$member = $this->objFromFixture(Member::class, 'admin');
67
68			$response = $this->post(
69			SecurityAdmin::singleton()->Link("reset/{$member->ID}"),
70			[true],
71			null,
72			null,
73			json_encode(['csrf_token' => SecurityToken::inst()->getValue()])
74			);
75
76			$this->assertEquals(403, $response->getStatusCode(), $response->getBody());
77			$this->assertContains('Insufficient permissions', $response->getBody());
78			}
79			}
80

silverstripe / silverstripe-mfa

Pull Request — master (#127)

SecurityAdminAccountResetExtensionTest::setUp() A

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like