SecurityExtensionTest::testResetAccountFailsWhenAlreadyAuthenticated() - Code Metrics - Inspection of "WIP: Group AccountReset extensions, implement full..." - silverstripe/silverstripe-mfa - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Pull Request — master (#165)

by Garion

created 2019-06-10 00:00 UTC

testResetAccountFailsWhenAlreadyAuthenticated() A

↳ Parent: SecurityExtensionTest

Complexity

Conditions	1
Paths	1

Size

Total Lines	13
Code Lines	7

Duplication

Lines	0
Ratio	0 %

Importance

Changes

Metric	Value
cc	1
eloc	7
nc	1
nop	0
dl	0
loc	13
rs	10
c	0
b	0
f	0

<?php

namespace SilverStripe\MFA\Tests\Extension\AccountReset;

use SilverStripe\Dev\FunctionalTest;
use SilverStripe\MFA\Extension\AccountReset\MemberExtension;
use SilverStripe\MFA\Extension\AccountReset\SecurityAdminExtension;
use SilverStripe\ORM\FieldType\DBDatetime;
use SilverStripe\Security\Member;

/**
 * Class SecurityExtensionTest
 *
 * @package SilverStripe\MFA\Tests\Extension\AccountReset
 */
class SecurityExtensionTest extends FunctionalTest
{
    protected static $fixture_file = 'SecurityExtensionTest.yml';

    public function testResetAccountFailsWhenAlreadyAuthenticated()
    {
        /** @var Member&MemberExtension $member */
        $member = $this->objFromFixture(Member::class, 'user');
        $this->logInAs($member);

        $token = $member->generateAccountResetTokenAndStoreHash();

        $url = (new SecurityAdminExtension())->getAccountResetLink($member, $token);
        $response = $this->get($url);

        $this->assertEquals(400, $response->getStatusCode());
        $this->assertContains('Already authenticated', $response->getBody());
    }

    public function testResetAccountFailsWithInvalidToken()
    {
        /** @var Member&MemberExtension $member */
        $member = $this->objFromFixture(Member::class, 'user');
        $member->generateAccountResetTokenAndStoreHash();

        $url = (new SecurityAdminExtension())->getAccountResetLink($member, 'not-actually-the-token');
        $response = $this->get($url);

        $this->assertEquals(400, $response->getStatusCode());
        $this->assertContains('Invalid member or token', $response->getBody());
    }

    public function testResetAccountFailsWithExpiredToken()
    {
        /** @var Member&MemberExtension $member */
        $member = $this->objFromFixture(Member::class, 'user');

        // Wrap token generation in old timestamp to guarantee token expiry
        DBDatetime::set_mock_now('2011-11-26 17:00');
        $token = $member->generateAccountResetTokenAndStoreHash();
        DBDatetime::clear_mock_now();

        $url = (new SecurityAdminExtension())->getAccountResetLink($member, $token);
        $response = $this->get($url);

        $this->assertEquals(400, $response->getStatusCode());
        $this->assertContains('Invalid member or token', $response->getBody());
    }

    public function testResetAccountSubmissionFailsWithExpiredSession()
    {
        /** @var Member&MemberExtension $member */
        $member = $this->objFromFixture(Member::class, 'user');
        $token = $member->generateAccountResetTokenAndStoreHash();

        $url = (new SecurityAdminExtension())->getAccountResetLink($member, $token);
        $response = $this->get($url);

        $this->assertEquals(200, $response->getStatusCode(), $response->getBody());

        // Simulate expired session
        $this->session()->destroy(true);

        $response = $this->submitForm(
            'Form_ResetAccountForm',
            null,
            ['NewPassword1' => 'testtest', 'NewPassword2' => 'testtest']
        );

        $this->assertContains('The account reset process timed out', $response->getBody());
    }

    public function testResetAccountSubmissionPasses()
    {
        /** @var Member&MemberExtension $member */
        $member = $this->objFromFixture(Member::class, 'user');
        $token = $member->generateAccountResetTokenAndStoreHash();

        $url = (new SecurityAdminExtension())->getAccountResetLink($member, $token);
        $response = $this->get($url);

        $this->assertEquals(200, $response->getStatusCode(), $response->getBody());

        $response = $this->submitForm(
            'Form_ResetAccountForm',
            null,
            ['NewPassword1' => 'testtest', 'NewPassword2' => 'testtest']
        );

        // User should have been redirected to Login form with session message
        $this->assertContains('Login', $response->getBody());
        $this->assertContains('Reset complete', $response->getBody());
    }
}


1			<?php
2
3			namespace SilverStripe\MFA\Tests\Extension\AccountReset;
4
5			use SilverStripe\Dev\FunctionalTest;
6			use SilverStripe\MFA\Extension\AccountReset\MemberExtension;
7			use SilverStripe\MFA\Extension\AccountReset\SecurityAdminExtension;
8			use SilverStripe\ORM\FieldType\DBDatetime;
9			use SilverStripe\Security\Member;
10
11			/**
12			* Class SecurityExtensionTest
13			*
14			* @package SilverStripe\MFA\Tests\Extension\AccountReset
15			*/
16			class SecurityExtensionTest extends FunctionalTest
17			{
18			protected static $fixture_file = 'SecurityExtensionTest.yml';
19
20			public function testResetAccountFailsWhenAlreadyAuthenticated()
21			{
22			/** @var Member&MemberExtension $member */
23			$member = $this->objFromFixture(Member::class, 'user');
24			$this->logInAs($member);
25
26			$token = $member->generateAccountResetTokenAndStoreHash();
27
28			$url = (new SecurityAdminExtension())->getAccountResetLink($member, $token);
29			$response = $this->get($url);
30
31			$this->assertEquals(400, $response->getStatusCode());
32			$this->assertContains('Already authenticated', $response->getBody());
33			}
34
35			public function testResetAccountFailsWithInvalidToken()
36			{
37			/** @var Member&MemberExtension $member */
38			$member = $this->objFromFixture(Member::class, 'user');
39			$member->generateAccountResetTokenAndStoreHash();
40
41			$url = (new SecurityAdminExtension())->getAccountResetLink($member, 'not-actually-the-token');
42			$response = $this->get($url);
43
44			$this->assertEquals(400, $response->getStatusCode());
45			$this->assertContains('Invalid member or token', $response->getBody());
46			}
47
48			public function testResetAccountFailsWithExpiredToken()
49			{
50			/** @var Member&MemberExtension $member */
51			$member = $this->objFromFixture(Member::class, 'user');
52
53			// Wrap token generation in old timestamp to guarantee token expiry
54			DBDatetime::set_mock_now('2011-11-26 17:00');
55			$token = $member->generateAccountResetTokenAndStoreHash();
56			DBDatetime::clear_mock_now();
57
58			$url = (new SecurityAdminExtension())->getAccountResetLink($member, $token);
59			$response = $this->get($url);
60
61			$this->assertEquals(400, $response->getStatusCode());
62			$this->assertContains('Invalid member or token', $response->getBody());
63			}
64
65			public function testResetAccountSubmissionFailsWithExpiredSession()
66			{
67			/** @var Member&MemberExtension $member */
68			$member = $this->objFromFixture(Member::class, 'user');
69			$token = $member->generateAccountResetTokenAndStoreHash();
70
71			$url = (new SecurityAdminExtension())->getAccountResetLink($member, $token);
72			$response = $this->get($url);
73
74			$this->assertEquals(200, $response->getStatusCode(), $response->getBody());
75
76			// Simulate expired session
77			$this->session()->destroy(true);
78
79			$response = $this->submitForm(
80			'Form_ResetAccountForm',
81			null,
82			['NewPassword1' => 'testtest', 'NewPassword2' => 'testtest']
83			);
84
85			$this->assertContains('The account reset process timed out', $response->getBody());
86			}
87
88			public function testResetAccountSubmissionPasses()
89			{
90			/** @var Member&MemberExtension $member */
91			$member = $this->objFromFixture(Member::class, 'user');
92			$token = $member->generateAccountResetTokenAndStoreHash();
93
94			$url = (new SecurityAdminExtension())->getAccountResetLink($member, $token);
95			$response = $this->get($url);
96
97			$this->assertEquals(200, $response->getStatusCode(), $response->getBody());
98
99			$response = $this->submitForm(
100			'Form_ResetAccountForm',
101			null,
102			['NewPassword1' => 'testtest', 'NewPassword2' => 'testtest']
103			);
104
105			// User should have been redirected to Login form with session message
106			$this->assertContains('Login', $response->getBody());
107			$this->assertContains('Reset complete', $response->getBody());
108			}
109			}
110

silverstripe / silverstripe-mfa

Pull Request — master (#165)

testResetAccountFailsWhenAlreadyAuthenticated() A

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like