SudoModeControllerTest::testActivateFailsWithIncorrectPassword() - Code Metrics - silverstripe/silverstripe-security-extensions - Measure and Improve Code Quality continuously with Scrutinizer

testActivateFailsWithIncorrectPassword() A
last analyzed 2020-04-03 03:21 UTC

↳ Parent: SudoModeControllerTest

Complexity

Conditions	1
Paths	1

Size

Total Lines	10
Code Lines	6

Duplication

Lines	0
Ratio	0 %

Importance

Changes

Metric	Value
cc	1
eloc	6
nc	1
nop	0
dl	0
loc	10
rs	10
c	0
b	0
f	0

<?php

declare(strict_types=1);

namespace SilverStripe\SecurityExtensions\Tests\Control;

use PHPUnit_Framework_MockObject_MockObject;
use SilverStripe\Control\HTTPRequest;
use SilverStripe\Control\Session;
use SilverStripe\Core\Injector\Injector;
use SilverStripe\Dev\FunctionalTest;
use SilverStripe\Security\Member;
use SilverStripe\Security\SecurityToken;
use SilverStripe\SecurityExtensions\Control\SudoModeController;
use SilverStripe\SecurityExtensions\Service\SudoModeServiceInterface;

class SudoModeControllerTest extends FunctionalTest
{
    protected $usesDatabase = true;

    /**
     * @var bool
     */
    private $securityTokenEnabled;

    protected function setUp()
    {
        parent::setUp();

        $this->securityTokenEnabled = SecurityToken::is_enabled();
        SecurityToken::disable();

        $memberID = $this->logInWithPermission();

        /** @var Member $member */
        $member = Member::get()->byID($memberID);
        $member->changePassword('0p3nS3samE!');
    }

    protected function tearDown()
    {
        if ($this->securityTokenEnabled) {
            SecurityToken::enable();
        }

        parent::tearDown();
    }

    public function testCheckReturnsFalse()
    {
        $response = $this->get(SudoModeController::singleton()->Link('check'));
        $this->assertSame(200, $response->getStatusCode());
        $result = json_decode((string) $response->getBody(), true);
        $this->assertFalse($result['active'], 'Sudo mode should not be active yet');
    }

    public function testActivateFailsWithIncorrectPassword()
    {
        $response = $this->post(SudoModeController::singleton()->Link('activate'), [
            'Password' => 'wrongpassword!',
        ]);

        $this->assertSame(200, $response->getStatusCode());
        $result = json_decode((string) $response->getBody(), true);
        $this->assertFalse($result['result'], 'Should have failed with incorrect password');
        $this->assertEquals('Incorrect password', $result['message']);
    }

    public function testActivateSudoModeWithValidCredentials()
    {
        $activateResponse = $this->post(SudoModeController::singleton()->Link('activate'), [
            'Password' => '0p3nS3samE!',
        ]);

        $this->assertSame(200, $activateResponse->getStatusCode());
        $result = json_decode((string) $activateResponse->getBody(), true);
        $this->assertTrue($result['result'], 'Should have activated sudo mode');

        $checkResponse = $this->get(SudoModeController::singleton()->Link('check'));
        $this->assertSame(200, $checkResponse->getStatusCode());
        $checkResult = json_decode((string) $checkResponse->getBody(), true);
        $this->assertTrue($checkResult['active'], 'Sudo mode should be active after activate() called');
    }

    public function testActivateFailsWithGetRequest()
    {
        $response = $this->get(SudoModeController::singleton()->Link('activate'));
        $this->assertSame(404, $response->getStatusCode());
    }

    public function testActivateChecksCSRFToken()
    {
        SecurityToken::enable();
        $activateResponse = $this->post(SudoModeController::singleton()->Link('activate'), [
            'Password' => 'wrongpassword!',
        ]);

        $this->assertSame(403, $activateResponse->getStatusCode());
        $result = json_decode((string) $activateResponse->getBody(), true);
        $this->assertFalse($result['result'], 'Should have failed on CSRF token validation');
        $this->assertSame($result['message'], 'Session timed out, please refresh and try again.');
    }

    public function testClientConfig()
    {
        /** @var SudoModeServiceInterface&PHPUnit_Framework_MockObject_MockObject $serviceMock */
        $serviceMock = $this->createMock(SudoModeServiceInterface::class);
        $serviceMock->expects($this->once())->method('check')->willReturn(true);

        $controller = new SudoModeController();
        $controller->setSudoModeService($serviceMock);

        $request = new HTTPRequest('GET', '/');
        $request->setSession(new Session([]));
        Injector::inst()->registerService($request, HTTPRequest::class);

        $result = $controller->getClientConfig();
        $this->assertArrayHasKey('activate', $result['endpoints'], 'Client config should provide activation endpoint');
        $this->assertTrue($result['sudoModeActive'], 'Client config should expose sudo mode status');
    }
}


1			<?php
2
3			declare(strict_types=1);
4
5			namespace SilverStripe\SecurityExtensions\Tests\Control;
6
7			use PHPUnit_Framework_MockObject_MockObject;
8			use SilverStripe\Control\HTTPRequest;
9			use SilverStripe\Control\Session;
10			use SilverStripe\Core\Injector\Injector;
11			use SilverStripe\Dev\FunctionalTest;
12			use SilverStripe\Security\Member;
13			use SilverStripe\Security\SecurityToken;
14			use SilverStripe\SecurityExtensions\Control\SudoModeController;
15			use SilverStripe\SecurityExtensions\Service\SudoModeServiceInterface;
16
17			class SudoModeControllerTest extends FunctionalTest
18			{
19			protected $usesDatabase = true;
20
21			/**
22			* @var bool
23			*/
24			private $securityTokenEnabled;
25
26			protected function setUp()
27			{
28			parent::setUp();
29
30			$this->securityTokenEnabled = SecurityToken::is_enabled();
31			SecurityToken::disable();
32
33			$memberID = $this->logInWithPermission();
34
35			/** @var Member $member */
36			$member = Member::get()->byID($memberID);
37			$member->changePassword('0p3nS3samE!');
38			}
39
40			protected function tearDown()
41			{
42			if ($this->securityTokenEnabled) {
43			SecurityToken::enable();
44			}
45
46			parent::tearDown();
47			}
48
49			public function testCheckReturnsFalse()
50			{
51			$response = $this->get(SudoModeController::singleton()->Link('check'));
52			$this->assertSame(200, $response->getStatusCode());
53			$result = json_decode((string) $response->getBody(), true);
54			$this->assertFalse($result['active'], 'Sudo mode should not be active yet');
55			}
56
57			public function testActivateFailsWithIncorrectPassword()
58			{
59			$response = $this->post(SudoModeController::singleton()->Link('activate'), [
60			'Password' => 'wrongpassword!',
61			]);
62
63			$this->assertSame(200, $response->getStatusCode());
64			$result = json_decode((string) $response->getBody(), true);
65			$this->assertFalse($result['result'], 'Should have failed with incorrect password');
66			$this->assertEquals('Incorrect password', $result['message']);
67			}
68
69			public function testActivateSudoModeWithValidCredentials()
70			{
71			$activateResponse = $this->post(SudoModeController::singleton()->Link('activate'), [
72			'Password' => '0p3nS3samE!',
73			]);
74
75			$this->assertSame(200, $activateResponse->getStatusCode());
76			$result = json_decode((string) $activateResponse->getBody(), true);
77			$this->assertTrue($result['result'], 'Should have activated sudo mode');
78
79			$checkResponse = $this->get(SudoModeController::singleton()->Link('check'));
80			$this->assertSame(200, $checkResponse->getStatusCode());
81			$checkResult = json_decode((string) $checkResponse->getBody(), true);
82			$this->assertTrue($checkResult['active'], 'Sudo mode should be active after activate() called');
83			}
84
85			public function testActivateFailsWithGetRequest()
86			{
87			$response = $this->get(SudoModeController::singleton()->Link('activate'));
88			$this->assertSame(404, $response->getStatusCode());
89			}
90
91			public function testActivateChecksCSRFToken()
92			{
93			SecurityToken::enable();
94			$activateResponse = $this->post(SudoModeController::singleton()->Link('activate'), [
95			'Password' => 'wrongpassword!',
96			]);
97
98			$this->assertSame(403, $activateResponse->getStatusCode());
99			$result = json_decode((string) $activateResponse->getBody(), true);
100			$this->assertFalse($result['result'], 'Should have failed on CSRF token validation');
101			$this->assertSame($result['message'], 'Session timed out, please refresh and try again.');
102			}
103
104			public function testClientConfig()
105			{
106			/** @var SudoModeServiceInterface&PHPUnit_Framework_MockObject_MockObject $serviceMock */
107			$serviceMock = $this->createMock(SudoModeServiceInterface::class);
108			$serviceMock->expects($this->once())->method('check')->willReturn(true);
109
110			$controller = new SudoModeController();
111			$controller->setSudoModeService($serviceMock);
112
113			$request = new HTTPRequest('GET', '/');
114			$request->setSession(new Session([]));
115			Injector::inst()->registerService($request, HTTPRequest::class);
116
117			$result = $controller->getClientConfig();
118			$this->assertArrayHasKey('activate', $result['endpoints'], 'Client config should provide activation endpoint');
119			$this->assertTrue($result['sudoModeActive'], 'Client config should expose sudo mode status');
120			}
121			}
122

silverstripe / silverstripe-security-extensions

testActivateFailsWithIncorrectPassword() A last analyzed 2020-04-03 03:21 UTC

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like

testActivateFailsWithIncorrectPassword() A
last analyzed 2020-04-03 03:21 UTC