Passed
Push — master ( 8119cf...0bd3fc )
by Thijs
15:09
created

DiscoPowerTest::setUp()   A

Complexity

Conditions 1
Paths 1

Size

Total Lines 22
Code Lines 12

Duplication

Lines 0
Ratio 0 %

Importance

Changes 0
Metric Value
cc 1
eloc 12
nc 1
nop 0
dl 0
loc 22
rs 9.8666
c 0
b 0
f 0
1
<?php
2
3
declare(strict_types=1);
4
5
namespace SimpleSAML\Test\Module\discopower\Controller;
6
7
use PHPUnit\Framework\Attributes\CoversClass;
0 ignored issues
show
Bug introduced by
The type PHPUnit\Framework\Attributes\CoversClass was not found. Maybe you did not declare it correctly or list all dependencies?

The issue could also be caused by a filter entry in the build configuration. If the path has been excluded in your configuration, e.g. excluded_paths: ["lib/*"], you can move it to the dependency path list as follows:

filter:
    dependency_paths: ["lib/*"]

For further information see https://scrutinizer-ci.com/docs/tools/php/php-scrutinizer/#list-dependency-paths

Loading history...
8
use SimpleSAML\Configuration;
9
use SimpleSAML\Error;
10
use SimpleSAML\HTTP\RunnableResponse;
11
use SimpleSAML\Module\discopower\Controller;
12
use SimpleSAML\Session;
13
use SimpleSAML\TestUtils\ClearStateTestCase;
14
use Symfony\Component\HttpFoundation\Request;
15
16
/**
17
 * Set of tests for the controllers in the "discopower" module.
18
 */
19
#[CoversClass(Controller\DiscoPower::class)]
20
class DiscoPowerTest extends ClearStateTestCase
21
{
22
    /** @var \SimpleSAML\Configuration */
23
    private static Configuration $discoconfig;
24
25
26
    /**
27
     * Set up for each test.
28
     */
29
    protected function setUp(): void
30
    {
31
        parent::setUp();
32
33
        $config = Configuration::loadFromArray(
34
            [
35
                'module.enable' => ['discopower' => true],
36
                'trusted.url.domains' => ['example.com'],
37
            ],
38
            '[ARRAY]',
39
            'simplesaml'
40
        );
41
42
        Configuration::setPreLoadedConfig($config, 'config.php');
43
44
        self::$discoconfig = Configuration::loadFromArray(
45
            [
46
                'defaulttab' => 0,
47
                'trusted.url.domains' => ['example.com'],
48
            ],
49
            '[ARRAY]',
50
            'simplesaml'
51
        );
52
    }
53
54
    public function testDiscoPowerNoDiscoParams(): void
55
    {
56
        $request = Request::create(
57
            '/disco.php',
58
            'GET'
59
        );
60
61
        $c = new Controller\DiscoPower();
62
63
        $this->expectException(Error\Error::class);
64
        $this->expectExceptionMessage("DISCOPARAMS");
65
        $r = $c->main($request);
0 ignored issues
show
Unused Code introduced by
The assignment to $r is dead and can be removed.
Loading history...
66
    }
67
68
    public function testDiscoPowerHasDiscoParams(): void
69
    {
70
        Configuration::setPreLoadedConfig(self::$discoconfig, 'module_discopower.php');
71
72
        $request = Request::create(
73
            '/disco.php',
74
            'GET',
75
        );
76
        $_GET = [
77
            'entityID' => 'https://example.com/sp',
78
            'return' => 'https://example.com/acs',
79
            'returnIDParam' => 'idpentityid'
80
        ];
81
        $_SERVER['REQUEST_URI'] = '/disco.php';
82
83
        $c = new Controller\DiscoPower();
84
85
        $r = $c->main($request);
86
        $this->assertInstanceOf(RunnableResponse::class, $r);
87
        $this->assertTrue($r->isSuccessful());
88
    }
89
90
    public function testDiscoPowerReturnUrlDisallowed(): void
91
    {
92
        Configuration::setPreLoadedConfig(self::$discoconfig, 'module_discopower.php');
93
94
        $request = Request::create(
95
            '/disco.php',
96
            'GET',
97
        );
98
        $_GET = [
99
            'entityID' => 'https://example.com/sp',
100
            'return' => 'https://attacker.example.org/acs',
101
            'returnIDParam' => 'idpentityid'
102
        ];
103
        $_SERVER['REQUEST_URI'] = '/disco.php';
104
105
        $c = new Controller\DiscoPower();
106
107
        // All exceptions in this stage are flattened into DISCOPARAMS
108
        $this->expectException(Error\Error::class);
109
        $this->expectExceptionMessage("DISCOPARAMS");
110
        $c->main($request);
111
    }
112
113
    public function testTablistJson(): void
114
    {
115
        $session = Session::getSessionFromRequest();
116
        $session->setData('discopower:tabList', 'faventry', 'http://example.org/idp');
117
        $session->setData('discopower:tabList', 'tabs', ['Frankrijk', 'Nederland', 'Duitsland']);
118
        $session->setData('discopower:tabList', 'defaulttab', 'Nederland');
119
120
        $request = Request::create(
121
            '/tablist',
122
            'GET'
123
        );
124
125
        $c = new Controller\DiscoPower();
126
127
        $r = $c->tablist($request);
128
        $this->assertTrue($r->isSuccessful());
129
        $this->assertEquals('application/json', $r->headers->get('Content-Type'));
130
        $this->assertEquals(
131
            '{"faventry":"http:\/\/example.org\/idp","default":"Nederland","tabs":["Frankrijk","Nederland","Duitsland"]}',
132
            $r->getContent(),
133
        );
134
135
        $request = Request::create(
136
            '/tablist',
137
            'GET',
138
            ['callback' => 'aapnoot'],
139
        );
140
141
        $c = new Controller\DiscoPower();
142
143
        $r = $c->tablist($request);
144
        $this->assertTrue($r->isSuccessful());
145
        $this->assertEquals('text/javascript', $r->headers->get('Content-Type'));
146
        $this->assertEquals(
147
            '/**/aapnoot({"faventry":"http:\/\/example.org\/idp","default":"Nederland","tabs":["Frankrijk","Nederland","Duitsland"]});',
148
            $r->getContent(),
149
        );
150
    }
151
152
    public function testTablistJsonNoSession(): void
153
    {
154
        $request = Request::create(
155
            '/tablist',
156
            'GET',
157
        );
158
159
        $c = new Controller\DiscoPower();
160
161
        $this->expectException(Error\Exception::class);
162
        $this->expectExceptionMessage("Could not get tab list from session");
163
        $r = $c->tablist($request);
0 ignored issues
show
Unused Code introduced by
The assignment to $r is dead and can be removed.
Loading history...
164
    }
165
166
    public function testTablistJsonUnsafeCallback(): void
167
    {
168
        $session = Session::getSessionFromRequest();
169
        $session->setData('discopower:tabList', 'faventry', 'http://example.org/idp');
170
        $session->setData('discopower:tabList', 'tabs', ['Frankrijk', 'Nederland', 'Duitsland']);
171
        $session->setData('discopower:tabList', 'defaulttab', 'Nederland');
172
173
        $request = Request::create(
174
            '/tablist',
175
            'GET',
176
            ['callback' => 'alert("hallo")'],
177
        );
178
179
        $c = new Controller\DiscoPower();
180
181
        $this->expectException(Error\Exception::class);
182
        $this->expectExceptionMessage("Unsafe JSONP callback");
183
        $r = $c->tablist($request);
0 ignored issues
show
Unused Code introduced by
The assignment to $r is dead and can be removed.
Loading history...
184
    }
185
}
186