szurubooru/tests/Services/AuthServiceTest.php

<?php
namespace Szurubooru\Tests\Services;
use Szurubooru\Entities\Token;
use Szurubooru\Entities\User;
use Szurubooru\FormData\LoginFormData;
use Szurubooru\Services\AuthService;
use Szurubooru\Services\PasswordService;
use Szurubooru\Services\TimeService;
use Szurubooru\Services\TokenService;
use Szurubooru\Services\UserService;
use Szurubooru\Tests\AbstractTestCase;

final class AuthServiceTest extends AbstractTestCase
{
    private $configMock;
    private $passwordServiceMock;
    private $timeServiceMock;
    private $tokenServiceMock;
    private $userServiceMock;

    public function setUp()
    {
        parent::setUp();
        $this->configMock = $this->mockConfig();
        $this->passwordServiceMock = $this->mock(PasswordService::class);
        $this->timeServiceMock = $this->mock(TimeService::class);
        $this->tokenServiceMock = $this->mock(TokenService::class);
        $this->userServiceMock = $this->mock(UserService::class);
    }

    public function testInvalidPassword()
    {
        $this->configMock->set('security/needEmailActivationToRegister', false);
        $this->passwordServiceMock->expects($this->once())->method('isHashValid')->with('godzilla', 'salt', 'hash')->willReturn(false);

        $testUser = new User();
        $testUser->setName('dummy');
        $testUser->setPasswordHash('hash');
        $testUser->setPasswordSalt('salt');
        $this->userServiceMock->expects($this->once())->method('getByNameOrEmail')->willReturn($testUser);

        $this->setExpectedException(\Exception::class, 'Specified password is invalid');
        $authService = $this->getAuthService();
        $formData = new LoginFormData();
        $formData->userNameOrEmail = 'dummy';
        $formData->password = 'godzilla';
        $authService->loginFromCredentials($formData);
    }

    public function testValidCredentials()
    {
        $this->configMock->set('security/needEmailActivationToRegister', false);
        $this->passwordServiceMock->expects($this->once())->method('isHashValid')->with('godzilla', 'salt', 'hash')->willReturn(true);

        $testUser = new User('an unusual database identifier');
        $testUser->setName('dummy');
        $testUser->setPasswordHash('hash');
        $testUser->setPasswordSalt('salt');
        $this->userServiceMock->expects($this->once())->method('getByNameOrEmail')->willReturn($testUser);

        $testToken = new Token();
        $testToken->setName('mummy');
        $this->tokenServiceMock->expects($this->once())->method('createAndSaveToken')->with(
            $testUser->getId(),
            Token::PURPOSE_LOGIN)->willReturn($testToken);

        $authService = $this->getAuthService();
        $formData = new LoginFormData();
        $formData->userNameOrEmail = 'dummy';
        $formData->password = 'godzilla';
        $authService->loginFromCredentials($formData);

        $this->assertTrue($authService->isLoggedIn());
        $this->assertEquals($testUser, $authService->getLoggedInUser());
        $this->assertNotNull($authService->getLoginToken());
        $this->assertEquals('mummy', $authService->getLoginToken()->getName());
    }

    public function testValidCredentialsUnconfirmedEmail()
    {
        $this->configMock->set('security/needEmailActivationToRegister', true);
        $this->passwordServiceMock->expects($this->never())->method('isHashValid')->willReturn('hash');

        $testUser = new User();
        $testUser->setName('dummy');
        $testUser->setPasswordHash('hash');
        $this->userServiceMock->expects($this->once())->method('getByNameOrEmail')->willReturn($testUser);

        $this->setExpectedException(\Exception::class, 'User didn\'t confirm account yet');
        $authService = $this->getAuthService();
        $formData = new LoginFormData();
        $formData->userNameOrEmail = 'dummy';
        $formData->password = 'godzilla';
        $authService->loginFromCredentials($formData);

        $this->assertFalse($authService->isLoggedIn());
        $this->assertNull($testUser, $authService->getLoggedInUser());
        $this->assertNull($authService->getLoginToken());
    }

    public function testInvalidToken()
    {
        $this->configMock->set('security/needEmailActivationToRegister', false);

        $this->setExpectedException(\Exception::class);
        $authService = $this->getAuthService();
        $testToken = new Token();
        $authService->loginFromToken($testToken);
    }

    public function testValidToken()
    {
        $this->configMock->set('security/needEmailActivationToRegister', false);
        $testUser = new User(5);
        $testUser->setName('dummy');
        $this->userServiceMock->expects($this->once())->method('getById')->willReturn($testUser);

        $testToken = new Token();
        $testToken->setName('dummy_token');
        $testToken->setAdditionalData($testUser->getId());
        $testToken->setPurpose(Token::PURPOSE_LOGIN);

        $authService = $this->getAuthService();
        $authService->loginFromToken($testToken);

        $this->assertTrue($authService->isLoggedIn());
        $this->assertEquals($testUser, $authService->getLoggedInUser());
        $this->assertNotNull($authService->getLoginToken());
        $this->assertEquals('dummy_token', $authService->getLoginToken()->getName());
    }

    public function testValidTokenInvalidPurpose()
    {
        $this->configMock->set('security/needEmailActivationToRegister', false);
        $testToken = new Token();
        $testToken->setName('dummy_token');
        $testToken->setAdditionalData('whatever');
        $testToken->setPurpose(null);

        $this->setExpectedException(\Exception::class, 'This token is not a login token');
        $authService = $this->getAuthService();
        $authService->loginFromToken($testToken);

        $this->assertFalse($authService->isLoggedIn());
        $this->assertNull($authService->getLoggedInUser());
        $this->assertNull($authService->getLoginToken());
    }

    public function testValidTokenUnconfirmedEmail()
    {
        $this->configMock->set('security/needEmailActivationToRegister', true);
        $testUser = new User(5);
        $testUser->setName('dummy');
        $this->userServiceMock->expects($this->once())->method('getById')->willReturn($testUser);

        $testToken = new Token();
        $testToken->setName('dummy_token');
        $testToken->setAdditionalData($testUser->getId());
        $testToken->setPurpose(Token::PURPOSE_LOGIN);

        $this->setExpectedException(\Exception::class, 'User didn\'t confirm account yet');
        $authService = $this->getAuthService();
        $authService->loginFromToken($testToken);

        $this->assertFalse($authService->isLoggedIn());
        $this->assertNull($testUser, $authService->getLoggedInUser());
        $this->assertNull($authService->getLoginToken());
    }

    private function getAuthService()
    {
        return new AuthService(
            $this->configMock,
            $this->passwordServiceMock,
            $this->timeServiceMock,
            $this->tokenServiceMock,
            $this->userServiceMock);
    }
}