szurubooru/tests/Services/AuthServiceTest.php
Marcin Kurczewski 3e1aaebf89 Fixed account activation for first user
Until now, AuthService used to check for empty e-mail in order to tell
whether an account is activated. This was wrong for following scenario:

1. User doesn't enter any e-mail.
2. Because he is about to become the first user to register, he will
   become an administrator.
3. Administrators don't need to confirm their e-mail address. Activation
   e-mail is not sent, code for e-mail activation is run instead.
4. The user succeeds to create an e-mail-less administrator account.
5. The user fails to login due to unconfirmed e-mail.
6. The code that activates an e-mail just moves unconfirmed e-mail to
   primary e-mail. That was the bug, there's no e-mail to confirm.

Things got (hopefully) simpler now, since I added separate column for
indicating whether account is activated.
2014-10-18 18:48:22 +02:00

168 lines
6.2 KiB
PHP

<?php
namespace Szurubooru\Tests\Services;
class AuthServiceTest extends \Szurubooru\Tests\AbstractTestCase
{
private $configMock;
private $passwordServiceMock;
private $timeServiceMock;
private $tokenServiceMock;
private $userServiceMock;
public function setUp()
{
parent::setUp();
$this->configMock = $this->mockConfig();
$this->passwordServiceMock = $this->mock(\Szurubooru\Services\PasswordService::class);
$this->timeServiceMock = $this->mock(\Szurubooru\Services\TimeService::class);
$this->tokenServiceMock = $this->mock(\Szurubooru\Services\TokenService::class);
$this->userServiceMock = $this->mock(\Szurubooru\Services\UserService::class);
}
public function testInvalidPassword()
{
$this->configMock->set('security/needEmailActivationToRegister', false);
$this->passwordServiceMock->expects($this->once())->method('getHash')->willReturn('unmatchingHash');
$testUser = new \Szurubooru\Entities\User();
$testUser->setName('dummy');
$testUser->setPasswordHash('hash');
$this->userServiceMock->expects($this->once())->method('getByNameOrEmail')->willReturn($testUser);
$this->setExpectedException(\Exception::class, 'Specified password is invalid');
$authService = $this->getAuthService();
$formData = new \Szurubooru\FormData\LoginFormData();
$formData->userNameOrEmail = 'dummy';
$formData->password = 'godzilla';
$authService->loginFromCredentials($formData);
}
public function testValidCredentials()
{
$this->configMock->set('security/needEmailActivationToRegister', false);
$this->passwordServiceMock->expects($this->once())->method('getHash')->willReturn('hash');
$testUser = new \Szurubooru\Entities\User('an unusual database identifier');
$testUser->setName('dummy');
$testUser->setPasswordHash('hash');
$this->userServiceMock->expects($this->once())->method('getByNameOrEmail')->willReturn($testUser);
$testToken = new \Szurubooru\Entities\Token();
$testToken->setName('mummy');
$this->tokenServiceMock->expects($this->once())->method('createAndSaveToken')->with(
$testUser->getId(),
\Szurubooru\Entities\Token::PURPOSE_LOGIN)->willReturn($testToken);
$authService = $this->getAuthService();
$formData = new \Szurubooru\FormData\LoginFormData();
$formData->userNameOrEmail = 'dummy';
$formData->password = 'godzilla';
$authService->loginFromCredentials($formData);
$this->assertTrue($authService->isLoggedIn());
$this->assertEquals($testUser, $authService->getLoggedInUser());
$this->assertNotNull($authService->getLoginToken());
$this->assertEquals('mummy', $authService->getLoginToken()->getName());
}
public function testValidCredentialsUnconfirmedEmail()
{
$this->configMock->set('security/needEmailActivationToRegister', true);
$this->passwordServiceMock->expects($this->never())->method('getHash')->willReturn('hash');
$testUser = new \Szurubooru\Entities\User();
$testUser->setName('dummy');
$testUser->setPasswordHash('hash');
$this->userServiceMock->expects($this->once())->method('getByNameOrEmail')->willReturn($testUser);
$this->setExpectedException(\Exception::class, 'User didn\'t confirm account yet');
$authService = $this->getAuthService();
$formData = new \Szurubooru\FormData\LoginFormData();
$formData->userNameOrEmail = 'dummy';
$formData->password = 'godzilla';
$authService->loginFromCredentials($formData);
$this->assertFalse($authService->isLoggedIn());
$this->assertNull($testUser, $authService->getLoggedInUser());
$this->assertNull($authService->getLoginToken());
}
public function testInvalidToken()
{
$this->configMock->set('security/needEmailActivationToRegister', false);
$this->setExpectedException(\Exception::class);
$authService = $this->getAuthService();
$testToken = new \Szurubooru\Entities\Token();
$authService->loginFromToken($testToken);
}
public function testValidToken()
{
$this->configMock->set('security/needEmailActivationToRegister', false);
$testUser = new \Szurubooru\Entities\User(5);
$testUser->setName('dummy');
$this->userServiceMock->expects($this->once())->method('getById')->willReturn($testUser);
$testToken = new \Szurubooru\Entities\Token();
$testToken->setName('dummy_token');
$testToken->setAdditionalData($testUser->getId());
$testToken->setPurpose(\Szurubooru\Entities\Token::PURPOSE_LOGIN);
$authService = $this->getAuthService();
$authService->loginFromToken($testToken);
$this->assertTrue($authService->isLoggedIn());
$this->assertEquals($testUser, $authService->getLoggedInUser());
$this->assertNotNull($authService->getLoginToken());
$this->assertEquals('dummy_token', $authService->getLoginToken()->getName());
}
public function testValidTokenInvalidPurpose()
{
$this->configMock->set('security/needEmailActivationToRegister', false);
$testToken = new \Szurubooru\Entities\Token();
$testToken->setName('dummy_token');
$testToken->setAdditionalData('whatever');
$testToken->setPurpose(null);
$this->setExpectedException(\Exception::class, 'This token is not a login token');
$authService = $this->getAuthService();
$authService->loginFromToken($testToken);
$this->assertFalse($authService->isLoggedIn());
$this->assertNull($authService->getLoggedInUser());
$this->assertNull($authService->getLoginToken());
}
public function testValidTokenUnconfirmedEmail()
{
$this->configMock->set('security/needEmailActivationToRegister', true);
$testUser = new \Szurubooru\Entities\User(5);
$testUser->setName('dummy');
$this->userServiceMock->expects($this->once())->method('getById')->willReturn($testUser);
$testToken = new \Szurubooru\Entities\Token();
$testToken->setName('dummy_token');
$testToken->setAdditionalData($testUser->getId());
$testToken->setPurpose(\Szurubooru\Entities\Token::PURPOSE_LOGIN);
$this->setExpectedException(\Exception::class, 'User didn\'t confirm account yet');
$authService = $this->getAuthService();
$authService->loginFromToken($testToken);
$this->assertFalse($authService->isLoggedIn());
$this->assertNull($testUser, $authService->getLoggedInUser());
$this->assertNull($authService->getLoginToken());
}
private function getAuthService()
{
return new \Szurubooru\Services\AuthService(
$this->configMock,
$this->passwordServiceMock,
$this->timeServiceMock,
$this->tokenServiceMock,
$this->userServiceMock);
}
}