UserTest.php 6.4 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209
  1. <?php
  2. // Copyright 2019 Hackware SpA <human@hackware.cl>
  3. // "Hackware Web Services Core" is released under the MIT License terms.
  4. namespace Hawese\Tests;
  5. use Hawese\Core\User;
  6. use Hawese\Core\Token;
  7. use Laravel\Lumen\Testing\DatabaseTransactions;
  8. class UserTest extends TestCase
  9. {
  10. use DatabaseTransactions;
  11. public function setUp(): void
  12. {
  13. parent::setUp();
  14. $this->user = new User([
  15. 'uid' => 'user',
  16. 'email' => 'user@domain.name',
  17. 'password' => password_hash('password', PASSWORD_DEFAULT),
  18. 'display_name' => 'User',
  19. 'info' => null
  20. ]);
  21. $this->user->insert();
  22. }
  23. public function testChangePassword()
  24. {
  25. $this->user->changePassword('new_password');
  26. $this->assertTrue(
  27. password_verify('new_password', $this->user->password)
  28. );
  29. }
  30. public function testLoginByPassword()
  31. {
  32. $_SERVER['REMOTE_ADDR'] = '127.0.0.1';
  33. $this->assertEqualsCanonicalizing(
  34. $this->user,
  35. User::loginByPassword($this->user->uid, 'password')
  36. );
  37. $this->assertSame(app('session')->get('user_uid'), $this->user->uid);
  38. }
  39. public function testFailedLoginByPassword()
  40. {
  41. $_SERVER['REMOTE_ADDR'] = '127.0.0.240';
  42. $this->expectExceptionMessage('Too many failed requests');
  43. for ($i = 0; $i < 5; $i++) {
  44. try {
  45. User::loginByPassword($this->user->uid, 'notpassword');
  46. } catch (\Hawese\Core\Exceptions\WrongCredentialsException $e) {
  47. // nothing, continue
  48. }
  49. }
  50. }
  51. public function testLoginByPasswordRemember()
  52. {
  53. $_SERVER['REMOTE_ADDR'] = '127.0.0.1';
  54. $this->assertEqualsCanonicalizing(
  55. $this->user,
  56. User::loginByPassword($this->user->uid, 'password', true),
  57. );
  58. $this->assertSame($this->user->uid, app('session')->get('user_uid'));
  59. // I should test cookies!! ... and probably don't set cookies here
  60. $this->assertSame(1, Token::select()->count());
  61. }
  62. public function testLoginByTokenHumanDontRemember()
  63. {
  64. $_SERVER['REMOTE_ADDR'] = '127.0.0.1';
  65. $token = Token::generate(Token::HUMAN, $this->user->uid);
  66. $this->assertEqualsCanonicalizing(
  67. $this->user,
  68. User::loginByToken($token->key, $token->secret, false)
  69. );
  70. $this->assertSame($this->user->uid, app('session')->get('user_uid'));
  71. // Verify previous token has been deleted after login
  72. $this->assertSame(0, Token::select()->count());
  73. }
  74. public function testLoginByTokenRemember()
  75. {
  76. $_SERVER['REMOTE_ADDR'] = '127.0.0.1';
  77. $token = Token::generate(Token::HUMAN, $this->user->uid);
  78. $this->assertEqualsCanonicalizing(
  79. $this->user,
  80. User::loginByToken($token->key, $token->secret)
  81. );
  82. $this->assertSame($this->user->uid, app('session')->get('user_uid'));
  83. // Verify previous token has been deleted after login
  84. $this->assertSame(1, Token::select()->count());
  85. $this->assertNotSame($token->key, Token::select()->first()->key);
  86. }
  87. public function testLoginByTokenSystem()
  88. {
  89. $_SERVER['REMOTE_ADDR'] = '127.0.0.1';
  90. $token = Token::generate(Token::SYSTEM, $this->user->uid);
  91. $this->assertEqualsCanonicalizing(
  92. $this->user,
  93. // 3rd param shouldn't be considered for system tokens
  94. User::loginByToken($token->key, $token->secret, true)
  95. );
  96. // Verify previous token has NOT been deleted after login
  97. $this->assertSame($token->key, Token::select()->first()->key);
  98. }
  99. public function testFailedLoginByToken()
  100. {
  101. $_SERVER['REMOTE_ADDR'] = '127.0.0.241';
  102. $token = Token::generate(Token::HUMAN, $this->user->uid);
  103. $this->expectExceptionMessage('Too many failed requests');
  104. for ($i = 0; $i < 5; $i++) {
  105. try {
  106. User::loginByToken($token->key, 'notsecret');
  107. } catch (\Hawese\Core\Exceptions\WrongCredentialsException $e) {
  108. // nothing, continue
  109. }
  110. }
  111. }
  112. public function testGenerateHumanToken()
  113. {
  114. $token = $this->user->generateHumanToken();
  115. $this->assertInstanceOf(Token::class, $token);
  116. $this->assertSame(Token::HUMAN, $token->type);
  117. }
  118. public function testGenerateSystemToken()
  119. {
  120. $token = $this->user->generateSystemToken();
  121. $this->assertInstanceOf(Token::class, $token);
  122. $this->assertSame(Token::SYSTEM, $token->type);
  123. }
  124. public function testLogout()
  125. {
  126. app('session')->set('user_uid', $this->user->uid);
  127. $token = Token::generate(Token::HUMAN, $this->user->uid);
  128. $_COOKIE['auth_token'] = $token->key . ':' . $token->secret;
  129. $this->assertTrue($this->user->logout());
  130. $this->assertSame(0, Token::select()->count());
  131. $this->assertNull(app('session')->get('user_uid'));
  132. }
  133. public function testLogoutSystemToken()
  134. {
  135. $token = Token::generate(Token::SYSTEM, $this->user->uid);
  136. $_COOKIE['auth_token'] = $token->key . ':' . $token->secret;
  137. $this->assertFalse($this->user->logout());
  138. }
  139. public function testEmailToken()
  140. {
  141. $origin = preg_split('/, ?/', env('CORS_ALLOW_ORIGINS'))[0];
  142. $this->assertInstanceOf(
  143. \Hawese\Core\Mailer::class,
  144. User::emailToken($this->user->uid, $origin)
  145. );
  146. }
  147. public function testEmailTokenException()
  148. {
  149. $origin = preg_split('/, ?/', env('CORS_ALLOW_ORIGINS'))[0];
  150. $this->user->email = null;
  151. $this->user->update(['email']);
  152. $this->expectException(\PHPMailer\PHPMailer\Exception::class);
  153. User::emailToken($this->user->uid, $origin);
  154. }
  155. public function testEmailTokenWrongOrigin()
  156. {
  157. $this->expectExceptionMessage('Unacceptable origin');
  158. User::emailToken($this->user->uid, 'not_origin');
  159. }
  160. public function testIsOwner()
  161. {
  162. $this->assertTrue($this->user->isOwner($this->user));
  163. $otherUser = new User();
  164. $this->assertFalse($this->user->isOwner($otherUser));
  165. }
  166. public function testIsSuperUser()
  167. {
  168. $this->assertFalse($this->user->isSuperUser());
  169. $user = new User(['uid' => 'hawese']);
  170. $this->assertTrue($user->isSuperUser());
  171. }
  172. }