123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209 |
- <?php
- // Copyright 2019 Hackware SpA <human@hackware.cl>
- // "Hackware Web Services Core" is released under the MIT License terms.
- namespace Hawese\Tests;
- use Hawese\Core\User;
- use Hawese\Core\Token;
- use Laravel\Lumen\Testing\DatabaseTransactions;
- class UserTest extends TestCase
- {
- use DatabaseTransactions;
- public function setUp(): void
- {
- parent::setUp();
- $this->user = new User([
- 'uid' => 'user',
- 'email' => 'user@domain.name',
- 'password' => password_hash('password', PASSWORD_DEFAULT),
- 'display_name' => 'User',
- 'info' => null
- ]);
- $this->user->insert();
- }
- public function testChangePassword()
- {
- $this->user->changePassword('new_password');
- $this->assertTrue(
- password_verify('new_password', $this->user->password)
- );
- }
- public function testLoginByPassword()
- {
- $_SERVER['REMOTE_ADDR'] = '127.0.0.1';
- $this->assertEqualsCanonicalizing(
- $this->user,
- User::loginByPassword($this->user->uid, 'password')
- );
- $this->assertSame(app('session')->get('user_uid'), $this->user->uid);
- }
- public function testFailedLoginByPassword()
- {
- $_SERVER['REMOTE_ADDR'] = '127.0.0.240';
- $this->expectExceptionMessage('Too many failed requests');
- for ($i = 0; $i < 5; $i++) {
- try {
- User::loginByPassword($this->user->uid, 'notpassword');
- } catch (\Hawese\Core\Exceptions\WrongCredentialsException $e) {
- // nothing, continue
- }
- }
- }
- public function testLoginByPasswordRemember()
- {
- $_SERVER['REMOTE_ADDR'] = '127.0.0.1';
- $this->assertEqualsCanonicalizing(
- $this->user,
- User::loginByPassword($this->user->uid, 'password', true),
- );
- $this->assertSame($this->user->uid, app('session')->get('user_uid'));
- // I should test cookies!! ... and probably don't set cookies here
- $this->assertSame(1, Token::select()->count());
- }
- public function testLoginByTokenHumanDontRemember()
- {
- $_SERVER['REMOTE_ADDR'] = '127.0.0.1';
- $token = Token::generate(Token::HUMAN, $this->user->uid);
- $this->assertEqualsCanonicalizing(
- $this->user,
- User::loginByToken($token->key, $token->secret, false)
- );
- $this->assertSame($this->user->uid, app('session')->get('user_uid'));
- // Verify previous token has been deleted after login
- $this->assertSame(0, Token::select()->count());
- }
- public function testLoginByTokenRemember()
- {
- $_SERVER['REMOTE_ADDR'] = '127.0.0.1';
- $token = Token::generate(Token::HUMAN, $this->user->uid);
- $this->assertEqualsCanonicalizing(
- $this->user,
- User::loginByToken($token->key, $token->secret)
- );
- $this->assertSame($this->user->uid, app('session')->get('user_uid'));
- // Verify previous token has been deleted after login
- $this->assertSame(1, Token::select()->count());
- $this->assertNotSame($token->key, Token::select()->first()->key);
- }
- public function testLoginByTokenSystem()
- {
- $_SERVER['REMOTE_ADDR'] = '127.0.0.1';
- $token = Token::generate(Token::SYSTEM, $this->user->uid);
- $this->assertEqualsCanonicalizing(
- $this->user,
- // 3rd param shouldn't be considered for system tokens
- User::loginByToken($token->key, $token->secret, true)
- );
- // Verify previous token has NOT been deleted after login
- $this->assertSame($token->key, Token::select()->first()->key);
- }
- public function testFailedLoginByToken()
- {
- $_SERVER['REMOTE_ADDR'] = '127.0.0.241';
- $token = Token::generate(Token::HUMAN, $this->user->uid);
- $this->expectExceptionMessage('Too many failed requests');
- for ($i = 0; $i < 5; $i++) {
- try {
- User::loginByToken($token->key, 'notsecret');
- } catch (\Hawese\Core\Exceptions\WrongCredentialsException $e) {
- // nothing, continue
- }
- }
- }
- public function testGenerateHumanToken()
- {
- $token = $this->user->generateHumanToken();
- $this->assertInstanceOf(Token::class, $token);
- $this->assertSame(Token::HUMAN, $token->type);
- }
- public function testGenerateSystemToken()
- {
- $token = $this->user->generateSystemToken();
- $this->assertInstanceOf(Token::class, $token);
- $this->assertSame(Token::SYSTEM, $token->type);
- }
- public function testLogout()
- {
- app('session')->set('user_uid', $this->user->uid);
- $token = Token::generate(Token::HUMAN, $this->user->uid);
- $_COOKIE['auth_token'] = $token->key . ':' . $token->secret;
- $this->assertTrue($this->user->logout());
- $this->assertSame(0, Token::select()->count());
- $this->assertNull(app('session')->get('user_uid'));
- }
- public function testLogoutSystemToken()
- {
- $token = Token::generate(Token::SYSTEM, $this->user->uid);
- $_COOKIE['auth_token'] = $token->key . ':' . $token->secret;
- $this->assertFalse($this->user->logout());
- }
- public function testEmailToken()
- {
- $origin = preg_split('/, ?/', env('CORS_ALLOW_ORIGINS'))[0];
- $this->assertInstanceOf(
- \Hawese\Core\Mailer::class,
- User::emailToken($this->user->uid, $origin)
- );
- }
- public function testEmailTokenException()
- {
- $origin = preg_split('/, ?/', env('CORS_ALLOW_ORIGINS'))[0];
- $this->user->email = null;
- $this->user->update(['email']);
- $this->expectException(\PHPMailer\PHPMailer\Exception::class);
- User::emailToken($this->user->uid, $origin);
- }
- public function testEmailTokenWrongOrigin()
- {
- $this->expectExceptionMessage('Unacceptable origin');
- User::emailToken($this->user->uid, 'not_origin');
- }
- public function testIsOwner()
- {
- $this->assertTrue($this->user->isOwner($this->user));
- $otherUser = new User();
- $this->assertFalse($this->user->isOwner($otherUser));
- }
- public function testIsSuperUser()
- {
- $this->assertFalse($this->user->isSuperUser());
- $user = new User(['uid' => 'hawese']);
- $this->assertTrue($user->isSuperUser());
- }
- }
|