SecurityTest.php 6.8 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186
  1. <?php
  2. declare(strict_types = 1);
  3. // {{{ License
  4. // This file is part of GNU social - https://www.gnu.org/software/social
  5. //
  6. // GNU social is free software: you can redistribute it and/or modify
  7. // it under the terms of the GNU Affero General Public License as published by
  8. // the Free Software Foundation, either version 3 of the License, or
  9. // (at your option) any later version.
  10. //
  11. // GNU social is distributed in the hope that it will be useful,
  12. // but WITHOUT ANY WARRANTY; without even the implied warranty of
  13. // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  14. // GNU Affero General Public License for more details.
  15. //
  16. // You should have received a copy of the GNU Affero General Public License
  17. // along with GNU social. If not, see <http://www.gnu.org/licenses/>.
  18. // }}}
  19. namespace App\Tests\Controller;
  20. use App\Util\GNUsocialTestCase;
  21. class SecurityTest extends GNUsocialTestCase
  22. {
  23. // --------- Login --------------
  24. private function testLogin(string $nickname, string $password)
  25. {
  26. // This calls static::bootKernel(), and creates a "client" that is acting as the browser
  27. $client = static::createClient();
  28. $crawler = $client->request('GET', '/main/login');
  29. $this->assertResponseIsSuccessful();
  30. // $form = $crawler->selectButton('Sign in')->form();
  31. $crawler = $client->submitForm('Sign in', [
  32. '_username' => $nickname,
  33. '_password' => $password,
  34. ]);
  35. $this->assertResponseStatusCodeSame(302);
  36. $crawler = $client->followRedirect();
  37. return [$client, $crawler];
  38. }
  39. public function testLoginSuccess()
  40. {
  41. [, $crawler] = self::testLogin($nickname = 'taken_user', 'foobar');
  42. $this->assertResponseIsSuccessful();
  43. $this->assertSelectorNotExists('.alert');
  44. $this->assertRouteSame('main_all');
  45. $this->assertSelectorTextContains('.profile-info .profile-info-nickname', $nickname);
  46. }
  47. public function testLoginAttemptAlreadyLoggedIn()
  48. {
  49. [$client] = self::testLogin('taken_user', 'foobar'); // Normal login
  50. $crawler = $client->request('GET', '/main/login'); // attempt to login again
  51. $client->followRedirect();
  52. $this->assertRouteSame('main_all');
  53. }
  54. public function testLoginFailure()
  55. {
  56. self::testLogin('taken_user', 'wrong password');
  57. $this->assertResponseIsSuccessful();
  58. $this->assertSelectorTextContains('.alert', 'Invalid login credentials');
  59. $this->assertRouteSame('security_login');
  60. }
  61. public function testLoginEmail()
  62. {
  63. self::testLogin('email@provider', 'foobar');
  64. $this->assertResponseIsSuccessful();
  65. $this->assertSelectorNotExists('.alert');
  66. $this->assertRouteSame('main_all');
  67. $this->assertSelectorTextContains('.profile-info .profile-info-nickname', 'taken_user');
  68. }
  69. // --------- Register --------------
  70. private function testRegister(string $nickname, string $email, string $password)
  71. {
  72. $client = static::createClient();
  73. $crawler = $client->request('GET', '/main/register');
  74. $this->assertResponseIsSuccessful();
  75. $crawler = $client->submitForm('Register', [
  76. 'register[nickname]' => $nickname,
  77. 'register[email]' => $email,
  78. 'register[password][first]' => $password,
  79. 'register[password][second]' => $password,
  80. ]);
  81. return [$client, $crawler];
  82. }
  83. public function testRegisterSuccess()
  84. {
  85. [$client,] = self::testRegister('new_nickname', 'new_email@email_provider', 'foobar');
  86. $this->assertResponseStatusCodeSame(302);
  87. $client->followRedirect();
  88. $this->assertResponseIsSuccessful();
  89. $this->assertSelectorNotExists('.alert');
  90. $this->assertRouteSame('main_all');
  91. $this->assertSelectorTextContains('.profile-info .profile-info-nickname', 'new_nickname');
  92. }
  93. public function testRegisterDifferentPassword()
  94. {
  95. $client = static::createClient();
  96. $crawler = $client->request('GET', '/main/register');
  97. $this->assertResponseIsSuccessful();
  98. $crawler = $client->submitForm('Register', [
  99. 'register[nickname]' => 'new_user',
  100. 'register[email]' => 'new_email@provider',
  101. 'register[password][first]' => 'fooobar',
  102. 'register[password][second]' => 'barquux',
  103. ]);
  104. $this->assertSelectorTextContains('form[name=register] ul li', 'The password fields must match');
  105. $this->assertResponseStatusCodeSame(200);
  106. $this->assertRouteSame('security_register');
  107. }
  108. private function testRegisterPasswordLength(string $password, string $error)
  109. {
  110. self::testRegister('new_nickname', 'email@provider', $password);
  111. $this->assertResponseIsSuccessful();
  112. $this->assertSelectorTextContains('.help-block > ul > li', $error);
  113. $this->assertRouteSame('security_register');
  114. }
  115. public function testRegisterPasswordEmpty()
  116. {
  117. self::testRegisterPasswordLength('', error: 'Please enter a password');
  118. }
  119. public function testRegisterPasswordShort()
  120. {
  121. self::testRegisterPasswordLength('f', error: 'Your password should be at least');
  122. }
  123. public function testRegisterPasswordLong()
  124. {
  125. self::testRegisterPasswordLength(str_repeat('f', 128), error: 'Your password should be at most');
  126. }
  127. private function testRegisterNoEmail()
  128. {
  129. self::testRegister('new_nickname', '', 'foobar');
  130. $this->assertResponseIsSuccessful();
  131. $this->assertSelectorTextContains('.help-block > ul > li', 'Please enter an email');
  132. $this->assertRouteSame('security_register');
  133. }
  134. private function testRegisterNicknameLength(string $nickname, string $error)
  135. {
  136. self::testRegister($nickname, 'email@provider', 'foobar');
  137. $this->assertResponseIsSuccessful();
  138. $this->assertSelectorTextContains('.help-block > ul > li', $error);
  139. $this->assertRouteSame('security_register');
  140. }
  141. public function testRegisterNicknameEmpty()
  142. {
  143. self::testRegisterNicknameLength('', error: 'Please enter a nickname');
  144. }
  145. public function testRegisterNicknameLong()
  146. {
  147. self::testRegisterNicknameLength(str_repeat('f', 128), error: 'Your nickname must be at most');
  148. }
  149. public function testRegisterExistingNickname()
  150. {
  151. [$client, $crawler] = self::testRegister('taken_user', 'new_new_email@email_provider', 'foobar');
  152. $this->assertSelectorTextContains('.stacktrace', 'App\Util\Exception\NicknameTakenException');
  153. }
  154. public function testRegisterExistingEmail()
  155. {
  156. [$client, $crawler] = self::testRegister('other_new_nickname', 'email@provider', 'foobar');
  157. $this->assertSelectorTextContains('.stacktrace', 'App\Util\Exception\EmailTakenException');
  158. }
  159. }