kenmirrors/firefly-iii
1
0
Fork 0
mirror of https://github.com/firefly-iii/firefly-iii.git synced 2025-10-12 15:35:15 +00:00
Code Issues Projects Releases Wiki Activity

Replace Laravel binder with own binder. This will save in queries and increase security.

Browse Source
This commit is contained in:
James Cole
2017-12-25 08:45:23 +01:00
parent 96ccce5db3
commit bf390b65d9
37 changed files with 1671 additions and 142 deletions
Download Patch File Download Diff File Expand all files Collapse all files

112
tests/Unit/Middleware/AuthenticateTest.php Normal file
View File

@@ -0,0 +1,112 @@
<?php
/**
* AuthenticateTest.php
* Copyright (c) 2017 thegrumpydictator@gmail.com
*
* This file is part of Firefly III.
*
* Firefly III is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Firefly III is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with Firefly III. If not, see <http://www.gnu.org/licenses/>.
*/
declare(strict_types=1);
namespace Tests\Unit\Helpers;
use Route;
use Symfony\Component\HttpFoundation\Response;
use Tests\TestCase;
/**
* Class AuthenticateTest
*/
class AuthenticateTest extends TestCase
{
/**
* @covers \FireflyIII\Http\Middleware\Authenticate::handle
*/
public function testMiddleware()
{
$this->withoutExceptionHandling();
$response = $this->get('/_test/authenticate');
$this->assertEquals(Response::HTTP_FOUND, $response->getStatusCode());
$response->assertRedirect(route('login'));
}
/**
* @covers \FireflyIII\Http\Middleware\Authenticate::handle
*/
public function testMiddlewareAjax()
{
$server = ['HTTP_X-Requested-With' => 'XMLHttpRequest'];
$this->withoutExceptionHandling();
$response = $this->get('/_test/authenticate', $server);
$this->assertEquals(Response::HTTP_UNAUTHORIZED, $response->getStatusCode());
}
/**
* @covers \FireflyIII\Http\Middleware\Authenticate::handle
*/
public function testMiddlewareAuth()
{
$this->be($this->user());
$this->withoutExceptionHandling();
$response = $this->get('/_test/authenticate');
$this->assertEquals(Response::HTTP_OK, $response->getStatusCode());
}
/**
* @covers \FireflyIII\Http\Middleware\Authenticate::handle
*/
public function testMiddlewareBlockedUser()
{
$this->withoutExceptionHandling();
$user = $this->user();
$user->blocked = 1;
$this->be($user);
$response = $this->get('/_test/authenticate');
$this->assertEquals(Response::HTTP_FOUND, $response->getStatusCode());
$response->assertSessionHas('logoutMessage', strval(trans('firefly.block_account_logout')));
$response->assertRedirect(route('login'));
}
/**
* @covers \FireflyIII\Http\Middleware\Authenticate::handle
*/
public function testMiddlewareEmail()
{
$this->withoutExceptionHandling();
$user = $this->user();
$user->blocked = 1;
$user->blocked_code = 'email_changed';
$this->be($user);
$response = $this->get('/_test/authenticate');
$this->assertEquals(Response::HTTP_FOUND, $response->getStatusCode());
$response->assertSessionHas('logoutMessage', strval(trans('firefly.email_changed_logout')));
$response->assertRedirect(route('login'));
}
/**
* Set up test
*/
protected function setUp()
{
parent::setUp();
Route::middleware('auth')->any(
'/_test/authenticate', function () {
return 'OK';
}
);
}
}

218
tests/Unit/Middleware/AuthenticateTwoFactorTest.php Normal file
View File

@@ -0,0 +1,218 @@
<?php
/**
* AuthenticateTwoFactorTest.php
* Copyright (c) 2017 thegrumpydictator@gmail.com
*
* This file is part of Firefly III.
*
* Firefly III is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Firefly III is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with Firefly III. If not, see <http://www.gnu.org/licenses/>.
*/
declare(strict_types=1);
namespace Tests\Unit\Helpers;
use FireflyIII\Http\Middleware\AuthenticateTwoFactor;
use FireflyIII\Models\Preference;
use Preferences;
use Route;
use Symfony\Component\HttpFoundation\Response;
use Tests\TestCase;
/**
* Class AuthenticateTwoFactorTest
*/
class AuthenticateTwoFactorTest extends TestCase
{
/**
* @covers \FireflyIII\Http\Middleware\AuthenticateTwoFactor::handle
*/
public function testMiddleware()
{
$this->withoutExceptionHandling();
$response = $this->get('/_test/authenticate');
$this->assertEquals(Response::HTTP_FOUND, $response->getStatusCode());
$response->assertRedirect(route('login'));
}
/**
* @covers \FireflyIII\Http\Middleware\AuthenticateTwoFactor::handle
*/
public function testMiddlewareAjax()
{
$server = ['HTTP_X-Requested-With' => 'XMLHttpRequest'];
$this->withoutExceptionHandling();
$response = $this->get('/_test/authenticate', $server);
$this->assertEquals(Response::HTTP_UNAUTHORIZED, $response->getStatusCode());
}
/**
* @covers \FireflyIII\Http\Middleware\AuthenticateTwoFactor::handle
*/
public function testMiddlewareBlockedUser()
{
$this->withoutExceptionHandling();
$user = $this->user();
$user->blocked = 1;
$this->be($user);
$response = $this->get('/_test/authenticate');
$this->assertEquals(Response::HTTP_FOUND, $response->getStatusCode());
$response->assertSessionHas('logoutMessage', strval(trans('firefly.block_account_logout')));
$response->assertRedirect(route('login'));
}
/**
* tests for user with no 2FA, should just go to requested page.
*
* 2FA enabled: false
* 2FA secret : false
* cookie : false
*
*
* @covers \FireflyIII\Http\Middleware\AuthenticateTwoFactor::handle
*/
public function testMiddlewareNoTwoFA()
{
$this->withoutExceptionHandling();
$user = $this->user();
$user->blocked = 0;
$this->be($user);
// pref for has 2fa is false
$preference = new Preference;
$preference->data = false;
Preferences::shouldReceive('get')->withArgs(['twoFactorAuthEnabled', false])->once()->andReturn($preference);
// pref for no twoFactorAuthSecret
Preferences::shouldReceive('get')->withArgs(['twoFactorAuthSecret'])->once()->andReturn(null);
// no cookie
$cookie = [];
$response = $this->call('GET', '/_test/authenticate', [], $cookie);
$this->assertEquals(Response::HTTP_OK, $response->getStatusCode());
}
/**
* tests for user with 2FA but no secret. 2FA is not fired.
*
* 2FA enabled: true
* 2FA secret : false
* cookie : false
*
*
* @covers \FireflyIII\Http\Middleware\AuthenticateTwoFactor::handle
*/
public function testMiddlewareTwoFANoSecret()
{
$this->withoutExceptionHandling();
$user = $this->user();
$user->blocked = 0;
$this->be($user);
// pref for has 2fa is true
$preference = new Preference;
$preference->data = true;
Preferences::shouldReceive('get')->withArgs(['twoFactorAuthEnabled', false])->once()->andReturn($preference);
// pref for no twoFactorAuthSecret
Preferences::shouldReceive('get')->withArgs(['twoFactorAuthSecret'])->once()->andReturn(null);
// no cookie
$cookie = [];
$response = $this->call('GET', '/_test/authenticate', [], $cookie);
$this->assertEquals(Response::HTTP_OK, $response->getStatusCode());
}
/**
* tests for user with 2FA and secret. 2FA is checked
*
* 2FA enabled: true
* 2FA secret : 'abcde'
* cookie : false
*
*
* @covers \FireflyIII\Http\Middleware\AuthenticateTwoFactor::handle
*/
public function testMiddlewareTwoFASecret()
{
$this->withoutExceptionHandling();
$user = $this->user();
$user->blocked = 0;
$this->be($user);
// pref for has 2fa is true
$preference = new Preference;
$preference->data = true;
Preferences::shouldReceive('get')->withArgs(['twoFactorAuthEnabled', false])->once()->andReturn($preference);
// pref for twoFactorAuthSecret
$secret = new Preference;
$secret->data = 'SomeSecret';
Preferences::shouldReceive('get')->withArgs(['twoFactorAuthSecret'])->once()->andReturn($secret);
// no cookie
$cookie = [];
$response = $this->call('GET', '/_test/authenticate', [], $cookie);
$this->assertEquals(Response::HTTP_FOUND, $response->getStatusCode());
$response->assertRedirect(route('two-factor.index'));
}
/**
* tests for user with 2FA and secret and cookie. Continue to page.
*
* 2FA enabled: true
* 2FA secret : 'abcde'
* cookie : false
*
*
* @covers \FireflyIII\Http\Middleware\AuthenticateTwoFactor::handle
*/
public function testMiddlewareTwoFAAuthed()
{
$this->withoutExceptionHandling();
$user = $this->user();
$user->blocked = 0;
$this->be($user);
// pref for has 2fa is true
$preference = new Preference;
$preference->data = true;
Preferences::shouldReceive('get')->withArgs(['twoFactorAuthEnabled', false])->once()->andReturn($preference);
// pref for twoFactorAuthSecret
$secret = new Preference;
$secret->data = 'SomeSecret';
Preferences::shouldReceive('get')->withArgs(['twoFactorAuthSecret'])->once()->andReturn($secret);
// no cookie
$cookie = ['twoFactorAuthenticated' => 'true'];
$response = $this->call('GET', '/_test/authenticate', [], $cookie);
$this->assertEquals(Response::HTTP_OK, $response->getStatusCode());
}
/**
* Set up test
*/
protected function setUp()
{
parent::setUp();
Route::middleware(AuthenticateTwoFactor::class)->any(
'/_test/authenticate', function () {
return 'OK';
}
);
}
}

1016
tests/Unit/Middleware/BinderTest.php Normal file
View File

File diff suppressed because it is too large Load Diff