From 350f84913a9390ac67f800a51f6c4d319331149c Mon Sep 17 00:00:00 2001
From: Harald Eilertsen <haraldei@anduin.net>
Date: Wed, 5 Jun 2024 07:59:42 +0000
Subject: Skip checking MFA status for WebDAV and CardDAV requests.

---
 tests/unit/includes/AuthTest.php | 81 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 81 insertions(+)
 create mode 100644 tests/unit/includes/AuthTest.php

(limited to 'tests/unit/includes/AuthTest.php')

diff --git a/tests/unit/includes/AuthTest.php b/tests/unit/includes/AuthTest.php
new file mode 100644
index 000000000..fa9726fe8
--- /dev/null
+++ b/tests/unit/includes/AuthTest.php
@@ -0,0 +1,81 @@
+<?php
+/**
+ * Tests for the authentication code used in Hubzilla.
+ *
+ * SPDX-FileCopyrightText: 2024 Hubzilla Community
+ * SPDX-FileContributor: Harald Eilertsen
+ *
+ * SPDX-License-Identifier: MIT
+ */
+
+namespace Zotlabs\Tests\Unit\Includes;
+
+use App;
+use Zotlabs\Lib\AConfig;
+use Zotlabs\Tests\Unit\UnitTestCase;
+use PHPUnit\Framework\Attributes\{DataProvider, RunTestsInSeparateProcesses};
+
+/**
+ * Test class containing the test for the Hubzilla authentication code.
+ *
+ * Since the main authentication code is executed in the global scope on
+ * inclusion of the `includes/auth.php` file, we need to run each test in a
+ * separate process to make sure we can excersize the code as we need.
+ */
+#[RunTestsInSeparateProcesses]
+class AuthTest extends UnitTestCase {
+
+	/**
+	 * Check that mfa status is not checked for certain modules.
+	 *
+	 * This causes issues with things like WebDAV and CardDAV, as there's
+	 * currently no way for these modules to signal that a TOTP code is needed
+	 * back to the connecting client.
+	 */
+	#[DataProvider('modules_excluded_from_mfa')]
+	public function test_mfa_is_not_checked_for_excluded_modules(string $module, array $args): void {
+		$account_id = $this->fixtures['account']['0']['account_id'];
+
+		$_SESSION = [
+			'authenticated' => true,
+			'account_id' => $account_id,
+
+			// Trick the code to not warn that $_SESSION['uid'] is not set,
+			// but also not trigger the code that tries to change to the
+			// given channel. *Remove when code is fixed!*
+			'uid' => 0,
+		];
+
+		$_SERVER['REMOTE_ADDR'] = '127.0.0.1';
+
+		App::$session = $this->create_session_stub();
+		App::$module = $module;
+		App::$argv = $args;
+		App::$argc = count($args);
+
+		// Enable multi factor authentication for this account
+		AConfig::Set($account_id, 'system', 'mfa_enabled', true);
+
+		require 'include/auth.php';
+
+		$this->assertEquals(1, $_SESSION['authenticated']);
+	}
+
+	/**
+	 * Data provider for testing modules excluded from mfa
+	 * @SuppressWarnings(PHPMD.UnusedPrivateMethod)
+	 */
+	public static function modules_excluded_from_mfa(): array {
+		return [
+			['totp_check', []],
+			['cdav', []],
+			['cdav', ['calendar']],
+			['cdav', ['addressbook']],
+			['dav', []],
+		];
+	}
+
+	private function create_session_stub(): \Zotlabs\Web\Session {
+		return $this->createStub('Zotlabs\Web\Session');
+	}
+}
-- 
cgit v1.2.3