From 350f84913a9390ac67f800a51f6c4d319331149c Mon Sep 17 00:00:00 2001
From: Harald Eilertsen <haraldei@anduin.net>
Date: Wed, 5 Jun 2024 07:59:42 +0000
Subject: Skip checking MFA status for WebDAV and CardDAV requests.

---
 tests/unit/UnitTestCase.php                |  1 +
 tests/unit/includes/AuthTest.php           | 81 ++++++++++++++++++++++++++++++
 tests/unit/includes/dba/_files/account.yml |  2 +
 3 files changed, 84 insertions(+)
 create mode 100644 tests/unit/includes/AuthTest.php

(limited to 'tests/unit')

diff --git a/tests/unit/UnitTestCase.php b/tests/unit/UnitTestCase.php
index 844746a51..afc309205 100644
--- a/tests/unit/UnitTestCase.php
+++ b/tests/unit/UnitTestCase.php
@@ -31,6 +31,7 @@ use PHPUnit\Framework\TestCase;
  */
 require_once __DIR__ . '/../../boot.php';
 require_once 'include/dba/dba_driver.php' ;
+require_once 'include/dba/dba_transaction.php';
 
 /**
  * Base class for our Unit Tests.
diff --git a/tests/unit/includes/AuthTest.php b/tests/unit/includes/AuthTest.php
new file mode 100644
index 000000000..fa9726fe8
--- /dev/null
+++ b/tests/unit/includes/AuthTest.php
@@ -0,0 +1,81 @@
+<?php
+/**
+ * Tests for the authentication code used in Hubzilla.
+ *
+ * SPDX-FileCopyrightText: 2024 Hubzilla Community
+ * SPDX-FileContributor: Harald Eilertsen
+ *
+ * SPDX-License-Identifier: MIT
+ */
+
+namespace Zotlabs\Tests\Unit\Includes;
+
+use App;
+use Zotlabs\Lib\AConfig;
+use Zotlabs\Tests\Unit\UnitTestCase;
+use PHPUnit\Framework\Attributes\{DataProvider, RunTestsInSeparateProcesses};
+
+/**
+ * Test class containing the test for the Hubzilla authentication code.
+ *
+ * Since the main authentication code is executed in the global scope on
+ * inclusion of the `includes/auth.php` file, we need to run each test in a
+ * separate process to make sure we can excersize the code as we need.
+ */
+#[RunTestsInSeparateProcesses]
+class AuthTest extends UnitTestCase {
+
+	/**
+	 * Check that mfa status is not checked for certain modules.
+	 *
+	 * This causes issues with things like WebDAV and CardDAV, as there's
+	 * currently no way for these modules to signal that a TOTP code is needed
+	 * back to the connecting client.
+	 */
+	#[DataProvider('modules_excluded_from_mfa')]
+	public function test_mfa_is_not_checked_for_excluded_modules(string $module, array $args): void {
+		$account_id = $this->fixtures['account']['0']['account_id'];
+
+		$_SESSION = [
+			'authenticated' => true,
+			'account_id' => $account_id,
+
+			// Trick the code to not warn that $_SESSION['uid'] is not set,
+			// but also not trigger the code that tries to change to the
+			// given channel. *Remove when code is fixed!*
+			'uid' => 0,
+		];
+
+		$_SERVER['REMOTE_ADDR'] = '127.0.0.1';
+
+		App::$session = $this->create_session_stub();
+		App::$module = $module;
+		App::$argv = $args;
+		App::$argc = count($args);
+
+		// Enable multi factor authentication for this account
+		AConfig::Set($account_id, 'system', 'mfa_enabled', true);
+
+		require 'include/auth.php';
+
+		$this->assertEquals(1, $_SESSION['authenticated']);
+	}
+
+	/**
+	 * Data provider for testing modules excluded from mfa
+	 * @SuppressWarnings(PHPMD.UnusedPrivateMethod)
+	 */
+	public static function modules_excluded_from_mfa(): array {
+		return [
+			['totp_check', []],
+			['cdav', []],
+			['cdav', ['calendar']],
+			['cdav', ['addressbook']],
+			['dav', []],
+		];
+	}
+
+	private function create_session_stub(): \Zotlabs\Web\Session {
+		return $this->createStub('Zotlabs\Web\Session');
+	}
+}
diff --git a/tests/unit/includes/dba/_files/account.yml b/tests/unit/includes/dba/_files/account.yml
index 344bdb799..88e59056e 100644
--- a/tests/unit/includes/dba/_files/account.yml
+++ b/tests/unit/includes/dba/_files/account.yml
@@ -3,7 +3,9 @@ account:
     account_id: 42
     account_email: "hubzilla@example.com"
     account_language: "no"
+    account_flags: 0
   -
     account_id: 43
     account_email: "hubzilla@example.org"
     account_language: "de"
+    account_flags: 1
-- 
cgit v1.2.3