1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
|
<?php
/**
* Tests for the authentication code used in Hubzilla.
*
* SPDX-FileCopyrightText: 2024 Hubzilla Community
* SPDX-FileContributor: Harald Eilertsen
*
* SPDX-License-Identifier: MIT
*/
namespace Zotlabs\Tests\Unit\Includes;
use App;
use Zotlabs\Lib\AConfig;
use Zotlabs\Tests\Unit\UnitTestCase;
use PHPUnit\Framework\Attributes\{DataProvider, RunTestsInSeparateProcesses};
/**
* Test class containing the test for the Hubzilla authentication code.
*
* Since the main authentication code is executed in the global scope on
* inclusion of the `includes/auth.php` file, we need to run each test in a
* separate process to make sure we can excersize the code as we need.
*/
#[RunTestsInSeparateProcesses]
class AuthTest extends UnitTestCase {
/**
* Check that mfa status is not checked for certain modules.
*
* This causes issues with things like WebDAV and CardDAV, as there's
* currently no way for these modules to signal that a TOTP code is needed
* back to the connecting client.
*/
#[DataProvider('modules_excluded_from_mfa')]
public function test_mfa_is_not_checked_for_excluded_modules(string $module, array $args): void {
$account_id = $this->fixtures['account']['0']['account_id'];
$_SESSION = [
'authenticated' => true,
'account_id' => $account_id,
// Trick the code to not warn that $_SESSION['uid'] is not set,
// but also not trigger the code that tries to change to the
// given channel. *Remove when code is fixed!*
'uid' => 0,
];
$_SERVER['REMOTE_ADDR'] = '127.0.0.1';
App::$session = $this->create_session_stub();
App::$module = $module;
App::$argv = $args;
App::$argc = count($args);
// Enable multi factor authentication for this account
AConfig::Set($account_id, 'system', 'mfa_enabled', true);
require 'include/auth.php';
$this->assertEquals(1, $_SESSION['authenticated']);
}
/**
* Data provider for testing modules excluded from mfa
* @SuppressWarnings(PHPMD.UnusedPrivateMethod)
*/
public static function modules_excluded_from_mfa(): array {
return [
['totp_check', []],
['cdav', []],
['cdav', ['calendar']],
['cdav', ['addressbook']],
['dav', []],
];
}
private function create_session_stub(): \Zotlabs\Web\Session {
return $this->createStub('Zotlabs\Web\Session');
}
}
|
