1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
|
<?php
/**
* Matomo - free/libre analytics platform
*
* @link https://matomo.org
* @license https://www.gnu.org/licenses/gpl-3.0.html GPL v3 or later
*/
namespace Piwik\Plugins\Login\tests\Integration;
use Piwik\Tests\Framework\TestCase\IntegrationTestCase;
use Piwik\Plugins\Login\Controller;
use Piwik\Nonce;
use Piwik\Auth\PasswordStrength;
use Piwik\Date;
use Piwik\Plugins\UsersManager\Model;
/**
* @group Login
* @group ControllerTest
* @group Plugins
*/
class ControllerTest extends IntegrationTestCase
{
/**
* @var Controller
*/
private $controller;
private $post;
public function setUp(): void
{
parent::setUp();
$this->controller = new Controller(
$passwordResetter = null,
$auth = null,
$sessionInitializer = null,
$passwordVerify = null,
$bruteForceDetection = null,
$systemSettings = null,
$passwordStrength = new PasswordStrength(true)
);
$this->post = $_POST;
$_POST = [];
}
public function tearDown(): void
{
parent::tearDown();
$_POST = $this->post;
}
private function setupPostStateWithPassword(string $password)
{
$_POST['form_nonce'] = Nonce::getNonce('Login.login');
$_POST['form_login'] = 'test';
$_POST['form_password'] = $password;
$_POST['form_password_bis'] = $password;
}
public function testResetPasswordStrengthCheckWeakPassword()
{
$this->setupPostStateWithPassword('password');
$response = $this->controller->resetPassword();
$this->assertStringContainsString('General_PasswordStrengthValidationFailed', $response);
}
public function testResetPasswordStrengthCheckStrongPassword()
{
$this->setupPostStateWithPassword('Password111!');
$response = $this->controller->resetPassword();
$this->assertStringNotContainsString('General_PasswordStrengthValidationFailed', $response);
}
private function generateTestUser(): array
{
// generate new user
$userLogin = 'test';
$userEmail = 'test@test.com';
$usersModel = new Model();
$usersModel->addUser($userLogin, $passwordHash = '', $userEmail, Date::now()->getDatetime());
$token = $usersModel->generateRandomInviteToken();
$usersModel->attachInviteToken($userLogin, $token, $expiryInDays = 1);
return [$userEmail, $token];
}
private function setupPostInvitationSubmitted(string $token, string $userEmail, string $password, ?string $passwordConfirmation = null)
{
// simulate completing accept invitation form
$_POST['token'] = $token;
$_POST['password'] = $password;
$_POST['passwordConfirmation'] = $passwordConfirmation ?? $password;
$_POST['email'] = $userEmail;
$_POST['invitation_form'] = 'Confirm';
$_POST['conditionCheck'] = true;
}
public function testAcceptInvitationPasswordStrengthCheckWeakPassword()
{
[$userEmail, $token] = $this->generateTestUser();
$this->setupPostInvitationSubmitted($token, $userEmail, 'password');
$response = $this->controller->acceptInvitation();
$this->assertStringContainsString('General_PasswordStrengthValidationFailed', $response);
}
public function testAcceptInvitationPasswordStrengthCheckStrongPassword()
{
[$userEmail, $token] = $this->generateTestUser();
$this->setupPostInvitationSubmitted($token, $userEmail, 'Password111!', 'NotSamePassword');
$response = $this->controller->acceptInvitation();
$this->assertStringNotContainsString('General_PasswordStrengthValidationFailed', $response);
}
}
|
