pictcode / lib / Cake / Test / Case / Controller / Component / AuthComponentTest.php @ 0b1b8047
履歴 | 表示 | アノテート | ダウンロード (49.379 KB)
| 1 | 635eef61 | spyder1211 | <?php
|
|---|---|---|---|
| 2 | /**
|
||
| 3 | * AuthComponentTest file
|
||
| 4 | *
|
||
| 5 | * CakePHP(tm) Tests <http://book.cakephp.org/2.0/en/development/testing.html>
|
||
| 6 | * Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
|
||
| 7 | *
|
||
| 8 | * Licensed under The MIT License
|
||
| 9 | * For full copyright and license information, please see the LICENSE.txt
|
||
| 10 | * Redistributions of files must retain the above copyright notice
|
||
| 11 | *
|
||
| 12 | * @copyright Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
|
||
| 13 | * @link http://book.cakephp.org/2.0/en/development/testing.html CakePHP(tm) Tests
|
||
| 14 | * @package Cake.Test.Case.Controller.Component
|
||
| 15 | * @since CakePHP(tm) v 1.2.0.5347
|
||
| 16 | * @license http://www.opensource.org/licenses/mit-license.php MIT License
|
||
| 17 | */
|
||
| 18 | |||
| 19 | App::uses('Controller', 'Controller'); |
||
| 20 | App::uses('AuthComponent', 'Controller/Component'); |
||
| 21 | App::uses('AclComponent', 'Controller/Component'); |
||
| 22 | App::uses('BaseAuthenticate', 'Controller/Component/Auth'); |
||
| 23 | App::uses('FormAuthenticate', 'Controller/Component/Auth'); |
||
| 24 | App::uses('CakeEvent', 'Event'); |
||
| 25 | |||
| 26 | /**
|
||
| 27 | * TestFormAuthenticate class
|
||
| 28 | *
|
||
| 29 | * @package Cake.Test.Case.Controller.Component
|
||
| 30 | */
|
||
| 31 | class TestBaseAuthenticate extends BaseAuthenticate { |
||
| 32 | |||
| 33 | /**
|
||
| 34 | * Implemented events
|
||
| 35 | *
|
||
| 36 | * @return array of events => callbacks.
|
||
| 37 | */
|
||
| 38 | public function implementedEvents() { |
||
| 39 | return array( |
||
| 40 | 'Auth.afterIdentify' => 'afterIdentify' |
||
| 41 | ); |
||
| 42 | } |
||
| 43 | |||
| 44 | public $afterIdentifyCallable = null; |
||
| 45 | |||
| 46 | /**
|
||
| 47 | * Test function to be used in event dispatching
|
||
| 48 | *
|
||
| 49 | * @return void
|
||
| 50 | */
|
||
| 51 | public function afterIdentify($event) { |
||
| 52 | call_user_func($this->afterIdentifyCallable, $event); |
||
| 53 | } |
||
| 54 | |||
| 55 | /**
|
||
| 56 | * Authenticate a user based on the request information.
|
||
| 57 | *
|
||
| 58 | * @param CakeRequest $request Request to get authentication information from.
|
||
| 59 | * @param CakeResponse $response A response object that can have headers added.
|
||
| 60 | * @return mixed Either false on failure, or an array of user data on success.
|
||
| 61 | */
|
||
| 62 | public function authenticate(CakeRequest $request, CakeResponse $response) { |
||
| 63 | return array( |
||
| 64 | 'id' => 1, |
||
| 65 | 'username' => 'mark' |
||
| 66 | ); |
||
| 67 | } |
||
| 68 | |||
| 69 | } |
||
| 70 | |||
| 71 | /**
|
||
| 72 | * TestAuthComponent class
|
||
| 73 | *
|
||
| 74 | * @package Cake.Test.Case.Controller.Component
|
||
| 75 | */
|
||
| 76 | class TestAuthComponent extends AuthComponent { |
||
| 77 | |||
| 78 | /**
|
||
| 79 | * testStop property
|
||
| 80 | *
|
||
| 81 | * @var bool
|
||
| 82 | */
|
||
| 83 | public $testStop = false; |
||
| 84 | |||
| 85 | /**
|
||
| 86 | * Helper method to add/set an authenticate object instance
|
||
| 87 | *
|
||
| 88 | * @param int $index The index at which to add/set the object
|
||
| 89 | * @param object $object The object to add/set
|
||
| 90 | * @return void
|
||
| 91 | */
|
||
| 92 | public function setAuthenticateObject($index, $object) { |
||
| 93 | $this->_authenticateObjects[$index] = $object; |
||
| 94 | } |
||
| 95 | |||
| 96 | /**
|
||
| 97 | * Helper method to get an authenticate object instance
|
||
| 98 | *
|
||
| 99 | * @param int $index The index at which to get the object
|
||
| 100 | * @return object $object
|
||
| 101 | */
|
||
| 102 | public function getAuthenticateObject($index) { |
||
| 103 | $this->constructAuthenticate();
|
||
| 104 | return isset($this->_authenticateObjects[$index]) ? $this->_authenticateObjects[$index] : null; |
||
| 105 | } |
||
| 106 | |||
| 107 | /**
|
||
| 108 | * Helper method to add/set an authorize object instance
|
||
| 109 | *
|
||
| 110 | * @param int $index The index at which to add/set the object
|
||
| 111 | * @param Object $object The object to add/set
|
||
| 112 | * @return void
|
||
| 113 | */
|
||
| 114 | public function setAuthorizeObject($index, $object) { |
||
| 115 | $this->_authorizeObjects[$index] = $object; |
||
| 116 | } |
||
| 117 | |||
| 118 | /**
|
||
| 119 | * stop method
|
||
| 120 | *
|
||
| 121 | * @return void
|
||
| 122 | */
|
||
| 123 | protected function _stop($status = 0) { |
||
| 124 | $this->testStop = true; |
||
| 125 | } |
||
| 126 | |||
| 127 | public static function clearUser() { |
||
| 128 | static::$_user = array(); |
||
| 129 | } |
||
| 130 | |||
| 131 | } |
||
| 132 | |||
| 133 | /**
|
||
| 134 | * AuthUser class
|
||
| 135 | *
|
||
| 136 | * @package Cake.Test.Case.Controller.Component
|
||
| 137 | */
|
||
| 138 | class AuthUser extends CakeTestModel { |
||
| 139 | |||
| 140 | /**
|
||
| 141 | * useDbConfig property
|
||
| 142 | *
|
||
| 143 | * @var string
|
||
| 144 | */
|
||
| 145 | public $useDbConfig = 'test'; |
||
| 146 | |||
| 147 | } |
||
| 148 | |||
| 149 | /**
|
||
| 150 | * AuthTestController class
|
||
| 151 | *
|
||
| 152 | * @package Cake.Test.Case.Controller.Component
|
||
| 153 | */
|
||
| 154 | class AuthTestController extends Controller { |
||
| 155 | |||
| 156 | /**
|
||
| 157 | * uses property
|
||
| 158 | *
|
||
| 159 | * @var array
|
||
| 160 | */
|
||
| 161 | public $uses = array('AuthUser'); |
||
| 162 | |||
| 163 | /**
|
||
| 164 | * components property
|
||
| 165 | *
|
||
| 166 | * @var array
|
||
| 167 | */
|
||
| 168 | public $components = array('Session', 'Flash', 'Auth'); |
||
| 169 | |||
| 170 | /**
|
||
| 171 | * testUrl property
|
||
| 172 | *
|
||
| 173 | * @var mixed
|
||
| 174 | */
|
||
| 175 | public $testUrl = null; |
||
| 176 | |||
| 177 | /**
|
||
| 178 | * construct method
|
||
| 179 | */
|
||
| 180 | public function __construct($request, $response) { |
||
| 181 | $request->addParams(Router::parse('/auth_test')); |
||
| 182 | $request->here = '/auth_test'; |
||
| 183 | $request->webroot = '/'; |
||
| 184 | Router::setRequestInfo($request); |
||
| 185 | parent::__construct($request, $response); |
||
| 186 | } |
||
| 187 | |||
| 188 | /**
|
||
| 189 | * login method
|
||
| 190 | *
|
||
| 191 | * @return void
|
||
| 192 | */
|
||
| 193 | public function login() { |
||
| 194 | } |
||
| 195 | |||
| 196 | /**
|
||
| 197 | * admin_login method
|
||
| 198 | *
|
||
| 199 | * @return void
|
||
| 200 | */
|
||
| 201 | public function admin_login() { |
||
| 202 | } |
||
| 203 | |||
| 204 | /**
|
||
| 205 | * admin_add method
|
||
| 206 | *
|
||
| 207 | * @return void
|
||
| 208 | */
|
||
| 209 | public function admin_add() { |
||
| 210 | } |
||
| 211 | |||
| 212 | /**
|
||
| 213 | * logout method
|
||
| 214 | *
|
||
| 215 | * @return void
|
||
| 216 | */
|
||
| 217 | public function logout() { |
||
| 218 | } |
||
| 219 | |||
| 220 | /**
|
||
| 221 | * add method
|
||
| 222 | *
|
||
| 223 | * @return void
|
||
| 224 | */
|
||
| 225 | public function add() { |
||
| 226 | echo "add"; |
||
| 227 | } |
||
| 228 | |||
| 229 | /**
|
||
| 230 | * add method
|
||
| 231 | *
|
||
| 232 | * @return void
|
||
| 233 | */
|
||
| 234 | public function camelCase() { |
||
| 235 | echo "camelCase"; |
||
| 236 | } |
||
| 237 | |||
| 238 | /**
|
||
| 239 | * redirect method
|
||
| 240 | *
|
||
| 241 | * @param string|array $url
|
||
| 242 | * @param mixed $status
|
||
| 243 | * @param mixed $exit
|
||
| 244 | * @return void
|
||
| 245 | */
|
||
| 246 | public function redirect($url, $status = null, $exit = true) { |
||
| 247 | $this->testUrl = Router::url($url); |
||
| 248 | return false; |
||
| 249 | } |
||
| 250 | |||
| 251 | /**
|
||
| 252 | * isAuthorized method
|
||
| 253 | *
|
||
| 254 | * @return void
|
||
| 255 | */
|
||
| 256 | public function isAuthorized() { |
||
| 257 | } |
||
| 258 | |||
| 259 | } |
||
| 260 | |||
| 261 | /**
|
||
| 262 | * AjaxAuthController class
|
||
| 263 | *
|
||
| 264 | * @package Cake.Test.Case.Controller.Component
|
||
| 265 | */
|
||
| 266 | class AjaxAuthController extends Controller { |
||
| 267 | |||
| 268 | /**
|
||
| 269 | * components property
|
||
| 270 | *
|
||
| 271 | * @var array
|
||
| 272 | */
|
||
| 273 | public $components = array('Session', 'TestAuth'); |
||
| 274 | |||
| 275 | /**
|
||
| 276 | * uses property
|
||
| 277 | *
|
||
| 278 | * @var array
|
||
| 279 | */
|
||
| 280 | public $uses = array(); |
||
| 281 | |||
| 282 | /**
|
||
| 283 | * testUrl property
|
||
| 284 | *
|
||
| 285 | * @var mixed
|
||
| 286 | */
|
||
| 287 | public $testUrl = null; |
||
| 288 | |||
| 289 | /**
|
||
| 290 | * beforeFilter method
|
||
| 291 | *
|
||
| 292 | * @return void
|
||
| 293 | */
|
||
| 294 | public function beforeFilter() { |
||
| 295 | $this->TestAuth->ajaxLogin = 'test_element'; |
||
| 296 | $this->TestAuth->userModel = 'AuthUser'; |
||
| 297 | $this->TestAuth->RequestHandler->ajaxLayout = 'ajax2'; |
||
| 298 | } |
||
| 299 | |||
| 300 | /**
|
||
| 301 | * add method
|
||
| 302 | *
|
||
| 303 | * @return void
|
||
| 304 | */
|
||
| 305 | public function add() { |
||
| 306 | if ($this->TestAuth->testStop !== true) { |
||
| 307 | echo 'Added Record'; |
||
| 308 | } |
||
| 309 | } |
||
| 310 | |||
| 311 | /**
|
||
| 312 | * redirect method
|
||
| 313 | *
|
||
| 314 | * @param string|array $url
|
||
| 315 | * @param mixed $status
|
||
| 316 | * @param mixed $exit
|
||
| 317 | * @return void
|
||
| 318 | */
|
||
| 319 | public function redirect($url, $status = null, $exit = true) { |
||
| 320 | $this->testUrl = Router::url($url); |
||
| 321 | return false; |
||
| 322 | } |
||
| 323 | |||
| 324 | } |
||
| 325 | |||
| 326 | /**
|
||
| 327 | * Mock class used to test event dispatching
|
||
| 328 | *
|
||
| 329 | * @package Cake.Test.Case.Event
|
||
| 330 | */
|
||
| 331 | class AuthEventTestListener { |
||
| 332 | |||
| 333 | public $callStack = array(); |
||
| 334 | |||
| 335 | /**
|
||
| 336 | * Test function to be used in event dispatching
|
||
| 337 | *
|
||
| 338 | * @return void
|
||
| 339 | */
|
||
| 340 | public function listenerFunction() { |
||
| 341 | $this->callStack[] = __FUNCTION__; |
||
| 342 | } |
||
| 343 | |||
| 344 | } |
||
| 345 | |||
| 346 | |||
| 347 | /**
|
||
| 348 | * AuthComponentTest class
|
||
| 349 | *
|
||
| 350 | * @package Cake.Test.Case.Controller.Component
|
||
| 351 | */
|
||
| 352 | class AuthComponentTest extends CakeTestCase { |
||
| 353 | |||
| 354 | /**
|
||
| 355 | * name property
|
||
| 356 | *
|
||
| 357 | * @var string
|
||
| 358 | */
|
||
| 359 | public $name = 'Auth'; |
||
| 360 | |||
| 361 | /**
|
||
| 362 | * fixtures property
|
||
| 363 | *
|
||
| 364 | * @var array
|
||
| 365 | */
|
||
| 366 | public $fixtures = array('core.auth_user'); |
||
| 367 | |||
| 368 | /**
|
||
| 369 | * initialized property
|
||
| 370 | *
|
||
| 371 | * @var bool
|
||
| 372 | */
|
||
| 373 | public $initialized = false; |
||
| 374 | |||
| 375 | /**
|
||
| 376 | * setUp method
|
||
| 377 | *
|
||
| 378 | * @return void
|
||
| 379 | */
|
||
| 380 | public function setUp() { |
||
| 381 | parent::setUp();
|
||
| 382 | Configure::write('Security.salt', 'YJfIxfs2guVoUubWDYhG93b0qyJfIxfs2guwvniR2G0FgaC9mi'); |
||
| 383 | Configure::write('Security.cipherSeed', 770011223369876); |
||
| 384 | |||
| 385 | $request = new CakeRequest(null, false); |
||
| 386 | |||
| 387 | $this->Controller = new AuthTestController($request, $this->getMock('CakeResponse')); |
||
| 388 | |||
| 389 | $collection = new ComponentCollection(); |
||
| 390 | $collection->init($this->Controller); |
||
| 391 | $this->Auth = new TestAuthComponent($collection); |
||
| 392 | $this->Auth->request = $request; |
||
| 393 | $this->Auth->response = $this->getMock('CakeResponse'); |
||
| 394 | AuthComponent::$sessionKey = 'Auth.User'; |
||
| 395 | |||
| 396 | $this->Controller->Components->init($this->Controller); |
||
| 397 | |||
| 398 | $this->initialized = true; |
||
| 399 | Router::reload();
|
||
| 400 | Router::connect('/:controller/:action/*'); |
||
| 401 | |||
| 402 | $User = ClassRegistry::init('AuthUser'); |
||
| 403 | $User->updateAll(array('password' => $User->getDataSource()->value(Security::hash('cake', null, true)))); |
||
| 404 | } |
||
| 405 | |||
| 406 | /**
|
||
| 407 | * tearDown method
|
||
| 408 | *
|
||
| 409 | * @return void
|
||
| 410 | */
|
||
| 411 | public function tearDown() { |
||
| 412 | parent::tearDown();
|
||
| 413 | |||
| 414 | TestAuthComponent::clearUser();
|
||
| 415 | $this->Auth->Session->delete('Auth'); |
||
| 416 | $this->Auth->Session->delete('Message.auth'); |
||
| 417 | unset($this->Controller, $this->Auth); |
||
| 418 | } |
||
| 419 | |||
| 420 | /**
|
||
| 421 | * testNoAuth method
|
||
| 422 | *
|
||
| 423 | * @return void
|
||
| 424 | */
|
||
| 425 | public function testNoAuth() { |
||
| 426 | $this->assertFalse($this->Auth->isAuthorized()); |
||
| 427 | } |
||
| 428 | |||
| 429 | /**
|
||
| 430 | * testIsErrorOrTests
|
||
| 431 | *
|
||
| 432 | * @return void
|
||
| 433 | */
|
||
| 434 | public function testIsErrorOrTests() { |
||
| 435 | $this->Controller->Auth->initialize($this->Controller); |
||
| 436 | |||
| 437 | $this->Controller->name = 'CakeError'; |
||
| 438 | $this->assertTrue($this->Controller->Auth->startup($this->Controller)); |
||
| 439 | |||
| 440 | $this->Controller->name = 'Post'; |
||
| 441 | $this->Controller->request['action'] = 'thisdoesnotexist'; |
||
| 442 | $this->assertTrue($this->Controller->Auth->startup($this->Controller)); |
||
| 443 | |||
| 444 | $this->Controller->scaffold = null; |
||
| 445 | $this->Controller->request['action'] = 'index'; |
||
| 446 | $this->assertFalse($this->Controller->Auth->startup($this->Controller)); |
||
| 447 | } |
||
| 448 | |||
| 449 | /**
|
||
| 450 | * testLogin method
|
||
| 451 | *
|
||
| 452 | * @return void
|
||
| 453 | */
|
||
| 454 | public function testLogin() { |
||
| 455 | $AuthLoginFormAuthenticate = $this->getMock('FormAuthenticate', array(), array(), '', false); |
||
| 456 | $this->Auth->authenticate = array( |
||
| 457 | 'AuthLoginForm' => array( |
||
| 458 | 'userModel' => 'AuthUser' |
||
| 459 | ) |
||
| 460 | ); |
||
| 461 | $this->Auth->Session = $this->getMock('SessionComponent', array('renew'), array(), '', false); |
||
| 462 | |||
| 463 | $this->Auth->setAuthenticateObject(0, $AuthLoginFormAuthenticate); |
||
| 464 | |||
| 465 | $this->Auth->request->data = array( |
||
| 466 | 'AuthUser' => array( |
||
| 467 | 'username' => 'mark', |
||
| 468 | 'password' => Security::hash('cake', null, true) |
||
| 469 | ) |
||
| 470 | ); |
||
| 471 | |||
| 472 | $user = array( |
||
| 473 | 'id' => 1, |
||
| 474 | 'username' => 'mark' |
||
| 475 | ); |
||
| 476 | |||
| 477 | $AuthLoginFormAuthenticate->expects($this->once()) |
||
| 478 | ->method('authenticate')
|
||
| 479 | ->with($this->Auth->request) |
||
| 480 | ->will($this->returnValue($user)); |
||
| 481 | |||
| 482 | $this->Auth->Session->expects($this->once()) |
||
| 483 | ->method('renew');
|
||
| 484 | |||
| 485 | $result = $this->Auth->login(); |
||
| 486 | $this->assertTrue($result); |
||
| 487 | |||
| 488 | $this->assertTrue($this->Auth->loggedIn()); |
||
| 489 | $this->assertEquals($user, $this->Auth->user()); |
||
| 490 | } |
||
| 491 | |||
| 492 | /**
|
||
| 493 | * testLogin afterIdentify event method
|
||
| 494 | *
|
||
| 495 | * @return void
|
||
| 496 | */
|
||
| 497 | public function testLoginAfterIdentify() { |
||
| 498 | $this->Auth->authenticate = array( |
||
| 499 | 'TestBase',
|
||
| 500 | ); |
||
| 501 | |||
| 502 | $user = array( |
||
| 503 | 'id' => 1, |
||
| 504 | 'username' => 'mark' |
||
| 505 | ); |
||
| 506 | |||
| 507 | $auth = $this->Auth->getAuthenticateObject(0); |
||
| 508 | $listener = $this->getMock('AuthEventTestListener'); |
||
| 509 | $auth->afterIdentifyCallable = array($listener, 'listenerFunction'); |
||
| 510 | $event = new CakeEvent('Auth.afterIdentify', $this->Auth, array('user' => $user)); |
||
| 511 | $listener->expects($this->once())->method('listenerFunction')->with($event); |
||
| 512 | |||
| 513 | $result = $this->Auth->login(); |
||
| 514 | $this->assertTrue($result); |
||
| 515 | $this->assertTrue($this->Auth->loggedIn()); |
||
| 516 | $this->assertEquals($user, $this->Auth->user()); |
||
| 517 | } |
||
| 518 | |||
| 519 | /**
|
||
| 520 | * testRedirectVarClearing method
|
||
| 521 | *
|
||
| 522 | * @return void
|
||
| 523 | */
|
||
| 524 | public function testRedirectVarClearing() { |
||
| 525 | $this->Controller->request['controller'] = 'auth_test'; |
||
| 526 | $this->Controller->request['action'] = 'admin_add'; |
||
| 527 | $this->Controller->here = '/auth_test/admin_add'; |
||
| 528 | $this->assertNull($this->Auth->Session->read('Auth.redirect')); |
||
| 529 | |||
| 530 | $this->Auth->authenticate = array('Form'); |
||
| 531 | $this->Auth->startup($this->Controller); |
||
| 532 | $this->assertEquals('/auth_test/admin_add', $this->Auth->Session->read('Auth.redirect')); |
||
| 533 | |||
| 534 | $this->Auth->Session->write('Auth.User', array('username' => 'admad')); |
||
| 535 | $this->Auth->startup($this->Controller); |
||
| 536 | $this->assertNull($this->Auth->Session->read('Auth.redirect')); |
||
| 537 | } |
||
| 538 | |||
| 539 | /**
|
||
| 540 | * testAuthorizeFalse method
|
||
| 541 | *
|
||
| 542 | * @return void
|
||
| 543 | */
|
||
| 544 | public function testAuthorizeFalse() { |
||
| 545 | $this->AuthUser = new AuthUser(); |
||
| 546 | $user = $this->AuthUser->find(); |
||
| 547 | $this->Auth->Session->write('Auth.User', $user['AuthUser']); |
||
| 548 | $this->Controller->Auth->userModel = 'AuthUser'; |
||
| 549 | $this->Controller->Auth->authorize = false; |
||
| 550 | $this->Controller->request->addParams(Router::parse('auth_test/add')); |
||
| 551 | $this->Controller->Auth->initialize($this->Controller); |
||
| 552 | $result = $this->Controller->Auth->startup($this->Controller); |
||
| 553 | $this->assertTrue($result); |
||
| 554 | |||
| 555 | $this->Auth->Session->delete('Auth'); |
||
| 556 | $result = $this->Controller->Auth->startup($this->Controller); |
||
| 557 | $this->assertFalse($result); |
||
| 558 | $this->assertTrue($this->Auth->Session->check('Message.auth')); |
||
| 559 | |||
| 560 | $this->Controller->request->addParams(Router::parse('auth_test/camelCase')); |
||
| 561 | $result = $this->Controller->Auth->startup($this->Controller); |
||
| 562 | $this->assertFalse($result); |
||
| 563 | } |
||
| 564 | |||
| 565 | /**
|
||
| 566 | * @expectedException CakeException
|
||
| 567 | * @return void
|
||
| 568 | */
|
||
| 569 | public function testIsAuthorizedMissingFile() { |
||
| 570 | $this->Controller->Auth->authorize = 'Missing'; |
||
| 571 | $this->Controller->Auth->isAuthorized(array('User' => array('id' => 1))); |
||
| 572 | } |
||
| 573 | |||
| 574 | /**
|
||
| 575 | * test that isAuthorized calls methods correctly
|
||
| 576 | *
|
||
| 577 | * @return void
|
||
| 578 | */
|
||
| 579 | public function testIsAuthorizedDelegation() { |
||
| 580 | $AuthMockOneAuthorize = $this->getMock('BaseAuthorize', array('authorize'), array(), '', false); |
||
| 581 | $AuthMockTwoAuthorize = $this->getMock('BaseAuthorize', array('authorize'), array(), '', false); |
||
| 582 | $AuthMockThreeAuthorize = $this->getMock('BaseAuthorize', array('authorize'), array(), '', false); |
||
| 583 | |||
| 584 | $this->Auth->setAuthorizeObject(0, $AuthMockOneAuthorize); |
||
| 585 | $this->Auth->setAuthorizeObject(1, $AuthMockTwoAuthorize); |
||
| 586 | $this->Auth->setAuthorizeObject(2, $AuthMockThreeAuthorize); |
||
| 587 | $request = $this->Auth->request; |
||
| 588 | |||
| 589 | $AuthMockOneAuthorize->expects($this->once()) |
||
| 590 | ->method('authorize')
|
||
| 591 | ->with(array('User'), $request) |
||
| 592 | ->will($this->returnValue(false)); |
||
| 593 | |||
| 594 | $AuthMockTwoAuthorize->expects($this->once()) |
||
| 595 | ->method('authorize')
|
||
| 596 | ->with(array('User'), $request) |
||
| 597 | ->will($this->returnValue(true)); |
||
| 598 | |||
| 599 | $AuthMockThreeAuthorize->expects($this->never()) |
||
| 600 | ->method('authorize');
|
||
| 601 | |||
| 602 | $this->assertTrue($this->Auth->isAuthorized(array('User'), $request)); |
||
| 603 | } |
||
| 604 | |||
| 605 | /**
|
||
| 606 | * test that isAuthorized will use the session user if none is given.
|
||
| 607 | *
|
||
| 608 | * @return void
|
||
| 609 | */
|
||
| 610 | public function testIsAuthorizedUsingUserInSession() { |
||
| 611 | $AuthMockFourAuthorize = $this->getMock('BaseAuthorize', array('authorize'), array(), '', false); |
||
| 612 | $this->Auth->authorize = array('AuthMockFour'); |
||
| 613 | $this->Auth->setAuthorizeObject(0, $AuthMockFourAuthorize); |
||
| 614 | |||
| 615 | $user = array('user' => 'mark'); |
||
| 616 | $this->Auth->Session->write('Auth.User', $user); |
||
| 617 | $request = $this->Controller->request; |
||
| 618 | |||
| 619 | $AuthMockFourAuthorize->expects($this->once()) |
||
| 620 | ->method('authorize')
|
||
| 621 | ->with($user, $request) |
||
| 622 | ->will($this->returnValue(true)); |
||
| 623 | |||
| 624 | $this->assertTrue($this->Auth->isAuthorized(null, $request)); |
||
| 625 | } |
||
| 626 | |||
| 627 | /**
|
||
| 628 | * test that loadAuthorize resets the loaded objects each time.
|
||
| 629 | *
|
||
| 630 | * @return void
|
||
| 631 | */
|
||
| 632 | public function testLoadAuthorizeResets() { |
||
| 633 | $this->Controller->Auth->authorize = array( |
||
| 634 | 'Controller'
|
||
| 635 | ); |
||
| 636 | $result = $this->Controller->Auth->constructAuthorize(); |
||
| 637 | $this->assertEquals(1, count($result)); |
||
| 638 | |||
| 639 | $result = $this->Controller->Auth->constructAuthorize(); |
||
| 640 | $this->assertEquals(1, count($result)); |
||
| 641 | } |
||
| 642 | |||
| 643 | /**
|
||
| 644 | * @expectedException CakeException
|
||
| 645 | * @return void
|
||
| 646 | */
|
||
| 647 | public function testLoadAuthenticateNoFile() { |
||
| 648 | $this->Controller->Auth->authenticate = 'Missing'; |
||
| 649 | $this->Controller->Auth->identify($this->Controller->request, $this->Controller->response); |
||
| 650 | } |
||
| 651 | |||
| 652 | /**
|
||
| 653 | * test the * key with authenticate
|
||
| 654 | *
|
||
| 655 | * @return void
|
||
| 656 | */
|
||
| 657 | public function testAllConfigWithAuthorize() { |
||
| 658 | $this->Controller->Auth->authorize = array( |
||
| 659 | AuthComponent::ALL => array('actionPath' => 'controllers/'), |
||
| 660 | 'Actions'
|
||
| 661 | ); |
||
| 662 | $objects = $this->Controller->Auth->constructAuthorize(); |
||
| 663 | $result = $objects[0]; |
||
| 664 | $this->assertEquals('controllers/', $result->settings['actionPath']); |
||
| 665 | } |
||
| 666 | |||
| 667 | /**
|
||
| 668 | * test that loadAuthorize resets the loaded objects each time.
|
||
| 669 | *
|
||
| 670 | * @return void
|
||
| 671 | */
|
||
| 672 | public function testLoadAuthenticateResets() { |
||
| 673 | $this->Controller->Auth->authenticate = array( |
||
| 674 | 'Form'
|
||
| 675 | ); |
||
| 676 | $result = $this->Controller->Auth->constructAuthenticate(); |
||
| 677 | $this->assertEquals(1, count($result)); |
||
| 678 | |||
| 679 | $result = $this->Controller->Auth->constructAuthenticate(); |
||
| 680 | $this->assertEquals(1, count($result)); |
||
| 681 | } |
||
| 682 | |||
| 683 | /**
|
||
| 684 | * test the * key with authenticate
|
||
| 685 | *
|
||
| 686 | * @return void
|
||
| 687 | */
|
||
| 688 | public function testAllConfigWithAuthenticate() { |
||
| 689 | $this->Controller->Auth->authenticate = array( |
||
| 690 | AuthComponent::ALL => array('userModel' => 'AuthUser'), |
||
| 691 | 'Form'
|
||
| 692 | ); |
||
| 693 | $objects = $this->Controller->Auth->constructAuthenticate(); |
||
| 694 | $result = $objects[0]; |
||
| 695 | $this->assertEquals('AuthUser', $result->settings['userModel']); |
||
| 696 | } |
||
| 697 | |||
| 698 | /**
|
||
| 699 | * test defining the same Authenticate object but with different password hashers
|
||
| 700 | *
|
||
| 701 | * @return void
|
||
| 702 | */
|
||
| 703 | public function testSameAuthenticateWithDifferentHashers() { |
||
| 704 | $this->Controller->Auth->authenticate = array( |
||
| 705 | 'FormSimple' => array('className' => 'Form', 'passwordHasher' => 'Simple'), |
||
| 706 | 'FormBlowfish' => array('className' => 'Form', 'passwordHasher' => 'Blowfish'), |
||
| 707 | ); |
||
| 708 | |||
| 709 | $objects = $this->Controller->Auth->constructAuthenticate(); |
||
| 710 | $this->assertEquals(2, count($objects)); |
||
| 711 | |||
| 712 | $this->assertInstanceOf('FormAuthenticate', $objects[0]); |
||
| 713 | $this->assertInstanceOf('FormAuthenticate', $objects[1]); |
||
| 714 | |||
| 715 | $this->assertInstanceOf('SimplePasswordHasher', $objects[0]->passwordHasher()); |
||
| 716 | $this->assertInstanceOf('BlowfishPasswordHasher', $objects[1]->passwordHasher()); |
||
| 717 | } |
||
| 718 | |||
| 719 | /**
|
||
| 720 | * Tests that deny always takes precedence over allow
|
||
| 721 | *
|
||
| 722 | * @return void
|
||
| 723 | */
|
||
| 724 | public function testAllowDenyAll() { |
||
| 725 | $this->Controller->Auth->initialize($this->Controller); |
||
| 726 | |||
| 727 | $this->Controller->Auth->allow(); |
||
| 728 | $this->Controller->Auth->deny('add', 'camelCase'); |
||
| 729 | |||
| 730 | $this->Controller->request['action'] = 'delete'; |
||
| 731 | $this->assertTrue($this->Controller->Auth->startup($this->Controller)); |
||
| 732 | |||
| 733 | $this->Controller->request['action'] = 'add'; |
||
| 734 | $this->assertFalse($this->Controller->Auth->startup($this->Controller)); |
||
| 735 | |||
| 736 | $this->Controller->request['action'] = 'camelCase'; |
||
| 737 | $this->assertFalse($this->Controller->Auth->startup($this->Controller)); |
||
| 738 | |||
| 739 | $this->Controller->Auth->allow(); |
||
| 740 | $this->Controller->Auth->deny(array('add', 'camelCase')); |
||
| 741 | |||
| 742 | $this->Controller->request['action'] = 'delete'; |
||
| 743 | $this->assertTrue($this->Controller->Auth->startup($this->Controller)); |
||
| 744 | |||
| 745 | $this->Controller->request['action'] = 'camelCase'; |
||
| 746 | $this->assertFalse($this->Controller->Auth->startup($this->Controller)); |
||
| 747 | |||
| 748 | $this->Controller->Auth->allow('*'); |
||
| 749 | $this->Controller->Auth->deny(); |
||
| 750 | |||
| 751 | $this->Controller->request['action'] = 'camelCase'; |
||
| 752 | $this->assertFalse($this->Controller->Auth->startup($this->Controller)); |
||
| 753 | |||
| 754 | $this->Controller->request['action'] = 'add'; |
||
| 755 | $this->assertFalse($this->Controller->Auth->startup($this->Controller)); |
||
| 756 | |||
| 757 | $this->Controller->Auth->allow('camelCase'); |
||
| 758 | $this->Controller->Auth->deny(); |
||
| 759 | |||
| 760 | $this->Controller->request['action'] = 'camelCase'; |
||
| 761 | $this->assertFalse($this->Controller->Auth->startup($this->Controller)); |
||
| 762 | |||
| 763 | $this->Controller->request['action'] = 'login'; |
||
| 764 | $this->assertFalse($this->Controller->Auth->startup($this->Controller)); |
||
| 765 | |||
| 766 | $this->Controller->Auth->deny(); |
||
| 767 | $this->Controller->Auth->allow(null); |
||
| 768 | |||
| 769 | $this->Controller->request['action'] = 'camelCase'; |
||
| 770 | $this->assertTrue($this->Controller->Auth->startup($this->Controller)); |
||
| 771 | |||
| 772 | $this->Controller->Auth->allow(); |
||
| 773 | $this->Controller->Auth->deny(null); |
||
| 774 | |||
| 775 | $this->Controller->request['action'] = 'camelCase'; |
||
| 776 | $this->assertFalse($this->Controller->Auth->startup($this->Controller)); |
||
| 777 | } |
||
| 778 | |||
| 779 | /**
|
||
| 780 | * test that deny() converts camel case inputs to lowercase.
|
||
| 781 | *
|
||
| 782 | * @return void
|
||
| 783 | */
|
||
| 784 | public function testDenyWithCamelCaseMethods() { |
||
| 785 | $this->Controller->Auth->initialize($this->Controller); |
||
| 786 | $this->Controller->Auth->allow(); |
||
| 787 | $this->Controller->Auth->deny('add', 'camelCase'); |
||
| 788 | |||
| 789 | $url = '/auth_test/camelCase'; |
||
| 790 | $this->Controller->request->addParams(Router::parse($url)); |
||
| 791 | $this->Controller->request->query['url'] = Router::normalize($url); |
||
| 792 | |||
| 793 | $this->assertFalse($this->Controller->Auth->startup($this->Controller)); |
||
| 794 | |||
| 795 | $url = '/auth_test/CamelCase'; |
||
| 796 | $this->Controller->request->addParams(Router::parse($url)); |
||
| 797 | $this->Controller->request->query['url'] = Router::normalize($url); |
||
| 798 | $this->assertFalse($this->Controller->Auth->startup($this->Controller)); |
||
| 799 | } |
||
| 800 | |||
| 801 | /**
|
||
| 802 | * test that allow() and allowedActions work with camelCase method names.
|
||
| 803 | *
|
||
| 804 | * @return void
|
||
| 805 | */
|
||
| 806 | public function testAllowedActionsWithCamelCaseMethods() { |
||
| 807 | $url = '/auth_test/camelCase'; |
||
| 808 | $this->Controller->request->addParams(Router::parse($url)); |
||
| 809 | $this->Controller->request->query['url'] = Router::normalize($url); |
||
| 810 | $this->Controller->Auth->initialize($this->Controller); |
||
| 811 | $this->Controller->Auth->loginAction = array('controller' => 'AuthTest', 'action' => 'login'); |
||
| 812 | $this->Controller->Auth->userModel = 'AuthUser'; |
||
| 813 | $this->Controller->Auth->allow(); |
||
| 814 | $result = $this->Controller->Auth->startup($this->Controller); |
||
| 815 | $this->assertTrue($result, 'startup() should return true, as action is allowed. %s'); |
||
| 816 | |||
| 817 | $url = '/auth_test/camelCase'; |
||
| 818 | $this->Controller->request->addParams(Router::parse($url)); |
||
| 819 | $this->Controller->request->query['url'] = Router::normalize($url); |
||
| 820 | $this->Controller->Auth->initialize($this->Controller); |
||
| 821 | $this->Controller->Auth->loginAction = array('controller' => 'AuthTest', 'action' => 'login'); |
||
| 822 | $this->Controller->Auth->userModel = 'AuthUser'; |
||
| 823 | $this->Controller->Auth->allowedActions = array('delete', 'camelCase', 'add'); |
||
| 824 | $result = $this->Controller->Auth->startup($this->Controller); |
||
| 825 | $this->assertTrue($result, 'startup() should return true, as action is allowed. %s'); |
||
| 826 | |||
| 827 | $this->Controller->Auth->allowedActions = array('delete', 'add'); |
||
| 828 | $result = $this->Controller->Auth->startup($this->Controller); |
||
| 829 | $this->assertFalse($result, 'startup() should return false, as action is not allowed. %s'); |
||
| 830 | |||
| 831 | $url = '/auth_test/delete'; |
||
| 832 | $this->Controller->request->addParams(Router::parse($url)); |
||
| 833 | $this->Controller->request->query['url'] = Router::normalize($url); |
||
| 834 | $this->Controller->Auth->initialize($this->Controller); |
||
| 835 | $this->Controller->Auth->loginAction = array('controller' => 'AuthTest', 'action' => 'login'); |
||
| 836 | $this->Controller->Auth->userModel = 'AuthUser'; |
||
| 837 | |||
| 838 | $this->Controller->Auth->allow(array('delete', 'add')); |
||
| 839 | $result = $this->Controller->Auth->startup($this->Controller); |
||
| 840 | $this->assertTrue($result, 'startup() should return true, as action is allowed. %s'); |
||
| 841 | } |
||
| 842 | |||
| 843 | public function testAllowedActionsSetWithAllowMethod() { |
||
| 844 | $url = '/auth_test/action_name'; |
||
| 845 | $this->Controller->request->addParams(Router::parse($url)); |
||
| 846 | $this->Controller->request->query['url'] = Router::normalize($url); |
||
| 847 | $this->Controller->Auth->initialize($this->Controller); |
||
| 848 | $this->Controller->Auth->allow('action_name', 'anotherAction'); |
||
| 849 | $this->assertEquals(array('action_name', 'anotherAction'), $this->Controller->Auth->allowedActions); |
||
| 850 | } |
||
| 851 | |||
| 852 | /**
|
||
| 853 | * testLoginRedirect method
|
||
| 854 | *
|
||
| 855 | * @return void
|
||
| 856 | */
|
||
| 857 | public function testLoginRedirect() { |
||
| 858 | $_SERVER['HTTP_REFERER'] = false; |
||
| 859 | $_ENV['HTTP_REFERER'] = false; |
||
| 860 | putenv('HTTP_REFERER='); |
||
| 861 | |||
| 862 | $this->Auth->Session->write('Auth', array( |
||
| 863 | 'AuthUser' => array('id' => '1', 'username' => 'nate') |
||
| 864 | )); |
||
| 865 | |||
| 866 | $this->Auth->request->addParams(Router::parse('users/login')); |
||
| 867 | $this->Auth->request->url = 'users/login'; |
||
| 868 | $this->Auth->initialize($this->Controller); |
||
| 869 | |||
| 870 | $this->Auth->loginRedirect = array( |
||
| 871 | 'controller' => 'pages', 'action' => 'display', 'welcome' |
||
| 872 | ); |
||
| 873 | $this->Auth->startup($this->Controller); |
||
| 874 | $expected = Router::normalize($this->Auth->loginRedirect); |
||
| 875 | $this->assertEquals($expected, $this->Auth->redirectUrl()); |
||
| 876 | |||
| 877 | $this->Auth->Session->delete('Auth'); |
||
| 878 | |||
| 879 | //empty referer no session
|
||
| 880 | $_SERVER['HTTP_REFERER'] = false; |
||
| 881 | $_ENV['HTTP_REFERER'] = false; |
||
| 882 | putenv('HTTP_REFERER='); |
||
| 883 | $url = '/posts/view/1'; |
||
| 884 | |||
| 885 | $this->Auth->Session->write('Auth', array( |
||
| 886 | 'AuthUser' => array('id' => '1', 'username' => 'nate')) |
||
| 887 | ); |
||
| 888 | $this->Controller->testUrl = null; |
||
| 889 | $this->Auth->request->addParams(Router::parse($url)); |
||
| 890 | array_push($this->Controller->methods, 'view', 'edit', 'index'); |
||
| 891 | |||
| 892 | $this->Auth->initialize($this->Controller); |
||
| 893 | $this->Auth->authorize = 'controller'; |
||
| 894 | |||
| 895 | $this->Auth->loginAction = array( |
||
| 896 | 'controller' => 'AuthTest', 'action' => 'login' |
||
| 897 | ); |
||
| 898 | $this->Auth->startup($this->Controller); |
||
| 899 | $expected = Router::normalize('/AuthTest/login'); |
||
| 900 | $this->assertEquals($expected, $this->Controller->testUrl); |
||
| 901 | |||
| 902 | $this->Auth->Session->delete('Auth'); |
||
| 903 | $_SERVER['HTTP_REFERER'] = $_ENV['HTTP_REFERER'] = Router::url('/admin', true); |
||
| 904 | $this->Auth->Session->write('Auth', array( |
||
| 905 | 'AuthUser' => array('id' => '1', 'username' => 'nate') |
||
| 906 | )); |
||
| 907 | $this->Auth->request->params['action'] = 'login'; |
||
| 908 | $this->Auth->request->url = 'auth_test/login'; |
||
| 909 | $this->Auth->initialize($this->Controller); |
||
| 910 | $this->Auth->loginAction = 'auth_test/login'; |
||
| 911 | $this->Auth->loginRedirect = false; |
||
| 912 | $this->Auth->startup($this->Controller); |
||
| 913 | $expected = Router::normalize('/admin'); |
||
| 914 | $this->assertEquals($expected, $this->Auth->redirectUrl()); |
||
| 915 | |||
| 916 | // Ticket #4750
|
||
| 917 | // Named Parameters
|
||
| 918 | $this->Controller->request = $this->Auth->request; |
||
| 919 | $this->Auth->Session->delete('Auth'); |
||
| 920 | $url = '/posts/index/year:2008/month:feb'; |
||
| 921 | $this->Auth->request->addParams(Router::parse($url)); |
||
| 922 | $this->Auth->request->url = $this->Auth->request->here = Router::normalize($url); |
||
| 923 | $this->Auth->initialize($this->Controller); |
||
| 924 | $this->Auth->loginAction = array('controller' => 'AuthTest', 'action' => 'login'); |
||
| 925 | $this->Auth->startup($this->Controller); |
||
| 926 | $expected = Router::normalize('posts/index/year:2008/month:feb'); |
||
| 927 | $this->assertEquals($expected, $this->Auth->Session->read('Auth.redirect')); |
||
| 928 | |||
| 929 | // Passed Arguments
|
||
| 930 | $this->Auth->Session->delete('Auth'); |
||
| 931 | $url = '/posts/view/1'; |
||
| 932 | $this->Auth->request->addParams(Router::parse($url)); |
||
| 933 | $this->Auth->request->url = $this->Auth->request->here = Router::normalize($url); |
||
| 934 | $this->Auth->initialize($this->Controller); |
||
| 935 | $this->Auth->loginAction = array('controller' => 'AuthTest', 'action' => 'login'); |
||
| 936 | $this->Auth->startup($this->Controller); |
||
| 937 | $expected = Router::normalize('posts/view/1'); |
||
| 938 | $this->assertEquals($expected, $this->Auth->Session->read('Auth.redirect')); |
||
| 939 | |||
| 940 | // QueryString parameters
|
||
| 941 | $_back = $_GET; |
||
| 942 | $_GET = array( |
||
| 943 | 'print' => 'true', |
||
| 944 | 'refer' => 'menu' |
||
| 945 | ); |
||
| 946 | $this->Auth->Session->delete('Auth'); |
||
| 947 | $url = '/posts/index/29'; |
||
| 948 | $this->Auth->request->addParams(Router::parse($url)); |
||
| 949 | $this->Auth->request->url = $this->Auth->request->here = Router::normalize($url); |
||
| 950 | $this->Auth->request->query = $_GET; |
||
| 951 | |||
| 952 | $this->Auth->initialize($this->Controller); |
||
| 953 | $this->Auth->loginAction = array('controller' => 'AuthTest', 'action' => 'login'); |
||
| 954 | $this->Auth->startup($this->Controller); |
||
| 955 | $expected = Router::normalize('posts/index/29?print=true&refer=menu'); |
||
| 956 | $this->assertEquals($expected, $this->Auth->Session->read('Auth.redirect')); |
||
| 957 | |||
| 958 | // Different base urls.
|
||
| 959 | $appConfig = Configure::read('App'); |
||
| 960 | |||
| 961 | $_GET = array(); |
||
| 962 | |||
| 963 | Configure::write('App', array( |
||
| 964 | 'dir' => APP_DIR, |
||
| 965 | 'webroot' => WEBROOT_DIR, |
||
| 966 | 'base' => false, |
||
| 967 | 'baseUrl' => '/cake/index.php' |
||
| 968 | )); |
||
| 969 | |||
| 970 | $this->Auth->Session->delete('Auth'); |
||
| 971 | |||
| 972 | $url = '/posts/add'; |
||
| 973 | $this->Auth->request = $this->Controller->request = new CakeRequest($url); |
||
| 974 | $this->Auth->request->addParams(Router::parse($url)); |
||
| 975 | $this->Auth->request->url = Router::normalize($url); |
||
| 976 | |||
| 977 | $this->Auth->initialize($this->Controller); |
||
| 978 | $this->Auth->loginAction = array('controller' => 'users', 'action' => 'login'); |
||
| 979 | $this->Auth->startup($this->Controller); |
||
| 980 | $expected = Router::normalize('/posts/add'); |
||
| 981 | $this->assertEquals($expected, $this->Auth->Session->read('Auth.redirect')); |
||
| 982 | |||
| 983 | $this->Auth->Session->delete('Auth'); |
||
| 984 | Configure::write('App', $appConfig); |
||
| 985 | |||
| 986 | $_GET = $_back; |
||
| 987 | |||
| 988 | // External Authed Action
|
||
| 989 | $_SERVER['HTTP_REFERER'] = 'http://webmail.example.com/view/message'; |
||
| 990 | $this->Auth->Session->delete('Auth'); |
||
| 991 | $url = '/posts/edit/1'; |
||
| 992 | $request = new CakeRequest($url); |
||
| 993 | $request->query = array(); |
||
| 994 | $this->Auth->request = $this->Controller->request = $request; |
||
| 995 | $this->Auth->request->addParams(Router::parse($url)); |
||
| 996 | $this->Auth->request->url = $this->Auth->request->here = Router::normalize($url); |
||
| 997 | $this->Auth->initialize($this->Controller); |
||
| 998 | $this->Auth->loginAction = array('controller' => 'AuthTest', 'action' => 'login'); |
||
| 999 | $this->Auth->startup($this->Controller); |
||
| 1000 | $expected = Router::normalize('/posts/edit/1'); |
||
| 1001 | $this->assertEquals($expected, $this->Auth->Session->read('Auth.redirect')); |
||
| 1002 | |||
| 1003 | // External Direct Login Link
|
||
| 1004 | $_SERVER['HTTP_REFERER'] = 'http://webmail.example.com/view/message'; |
||
| 1005 | $this->Auth->Session->delete('Auth'); |
||
| 1006 | $url = '/AuthTest/login'; |
||
| 1007 | $this->Auth->request = $this->Controller->request = new CakeRequest($url); |
||
| 1008 | $this->Auth->request->addParams(Router::parse($url)); |
||
| 1009 | $this->Auth->request->url = Router::normalize($url); |
||
| 1010 | $this->Auth->initialize($this->Controller); |
||
| 1011 | $this->Auth->loginAction = array('controller' => 'AuthTest', 'action' => 'login'); |
||
| 1012 | $this->Auth->startup($this->Controller); |
||
| 1013 | $expected = Router::normalize('/'); |
||
| 1014 | $this->assertEquals($expected, $this->Auth->Session->read('Auth.redirect')); |
||
| 1015 | |||
| 1016 | $this->Auth->Session->delete('Auth'); |
||
| 1017 | } |
||
| 1018 | |||
| 1019 | /**
|
||
| 1020 | * testNoLoginRedirectForAuthenticatedUser method
|
||
| 1021 | *
|
||
| 1022 | * @return void
|
||
| 1023 | */
|
||
| 1024 | public function testNoLoginRedirectForAuthenticatedUser() { |
||
| 1025 | $this->Controller->request['controller'] = 'auth_test'; |
||
| 1026 | $this->Controller->request['action'] = 'login'; |
||
| 1027 | $this->Controller->here = '/auth_test/login'; |
||
| 1028 | $this->Auth->request->url = 'auth_test/login'; |
||
| 1029 | |||
| 1030 | $this->Auth->Session->write('Auth.User.id', '1'); |
||
| 1031 | $this->Auth->authenticate = array('Form'); |
||
| 1032 | $this->getMock('BaseAuthorize', array('authorize'), array(), 'NoLoginRedirectMockAuthorize', false); |
||
| 1033 | $this->Auth->authorize = array('NoLoginRedirectMockAuthorize'); |
||
| 1034 | $this->Auth->loginAction = array('controller' => 'auth_test', 'action' => 'login'); |
||
| 1035 | |||
| 1036 | $return = $this->Auth->startup($this->Controller); |
||
| 1037 | $this->assertTrue($return); |
||
| 1038 | $this->assertNull($this->Controller->testUrl); |
||
| 1039 | } |
||
| 1040 | |||
| 1041 | /**
|
||
| 1042 | * Default to loginRedirect, if set, on authError.
|
||
| 1043 | *
|
||
| 1044 | * @return void
|
||
| 1045 | */
|
||
| 1046 | public function testDefaultToLoginRedirect() { |
||
| 1047 | $_SERVER['HTTP_REFERER'] = false; |
||
| 1048 | $_ENV['HTTP_REFERER'] = false; |
||
| 1049 | putenv('HTTP_REFERER='); |
||
| 1050 | |||
| 1051 | $url = '/party/on'; |
||
| 1052 | $this->Auth->request = $CakeRequest = new CakeRequest($url); |
||
| 1053 | $this->Auth->request->addParams(Router::parse($url)); |
||
| 1054 | $this->Auth->authorize = array('Controller'); |
||
| 1055 | $this->Auth->login(array('username' => 'mariano', 'password' => 'cake')); |
||
| 1056 | $this->Auth->loginRedirect = array( |
||
| 1057 | 'controller' => 'something', 'action' => 'else', |
||
| 1058 | ); |
||
| 1059 | |||
| 1060 | $CakeResponse = new CakeResponse(); |
||
| 1061 | $Controller = $this->getMock( |
||
| 1062 | 'Controller',
|
||
| 1063 | array('on', 'redirect'), |
||
| 1064 | array($CakeRequest, $CakeResponse) |
||
| 1065 | ); |
||
| 1066 | |||
| 1067 | $expected = Router::url($this->Auth->loginRedirect); |
||
| 1068 | $Controller->expects($this->once()) |
||
| 1069 | ->method('redirect')
|
||
| 1070 | ->with($this->equalTo($expected)); |
||
| 1071 | $this->Auth->startup($Controller); |
||
| 1072 | } |
||
| 1073 | |||
| 1074 | /**
|
||
| 1075 | * testRedirectToUnauthorizedRedirect
|
||
| 1076 | *
|
||
| 1077 | * @return void
|
||
| 1078 | */
|
||
| 1079 | public function testRedirectToUnauthorizedRedirect() { |
||
| 1080 | $url = '/party/on'; |
||
| 1081 | $this->Auth->request = $CakeRequest = new CakeRequest($url); |
||
| 1082 | $this->Auth->request->addParams(Router::parse($url)); |
||
| 1083 | $this->Auth->authorize = array('Controller'); |
||
| 1084 | $this->Auth->login(array('username' => 'admad', 'password' => 'cake')); |
||
| 1085 | $this->Auth->unauthorizedRedirect = array( |
||
| 1086 | 'controller' => 'no_can_do', 'action' => 'jack' |
||
| 1087 | ); |
||
| 1088 | |||
| 1089 | $CakeResponse = new CakeResponse(); |
||
| 1090 | $Controller = $this->getMock( |
||
| 1091 | 'Controller',
|
||
| 1092 | array('on', 'redirect'), |
||
| 1093 | array($CakeRequest, $CakeResponse) |
||
| 1094 | ); |
||
| 1095 | $this->Auth->Flash = $this->getMock( |
||
| 1096 | 'FlashComponent',
|
||
| 1097 | array('set'), |
||
| 1098 | array($Controller->Components) |
||
| 1099 | ); |
||
| 1100 | |||
| 1101 | $expected = array( |
||
| 1102 | 'controller' => 'no_can_do', 'action' => 'jack' |
||
| 1103 | ); |
||
| 1104 | $Controller->expects($this->once()) |
||
| 1105 | ->method('redirect')
|
||
| 1106 | ->with($this->equalTo($expected)); |
||
| 1107 | $this->Auth->Flash->expects($this->once()) |
||
| 1108 | ->method('set');
|
||
| 1109 | $this->Auth->startup($Controller); |
||
| 1110 | } |
||
| 1111 | |||
| 1112 | /**
|
||
| 1113 | * testRedirectToUnauthorizedRedirectSuppressedAuthError
|
||
| 1114 | *
|
||
| 1115 | * @return void
|
||
| 1116 | */
|
||
| 1117 | public function testRedirectToUnauthorizedRedirectSuppressedAuthError() { |
||
| 1118 | $url = '/party/on'; |
||
| 1119 | $this->Auth->request = $CakeRequest = new CakeRequest($url); |
||
| 1120 | $this->Auth->request->addParams(Router::parse($url)); |
||
| 1121 | $this->Auth->authorize = array('Controller'); |
||
| 1122 | $this->Auth->login(array('username' => 'admad', 'password' => 'cake')); |
||
| 1123 | $this->Auth->unauthorizedRedirect = array( |
||
| 1124 | 'controller' => 'no_can_do', 'action' => 'jack' |
||
| 1125 | ); |
||
| 1126 | $this->Auth->authError = false; |
||
| 1127 | |||
| 1128 | $CakeResponse = new CakeResponse(); |
||
| 1129 | $Controller = $this->getMock( |
||
| 1130 | 'Controller',
|
||
| 1131 | array('on', 'redirect'), |
||
| 1132 | array($CakeRequest, $CakeResponse) |
||
| 1133 | ); |
||
| 1134 | $this->Auth->Flash = $this->getMock( |
||
| 1135 | 'FlashComponent',
|
||
| 1136 | array('set'), |
||
| 1137 | array($Controller->Components) |
||
| 1138 | ); |
||
| 1139 | |||
| 1140 | $expected = array( |
||
| 1141 | 'controller' => 'no_can_do', 'action' => 'jack' |
||
| 1142 | ); |
||
| 1143 | $Controller->expects($this->once()) |
||
| 1144 | ->method('redirect')
|
||
| 1145 | ->with($this->equalTo($expected)); |
||
| 1146 | $this->Auth->Flash->expects($this->never()) |
||
| 1147 | ->method('set');
|
||
| 1148 | $this->Auth->startup($Controller); |
||
| 1149 | } |
||
| 1150 | |||
| 1151 | /**
|
||
| 1152 | * Throw ForbiddenException if AuthComponent::$unauthorizedRedirect set to false
|
||
| 1153 | * @expectedException ForbiddenException
|
||
| 1154 | * @return void
|
||
| 1155 | */
|
||
| 1156 | public function testForbiddenException() { |
||
| 1157 | $url = '/party/on'; |
||
| 1158 | $this->Auth->request = $CakeRequest = new CakeRequest($url); |
||
| 1159 | $this->Auth->request->addParams(Router::parse($url)); |
||
| 1160 | $this->Auth->authorize = array('Controller'); |
||
| 1161 | $this->Auth->authorize = array('Controller'); |
||
| 1162 | $this->Auth->unauthorizedRedirect = false; |
||
| 1163 | $this->Auth->login(array('username' => 'baker', 'password' => 'cake')); |
||
| 1164 | |||
| 1165 | $CakeResponse = new CakeResponse(); |
||
| 1166 | $Controller = $this->getMock( |
||
| 1167 | 'Controller',
|
||
| 1168 | array('on', 'redirect'), |
||
| 1169 | array($CakeRequest, $CakeResponse) |
||
| 1170 | ); |
||
| 1171 | |||
| 1172 | $this->Auth->startup($Controller); |
||
| 1173 | } |
||
| 1174 | |||
| 1175 | /**
|
||
| 1176 | * Test that no redirects or authorization tests occur on the loginAction
|
||
| 1177 | *
|
||
| 1178 | * @return void
|
||
| 1179 | */
|
||
| 1180 | public function testNoRedirectOnLoginAction() { |
||
| 1181 | $controller = $this->getMock('Controller'); |
||
| 1182 | $controller->methods = array('login'); |
||
| 1183 | |||
| 1184 | $url = '/AuthTest/login'; |
||
| 1185 | $this->Auth->request = $controller->request = new CakeRequest($url); |
||
| 1186 | $this->Auth->request->addParams(Router::parse($url)); |
||
| 1187 | $this->Auth->loginAction = array('controller' => 'AuthTest', 'action' => 'login'); |
||
| 1188 | $this->Auth->authorize = array('Controller'); |
||
| 1189 | |||
| 1190 | $controller->expects($this->never()) |
||
| 1191 | ->method('redirect');
|
||
| 1192 | |||
| 1193 | $this->Auth->startup($controller); |
||
| 1194 | } |
||
| 1195 | |||
| 1196 | /**
|
||
| 1197 | * Ensure that no redirect is performed when a 404 is reached
|
||
| 1198 | * And the user doesn't have a session.
|
||
| 1199 | *
|
||
| 1200 | * @return void
|
||
| 1201 | */
|
||
| 1202 | public function testNoRedirectOn404() { |
||
| 1203 | $this->Auth->Session->delete('Auth'); |
||
| 1204 | $this->Auth->initialize($this->Controller); |
||
| 1205 | $this->Auth->request->addParams(Router::parse('auth_test/something_totally_wrong')); |
||
| 1206 | $result = $this->Auth->startup($this->Controller); |
||
| 1207 | $this->assertTrue($result, 'Auth redirected a missing action %s'); |
||
| 1208 | } |
||
| 1209 | |||
| 1210 | /**
|
||
| 1211 | * testAdminRoute method
|
||
| 1212 | *
|
||
| 1213 | * @return void
|
||
| 1214 | */
|
||
| 1215 | public function testAdminRoute() { |
||
| 1216 | $pref = Configure::read('Routing.prefixes'); |
||
| 1217 | Configure::write('Routing.prefixes', array('admin')); |
||
| 1218 | Router::reload();
|
||
| 1219 | require CAKE . 'Config' . DS . 'routes.php'; |
||
| 1220 | |||
| 1221 | $url = '/admin/auth_test/add'; |
||
| 1222 | $this->Auth->request->addParams(Router::parse($url)); |
||
| 1223 | $this->Auth->request->query['url'] = ltrim($url, '/'); |
||
| 1224 | $this->Auth->request->base = ''; |
||
| 1225 | |||
| 1226 | Router::setRequestInfo($this->Auth->request); |
||
| 1227 | $this->Auth->initialize($this->Controller); |
||
| 1228 | |||
| 1229 | $this->Auth->loginAction = array( |
||
| 1230 | 'admin' => true, 'controller' => 'auth_test', 'action' => 'login' |
||
| 1231 | ); |
||
| 1232 | |||
| 1233 | $this->Auth->startup($this->Controller); |
||
| 1234 | $this->assertEquals('/admin/auth_test/login', $this->Controller->testUrl); |
||
| 1235 | |||
| 1236 | Configure::write('Routing.prefixes', $pref); |
||
| 1237 | } |
||
| 1238 | |||
| 1239 | /**
|
||
| 1240 | * testAjaxLogin method
|
||
| 1241 | *
|
||
| 1242 | * @return void
|
||
| 1243 | */
|
||
| 1244 | public function testAjaxLogin() { |
||
| 1245 | App::build(array( |
||
| 1246 | 'View' => array(CAKE . 'Test' . DS . 'test_app' . DS . 'View' . DS) |
||
| 1247 | )); |
||
| 1248 | $_SERVER['HTTP_X_REQUESTED_WITH'] = 'XMLHttpRequest'; |
||
| 1249 | |||
| 1250 | App::uses('Dispatcher', 'Routing'); |
||
| 1251 | |||
| 1252 | $Response = new CakeResponse(); |
||
| 1253 | ob_start(); |
||
| 1254 | $Dispatcher = new Dispatcher(); |
||
| 1255 | $Dispatcher->dispatch(new CakeRequest('/ajax_auth/add'), $Response, array('return' => 1)); |
||
| 1256 | $result = ob_get_clean();
|
||
| 1257 | |||
| 1258 | $this->assertEquals(403, $Response->statusCode()); |
||
| 1259 | $this->assertEquals("Ajax!\nthis is the test element", str_replace("\r\n", "\n", $result)); |
||
| 1260 | unset($_SERVER['HTTP_X_REQUESTED_WITH']); |
||
| 1261 | } |
||
| 1262 | |||
| 1263 | /**
|
||
| 1264 | * testAjaxLoginResponseCode
|
||
| 1265 | *
|
||
| 1266 | * @return void
|
||
| 1267 | */
|
||
| 1268 | public function testAjaxLoginResponseCode() { |
||
| 1269 | App::build(array( |
||
| 1270 | 'View' => array(CAKE . 'Test' . DS . 'test_app' . DS . 'View' . DS) |
||
| 1271 | )); |
||
| 1272 | $_SERVER['HTTP_X_REQUESTED_WITH'] = 'XMLHttpRequest'; |
||
| 1273 | |||
| 1274 | $url = '/ajax_auth/add'; |
||
| 1275 | $this->Auth->request->addParams(Router::parse($url)); |
||
| 1276 | $this->Auth->request->query['url'] = ltrim($url, '/'); |
||
| 1277 | $this->Auth->request->base = ''; |
||
| 1278 | $this->Auth->ajaxLogin = 'test_element'; |
||
| 1279 | |||
| 1280 | Router::setRequestInfo($this->Auth->request); |
||
| 1281 | |||
| 1282 | $this->Controller->response = $this->getMock('CakeResponse', array('_sendHeader')); |
||
| 1283 | $this->Controller->response->expects($this->at(0)) |
||
| 1284 | ->method('_sendHeader')
|
||
| 1285 | ->with('HTTP/1.1 403 Forbidden', null); |
||
| 1286 | $this->Auth->initialize($this->Controller); |
||
| 1287 | |||
| 1288 | ob_start(); |
||
| 1289 | $result = $this->Auth->startup($this->Controller); |
||
| 1290 | ob_end_clean(); |
||
| 1291 | |||
| 1292 | $this->assertFalse($result); |
||
| 1293 | $this->assertEquals('this is the test element', $this->Controller->response->body()); |
||
| 1294 | $this->assertArrayNotHasKey('Location', $this->Controller->response->header()); |
||
| 1295 | $this->assertNull($this->Controller->testUrl, 'redirect() not called'); |
||
| 1296 | unset($_SERVER['HTTP_X_REQUESTED_WITH']); |
||
| 1297 | } |
||
| 1298 | |||
| 1299 | /**
|
||
| 1300 | * test ajax login with no element
|
||
| 1301 | *
|
||
| 1302 | * @return void
|
||
| 1303 | */
|
||
| 1304 | public function testAjaxLoginResponseCodeNoElement() { |
||
| 1305 | $_SERVER['HTTP_X_REQUESTED_WITH'] = 'XMLHttpRequest'; |
||
| 1306 | |||
| 1307 | $url = '/ajax_auth/add'; |
||
| 1308 | $this->Auth->request->addParams(Router::parse($url)); |
||
| 1309 | $this->Auth->request->query['url'] = ltrim($url, '/'); |
||
| 1310 | $this->Auth->request->base = ''; |
||
| 1311 | $this->Auth->ajaxLogin = false; |
||
| 1312 | |||
| 1313 | Router::setRequestInfo($this->Auth->request); |
||
| 1314 | |||
| 1315 | $this->Controller->response = $this->getMock('CakeResponse', array('_sendHeader')); |
||
| 1316 | $this->Controller->response->expects($this->at(0)) |
||
| 1317 | ->method('_sendHeader')
|
||
| 1318 | ->with('HTTP/1.1 403 Forbidden', null); |
||
| 1319 | $this->Auth->initialize($this->Controller); |
||
| 1320 | |||
| 1321 | $this->Auth->startup($this->Controller); |
||
| 1322 | |||
| 1323 | $this->assertArrayNotHasKey('Location', $this->Controller->response->header()); |
||
| 1324 | $this->assertNull($this->Controller->testUrl, 'redirect() not called'); |
||
| 1325 | unset($_SERVER['HTTP_X_REQUESTED_WITH']); |
||
| 1326 | } |
||
| 1327 | |||
| 1328 | /**
|
||
| 1329 | * testLoginActionRedirect method
|
||
| 1330 | *
|
||
| 1331 | * @return void
|
||
| 1332 | */
|
||
| 1333 | public function testLoginActionRedirect() { |
||
| 1334 | $admin = Configure::read('Routing.prefixes'); |
||
| 1335 | Configure::write('Routing.prefixes', array('admin')); |
||
| 1336 | Router::reload();
|
||
| 1337 | require CAKE . 'Config' . DS . 'routes.php'; |
||
| 1338 | |||
| 1339 | $url = '/admin/auth_test/login'; |
||
| 1340 | $this->Auth->request->addParams(Router::parse($url)); |
||
| 1341 | $this->Auth->request->url = ltrim($url, '/'); |
||
| 1342 | Router::setRequestInfo(array( |
||
| 1343 | array(
|
||
| 1344 | 'pass' => array(), 'action' => 'admin_login', 'plugin' => null, 'controller' => 'auth_test', |
||
| 1345 | 'admin' => true, |
||
| 1346 | ), |
||
| 1347 | array(
|
||
| 1348 | 'base' => null, 'here' => $url, |
||
| 1349 | 'webroot' => '/', 'passedArgs' => array(), |
||
| 1350 | ) |
||
| 1351 | )); |
||
| 1352 | |||
| 1353 | $this->Auth->initialize($this->Controller); |
||
| 1354 | $this->Auth->loginAction = array('admin' => true, 'controller' => 'auth_test', 'action' => 'login'); |
||
| 1355 | $this->Auth->startup($this->Controller); |
||
| 1356 | |||
| 1357 | $this->assertNull($this->Controller->testUrl); |
||
| 1358 | |||
| 1359 | Configure::write('Routing.prefixes', $admin); |
||
| 1360 | } |
||
| 1361 | |||
| 1362 | /**
|
||
| 1363 | * Stateless auth methods like Basic should populate data that can be
|
||
| 1364 | * accessed by $this->user().
|
||
| 1365 | *
|
||
| 1366 | * @return void
|
||
| 1367 | */
|
||
| 1368 | public function testStatelessAuthWorksWithUser() { |
||
| 1369 | $_SERVER['PHP_AUTH_USER'] = 'mariano'; |
||
| 1370 | $_SERVER['PHP_AUTH_PW'] = 'cake'; |
||
| 1371 | $url = '/auth_test/add'; |
||
| 1372 | $this->Auth->request->addParams(Router::parse($url)); |
||
| 1373 | |||
| 1374 | $this->Auth->authenticate = array( |
||
| 1375 | 'Basic' => array('userModel' => 'AuthUser') |
||
| 1376 | ); |
||
| 1377 | $this->Auth->startup($this->Controller); |
||
| 1378 | |||
| 1379 | $result = $this->Auth->user(); |
||
| 1380 | $this->assertEquals('mariano', $result['username']); |
||
| 1381 | |||
| 1382 | $result = $this->Auth->user('username'); |
||
| 1383 | $this->assertEquals('mariano', $result); |
||
| 1384 | } |
||
| 1385 | |||
| 1386 | /**
|
||
| 1387 | * test $settings in Controller::$components
|
||
| 1388 | *
|
||
| 1389 | * @return void
|
||
| 1390 | */
|
||
| 1391 | public function testComponentSettings() { |
||
| 1392 | $request = new CakeRequest(null, false); |
||
| 1393 | $this->Controller = new AuthTestController($request, $this->getMock('CakeResponse')); |
||
| 1394 | |||
| 1395 | $this->Controller->components = array( |
||
| 1396 | 'Auth' => array( |
||
| 1397 | 'loginAction' => array('controller' => 'people', 'action' => 'login'), |
||
| 1398 | 'logoutRedirect' => array('controller' => 'people', 'action' => 'login'), |
||
| 1399 | ), |
||
| 1400 | 'Session'
|
||
| 1401 | ); |
||
| 1402 | $this->Controller->Components->init($this->Controller); |
||
| 1403 | $this->Controller->Components->trigger('initialize', array(&$this->Controller)); |
||
| 1404 | Router::reload();
|
||
| 1405 | |||
| 1406 | $expected = array( |
||
| 1407 | 'loginAction' => array('controller' => 'people', 'action' => 'login'), |
||
| 1408 | 'logoutRedirect' => array('controller' => 'people', 'action' => 'login'), |
||
| 1409 | ); |
||
| 1410 | $this->assertEquals($expected['loginAction'], $this->Controller->Auth->loginAction); |
||
| 1411 | $this->assertEquals($expected['logoutRedirect'], $this->Controller->Auth->logoutRedirect); |
||
| 1412 | } |
||
| 1413 | |||
| 1414 | /**
|
||
| 1415 | * test that logout deletes the session variables. and returns the correct URL
|
||
| 1416 | *
|
||
| 1417 | * @return void
|
||
| 1418 | */
|
||
| 1419 | public function testLogout() { |
||
| 1420 | $this->Auth->Session->write('Auth.User.id', '1'); |
||
| 1421 | $this->Auth->Session->write('Auth.redirect', '/users/login'); |
||
| 1422 | $this->Auth->logoutRedirect = '/'; |
||
| 1423 | $result = $this->Auth->logout(); |
||
| 1424 | |||
| 1425 | $this->assertEquals('/', $result); |
||
| 1426 | $this->assertNull($this->Auth->Session->read('Auth.AuthUser')); |
||
| 1427 | $this->assertNull($this->Auth->Session->read('Auth.redirect')); |
||
| 1428 | } |
||
| 1429 | |||
| 1430 | /**
|
||
| 1431 | * Logout should trigger a logout method on authentication objects.
|
||
| 1432 | *
|
||
| 1433 | * @return void
|
||
| 1434 | */
|
||
| 1435 | public function testLogoutTrigger() { |
||
| 1436 | $LogoutTriggerMockAuthenticate = $this->getMock('BaseAuthenticate', array('authenticate', 'logout'), array(), '', false); |
||
| 1437 | |||
| 1438 | $this->Auth->authenticate = array('LogoutTriggerMock'); |
||
| 1439 | $this->Auth->setAuthenticateObject(0, $LogoutTriggerMockAuthenticate); |
||
| 1440 | $LogoutTriggerMockAuthenticate->expects($this->once()) |
||
| 1441 | ->method('logout');
|
||
| 1442 | |||
| 1443 | $this->Auth->logout(); |
||
| 1444 | } |
||
| 1445 | |||
| 1446 | /**
|
||
| 1447 | * Test mapActions as a getter
|
||
| 1448 | *
|
||
| 1449 | * @return void
|
||
| 1450 | */
|
||
| 1451 | public function testMapActions() { |
||
| 1452 | $MapActionMockAuthorize = $this->getMock( |
||
| 1453 | 'BaseAuthorize',
|
||
| 1454 | array('authorize'), |
||
| 1455 | array(),
|
||
| 1456 | '',
|
||
| 1457 | false
|
||
| 1458 | ); |
||
| 1459 | $this->Auth->authorize = array('MapActionAuthorize'); |
||
| 1460 | $this->Auth->setAuthorizeObject(0, $MapActionMockAuthorize); |
||
| 1461 | |||
| 1462 | $actions = array('my_action' => 'create'); |
||
| 1463 | $this->Auth->mapActions($actions); |
||
| 1464 | $actions = array( |
||
| 1465 | 'create' => array('my_other_action'), |
||
| 1466 | 'update' => array('updater') |
||
| 1467 | ); |
||
| 1468 | $this->Auth->mapActions($actions); |
||
| 1469 | |||
| 1470 | $actions = $this->Auth->mapActions(); |
||
| 1471 | |||
| 1472 | $result = $actions['my_action']; |
||
| 1473 | $expected = 'create'; |
||
| 1474 | $this->assertEquals($expected, $result); |
||
| 1475 | |||
| 1476 | $result = $actions['my_other_action']; |
||
| 1477 | $expected = 'create'; |
||
| 1478 | $this->assertEquals($expected, $result); |
||
| 1479 | |||
| 1480 | $result = $actions['updater']; |
||
| 1481 | $expected = 'update'; |
||
| 1482 | $this->assertEquals($expected, $result); |
||
| 1483 | } |
||
| 1484 | |||
| 1485 | /**
|
||
| 1486 | * test mapActions loading and delegating to authorize objects.
|
||
| 1487 | *
|
||
| 1488 | * @return void
|
||
| 1489 | */
|
||
| 1490 | public function testMapActionsDelegation() { |
||
| 1491 | $MapActionMockAuthorize = $this->getMock('BaseAuthorize', array('authorize', 'mapActions'), array(), '', false); |
||
| 1492 | |||
| 1493 | $this->Auth->authorize = array('MapActionMock'); |
||
| 1494 | $this->Auth->setAuthorizeObject(0, $MapActionMockAuthorize); |
||
| 1495 | $MapActionMockAuthorize->expects($this->once()) |
||
| 1496 | ->method('mapActions')
|
||
| 1497 | ->with(array('create' => array('my_action'))); |
||
| 1498 | |||
| 1499 | $this->Auth->mapActions(array('create' => array('my_action'))); |
||
| 1500 | } |
||
| 1501 | |||
| 1502 | /**
|
||
| 1503 | * test logging in with a request.
|
||
| 1504 | *
|
||
| 1505 | * @return void
|
||
| 1506 | */
|
||
| 1507 | public function testLoginWithRequestData() { |
||
| 1508 | $RequestLoginMockAuthenticate = $this->getMock('FormAuthenticate', array(), array(), '', false); |
||
| 1509 | $request = new CakeRequest('users/login', false); |
||
| 1510 | $user = array('username' => 'mark', 'role' => 'admin'); |
||
| 1511 | |||
| 1512 | $this->Auth->request = $request; |
||
| 1513 | $this->Auth->authenticate = array('RequestLoginMock'); |
||
| 1514 | $this->Auth->setAuthenticateObject(0, $RequestLoginMockAuthenticate); |
||
| 1515 | $RequestLoginMockAuthenticate->expects($this->once()) |
||
| 1516 | ->method('authenticate')
|
||
| 1517 | ->with($request)
|
||
| 1518 | ->will($this->returnValue($user)); |
||
| 1519 | |||
| 1520 | $this->assertTrue($this->Auth->login()); |
||
| 1521 | $this->assertEquals($user['username'], $this->Auth->user('username')); |
||
| 1522 | } |
||
| 1523 | |||
| 1524 | /**
|
||
| 1525 | * test login() with user data
|
||
| 1526 | *
|
||
| 1527 | * @return void
|
||
| 1528 | */
|
||
| 1529 | public function testLoginWithUserData() { |
||
| 1530 | $this->assertFalse($this->Auth->loggedIn()); |
||
| 1531 | |||
| 1532 | $user = array( |
||
| 1533 | 'username' => 'mariano', |
||
| 1534 | 'password' => '5f4dcc3b5aa765d61d8327deb882cf99', |
||
| 1535 | 'created' => '2007-03-17 01:16:23', |
||
| 1536 | 'updated' => '2007-03-17 01:18:31' |
||
| 1537 | ); |
||
| 1538 | $this->assertTrue($this->Auth->login($user)); |
||
| 1539 | $this->assertTrue($this->Auth->loggedIn()); |
||
| 1540 | $this->assertEquals($user['username'], $this->Auth->user('username')); |
||
| 1541 | } |
||
| 1542 | |||
| 1543 | /**
|
||
| 1544 | * test flash settings.
|
||
| 1545 | *
|
||
| 1546 | * @return void
|
||
| 1547 | */
|
||
| 1548 | public function testFlashSettings() { |
||
| 1549 | $this->Auth->Flash = $this->getMock('FlashComponent', array(), array(), '', false); |
||
| 1550 | $this->Auth->Flash->expects($this->once()) |
||
| 1551 | ->method('set')
|
||
| 1552 | ->with('Auth failure', array('element' => 'custom', 'params' => array(1), 'key' => 'auth-key')); |
||
| 1553 | |||
| 1554 | $this->Auth->flash = array( |
||
| 1555 | 'element' => 'custom', |
||
| 1556 | 'params' => array(1), |
||
| 1557 | 'key' => 'auth-key' |
||
| 1558 | ); |
||
| 1559 | $this->Auth->flash('Auth failure'); |
||
| 1560 | } |
||
| 1561 | |||
| 1562 | /**
|
||
| 1563 | * test the various states of Auth::redirect()
|
||
| 1564 | *
|
||
| 1565 | * @return void
|
||
| 1566 | */
|
||
| 1567 | public function testRedirectSet() { |
||
| 1568 | $value = array('controller' => 'users', 'action' => 'home'); |
||
| 1569 | $result = $this->Auth->redirectUrl($value); |
||
| 1570 | $this->assertEquals('/users/home', $result); |
||
| 1571 | $this->assertEquals($value, $this->Auth->Session->read('Auth.redirect')); |
||
| 1572 | } |
||
| 1573 | |||
| 1574 | /**
|
||
| 1575 | * test redirect using Auth.redirect from the session.
|
||
| 1576 | *
|
||
| 1577 | * @return void
|
||
| 1578 | */
|
||
| 1579 | public function testRedirectSessionRead() { |
||
| 1580 | $this->Auth->loginAction = array('controller' => 'users', 'action' => 'login'); |
||
| 1581 | $this->Auth->Session->write('Auth.redirect', '/users/home'); |
||
| 1582 | |||
| 1583 | $result = $this->Auth->redirectUrl(); |
||
| 1584 | $this->assertEquals('/users/home', $result); |
||
| 1585 | $this->assertFalse($this->Auth->Session->check('Auth.redirect')); |
||
| 1586 | } |
||
| 1587 | |||
| 1588 | /**
|
||
| 1589 | * test redirectUrl with duplicate base.
|
||
| 1590 | *
|
||
| 1591 | * @return void
|
||
| 1592 | */
|
||
| 1593 | public function testRedirectSessionReadDuplicateBase() { |
||
| 1594 | $this->Auth->request->webroot = '/waves/'; |
||
| 1595 | $this->Auth->request->base = '/waves'; |
||
| 1596 | |||
| 1597 | Router::setRequestInfo($this->Auth->request); |
||
| 1598 | |||
| 1599 | $this->Auth->Session->write('Auth.redirect', '/waves/add'); |
||
| 1600 | |||
| 1601 | $result = $this->Auth->redirectUrl(); |
||
| 1602 | $this->assertEquals('/waves/add', $result); |
||
| 1603 | } |
||
| 1604 | |||
| 1605 | /**
|
||
| 1606 | * test that redirect does not return loginAction if that is what's stored in Auth.redirect.
|
||
| 1607 | * instead loginRedirect should be used.
|
||
| 1608 | *
|
||
| 1609 | * @return void
|
||
| 1610 | */
|
||
| 1611 | public function testRedirectSessionReadEqualToLoginAction() { |
||
| 1612 | $this->Auth->loginAction = array('controller' => 'users', 'action' => 'login'); |
||
| 1613 | $this->Auth->loginRedirect = array('controller' => 'users', 'action' => 'home'); |
||
| 1614 | $this->Auth->Session->write('Auth.redirect', array('controller' => 'users', 'action' => 'login')); |
||
| 1615 | |||
| 1616 | $result = $this->Auth->redirectUrl(); |
||
| 1617 | $this->assertEquals('/users/home', $result); |
||
| 1618 | $this->assertFalse($this->Auth->Session->check('Auth.redirect')); |
||
| 1619 | } |
||
| 1620 | |||
| 1621 | /**
|
||
| 1622 | * test that the returned URL doesn't contain the base URL.
|
||
| 1623 | *
|
||
| 1624 | * @see https://cakephp.lighthouseapp.com/projects/42648/tickets/3922-authcomponentredirecturl-prepends-appbaseurl
|
||
| 1625 | *
|
||
| 1626 | * @return void This test method doesn't return anything.
|
||
| 1627 | */
|
||
| 1628 | public function testRedirectUrlWithBaseSet() { |
||
| 1629 | $App = Configure::read('App'); |
||
| 1630 | |||
| 1631 | Configure::write('App', array( |
||
| 1632 | 'dir' => APP_DIR, |
||
| 1633 | 'webroot' => WEBROOT_DIR, |
||
| 1634 | 'base' => false, |
||
| 1635 | 'baseUrl' => '/cake/index.php' |
||
| 1636 | )); |
||
| 1637 | |||
| 1638 | $url = '/users/login'; |
||
| 1639 | $this->Auth->request = $this->Controller->request = new CakeRequest($url); |
||
| 1640 | $this->Auth->request->addParams(Router::parse($url)); |
||
| 1641 | $this->Auth->request->url = Router::normalize($url); |
||
| 1642 | |||
| 1643 | Router::setRequestInfo($this->Auth->request); |
||
| 1644 | |||
| 1645 | $this->Auth->loginAction = array('controller' => 'users', 'action' => 'login'); |
||
| 1646 | $this->Auth->loginRedirect = array('controller' => 'users', 'action' => 'home'); |
||
| 1647 | |||
| 1648 | $result = $this->Auth->redirectUrl(); |
||
| 1649 | $this->assertEquals('/users/home', $result); |
||
| 1650 | $this->assertFalse($this->Auth->Session->check('Auth.redirect')); |
||
| 1651 | |||
| 1652 | Configure::write('App', $App); |
||
| 1653 | Router::reload();
|
||
| 1654 | } |
||
| 1655 | |||
| 1656 | /**
|
||
| 1657 | * test password hashing
|
||
| 1658 | *
|
||
| 1659 | * @return void
|
||
| 1660 | */
|
||
| 1661 | public function testPassword() { |
||
| 1662 | $result = $this->Auth->password('password'); |
||
| 1663 | $expected = Security::hash('password', null, true); |
||
| 1664 | $this->assertEquals($expected, $result); |
||
| 1665 | } |
||
| 1666 | |||
| 1667 | /**
|
||
| 1668 | * testUser method
|
||
| 1669 | *
|
||
| 1670 | * @return void
|
||
| 1671 | */
|
||
| 1672 | public function testUser() { |
||
| 1673 | $data = array( |
||
| 1674 | 'User' => array( |
||
| 1675 | 'id' => '2', |
||
| 1676 | 'username' => 'mark', |
||
| 1677 | 'group_id' => 1, |
||
| 1678 | 'Group' => array( |
||
| 1679 | 'id' => '1', |
||
| 1680 | 'name' => 'Members' |
||
| 1681 | ), |
||
| 1682 | 'is_admin' => false, |
||
| 1683 | )); |
||
| 1684 | $this->Auth->Session->write('Auth', $data); |
||
| 1685 | |||
| 1686 | $result = $this->Auth->user(); |
||
| 1687 | $this->assertEquals($data['User'], $result); |
||
| 1688 | |||
| 1689 | $result = $this->Auth->user('username'); |
||
| 1690 | $this->assertEquals($data['User']['username'], $result); |
||
| 1691 | |||
| 1692 | $result = $this->Auth->user('Group.name'); |
||
| 1693 | $this->assertEquals($data['User']['Group']['name'], $result); |
||
| 1694 | |||
| 1695 | $result = $this->Auth->user('invalid'); |
||
| 1696 | $this->assertEquals(null, $result); |
||
| 1697 | |||
| 1698 | $result = $this->Auth->user('Company.invalid'); |
||
| 1699 | $this->assertEquals(null, $result); |
||
| 1700 | |||
| 1701 | $result = $this->Auth->user('is_admin'); |
||
| 1702 | $this->assertFalse($result); |
||
| 1703 | } |
||
| 1704 | |||
| 1705 | /**
|
||
| 1706 | * testStatelessAuthNoRedirect method
|
||
| 1707 | *
|
||
| 1708 | * @expectedException UnauthorizedException
|
||
| 1709 | * @expectedExceptionCode 401
|
||
| 1710 | * @return void
|
||
| 1711 | */
|
||
| 1712 | public function testStatelessAuthNoRedirect() { |
||
| 1713 | if (CakeSession::id()) { |
||
| 1714 | session_destroy(); |
||
| 1715 | CakeSession::$id = null; |
||
| 1716 | } |
||
| 1717 | $_SESSION = null; |
||
| 1718 | |||
| 1719 | AuthComponent::$sessionKey = false; |
||
| 1720 | $this->Auth->authenticate = array('Basic'); |
||
| 1721 | $this->Controller->request['action'] = 'admin_add'; |
||
| 1722 | |||
| 1723 | $this->Auth->startup($this->Controller); |
||
| 1724 | } |
||
| 1725 | |||
| 1726 | /**
|
||
| 1727 | * testStatelessAuthNoSessionStart method
|
||
| 1728 | *
|
||
| 1729 | * @return void
|
||
| 1730 | */
|
||
| 1731 | public function testStatelessAuthNoSessionStart() { |
||
| 1732 | if (CakeSession::id()) { |
||
| 1733 | session_destroy(); |
||
| 1734 | CakeSession::$id = null; |
||
| 1735 | } |
||
| 1736 | $_SESSION = null; |
||
| 1737 | |||
| 1738 | $_SERVER['PHP_AUTH_USER'] = 'mariano'; |
||
| 1739 | $_SERVER['PHP_AUTH_PW'] = 'cake'; |
||
| 1740 | |||
| 1741 | AuthComponent::$sessionKey = false; |
||
| 1742 | $this->Auth->authenticate = array( |
||
| 1743 | 'Basic' => array('userModel' => 'AuthUser') |
||
| 1744 | ); |
||
| 1745 | $this->Controller->request['action'] = 'admin_add'; |
||
| 1746 | |||
| 1747 | $result = $this->Auth->startup($this->Controller); |
||
| 1748 | $this->assertTrue($result); |
||
| 1749 | |||
| 1750 | $this->assertNull(CakeSession::id()); |
||
| 1751 | } |
||
| 1752 | |||
| 1753 | /**
|
||
| 1754 | * testStatelessAuthRedirect method
|
||
| 1755 | *
|
||
| 1756 | * @return void
|
||
| 1757 | */
|
||
| 1758 | public function testStatelessFollowedByStatefulAuth() { |
||
| 1759 | $this->Auth->authenticate = array('Basic', 'Form'); |
||
| 1760 | $this->Controller->request['action'] = 'admin_add'; |
||
| 1761 | |||
| 1762 | $this->Auth->response->expects($this->never())->method('statusCode'); |
||
| 1763 | $this->Auth->response->expects($this->never())->method('send'); |
||
| 1764 | |||
| 1765 | $result = $this->Auth->startup($this->Controller); |
||
| 1766 | $this->assertFalse($result); |
||
| 1767 | |||
| 1768 | $this->assertEquals('/users/login', $this->Controller->testUrl); |
||
| 1769 | } |
||
| 1770 | } |