pictcode / lib / Cake / Test / Case / Controller / Component / AuthComponentTest.php @ 1711ffed
履歴 | 表示 | アノテート | ダウンロード (49.379 KB)
| 1 | <?php
 | 
|---|---|
| 2 | /**
 | 
| 3 |  * AuthComponentTest file
 | 
| 4 |  *
 | 
| 5 |  * CakePHP(tm) Tests <http://book.cakephp.org/2.0/en/development/testing.html>
 | 
| 6 |  * Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
 | 
| 7 |  *
 | 
| 8 |  * Licensed under The MIT License
 | 
| 9 |  * For full copyright and license information, please see the LICENSE.txt
 | 
| 10 |  * Redistributions of files must retain the above copyright notice
 | 
| 11 |  *
 | 
| 12 |  * @copyright     Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
 | 
| 13 |  * @link          http://book.cakephp.org/2.0/en/development/testing.html CakePHP(tm) Tests
 | 
| 14 |  * @package       Cake.Test.Case.Controller.Component
 | 
| 15 |  * @since         CakePHP(tm) v 1.2.0.5347
 | 
| 16 |  * @license       http://www.opensource.org/licenses/mit-license.php MIT License
 | 
| 17 |  */
 | 
| 18 |  | 
| 19 | App::uses('Controller', 'Controller'); | 
| 20 | App::uses('AuthComponent', 'Controller/Component'); | 
| 21 | App::uses('AclComponent', 'Controller/Component'); | 
| 22 | App::uses('BaseAuthenticate', 'Controller/Component/Auth'); | 
| 23 | App::uses('FormAuthenticate', 'Controller/Component/Auth'); | 
| 24 | App::uses('CakeEvent', 'Event'); | 
| 25 |  | 
| 26 | /**
 | 
| 27 |  * TestFormAuthenticate class
 | 
| 28 |  *
 | 
| 29 |  * @package       Cake.Test.Case.Controller.Component
 | 
| 30 |  */
 | 
| 31 | class TestBaseAuthenticate extends BaseAuthenticate { | 
| 32 |  | 
| 33 | /**
 | 
| 34 |  * Implemented events
 | 
| 35 |  *
 | 
| 36 |  * @return array of events => callbacks.
 | 
| 37 |  */
 | 
| 38 | public function implementedEvents() { | 
| 39 | return array( | 
| 40 | 'Auth.afterIdentify' => 'afterIdentify' | 
| 41 | ); | 
| 42 | } | 
| 43 |  | 
| 44 | public $afterIdentifyCallable = null; | 
| 45 |  | 
| 46 | /**
 | 
| 47 |  * Test function to be used in event dispatching
 | 
| 48 |  *
 | 
| 49 |  * @return void
 | 
| 50 |  */
 | 
| 51 | public function afterIdentify($event) { | 
| 52 | call_user_func($this->afterIdentifyCallable, $event); | 
| 53 | } | 
| 54 |  | 
| 55 | /**
 | 
| 56 |  * Authenticate a user based on the request information.
 | 
| 57 |  *
 | 
| 58 |  * @param CakeRequest $request Request to get authentication information from.
 | 
| 59 |  * @param CakeResponse $response A response object that can have headers added.
 | 
| 60 |  * @return mixed Either false on failure, or an array of user data on success.
 | 
| 61 |  */
 | 
| 62 | public function authenticate(CakeRequest $request, CakeResponse $response) { | 
| 63 | return array( | 
| 64 | 'id' => 1, | 
| 65 | 'username' => 'mark' | 
| 66 | ); | 
| 67 | } | 
| 68 |  | 
| 69 | } | 
| 70 |  | 
| 71 | /**
 | 
| 72 |  * TestAuthComponent class
 | 
| 73 |  *
 | 
| 74 |  * @package       Cake.Test.Case.Controller.Component
 | 
| 75 |  */
 | 
| 76 | class TestAuthComponent extends AuthComponent { | 
| 77 |  | 
| 78 | /**
 | 
| 79 |  * testStop property
 | 
| 80 |  *
 | 
| 81 |  * @var bool
 | 
| 82 |  */
 | 
| 83 | public $testStop = false; | 
| 84 |  | 
| 85 | /**
 | 
| 86 |  * Helper method to add/set an authenticate object instance
 | 
| 87 |  *
 | 
| 88 |  * @param int $index The index at which to add/set the object
 | 
| 89 |  * @param object $object The object to add/set
 | 
| 90 |  * @return void
 | 
| 91 |  */
 | 
| 92 | public function setAuthenticateObject($index, $object) { | 
| 93 | $this->_authenticateObjects[$index] = $object; | 
| 94 | } | 
| 95 |  | 
| 96 | /**
 | 
| 97 |  * Helper method to get an authenticate object instance
 | 
| 98 |  *
 | 
| 99 |  * @param int $index The index at which to get the object
 | 
| 100 |  * @return object $object
 | 
| 101 |  */
 | 
| 102 | public function getAuthenticateObject($index) { | 
| 103 |                 $this->constructAuthenticate();
 | 
| 104 | return isset($this->_authenticateObjects[$index]) ? $this->_authenticateObjects[$index] : null; | 
| 105 | } | 
| 106 |  | 
| 107 | /**
 | 
| 108 |  * Helper method to add/set an authorize object instance
 | 
| 109 |  *
 | 
| 110 |  * @param int $index The index at which to add/set the object
 | 
| 111 |  * @param Object $object The object to add/set
 | 
| 112 |  * @return void
 | 
| 113 |  */
 | 
| 114 | public function setAuthorizeObject($index, $object) { | 
| 115 | $this->_authorizeObjects[$index] = $object; | 
| 116 | } | 
| 117 |  | 
| 118 | /**
 | 
| 119 |  * stop method
 | 
| 120 |  *
 | 
| 121 |  * @return void
 | 
| 122 |  */
 | 
| 123 | protected function _stop($status = 0) { | 
| 124 | $this->testStop = true; | 
| 125 | } | 
| 126 |  | 
| 127 | public static function clearUser() { | 
| 128 | static::$_user = array(); | 
| 129 | } | 
| 130 |  | 
| 131 | } | 
| 132 |  | 
| 133 | /**
 | 
| 134 |  * AuthUser class
 | 
| 135 |  *
 | 
| 136 |  * @package       Cake.Test.Case.Controller.Component
 | 
| 137 |  */
 | 
| 138 | class AuthUser extends CakeTestModel { | 
| 139 |  | 
| 140 | /**
 | 
| 141 |  * useDbConfig property
 | 
| 142 |  *
 | 
| 143 |  * @var string
 | 
| 144 |  */
 | 
| 145 | public $useDbConfig = 'test'; | 
| 146 |  | 
| 147 | } | 
| 148 |  | 
| 149 | /**
 | 
| 150 |  * AuthTestController class
 | 
| 151 |  *
 | 
| 152 |  * @package       Cake.Test.Case.Controller.Component
 | 
| 153 |  */
 | 
| 154 | class AuthTestController extends Controller { | 
| 155 |  | 
| 156 | /**
 | 
| 157 |  * uses property
 | 
| 158 |  *
 | 
| 159 |  * @var array
 | 
| 160 |  */
 | 
| 161 | public $uses = array('AuthUser'); | 
| 162 |  | 
| 163 | /**
 | 
| 164 |  * components property
 | 
| 165 |  *
 | 
| 166 |  * @var array
 | 
| 167 |  */
 | 
| 168 | public $components = array('Session', 'Flash', 'Auth'); | 
| 169 |  | 
| 170 | /**
 | 
| 171 |  * testUrl property
 | 
| 172 |  *
 | 
| 173 |  * @var mixed
 | 
| 174 |  */
 | 
| 175 | public $testUrl = null; | 
| 176 |  | 
| 177 | /**
 | 
| 178 |  * construct method
 | 
| 179 |  */
 | 
| 180 | public function __construct($request, $response) { | 
| 181 | $request->addParams(Router::parse('/auth_test')); | 
| 182 | $request->here = '/auth_test'; | 
| 183 | $request->webroot = '/'; | 
| 184 | Router::setRequestInfo($request); | 
| 185 | parent::__construct($request, $response); | 
| 186 | } | 
| 187 |  | 
| 188 | /**
 | 
| 189 |  * login method
 | 
| 190 |  *
 | 
| 191 |  * @return void
 | 
| 192 |  */
 | 
| 193 | public function login() { | 
| 194 | } | 
| 195 |  | 
| 196 | /**
 | 
| 197 |  * admin_login method
 | 
| 198 |  *
 | 
| 199 |  * @return void
 | 
| 200 |  */
 | 
| 201 | public function admin_login() { | 
| 202 | } | 
| 203 |  | 
| 204 | /**
 | 
| 205 |  * admin_add method
 | 
| 206 |  *
 | 
| 207 |  * @return void
 | 
| 208 |  */
 | 
| 209 | public function admin_add() { | 
| 210 | } | 
| 211 |  | 
| 212 | /**
 | 
| 213 |  * logout method
 | 
| 214 |  *
 | 
| 215 |  * @return void
 | 
| 216 |  */
 | 
| 217 | public function logout() { | 
| 218 | } | 
| 219 |  | 
| 220 | /**
 | 
| 221 |  * add method
 | 
| 222 |  *
 | 
| 223 |  * @return void
 | 
| 224 |  */
 | 
| 225 | public function add() { | 
| 226 | echo "add"; | 
| 227 | } | 
| 228 |  | 
| 229 | /**
 | 
| 230 |  * add method
 | 
| 231 |  *
 | 
| 232 |  * @return void
 | 
| 233 |  */
 | 
| 234 | public function camelCase() { | 
| 235 | echo "camelCase"; | 
| 236 | } | 
| 237 |  | 
| 238 | /**
 | 
| 239 |  * redirect method
 | 
| 240 |  *
 | 
| 241 |  * @param string|array $url
 | 
| 242 |  * @param mixed $status
 | 
| 243 |  * @param mixed $exit
 | 
| 244 |  * @return void
 | 
| 245 |  */
 | 
| 246 | public function redirect($url, $status = null, $exit = true) { | 
| 247 | $this->testUrl = Router::url($url); | 
| 248 | return false; | 
| 249 | } | 
| 250 |  | 
| 251 | /**
 | 
| 252 |  * isAuthorized method
 | 
| 253 |  *
 | 
| 254 |  * @return void
 | 
| 255 |  */
 | 
| 256 | public function isAuthorized() { | 
| 257 | } | 
| 258 |  | 
| 259 | } | 
| 260 |  | 
| 261 | /**
 | 
| 262 |  * AjaxAuthController class
 | 
| 263 |  *
 | 
| 264 |  * @package       Cake.Test.Case.Controller.Component
 | 
| 265 |  */
 | 
| 266 | class AjaxAuthController extends Controller { | 
| 267 |  | 
| 268 | /**
 | 
| 269 |  * components property
 | 
| 270 |  *
 | 
| 271 |  * @var array
 | 
| 272 |  */
 | 
| 273 | public $components = array('Session', 'TestAuth'); | 
| 274 |  | 
| 275 | /**
 | 
| 276 |  * uses property
 | 
| 277 |  *
 | 
| 278 |  * @var array
 | 
| 279 |  */
 | 
| 280 | public $uses = array(); | 
| 281 |  | 
| 282 | /**
 | 
| 283 |  * testUrl property
 | 
| 284 |  *
 | 
| 285 |  * @var mixed
 | 
| 286 |  */
 | 
| 287 | public $testUrl = null; | 
| 288 |  | 
| 289 | /**
 | 
| 290 |  * beforeFilter method
 | 
| 291 |  *
 | 
| 292 |  * @return void
 | 
| 293 |  */
 | 
| 294 | public function beforeFilter() { | 
| 295 | $this->TestAuth->ajaxLogin = 'test_element'; | 
| 296 | $this->TestAuth->userModel = 'AuthUser'; | 
| 297 | $this->TestAuth->RequestHandler->ajaxLayout = 'ajax2'; | 
| 298 | } | 
| 299 |  | 
| 300 | /**
 | 
| 301 |  * add method
 | 
| 302 |  *
 | 
| 303 |  * @return void
 | 
| 304 |  */
 | 
| 305 | public function add() { | 
| 306 | if ($this->TestAuth->testStop !== true) { | 
| 307 | echo 'Added Record'; | 
| 308 | } | 
| 309 | } | 
| 310 |  | 
| 311 | /**
 | 
| 312 |  * redirect method
 | 
| 313 |  *
 | 
| 314 |  * @param string|array $url
 | 
| 315 |  * @param mixed $status
 | 
| 316 |  * @param mixed $exit
 | 
| 317 |  * @return void
 | 
| 318 |  */
 | 
| 319 | public function redirect($url, $status = null, $exit = true) { | 
| 320 | $this->testUrl = Router::url($url); | 
| 321 | return false; | 
| 322 | } | 
| 323 |  | 
| 324 | } | 
| 325 |  | 
| 326 | /**
 | 
| 327 |  * Mock class used to test event dispatching
 | 
| 328 |  *
 | 
| 329 |  * @package Cake.Test.Case.Event
 | 
| 330 |  */
 | 
| 331 | class AuthEventTestListener { | 
| 332 |  | 
| 333 | public $callStack = array(); | 
| 334 |  | 
| 335 | /**
 | 
| 336 |  * Test function to be used in event dispatching
 | 
| 337 |  *
 | 
| 338 |  * @return void
 | 
| 339 |  */
 | 
| 340 | public function listenerFunction() { | 
| 341 | $this->callStack[] = __FUNCTION__; | 
| 342 | } | 
| 343 |  | 
| 344 | } | 
| 345 |  | 
| 346 |  | 
| 347 | /**
 | 
| 348 |  * AuthComponentTest class
 | 
| 349 |  *
 | 
| 350 |  * @package       Cake.Test.Case.Controller.Component
 | 
| 351 |  */
 | 
| 352 | class AuthComponentTest extends CakeTestCase { | 
| 353 |  | 
| 354 | /**
 | 
| 355 |  * name property
 | 
| 356 |  *
 | 
| 357 |  * @var string
 | 
| 358 |  */
 | 
| 359 | public $name = 'Auth'; | 
| 360 |  | 
| 361 | /**
 | 
| 362 |  * fixtures property
 | 
| 363 |  *
 | 
| 364 |  * @var array
 | 
| 365 |  */
 | 
| 366 | public $fixtures = array('core.auth_user'); | 
| 367 |  | 
| 368 | /**
 | 
| 369 |  * initialized property
 | 
| 370 |  *
 | 
| 371 |  * @var bool
 | 
| 372 |  */
 | 
| 373 | public $initialized = false; | 
| 374 |  | 
| 375 | /**
 | 
| 376 |  * setUp method
 | 
| 377 |  *
 | 
| 378 |  * @return void
 | 
| 379 |  */
 | 
| 380 | public function setUp() { | 
| 381 |                 parent::setUp();
 | 
| 382 | Configure::write('Security.salt', 'YJfIxfs2guVoUubWDYhG93b0qyJfIxfs2guwvniR2G0FgaC9mi'); | 
| 383 | Configure::write('Security.cipherSeed', 770011223369876); | 
| 384 |  | 
| 385 | $request = new CakeRequest(null, false); | 
| 386 |  | 
| 387 | $this->Controller = new AuthTestController($request, $this->getMock('CakeResponse')); | 
| 388 |  | 
| 389 | $collection = new ComponentCollection(); | 
| 390 | $collection->init($this->Controller); | 
| 391 | $this->Auth = new TestAuthComponent($collection); | 
| 392 | $this->Auth->request = $request; | 
| 393 | $this->Auth->response = $this->getMock('CakeResponse'); | 
| 394 | AuthComponent::$sessionKey = 'Auth.User'; | 
| 395 |  | 
| 396 | $this->Controller->Components->init($this->Controller); | 
| 397 |  | 
| 398 | $this->initialized = true; | 
| 399 |                 Router::reload();
 | 
| 400 | Router::connect('/:controller/:action/*'); | 
| 401 |  | 
| 402 | $User = ClassRegistry::init('AuthUser'); | 
| 403 | $User->updateAll(array('password' => $User->getDataSource()->value(Security::hash('cake', null, true)))); | 
| 404 | } | 
| 405 |  | 
| 406 | /**
 | 
| 407 |  * tearDown method
 | 
| 408 |  *
 | 
| 409 |  * @return void
 | 
| 410 |  */
 | 
| 411 | public function tearDown() { | 
| 412 |                 parent::tearDown();
 | 
| 413 |  | 
| 414 |                 TestAuthComponent::clearUser();
 | 
| 415 | $this->Auth->Session->delete('Auth'); | 
| 416 | $this->Auth->Session->delete('Message.auth'); | 
| 417 | unset($this->Controller, $this->Auth); | 
| 418 | } | 
| 419 |  | 
| 420 | /**
 | 
| 421 |  * testNoAuth method
 | 
| 422 |  *
 | 
| 423 |  * @return void
 | 
| 424 |  */
 | 
| 425 | public function testNoAuth() { | 
| 426 | $this->assertFalse($this->Auth->isAuthorized()); | 
| 427 | } | 
| 428 |  | 
| 429 | /**
 | 
| 430 |  * testIsErrorOrTests
 | 
| 431 |  *
 | 
| 432 |  * @return void
 | 
| 433 |  */
 | 
| 434 | public function testIsErrorOrTests() { | 
| 435 | $this->Controller->Auth->initialize($this->Controller); | 
| 436 |  | 
| 437 | $this->Controller->name = 'CakeError'; | 
| 438 | $this->assertTrue($this->Controller->Auth->startup($this->Controller)); | 
| 439 |  | 
| 440 | $this->Controller->name = 'Post'; | 
| 441 | $this->Controller->request['action'] = 'thisdoesnotexist'; | 
| 442 | $this->assertTrue($this->Controller->Auth->startup($this->Controller)); | 
| 443 |  | 
| 444 | $this->Controller->scaffold = null; | 
| 445 | $this->Controller->request['action'] = 'index'; | 
| 446 | $this->assertFalse($this->Controller->Auth->startup($this->Controller)); | 
| 447 | } | 
| 448 |  | 
| 449 | /**
 | 
| 450 |  * testLogin method
 | 
| 451 |  *
 | 
| 452 |  * @return void
 | 
| 453 |  */
 | 
| 454 | public function testLogin() { | 
| 455 | $AuthLoginFormAuthenticate = $this->getMock('FormAuthenticate', array(), array(), '', false); | 
| 456 | $this->Auth->authenticate = array( | 
| 457 | 'AuthLoginForm' => array( | 
| 458 | 'userModel' => 'AuthUser' | 
| 459 | ) | 
| 460 | ); | 
| 461 | $this->Auth->Session = $this->getMock('SessionComponent', array('renew'), array(), '', false); | 
| 462 |  | 
| 463 | $this->Auth->setAuthenticateObject(0, $AuthLoginFormAuthenticate); | 
| 464 |  | 
| 465 | $this->Auth->request->data = array( | 
| 466 | 'AuthUser' => array( | 
| 467 | 'username' => 'mark', | 
| 468 | 'password' => Security::hash('cake', null, true) | 
| 469 | ) | 
| 470 | ); | 
| 471 |  | 
| 472 | $user = array( | 
| 473 | 'id' => 1, | 
| 474 | 'username' => 'mark' | 
| 475 | ); | 
| 476 |  | 
| 477 | $AuthLoginFormAuthenticate->expects($this->once()) | 
| 478 |                         ->method('authenticate')
 | 
| 479 | ->with($this->Auth->request) | 
| 480 | ->will($this->returnValue($user)); | 
| 481 |  | 
| 482 | $this->Auth->Session->expects($this->once()) | 
| 483 |                         ->method('renew');
 | 
| 484 |  | 
| 485 | $result = $this->Auth->login(); | 
| 486 | $this->assertTrue($result); | 
| 487 |  | 
| 488 | $this->assertTrue($this->Auth->loggedIn()); | 
| 489 | $this->assertEquals($user, $this->Auth->user()); | 
| 490 | } | 
| 491 |  | 
| 492 | /**
 | 
| 493 |  * testLogin afterIdentify event method
 | 
| 494 |  *
 | 
| 495 |  * @return void
 | 
| 496 |  */
 | 
| 497 | public function testLoginAfterIdentify() { | 
| 498 | $this->Auth->authenticate = array( | 
| 499 |                         'TestBase',
 | 
| 500 | ); | 
| 501 |  | 
| 502 | $user = array( | 
| 503 | 'id' => 1, | 
| 504 | 'username' => 'mark' | 
| 505 | ); | 
| 506 |  | 
| 507 | $auth = $this->Auth->getAuthenticateObject(0); | 
| 508 | $listener = $this->getMock('AuthEventTestListener'); | 
| 509 | $auth->afterIdentifyCallable = array($listener, 'listenerFunction'); | 
| 510 | $event = new CakeEvent('Auth.afterIdentify', $this->Auth, array('user' => $user)); | 
| 511 | $listener->expects($this->once())->method('listenerFunction')->with($event); | 
| 512 |  | 
| 513 | $result = $this->Auth->login(); | 
| 514 | $this->assertTrue($result); | 
| 515 | $this->assertTrue($this->Auth->loggedIn()); | 
| 516 | $this->assertEquals($user, $this->Auth->user()); | 
| 517 | } | 
| 518 |  | 
| 519 | /**
 | 
| 520 |  * testRedirectVarClearing method
 | 
| 521 |  *
 | 
| 522 |  * @return void
 | 
| 523 |  */
 | 
| 524 | public function testRedirectVarClearing() { | 
| 525 | $this->Controller->request['controller'] = 'auth_test'; | 
| 526 | $this->Controller->request['action'] = 'admin_add'; | 
| 527 | $this->Controller->here = '/auth_test/admin_add'; | 
| 528 | $this->assertNull($this->Auth->Session->read('Auth.redirect')); | 
| 529 |  | 
| 530 | $this->Auth->authenticate = array('Form'); | 
| 531 | $this->Auth->startup($this->Controller); | 
| 532 | $this->assertEquals('/auth_test/admin_add', $this->Auth->Session->read('Auth.redirect')); | 
| 533 |  | 
| 534 | $this->Auth->Session->write('Auth.User', array('username' => 'admad')); | 
| 535 | $this->Auth->startup($this->Controller); | 
| 536 | $this->assertNull($this->Auth->Session->read('Auth.redirect')); | 
| 537 | } | 
| 538 |  | 
| 539 | /**
 | 
| 540 |  * testAuthorizeFalse method
 | 
| 541 |  *
 | 
| 542 |  * @return void
 | 
| 543 |  */
 | 
| 544 | public function testAuthorizeFalse() { | 
| 545 | $this->AuthUser = new AuthUser(); | 
| 546 | $user = $this->AuthUser->find(); | 
| 547 | $this->Auth->Session->write('Auth.User', $user['AuthUser']); | 
| 548 | $this->Controller->Auth->userModel = 'AuthUser'; | 
| 549 | $this->Controller->Auth->authorize = false; | 
| 550 | $this->Controller->request->addParams(Router::parse('auth_test/add')); | 
| 551 | $this->Controller->Auth->initialize($this->Controller); | 
| 552 | $result = $this->Controller->Auth->startup($this->Controller); | 
| 553 | $this->assertTrue($result); | 
| 554 |  | 
| 555 | $this->Auth->Session->delete('Auth'); | 
| 556 | $result = $this->Controller->Auth->startup($this->Controller); | 
| 557 | $this->assertFalse($result); | 
| 558 | $this->assertTrue($this->Auth->Session->check('Message.auth')); | 
| 559 |  | 
| 560 | $this->Controller->request->addParams(Router::parse('auth_test/camelCase')); | 
| 561 | $result = $this->Controller->Auth->startup($this->Controller); | 
| 562 | $this->assertFalse($result); | 
| 563 | } | 
| 564 |  | 
| 565 | /**
 | 
| 566 |  * @expectedException CakeException
 | 
| 567 |  * @return void
 | 
| 568 |  */
 | 
| 569 | public function testIsAuthorizedMissingFile() { | 
| 570 | $this->Controller->Auth->authorize = 'Missing'; | 
| 571 | $this->Controller->Auth->isAuthorized(array('User' => array('id' => 1))); | 
| 572 | } | 
| 573 |  | 
| 574 | /**
 | 
| 575 |  * test that isAuthorized calls methods correctly
 | 
| 576 |  *
 | 
| 577 |  * @return void
 | 
| 578 |  */
 | 
| 579 | public function testIsAuthorizedDelegation() { | 
| 580 | $AuthMockOneAuthorize = $this->getMock('BaseAuthorize', array('authorize'), array(), '', false); | 
| 581 | $AuthMockTwoAuthorize = $this->getMock('BaseAuthorize', array('authorize'), array(), '', false); | 
| 582 | $AuthMockThreeAuthorize = $this->getMock('BaseAuthorize', array('authorize'), array(), '', false); | 
| 583 |  | 
| 584 | $this->Auth->setAuthorizeObject(0, $AuthMockOneAuthorize); | 
| 585 | $this->Auth->setAuthorizeObject(1, $AuthMockTwoAuthorize); | 
| 586 | $this->Auth->setAuthorizeObject(2, $AuthMockThreeAuthorize); | 
| 587 | $request = $this->Auth->request; | 
| 588 |  | 
| 589 | $AuthMockOneAuthorize->expects($this->once()) | 
| 590 |                         ->method('authorize')
 | 
| 591 | ->with(array('User'), $request) | 
| 592 | ->will($this->returnValue(false)); | 
| 593 |  | 
| 594 | $AuthMockTwoAuthorize->expects($this->once()) | 
| 595 |                         ->method('authorize')
 | 
| 596 | ->with(array('User'), $request) | 
| 597 | ->will($this->returnValue(true)); | 
| 598 |  | 
| 599 | $AuthMockThreeAuthorize->expects($this->never()) | 
| 600 |                         ->method('authorize');
 | 
| 601 |  | 
| 602 | $this->assertTrue($this->Auth->isAuthorized(array('User'), $request)); | 
| 603 | } | 
| 604 |  | 
| 605 | /**
 | 
| 606 |  * test that isAuthorized will use the session user if none is given.
 | 
| 607 |  *
 | 
| 608 |  * @return void
 | 
| 609 |  */
 | 
| 610 | public function testIsAuthorizedUsingUserInSession() { | 
| 611 | $AuthMockFourAuthorize = $this->getMock('BaseAuthorize', array('authorize'), array(), '', false); | 
| 612 | $this->Auth->authorize = array('AuthMockFour'); | 
| 613 | $this->Auth->setAuthorizeObject(0, $AuthMockFourAuthorize); | 
| 614 |  | 
| 615 | $user = array('user' => 'mark'); | 
| 616 | $this->Auth->Session->write('Auth.User', $user); | 
| 617 | $request = $this->Controller->request; | 
| 618 |  | 
| 619 | $AuthMockFourAuthorize->expects($this->once()) | 
| 620 |                         ->method('authorize')
 | 
| 621 | ->with($user, $request) | 
| 622 | ->will($this->returnValue(true)); | 
| 623 |  | 
| 624 | $this->assertTrue($this->Auth->isAuthorized(null, $request)); | 
| 625 | } | 
| 626 |  | 
| 627 | /**
 | 
| 628 |  * test that loadAuthorize resets the loaded objects each time.
 | 
| 629 |  *
 | 
| 630 |  * @return void
 | 
| 631 |  */
 | 
| 632 | public function testLoadAuthorizeResets() { | 
| 633 | $this->Controller->Auth->authorize = array( | 
| 634 |                         'Controller'
 | 
| 635 | ); | 
| 636 | $result = $this->Controller->Auth->constructAuthorize(); | 
| 637 | $this->assertEquals(1, count($result)); | 
| 638 |  | 
| 639 | $result = $this->Controller->Auth->constructAuthorize(); | 
| 640 | $this->assertEquals(1, count($result)); | 
| 641 | } | 
| 642 |  | 
| 643 | /**
 | 
| 644 |  * @expectedException CakeException
 | 
| 645 |  * @return void
 | 
| 646 |  */
 | 
| 647 | public function testLoadAuthenticateNoFile() { | 
| 648 | $this->Controller->Auth->authenticate = 'Missing'; | 
| 649 | $this->Controller->Auth->identify($this->Controller->request, $this->Controller->response); | 
| 650 | } | 
| 651 |  | 
| 652 | /**
 | 
| 653 |  * test the * key with authenticate
 | 
| 654 |  *
 | 
| 655 |  * @return void
 | 
| 656 |  */
 | 
| 657 | public function testAllConfigWithAuthorize() { | 
| 658 | $this->Controller->Auth->authorize = array( | 
| 659 | AuthComponent::ALL => array('actionPath' => 'controllers/'), | 
| 660 |                         'Actions'
 | 
| 661 | ); | 
| 662 | $objects = $this->Controller->Auth->constructAuthorize(); | 
| 663 | $result = $objects[0]; | 
| 664 | $this->assertEquals('controllers/', $result->settings['actionPath']); | 
| 665 | } | 
| 666 |  | 
| 667 | /**
 | 
| 668 |  * test that loadAuthorize resets the loaded objects each time.
 | 
| 669 |  *
 | 
| 670 |  * @return void
 | 
| 671 |  */
 | 
| 672 | public function testLoadAuthenticateResets() { | 
| 673 | $this->Controller->Auth->authenticate = array( | 
| 674 |                         'Form'
 | 
| 675 | ); | 
| 676 | $result = $this->Controller->Auth->constructAuthenticate(); | 
| 677 | $this->assertEquals(1, count($result)); | 
| 678 |  | 
| 679 | $result = $this->Controller->Auth->constructAuthenticate(); | 
| 680 | $this->assertEquals(1, count($result)); | 
| 681 | } | 
| 682 |  | 
| 683 | /**
 | 
| 684 |  * test the * key with authenticate
 | 
| 685 |  *
 | 
| 686 |  * @return void
 | 
| 687 |  */
 | 
| 688 | public function testAllConfigWithAuthenticate() { | 
| 689 | $this->Controller->Auth->authenticate = array( | 
| 690 | AuthComponent::ALL => array('userModel' => 'AuthUser'), | 
| 691 |                         'Form'
 | 
| 692 | ); | 
| 693 | $objects = $this->Controller->Auth->constructAuthenticate(); | 
| 694 | $result = $objects[0]; | 
| 695 | $this->assertEquals('AuthUser', $result->settings['userModel']); | 
| 696 | } | 
| 697 |  | 
| 698 | /**
 | 
| 699 |  * test defining the same Authenticate object but with different password hashers
 | 
| 700 |  *
 | 
| 701 |  * @return void
 | 
| 702 |  */
 | 
| 703 | public function testSameAuthenticateWithDifferentHashers() { | 
| 704 | $this->Controller->Auth->authenticate = array( | 
| 705 | 'FormSimple' => array('className' => 'Form', 'passwordHasher' => 'Simple'), | 
| 706 | 'FormBlowfish' => array('className' => 'Form', 'passwordHasher' => 'Blowfish'), | 
| 707 | ); | 
| 708 |  | 
| 709 | $objects = $this->Controller->Auth->constructAuthenticate(); | 
| 710 | $this->assertEquals(2, count($objects)); | 
| 711 |  | 
| 712 | $this->assertInstanceOf('FormAuthenticate', $objects[0]); | 
| 713 | $this->assertInstanceOf('FormAuthenticate', $objects[1]); | 
| 714 |  | 
| 715 | $this->assertInstanceOf('SimplePasswordHasher', $objects[0]->passwordHasher()); | 
| 716 | $this->assertInstanceOf('BlowfishPasswordHasher', $objects[1]->passwordHasher()); | 
| 717 | } | 
| 718 |  | 
| 719 | /**
 | 
| 720 |  * Tests that deny always takes precedence over allow
 | 
| 721 |  *
 | 
| 722 |  * @return void
 | 
| 723 |  */
 | 
| 724 | public function testAllowDenyAll() { | 
| 725 | $this->Controller->Auth->initialize($this->Controller); | 
| 726 |  | 
| 727 | $this->Controller->Auth->allow(); | 
| 728 | $this->Controller->Auth->deny('add', 'camelCase'); | 
| 729 |  | 
| 730 | $this->Controller->request['action'] = 'delete'; | 
| 731 | $this->assertTrue($this->Controller->Auth->startup($this->Controller)); | 
| 732 |  | 
| 733 | $this->Controller->request['action'] = 'add'; | 
| 734 | $this->assertFalse($this->Controller->Auth->startup($this->Controller)); | 
| 735 |  | 
| 736 | $this->Controller->request['action'] = 'camelCase'; | 
| 737 | $this->assertFalse($this->Controller->Auth->startup($this->Controller)); | 
| 738 |  | 
| 739 | $this->Controller->Auth->allow(); | 
| 740 | $this->Controller->Auth->deny(array('add', 'camelCase')); | 
| 741 |  | 
| 742 | $this->Controller->request['action'] = 'delete'; | 
| 743 | $this->assertTrue($this->Controller->Auth->startup($this->Controller)); | 
| 744 |  | 
| 745 | $this->Controller->request['action'] = 'camelCase'; | 
| 746 | $this->assertFalse($this->Controller->Auth->startup($this->Controller)); | 
| 747 |  | 
| 748 | $this->Controller->Auth->allow('*'); | 
| 749 | $this->Controller->Auth->deny(); | 
| 750 |  | 
| 751 | $this->Controller->request['action'] = 'camelCase'; | 
| 752 | $this->assertFalse($this->Controller->Auth->startup($this->Controller)); | 
| 753 |  | 
| 754 | $this->Controller->request['action'] = 'add'; | 
| 755 | $this->assertFalse($this->Controller->Auth->startup($this->Controller)); | 
| 756 |  | 
| 757 | $this->Controller->Auth->allow('camelCase'); | 
| 758 | $this->Controller->Auth->deny(); | 
| 759 |  | 
| 760 | $this->Controller->request['action'] = 'camelCase'; | 
| 761 | $this->assertFalse($this->Controller->Auth->startup($this->Controller)); | 
| 762 |  | 
| 763 | $this->Controller->request['action'] = 'login'; | 
| 764 | $this->assertFalse($this->Controller->Auth->startup($this->Controller)); | 
| 765 |  | 
| 766 | $this->Controller->Auth->deny(); | 
| 767 | $this->Controller->Auth->allow(null); | 
| 768 |  | 
| 769 | $this->Controller->request['action'] = 'camelCase'; | 
| 770 | $this->assertTrue($this->Controller->Auth->startup($this->Controller)); | 
| 771 |  | 
| 772 | $this->Controller->Auth->allow(); | 
| 773 | $this->Controller->Auth->deny(null); | 
| 774 |  | 
| 775 | $this->Controller->request['action'] = 'camelCase'; | 
| 776 | $this->assertFalse($this->Controller->Auth->startup($this->Controller)); | 
| 777 | } | 
| 778 |  | 
| 779 | /**
 | 
| 780 |  * test that deny() converts camel case inputs to lowercase.
 | 
| 781 |  *
 | 
| 782 |  * @return void
 | 
| 783 |  */
 | 
| 784 | public function testDenyWithCamelCaseMethods() { | 
| 785 | $this->Controller->Auth->initialize($this->Controller); | 
| 786 | $this->Controller->Auth->allow(); | 
| 787 | $this->Controller->Auth->deny('add', 'camelCase'); | 
| 788 |  | 
| 789 | $url = '/auth_test/camelCase'; | 
| 790 | $this->Controller->request->addParams(Router::parse($url)); | 
| 791 | $this->Controller->request->query['url'] = Router::normalize($url); | 
| 792 |  | 
| 793 | $this->assertFalse($this->Controller->Auth->startup($this->Controller)); | 
| 794 |  | 
| 795 | $url = '/auth_test/CamelCase'; | 
| 796 | $this->Controller->request->addParams(Router::parse($url)); | 
| 797 | $this->Controller->request->query['url'] = Router::normalize($url); | 
| 798 | $this->assertFalse($this->Controller->Auth->startup($this->Controller)); | 
| 799 | } | 
| 800 |  | 
| 801 | /**
 | 
| 802 |  * test that allow() and allowedActions work with camelCase method names.
 | 
| 803 |  *
 | 
| 804 |  * @return void
 | 
| 805 |  */
 | 
| 806 | public function testAllowedActionsWithCamelCaseMethods() { | 
| 807 | $url = '/auth_test/camelCase'; | 
| 808 | $this->Controller->request->addParams(Router::parse($url)); | 
| 809 | $this->Controller->request->query['url'] = Router::normalize($url); | 
| 810 | $this->Controller->Auth->initialize($this->Controller); | 
| 811 | $this->Controller->Auth->loginAction = array('controller' => 'AuthTest', 'action' => 'login'); | 
| 812 | $this->Controller->Auth->userModel = 'AuthUser'; | 
| 813 | $this->Controller->Auth->allow(); | 
| 814 | $result = $this->Controller->Auth->startup($this->Controller); | 
| 815 | $this->assertTrue($result, 'startup() should return true, as action is allowed. %s'); | 
| 816 |  | 
| 817 | $url = '/auth_test/camelCase'; | 
| 818 | $this->Controller->request->addParams(Router::parse($url)); | 
| 819 | $this->Controller->request->query['url'] = Router::normalize($url); | 
| 820 | $this->Controller->Auth->initialize($this->Controller); | 
| 821 | $this->Controller->Auth->loginAction = array('controller' => 'AuthTest', 'action' => 'login'); | 
| 822 | $this->Controller->Auth->userModel = 'AuthUser'; | 
| 823 | $this->Controller->Auth->allowedActions = array('delete', 'camelCase', 'add'); | 
| 824 | $result = $this->Controller->Auth->startup($this->Controller); | 
| 825 | $this->assertTrue($result, 'startup() should return true, as action is allowed. %s'); | 
| 826 |  | 
| 827 | $this->Controller->Auth->allowedActions = array('delete', 'add'); | 
| 828 | $result = $this->Controller->Auth->startup($this->Controller); | 
| 829 | $this->assertFalse($result, 'startup() should return false, as action is not allowed. %s'); | 
| 830 |  | 
| 831 | $url = '/auth_test/delete'; | 
| 832 | $this->Controller->request->addParams(Router::parse($url)); | 
| 833 | $this->Controller->request->query['url'] = Router::normalize($url); | 
| 834 | $this->Controller->Auth->initialize($this->Controller); | 
| 835 | $this->Controller->Auth->loginAction = array('controller' => 'AuthTest', 'action' => 'login'); | 
| 836 | $this->Controller->Auth->userModel = 'AuthUser'; | 
| 837 |  | 
| 838 | $this->Controller->Auth->allow(array('delete', 'add')); | 
| 839 | $result = $this->Controller->Auth->startup($this->Controller); | 
| 840 | $this->assertTrue($result, 'startup() should return true, as action is allowed. %s'); | 
| 841 | } | 
| 842 |  | 
| 843 | public function testAllowedActionsSetWithAllowMethod() { | 
| 844 | $url = '/auth_test/action_name'; | 
| 845 | $this->Controller->request->addParams(Router::parse($url)); | 
| 846 | $this->Controller->request->query['url'] = Router::normalize($url); | 
| 847 | $this->Controller->Auth->initialize($this->Controller); | 
| 848 | $this->Controller->Auth->allow('action_name', 'anotherAction'); | 
| 849 | $this->assertEquals(array('action_name', 'anotherAction'), $this->Controller->Auth->allowedActions); | 
| 850 | } | 
| 851 |  | 
| 852 | /**
 | 
| 853 |  * testLoginRedirect method
 | 
| 854 |  *
 | 
| 855 |  * @return void
 | 
| 856 |  */
 | 
| 857 | public function testLoginRedirect() { | 
| 858 | $_SERVER['HTTP_REFERER'] = false; | 
| 859 | $_ENV['HTTP_REFERER'] = false; | 
| 860 | putenv('HTTP_REFERER='); | 
| 861 |  | 
| 862 | $this->Auth->Session->write('Auth', array( | 
| 863 | 'AuthUser' => array('id' => '1', 'username' => 'nate') | 
| 864 | )); | 
| 865 |  | 
| 866 | $this->Auth->request->addParams(Router::parse('users/login')); | 
| 867 | $this->Auth->request->url = 'users/login'; | 
| 868 | $this->Auth->initialize($this->Controller); | 
| 869 |  | 
| 870 | $this->Auth->loginRedirect = array( | 
| 871 | 'controller' => 'pages', 'action' => 'display', 'welcome' | 
| 872 | ); | 
| 873 | $this->Auth->startup($this->Controller); | 
| 874 | $expected = Router::normalize($this->Auth->loginRedirect); | 
| 875 | $this->assertEquals($expected, $this->Auth->redirectUrl()); | 
| 876 |  | 
| 877 | $this->Auth->Session->delete('Auth'); | 
| 878 |  | 
| 879 |                 //empty referer no session
 | 
| 880 | $_SERVER['HTTP_REFERER'] = false; | 
| 881 | $_ENV['HTTP_REFERER'] = false; | 
| 882 | putenv('HTTP_REFERER='); | 
| 883 | $url = '/posts/view/1'; | 
| 884 |  | 
| 885 | $this->Auth->Session->write('Auth', array( | 
| 886 | 'AuthUser' => array('id' => '1', 'username' => 'nate')) | 
| 887 | ); | 
| 888 | $this->Controller->testUrl = null; | 
| 889 | $this->Auth->request->addParams(Router::parse($url)); | 
| 890 | array_push($this->Controller->methods, 'view', 'edit', 'index'); | 
| 891 |  | 
| 892 | $this->Auth->initialize($this->Controller); | 
| 893 | $this->Auth->authorize = 'controller'; | 
| 894 |  | 
| 895 | $this->Auth->loginAction = array( | 
| 896 | 'controller' => 'AuthTest', 'action' => 'login' | 
| 897 | ); | 
| 898 | $this->Auth->startup($this->Controller); | 
| 899 | $expected = Router::normalize('/AuthTest/login'); | 
| 900 | $this->assertEquals($expected, $this->Controller->testUrl); | 
| 901 |  | 
| 902 | $this->Auth->Session->delete('Auth'); | 
| 903 | $_SERVER['HTTP_REFERER'] = $_ENV['HTTP_REFERER'] = Router::url('/admin', true); | 
| 904 | $this->Auth->Session->write('Auth', array( | 
| 905 | 'AuthUser' => array('id' => '1', 'username' => 'nate') | 
| 906 | )); | 
| 907 | $this->Auth->request->params['action'] = 'login'; | 
| 908 | $this->Auth->request->url = 'auth_test/login'; | 
| 909 | $this->Auth->initialize($this->Controller); | 
| 910 | $this->Auth->loginAction = 'auth_test/login'; | 
| 911 | $this->Auth->loginRedirect = false; | 
| 912 | $this->Auth->startup($this->Controller); | 
| 913 | $expected = Router::normalize('/admin'); | 
| 914 | $this->assertEquals($expected, $this->Auth->redirectUrl()); | 
| 915 |  | 
| 916 |                 // Ticket #4750
 | 
| 917 |                 // Named Parameters
 | 
| 918 | $this->Controller->request = $this->Auth->request; | 
| 919 | $this->Auth->Session->delete('Auth'); | 
| 920 | $url = '/posts/index/year:2008/month:feb'; | 
| 921 | $this->Auth->request->addParams(Router::parse($url)); | 
| 922 | $this->Auth->request->url = $this->Auth->request->here = Router::normalize($url); | 
| 923 | $this->Auth->initialize($this->Controller); | 
| 924 | $this->Auth->loginAction = array('controller' => 'AuthTest', 'action' => 'login'); | 
| 925 | $this->Auth->startup($this->Controller); | 
| 926 | $expected = Router::normalize('posts/index/year:2008/month:feb'); | 
| 927 | $this->assertEquals($expected, $this->Auth->Session->read('Auth.redirect')); | 
| 928 |  | 
| 929 |                 // Passed Arguments
 | 
| 930 | $this->Auth->Session->delete('Auth'); | 
| 931 | $url = '/posts/view/1'; | 
| 932 | $this->Auth->request->addParams(Router::parse($url)); | 
| 933 | $this->Auth->request->url = $this->Auth->request->here = Router::normalize($url); | 
| 934 | $this->Auth->initialize($this->Controller); | 
| 935 | $this->Auth->loginAction = array('controller' => 'AuthTest', 'action' => 'login'); | 
| 936 | $this->Auth->startup($this->Controller); | 
| 937 | $expected = Router::normalize('posts/view/1'); | 
| 938 | $this->assertEquals($expected, $this->Auth->Session->read('Auth.redirect')); | 
| 939 |  | 
| 940 |                 // QueryString parameters
 | 
| 941 | $_back = $_GET; | 
| 942 | $_GET = array( | 
| 943 | 'print' => 'true', | 
| 944 | 'refer' => 'menu' | 
| 945 | ); | 
| 946 | $this->Auth->Session->delete('Auth'); | 
| 947 | $url = '/posts/index/29'; | 
| 948 | $this->Auth->request->addParams(Router::parse($url)); | 
| 949 | $this->Auth->request->url = $this->Auth->request->here = Router::normalize($url); | 
| 950 | $this->Auth->request->query = $_GET; | 
| 951 |  | 
| 952 | $this->Auth->initialize($this->Controller); | 
| 953 | $this->Auth->loginAction = array('controller' => 'AuthTest', 'action' => 'login'); | 
| 954 | $this->Auth->startup($this->Controller); | 
| 955 | $expected = Router::normalize('posts/index/29?print=true&refer=menu'); | 
| 956 | $this->assertEquals($expected, $this->Auth->Session->read('Auth.redirect')); | 
| 957 |  | 
| 958 |                 // Different base urls.
 | 
| 959 | $appConfig = Configure::read('App'); | 
| 960 |  | 
| 961 | $_GET = array(); | 
| 962 |  | 
| 963 | Configure::write('App', array( | 
| 964 | 'dir' => APP_DIR, | 
| 965 | 'webroot' => WEBROOT_DIR, | 
| 966 | 'base' => false, | 
| 967 | 'baseUrl' => '/cake/index.php' | 
| 968 | )); | 
| 969 |  | 
| 970 | $this->Auth->Session->delete('Auth'); | 
| 971 |  | 
| 972 | $url = '/posts/add'; | 
| 973 | $this->Auth->request = $this->Controller->request = new CakeRequest($url); | 
| 974 | $this->Auth->request->addParams(Router::parse($url)); | 
| 975 | $this->Auth->request->url = Router::normalize($url); | 
| 976 |  | 
| 977 | $this->Auth->initialize($this->Controller); | 
| 978 | $this->Auth->loginAction = array('controller' => 'users', 'action' => 'login'); | 
| 979 | $this->Auth->startup($this->Controller); | 
| 980 | $expected = Router::normalize('/posts/add'); | 
| 981 | $this->assertEquals($expected, $this->Auth->Session->read('Auth.redirect')); | 
| 982 |  | 
| 983 | $this->Auth->Session->delete('Auth'); | 
| 984 | Configure::write('App', $appConfig); | 
| 985 |  | 
| 986 | $_GET = $_back; | 
| 987 |  | 
| 988 |                 // External Authed Action
 | 
| 989 | $_SERVER['HTTP_REFERER'] = 'http://webmail.example.com/view/message'; | 
| 990 | $this->Auth->Session->delete('Auth'); | 
| 991 | $url = '/posts/edit/1'; | 
| 992 | $request = new CakeRequest($url); | 
| 993 | $request->query = array(); | 
| 994 | $this->Auth->request = $this->Controller->request = $request; | 
| 995 | $this->Auth->request->addParams(Router::parse($url)); | 
| 996 | $this->Auth->request->url = $this->Auth->request->here = Router::normalize($url); | 
| 997 | $this->Auth->initialize($this->Controller); | 
| 998 | $this->Auth->loginAction = array('controller' => 'AuthTest', 'action' => 'login'); | 
| 999 | $this->Auth->startup($this->Controller); | 
| 1000 | $expected = Router::normalize('/posts/edit/1'); | 
| 1001 | $this->assertEquals($expected, $this->Auth->Session->read('Auth.redirect')); | 
| 1002 |  | 
| 1003 |                 // External Direct Login Link
 | 
| 1004 | $_SERVER['HTTP_REFERER'] = 'http://webmail.example.com/view/message'; | 
| 1005 | $this->Auth->Session->delete('Auth'); | 
| 1006 | $url = '/AuthTest/login'; | 
| 1007 | $this->Auth->request = $this->Controller->request = new CakeRequest($url); | 
| 1008 | $this->Auth->request->addParams(Router::parse($url)); | 
| 1009 | $this->Auth->request->url = Router::normalize($url); | 
| 1010 | $this->Auth->initialize($this->Controller); | 
| 1011 | $this->Auth->loginAction = array('controller' => 'AuthTest', 'action' => 'login'); | 
| 1012 | $this->Auth->startup($this->Controller); | 
| 1013 | $expected = Router::normalize('/'); | 
| 1014 | $this->assertEquals($expected, $this->Auth->Session->read('Auth.redirect')); | 
| 1015 |  | 
| 1016 | $this->Auth->Session->delete('Auth'); | 
| 1017 | } | 
| 1018 |  | 
| 1019 | /**
 | 
| 1020 |  * testNoLoginRedirectForAuthenticatedUser method
 | 
| 1021 |  *
 | 
| 1022 |  * @return void
 | 
| 1023 |  */
 | 
| 1024 | public function testNoLoginRedirectForAuthenticatedUser() { | 
| 1025 | $this->Controller->request['controller'] = 'auth_test'; | 
| 1026 | $this->Controller->request['action'] = 'login'; | 
| 1027 | $this->Controller->here = '/auth_test/login'; | 
| 1028 | $this->Auth->request->url = 'auth_test/login'; | 
| 1029 |  | 
| 1030 | $this->Auth->Session->write('Auth.User.id', '1'); | 
| 1031 | $this->Auth->authenticate = array('Form'); | 
| 1032 | $this->getMock('BaseAuthorize', array('authorize'), array(), 'NoLoginRedirectMockAuthorize', false); | 
| 1033 | $this->Auth->authorize = array('NoLoginRedirectMockAuthorize'); | 
| 1034 | $this->Auth->loginAction = array('controller' => 'auth_test', 'action' => 'login'); | 
| 1035 |  | 
| 1036 | $return = $this->Auth->startup($this->Controller); | 
| 1037 | $this->assertTrue($return); | 
| 1038 | $this->assertNull($this->Controller->testUrl); | 
| 1039 | } | 
| 1040 |  | 
| 1041 | /**
 | 
| 1042 |  * Default to loginRedirect, if set, on authError.
 | 
| 1043 |  *
 | 
| 1044 |  * @return void
 | 
| 1045 |  */
 | 
| 1046 | public function testDefaultToLoginRedirect() { | 
| 1047 | $_SERVER['HTTP_REFERER'] = false; | 
| 1048 | $_ENV['HTTP_REFERER'] = false; | 
| 1049 | putenv('HTTP_REFERER='); | 
| 1050 |  | 
| 1051 | $url = '/party/on'; | 
| 1052 | $this->Auth->request = $CakeRequest = new CakeRequest($url); | 
| 1053 | $this->Auth->request->addParams(Router::parse($url)); | 
| 1054 | $this->Auth->authorize = array('Controller'); | 
| 1055 | $this->Auth->login(array('username' => 'mariano', 'password' => 'cake')); | 
| 1056 | $this->Auth->loginRedirect = array( | 
| 1057 | 'controller' => 'something', 'action' => 'else', | 
| 1058 | ); | 
| 1059 |  | 
| 1060 | $CakeResponse = new CakeResponse(); | 
| 1061 | $Controller = $this->getMock( | 
| 1062 |                         'Controller',
 | 
| 1063 | array('on', 'redirect'), | 
| 1064 | array($CakeRequest, $CakeResponse) | 
| 1065 | ); | 
| 1066 |  | 
| 1067 | $expected = Router::url($this->Auth->loginRedirect); | 
| 1068 | $Controller->expects($this->once()) | 
| 1069 |                         ->method('redirect')
 | 
| 1070 | ->with($this->equalTo($expected)); | 
| 1071 | $this->Auth->startup($Controller); | 
| 1072 | } | 
| 1073 |  | 
| 1074 | /**
 | 
| 1075 |  * testRedirectToUnauthorizedRedirect
 | 
| 1076 |  *
 | 
| 1077 |  * @return void
 | 
| 1078 |  */
 | 
| 1079 | public function testRedirectToUnauthorizedRedirect() { | 
| 1080 | $url = '/party/on'; | 
| 1081 | $this->Auth->request = $CakeRequest = new CakeRequest($url); | 
| 1082 | $this->Auth->request->addParams(Router::parse($url)); | 
| 1083 | $this->Auth->authorize = array('Controller'); | 
| 1084 | $this->Auth->login(array('username' => 'admad', 'password' => 'cake')); | 
| 1085 | $this->Auth->unauthorizedRedirect = array( | 
| 1086 | 'controller' => 'no_can_do', 'action' => 'jack' | 
| 1087 | ); | 
| 1088 |  | 
| 1089 | $CakeResponse = new CakeResponse(); | 
| 1090 | $Controller = $this->getMock( | 
| 1091 |                         'Controller',
 | 
| 1092 | array('on', 'redirect'), | 
| 1093 | array($CakeRequest, $CakeResponse) | 
| 1094 | ); | 
| 1095 | $this->Auth->Flash = $this->getMock( | 
| 1096 |                         'FlashComponent',
 | 
| 1097 | array('set'), | 
| 1098 | array($Controller->Components) | 
| 1099 | ); | 
| 1100 |  | 
| 1101 | $expected = array( | 
| 1102 | 'controller' => 'no_can_do', 'action' => 'jack' | 
| 1103 | ); | 
| 1104 | $Controller->expects($this->once()) | 
| 1105 |                         ->method('redirect')
 | 
| 1106 | ->with($this->equalTo($expected)); | 
| 1107 | $this->Auth->Flash->expects($this->once()) | 
| 1108 |                         ->method('set');
 | 
| 1109 | $this->Auth->startup($Controller); | 
| 1110 | } | 
| 1111 |  | 
| 1112 | /**
 | 
| 1113 |  * testRedirectToUnauthorizedRedirectSuppressedAuthError
 | 
| 1114 |  *
 | 
| 1115 |  * @return void
 | 
| 1116 |  */
 | 
| 1117 | public function testRedirectToUnauthorizedRedirectSuppressedAuthError() { | 
| 1118 | $url = '/party/on'; | 
| 1119 | $this->Auth->request = $CakeRequest = new CakeRequest($url); | 
| 1120 | $this->Auth->request->addParams(Router::parse($url)); | 
| 1121 | $this->Auth->authorize = array('Controller'); | 
| 1122 | $this->Auth->login(array('username' => 'admad', 'password' => 'cake')); | 
| 1123 | $this->Auth->unauthorizedRedirect = array( | 
| 1124 | 'controller' => 'no_can_do', 'action' => 'jack' | 
| 1125 | ); | 
| 1126 | $this->Auth->authError = false; | 
| 1127 |  | 
| 1128 | $CakeResponse = new CakeResponse(); | 
| 1129 | $Controller = $this->getMock( | 
| 1130 |                         'Controller',
 | 
| 1131 | array('on', 'redirect'), | 
| 1132 | array($CakeRequest, $CakeResponse) | 
| 1133 | ); | 
| 1134 | $this->Auth->Flash = $this->getMock( | 
| 1135 |                         'FlashComponent',
 | 
| 1136 | array('set'), | 
| 1137 | array($Controller->Components) | 
| 1138 | ); | 
| 1139 |  | 
| 1140 | $expected = array( | 
| 1141 | 'controller' => 'no_can_do', 'action' => 'jack' | 
| 1142 | ); | 
| 1143 | $Controller->expects($this->once()) | 
| 1144 |                         ->method('redirect')
 | 
| 1145 | ->with($this->equalTo($expected)); | 
| 1146 | $this->Auth->Flash->expects($this->never()) | 
| 1147 |                         ->method('set');
 | 
| 1148 | $this->Auth->startup($Controller); | 
| 1149 | } | 
| 1150 |  | 
| 1151 | /**
 | 
| 1152 |  * Throw ForbiddenException if AuthComponent::$unauthorizedRedirect set to false
 | 
| 1153 |  * @expectedException ForbiddenException
 | 
| 1154 |  * @return void
 | 
| 1155 |  */
 | 
| 1156 | public function testForbiddenException() { | 
| 1157 | $url = '/party/on'; | 
| 1158 | $this->Auth->request = $CakeRequest = new CakeRequest($url); | 
| 1159 | $this->Auth->request->addParams(Router::parse($url)); | 
| 1160 | $this->Auth->authorize = array('Controller'); | 
| 1161 | $this->Auth->authorize = array('Controller'); | 
| 1162 | $this->Auth->unauthorizedRedirect = false; | 
| 1163 | $this->Auth->login(array('username' => 'baker', 'password' => 'cake')); | 
| 1164 |  | 
| 1165 | $CakeResponse = new CakeResponse(); | 
| 1166 | $Controller = $this->getMock( | 
| 1167 |                         'Controller',
 | 
| 1168 | array('on', 'redirect'), | 
| 1169 | array($CakeRequest, $CakeResponse) | 
| 1170 | ); | 
| 1171 |  | 
| 1172 | $this->Auth->startup($Controller); | 
| 1173 | } | 
| 1174 |  | 
| 1175 | /**
 | 
| 1176 |  * Test that no redirects or authorization tests occur on the loginAction
 | 
| 1177 |  *
 | 
| 1178 |  * @return void
 | 
| 1179 |  */
 | 
| 1180 | public function testNoRedirectOnLoginAction() { | 
| 1181 | $controller = $this->getMock('Controller'); | 
| 1182 | $controller->methods = array('login'); | 
| 1183 |  | 
| 1184 | $url = '/AuthTest/login'; | 
| 1185 | $this->Auth->request = $controller->request = new CakeRequest($url); | 
| 1186 | $this->Auth->request->addParams(Router::parse($url)); | 
| 1187 | $this->Auth->loginAction = array('controller' => 'AuthTest', 'action' => 'login'); | 
| 1188 | $this->Auth->authorize = array('Controller'); | 
| 1189 |  | 
| 1190 | $controller->expects($this->never()) | 
| 1191 |                         ->method('redirect');
 | 
| 1192 |  | 
| 1193 | $this->Auth->startup($controller); | 
| 1194 | } | 
| 1195 |  | 
| 1196 | /**
 | 
| 1197 |  * Ensure that no redirect is performed when a 404 is reached
 | 
| 1198 |  * And the user doesn't have a session.
 | 
| 1199 |  *
 | 
| 1200 |  * @return void
 | 
| 1201 |  */
 | 
| 1202 | public function testNoRedirectOn404() { | 
| 1203 | $this->Auth->Session->delete('Auth'); | 
| 1204 | $this->Auth->initialize($this->Controller); | 
| 1205 | $this->Auth->request->addParams(Router::parse('auth_test/something_totally_wrong')); | 
| 1206 | $result = $this->Auth->startup($this->Controller); | 
| 1207 | $this->assertTrue($result, 'Auth redirected a missing action %s'); | 
| 1208 | } | 
| 1209 |  | 
| 1210 | /**
 | 
| 1211 |  * testAdminRoute method
 | 
| 1212 |  *
 | 
| 1213 |  * @return void
 | 
| 1214 |  */
 | 
| 1215 | public function testAdminRoute() { | 
| 1216 | $pref = Configure::read('Routing.prefixes'); | 
| 1217 | Configure::write('Routing.prefixes', array('admin')); | 
| 1218 |                 Router::reload();
 | 
| 1219 | require CAKE . 'Config' . DS . 'routes.php'; | 
| 1220 |  | 
| 1221 | $url = '/admin/auth_test/add'; | 
| 1222 | $this->Auth->request->addParams(Router::parse($url)); | 
| 1223 | $this->Auth->request->query['url'] = ltrim($url, '/'); | 
| 1224 | $this->Auth->request->base = ''; | 
| 1225 |  | 
| 1226 | Router::setRequestInfo($this->Auth->request); | 
| 1227 | $this->Auth->initialize($this->Controller); | 
| 1228 |  | 
| 1229 | $this->Auth->loginAction = array( | 
| 1230 | 'admin' => true, 'controller' => 'auth_test', 'action' => 'login' | 
| 1231 | ); | 
| 1232 |  | 
| 1233 | $this->Auth->startup($this->Controller); | 
| 1234 | $this->assertEquals('/admin/auth_test/login', $this->Controller->testUrl); | 
| 1235 |  | 
| 1236 | Configure::write('Routing.prefixes', $pref); | 
| 1237 | } | 
| 1238 |  | 
| 1239 | /**
 | 
| 1240 |  * testAjaxLogin method
 | 
| 1241 |  *
 | 
| 1242 |  * @return void
 | 
| 1243 |  */
 | 
| 1244 | public function testAjaxLogin() { | 
| 1245 | App::build(array( | 
| 1246 | 'View' => array(CAKE . 'Test' . DS . 'test_app' . DS . 'View' . DS) | 
| 1247 | )); | 
| 1248 | $_SERVER['HTTP_X_REQUESTED_WITH'] = 'XMLHttpRequest'; | 
| 1249 |  | 
| 1250 | App::uses('Dispatcher', 'Routing'); | 
| 1251 |  | 
| 1252 | $Response = new CakeResponse(); | 
| 1253 | ob_start(); | 
| 1254 | $Dispatcher = new Dispatcher(); | 
| 1255 | $Dispatcher->dispatch(new CakeRequest('/ajax_auth/add'), $Response, array('return' => 1)); | 
| 1256 |                 $result = ob_get_clean();
 | 
| 1257 |  | 
| 1258 | $this->assertEquals(403, $Response->statusCode()); | 
| 1259 | $this->assertEquals("Ajax!\nthis is the test element", str_replace("\r\n", "\n", $result)); | 
| 1260 | unset($_SERVER['HTTP_X_REQUESTED_WITH']); | 
| 1261 | } | 
| 1262 |  | 
| 1263 | /**
 | 
| 1264 |  * testAjaxLoginResponseCode
 | 
| 1265 |  *
 | 
| 1266 |  * @return void
 | 
| 1267 |  */
 | 
| 1268 | public function testAjaxLoginResponseCode() { | 
| 1269 | App::build(array( | 
| 1270 | 'View' => array(CAKE . 'Test' . DS . 'test_app' . DS . 'View' . DS) | 
| 1271 | )); | 
| 1272 | $_SERVER['HTTP_X_REQUESTED_WITH'] = 'XMLHttpRequest'; | 
| 1273 |  | 
| 1274 | $url = '/ajax_auth/add'; | 
| 1275 | $this->Auth->request->addParams(Router::parse($url)); | 
| 1276 | $this->Auth->request->query['url'] = ltrim($url, '/'); | 
| 1277 | $this->Auth->request->base = ''; | 
| 1278 | $this->Auth->ajaxLogin = 'test_element'; | 
| 1279 |  | 
| 1280 | Router::setRequestInfo($this->Auth->request); | 
| 1281 |  | 
| 1282 | $this->Controller->response = $this->getMock('CakeResponse', array('_sendHeader')); | 
| 1283 | $this->Controller->response->expects($this->at(0)) | 
| 1284 |                         ->method('_sendHeader')
 | 
| 1285 | ->with('HTTP/1.1 403 Forbidden', null); | 
| 1286 | $this->Auth->initialize($this->Controller); | 
| 1287 |  | 
| 1288 | ob_start(); | 
| 1289 | $result = $this->Auth->startup($this->Controller); | 
| 1290 | ob_end_clean(); | 
| 1291 |  | 
| 1292 | $this->assertFalse($result); | 
| 1293 | $this->assertEquals('this is the test element', $this->Controller->response->body()); | 
| 1294 | $this->assertArrayNotHasKey('Location', $this->Controller->response->header()); | 
| 1295 | $this->assertNull($this->Controller->testUrl, 'redirect() not called'); | 
| 1296 | unset($_SERVER['HTTP_X_REQUESTED_WITH']); | 
| 1297 | } | 
| 1298 |  | 
| 1299 | /**
 | 
| 1300 |  * test ajax login with no element
 | 
| 1301 |  *
 | 
| 1302 |  * @return void
 | 
| 1303 |  */
 | 
| 1304 | public function testAjaxLoginResponseCodeNoElement() { | 
| 1305 | $_SERVER['HTTP_X_REQUESTED_WITH'] = 'XMLHttpRequest'; | 
| 1306 |  | 
| 1307 | $url = '/ajax_auth/add'; | 
| 1308 | $this->Auth->request->addParams(Router::parse($url)); | 
| 1309 | $this->Auth->request->query['url'] = ltrim($url, '/'); | 
| 1310 | $this->Auth->request->base = ''; | 
| 1311 | $this->Auth->ajaxLogin = false; | 
| 1312 |  | 
| 1313 | Router::setRequestInfo($this->Auth->request); | 
| 1314 |  | 
| 1315 | $this->Controller->response = $this->getMock('CakeResponse', array('_sendHeader')); | 
| 1316 | $this->Controller->response->expects($this->at(0)) | 
| 1317 |                         ->method('_sendHeader')
 | 
| 1318 | ->with('HTTP/1.1 403 Forbidden', null); | 
| 1319 | $this->Auth->initialize($this->Controller); | 
| 1320 |  | 
| 1321 | $this->Auth->startup($this->Controller); | 
| 1322 |  | 
| 1323 | $this->assertArrayNotHasKey('Location', $this->Controller->response->header()); | 
| 1324 | $this->assertNull($this->Controller->testUrl, 'redirect() not called'); | 
| 1325 | unset($_SERVER['HTTP_X_REQUESTED_WITH']); | 
| 1326 | } | 
| 1327 |  | 
| 1328 | /**
 | 
| 1329 |  * testLoginActionRedirect method
 | 
| 1330 |  *
 | 
| 1331 |  * @return void
 | 
| 1332 |  */
 | 
| 1333 | public function testLoginActionRedirect() { | 
| 1334 | $admin = Configure::read('Routing.prefixes'); | 
| 1335 | Configure::write('Routing.prefixes', array('admin')); | 
| 1336 |                 Router::reload();
 | 
| 1337 | require CAKE . 'Config' . DS . 'routes.php'; | 
| 1338 |  | 
| 1339 | $url = '/admin/auth_test/login'; | 
| 1340 | $this->Auth->request->addParams(Router::parse($url)); | 
| 1341 | $this->Auth->request->url = ltrim($url, '/'); | 
| 1342 | Router::setRequestInfo(array( | 
| 1343 |                         array(
 | 
| 1344 | 'pass' => array(), 'action' => 'admin_login', 'plugin' => null, 'controller' => 'auth_test', | 
| 1345 | 'admin' => true, | 
| 1346 | ), | 
| 1347 |                         array(
 | 
| 1348 | 'base' => null, 'here' => $url, | 
| 1349 | 'webroot' => '/', 'passedArgs' => array(), | 
| 1350 | ) | 
| 1351 | )); | 
| 1352 |  | 
| 1353 | $this->Auth->initialize($this->Controller); | 
| 1354 | $this->Auth->loginAction = array('admin' => true, 'controller' => 'auth_test', 'action' => 'login'); | 
| 1355 | $this->Auth->startup($this->Controller); | 
| 1356 |  | 
| 1357 | $this->assertNull($this->Controller->testUrl); | 
| 1358 |  | 
| 1359 | Configure::write('Routing.prefixes', $admin); | 
| 1360 | } | 
| 1361 |  | 
| 1362 | /**
 | 
| 1363 |  * Stateless auth methods like Basic should populate data that can be
 | 
| 1364 |  * accessed by $this->user().
 | 
| 1365 |  *
 | 
| 1366 |  * @return void
 | 
| 1367 |  */
 | 
| 1368 | public function testStatelessAuthWorksWithUser() { | 
| 1369 | $_SERVER['PHP_AUTH_USER'] = 'mariano'; | 
| 1370 | $_SERVER['PHP_AUTH_PW'] = 'cake'; | 
| 1371 | $url = '/auth_test/add'; | 
| 1372 | $this->Auth->request->addParams(Router::parse($url)); | 
| 1373 |  | 
| 1374 | $this->Auth->authenticate = array( | 
| 1375 | 'Basic' => array('userModel' => 'AuthUser') | 
| 1376 | ); | 
| 1377 | $this->Auth->startup($this->Controller); | 
| 1378 |  | 
| 1379 | $result = $this->Auth->user(); | 
| 1380 | $this->assertEquals('mariano', $result['username']); | 
| 1381 |  | 
| 1382 | $result = $this->Auth->user('username'); | 
| 1383 | $this->assertEquals('mariano', $result); | 
| 1384 | } | 
| 1385 |  | 
| 1386 | /**
 | 
| 1387 |  * test $settings in Controller::$components
 | 
| 1388 |  *
 | 
| 1389 |  * @return void
 | 
| 1390 |  */
 | 
| 1391 | public function testComponentSettings() { | 
| 1392 | $request = new CakeRequest(null, false); | 
| 1393 | $this->Controller = new AuthTestController($request, $this->getMock('CakeResponse')); | 
| 1394 |  | 
| 1395 | $this->Controller->components = array( | 
| 1396 | 'Auth' => array( | 
| 1397 | 'loginAction' => array('controller' => 'people', 'action' => 'login'), | 
| 1398 | 'logoutRedirect' => array('controller' => 'people', 'action' => 'login'), | 
| 1399 | ), | 
| 1400 |                         'Session'
 | 
| 1401 | ); | 
| 1402 | $this->Controller->Components->init($this->Controller); | 
| 1403 | $this->Controller->Components->trigger('initialize', array(&$this->Controller)); | 
| 1404 |                 Router::reload();
 | 
| 1405 |  | 
| 1406 | $expected = array( | 
| 1407 | 'loginAction' => array('controller' => 'people', 'action' => 'login'), | 
| 1408 | 'logoutRedirect' => array('controller' => 'people', 'action' => 'login'), | 
| 1409 | ); | 
| 1410 | $this->assertEquals($expected['loginAction'], $this->Controller->Auth->loginAction); | 
| 1411 | $this->assertEquals($expected['logoutRedirect'], $this->Controller->Auth->logoutRedirect); | 
| 1412 | } | 
| 1413 |  | 
| 1414 | /**
 | 
| 1415 |  * test that logout deletes the session variables. and returns the correct URL
 | 
| 1416 |  *
 | 
| 1417 |  * @return void
 | 
| 1418 |  */
 | 
| 1419 | public function testLogout() { | 
| 1420 | $this->Auth->Session->write('Auth.User.id', '1'); | 
| 1421 | $this->Auth->Session->write('Auth.redirect', '/users/login'); | 
| 1422 | $this->Auth->logoutRedirect = '/'; | 
| 1423 | $result = $this->Auth->logout(); | 
| 1424 |  | 
| 1425 | $this->assertEquals('/', $result); | 
| 1426 | $this->assertNull($this->Auth->Session->read('Auth.AuthUser')); | 
| 1427 | $this->assertNull($this->Auth->Session->read('Auth.redirect')); | 
| 1428 | } | 
| 1429 |  | 
| 1430 | /**
 | 
| 1431 |  * Logout should trigger a logout method on authentication objects.
 | 
| 1432 |  *
 | 
| 1433 |  * @return void
 | 
| 1434 |  */
 | 
| 1435 | public function testLogoutTrigger() { | 
| 1436 | $LogoutTriggerMockAuthenticate = $this->getMock('BaseAuthenticate', array('authenticate', 'logout'), array(), '', false); | 
| 1437 |  | 
| 1438 | $this->Auth->authenticate = array('LogoutTriggerMock'); | 
| 1439 | $this->Auth->setAuthenticateObject(0, $LogoutTriggerMockAuthenticate); | 
| 1440 | $LogoutTriggerMockAuthenticate->expects($this->once()) | 
| 1441 |                         ->method('logout');
 | 
| 1442 |  | 
| 1443 | $this->Auth->logout(); | 
| 1444 | } | 
| 1445 |  | 
| 1446 | /**
 | 
| 1447 |  * Test mapActions as a getter
 | 
| 1448 |  *
 | 
| 1449 |  * @return void
 | 
| 1450 |  */
 | 
| 1451 | public function testMapActions() { | 
| 1452 | $MapActionMockAuthorize = $this->getMock( | 
| 1453 |                         'BaseAuthorize',
 | 
| 1454 | array('authorize'), | 
| 1455 |                         array(),
 | 
| 1456 |                         '',
 | 
| 1457 |                         false
 | 
| 1458 | ); | 
| 1459 | $this->Auth->authorize = array('MapActionAuthorize'); | 
| 1460 | $this->Auth->setAuthorizeObject(0, $MapActionMockAuthorize); | 
| 1461 |  | 
| 1462 | $actions = array('my_action' => 'create'); | 
| 1463 | $this->Auth->mapActions($actions); | 
| 1464 | $actions = array( | 
| 1465 | 'create' => array('my_other_action'), | 
| 1466 | 'update' => array('updater') | 
| 1467 | ); | 
| 1468 | $this->Auth->mapActions($actions); | 
| 1469 |  | 
| 1470 | $actions = $this->Auth->mapActions(); | 
| 1471 |  | 
| 1472 | $result = $actions['my_action']; | 
| 1473 | $expected = 'create'; | 
| 1474 | $this->assertEquals($expected, $result); | 
| 1475 |  | 
| 1476 | $result = $actions['my_other_action']; | 
| 1477 | $expected = 'create'; | 
| 1478 | $this->assertEquals($expected, $result); | 
| 1479 |  | 
| 1480 | $result = $actions['updater']; | 
| 1481 | $expected = 'update'; | 
| 1482 | $this->assertEquals($expected, $result); | 
| 1483 | } | 
| 1484 |  | 
| 1485 | /**
 | 
| 1486 |  * test mapActions loading and delegating to authorize objects.
 | 
| 1487 |  *
 | 
| 1488 |  * @return void
 | 
| 1489 |  */
 | 
| 1490 | public function testMapActionsDelegation() { | 
| 1491 | $MapActionMockAuthorize = $this->getMock('BaseAuthorize', array('authorize', 'mapActions'), array(), '', false); | 
| 1492 |  | 
| 1493 | $this->Auth->authorize = array('MapActionMock'); | 
| 1494 | $this->Auth->setAuthorizeObject(0, $MapActionMockAuthorize); | 
| 1495 | $MapActionMockAuthorize->expects($this->once()) | 
| 1496 |                         ->method('mapActions')
 | 
| 1497 | ->with(array('create' => array('my_action'))); | 
| 1498 |  | 
| 1499 | $this->Auth->mapActions(array('create' => array('my_action'))); | 
| 1500 | } | 
| 1501 |  | 
| 1502 | /**
 | 
| 1503 |  * test logging in with a request.
 | 
| 1504 |  *
 | 
| 1505 |  * @return void
 | 
| 1506 |  */
 | 
| 1507 | public function testLoginWithRequestData() { | 
| 1508 | $RequestLoginMockAuthenticate = $this->getMock('FormAuthenticate', array(), array(), '', false); | 
| 1509 | $request = new CakeRequest('users/login', false); | 
| 1510 | $user = array('username' => 'mark', 'role' => 'admin'); | 
| 1511 |  | 
| 1512 | $this->Auth->request = $request; | 
| 1513 | $this->Auth->authenticate = array('RequestLoginMock'); | 
| 1514 | $this->Auth->setAuthenticateObject(0, $RequestLoginMockAuthenticate); | 
| 1515 | $RequestLoginMockAuthenticate->expects($this->once()) | 
| 1516 |                         ->method('authenticate')
 | 
| 1517 |                         ->with($request)
 | 
| 1518 | ->will($this->returnValue($user)); | 
| 1519 |  | 
| 1520 | $this->assertTrue($this->Auth->login()); | 
| 1521 | $this->assertEquals($user['username'], $this->Auth->user('username')); | 
| 1522 | } | 
| 1523 |  | 
| 1524 | /**
 | 
| 1525 |  * test login() with user data
 | 
| 1526 |  *
 | 
| 1527 |  * @return void
 | 
| 1528 |  */
 | 
| 1529 | public function testLoginWithUserData() { | 
| 1530 | $this->assertFalse($this->Auth->loggedIn()); | 
| 1531 |  | 
| 1532 | $user = array( | 
| 1533 | 'username' => 'mariano', | 
| 1534 | 'password' => '5f4dcc3b5aa765d61d8327deb882cf99', | 
| 1535 | 'created' => '2007-03-17 01:16:23', | 
| 1536 | 'updated' => '2007-03-17 01:18:31' | 
| 1537 | ); | 
| 1538 | $this->assertTrue($this->Auth->login($user)); | 
| 1539 | $this->assertTrue($this->Auth->loggedIn()); | 
| 1540 | $this->assertEquals($user['username'], $this->Auth->user('username')); | 
| 1541 | } | 
| 1542 |  | 
| 1543 | /**
 | 
| 1544 |  * test flash settings.
 | 
| 1545 |  *
 | 
| 1546 |  * @return void
 | 
| 1547 |  */
 | 
| 1548 | public function testFlashSettings() { | 
| 1549 | $this->Auth->Flash = $this->getMock('FlashComponent', array(), array(), '', false); | 
| 1550 | $this->Auth->Flash->expects($this->once()) | 
| 1551 |                         ->method('set')
 | 
| 1552 | ->with('Auth failure', array('element' => 'custom', 'params' => array(1), 'key' => 'auth-key')); | 
| 1553 |  | 
| 1554 | $this->Auth->flash = array( | 
| 1555 | 'element' => 'custom', | 
| 1556 | 'params' => array(1), | 
| 1557 | 'key' => 'auth-key' | 
| 1558 | ); | 
| 1559 | $this->Auth->flash('Auth failure'); | 
| 1560 | } | 
| 1561 |  | 
| 1562 | /**
 | 
| 1563 |  * test the various states of Auth::redirect()
 | 
| 1564 |  *
 | 
| 1565 |  * @return void
 | 
| 1566 |  */
 | 
| 1567 | public function testRedirectSet() { | 
| 1568 | $value = array('controller' => 'users', 'action' => 'home'); | 
| 1569 | $result = $this->Auth->redirectUrl($value); | 
| 1570 | $this->assertEquals('/users/home', $result); | 
| 1571 | $this->assertEquals($value, $this->Auth->Session->read('Auth.redirect')); | 
| 1572 | } | 
| 1573 |  | 
| 1574 | /**
 | 
| 1575 |  * test redirect using Auth.redirect from the session.
 | 
| 1576 |  *
 | 
| 1577 |  * @return void
 | 
| 1578 |  */
 | 
| 1579 | public function testRedirectSessionRead() { | 
| 1580 | $this->Auth->loginAction = array('controller' => 'users', 'action' => 'login'); | 
| 1581 | $this->Auth->Session->write('Auth.redirect', '/users/home'); | 
| 1582 |  | 
| 1583 | $result = $this->Auth->redirectUrl(); | 
| 1584 | $this->assertEquals('/users/home', $result); | 
| 1585 | $this->assertFalse($this->Auth->Session->check('Auth.redirect')); | 
| 1586 | } | 
| 1587 |  | 
| 1588 | /**
 | 
| 1589 |  * test redirectUrl with duplicate base.
 | 
| 1590 |  *
 | 
| 1591 |  * @return void
 | 
| 1592 |  */
 | 
| 1593 | public function testRedirectSessionReadDuplicateBase() { | 
| 1594 | $this->Auth->request->webroot = '/waves/'; | 
| 1595 | $this->Auth->request->base = '/waves'; | 
| 1596 |  | 
| 1597 | Router::setRequestInfo($this->Auth->request); | 
| 1598 |  | 
| 1599 | $this->Auth->Session->write('Auth.redirect', '/waves/add'); | 
| 1600 |  | 
| 1601 | $result = $this->Auth->redirectUrl(); | 
| 1602 | $this->assertEquals('/waves/add', $result); | 
| 1603 | } | 
| 1604 |  | 
| 1605 | /**
 | 
| 1606 |  * test that redirect does not return loginAction if that is what's stored in Auth.redirect.
 | 
| 1607 |  * instead loginRedirect should be used.
 | 
| 1608 |  *
 | 
| 1609 |  * @return void
 | 
| 1610 |  */
 | 
| 1611 | public function testRedirectSessionReadEqualToLoginAction() { | 
| 1612 | $this->Auth->loginAction = array('controller' => 'users', 'action' => 'login'); | 
| 1613 | $this->Auth->loginRedirect = array('controller' => 'users', 'action' => 'home'); | 
| 1614 | $this->Auth->Session->write('Auth.redirect', array('controller' => 'users', 'action' => 'login')); | 
| 1615 |  | 
| 1616 | $result = $this->Auth->redirectUrl(); | 
| 1617 | $this->assertEquals('/users/home', $result); | 
| 1618 | $this->assertFalse($this->Auth->Session->check('Auth.redirect')); | 
| 1619 | } | 
| 1620 |  | 
| 1621 | /**
 | 
| 1622 |  * test that the returned URL doesn't contain the base URL.
 | 
| 1623 |  *
 | 
| 1624 |  * @see https://cakephp.lighthouseapp.com/projects/42648/tickets/3922-authcomponentredirecturl-prepends-appbaseurl
 | 
| 1625 |  *
 | 
| 1626 |  * @return void This test method doesn't return anything.
 | 
| 1627 |  */
 | 
| 1628 | public function testRedirectUrlWithBaseSet() { | 
| 1629 | $App = Configure::read('App'); | 
| 1630 |  | 
| 1631 | Configure::write('App', array( | 
| 1632 | 'dir' => APP_DIR, | 
| 1633 | 'webroot' => WEBROOT_DIR, | 
| 1634 | 'base' => false, | 
| 1635 | 'baseUrl' => '/cake/index.php' | 
| 1636 | )); | 
| 1637 |  | 
| 1638 | $url = '/users/login'; | 
| 1639 | $this->Auth->request = $this->Controller->request = new CakeRequest($url); | 
| 1640 | $this->Auth->request->addParams(Router::parse($url)); | 
| 1641 | $this->Auth->request->url = Router::normalize($url); | 
| 1642 |  | 
| 1643 | Router::setRequestInfo($this->Auth->request); | 
| 1644 |  | 
| 1645 | $this->Auth->loginAction = array('controller' => 'users', 'action' => 'login'); | 
| 1646 | $this->Auth->loginRedirect = array('controller' => 'users', 'action' => 'home'); | 
| 1647 |  | 
| 1648 | $result = $this->Auth->redirectUrl(); | 
| 1649 | $this->assertEquals('/users/home', $result); | 
| 1650 | $this->assertFalse($this->Auth->Session->check('Auth.redirect')); | 
| 1651 |  | 
| 1652 | Configure::write('App', $App); | 
| 1653 |                 Router::reload();
 | 
| 1654 | } | 
| 1655 |  | 
| 1656 | /**
 | 
| 1657 |  * test password hashing
 | 
| 1658 |  *
 | 
| 1659 |  * @return void
 | 
| 1660 |  */
 | 
| 1661 | public function testPassword() { | 
| 1662 | $result = $this->Auth->password('password'); | 
| 1663 | $expected = Security::hash('password', null, true); | 
| 1664 | $this->assertEquals($expected, $result); | 
| 1665 | } | 
| 1666 |  | 
| 1667 | /**
 | 
| 1668 |  * testUser method
 | 
| 1669 |  *
 | 
| 1670 |  * @return void
 | 
| 1671 |  */
 | 
| 1672 | public function testUser() { | 
| 1673 | $data = array( | 
| 1674 | 'User' => array( | 
| 1675 | 'id' => '2', | 
| 1676 | 'username' => 'mark', | 
| 1677 | 'group_id' => 1, | 
| 1678 | 'Group' => array( | 
| 1679 | 'id' => '1', | 
| 1680 | 'name' => 'Members' | 
| 1681 | ), | 
| 1682 | 'is_admin' => false, | 
| 1683 | )); | 
| 1684 | $this->Auth->Session->write('Auth', $data); | 
| 1685 |  | 
| 1686 | $result = $this->Auth->user(); | 
| 1687 | $this->assertEquals($data['User'], $result); | 
| 1688 |  | 
| 1689 | $result = $this->Auth->user('username'); | 
| 1690 | $this->assertEquals($data['User']['username'], $result); | 
| 1691 |  | 
| 1692 | $result = $this->Auth->user('Group.name'); | 
| 1693 | $this->assertEquals($data['User']['Group']['name'], $result); | 
| 1694 |  | 
| 1695 | $result = $this->Auth->user('invalid'); | 
| 1696 | $this->assertEquals(null, $result); | 
| 1697 |  | 
| 1698 | $result = $this->Auth->user('Company.invalid'); | 
| 1699 | $this->assertEquals(null, $result); | 
| 1700 |  | 
| 1701 | $result = $this->Auth->user('is_admin'); | 
| 1702 | $this->assertFalse($result); | 
| 1703 | } | 
| 1704 |  | 
| 1705 | /**
 | 
| 1706 |  * testStatelessAuthNoRedirect method
 | 
| 1707 |  *
 | 
| 1708 |  * @expectedException UnauthorizedException
 | 
| 1709 |  * @expectedExceptionCode 401
 | 
| 1710 |  * @return void
 | 
| 1711 |  */
 | 
| 1712 | public function testStatelessAuthNoRedirect() { | 
| 1713 | if (CakeSession::id()) { | 
| 1714 | session_destroy(); | 
| 1715 | CakeSession::$id = null; | 
| 1716 | } | 
| 1717 | $_SESSION = null; | 
| 1718 |  | 
| 1719 | AuthComponent::$sessionKey = false; | 
| 1720 | $this->Auth->authenticate = array('Basic'); | 
| 1721 | $this->Controller->request['action'] = 'admin_add'; | 
| 1722 |  | 
| 1723 | $this->Auth->startup($this->Controller); | 
| 1724 | } | 
| 1725 |  | 
| 1726 | /**
 | 
| 1727 |  * testStatelessAuthNoSessionStart method
 | 
| 1728 |  *
 | 
| 1729 |  * @return void
 | 
| 1730 |  */
 | 
| 1731 | public function testStatelessAuthNoSessionStart() { | 
| 1732 | if (CakeSession::id()) { | 
| 1733 | session_destroy(); | 
| 1734 | CakeSession::$id = null; | 
| 1735 | } | 
| 1736 | $_SESSION = null; | 
| 1737 |  | 
| 1738 | $_SERVER['PHP_AUTH_USER'] = 'mariano'; | 
| 1739 | $_SERVER['PHP_AUTH_PW'] = 'cake'; | 
| 1740 |  | 
| 1741 | AuthComponent::$sessionKey = false; | 
| 1742 | $this->Auth->authenticate = array( | 
| 1743 | 'Basic' => array('userModel' => 'AuthUser') | 
| 1744 | ); | 
| 1745 | $this->Controller->request['action'] = 'admin_add'; | 
| 1746 |  | 
| 1747 | $result = $this->Auth->startup($this->Controller); | 
| 1748 | $this->assertTrue($result); | 
| 1749 |  | 
| 1750 | $this->assertNull(CakeSession::id()); | 
| 1751 | } | 
| 1752 |  | 
| 1753 | /**
 | 
| 1754 |  * testStatelessAuthRedirect method
 | 
| 1755 |  *
 | 
| 1756 |  * @return void
 | 
| 1757 |  */
 | 
| 1758 | public function testStatelessFollowedByStatefulAuth() { | 
| 1759 | $this->Auth->authenticate = array('Basic', 'Form'); | 
| 1760 | $this->Controller->request['action'] = 'admin_add'; | 
| 1761 |  | 
| 1762 | $this->Auth->response->expects($this->never())->method('statusCode'); | 
| 1763 | $this->Auth->response->expects($this->never())->method('send'); | 
| 1764 |  | 
| 1765 | $result = $this->Auth->startup($this->Controller); | 
| 1766 | $this->assertFalse($result); | 
| 1767 |  | 
| 1768 | $this->assertEquals('/users/login', $this->Controller->testUrl); | 
| 1769 | } | 
| 1770 | } |