pictcode / lib / Cake / Test / Case / Controller / Component / AuthComponentTest.php @ 635eef61
履歴 | 表示 | アノテート | ダウンロード (49.379 KB)
1 | 635eef61 | spyder1211 | <?php
|
---|---|---|---|
2 | /**
|
||
3 | * AuthComponentTest file
|
||
4 | *
|
||
5 | * CakePHP(tm) Tests <http://book.cakephp.org/2.0/en/development/testing.html>
|
||
6 | * Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
|
||
7 | *
|
||
8 | * Licensed under The MIT License
|
||
9 | * For full copyright and license information, please see the LICENSE.txt
|
||
10 | * Redistributions of files must retain the above copyright notice
|
||
11 | *
|
||
12 | * @copyright Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
|
||
13 | * @link http://book.cakephp.org/2.0/en/development/testing.html CakePHP(tm) Tests
|
||
14 | * @package Cake.Test.Case.Controller.Component
|
||
15 | * @since CakePHP(tm) v 1.2.0.5347
|
||
16 | * @license http://www.opensource.org/licenses/mit-license.php MIT License
|
||
17 | */
|
||
18 | |||
19 | App::uses('Controller', 'Controller'); |
||
20 | App::uses('AuthComponent', 'Controller/Component'); |
||
21 | App::uses('AclComponent', 'Controller/Component'); |
||
22 | App::uses('BaseAuthenticate', 'Controller/Component/Auth'); |
||
23 | App::uses('FormAuthenticate', 'Controller/Component/Auth'); |
||
24 | App::uses('CakeEvent', 'Event'); |
||
25 | |||
26 | /**
|
||
27 | * TestFormAuthenticate class
|
||
28 | *
|
||
29 | * @package Cake.Test.Case.Controller.Component
|
||
30 | */
|
||
31 | class TestBaseAuthenticate extends BaseAuthenticate { |
||
32 | |||
33 | /**
|
||
34 | * Implemented events
|
||
35 | *
|
||
36 | * @return array of events => callbacks.
|
||
37 | */
|
||
38 | public function implementedEvents() { |
||
39 | return array( |
||
40 | 'Auth.afterIdentify' => 'afterIdentify' |
||
41 | ); |
||
42 | } |
||
43 | |||
44 | public $afterIdentifyCallable = null; |
||
45 | |||
46 | /**
|
||
47 | * Test function to be used in event dispatching
|
||
48 | *
|
||
49 | * @return void
|
||
50 | */
|
||
51 | public function afterIdentify($event) { |
||
52 | call_user_func($this->afterIdentifyCallable, $event); |
||
53 | } |
||
54 | |||
55 | /**
|
||
56 | * Authenticate a user based on the request information.
|
||
57 | *
|
||
58 | * @param CakeRequest $request Request to get authentication information from.
|
||
59 | * @param CakeResponse $response A response object that can have headers added.
|
||
60 | * @return mixed Either false on failure, or an array of user data on success.
|
||
61 | */
|
||
62 | public function authenticate(CakeRequest $request, CakeResponse $response) { |
||
63 | return array( |
||
64 | 'id' => 1, |
||
65 | 'username' => 'mark' |
||
66 | ); |
||
67 | } |
||
68 | |||
69 | } |
||
70 | |||
71 | /**
|
||
72 | * TestAuthComponent class
|
||
73 | *
|
||
74 | * @package Cake.Test.Case.Controller.Component
|
||
75 | */
|
||
76 | class TestAuthComponent extends AuthComponent { |
||
77 | |||
78 | /**
|
||
79 | * testStop property
|
||
80 | *
|
||
81 | * @var bool
|
||
82 | */
|
||
83 | public $testStop = false; |
||
84 | |||
85 | /**
|
||
86 | * Helper method to add/set an authenticate object instance
|
||
87 | *
|
||
88 | * @param int $index The index at which to add/set the object
|
||
89 | * @param object $object The object to add/set
|
||
90 | * @return void
|
||
91 | */
|
||
92 | public function setAuthenticateObject($index, $object) { |
||
93 | $this->_authenticateObjects[$index] = $object; |
||
94 | } |
||
95 | |||
96 | /**
|
||
97 | * Helper method to get an authenticate object instance
|
||
98 | *
|
||
99 | * @param int $index The index at which to get the object
|
||
100 | * @return object $object
|
||
101 | */
|
||
102 | public function getAuthenticateObject($index) { |
||
103 | $this->constructAuthenticate();
|
||
104 | return isset($this->_authenticateObjects[$index]) ? $this->_authenticateObjects[$index] : null; |
||
105 | } |
||
106 | |||
107 | /**
|
||
108 | * Helper method to add/set an authorize object instance
|
||
109 | *
|
||
110 | * @param int $index The index at which to add/set the object
|
||
111 | * @param Object $object The object to add/set
|
||
112 | * @return void
|
||
113 | */
|
||
114 | public function setAuthorizeObject($index, $object) { |
||
115 | $this->_authorizeObjects[$index] = $object; |
||
116 | } |
||
117 | |||
118 | /**
|
||
119 | * stop method
|
||
120 | *
|
||
121 | * @return void
|
||
122 | */
|
||
123 | protected function _stop($status = 0) { |
||
124 | $this->testStop = true; |
||
125 | } |
||
126 | |||
127 | public static function clearUser() { |
||
128 | static::$_user = array(); |
||
129 | } |
||
130 | |||
131 | } |
||
132 | |||
133 | /**
|
||
134 | * AuthUser class
|
||
135 | *
|
||
136 | * @package Cake.Test.Case.Controller.Component
|
||
137 | */
|
||
138 | class AuthUser extends CakeTestModel { |
||
139 | |||
140 | /**
|
||
141 | * useDbConfig property
|
||
142 | *
|
||
143 | * @var string
|
||
144 | */
|
||
145 | public $useDbConfig = 'test'; |
||
146 | |||
147 | } |
||
148 | |||
149 | /**
|
||
150 | * AuthTestController class
|
||
151 | *
|
||
152 | * @package Cake.Test.Case.Controller.Component
|
||
153 | */
|
||
154 | class AuthTestController extends Controller { |
||
155 | |||
156 | /**
|
||
157 | * uses property
|
||
158 | *
|
||
159 | * @var array
|
||
160 | */
|
||
161 | public $uses = array('AuthUser'); |
||
162 | |||
163 | /**
|
||
164 | * components property
|
||
165 | *
|
||
166 | * @var array
|
||
167 | */
|
||
168 | public $components = array('Session', 'Flash', 'Auth'); |
||
169 | |||
170 | /**
|
||
171 | * testUrl property
|
||
172 | *
|
||
173 | * @var mixed
|
||
174 | */
|
||
175 | public $testUrl = null; |
||
176 | |||
177 | /**
|
||
178 | * construct method
|
||
179 | */
|
||
180 | public function __construct($request, $response) { |
||
181 | $request->addParams(Router::parse('/auth_test')); |
||
182 | $request->here = '/auth_test'; |
||
183 | $request->webroot = '/'; |
||
184 | Router::setRequestInfo($request); |
||
185 | parent::__construct($request, $response); |
||
186 | } |
||
187 | |||
188 | /**
|
||
189 | * login method
|
||
190 | *
|
||
191 | * @return void
|
||
192 | */
|
||
193 | public function login() { |
||
194 | } |
||
195 | |||
196 | /**
|
||
197 | * admin_login method
|
||
198 | *
|
||
199 | * @return void
|
||
200 | */
|
||
201 | public function admin_login() { |
||
202 | } |
||
203 | |||
204 | /**
|
||
205 | * admin_add method
|
||
206 | *
|
||
207 | * @return void
|
||
208 | */
|
||
209 | public function admin_add() { |
||
210 | } |
||
211 | |||
212 | /**
|
||
213 | * logout method
|
||
214 | *
|
||
215 | * @return void
|
||
216 | */
|
||
217 | public function logout() { |
||
218 | } |
||
219 | |||
220 | /**
|
||
221 | * add method
|
||
222 | *
|
||
223 | * @return void
|
||
224 | */
|
||
225 | public function add() { |
||
226 | echo "add"; |
||
227 | } |
||
228 | |||
229 | /**
|
||
230 | * add method
|
||
231 | *
|
||
232 | * @return void
|
||
233 | */
|
||
234 | public function camelCase() { |
||
235 | echo "camelCase"; |
||
236 | } |
||
237 | |||
238 | /**
|
||
239 | * redirect method
|
||
240 | *
|
||
241 | * @param string|array $url
|
||
242 | * @param mixed $status
|
||
243 | * @param mixed $exit
|
||
244 | * @return void
|
||
245 | */
|
||
246 | public function redirect($url, $status = null, $exit = true) { |
||
247 | $this->testUrl = Router::url($url); |
||
248 | return false; |
||
249 | } |
||
250 | |||
251 | /**
|
||
252 | * isAuthorized method
|
||
253 | *
|
||
254 | * @return void
|
||
255 | */
|
||
256 | public function isAuthorized() { |
||
257 | } |
||
258 | |||
259 | } |
||
260 | |||
261 | /**
|
||
262 | * AjaxAuthController class
|
||
263 | *
|
||
264 | * @package Cake.Test.Case.Controller.Component
|
||
265 | */
|
||
266 | class AjaxAuthController extends Controller { |
||
267 | |||
268 | /**
|
||
269 | * components property
|
||
270 | *
|
||
271 | * @var array
|
||
272 | */
|
||
273 | public $components = array('Session', 'TestAuth'); |
||
274 | |||
275 | /**
|
||
276 | * uses property
|
||
277 | *
|
||
278 | * @var array
|
||
279 | */
|
||
280 | public $uses = array(); |
||
281 | |||
282 | /**
|
||
283 | * testUrl property
|
||
284 | *
|
||
285 | * @var mixed
|
||
286 | */
|
||
287 | public $testUrl = null; |
||
288 | |||
289 | /**
|
||
290 | * beforeFilter method
|
||
291 | *
|
||
292 | * @return void
|
||
293 | */
|
||
294 | public function beforeFilter() { |
||
295 | $this->TestAuth->ajaxLogin = 'test_element'; |
||
296 | $this->TestAuth->userModel = 'AuthUser'; |
||
297 | $this->TestAuth->RequestHandler->ajaxLayout = 'ajax2'; |
||
298 | } |
||
299 | |||
300 | /**
|
||
301 | * add method
|
||
302 | *
|
||
303 | * @return void
|
||
304 | */
|
||
305 | public function add() { |
||
306 | if ($this->TestAuth->testStop !== true) { |
||
307 | echo 'Added Record'; |
||
308 | } |
||
309 | } |
||
310 | |||
311 | /**
|
||
312 | * redirect method
|
||
313 | *
|
||
314 | * @param string|array $url
|
||
315 | * @param mixed $status
|
||
316 | * @param mixed $exit
|
||
317 | * @return void
|
||
318 | */
|
||
319 | public function redirect($url, $status = null, $exit = true) { |
||
320 | $this->testUrl = Router::url($url); |
||
321 | return false; |
||
322 | } |
||
323 | |||
324 | } |
||
325 | |||
326 | /**
|
||
327 | * Mock class used to test event dispatching
|
||
328 | *
|
||
329 | * @package Cake.Test.Case.Event
|
||
330 | */
|
||
331 | class AuthEventTestListener { |
||
332 | |||
333 | public $callStack = array(); |
||
334 | |||
335 | /**
|
||
336 | * Test function to be used in event dispatching
|
||
337 | *
|
||
338 | * @return void
|
||
339 | */
|
||
340 | public function listenerFunction() { |
||
341 | $this->callStack[] = __FUNCTION__; |
||
342 | } |
||
343 | |||
344 | } |
||
345 | |||
346 | |||
347 | /**
|
||
348 | * AuthComponentTest class
|
||
349 | *
|
||
350 | * @package Cake.Test.Case.Controller.Component
|
||
351 | */
|
||
352 | class AuthComponentTest extends CakeTestCase { |
||
353 | |||
354 | /**
|
||
355 | * name property
|
||
356 | *
|
||
357 | * @var string
|
||
358 | */
|
||
359 | public $name = 'Auth'; |
||
360 | |||
361 | /**
|
||
362 | * fixtures property
|
||
363 | *
|
||
364 | * @var array
|
||
365 | */
|
||
366 | public $fixtures = array('core.auth_user'); |
||
367 | |||
368 | /**
|
||
369 | * initialized property
|
||
370 | *
|
||
371 | * @var bool
|
||
372 | */
|
||
373 | public $initialized = false; |
||
374 | |||
375 | /**
|
||
376 | * setUp method
|
||
377 | *
|
||
378 | * @return void
|
||
379 | */
|
||
380 | public function setUp() { |
||
381 | parent::setUp();
|
||
382 | Configure::write('Security.salt', 'YJfIxfs2guVoUubWDYhG93b0qyJfIxfs2guwvniR2G0FgaC9mi'); |
||
383 | Configure::write('Security.cipherSeed', 770011223369876); |
||
384 | |||
385 | $request = new CakeRequest(null, false); |
||
386 | |||
387 | $this->Controller = new AuthTestController($request, $this->getMock('CakeResponse')); |
||
388 | |||
389 | $collection = new ComponentCollection(); |
||
390 | $collection->init($this->Controller); |
||
391 | $this->Auth = new TestAuthComponent($collection); |
||
392 | $this->Auth->request = $request; |
||
393 | $this->Auth->response = $this->getMock('CakeResponse'); |
||
394 | AuthComponent::$sessionKey = 'Auth.User'; |
||
395 | |||
396 | $this->Controller->Components->init($this->Controller); |
||
397 | |||
398 | $this->initialized = true; |
||
399 | Router::reload();
|
||
400 | Router::connect('/:controller/:action/*'); |
||
401 | |||
402 | $User = ClassRegistry::init('AuthUser'); |
||
403 | $User->updateAll(array('password' => $User->getDataSource()->value(Security::hash('cake', null, true)))); |
||
404 | } |
||
405 | |||
406 | /**
|
||
407 | * tearDown method
|
||
408 | *
|
||
409 | * @return void
|
||
410 | */
|
||
411 | public function tearDown() { |
||
412 | parent::tearDown();
|
||
413 | |||
414 | TestAuthComponent::clearUser();
|
||
415 | $this->Auth->Session->delete('Auth'); |
||
416 | $this->Auth->Session->delete('Message.auth'); |
||
417 | unset($this->Controller, $this->Auth); |
||
418 | } |
||
419 | |||
420 | /**
|
||
421 | * testNoAuth method
|
||
422 | *
|
||
423 | * @return void
|
||
424 | */
|
||
425 | public function testNoAuth() { |
||
426 | $this->assertFalse($this->Auth->isAuthorized()); |
||
427 | } |
||
428 | |||
429 | /**
|
||
430 | * testIsErrorOrTests
|
||
431 | *
|
||
432 | * @return void
|
||
433 | */
|
||
434 | public function testIsErrorOrTests() { |
||
435 | $this->Controller->Auth->initialize($this->Controller); |
||
436 | |||
437 | $this->Controller->name = 'CakeError'; |
||
438 | $this->assertTrue($this->Controller->Auth->startup($this->Controller)); |
||
439 | |||
440 | $this->Controller->name = 'Post'; |
||
441 | $this->Controller->request['action'] = 'thisdoesnotexist'; |
||
442 | $this->assertTrue($this->Controller->Auth->startup($this->Controller)); |
||
443 | |||
444 | $this->Controller->scaffold = null; |
||
445 | $this->Controller->request['action'] = 'index'; |
||
446 | $this->assertFalse($this->Controller->Auth->startup($this->Controller)); |
||
447 | } |
||
448 | |||
449 | /**
|
||
450 | * testLogin method
|
||
451 | *
|
||
452 | * @return void
|
||
453 | */
|
||
454 | public function testLogin() { |
||
455 | $AuthLoginFormAuthenticate = $this->getMock('FormAuthenticate', array(), array(), '', false); |
||
456 | $this->Auth->authenticate = array( |
||
457 | 'AuthLoginForm' => array( |
||
458 | 'userModel' => 'AuthUser' |
||
459 | ) |
||
460 | ); |
||
461 | $this->Auth->Session = $this->getMock('SessionComponent', array('renew'), array(), '', false); |
||
462 | |||
463 | $this->Auth->setAuthenticateObject(0, $AuthLoginFormAuthenticate); |
||
464 | |||
465 | $this->Auth->request->data = array( |
||
466 | 'AuthUser' => array( |
||
467 | 'username' => 'mark', |
||
468 | 'password' => Security::hash('cake', null, true) |
||
469 | ) |
||
470 | ); |
||
471 | |||
472 | $user = array( |
||
473 | 'id' => 1, |
||
474 | 'username' => 'mark' |
||
475 | ); |
||
476 | |||
477 | $AuthLoginFormAuthenticate->expects($this->once()) |
||
478 | ->method('authenticate')
|
||
479 | ->with($this->Auth->request) |
||
480 | ->will($this->returnValue($user)); |
||
481 | |||
482 | $this->Auth->Session->expects($this->once()) |
||
483 | ->method('renew');
|
||
484 | |||
485 | $result = $this->Auth->login(); |
||
486 | $this->assertTrue($result); |
||
487 | |||
488 | $this->assertTrue($this->Auth->loggedIn()); |
||
489 | $this->assertEquals($user, $this->Auth->user()); |
||
490 | } |
||
491 | |||
492 | /**
|
||
493 | * testLogin afterIdentify event method
|
||
494 | *
|
||
495 | * @return void
|
||
496 | */
|
||
497 | public function testLoginAfterIdentify() { |
||
498 | $this->Auth->authenticate = array( |
||
499 | 'TestBase',
|
||
500 | ); |
||
501 | |||
502 | $user = array( |
||
503 | 'id' => 1, |
||
504 | 'username' => 'mark' |
||
505 | ); |
||
506 | |||
507 | $auth = $this->Auth->getAuthenticateObject(0); |
||
508 | $listener = $this->getMock('AuthEventTestListener'); |
||
509 | $auth->afterIdentifyCallable = array($listener, 'listenerFunction'); |
||
510 | $event = new CakeEvent('Auth.afterIdentify', $this->Auth, array('user' => $user)); |
||
511 | $listener->expects($this->once())->method('listenerFunction')->with($event); |
||
512 | |||
513 | $result = $this->Auth->login(); |
||
514 | $this->assertTrue($result); |
||
515 | $this->assertTrue($this->Auth->loggedIn()); |
||
516 | $this->assertEquals($user, $this->Auth->user()); |
||
517 | } |
||
518 | |||
519 | /**
|
||
520 | * testRedirectVarClearing method
|
||
521 | *
|
||
522 | * @return void
|
||
523 | */
|
||
524 | public function testRedirectVarClearing() { |
||
525 | $this->Controller->request['controller'] = 'auth_test'; |
||
526 | $this->Controller->request['action'] = 'admin_add'; |
||
527 | $this->Controller->here = '/auth_test/admin_add'; |
||
528 | $this->assertNull($this->Auth->Session->read('Auth.redirect')); |
||
529 | |||
530 | $this->Auth->authenticate = array('Form'); |
||
531 | $this->Auth->startup($this->Controller); |
||
532 | $this->assertEquals('/auth_test/admin_add', $this->Auth->Session->read('Auth.redirect')); |
||
533 | |||
534 | $this->Auth->Session->write('Auth.User', array('username' => 'admad')); |
||
535 | $this->Auth->startup($this->Controller); |
||
536 | $this->assertNull($this->Auth->Session->read('Auth.redirect')); |
||
537 | } |
||
538 | |||
539 | /**
|
||
540 | * testAuthorizeFalse method
|
||
541 | *
|
||
542 | * @return void
|
||
543 | */
|
||
544 | public function testAuthorizeFalse() { |
||
545 | $this->AuthUser = new AuthUser(); |
||
546 | $user = $this->AuthUser->find(); |
||
547 | $this->Auth->Session->write('Auth.User', $user['AuthUser']); |
||
548 | $this->Controller->Auth->userModel = 'AuthUser'; |
||
549 | $this->Controller->Auth->authorize = false; |
||
550 | $this->Controller->request->addParams(Router::parse('auth_test/add')); |
||
551 | $this->Controller->Auth->initialize($this->Controller); |
||
552 | $result = $this->Controller->Auth->startup($this->Controller); |
||
553 | $this->assertTrue($result); |
||
554 | |||
555 | $this->Auth->Session->delete('Auth'); |
||
556 | $result = $this->Controller->Auth->startup($this->Controller); |
||
557 | $this->assertFalse($result); |
||
558 | $this->assertTrue($this->Auth->Session->check('Message.auth')); |
||
559 | |||
560 | $this->Controller->request->addParams(Router::parse('auth_test/camelCase')); |
||
561 | $result = $this->Controller->Auth->startup($this->Controller); |
||
562 | $this->assertFalse($result); |
||
563 | } |
||
564 | |||
565 | /**
|
||
566 | * @expectedException CakeException
|
||
567 | * @return void
|
||
568 | */
|
||
569 | public function testIsAuthorizedMissingFile() { |
||
570 | $this->Controller->Auth->authorize = 'Missing'; |
||
571 | $this->Controller->Auth->isAuthorized(array('User' => array('id' => 1))); |
||
572 | } |
||
573 | |||
574 | /**
|
||
575 | * test that isAuthorized calls methods correctly
|
||
576 | *
|
||
577 | * @return void
|
||
578 | */
|
||
579 | public function testIsAuthorizedDelegation() { |
||
580 | $AuthMockOneAuthorize = $this->getMock('BaseAuthorize', array('authorize'), array(), '', false); |
||
581 | $AuthMockTwoAuthorize = $this->getMock('BaseAuthorize', array('authorize'), array(), '', false); |
||
582 | $AuthMockThreeAuthorize = $this->getMock('BaseAuthorize', array('authorize'), array(), '', false); |
||
583 | |||
584 | $this->Auth->setAuthorizeObject(0, $AuthMockOneAuthorize); |
||
585 | $this->Auth->setAuthorizeObject(1, $AuthMockTwoAuthorize); |
||
586 | $this->Auth->setAuthorizeObject(2, $AuthMockThreeAuthorize); |
||
587 | $request = $this->Auth->request; |
||
588 | |||
589 | $AuthMockOneAuthorize->expects($this->once()) |
||
590 | ->method('authorize')
|
||
591 | ->with(array('User'), $request) |
||
592 | ->will($this->returnValue(false)); |
||
593 | |||
594 | $AuthMockTwoAuthorize->expects($this->once()) |
||
595 | ->method('authorize')
|
||
596 | ->with(array('User'), $request) |
||
597 | ->will($this->returnValue(true)); |
||
598 | |||
599 | $AuthMockThreeAuthorize->expects($this->never()) |
||
600 | ->method('authorize');
|
||
601 | |||
602 | $this->assertTrue($this->Auth->isAuthorized(array('User'), $request)); |
||
603 | } |
||
604 | |||
605 | /**
|
||
606 | * test that isAuthorized will use the session user if none is given.
|
||
607 | *
|
||
608 | * @return void
|
||
609 | */
|
||
610 | public function testIsAuthorizedUsingUserInSession() { |
||
611 | $AuthMockFourAuthorize = $this->getMock('BaseAuthorize', array('authorize'), array(), '', false); |
||
612 | $this->Auth->authorize = array('AuthMockFour'); |
||
613 | $this->Auth->setAuthorizeObject(0, $AuthMockFourAuthorize); |
||
614 | |||
615 | $user = array('user' => 'mark'); |
||
616 | $this->Auth->Session->write('Auth.User', $user); |
||
617 | $request = $this->Controller->request; |
||
618 | |||
619 | $AuthMockFourAuthorize->expects($this->once()) |
||
620 | ->method('authorize')
|
||
621 | ->with($user, $request) |
||
622 | ->will($this->returnValue(true)); |
||
623 | |||
624 | $this->assertTrue($this->Auth->isAuthorized(null, $request)); |
||
625 | } |
||
626 | |||
627 | /**
|
||
628 | * test that loadAuthorize resets the loaded objects each time.
|
||
629 | *
|
||
630 | * @return void
|
||
631 | */
|
||
632 | public function testLoadAuthorizeResets() { |
||
633 | $this->Controller->Auth->authorize = array( |
||
634 | 'Controller'
|
||
635 | ); |
||
636 | $result = $this->Controller->Auth->constructAuthorize(); |
||
637 | $this->assertEquals(1, count($result)); |
||
638 | |||
639 | $result = $this->Controller->Auth->constructAuthorize(); |
||
640 | $this->assertEquals(1, count($result)); |
||
641 | } |
||
642 | |||
643 | /**
|
||
644 | * @expectedException CakeException
|
||
645 | * @return void
|
||
646 | */
|
||
647 | public function testLoadAuthenticateNoFile() { |
||
648 | $this->Controller->Auth->authenticate = 'Missing'; |
||
649 | $this->Controller->Auth->identify($this->Controller->request, $this->Controller->response); |
||
650 | } |
||
651 | |||
652 | /**
|
||
653 | * test the * key with authenticate
|
||
654 | *
|
||
655 | * @return void
|
||
656 | */
|
||
657 | public function testAllConfigWithAuthorize() { |
||
658 | $this->Controller->Auth->authorize = array( |
||
659 | AuthComponent::ALL => array('actionPath' => 'controllers/'), |
||
660 | 'Actions'
|
||
661 | ); |
||
662 | $objects = $this->Controller->Auth->constructAuthorize(); |
||
663 | $result = $objects[0]; |
||
664 | $this->assertEquals('controllers/', $result->settings['actionPath']); |
||
665 | } |
||
666 | |||
667 | /**
|
||
668 | * test that loadAuthorize resets the loaded objects each time.
|
||
669 | *
|
||
670 | * @return void
|
||
671 | */
|
||
672 | public function testLoadAuthenticateResets() { |
||
673 | $this->Controller->Auth->authenticate = array( |
||
674 | 'Form'
|
||
675 | ); |
||
676 | $result = $this->Controller->Auth->constructAuthenticate(); |
||
677 | $this->assertEquals(1, count($result)); |
||
678 | |||
679 | $result = $this->Controller->Auth->constructAuthenticate(); |
||
680 | $this->assertEquals(1, count($result)); |
||
681 | } |
||
682 | |||
683 | /**
|
||
684 | * test the * key with authenticate
|
||
685 | *
|
||
686 | * @return void
|
||
687 | */
|
||
688 | public function testAllConfigWithAuthenticate() { |
||
689 | $this->Controller->Auth->authenticate = array( |
||
690 | AuthComponent::ALL => array('userModel' => 'AuthUser'), |
||
691 | 'Form'
|
||
692 | ); |
||
693 | $objects = $this->Controller->Auth->constructAuthenticate(); |
||
694 | $result = $objects[0]; |
||
695 | $this->assertEquals('AuthUser', $result->settings['userModel']); |
||
696 | } |
||
697 | |||
698 | /**
|
||
699 | * test defining the same Authenticate object but with different password hashers
|
||
700 | *
|
||
701 | * @return void
|
||
702 | */
|
||
703 | public function testSameAuthenticateWithDifferentHashers() { |
||
704 | $this->Controller->Auth->authenticate = array( |
||
705 | 'FormSimple' => array('className' => 'Form', 'passwordHasher' => 'Simple'), |
||
706 | 'FormBlowfish' => array('className' => 'Form', 'passwordHasher' => 'Blowfish'), |
||
707 | ); |
||
708 | |||
709 | $objects = $this->Controller->Auth->constructAuthenticate(); |
||
710 | $this->assertEquals(2, count($objects)); |
||
711 | |||
712 | $this->assertInstanceOf('FormAuthenticate', $objects[0]); |
||
713 | $this->assertInstanceOf('FormAuthenticate', $objects[1]); |
||
714 | |||
715 | $this->assertInstanceOf('SimplePasswordHasher', $objects[0]->passwordHasher()); |
||
716 | $this->assertInstanceOf('BlowfishPasswordHasher', $objects[1]->passwordHasher()); |
||
717 | } |
||
718 | |||
719 | /**
|
||
720 | * Tests that deny always takes precedence over allow
|
||
721 | *
|
||
722 | * @return void
|
||
723 | */
|
||
724 | public function testAllowDenyAll() { |
||
725 | $this->Controller->Auth->initialize($this->Controller); |
||
726 | |||
727 | $this->Controller->Auth->allow(); |
||
728 | $this->Controller->Auth->deny('add', 'camelCase'); |
||
729 | |||
730 | $this->Controller->request['action'] = 'delete'; |
||
731 | $this->assertTrue($this->Controller->Auth->startup($this->Controller)); |
||
732 | |||
733 | $this->Controller->request['action'] = 'add'; |
||
734 | $this->assertFalse($this->Controller->Auth->startup($this->Controller)); |
||
735 | |||
736 | $this->Controller->request['action'] = 'camelCase'; |
||
737 | $this->assertFalse($this->Controller->Auth->startup($this->Controller)); |
||
738 | |||
739 | $this->Controller->Auth->allow(); |
||
740 | $this->Controller->Auth->deny(array('add', 'camelCase')); |
||
741 | |||
742 | $this->Controller->request['action'] = 'delete'; |
||
743 | $this->assertTrue($this->Controller->Auth->startup($this->Controller)); |
||
744 | |||
745 | $this->Controller->request['action'] = 'camelCase'; |
||
746 | $this->assertFalse($this->Controller->Auth->startup($this->Controller)); |
||
747 | |||
748 | $this->Controller->Auth->allow('*'); |
||
749 | $this->Controller->Auth->deny(); |
||
750 | |||
751 | $this->Controller->request['action'] = 'camelCase'; |
||
752 | $this->assertFalse($this->Controller->Auth->startup($this->Controller)); |
||
753 | |||
754 | $this->Controller->request['action'] = 'add'; |
||
755 | $this->assertFalse($this->Controller->Auth->startup($this->Controller)); |
||
756 | |||
757 | $this->Controller->Auth->allow('camelCase'); |
||
758 | $this->Controller->Auth->deny(); |
||
759 | |||
760 | $this->Controller->request['action'] = 'camelCase'; |
||
761 | $this->assertFalse($this->Controller->Auth->startup($this->Controller)); |
||
762 | |||
763 | $this->Controller->request['action'] = 'login'; |
||
764 | $this->assertFalse($this->Controller->Auth->startup($this->Controller)); |
||
765 | |||
766 | $this->Controller->Auth->deny(); |
||
767 | $this->Controller->Auth->allow(null); |
||
768 | |||
769 | $this->Controller->request['action'] = 'camelCase'; |
||
770 | $this->assertTrue($this->Controller->Auth->startup($this->Controller)); |
||
771 | |||
772 | $this->Controller->Auth->allow(); |
||
773 | $this->Controller->Auth->deny(null); |
||
774 | |||
775 | $this->Controller->request['action'] = 'camelCase'; |
||
776 | $this->assertFalse($this->Controller->Auth->startup($this->Controller)); |
||
777 | } |
||
778 | |||
779 | /**
|
||
780 | * test that deny() converts camel case inputs to lowercase.
|
||
781 | *
|
||
782 | * @return void
|
||
783 | */
|
||
784 | public function testDenyWithCamelCaseMethods() { |
||
785 | $this->Controller->Auth->initialize($this->Controller); |
||
786 | $this->Controller->Auth->allow(); |
||
787 | $this->Controller->Auth->deny('add', 'camelCase'); |
||
788 | |||
789 | $url = '/auth_test/camelCase'; |
||
790 | $this->Controller->request->addParams(Router::parse($url)); |
||
791 | $this->Controller->request->query['url'] = Router::normalize($url); |
||
792 | |||
793 | $this->assertFalse($this->Controller->Auth->startup($this->Controller)); |
||
794 | |||
795 | $url = '/auth_test/CamelCase'; |
||
796 | $this->Controller->request->addParams(Router::parse($url)); |
||
797 | $this->Controller->request->query['url'] = Router::normalize($url); |
||
798 | $this->assertFalse($this->Controller->Auth->startup($this->Controller)); |
||
799 | } |
||
800 | |||
801 | /**
|
||
802 | * test that allow() and allowedActions work with camelCase method names.
|
||
803 | *
|
||
804 | * @return void
|
||
805 | */
|
||
806 | public function testAllowedActionsWithCamelCaseMethods() { |
||
807 | $url = '/auth_test/camelCase'; |
||
808 | $this->Controller->request->addParams(Router::parse($url)); |
||
809 | $this->Controller->request->query['url'] = Router::normalize($url); |
||
810 | $this->Controller->Auth->initialize($this->Controller); |
||
811 | $this->Controller->Auth->loginAction = array('controller' => 'AuthTest', 'action' => 'login'); |
||
812 | $this->Controller->Auth->userModel = 'AuthUser'; |
||
813 | $this->Controller->Auth->allow(); |
||
814 | $result = $this->Controller->Auth->startup($this->Controller); |
||
815 | $this->assertTrue($result, 'startup() should return true, as action is allowed. %s'); |
||
816 | |||
817 | $url = '/auth_test/camelCase'; |
||
818 | $this->Controller->request->addParams(Router::parse($url)); |
||
819 | $this->Controller->request->query['url'] = Router::normalize($url); |
||
820 | $this->Controller->Auth->initialize($this->Controller); |
||
821 | $this->Controller->Auth->loginAction = array('controller' => 'AuthTest', 'action' => 'login'); |
||
822 | $this->Controller->Auth->userModel = 'AuthUser'; |
||
823 | $this->Controller->Auth->allowedActions = array('delete', 'camelCase', 'add'); |
||
824 | $result = $this->Controller->Auth->startup($this->Controller); |
||
825 | $this->assertTrue($result, 'startup() should return true, as action is allowed. %s'); |
||
826 | |||
827 | $this->Controller->Auth->allowedActions = array('delete', 'add'); |
||
828 | $result = $this->Controller->Auth->startup($this->Controller); |
||
829 | $this->assertFalse($result, 'startup() should return false, as action is not allowed. %s'); |
||
830 | |||
831 | $url = '/auth_test/delete'; |
||
832 | $this->Controller->request->addParams(Router::parse($url)); |
||
833 | $this->Controller->request->query['url'] = Router::normalize($url); |
||
834 | $this->Controller->Auth->initialize($this->Controller); |
||
835 | $this->Controller->Auth->loginAction = array('controller' => 'AuthTest', 'action' => 'login'); |
||
836 | $this->Controller->Auth->userModel = 'AuthUser'; |
||
837 | |||
838 | $this->Controller->Auth->allow(array('delete', 'add')); |
||
839 | $result = $this->Controller->Auth->startup($this->Controller); |
||
840 | $this->assertTrue($result, 'startup() should return true, as action is allowed. %s'); |
||
841 | } |
||
842 | |||
843 | public function testAllowedActionsSetWithAllowMethod() { |
||
844 | $url = '/auth_test/action_name'; |
||
845 | $this->Controller->request->addParams(Router::parse($url)); |
||
846 | $this->Controller->request->query['url'] = Router::normalize($url); |
||
847 | $this->Controller->Auth->initialize($this->Controller); |
||
848 | $this->Controller->Auth->allow('action_name', 'anotherAction'); |
||
849 | $this->assertEquals(array('action_name', 'anotherAction'), $this->Controller->Auth->allowedActions); |
||
850 | } |
||
851 | |||
852 | /**
|
||
853 | * testLoginRedirect method
|
||
854 | *
|
||
855 | * @return void
|
||
856 | */
|
||
857 | public function testLoginRedirect() { |
||
858 | $_SERVER['HTTP_REFERER'] = false; |
||
859 | $_ENV['HTTP_REFERER'] = false; |
||
860 | putenv('HTTP_REFERER='); |
||
861 | |||
862 | $this->Auth->Session->write('Auth', array( |
||
863 | 'AuthUser' => array('id' => '1', 'username' => 'nate') |
||
864 | )); |
||
865 | |||
866 | $this->Auth->request->addParams(Router::parse('users/login')); |
||
867 | $this->Auth->request->url = 'users/login'; |
||
868 | $this->Auth->initialize($this->Controller); |
||
869 | |||
870 | $this->Auth->loginRedirect = array( |
||
871 | 'controller' => 'pages', 'action' => 'display', 'welcome' |
||
872 | ); |
||
873 | $this->Auth->startup($this->Controller); |
||
874 | $expected = Router::normalize($this->Auth->loginRedirect); |
||
875 | $this->assertEquals($expected, $this->Auth->redirectUrl()); |
||
876 | |||
877 | $this->Auth->Session->delete('Auth'); |
||
878 | |||
879 | //empty referer no session
|
||
880 | $_SERVER['HTTP_REFERER'] = false; |
||
881 | $_ENV['HTTP_REFERER'] = false; |
||
882 | putenv('HTTP_REFERER='); |
||
883 | $url = '/posts/view/1'; |
||
884 | |||
885 | $this->Auth->Session->write('Auth', array( |
||
886 | 'AuthUser' => array('id' => '1', 'username' => 'nate')) |
||
887 | ); |
||
888 | $this->Controller->testUrl = null; |
||
889 | $this->Auth->request->addParams(Router::parse($url)); |
||
890 | array_push($this->Controller->methods, 'view', 'edit', 'index'); |
||
891 | |||
892 | $this->Auth->initialize($this->Controller); |
||
893 | $this->Auth->authorize = 'controller'; |
||
894 | |||
895 | $this->Auth->loginAction = array( |
||
896 | 'controller' => 'AuthTest', 'action' => 'login' |
||
897 | ); |
||
898 | $this->Auth->startup($this->Controller); |
||
899 | $expected = Router::normalize('/AuthTest/login'); |
||
900 | $this->assertEquals($expected, $this->Controller->testUrl); |
||
901 | |||
902 | $this->Auth->Session->delete('Auth'); |
||
903 | $_SERVER['HTTP_REFERER'] = $_ENV['HTTP_REFERER'] = Router::url('/admin', true); |
||
904 | $this->Auth->Session->write('Auth', array( |
||
905 | 'AuthUser' => array('id' => '1', 'username' => 'nate') |
||
906 | )); |
||
907 | $this->Auth->request->params['action'] = 'login'; |
||
908 | $this->Auth->request->url = 'auth_test/login'; |
||
909 | $this->Auth->initialize($this->Controller); |
||
910 | $this->Auth->loginAction = 'auth_test/login'; |
||
911 | $this->Auth->loginRedirect = false; |
||
912 | $this->Auth->startup($this->Controller); |
||
913 | $expected = Router::normalize('/admin'); |
||
914 | $this->assertEquals($expected, $this->Auth->redirectUrl()); |
||
915 | |||
916 | // Ticket #4750
|
||
917 | // Named Parameters
|
||
918 | $this->Controller->request = $this->Auth->request; |
||
919 | $this->Auth->Session->delete('Auth'); |
||
920 | $url = '/posts/index/year:2008/month:feb'; |
||
921 | $this->Auth->request->addParams(Router::parse($url)); |
||
922 | $this->Auth->request->url = $this->Auth->request->here = Router::normalize($url); |
||
923 | $this->Auth->initialize($this->Controller); |
||
924 | $this->Auth->loginAction = array('controller' => 'AuthTest', 'action' => 'login'); |
||
925 | $this->Auth->startup($this->Controller); |
||
926 | $expected = Router::normalize('posts/index/year:2008/month:feb'); |
||
927 | $this->assertEquals($expected, $this->Auth->Session->read('Auth.redirect')); |
||
928 | |||
929 | // Passed Arguments
|
||
930 | $this->Auth->Session->delete('Auth'); |
||
931 | $url = '/posts/view/1'; |
||
932 | $this->Auth->request->addParams(Router::parse($url)); |
||
933 | $this->Auth->request->url = $this->Auth->request->here = Router::normalize($url); |
||
934 | $this->Auth->initialize($this->Controller); |
||
935 | $this->Auth->loginAction = array('controller' => 'AuthTest', 'action' => 'login'); |
||
936 | $this->Auth->startup($this->Controller); |
||
937 | $expected = Router::normalize('posts/view/1'); |
||
938 | $this->assertEquals($expected, $this->Auth->Session->read('Auth.redirect')); |
||
939 | |||
940 | // QueryString parameters
|
||
941 | $_back = $_GET; |
||
942 | $_GET = array( |
||
943 | 'print' => 'true', |
||
944 | 'refer' => 'menu' |
||
945 | ); |
||
946 | $this->Auth->Session->delete('Auth'); |
||
947 | $url = '/posts/index/29'; |
||
948 | $this->Auth->request->addParams(Router::parse($url)); |
||
949 | $this->Auth->request->url = $this->Auth->request->here = Router::normalize($url); |
||
950 | $this->Auth->request->query = $_GET; |
||
951 | |||
952 | $this->Auth->initialize($this->Controller); |
||
953 | $this->Auth->loginAction = array('controller' => 'AuthTest', 'action' => 'login'); |
||
954 | $this->Auth->startup($this->Controller); |
||
955 | $expected = Router::normalize('posts/index/29?print=true&refer=menu'); |
||
956 | $this->assertEquals($expected, $this->Auth->Session->read('Auth.redirect')); |
||
957 | |||
958 | // Different base urls.
|
||
959 | $appConfig = Configure::read('App'); |
||
960 | |||
961 | $_GET = array(); |
||
962 | |||
963 | Configure::write('App', array( |
||
964 | 'dir' => APP_DIR, |
||
965 | 'webroot' => WEBROOT_DIR, |
||
966 | 'base' => false, |
||
967 | 'baseUrl' => '/cake/index.php' |
||
968 | )); |
||
969 | |||
970 | $this->Auth->Session->delete('Auth'); |
||
971 | |||
972 | $url = '/posts/add'; |
||
973 | $this->Auth->request = $this->Controller->request = new CakeRequest($url); |
||
974 | $this->Auth->request->addParams(Router::parse($url)); |
||
975 | $this->Auth->request->url = Router::normalize($url); |
||
976 | |||
977 | $this->Auth->initialize($this->Controller); |
||
978 | $this->Auth->loginAction = array('controller' => 'users', 'action' => 'login'); |
||
979 | $this->Auth->startup($this->Controller); |
||
980 | $expected = Router::normalize('/posts/add'); |
||
981 | $this->assertEquals($expected, $this->Auth->Session->read('Auth.redirect')); |
||
982 | |||
983 | $this->Auth->Session->delete('Auth'); |
||
984 | Configure::write('App', $appConfig); |
||
985 | |||
986 | $_GET = $_back; |
||
987 | |||
988 | // External Authed Action
|
||
989 | $_SERVER['HTTP_REFERER'] = 'http://webmail.example.com/view/message'; |
||
990 | $this->Auth->Session->delete('Auth'); |
||
991 | $url = '/posts/edit/1'; |
||
992 | $request = new CakeRequest($url); |
||
993 | $request->query = array(); |
||
994 | $this->Auth->request = $this->Controller->request = $request; |
||
995 | $this->Auth->request->addParams(Router::parse($url)); |
||
996 | $this->Auth->request->url = $this->Auth->request->here = Router::normalize($url); |
||
997 | $this->Auth->initialize($this->Controller); |
||
998 | $this->Auth->loginAction = array('controller' => 'AuthTest', 'action' => 'login'); |
||
999 | $this->Auth->startup($this->Controller); |
||
1000 | $expected = Router::normalize('/posts/edit/1'); |
||
1001 | $this->assertEquals($expected, $this->Auth->Session->read('Auth.redirect')); |
||
1002 | |||
1003 | // External Direct Login Link
|
||
1004 | $_SERVER['HTTP_REFERER'] = 'http://webmail.example.com/view/message'; |
||
1005 | $this->Auth->Session->delete('Auth'); |
||
1006 | $url = '/AuthTest/login'; |
||
1007 | $this->Auth->request = $this->Controller->request = new CakeRequest($url); |
||
1008 | $this->Auth->request->addParams(Router::parse($url)); |
||
1009 | $this->Auth->request->url = Router::normalize($url); |
||
1010 | $this->Auth->initialize($this->Controller); |
||
1011 | $this->Auth->loginAction = array('controller' => 'AuthTest', 'action' => 'login'); |
||
1012 | $this->Auth->startup($this->Controller); |
||
1013 | $expected = Router::normalize('/'); |
||
1014 | $this->assertEquals($expected, $this->Auth->Session->read('Auth.redirect')); |
||
1015 | |||
1016 | $this->Auth->Session->delete('Auth'); |
||
1017 | } |
||
1018 | |||
1019 | /**
|
||
1020 | * testNoLoginRedirectForAuthenticatedUser method
|
||
1021 | *
|
||
1022 | * @return void
|
||
1023 | */
|
||
1024 | public function testNoLoginRedirectForAuthenticatedUser() { |
||
1025 | $this->Controller->request['controller'] = 'auth_test'; |
||
1026 | $this->Controller->request['action'] = 'login'; |
||
1027 | $this->Controller->here = '/auth_test/login'; |
||
1028 | $this->Auth->request->url = 'auth_test/login'; |
||
1029 | |||
1030 | $this->Auth->Session->write('Auth.User.id', '1'); |
||
1031 | $this->Auth->authenticate = array('Form'); |
||
1032 | $this->getMock('BaseAuthorize', array('authorize'), array(), 'NoLoginRedirectMockAuthorize', false); |
||
1033 | $this->Auth->authorize = array('NoLoginRedirectMockAuthorize'); |
||
1034 | $this->Auth->loginAction = array('controller' => 'auth_test', 'action' => 'login'); |
||
1035 | |||
1036 | $return = $this->Auth->startup($this->Controller); |
||
1037 | $this->assertTrue($return); |
||
1038 | $this->assertNull($this->Controller->testUrl); |
||
1039 | } |
||
1040 | |||
1041 | /**
|
||
1042 | * Default to loginRedirect, if set, on authError.
|
||
1043 | *
|
||
1044 | * @return void
|
||
1045 | */
|
||
1046 | public function testDefaultToLoginRedirect() { |
||
1047 | $_SERVER['HTTP_REFERER'] = false; |
||
1048 | $_ENV['HTTP_REFERER'] = false; |
||
1049 | putenv('HTTP_REFERER='); |
||
1050 | |||
1051 | $url = '/party/on'; |
||
1052 | $this->Auth->request = $CakeRequest = new CakeRequest($url); |
||
1053 | $this->Auth->request->addParams(Router::parse($url)); |
||
1054 | $this->Auth->authorize = array('Controller'); |
||
1055 | $this->Auth->login(array('username' => 'mariano', 'password' => 'cake')); |
||
1056 | $this->Auth->loginRedirect = array( |
||
1057 | 'controller' => 'something', 'action' => 'else', |
||
1058 | ); |
||
1059 | |||
1060 | $CakeResponse = new CakeResponse(); |
||
1061 | $Controller = $this->getMock( |
||
1062 | 'Controller',
|
||
1063 | array('on', 'redirect'), |
||
1064 | array($CakeRequest, $CakeResponse) |
||
1065 | ); |
||
1066 | |||
1067 | $expected = Router::url($this->Auth->loginRedirect); |
||
1068 | $Controller->expects($this->once()) |
||
1069 | ->method('redirect')
|
||
1070 | ->with($this->equalTo($expected)); |
||
1071 | $this->Auth->startup($Controller); |
||
1072 | } |
||
1073 | |||
1074 | /**
|
||
1075 | * testRedirectToUnauthorizedRedirect
|
||
1076 | *
|
||
1077 | * @return void
|
||
1078 | */
|
||
1079 | public function testRedirectToUnauthorizedRedirect() { |
||
1080 | $url = '/party/on'; |
||
1081 | $this->Auth->request = $CakeRequest = new CakeRequest($url); |
||
1082 | $this->Auth->request->addParams(Router::parse($url)); |
||
1083 | $this->Auth->authorize = array('Controller'); |
||
1084 | $this->Auth->login(array('username' => 'admad', 'password' => 'cake')); |
||
1085 | $this->Auth->unauthorizedRedirect = array( |
||
1086 | 'controller' => 'no_can_do', 'action' => 'jack' |
||
1087 | ); |
||
1088 | |||
1089 | $CakeResponse = new CakeResponse(); |
||
1090 | $Controller = $this->getMock( |
||
1091 | 'Controller',
|
||
1092 | array('on', 'redirect'), |
||
1093 | array($CakeRequest, $CakeResponse) |
||
1094 | ); |
||
1095 | $this->Auth->Flash = $this->getMock( |
||
1096 | 'FlashComponent',
|
||
1097 | array('set'), |
||
1098 | array($Controller->Components) |
||
1099 | ); |
||
1100 | |||
1101 | $expected = array( |
||
1102 | 'controller' => 'no_can_do', 'action' => 'jack' |
||
1103 | ); |
||
1104 | $Controller->expects($this->once()) |
||
1105 | ->method('redirect')
|
||
1106 | ->with($this->equalTo($expected)); |
||
1107 | $this->Auth->Flash->expects($this->once()) |
||
1108 | ->method('set');
|
||
1109 | $this->Auth->startup($Controller); |
||
1110 | } |
||
1111 | |||
1112 | /**
|
||
1113 | * testRedirectToUnauthorizedRedirectSuppressedAuthError
|
||
1114 | *
|
||
1115 | * @return void
|
||
1116 | */
|
||
1117 | public function testRedirectToUnauthorizedRedirectSuppressedAuthError() { |
||
1118 | $url = '/party/on'; |
||
1119 | $this->Auth->request = $CakeRequest = new CakeRequest($url); |
||
1120 | $this->Auth->request->addParams(Router::parse($url)); |
||
1121 | $this->Auth->authorize = array('Controller'); |
||
1122 | $this->Auth->login(array('username' => 'admad', 'password' => 'cake')); |
||
1123 | $this->Auth->unauthorizedRedirect = array( |
||
1124 | 'controller' => 'no_can_do', 'action' => 'jack' |
||
1125 | ); |
||
1126 | $this->Auth->authError = false; |
||
1127 | |||
1128 | $CakeResponse = new CakeResponse(); |
||
1129 | $Controller = $this->getMock( |
||
1130 | 'Controller',
|
||
1131 | array('on', 'redirect'), |
||
1132 | array($CakeRequest, $CakeResponse) |
||
1133 | ); |
||
1134 | $this->Auth->Flash = $this->getMock( |
||
1135 | 'FlashComponent',
|
||
1136 | array('set'), |
||
1137 | array($Controller->Components) |
||
1138 | ); |
||
1139 | |||
1140 | $expected = array( |
||
1141 | 'controller' => 'no_can_do', 'action' => 'jack' |
||
1142 | ); |
||
1143 | $Controller->expects($this->once()) |
||
1144 | ->method('redirect')
|
||
1145 | ->with($this->equalTo($expected)); |
||
1146 | $this->Auth->Flash->expects($this->never()) |
||
1147 | ->method('set');
|
||
1148 | $this->Auth->startup($Controller); |
||
1149 | } |
||
1150 | |||
1151 | /**
|
||
1152 | * Throw ForbiddenException if AuthComponent::$unauthorizedRedirect set to false
|
||
1153 | * @expectedException ForbiddenException
|
||
1154 | * @return void
|
||
1155 | */
|
||
1156 | public function testForbiddenException() { |
||
1157 | $url = '/party/on'; |
||
1158 | $this->Auth->request = $CakeRequest = new CakeRequest($url); |
||
1159 | $this->Auth->request->addParams(Router::parse($url)); |
||
1160 | $this->Auth->authorize = array('Controller'); |
||
1161 | $this->Auth->authorize = array('Controller'); |
||
1162 | $this->Auth->unauthorizedRedirect = false; |
||
1163 | $this->Auth->login(array('username' => 'baker', 'password' => 'cake')); |
||
1164 | |||
1165 | $CakeResponse = new CakeResponse(); |
||
1166 | $Controller = $this->getMock( |
||
1167 | 'Controller',
|
||
1168 | array('on', 'redirect'), |
||
1169 | array($CakeRequest, $CakeResponse) |
||
1170 | ); |
||
1171 | |||
1172 | $this->Auth->startup($Controller); |
||
1173 | } |
||
1174 | |||
1175 | /**
|
||
1176 | * Test that no redirects or authorization tests occur on the loginAction
|
||
1177 | *
|
||
1178 | * @return void
|
||
1179 | */
|
||
1180 | public function testNoRedirectOnLoginAction() { |
||
1181 | $controller = $this->getMock('Controller'); |
||
1182 | $controller->methods = array('login'); |
||
1183 | |||
1184 | $url = '/AuthTest/login'; |
||
1185 | $this->Auth->request = $controller->request = new CakeRequest($url); |
||
1186 | $this->Auth->request->addParams(Router::parse($url)); |
||
1187 | $this->Auth->loginAction = array('controller' => 'AuthTest', 'action' => 'login'); |
||
1188 | $this->Auth->authorize = array('Controller'); |
||
1189 | |||
1190 | $controller->expects($this->never()) |
||
1191 | ->method('redirect');
|
||
1192 | |||
1193 | $this->Auth->startup($controller); |
||
1194 | } |
||
1195 | |||
1196 | /**
|
||
1197 | * Ensure that no redirect is performed when a 404 is reached
|
||
1198 | * And the user doesn't have a session.
|
||
1199 | *
|
||
1200 | * @return void
|
||
1201 | */
|
||
1202 | public function testNoRedirectOn404() { |
||
1203 | $this->Auth->Session->delete('Auth'); |
||
1204 | $this->Auth->initialize($this->Controller); |
||
1205 | $this->Auth->request->addParams(Router::parse('auth_test/something_totally_wrong')); |
||
1206 | $result = $this->Auth->startup($this->Controller); |
||
1207 | $this->assertTrue($result, 'Auth redirected a missing action %s'); |
||
1208 | } |
||
1209 | |||
1210 | /**
|
||
1211 | * testAdminRoute method
|
||
1212 | *
|
||
1213 | * @return void
|
||
1214 | */
|
||
1215 | public function testAdminRoute() { |
||
1216 | $pref = Configure::read('Routing.prefixes'); |
||
1217 | Configure::write('Routing.prefixes', array('admin')); |
||
1218 | Router::reload();
|
||
1219 | require CAKE . 'Config' . DS . 'routes.php'; |
||
1220 | |||
1221 | $url = '/admin/auth_test/add'; |
||
1222 | $this->Auth->request->addParams(Router::parse($url)); |
||
1223 | $this->Auth->request->query['url'] = ltrim($url, '/'); |
||
1224 | $this->Auth->request->base = ''; |
||
1225 | |||
1226 | Router::setRequestInfo($this->Auth->request); |
||
1227 | $this->Auth->initialize($this->Controller); |
||
1228 | |||
1229 | $this->Auth->loginAction = array( |
||
1230 | 'admin' => true, 'controller' => 'auth_test', 'action' => 'login' |
||
1231 | ); |
||
1232 | |||
1233 | $this->Auth->startup($this->Controller); |
||
1234 | $this->assertEquals('/admin/auth_test/login', $this->Controller->testUrl); |
||
1235 | |||
1236 | Configure::write('Routing.prefixes', $pref); |
||
1237 | } |
||
1238 | |||
1239 | /**
|
||
1240 | * testAjaxLogin method
|
||
1241 | *
|
||
1242 | * @return void
|
||
1243 | */
|
||
1244 | public function testAjaxLogin() { |
||
1245 | App::build(array( |
||
1246 | 'View' => array(CAKE . 'Test' . DS . 'test_app' . DS . 'View' . DS) |
||
1247 | )); |
||
1248 | $_SERVER['HTTP_X_REQUESTED_WITH'] = 'XMLHttpRequest'; |
||
1249 | |||
1250 | App::uses('Dispatcher', 'Routing'); |
||
1251 | |||
1252 | $Response = new CakeResponse(); |
||
1253 | ob_start(); |
||
1254 | $Dispatcher = new Dispatcher(); |
||
1255 | $Dispatcher->dispatch(new CakeRequest('/ajax_auth/add'), $Response, array('return' => 1)); |
||
1256 | $result = ob_get_clean();
|
||
1257 | |||
1258 | $this->assertEquals(403, $Response->statusCode()); |
||
1259 | $this->assertEquals("Ajax!\nthis is the test element", str_replace("\r\n", "\n", $result)); |
||
1260 | unset($_SERVER['HTTP_X_REQUESTED_WITH']); |
||
1261 | } |
||
1262 | |||
1263 | /**
|
||
1264 | * testAjaxLoginResponseCode
|
||
1265 | *
|
||
1266 | * @return void
|
||
1267 | */
|
||
1268 | public function testAjaxLoginResponseCode() { |
||
1269 | App::build(array( |
||
1270 | 'View' => array(CAKE . 'Test' . DS . 'test_app' . DS . 'View' . DS) |
||
1271 | )); |
||
1272 | $_SERVER['HTTP_X_REQUESTED_WITH'] = 'XMLHttpRequest'; |
||
1273 | |||
1274 | $url = '/ajax_auth/add'; |
||
1275 | $this->Auth->request->addParams(Router::parse($url)); |
||
1276 | $this->Auth->request->query['url'] = ltrim($url, '/'); |
||
1277 | $this->Auth->request->base = ''; |
||
1278 | $this->Auth->ajaxLogin = 'test_element'; |
||
1279 | |||
1280 | Router::setRequestInfo($this->Auth->request); |
||
1281 | |||
1282 | $this->Controller->response = $this->getMock('CakeResponse', array('_sendHeader')); |
||
1283 | $this->Controller->response->expects($this->at(0)) |
||
1284 | ->method('_sendHeader')
|
||
1285 | ->with('HTTP/1.1 403 Forbidden', null); |
||
1286 | $this->Auth->initialize($this->Controller); |
||
1287 | |||
1288 | ob_start(); |
||
1289 | $result = $this->Auth->startup($this->Controller); |
||
1290 | ob_end_clean(); |
||
1291 | |||
1292 | $this->assertFalse($result); |
||
1293 | $this->assertEquals('this is the test element', $this->Controller->response->body()); |
||
1294 | $this->assertArrayNotHasKey('Location', $this->Controller->response->header()); |
||
1295 | $this->assertNull($this->Controller->testUrl, 'redirect() not called'); |
||
1296 | unset($_SERVER['HTTP_X_REQUESTED_WITH']); |
||
1297 | } |
||
1298 | |||
1299 | /**
|
||
1300 | * test ajax login with no element
|
||
1301 | *
|
||
1302 | * @return void
|
||
1303 | */
|
||
1304 | public function testAjaxLoginResponseCodeNoElement() { |
||
1305 | $_SERVER['HTTP_X_REQUESTED_WITH'] = 'XMLHttpRequest'; |
||
1306 | |||
1307 | $url = '/ajax_auth/add'; |
||
1308 | $this->Auth->request->addParams(Router::parse($url)); |
||
1309 | $this->Auth->request->query['url'] = ltrim($url, '/'); |
||
1310 | $this->Auth->request->base = ''; |
||
1311 | $this->Auth->ajaxLogin = false; |
||
1312 | |||
1313 | Router::setRequestInfo($this->Auth->request); |
||
1314 | |||
1315 | $this->Controller->response = $this->getMock('CakeResponse', array('_sendHeader')); |
||
1316 | $this->Controller->response->expects($this->at(0)) |
||
1317 | ->method('_sendHeader')
|
||
1318 | ->with('HTTP/1.1 403 Forbidden', null); |
||
1319 | $this->Auth->initialize($this->Controller); |
||
1320 | |||
1321 | $this->Auth->startup($this->Controller); |
||
1322 | |||
1323 | $this->assertArrayNotHasKey('Location', $this->Controller->response->header()); |
||
1324 | $this->assertNull($this->Controller->testUrl, 'redirect() not called'); |
||
1325 | unset($_SERVER['HTTP_X_REQUESTED_WITH']); |
||
1326 | } |
||
1327 | |||
1328 | /**
|
||
1329 | * testLoginActionRedirect method
|
||
1330 | *
|
||
1331 | * @return void
|
||
1332 | */
|
||
1333 | public function testLoginActionRedirect() { |
||
1334 | $admin = Configure::read('Routing.prefixes'); |
||
1335 | Configure::write('Routing.prefixes', array('admin')); |
||
1336 | Router::reload();
|
||
1337 | require CAKE . 'Config' . DS . 'routes.php'; |
||
1338 | |||
1339 | $url = '/admin/auth_test/login'; |
||
1340 | $this->Auth->request->addParams(Router::parse($url)); |
||
1341 | $this->Auth->request->url = ltrim($url, '/'); |
||
1342 | Router::setRequestInfo(array( |
||
1343 | array(
|
||
1344 | 'pass' => array(), 'action' => 'admin_login', 'plugin' => null, 'controller' => 'auth_test', |
||
1345 | 'admin' => true, |
||
1346 | ), |
||
1347 | array(
|
||
1348 | 'base' => null, 'here' => $url, |
||
1349 | 'webroot' => '/', 'passedArgs' => array(), |
||
1350 | ) |
||
1351 | )); |
||
1352 | |||
1353 | $this->Auth->initialize($this->Controller); |
||
1354 | $this->Auth->loginAction = array('admin' => true, 'controller' => 'auth_test', 'action' => 'login'); |
||
1355 | $this->Auth->startup($this->Controller); |
||
1356 | |||
1357 | $this->assertNull($this->Controller->testUrl); |
||
1358 | |||
1359 | Configure::write('Routing.prefixes', $admin); |
||
1360 | } |
||
1361 | |||
1362 | /**
|
||
1363 | * Stateless auth methods like Basic should populate data that can be
|
||
1364 | * accessed by $this->user().
|
||
1365 | *
|
||
1366 | * @return void
|
||
1367 | */
|
||
1368 | public function testStatelessAuthWorksWithUser() { |
||
1369 | $_SERVER['PHP_AUTH_USER'] = 'mariano'; |
||
1370 | $_SERVER['PHP_AUTH_PW'] = 'cake'; |
||
1371 | $url = '/auth_test/add'; |
||
1372 | $this->Auth->request->addParams(Router::parse($url)); |
||
1373 | |||
1374 | $this->Auth->authenticate = array( |
||
1375 | 'Basic' => array('userModel' => 'AuthUser') |
||
1376 | ); |
||
1377 | $this->Auth->startup($this->Controller); |
||
1378 | |||
1379 | $result = $this->Auth->user(); |
||
1380 | $this->assertEquals('mariano', $result['username']); |
||
1381 | |||
1382 | $result = $this->Auth->user('username'); |
||
1383 | $this->assertEquals('mariano', $result); |
||
1384 | } |
||
1385 | |||
1386 | /**
|
||
1387 | * test $settings in Controller::$components
|
||
1388 | *
|
||
1389 | * @return void
|
||
1390 | */
|
||
1391 | public function testComponentSettings() { |
||
1392 | $request = new CakeRequest(null, false); |
||
1393 | $this->Controller = new AuthTestController($request, $this->getMock('CakeResponse')); |
||
1394 | |||
1395 | $this->Controller->components = array( |
||
1396 | 'Auth' => array( |
||
1397 | 'loginAction' => array('controller' => 'people', 'action' => 'login'), |
||
1398 | 'logoutRedirect' => array('controller' => 'people', 'action' => 'login'), |
||
1399 | ), |
||
1400 | 'Session'
|
||
1401 | ); |
||
1402 | $this->Controller->Components->init($this->Controller); |
||
1403 | $this->Controller->Components->trigger('initialize', array(&$this->Controller)); |
||
1404 | Router::reload();
|
||
1405 | |||
1406 | $expected = array( |
||
1407 | 'loginAction' => array('controller' => 'people', 'action' => 'login'), |
||
1408 | 'logoutRedirect' => array('controller' => 'people', 'action' => 'login'), |
||
1409 | ); |
||
1410 | $this->assertEquals($expected['loginAction'], $this->Controller->Auth->loginAction); |
||
1411 | $this->assertEquals($expected['logoutRedirect'], $this->Controller->Auth->logoutRedirect); |
||
1412 | } |
||
1413 | |||
1414 | /**
|
||
1415 | * test that logout deletes the session variables. and returns the correct URL
|
||
1416 | *
|
||
1417 | * @return void
|
||
1418 | */
|
||
1419 | public function testLogout() { |
||
1420 | $this->Auth->Session->write('Auth.User.id', '1'); |
||
1421 | $this->Auth->Session->write('Auth.redirect', '/users/login'); |
||
1422 | $this->Auth->logoutRedirect = '/'; |
||
1423 | $result = $this->Auth->logout(); |
||
1424 | |||
1425 | $this->assertEquals('/', $result); |
||
1426 | $this->assertNull($this->Auth->Session->read('Auth.AuthUser')); |
||
1427 | $this->assertNull($this->Auth->Session->read('Auth.redirect')); |
||
1428 | } |
||
1429 | |||
1430 | /**
|
||
1431 | * Logout should trigger a logout method on authentication objects.
|
||
1432 | *
|
||
1433 | * @return void
|
||
1434 | */
|
||
1435 | public function testLogoutTrigger() { |
||
1436 | $LogoutTriggerMockAuthenticate = $this->getMock('BaseAuthenticate', array('authenticate', 'logout'), array(), '', false); |
||
1437 | |||
1438 | $this->Auth->authenticate = array('LogoutTriggerMock'); |
||
1439 | $this->Auth->setAuthenticateObject(0, $LogoutTriggerMockAuthenticate); |
||
1440 | $LogoutTriggerMockAuthenticate->expects($this->once()) |
||
1441 | ->method('logout');
|
||
1442 | |||
1443 | $this->Auth->logout(); |
||
1444 | } |
||
1445 | |||
1446 | /**
|
||
1447 | * Test mapActions as a getter
|
||
1448 | *
|
||
1449 | * @return void
|
||
1450 | */
|
||
1451 | public function testMapActions() { |
||
1452 | $MapActionMockAuthorize = $this->getMock( |
||
1453 | 'BaseAuthorize',
|
||
1454 | array('authorize'), |
||
1455 | array(),
|
||
1456 | '',
|
||
1457 | false
|
||
1458 | ); |
||
1459 | $this->Auth->authorize = array('MapActionAuthorize'); |
||
1460 | $this->Auth->setAuthorizeObject(0, $MapActionMockAuthorize); |
||
1461 | |||
1462 | $actions = array('my_action' => 'create'); |
||
1463 | $this->Auth->mapActions($actions); |
||
1464 | $actions = array( |
||
1465 | 'create' => array('my_other_action'), |
||
1466 | 'update' => array('updater') |
||
1467 | ); |
||
1468 | $this->Auth->mapActions($actions); |
||
1469 | |||
1470 | $actions = $this->Auth->mapActions(); |
||
1471 | |||
1472 | $result = $actions['my_action']; |
||
1473 | $expected = 'create'; |
||
1474 | $this->assertEquals($expected, $result); |
||
1475 | |||
1476 | $result = $actions['my_other_action']; |
||
1477 | $expected = 'create'; |
||
1478 | $this->assertEquals($expected, $result); |
||
1479 | |||
1480 | $result = $actions['updater']; |
||
1481 | $expected = 'update'; |
||
1482 | $this->assertEquals($expected, $result); |
||
1483 | } |
||
1484 | |||
1485 | /**
|
||
1486 | * test mapActions loading and delegating to authorize objects.
|
||
1487 | *
|
||
1488 | * @return void
|
||
1489 | */
|
||
1490 | public function testMapActionsDelegation() { |
||
1491 | $MapActionMockAuthorize = $this->getMock('BaseAuthorize', array('authorize', 'mapActions'), array(), '', false); |
||
1492 | |||
1493 | $this->Auth->authorize = array('MapActionMock'); |
||
1494 | $this->Auth->setAuthorizeObject(0, $MapActionMockAuthorize); |
||
1495 | $MapActionMockAuthorize->expects($this->once()) |
||
1496 | ->method('mapActions')
|
||
1497 | ->with(array('create' => array('my_action'))); |
||
1498 | |||
1499 | $this->Auth->mapActions(array('create' => array('my_action'))); |
||
1500 | } |
||
1501 | |||
1502 | /**
|
||
1503 | * test logging in with a request.
|
||
1504 | *
|
||
1505 | * @return void
|
||
1506 | */
|
||
1507 | public function testLoginWithRequestData() { |
||
1508 | $RequestLoginMockAuthenticate = $this->getMock('FormAuthenticate', array(), array(), '', false); |
||
1509 | $request = new CakeRequest('users/login', false); |
||
1510 | $user = array('username' => 'mark', 'role' => 'admin'); |
||
1511 | |||
1512 | $this->Auth->request = $request; |
||
1513 | $this->Auth->authenticate = array('RequestLoginMock'); |
||
1514 | $this->Auth->setAuthenticateObject(0, $RequestLoginMockAuthenticate); |
||
1515 | $RequestLoginMockAuthenticate->expects($this->once()) |
||
1516 | ->method('authenticate')
|
||
1517 | ->with($request)
|
||
1518 | ->will($this->returnValue($user)); |
||
1519 | |||
1520 | $this->assertTrue($this->Auth->login()); |
||
1521 | $this->assertEquals($user['username'], $this->Auth->user('username')); |
||
1522 | } |
||
1523 | |||
1524 | /**
|
||
1525 | * test login() with user data
|
||
1526 | *
|
||
1527 | * @return void
|
||
1528 | */
|
||
1529 | public function testLoginWithUserData() { |
||
1530 | $this->assertFalse($this->Auth->loggedIn()); |
||
1531 | |||
1532 | $user = array( |
||
1533 | 'username' => 'mariano', |
||
1534 | 'password' => '5f4dcc3b5aa765d61d8327deb882cf99', |
||
1535 | 'created' => '2007-03-17 01:16:23', |
||
1536 | 'updated' => '2007-03-17 01:18:31' |
||
1537 | ); |
||
1538 | $this->assertTrue($this->Auth->login($user)); |
||
1539 | $this->assertTrue($this->Auth->loggedIn()); |
||
1540 | $this->assertEquals($user['username'], $this->Auth->user('username')); |
||
1541 | } |
||
1542 | |||
1543 | /**
|
||
1544 | * test flash settings.
|
||
1545 | *
|
||
1546 | * @return void
|
||
1547 | */
|
||
1548 | public function testFlashSettings() { |
||
1549 | $this->Auth->Flash = $this->getMock('FlashComponent', array(), array(), '', false); |
||
1550 | $this->Auth->Flash->expects($this->once()) |
||
1551 | ->method('set')
|
||
1552 | ->with('Auth failure', array('element' => 'custom', 'params' => array(1), 'key' => 'auth-key')); |
||
1553 | |||
1554 | $this->Auth->flash = array( |
||
1555 | 'element' => 'custom', |
||
1556 | 'params' => array(1), |
||
1557 | 'key' => 'auth-key' |
||
1558 | ); |
||
1559 | $this->Auth->flash('Auth failure'); |
||
1560 | } |
||
1561 | |||
1562 | /**
|
||
1563 | * test the various states of Auth::redirect()
|
||
1564 | *
|
||
1565 | * @return void
|
||
1566 | */
|
||
1567 | public function testRedirectSet() { |
||
1568 | $value = array('controller' => 'users', 'action' => 'home'); |
||
1569 | $result = $this->Auth->redirectUrl($value); |
||
1570 | $this->assertEquals('/users/home', $result); |
||
1571 | $this->assertEquals($value, $this->Auth->Session->read('Auth.redirect')); |
||
1572 | } |
||
1573 | |||
1574 | /**
|
||
1575 | * test redirect using Auth.redirect from the session.
|
||
1576 | *
|
||
1577 | * @return void
|
||
1578 | */
|
||
1579 | public function testRedirectSessionRead() { |
||
1580 | $this->Auth->loginAction = array('controller' => 'users', 'action' => 'login'); |
||
1581 | $this->Auth->Session->write('Auth.redirect', '/users/home'); |
||
1582 | |||
1583 | $result = $this->Auth->redirectUrl(); |
||
1584 | $this->assertEquals('/users/home', $result); |
||
1585 | $this->assertFalse($this->Auth->Session->check('Auth.redirect')); |
||
1586 | } |
||
1587 | |||
1588 | /**
|
||
1589 | * test redirectUrl with duplicate base.
|
||
1590 | *
|
||
1591 | * @return void
|
||
1592 | */
|
||
1593 | public function testRedirectSessionReadDuplicateBase() { |
||
1594 | $this->Auth->request->webroot = '/waves/'; |
||
1595 | $this->Auth->request->base = '/waves'; |
||
1596 | |||
1597 | Router::setRequestInfo($this->Auth->request); |
||
1598 | |||
1599 | $this->Auth->Session->write('Auth.redirect', '/waves/add'); |
||
1600 | |||
1601 | $result = $this->Auth->redirectUrl(); |
||
1602 | $this->assertEquals('/waves/add', $result); |
||
1603 | } |
||
1604 | |||
1605 | /**
|
||
1606 | * test that redirect does not return loginAction if that is what's stored in Auth.redirect.
|
||
1607 | * instead loginRedirect should be used.
|
||
1608 | *
|
||
1609 | * @return void
|
||
1610 | */
|
||
1611 | public function testRedirectSessionReadEqualToLoginAction() { |
||
1612 | $this->Auth->loginAction = array('controller' => 'users', 'action' => 'login'); |
||
1613 | $this->Auth->loginRedirect = array('controller' => 'users', 'action' => 'home'); |
||
1614 | $this->Auth->Session->write('Auth.redirect', array('controller' => 'users', 'action' => 'login')); |
||
1615 | |||
1616 | $result = $this->Auth->redirectUrl(); |
||
1617 | $this->assertEquals('/users/home', $result); |
||
1618 | $this->assertFalse($this->Auth->Session->check('Auth.redirect')); |
||
1619 | } |
||
1620 | |||
1621 | /**
|
||
1622 | * test that the returned URL doesn't contain the base URL.
|
||
1623 | *
|
||
1624 | * @see https://cakephp.lighthouseapp.com/projects/42648/tickets/3922-authcomponentredirecturl-prepends-appbaseurl
|
||
1625 | *
|
||
1626 | * @return void This test method doesn't return anything.
|
||
1627 | */
|
||
1628 | public function testRedirectUrlWithBaseSet() { |
||
1629 | $App = Configure::read('App'); |
||
1630 | |||
1631 | Configure::write('App', array( |
||
1632 | 'dir' => APP_DIR, |
||
1633 | 'webroot' => WEBROOT_DIR, |
||
1634 | 'base' => false, |
||
1635 | 'baseUrl' => '/cake/index.php' |
||
1636 | )); |
||
1637 | |||
1638 | $url = '/users/login'; |
||
1639 | $this->Auth->request = $this->Controller->request = new CakeRequest($url); |
||
1640 | $this->Auth->request->addParams(Router::parse($url)); |
||
1641 | $this->Auth->request->url = Router::normalize($url); |
||
1642 | |||
1643 | Router::setRequestInfo($this->Auth->request); |
||
1644 | |||
1645 | $this->Auth->loginAction = array('controller' => 'users', 'action' => 'login'); |
||
1646 | $this->Auth->loginRedirect = array('controller' => 'users', 'action' => 'home'); |
||
1647 | |||
1648 | $result = $this->Auth->redirectUrl(); |
||
1649 | $this->assertEquals('/users/home', $result); |
||
1650 | $this->assertFalse($this->Auth->Session->check('Auth.redirect')); |
||
1651 | |||
1652 | Configure::write('App', $App); |
||
1653 | Router::reload();
|
||
1654 | } |
||
1655 | |||
1656 | /**
|
||
1657 | * test password hashing
|
||
1658 | *
|
||
1659 | * @return void
|
||
1660 | */
|
||
1661 | public function testPassword() { |
||
1662 | $result = $this->Auth->password('password'); |
||
1663 | $expected = Security::hash('password', null, true); |
||
1664 | $this->assertEquals($expected, $result); |
||
1665 | } |
||
1666 | |||
1667 | /**
|
||
1668 | * testUser method
|
||
1669 | *
|
||
1670 | * @return void
|
||
1671 | */
|
||
1672 | public function testUser() { |
||
1673 | $data = array( |
||
1674 | 'User' => array( |
||
1675 | 'id' => '2', |
||
1676 | 'username' => 'mark', |
||
1677 | 'group_id' => 1, |
||
1678 | 'Group' => array( |
||
1679 | 'id' => '1', |
||
1680 | 'name' => 'Members' |
||
1681 | ), |
||
1682 | 'is_admin' => false, |
||
1683 | )); |
||
1684 | $this->Auth->Session->write('Auth', $data); |
||
1685 | |||
1686 | $result = $this->Auth->user(); |
||
1687 | $this->assertEquals($data['User'], $result); |
||
1688 | |||
1689 | $result = $this->Auth->user('username'); |
||
1690 | $this->assertEquals($data['User']['username'], $result); |
||
1691 | |||
1692 | $result = $this->Auth->user('Group.name'); |
||
1693 | $this->assertEquals($data['User']['Group']['name'], $result); |
||
1694 | |||
1695 | $result = $this->Auth->user('invalid'); |
||
1696 | $this->assertEquals(null, $result); |
||
1697 | |||
1698 | $result = $this->Auth->user('Company.invalid'); |
||
1699 | $this->assertEquals(null, $result); |
||
1700 | |||
1701 | $result = $this->Auth->user('is_admin'); |
||
1702 | $this->assertFalse($result); |
||
1703 | } |
||
1704 | |||
1705 | /**
|
||
1706 | * testStatelessAuthNoRedirect method
|
||
1707 | *
|
||
1708 | * @expectedException UnauthorizedException
|
||
1709 | * @expectedExceptionCode 401
|
||
1710 | * @return void
|
||
1711 | */
|
||
1712 | public function testStatelessAuthNoRedirect() { |
||
1713 | if (CakeSession::id()) { |
||
1714 | session_destroy(); |
||
1715 | CakeSession::$id = null; |
||
1716 | } |
||
1717 | $_SESSION = null; |
||
1718 | |||
1719 | AuthComponent::$sessionKey = false; |
||
1720 | $this->Auth->authenticate = array('Basic'); |
||
1721 | $this->Controller->request['action'] = 'admin_add'; |
||
1722 | |||
1723 | $this->Auth->startup($this->Controller); |
||
1724 | } |
||
1725 | |||
1726 | /**
|
||
1727 | * testStatelessAuthNoSessionStart method
|
||
1728 | *
|
||
1729 | * @return void
|
||
1730 | */
|
||
1731 | public function testStatelessAuthNoSessionStart() { |
||
1732 | if (CakeSession::id()) { |
||
1733 | session_destroy(); |
||
1734 | CakeSession::$id = null; |
||
1735 | } |
||
1736 | $_SESSION = null; |
||
1737 | |||
1738 | $_SERVER['PHP_AUTH_USER'] = 'mariano'; |
||
1739 | $_SERVER['PHP_AUTH_PW'] = 'cake'; |
||
1740 | |||
1741 | AuthComponent::$sessionKey = false; |
||
1742 | $this->Auth->authenticate = array( |
||
1743 | 'Basic' => array('userModel' => 'AuthUser') |
||
1744 | ); |
||
1745 | $this->Controller->request['action'] = 'admin_add'; |
||
1746 | |||
1747 | $result = $this->Auth->startup($this->Controller); |
||
1748 | $this->assertTrue($result); |
||
1749 | |||
1750 | $this->assertNull(CakeSession::id()); |
||
1751 | } |
||
1752 | |||
1753 | /**
|
||
1754 | * testStatelessAuthRedirect method
|
||
1755 | *
|
||
1756 | * @return void
|
||
1757 | */
|
||
1758 | public function testStatelessFollowedByStatefulAuth() { |
||
1759 | $this->Auth->authenticate = array('Basic', 'Form'); |
||
1760 | $this->Controller->request['action'] = 'admin_add'; |
||
1761 | |||
1762 | $this->Auth->response->expects($this->never())->method('statusCode'); |
||
1763 | $this->Auth->response->expects($this->never())->method('send'); |
||
1764 | |||
1765 | $result = $this->Auth->startup($this->Controller); |
||
1766 | $this->assertFalse($result); |
||
1767 | |||
1768 | $this->assertEquals('/users/login', $this->Controller->testUrl); |
||
1769 | } |
||
1770 | } |