2018-09-29 19:57:00 +03:00
|
|
|
<?php
|
|
|
|
|
|
|
|
declare(strict_types=1);
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @copyright 2018 Christoph Wurst <christoph@winzerhof-wurst.at>
|
|
|
|
*
|
|
|
|
* @author 2018 Christoph Wurst <christoph@winzerhof-wurst.at>
|
|
|
|
*
|
|
|
|
* @license GNU AGPL version 3 or any later version
|
|
|
|
*
|
|
|
|
* This program is free software: you can redistribute it and/or modify
|
|
|
|
* it under the terms of the GNU Affero General Public License as
|
|
|
|
* published by the Free Software Foundation, either version 3 of the
|
|
|
|
* License, or (at your option) any later version.
|
|
|
|
*
|
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
* GNU Affero General Public License for more details.
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU Affero General Public License
|
|
|
|
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
*
|
|
|
|
*/
|
|
|
|
|
|
|
|
namespace Tests\Authentication\TwoFactorAuth;
|
|
|
|
|
2018-10-11 13:20:18 +03:00
|
|
|
use OC\Authentication\TwoFactorAuth\EnforcementState;
|
2018-09-29 19:57:00 +03:00
|
|
|
use OC\Authentication\TwoFactorAuth\MandatoryTwoFactor;
|
|
|
|
use OCP\IConfig;
|
2018-10-11 13:20:18 +03:00
|
|
|
use OCP\IGroupManager;
|
|
|
|
use OCP\IUser;
|
2018-09-29 19:57:00 +03:00
|
|
|
use PHPUnit\Framework\MockObject\MockObject;
|
|
|
|
use Test\TestCase;
|
|
|
|
|
|
|
|
class MandatoryTwoFactorTest extends TestCase {
|
|
|
|
|
|
|
|
/** @var IConfig|MockObject */
|
|
|
|
private $config;
|
|
|
|
|
2018-10-11 13:20:18 +03:00
|
|
|
/** @var IGroupManager|MockObject */
|
|
|
|
private $groupManager;
|
|
|
|
|
2018-09-29 19:57:00 +03:00
|
|
|
/** @var MandatoryTwoFactor */
|
|
|
|
private $mandatoryTwoFactor;
|
|
|
|
|
2019-11-21 18:40:38 +03:00
|
|
|
protected function setUp(): void {
|
2018-09-29 19:57:00 +03:00
|
|
|
parent::setUp();
|
|
|
|
|
|
|
|
$this->config = $this->createMock(IConfig::class);
|
2018-10-11 13:20:18 +03:00
|
|
|
$this->groupManager = $this->createMock(IGroupManager::class);
|
2018-09-29 19:57:00 +03:00
|
|
|
|
2018-10-11 13:20:18 +03:00
|
|
|
$this->mandatoryTwoFactor = new MandatoryTwoFactor($this->config, $this->groupManager);
|
2018-09-29 19:57:00 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
public function testIsNotEnforced() {
|
2018-10-11 13:20:18 +03:00
|
|
|
$this->config
|
2018-09-29 19:57:00 +03:00
|
|
|
->method('getSystemValue')
|
2018-10-11 13:20:18 +03:00
|
|
|
->willReturnMap([
|
|
|
|
['twofactor_enforced', 'false', 'false'],
|
|
|
|
['twofactor_enforced_groups', [], []],
|
|
|
|
['twofactor_enforced_excluded_groups', [], []],
|
|
|
|
]);
|
2018-09-29 19:57:00 +03:00
|
|
|
|
2018-10-11 13:20:18 +03:00
|
|
|
$state = $this->mandatoryTwoFactor->getState();
|
2018-09-29 19:57:00 +03:00
|
|
|
|
2018-10-11 13:20:18 +03:00
|
|
|
$this->assertFalse($state->isEnforced());
|
2018-09-29 19:57:00 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
public function testIsEnforced() {
|
2018-10-11 13:20:18 +03:00
|
|
|
$this->config
|
|
|
|
->method('getSystemValue')
|
|
|
|
->willReturnMap([
|
|
|
|
['twofactor_enforced', 'false', 'true'],
|
|
|
|
['twofactor_enforced_groups', [], []],
|
|
|
|
['twofactor_enforced_excluded_groups', [], []],
|
|
|
|
]);
|
|
|
|
|
|
|
|
$state = $this->mandatoryTwoFactor->getState();
|
|
|
|
|
|
|
|
$this->assertTrue($state->isEnforced());
|
|
|
|
}
|
|
|
|
|
|
|
|
public function testIsNotEnforcedForAnybody() {
|
|
|
|
$user = $this->createMock(IUser::class);
|
|
|
|
$user->method('getUID')->willReturn('user123');
|
|
|
|
$this->config
|
2018-09-29 19:57:00 +03:00
|
|
|
->method('getSystemValue')
|
2018-10-11 13:20:18 +03:00
|
|
|
->willReturnMap([
|
|
|
|
['twofactor_enforced', 'false', 'false'],
|
|
|
|
['twofactor_enforced_groups', [], []],
|
|
|
|
['twofactor_enforced_excluded_groups', [], []],
|
|
|
|
]);
|
2018-09-29 19:57:00 +03:00
|
|
|
|
2018-10-11 13:20:18 +03:00
|
|
|
$isEnforced = $this->mandatoryTwoFactor->isEnforcedFor($user);
|
|
|
|
|
|
|
|
$this->assertFalse($isEnforced);
|
|
|
|
}
|
|
|
|
|
|
|
|
public function testIsEnforcedForAGroupMember() {
|
|
|
|
$user = $this->createMock(IUser::class);
|
|
|
|
$user->method('getUID')->willReturn('user123');
|
|
|
|
$this->config
|
|
|
|
->method('getSystemValue')
|
|
|
|
->willReturnMap([
|
|
|
|
['twofactor_enforced', 'false', 'true'],
|
|
|
|
['twofactor_enforced_groups', [], ['twofactorers']],
|
|
|
|
['twofactor_enforced_excluded_groups', [], []],
|
|
|
|
]);
|
|
|
|
$this->groupManager->method('isInGroup')
|
2020-04-09 14:53:40 +03:00
|
|
|
->willReturnCallback(function ($user, $group) {
|
2018-10-11 13:20:18 +03:00
|
|
|
return $user === 'user123' && $group ==='twofactorers';
|
|
|
|
});
|
|
|
|
|
|
|
|
$isEnforced = $this->mandatoryTwoFactor->isEnforcedFor($user);
|
2018-09-29 19:57:00 +03:00
|
|
|
|
|
|
|
$this->assertTrue($isEnforced);
|
|
|
|
}
|
|
|
|
|
2018-10-11 13:20:18 +03:00
|
|
|
public function testIsEnforcedForOtherGroups() {
|
|
|
|
$user = $this->createMock(IUser::class);
|
|
|
|
$user->method('getUID')->willReturn('user123');
|
|
|
|
$this->config
|
|
|
|
->method('getSystemValue')
|
|
|
|
->willReturnMap([
|
|
|
|
['twofactor_enforced', 'false', 'true'],
|
|
|
|
['twofactor_enforced_groups', [], ['twofactorers']],
|
|
|
|
['twofactor_enforced_excluded_groups', [], []],
|
|
|
|
]);
|
|
|
|
$this->groupManager->method('isInGroup')
|
|
|
|
->willReturn(false);
|
|
|
|
|
|
|
|
$isEnforced = $this->mandatoryTwoFactor->isEnforcedFor($user);
|
|
|
|
|
|
|
|
$this->assertFalse($isEnforced);
|
|
|
|
}
|
|
|
|
|
|
|
|
public function testIsEnforcedButMemberOfExcludedGroup() {
|
|
|
|
$user = $this->createMock(IUser::class);
|
|
|
|
$user->method('getUID')->willReturn('user123');
|
|
|
|
$this->config
|
|
|
|
->method('getSystemValue')
|
|
|
|
->willReturnMap([
|
|
|
|
['twofactor_enforced', 'false', 'true'],
|
|
|
|
['twofactor_enforced_groups', [], []],
|
|
|
|
['twofactor_enforced_excluded_groups', [], ['yoloers']],
|
|
|
|
]);
|
|
|
|
$this->groupManager->method('isInGroup')
|
2020-04-09 14:53:40 +03:00
|
|
|
->willReturnCallback(function ($user, $group) {
|
2018-10-11 13:20:18 +03:00
|
|
|
return $user === 'user123' && $group ==='yoloers';
|
|
|
|
});
|
|
|
|
|
|
|
|
$isEnforced = $this->mandatoryTwoFactor->isEnforcedFor($user);
|
|
|
|
|
|
|
|
$this->assertFalse($isEnforced);
|
|
|
|
}
|
|
|
|
|
2018-09-29 19:57:00 +03:00
|
|
|
public function testSetEnforced() {
|
2018-10-11 13:20:18 +03:00
|
|
|
$this->config
|
|
|
|
->expects($this->exactly(3))
|
|
|
|
->method('setSystemValue')
|
|
|
|
->willReturnMap([
|
|
|
|
['twofactor_enforced', 'true'],
|
|
|
|
['twofactor_enforced_groups', []],
|
|
|
|
['twofactor_enforced_excluded_groups', []],
|
|
|
|
]);
|
|
|
|
|
|
|
|
$this->mandatoryTwoFactor->setState(new EnforcementState(true));
|
|
|
|
}
|
|
|
|
|
|
|
|
public function testSetEnforcedForGroups() {
|
|
|
|
$this->config
|
|
|
|
->expects($this->exactly(3))
|
2018-09-29 19:57:00 +03:00
|
|
|
->method('setSystemValue')
|
2018-10-11 13:20:18 +03:00
|
|
|
->willReturnMap([
|
|
|
|
['twofactor_enforced', 'true'],
|
|
|
|
['twofactor_enforced_groups', ['twofactorers']],
|
|
|
|
['twofactor_enforced_excluded_groups', ['yoloers']],
|
|
|
|
]);
|
2018-09-29 19:57:00 +03:00
|
|
|
|
2018-10-11 13:20:18 +03:00
|
|
|
$this->mandatoryTwoFactor->setState(new EnforcementState(true, ['twofactorers'], ['yoloers']));
|
2018-09-29 19:57:00 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
public function testSetNotEnforced() {
|
2018-10-11 13:20:18 +03:00
|
|
|
$this->config
|
|
|
|
->expects($this->exactly(3))
|
2018-09-29 19:57:00 +03:00
|
|
|
->method('setSystemValue')
|
2018-10-11 13:20:18 +03:00
|
|
|
->willReturnMap([
|
|
|
|
['twofactor_enforced', 'false'],
|
|
|
|
['twofactor_enforced_groups', []],
|
|
|
|
['twofactor_enforced_excluded_groups', []],
|
|
|
|
]);
|
2018-09-29 19:57:00 +03:00
|
|
|
|
2018-10-11 13:20:18 +03:00
|
|
|
$this->mandatoryTwoFactor->setState(new EnforcementState(false));
|
2018-09-29 19:57:00 +03:00
|
|
|
}
|
|
|
|
}
|