diff options
| author | diosmosis <diosmosis@users.noreply.github.com> | 2019-05-16 03:12:05 +0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2019-05-16 03:12:05 +0300 |
| commit | 05017ba88ec611f63bf223728990351212ff560f (patch) | |
| tree | 79c20127a6584a1316bb864b329d0cba713add10 /plugins/UsersManager/tests/Integration/APITest.php | |
| parent | cecec674a65e4dc2a1aa7c33722a5380be2fd719 (diff) | |
Require password confirmation before setting/removing superuser access. (#13975)
* Require password confirmation for changing superuser access and fix issue where getSiteAccess is called w/ superuser when toggling superuser access.
* apply review feedback
* Allow bypassing password confirmation in certain scenarios.
* Fixing tests & adding UI test.
* Update submodule.
* test fixes + remove return; from 2fa tests.
* update submodule
* Fixing tests
* Couple tweaks for screenshot testing.
* test fixes
* Fix TwoFactorAuthUsersManager test.
* More test fixes.
* try to disable all transitions
* More UI test fixes + disable materialize animations globally in UI tests.
* 2fa ui tests now working
Diffstat (limited to 'plugins/UsersManager/tests/Integration/APITest.php')
| -rw-r--r-- | plugins/UsersManager/tests/Integration/APITest.php | 19 |
1 files changed, 16 insertions, 3 deletions
diff --git a/plugins/UsersManager/tests/Integration/APITest.php b/plugins/UsersManager/tests/Integration/APITest.php index a512660e6b..27c83ec306 100644 --- a/plugins/UsersManager/tests/Integration/APITest.php +++ b/plugins/UsersManager/tests/Integration/APITest.php @@ -20,6 +20,7 @@ use Piwik\Plugins\SitesManager\API as SitesManagerAPI; use Piwik\Plugins\UsersManager\API; use Piwik\Plugins\UsersManager\Model; use Piwik\Plugins\UsersManager\UsersManager; +use Piwik\Plugins\UsersManager\UserUpdater; use Piwik\Tests\Framework\Fixture; use Piwik\Tests\Framework\Mock\FakeAccess; use Piwik\Tests\Framework\TestCase\IntegrationTestCase; @@ -381,7 +382,8 @@ class APITest extends IntegrationTestCase $access = $this->api->getSitesAccessFromUser($user2); $this->assertEmpty($access); - $this->api->setSuperUserAccess($user2, true); + $userUpdater = new UserUpdater(); + $userUpdater->setSuperUserAccessWithoutCurrentPassword($user2, true); // super user has admin access for every site $access = $this->api->getSitesAccessFromUser($user2); @@ -546,7 +548,8 @@ class APITest extends IntegrationTestCase public function test_getUsersPlusRole_shouldSearchForSuperUsersCorrectly() { $this->addUserWithAccess('userLogin2', 'admin', 1); - $this->api->setSuperUserAccess('userLogin2', true); + $userUpdater = new UserUpdater(); + $userUpdater->setSuperUserAccessWithoutCurrentPassword('userLogin2', true); $this->addUserWithAccess('userLogin3', 'view', 1); $this->addUserWithAccess('userLogin4', 'superuser', 1); $this->addUserWithAccess('userLogin5', null, 1); @@ -983,6 +986,15 @@ class APITest extends IntegrationTestCase $this->assertEquals(array(View::ID, TestCap1::ID), $access); } + /** + * @expectedException \Exception + * @expectedExceptionMessage abc + */ + public function test_setSuperUserAccess_failsIfCurrentPasswordIsIncorrect() + { + $this->api->setSuperUserAccess($this->login, true, 'asldfkjds'); + } + private function getAccessInSite($login, $idSite) { $access = $this->model->getSitesAccessFromUser($login); @@ -1018,7 +1030,8 @@ class APITest extends IntegrationTestCase { $this->api->addUser($username, 'password', $email ?: "$username@password.de", $alias); if ($accessLevel == 'superuser') { - $this->api->setSuperUserAccess($username, true); + $userUpdater = new UserUpdater(); + $userUpdater->setSuperUserAccessWithoutCurrentPassword($username, true); } else if ($accessLevel) { $this->api->setUserAccess($username, $accessLevel, $idSite); } |