diff options
author | Thomas Steur <tsteur@users.noreply.github.com> | 2020-08-11 01:39:06 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-08-11 01:39:06 +0300 |
commit | b09093780b6a906a0522bda2a8137ca280ab3f65 (patch) | |
tree | db5733daafaa9c6ef29b1c65af835f8ae9844f6b /tests | |
parent | fc08d43ed00315180cdc2907a35086add7a04ad2 (diff) |
Only allow widgetize and token usage for view users (#16263)
Diffstat (limited to 'tests')
15 files changed, 68 insertions, 19 deletions
diff --git a/tests/PHPUnit/Fixtures/UITestFixture.php b/tests/PHPUnit/Fixtures/UITestFixture.php index 7ea86b7569..567b106921 100644 --- a/tests/PHPUnit/Fixtures/UITestFixture.php +++ b/tests/PHPUnit/Fixtures/UITestFixture.php @@ -127,6 +127,19 @@ class UITestFixture extends SqlDump ); $this->addDangerousLinks(); + + $model = new \Piwik\Plugins\UsersManager\Model(); + $user = $model->getUser(self::VIEW_USER_LOGIN); + + if (empty($user)) { + $model->addUser(self::VIEW_USER_LOGIN, self::VIEW_USER_PASSWORD, 'hello2@example.org', Date::now()->getDatetime()); + $model->addUserAccess(self::VIEW_USER_LOGIN, 'view', array(1)); + } else { + $model->updateUser(self::VIEW_USER_LOGIN, self::VIEW_USER_PASSWORD, 'hello2@example.org'); + } + if (!$model->getUserByTokenAuth(self::VIEW_USER_TOKEN)) { + $model->addTokenAuth(self::VIEW_USER_LOGIN,self::VIEW_USER_TOKEN, 'View user token', Date::now()->getDatetime()); + } } public function performSetUp($setupEnvironmentOnly = false) diff --git a/tests/PHPUnit/Framework/Fixture.php b/tests/PHPUnit/Framework/Fixture.php index 2a7cadaf95..97258b3550 100644 --- a/tests/PHPUnit/Framework/Fixture.php +++ b/tests/PHPUnit/Framework/Fixture.php @@ -83,6 +83,10 @@ class Fixture extends \PHPUnit\Framework\Assert const ADMIN_USER_PASSWORD = 'superUserPass'; const ADMIN_USER_TOKEN = 'c4ca4238a0b923820dcc509a6f75849b'; + const VIEW_USER_LOGIN = 'viewUserLogin'; + const VIEW_USER_PASSWORD = 'viewUserPass'; + const VIEW_USER_TOKEN = 'a4ca4238a0b923820dcc509a6f75849f'; + const PERSIST_FIXTURE_DATA_ENV = 'PERSIST_FIXTURE_DATA'; public $dbName = false; diff --git a/tests/PHPUnit/Integration/FrontControllerTest.php b/tests/PHPUnit/Integration/FrontControllerTest.php index 8699da62ea..8a4945dec5 100644 --- a/tests/PHPUnit/Integration/FrontControllerTest.php +++ b/tests/PHPUnit/Integration/FrontControllerTest.php @@ -48,7 +48,7 @@ FORMAT; $this->assertEquals('error', $response['result']); $expectedFormat = <<<FORMAT -test message on {includePath}/tests/resources/trigger-fatal-exception.php(23) #0 [internal function]: {closure}('CoreHome', 'index', Array) #1 {includePath}/core/EventDispatcher.php(141): call_user_func_array(Object(Closure), Array) #2 {includePath}/core/Piwik.php(802): Piwik\EventDispatcher->postEvent('Request.dispatc...', Array, false, Array) #3 {includePath}/core/FrontController.php(569): Piwik\Piwik::postEvent('Request.dispatc...', Array) #4 {includePath}/core/FrontController.php(165): Piwik\FrontController->doDispatch('CoreHome', 'index', Array) #5 {includePath}/tests/resources/trigger-fatal-exception.php(31): Piwik\FrontController->dispatch('CoreHome', 'index') #6 {main} +test message on {includePath}/tests/resources/trigger-fatal-exception.php(23) #0 [internal function]: {closure}('CoreHome', 'index', Array) #1 {includePath}/core/EventDispatcher.php(141): call_user_func_array(Object(Closure), Array) #2 {includePath}/core/Piwik.php(802): Piwik\EventDispatcher->postEvent('Request.dispatc...', Array, false, Array) #3 {includePath}/core/FrontController.php(574): Piwik\Piwik::postEvent('Request.dispatc...', Array) #4 {includePath}/core/FrontController.php(165): Piwik\FrontController->doDispatch('CoreHome', 'index', Array) #5 {includePath}/tests/resources/trigger-fatal-exception.php(31): Piwik\FrontController->dispatch('CoreHome', 'index') #6 {main} FORMAT; $this->assertStringMatchesFormat($expectedFormat, $response['message']); } diff --git a/tests/PHPUnit/System/CookieTest.php b/tests/PHPUnit/System/CookieTest.php index 0c5d709a5b..bd32beea96 100644 --- a/tests/PHPUnit/System/CookieTest.php +++ b/tests/PHPUnit/System/CookieTest.php @@ -8,9 +8,11 @@ */ namespace Piwik\Tests\System; +use Piwik\Access; use Piwik\Config; use Piwik\SettingsPiwik; use Piwik\Tests\Framework\Fixture; +use Piwik\Tests\Framework\Mock\FakeAccess; use Piwik\Tests\Framework\TestCase\SystemTestCase; class CookieTest extends SystemTestCase @@ -83,7 +85,6 @@ class CookieTest extends SystemTestCase 'period' => 'day', 'date' => 'yesterday', 'ignoreSalt' => md5(SettingsPiwik::getSalt()), - 'token_auth' => $tokenAuth ); $url = $matomoUrl . 'index.php?' . http_build_query($params); @@ -105,4 +106,19 @@ class CookieTest extends SystemTestCase { self::assertStringContainsString('SameSite=' . $expectedSameSite, $cookieHeader); } + + /** + * Use this method to return custom container configuration that you want to apply for the tests. + * This configuration will override Fixture config. + * + * @return array + */ + public static function provideContainerConfigBeforeClass() + { + $fakeAccess = new FakeAccess(); + $fakeAccess->setSuperUserAccess(true); + return [ + Access::class => $fakeAccess + ]; + } }
\ No newline at end of file diff --git a/tests/UI/expected-screenshots/BarGraph_load_fail_when_token_used.png b/tests/UI/expected-screenshots/BarGraph_load_fail_when_token_used.png new file mode 100644 index 0000000000..5b0a68c035 --- /dev/null +++ b/tests/UI/expected-screenshots/BarGraph_load_fail_when_token_used.png @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:2ecd652a528a11799f42fc81a41bc5123e06e23cbc218ede634e0ed776d7d7cc +size 48697 diff --git a/tests/UI/expected-screenshots/EmptySite_emptySiteDashboard_ignored.png b/tests/UI/expected-screenshots/EmptySite_emptySiteDashboard_ignored.png index 1fea0f9c9f..9b089b4875 100644 --- a/tests/UI/expected-screenshots/EmptySite_emptySiteDashboard_ignored.png +++ b/tests/UI/expected-screenshots/EmptySite_emptySiteDashboard_ignored.png @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:3cb89b82fc84803436dfceb89ff0fe2fc27c39f73e7a0932cdc38335c220b380 -size 366894 +oid sha256:c870b64bea3a0233c602e70e2cd7b4da5820182d08056fe85965444d6cd524a5 +size 366822 diff --git a/tests/UI/expected-screenshots/Theme_home.png b/tests/UI/expected-screenshots/Theme_home.png index ad1ca26680..059f6d3e6a 100644 --- a/tests/UI/expected-screenshots/Theme_home.png +++ b/tests/UI/expected-screenshots/Theme_home.png @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:5e843176745f9b331cda7744342745c52d231162970bb2a546bfd19401c72fbc -size 728484 +oid sha256:ba8159f75e3c61863df48e676d21ff8522160fa22649d0fa3c2eedbe2a5d9353 +size 728419 diff --git a/tests/UI/expected-screenshots/UIIntegrationTest_admin_home.png b/tests/UI/expected-screenshots/UIIntegrationTest_admin_home.png index 1c1e01bff8..f6ff75bd8a 100644 --- a/tests/UI/expected-screenshots/UIIntegrationTest_admin_home.png +++ b/tests/UI/expected-screenshots/UIIntegrationTest_admin_home.png @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:c4ee6d92d654a5855ba2d4ff82d66ea8f7d8eb31760c25701256ac9009c2fbad -size 149517 +oid sha256:e120afc0acdc1a94cb2493d2713a3d936f92f85b92f048b45e5be1373a1a0a7a +size 149461 diff --git a/tests/UI/expected-screenshots/UIIntegrationTest_admin_home_admintoken_not_allowed.png b/tests/UI/expected-screenshots/UIIntegrationTest_admin_home_admintoken_not_allowed.png new file mode 100644 index 0000000000..5b0a68c035 --- /dev/null +++ b/tests/UI/expected-screenshots/UIIntegrationTest_admin_home_admintoken_not_allowed.png @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:2ecd652a528a11799f42fc81a41bc5123e06e23cbc218ede634e0ed776d7d7cc +size 48697 diff --git a/tests/UI/expected-screenshots/UIIntegrationTest_admin_themes.png b/tests/UI/expected-screenshots/UIIntegrationTest_admin_themes.png index a7cef66fa1..fae1adeac8 100644 --- a/tests/UI/expected-screenshots/UIIntegrationTest_admin_themes.png +++ b/tests/UI/expected-screenshots/UIIntegrationTest_admin_themes.png @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:8475ddc200fafc929289c5a0791cdc715eb64ee3cd04d6c08f0a702259169088 -size 79115 +oid sha256:840c3fbca67d466ec8079b402da4ef5f7f74286fc8e6978e5a09248d6196d068 +size 79078 diff --git a/tests/UI/expected-screenshots/UIIntegrationTest_api_error.png b/tests/UI/expected-screenshots/UIIntegrationTest_api_error.png index 1c1e01bff8..f6ff75bd8a 100644 --- a/tests/UI/expected-screenshots/UIIntegrationTest_api_error.png +++ b/tests/UI/expected-screenshots/UIIntegrationTest_api_error.png @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:c4ee6d92d654a5855ba2d4ff82d66ea8f7d8eb31760c25701256ac9009c2fbad -size 149517 +oid sha256:e120afc0acdc1a94cb2493d2713a3d936f92f85b92f048b45e5be1373a1a0a7a +size 149461 diff --git a/tests/UI/expected-screenshots/UIIntegrationTest_dashboard1.png b/tests/UI/expected-screenshots/UIIntegrationTest_dashboard1.png index 758e4fd08c..0151f336e5 100644 --- a/tests/UI/expected-screenshots/UIIntegrationTest_dashboard1.png +++ b/tests/UI/expected-screenshots/UIIntegrationTest_dashboard1.png @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:1802cb493b280d29cd404c8ef7bb38d5c76a149a4977531f890a5532151bb006 -size 652951 +oid sha256:dcef79816dcd6b1fedda86f25f2cbb2ec85b0101568cc3b6bf5e717e980aa89a +size 652880 diff --git a/tests/UI/specs/BarGraph_spec.js b/tests/UI/specs/BarGraph_spec.js index 6d1c63c66f..7ef3a562e5 100644 --- a/tests/UI/specs/BarGraph_spec.js +++ b/tests/UI/specs/BarGraph_spec.js @@ -10,8 +10,7 @@ describe("BarGraph", function () { var tokenAuth = "c4ca4238a0b923820dcc509a6f75849b", // md5('superUserLogin' . md5('superUserPass')) url = "?module=Widgetize&action=iframe&moduleToWidgetize=Referrers&idSite=1&period=year&date=2012-08-09&" - + "actionToWidgetize=getKeywords&viewDataTable=graphVerticalBar&isFooterExpandedInDashboard=1&" - + "token_auth=" + tokenAuth; + + "actionToWidgetize=getKeywords&viewDataTable=graphVerticalBar&isFooterExpandedInDashboard=1&"; before(function () { // use real auth + token auth to test that auth works when widgetizing reports in an iframe @@ -19,8 +18,13 @@ describe("BarGraph", function () { testEnvironment.save(); }); + it("should fail when admin token is used", async function () { + await page.goto(url + 'token_auth=' + tokenAuth); + expect(await page.screenshot({ fullPage: true })).to.matchImage('load_fail_when_token_used'); + }); + it("should load correctly", async function () { - await page.goto(url); + await page.goto(url + 'token_auth=a4ca4238a0b923820dcc509a6f75849f'); expect(await page.screenshot({ fullPage: true })).to.matchImage('load'); }); diff --git a/tests/UI/specs/Comparison_spec.js b/tests/UI/specs/Comparison_spec.js index e31a48f5a6..43340c8ad1 100644 --- a/tests/UI/specs/Comparison_spec.js +++ b/tests/UI/specs/Comparison_spec.js @@ -17,10 +17,10 @@ describe("Comparison", function () { compareParams = comparePeriod + compareSegment, barGraphUrl = "?module=Widgetize&action=iframe&moduleToWidgetize=Referrers&idSite=1&period=year&date=2012-08-09&" + "actionToWidgetize=getKeywords&viewDataTable=graphVerticalBar&isFooterExpandedInDashboard=1&" - + "token_auth=" + tokenAuth + compareParams, + + compareParams, pieGraphUrl = "?module=Widgetize&action=iframe&moduleToWidgetize=Referrers&idSite=1&period=year&date=2012-08-09&" + "actionToWidgetize=getKeywords&viewDataTable=graphPie&isFooterExpandedInDashboard=1&" - + "token_auth=" + tokenAuth + compareParams, + + compareParams, goalsTableUrl = "?module=Widgetize&action=iframe&moduleToWidgetize=Referrers&idSite=1&period=year&date=2012-08-09&" + "actionToWidgetize=getKeywords&viewDataTable=tableGoals&filter_limit=5&isFooterExpandedInDashboard=1" + compareParams, htmlTableUrl = "?module=Widgetize&action=iframe&moduleToWidgetize=Referrers&idSite=1&period=year&date=2012-08-09&" diff --git a/tests/UI/specs/UIIntegration_spec.js b/tests/UI/specs/UIIntegration_spec.js index 7b18b1a809..00f3f19e66 100644 --- a/tests/UI/specs/UIIntegration_spec.js +++ b/tests/UI/specs/UIIntegration_spec.js @@ -731,6 +731,12 @@ describe("UIIntegrationTest", function () { // TODO: Rename to Piwik? describe("AdminPages", function () { this.title = parentSuite.title; // to make sure the screenshot prefix is the same + it('should not be possible to render any action using token_auth with at least some admin access', async function () { + await page.goto("?" + generalParams + "&module=CoreAdminHome&action=home&token_auth=c4ca4238a0b923820dcc509a6f75849b"); + + expect(await page.screenshot({ fullPage: true })).to.matchImage('admin_home_admintoken_not_allowed'); + }); + it('should load the Admin home page correct', async function () { await page.goto("?" + generalParams + "&module=CoreAdminHome&action=home"); |