1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
|
<?php
/**
* Matomo - free/libre analytics platform
*
* @link https://matomo.org
* @license http://www.gnu.org/licenses/gpl-3.0.html GPL v3 or later
*/
namespace Piwik\Plugins\TwoFactorAuth\tests\Fixtures;
use Piwik\Container\StaticContainer;
use Piwik\Date;
use Piwik\Plugins\TwoFactorAuth\Dao\RecoveryCodeDao;
use Piwik\Plugins\TwoFactorAuth\TwoFactorAuthentication;
use Piwik\Plugins\UsersManager\Model;
use Piwik\Plugins\UsersManager\UserUpdater;
use Piwik\Tests\Framework\Fixture;
use Piwik\Plugins\UsersManager\API as UsersAPI;
class TwoFactorFixture extends Fixture
{
public $dateTime = '2013-01-23 01:23:45';
public $idSite = 1;
public $idSite2 = 2;
private $userWith2Fa = 'with2FA';
private $userWith2FaDisable = 'with2FADisable'; // we use this user to disable two factor
private $userWithout2Fa = 'without2FA';
private $userNo2Fa = 'no2FA';
private $userPassword = '123abcDk3_l3';
private $superUserWith2Fa = 'superWith2FA';
const USER_2FA_SECRET = '1111111111111111';
/**
* @var RecoveryCodeDao
*/
private $dao;
/**
* @var TwoFactorAuthentication
*/
private $twoFa;
public function setUp(): void
{
$this->dao = StaticContainer::get(RecoveryCodeDao::class);
$this->twoFa = StaticContainer::get(TwoFactorAuthentication::class);
$this->setUpWebsite();
$this->setUpUsers();
$this->trackFirstVisit();
}
public function tearDown(): void
{
// empty
}
public function setUpWebsite()
{
for ($i = 1; $i <= 2; $i++) {
if (!self::siteCreated($i)) {
$idSite = self::createWebsite($this->dateTime);
// we set type "mobileapp" to avoid the creation of a default container
$this->assertSame($i, $idSite);
}
}
}
public function setUpUsers()
{
\Piwik\Plugins\UsersManager\API::getInstance()->addUser($this->superUserWith2Fa, $this->userPassword,
$this->superUserWith2Fa . '@matomo.org');
$userUpdater = new UserUpdater();
$userUpdater->setSuperUserAccessWithoutCurrentPassword($this->superUserWith2Fa, true);
foreach ([$this->userWith2Fa, $this->userWithout2Fa, $this->userWith2FaDisable, $this->userNo2Fa] as $user) {
\Piwik\Plugins\UsersManager\API::getInstance()->addUser($user, $this->userPassword, $user . '@matomo.org');
// we cannot set superuser as logme won't work for super user
UsersAPI::getInstance()->setUserAccess($user, 'admin', [$this->idSite, $this->idSite2]);
if ($this->userWith2Fa === $user) {
$userModel = new Model();
$userModel->updateUserTokenAuth($user, 'c4ca4238a0b923820dcc509a6f75849b');
}
}
foreach ([$this->userWith2Fa, $this->userWith2FaDisable, $this->superUserWith2Fa] as $user) {
$this->dao->insertRecoveryCode($user, '123456');
$this->dao->insertRecoveryCode($user, '234567');
$this->dao->insertRecoveryCode($user, '345678');
$this->dao->insertRecoveryCode($user, '456789');
$this->dao->insertRecoveryCode($user, '567890');
$this->dao->insertRecoveryCode($user, '678901');
$this->twoFa->saveSecret($user, self::USER_2FA_SECRET);
}
}
protected function trackFirstVisit()
{
$t = self::getTracker($this->idSite, $this->dateTime, $defaultInit = true);
$t->setForceVisitDateTime(Date::factory($this->dateTime)->addHour(0.1)->getDatetime());
$t->setUrl('http://example.com/');
self::checkResponse($t->doTrackPageView('Viewing homepage'));
}
}
|