1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
|
<?php
/**
* Piwik - free/libre analytics platform
*
* @link https://matomo.org
* @license http://www.gnu.org/licenses/gpl-3.0.html GPL v3 or later
*/
namespace Piwik\Tests\Integration\API;
use Piwik\API\Request;
use Piwik\AuthResult;
use Piwik\Db;
use Piwik\Tests\Framework\TestCase\IntegrationTestCase;
/**
* @group Core
*/
class RequestTest extends IntegrationTestCase
{
/** @var \Piwik\Auth|\PHPUnit\Framework\MockObject\MockObject */
private $auth;
/** @var \Piwik\Access|\PHPUnit\Framework\MockObject\MockObject */
private $access;
private $userAuthToken = 'token';
public function test_process_shouldNotReloadAccessIfNoTokenAuthIsGiven()
{
$this->assertAccessNotReloaded();
$request = new Request(array('method' => 'API.getPiwikVersion'));
$request->process();
$this->assertSameUserAsBeforeIsAuthenticated();
}
public function test_process_shouldNotReloadAccessIfSameAuthTokenIsAlreadyLoaded()
{
$this->assertAccessNotReloaded();
$request = new Request(array('method' => 'API.getPiwikVersion', 'token_auth' => $this->access->getTokenAuth()));
$request->process();
$this->assertSameUserAsBeforeIsAuthenticated();
}
public function test_process_shouldReloadAccessIfAuthTokenIsDifferent()
{
// make sure tokenAuth is different then set 'AnYTOkEN' token
$this->assertEquals('token', $this->access->getTokenAuth());
$this->assertAccessReloadedAndRestored('AnYTOkEN');
$request = new Request(array('method' => 'API.getPiwikVersion', 'token_auth' => 'AnYTOkEN'));
$request->process();
// make sure token auth was restored after it was loaded with AnYTOkEN
$this->assertSameUserAsBeforeIsAuthenticated();
}
public function test_process_shouldReloadAccessIfAuthTokenIsDifferentButEmpty()
{
$this->assertEquals('token', $this->access->getTokenAuth());
$this->assertAccessReloadedAndRestored('');
$request = new Request(array('method' => 'API.getPiwikVersion', 'token_auth' => ''));
$request->process();
$this->assertSameUserAsBeforeIsAuthenticated();
}
public function test_process_shouldKeepSuperUserPermission_IfAccessWasManuallySet()
{
$this->access->setSuperUserAccess(true);
$this->assertAccessReloadedAndRestored('difFenrenT');
$request = new Request(array('method' => 'API.getPiwikVersion', 'token_auth' => 'difFenrenT'));
$request->process();
// make sure token auth was restored after it was loaded with difFenrenT
$this->assertSameUserAsBeforeIsAuthenticated();
$this->assertTrue($this->access->hasSuperUserAccess());
}
public function test_isApiRequest_shouldDetectIfItIsApiRequestOrNot()
{
$this->assertFalse(Request::isApiRequest(array()));
$this->assertFalse(Request::isApiRequest(array('module' => '', 'method' => '')));
$this->assertFalse(Request::isApiRequest(array('module' => 'API'))); // no method
$this->assertFalse(Request::isApiRequest(array('module' => 'CoreHome', 'method' => 'index.test'))); // not api
$this->assertFalse(Request::isApiRequest(array('module' => 'API', 'method' => 'testmethod'))); // no valid action
$this->assertTrue(Request::isApiRequest(array('module' => 'API', 'method' => 'test.method')));
}
private function assertSameUserAsBeforeIsAuthenticated()
{
$this->assertEquals($this->userAuthToken, $this->access->getTokenAuth());
}
private function assertAccessNotReloaded()
{
$this->access->expects($this->never())->method('reloadAccess');
}
private function assertAccessReloadedAndRestored($expectedTokenToBeReloaded)
{
$this->access->expects($this->exactly(2))->method('reloadAccess');
// verify access reloaded
$this->auth->expects($this->at(0))->method('setLogin')->with($this->equalTo(null));
$this->auth->expects($this->at(1))->method('setTokenAuth')->with($this->equalTo($expectedTokenToBeReloaded));
$this->auth->expects($this->at(2))->method('authenticate')->will($this->returnValue(new AuthResult(AuthResult::SUCCESS, 'login1', $expectedTokenToBeReloaded)));
// verify access restored
$this->auth->expects($this->at(3))->method('setLogin')->with($this->equalTo(null));
$this->auth->expects($this->at(4))->method('setTokenAuth')->with($this->equalTo($tokenRestored = $this->userAuthToken));
$this->auth->expects($this->at(5))->method('authenticate')->will($this->returnValue(new AuthResult(AuthResult::SUCCESS, 'login', $this->userAuthToken)));
}
private function createAuthMock()
{
$authMock = $this->getMockBuilder('Piwik\Plugins\Login\Auth')
->setMethods(array('authenticate', 'setTokenAuth', 'setLogin'))
->getMock();
$authMock->expects($this->any())
->method('authenticate')
->will($this->returnValue(new AuthResult(AuthResult::SUCCESS, 'login', $this->userAuthToken)));
return $authMock;
}
private function createAccessMock($auth)
{
$mock = $this->getMockBuilder('Piwik\Access')
->setMethods(array('getTokenAuth', 'reloadAccess'))
->enableProxyingToOriginalMethods()
->getMock();
$mock->reloadAccess($auth);
return $mock;
}
public function provideContainerConfig()
{
$this->auth = $this->createAuthMock();
$this->access = $this->createAccessMock($this->auth);
return array(
'Piwik\Auth' => $this->auth,
'Piwik\Access' => $this->access
);
}
}
|
