diff options
author | Roeland Jago Douma <roeland@famdouma.nl> | 2019-04-05 19:21:08 +0300 |
---|---|---|
committer | Roeland Jago Douma <roeland@famdouma.nl> | 2019-05-17 11:11:53 +0300 |
commit | 579162d7b94465d5041a7bf1229f68e6d92d7b58 (patch) | |
tree | bf9e43faac91fec050ef5c7971c66be07a7b7ad8 /tests/lib/Authentication | |
parent | e625164e85b3ab4be3a51b86f909564430cb388b (diff) |
Allow 2FA to be setup on first login
Once 2FA is enforced for a user and they have no 2FA setup yet this will
now prompt them with a setup screen. Given that providers are enabled
that allow setup then.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
Diffstat (limited to 'tests/lib/Authentication')
-rw-r--r-- | tests/lib/Authentication/Login/TwoFactorCommandTest.php | 180 | ||||
-rw-r--r-- | tests/lib/Authentication/TwoFactorAuth/ManagerTest.php | 19 |
2 files changed, 199 insertions, 0 deletions
diff --git a/tests/lib/Authentication/Login/TwoFactorCommandTest.php b/tests/lib/Authentication/Login/TwoFactorCommandTest.php index a5c1c8e352b..5f91d812525 100644 --- a/tests/lib/Authentication/Login/TwoFactorCommandTest.php +++ b/tests/lib/Authentication/Login/TwoFactorCommandTest.php @@ -27,7 +27,9 @@ namespace lib\Authentication\Login; use OC\Authentication\Login\TwoFactorCommand; use OC\Authentication\TwoFactorAuth\Manager; +use OC\Authentication\TwoFactorAuth\MandatoryTwoFactor; use OC\Authentication\TwoFactorAuth\ProviderSet; +use OCP\Authentication\TwoFactorAuth\IActivatableAtLogin; use OCP\Authentication\TwoFactorAuth\IProvider as ITwoFactorAuthProvider; use OCP\IURLGenerator; use PHPUnit\Framework\MockObject\MockObject; @@ -37,6 +39,9 @@ class TwoFactorCommandTest extends ALoginCommandTest { /** @var Manager|MockObject */ private $twoFactorManager; + /** @var MandatoryTwoFactor|MockObject */ + private $mandatoryTwoFactor; + /** @var IURLGenerator|MockObject */ private $urlGenerator; @@ -44,10 +49,12 @@ class TwoFactorCommandTest extends ALoginCommandTest { parent::setUp(); $this->twoFactorManager = $this->createMock(Manager::class); + $this->mandatoryTwoFactor = $this->createMock(MandatoryTwoFactor::class); $this->urlGenerator = $this->createMock(IURLGenerator::class); $this->cmd = new TwoFactorCommand( $this->twoFactorManager, + $this->mandatoryTwoFactor, $this->urlGenerator ); } @@ -82,6 +89,14 @@ class TwoFactorCommandTest extends ALoginCommandTest { ->willReturn(new ProviderSet([ $provider, ], false)); + $this->twoFactorManager->expects($this->once()) + ->method('getLoginSetupProviders') + ->with($this->user) + ->willReturn([]); + $this->mandatoryTwoFactor->expects($this->any()) + ->method('isEnforcedFor') + ->with($this->user) + ->willReturn(false); $provider->expects($this->once()) ->method('getId') ->willReturn('test'); @@ -101,6 +116,47 @@ class TwoFactorCommandTest extends ALoginCommandTest { $this->assertEquals('two/factor/url', $result->getRedirectUrl()); } + public function testProcessMissingProviders() { + $data = $this->getLoggedInLoginData(); + $this->twoFactorManager->expects($this->once()) + ->method('isTwoFactorAuthenticated') + ->willReturn(true); + $this->twoFactorManager->expects($this->once()) + ->method('prepareTwoFactorLogin') + ->with( + $this->user, + $data->isRememberLogin() + ); + $provider = $this->createMock(ITwoFactorAuthProvider::class); + $provider->expects($this->once()) + ->method('getId') + ->willReturn('test1'); + $this->twoFactorManager->expects($this->once()) + ->method('getProviderSet') + ->willReturn(new ProviderSet([ + $provider, + ], true)); + $this->twoFactorManager->expects($this->once()) + ->method('getLoginSetupProviders') + ->with($this->user) + ->willReturn([]); + $this->mandatoryTwoFactor->expects($this->any()) + ->method('isEnforcedFor') + ->with($this->user) + ->willReturn(false); + $this->urlGenerator->expects($this->once()) + ->method('linkToRoute') + ->with( + 'core.TwoFactorChallenge.selectChallenge' + ) + ->willReturn('two/factor/url'); + + $result = $this->cmd->process($data); + + $this->assertTrue($result->isSuccess()); + $this->assertEquals('two/factor/url', $result->getRedirectUrl()); + } + public function testProcessTwoActiveProviders() { $data = $this->getLoggedInLoginData(); $this->twoFactorManager->expects($this->once()) @@ -126,6 +182,122 @@ class TwoFactorCommandTest extends ALoginCommandTest { $provider1, $provider2, ], false)); + $this->twoFactorManager->expects($this->once()) + ->method('getLoginSetupProviders') + ->with($this->user) + ->willReturn([]); + $this->mandatoryTwoFactor->expects($this->any()) + ->method('isEnforcedFor') + ->with($this->user) + ->willReturn(false); + $this->urlGenerator->expects($this->once()) + ->method('linkToRoute') + ->with( + 'core.TwoFactorChallenge.selectChallenge' + ) + ->willReturn('two/factor/url'); + + $result = $this->cmd->process($data); + + $this->assertTrue($result->isSuccess()); + $this->assertEquals('two/factor/url', $result->getRedirectUrl()); + } + + public function testProcessFailingProviderAndEnforcedButNoSetupProviders() { + $data = $this->getLoggedInLoginData(); + $this->twoFactorManager->expects($this->once()) + ->method('isTwoFactorAuthenticated') + ->willReturn(true); + $this->twoFactorManager->expects($this->once()) + ->method('prepareTwoFactorLogin') + ->with( + $this->user, + $data->isRememberLogin() + ); + $this->twoFactorManager->expects($this->once()) + ->method('getProviderSet') + ->willReturn(new ProviderSet([], true)); + $this->twoFactorManager->expects($this->once()) + ->method('getLoginSetupProviders') + ->with($this->user) + ->willReturn([]); + $this->mandatoryTwoFactor->expects($this->any()) + ->method('isEnforcedFor') + ->with($this->user) + ->willReturn(true); + $this->urlGenerator->expects($this->once()) + ->method('linkToRoute') + ->with( + 'core.TwoFactorChallenge.selectChallenge' + ) + ->willReturn('two/factor/url'); + + $result = $this->cmd->process($data); + + $this->assertTrue($result->isSuccess()); + $this->assertEquals('two/factor/url', $result->getRedirectUrl()); + } + + public function testProcessFailingProviderAndEnforced() { + $data = $this->getLoggedInLoginData(); + $this->twoFactorManager->expects($this->once()) + ->method('isTwoFactorAuthenticated') + ->willReturn(true); + $this->twoFactorManager->expects($this->once()) + ->method('prepareTwoFactorLogin') + ->with( + $this->user, + $data->isRememberLogin() + ); + $provider = $this->createMock(IActivatableAtLogin::class); + $this->twoFactorManager->expects($this->once()) + ->method('getProviderSet') + ->willReturn(new ProviderSet([ + $provider, + ], true)); + $this->twoFactorManager->expects($this->once()) + ->method('getLoginSetupProviders') + ->with($this->user) + ->willReturn([]); + $this->mandatoryTwoFactor->expects($this->any()) + ->method('isEnforcedFor') + ->with($this->user) + ->willReturn(true); + $this->urlGenerator->expects($this->once()) + ->method('linkToRoute') + ->with( + 'core.TwoFactorChallenge.selectChallenge' + ) + ->willReturn('two/factor/url'); + + $result = $this->cmd->process($data); + + $this->assertTrue($result->isSuccess()); + $this->assertEquals('two/factor/url', $result->getRedirectUrl()); + } + + public function testProcessNoProvidersButEnforced() { + $data = $this->getLoggedInLoginData(); + $this->twoFactorManager->expects($this->once()) + ->method('isTwoFactorAuthenticated') + ->willReturn(true); + $this->twoFactorManager->expects($this->once()) + ->method('prepareTwoFactorLogin') + ->with( + $this->user, + $data->isRememberLogin() + ); + $this->twoFactorManager->expects($this->once()) + ->method('getProviderSet') + ->willReturn(new ProviderSet([], false)); + $this->twoFactorManager->expects($this->once()) + ->method('getLoginSetupProviders') + ->with($this->user) + ->willReturn([]); + $this->mandatoryTwoFactor->expects($this->any()) + ->method('isEnforcedFor') + ->with($this->user) + ->willReturn(true); $this->urlGenerator->expects($this->once()) ->method('linkToRoute') ->with( @@ -156,6 +328,14 @@ class TwoFactorCommandTest extends ALoginCommandTest { ->willReturn(new ProviderSet([ $provider, ], false)); + $this->twoFactorManager->expects($this->once()) + ->method('getLoginSetupProviders') + ->with($this->user) + ->willReturn([]); + $this->mandatoryTwoFactor->expects($this->any()) + ->method('isEnforcedFor') + ->with($this->user) + ->willReturn(false); $provider->expects($this->once()) ->method('getId') ->willReturn('test'); diff --git a/tests/lib/Authentication/TwoFactorAuth/ManagerTest.php b/tests/lib/Authentication/TwoFactorAuth/ManagerTest.php index 0f09691bc1c..e836e8d316b 100644 --- a/tests/lib/Authentication/TwoFactorAuth/ManagerTest.php +++ b/tests/lib/Authentication/TwoFactorAuth/ManagerTest.php @@ -31,6 +31,7 @@ use OC\Authentication\TwoFactorAuth\ProviderLoader; use OCP\Activity\IEvent; use OCP\Activity\IManager; use OCP\AppFramework\Utility\ITimeFactory; +use OCP\Authentication\TwoFactorAuth\IActivatableAtLogin; use OCP\Authentication\TwoFactorAuth\IProvider; use OCP\Authentication\TwoFactorAuth\IRegistry; use OCP\IConfig; @@ -38,6 +39,7 @@ use OCP\ILogger; use OCP\ISession; use OCP\IUser; use PHPUnit\Framework\MockObject\MockObject; +use function reset; use Symfony\Component\EventDispatcher\EventDispatcherInterface; use Test\TestCase; @@ -297,6 +299,23 @@ class ManagerTest extends TestCase { $this->assertNull($provider); } + public function testGetLoginSetupProviders() { + $provider1 = $this->createMock(IProvider::class); + $provider2 = $this->createMock(IActivatableAtLogin::class); + $this->providerLoader->expects($this->once()) + ->method('getProviders') + ->with($this->user) + ->willReturn([ + $provider1, + $provider2, + ]); + + $providers = $this->manager->getLoginSetupProviders($this->user); + + $this->assertCount(1, $providers); + $this->assertSame($provider2, reset($providers)); + } + public function testGetProviders() { $this->providerRegistry->expects($this->once()) ->method('getProviderStates') |