mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-09-28 20:29:15 +02:00
Updated SecurityTest to use new FunctionalTest system consistently
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@60427 467b73ca-7a2a-4603-9d3b-597d59a354a9
This commit is contained in:
Sam Minnee
parent
300e77bda9
commit
12a62b9f62
@ -8,51 +8,44 @@
|
|||||||
class SecurityTest extends FunctionalTest {
|
class SecurityTest extends FunctionalTest {
|
||||||
static $fixture_file = 'sapphire/tests/security/MemberTest.yml';
|
static $fixture_file = 'sapphire/tests/security/MemberTest.yml';
|
||||||
|
|
||||||
|
protected $autoFollowRedirection = false;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Test that the login form redirects to the change password form after logging in with an expired password
|
* Test that the login form redirects to the change password form after logging in with an expired password
|
||||||
*/
|
*/
|
||||||
function testExpiredPassword() {
|
function testExpiredPassword() {
|
||||||
/* BAD PASSWORDS ARE LOCKED OUT */
|
/* BAD PASSWORDS ARE LOCKED OUT */
|
||||||
|
$badResponse = $this->doTestLoginForm('sam@silverstripe.com' , 'badpassword');
|
||||||
$session = new Session(array());
|
|
||||||
$badResponse = $this->doTestLoginForm('sam@silverstripe.com' , 'badpassword', $session);
|
|
||||||
$this->assertEquals(302, $badResponse->getStatusCode());
|
$this->assertEquals(302, $badResponse->getStatusCode());
|
||||||
$this->assertRegExp('/Security\/login/', $badResponse->getHeader('Location'));
|
$this->assertRegExp('/Security\/login/', $badResponse->getHeader('Location'));
|
||||||
$this->assertNull($session->inst_get('loggedInAs'));
|
$this->assertNull($this->session()->inst_get('loggedInAs'));
|
||||||
|
|
||||||
/* UNEXPIRED PASSWORD GO THROUGH WITHOUT A HITCH */
|
/* UNEXPIRED PASSWORD GO THROUGH WITHOUT A HITCH */
|
||||||
|
$goodResponse = $this->doTestLoginForm('sam@silverstripe.com' , '1nitialPassword');
|
||||||
$session = new Session(array());
|
|
||||||
$goodResponse = $this->doTestLoginForm('sam@silverstripe.com' , '1nitialPassword', $session);
|
|
||||||
$this->assertEquals(302, $goodResponse->getStatusCode());
|
$this->assertEquals(302, $goodResponse->getStatusCode());
|
||||||
$this->assertEquals(Director::baseURL() . 'test/link', $goodResponse->getHeader('Location'));
|
$this->assertEquals(Director::baseURL() . 'test/link', $goodResponse->getHeader('Location'));
|
||||||
$this->assertEquals($this->idFromFixture('Member', 'test'), $session->inst_get('loggedInAs'));
|
$this->assertEquals($this->idFromFixture('Member', 'test'), $this->session()->inst_get('loggedInAs'));
|
||||||
|
|
||||||
/* EXPIRED PASSWORDS ARE SENT TO THE CHANGE PASSWORD FORM */
|
/* EXPIRED PASSWORDS ARE SENT TO THE CHANGE PASSWORD FORM */
|
||||||
|
$expiredResponse = $this->doTestLoginForm('expired@silverstripe.com' , '1nitialPassword');
|
||||||
$session = new Session(array());
|
|
||||||
$expiredResponse = $this->doTestLoginForm('expired@silverstripe.com' , '1nitialPassword', $session);
|
|
||||||
$this->assertEquals(302, $expiredResponse->getStatusCode());
|
$this->assertEquals(302, $expiredResponse->getStatusCode());
|
||||||
$this->assertEquals(Director::baseURL() . 'Security/changepassword', $expiredResponse->getHeader('Location'));
|
$this->assertEquals(Director::baseURL() . 'Security/changepassword', $expiredResponse->getHeader('Location'));
|
||||||
$this->assertEquals($this->idFromFixture('Member', 'expiredpassword'), $session->inst_get('loggedInAs'));
|
$this->assertEquals($this->idFromFixture('Member', 'expiredpassword'), $this->session()->inst_get('loggedInAs'));
|
||||||
}
|
}
|
||||||
|
|
||||||
function testRepeatedLoginAttemptsLockingPeopleOut() {
|
function testRepeatedLoginAttemptsLockingPeopleOut() {
|
||||||
$session = new Session(array());
|
|
||||||
|
|
||||||
Member::lock_out_after_incorrect_logins(5);
|
Member::lock_out_after_incorrect_logins(5);
|
||||||
|
|
||||||
/* LOG IN WITH A BAD PASSWORD 7 TIMES */
|
/* LOG IN WITH A BAD PASSWORD 7 TIMES */
|
||||||
|
|
||||||
for($i=1;$i<=7;$i++) {
|
for($i=1;$i<=7;$i++) {
|
||||||
$this->doTestLoginForm('sam@silverstripe.com' , 'incorrectpassword', $session);
|
$this->doTestLoginForm('sam@silverstripe.com' , 'incorrectpassword');
|
||||||
$member = DataObject::get_by_id("Member", $this->idFromFixture('Member', 'test'));
|
$member = DataObject::get_by_id("Member", $this->idFromFixture('Member', 'test'));
|
||||||
|
|
||||||
/* THE FIRST 4 TIMES, THE MEMBER SHOULDN'T BE LOCKED OUT */
|
/* THE FIRST 4 TIMES, THE MEMBER SHOULDN'T BE LOCKED OUT */
|
||||||
if($i < 5) {
|
if($i < 5) {
|
||||||
$this->assertNull($member->LockedOutUntil);
|
$this->assertNull($member->LockedOutUntil);
|
||||||
$this->assertTrue(false !== stripos($this->loginErrorMessage($session), "That doesn't seem to be the right e-mail address or password"));
|
$this->assertTrue(false !== stripos($this->loginErrorMessage(), "That doesn't seem to be the right e-mail address or password"));
|
||||||
}
|
}
|
||||||
|
|
||||||
/* AFTER THAT THE USER IS LOCKED OUT FOR 15 MINUTES */
|
/* AFTER THAT THE USER IS LOCKED OUT FOR 15 MINUTES */
|
||||||
@ -63,14 +56,14 @@ class SecurityTest extends FunctionalTest {
|
|||||||
}
|
}
|
||||||
|
|
||||||
if($i > 5) {
|
if($i > 5) {
|
||||||
$this->assertTrue(false !== stripos($this->loginErrorMessage($session), "Your account has been temporarily disabled"));
|
$this->assertTrue(false !== stripos($this->loginErrorMessage(), "Your account has been temporarily disabled"));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/* THE USER CAN'T LOG IN NOW, EVEN IF THEY GET THE RIGHT PASSWORD */
|
/* THE USER CAN'T LOG IN NOW, EVEN IF THEY GET THE RIGHT PASSWORD */
|
||||||
|
|
||||||
$this->doTestLoginForm('sam@silverstripe.com' , '1nitialPassword', $session);
|
$this->doTestLoginForm('sam@silverstripe.com' , '1nitialPassword');
|
||||||
$this->assertNull($session->inst_get('loggedInAs'));
|
$this->assertNull($this->session()->inst_get('loggedInAs'));
|
||||||
|
|
||||||
/* BUT, IF TIME PASSES, THEY CAN LOG IN */
|
/* BUT, IF TIME PASSES, THEY CAN LOG IN */
|
||||||
|
|
||||||
@ -79,37 +72,35 @@ class SecurityTest extends FunctionalTest {
|
|||||||
$member->LockedOutUntil = date('Y-m-d H:i:s', time() - 30);
|
$member->LockedOutUntil = date('Y-m-d H:i:s', time() - 30);
|
||||||
$member->write();
|
$member->write();
|
||||||
|
|
||||||
$this->doTestLoginForm('sam@silverstripe.com' , '1nitialPassword', $session);
|
$this->doTestLoginForm('sam@silverstripe.com' , '1nitialPassword');
|
||||||
$this->assertEquals($session->inst_get('loggedInAs'), $member->ID);
|
$this->assertEquals($this->session()->inst_get('loggedInAs'), $member->ID);
|
||||||
|
|
||||||
// Log the user out
|
// Log the user out
|
||||||
$session->inst_set('loggedInAs', null);
|
$this->session()->inst_set('loggedInAs', null);
|
||||||
|
|
||||||
/* NOW THAT THE LOCK-OUT HAS EXPIRED, CHECK THAT WE ARE ALLOWED 4 FAILED ATTEMPTS BEFORE LOGGING IN */
|
/* NOW THAT THE LOCK-OUT HAS EXPIRED, CHECK THAT WE ARE ALLOWED 4 FAILED ATTEMPTS BEFORE LOGGING IN */
|
||||||
|
|
||||||
$this->doTestLoginForm('sam@silverstripe.com' , 'incorrectpassword', $session);
|
$this->doTestLoginForm('sam@silverstripe.com' , 'incorrectpassword');
|
||||||
$this->doTestLoginForm('sam@silverstripe.com' , 'incorrectpassword', $session);
|
$this->doTestLoginForm('sam@silverstripe.com' , 'incorrectpassword');
|
||||||
$this->doTestLoginForm('sam@silverstripe.com' , 'incorrectpassword', $session);
|
$this->doTestLoginForm('sam@silverstripe.com' , 'incorrectpassword');
|
||||||
$this->doTestLoginForm('sam@silverstripe.com' , 'incorrectpassword', $session);
|
$this->doTestLoginForm('sam@silverstripe.com' , 'incorrectpassword');
|
||||||
$this->assertNull($session->inst_get('loggedInAs'));
|
$this->assertNull($this->session()->inst_get('loggedInAs'));
|
||||||
$this->assertTrue(false !== stripos($this->loginErrorMessage($session), "That doesn't seem to be the right e-mail address or password"));
|
$this->assertTrue(false !== stripos($this->loginErrorMessage(), "That doesn't seem to be the right e-mail address or password"));
|
||||||
|
|
||||||
$this->doTestLoginForm('sam@silverstripe.com' , '1nitialPassword', $session);
|
$this->doTestLoginForm('sam@silverstripe.com' , '1nitialPassword');
|
||||||
$this->assertEquals($session->inst_get('loggedInAs'), $member->ID);
|
$this->assertEquals($this->session()->inst_get('loggedInAs'), $member->ID);
|
||||||
}
|
}
|
||||||
|
|
||||||
function testAlternatingRepeatedLoginAttempts() {
|
function testAlternatingRepeatedLoginAttempts() {
|
||||||
$session = new Session(array());
|
|
||||||
|
|
||||||
Member::lock_out_after_incorrect_logins(3);
|
Member::lock_out_after_incorrect_logins(3);
|
||||||
|
|
||||||
// ATTEMPTING LOG-IN TWICE WITH ONE ACCOUNT AND TWICE WITH ANOTHER SHOULDN'T LOCK ANYBODY OUT
|
// ATTEMPTING LOG-IN TWICE WITH ONE ACCOUNT AND TWICE WITH ANOTHER SHOULDN'T LOCK ANYBODY OUT
|
||||||
|
|
||||||
$this->doTestLoginForm('sam@silverstripe.com' , 'incorrectpassword', $session);
|
$this->doTestLoginForm('sam@silverstripe.com' , 'incorrectpassword');
|
||||||
$this->doTestLoginForm('sam@silverstripe.com' , 'incorrectpassword', $session);
|
$this->doTestLoginForm('sam@silverstripe.com' , 'incorrectpassword');
|
||||||
|
|
||||||
$this->doTestLoginForm('noexpiry@silverstripe.com' , 'incorrectpassword', $session);
|
$this->doTestLoginForm('noexpiry@silverstripe.com' , 'incorrectpassword');
|
||||||
$this->doTestLoginForm('noexpiry@silverstripe.com' , 'incorrectpassword', $session);
|
$this->doTestLoginForm('noexpiry@silverstripe.com' , 'incorrectpassword');
|
||||||
|
|
||||||
$member1 = DataObject::get_by_id("Member", $this->idFromFixture('Member', 'test'));
|
$member1 = DataObject::get_by_id("Member", $this->idFromFixture('Member', 'test'));
|
||||||
$member2 = DataObject::get_by_id("Member", $this->idFromFixture('Member', 'noexpiry'));
|
$member2 = DataObject::get_by_id("Member", $this->idFromFixture('Member', 'noexpiry'));
|
||||||
@ -119,11 +110,11 @@ class SecurityTest extends FunctionalTest {
|
|||||||
|
|
||||||
// BUT, DOING AN ADDITIONAL LOG-IN WITH EITHER OF THEM WILL LOCK OUT, SINCE THAT IS THE 3RD FAILURE IN THIS SESSION
|
// BUT, DOING AN ADDITIONAL LOG-IN WITH EITHER OF THEM WILL LOCK OUT, SINCE THAT IS THE 3RD FAILURE IN THIS SESSION
|
||||||
|
|
||||||
$this->doTestLoginForm('sam@silverstripe.com' , 'incorrectpassword', $session);
|
$this->doTestLoginForm('sam@silverstripe.com' , 'incorrectpassword');
|
||||||
$member1 = DataObject::get_by_id("Member", $this->idFromFixture('Member', 'test'));
|
$member1 = DataObject::get_by_id("Member", $this->idFromFixture('Member', 'test'));
|
||||||
$this->assertNotNull($member1->LockedOutUntil);
|
$this->assertNotNull($member1->LockedOutUntil);
|
||||||
|
|
||||||
$this->doTestLoginForm('noexpiry@silverstripe.com' , 'incorrectpassword', $session);
|
$this->doTestLoginForm('noexpiry@silverstripe.com' , 'incorrectpassword');
|
||||||
$member2 = DataObject::get_by_id("Member", $this->idFromFixture('Member', 'noexpiry'));
|
$member2 = DataObject::get_by_id("Member", $this->idFromFixture('Member', 'noexpiry'));
|
||||||
$this->assertNotNull($member2->LockedOutUntil);
|
$this->assertNotNull($member2->LockedOutUntil);
|
||||||
}
|
}
|
||||||
@ -132,8 +123,7 @@ class SecurityTest extends FunctionalTest {
|
|||||||
Security::set_login_recording(true);
|
Security::set_login_recording(true);
|
||||||
|
|
||||||
/* UNSUCCESSFUL ATTEMPTS WITH WRONG PASSWORD FOR EXISTING USER ARE LOGGED */
|
/* UNSUCCESSFUL ATTEMPTS WITH WRONG PASSWORD FOR EXISTING USER ARE LOGGED */
|
||||||
$this->get('Security/login');
|
$this->doTestLoginForm('sam@silverstripe.com', 'wrongpassword');
|
||||||
$this->doTestLoginFormFunctional('sam@silverstripe.com', 'wrongpassword');
|
|
||||||
$attempt = DataObject::get_one('LoginAttempt', 'Email = "sam@silverstripe.com"');
|
$attempt = DataObject::get_one('LoginAttempt', 'Email = "sam@silverstripe.com"');
|
||||||
$this->assertTrue(is_object($attempt));
|
$this->assertTrue(is_object($attempt));
|
||||||
$member = DataObject::get_one('Member', 'Email = "sam@silverstripe.com"');
|
$member = DataObject::get_one('Member', 'Email = "sam@silverstripe.com"');
|
||||||
@ -142,8 +132,7 @@ class SecurityTest extends FunctionalTest {
|
|||||||
$this->assertEquals($attempt->Member(), $member);
|
$this->assertEquals($attempt->Member(), $member);
|
||||||
|
|
||||||
/* UNSUCCESSFUL ATTEMPTS WITH NONEXISTING USER ARE LOGGED */
|
/* UNSUCCESSFUL ATTEMPTS WITH NONEXISTING USER ARE LOGGED */
|
||||||
$this->get('Security/login');
|
$this->doTestLoginForm('wronguser@silverstripe.com', 'wrongpassword');
|
||||||
$this->doTestLoginFormFunctional('wronguser@silverstripe.com', 'wrongpassword');
|
|
||||||
$attempt = DataObject::get_one('LoginAttempt', 'Email = "wronguser@silverstripe.com"');
|
$attempt = DataObject::get_one('LoginAttempt', 'Email = "wronguser@silverstripe.com"');
|
||||||
$this->assertTrue(is_object($attempt));
|
$this->assertTrue(is_object($attempt));
|
||||||
$this->assertEquals($attempt->Status, 'Failure');
|
$this->assertEquals($attempt->Status, 'Failure');
|
||||||
@ -154,8 +143,7 @@ class SecurityTest extends FunctionalTest {
|
|||||||
Security::set_login_recording(true);
|
Security::set_login_recording(true);
|
||||||
|
|
||||||
/* SUCCESSFUL ATTEMPTS ARE LOGGED */
|
/* SUCCESSFUL ATTEMPTS ARE LOGGED */
|
||||||
$this->get('Security/login');
|
$this->doTestLoginForm('sam@silverstripe.com', '1nitialPassword');
|
||||||
$this->doTestLoginFormFunctional('sam@silverstripe.com', '1nitialPassword');
|
|
||||||
$attempt = DataObject::get_one('LoginAttempt', 'Email = "sam@silverstripe.com"');
|
$attempt = DataObject::get_one('LoginAttempt', 'Email = "sam@silverstripe.com"');
|
||||||
$member = DataObject::get_one('Member', 'Email = "sam@silverstripe.com"');
|
$member = DataObject::get_one('Member', 'Email = "sam@silverstripe.com"');
|
||||||
$this->assertTrue(is_object($attempt));
|
$this->assertTrue(is_object($attempt));
|
||||||
@ -168,23 +156,11 @@ class SecurityTest extends FunctionalTest {
|
|||||||
* Execute a log-in form using Director::test().
|
* Execute a log-in form using Director::test().
|
||||||
* Helper method for the tests above
|
* Helper method for the tests above
|
||||||
*/
|
*/
|
||||||
function doTestLoginForm($email, $password, &$session) {
|
function doTestLoginForm($email, $password) {
|
||||||
return Director::test('Security/login?executeForm=LoginForm', array(
|
$this->session()->inst_set('BackURL', 'test/link');
|
||||||
'Email' => $email,
|
$this->get('Security/login');
|
||||||
'Password' => $password,
|
|
||||||
'AuthenticationMethod' => 'MemberAuthenticator',
|
return $this->submitForm(
|
||||||
'action_dologin' => 1,
|
|
||||||
'BackURL' => 'test/link'),
|
|
||||||
$session
|
|
||||||
);
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Execute a log-in form using Director::test().
|
|
||||||
* Helper method for the tests above
|
|
||||||
*/
|
|
||||||
function doTestLoginFormFunctional($email, $password) {
|
|
||||||
$this->submitForm(
|
|
||||||
"MemberLoginForm_LoginForm",
|
"MemberLoginForm_LoginForm",
|
||||||
null,
|
null,
|
||||||
array(
|
array(
|
||||||
@ -192,7 +168,6 @@ class SecurityTest extends FunctionalTest {
|
|||||||
'Password' => $password,
|
'Password' => $password,
|
||||||
'AuthenticationMethod' => 'MemberAuthenticator',
|
'AuthenticationMethod' => 'MemberAuthenticator',
|
||||||
'action_dologin' => 1,
|
'action_dologin' => 1,
|
||||||
'BackURL' => 'test/link'
|
|
||||||
)
|
)
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
@ -200,8 +175,8 @@ class SecurityTest extends FunctionalTest {
|
|||||||
/**
|
/**
|
||||||
* Get the error message on the login form
|
* Get the error message on the login form
|
||||||
*/
|
*/
|
||||||
function loginErrorMessage($session) {
|
function loginErrorMessage() {
|
||||||
return $session->inst_get('FormInfo.MemberLoginForm_LoginForm.formError.message');
|
return $this->session()->inst_get('FormInfo.MemberLoginForm_LoginForm.formError.message');
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user