ENHANCEMENT: added tests for checking the change password functionality, including the resulting redirection (from #5420) (from r103250)

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@112128 467b73ca-7a2a-4603-9d3b-597d59a354a9
This commit is contained in:
Sam Minnee 2010-10-13 03:39:04 +00:00
parent 5cb4090145
commit 51375f7cc6
2 changed files with 50 additions and 1 deletions

View File

@ -111,6 +111,7 @@ class ControllerTest extends FunctionalTest {
$controller = new ControllerTest_HasAction();
$this->assertFalse($controller->hasAction('1'), 'Numeric actions do not slip through.');
$this->assertFalse($controller->hasAction('lowercase_permission'), 'Lowercase permission does not slip through.');
$this->assertFalse($controller->hasAction('undefined'), 'undefined actions do not exist');
$this->assertTrue($controller->hasAction('allowed_action'), 'allowed actions are recognised');
$this->assertTrue($controller->hasAction('template_action'), 'action-specific templates are recognised');
@ -189,7 +190,8 @@ class ControllerTest_UnsecuredController extends ControllerTest_SecuredControlle
class ControllerTest_HasAction extends Controller {
public static $allowed_actions = array (
'allowed_action'
'allowed_action',
'other_action' => 'lowercase_permission'
);
protected $templates = array (

View File

@ -115,6 +115,14 @@ class SecurityTest extends FunctionalTest {
$this->assertNotRegExp('/^' . preg_quote('http://myspoofedhost.com', '/') . '/', $response->getHeader('Location'),
"Redirection to external links in login form BackURL gets prevented as a measure against spoofing attacks"
);
// Test external redirection on ChangePasswordForm
$this->get('Security/changepassword?BackURL=http://myspoofedhost.com');
$changedResponse = $this->doTestChangepasswordForm('1nitialPassword', 'changedPassword');
$this->assertNotRegExp('/^' . preg_quote('http://myspoofedhost.com', '/') . '/', $changedResponse->getHeader('Location'),
"Redirection to external links in change password form BackURL gets prevented as a measure against spoofing attacks"
);
// Log the user out
$this->session()->inst_set('loggedInAs', null);
}
@ -140,8 +148,31 @@ class SecurityTest extends FunctionalTest {
$this->assertEquals(302, $expiredResponse->getStatusCode());
$this->assertEquals(Director::baseURL() . 'Security/changepassword', $expiredResponse->getHeader('Location'));
$this->assertEquals($this->idFromFixture('Member', 'expiredpassword'), $this->session()->inst_get('loggedInAs'));
// Make sure it redirects correctly after the password has been changed
$this->mainSession->followRedirection();
$changedResponse = $this->doTestChangepasswordForm('1nitialPassword', 'changedPassword');
$this->assertEquals(302, $changedResponse->getStatusCode());
$this->assertEquals(Director::baseURL() . 'test/link', $changedResponse->getHeader('Location'));
}
function testChangePassword() {
$goodResponse = $this->doTestLoginForm('sam@silverstripe.com' , '1nitialPassword');
// Change the password
$this->get('Security/changepassword?BackURL=test/back');
$changedResponse = $this->doTestChangepasswordForm('1nitialPassword', 'changedPassword');
$this->assertEquals(302, $changedResponse->getStatusCode());
$this->assertEquals(Director::baseURL() . 'test/back', $changedResponse->getHeader('Location'));
$this->assertEquals($this->idFromFixture('Member', 'test'), $this->session()->inst_get('loggedInAs'));
// Check if we can login with the new password
$goodResponse = $this->doTestLoginForm('sam@silverstripe.com' , 'changedPassword');
$this->assertEquals(302, $goodResponse->getStatusCode());
$this->assertEquals(Director::baseURL() . 'test/link', $goodResponse->getHeader('Location'));
$this->assertEquals($this->idFromFixture('Member', 'test'), $this->session()->inst_get('loggedInAs'));
}
function testRepeatedLoginAttemptsLockingPeopleOut() {
Member::lock_out_after_incorrect_logins(5);
@ -300,6 +331,22 @@ class SecurityTest extends FunctionalTest {
);
}
/**
* Helper method to execute a change password form
*/
function doTestChangepasswordForm($oldPassword, $newPassword) {
return $this->submitForm(
"ChangePasswordForm_ChangePasswordForm",
null,
array(
'OldPassword' => $oldPassword,
'NewPassword1' => $newPassword,
'NewPassword2' => $newPassword,
'action_doChangePassword' => 1,
)
);
}
/**
* Get the error message on the login form
*/