mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-10-22 14:05:37 +02:00
ENHANCEMENT: added tests for checking the change password functionality, including the resulting redirection (from #5420) (from r103250)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@112128 467b73ca-7a2a-4603-9d3b-597d59a354a9
This commit is contained in:
parent
5cb4090145
commit
51375f7cc6
@ -111,6 +111,7 @@ class ControllerTest extends FunctionalTest {
|
||||
$controller = new ControllerTest_HasAction();
|
||||
|
||||
$this->assertFalse($controller->hasAction('1'), 'Numeric actions do not slip through.');
|
||||
$this->assertFalse($controller->hasAction('lowercase_permission'), 'Lowercase permission does not slip through.');
|
||||
$this->assertFalse($controller->hasAction('undefined'), 'undefined actions do not exist');
|
||||
$this->assertTrue($controller->hasAction('allowed_action'), 'allowed actions are recognised');
|
||||
$this->assertTrue($controller->hasAction('template_action'), 'action-specific templates are recognised');
|
||||
@ -189,7 +190,8 @@ class ControllerTest_UnsecuredController extends ControllerTest_SecuredControlle
|
||||
class ControllerTest_HasAction extends Controller {
|
||||
|
||||
public static $allowed_actions = array (
|
||||
'allowed_action'
|
||||
'allowed_action',
|
||||
'other_action' => 'lowercase_permission'
|
||||
);
|
||||
|
||||
protected $templates = array (
|
||||
|
@ -115,6 +115,14 @@ class SecurityTest extends FunctionalTest {
|
||||
$this->assertNotRegExp('/^' . preg_quote('http://myspoofedhost.com', '/') . '/', $response->getHeader('Location'),
|
||||
"Redirection to external links in login form BackURL gets prevented as a measure against spoofing attacks"
|
||||
);
|
||||
|
||||
// Test external redirection on ChangePasswordForm
|
||||
$this->get('Security/changepassword?BackURL=http://myspoofedhost.com');
|
||||
$changedResponse = $this->doTestChangepasswordForm('1nitialPassword', 'changedPassword');
|
||||
$this->assertNotRegExp('/^' . preg_quote('http://myspoofedhost.com', '/') . '/', $changedResponse->getHeader('Location'),
|
||||
"Redirection to external links in change password form BackURL gets prevented as a measure against spoofing attacks"
|
||||
);
|
||||
|
||||
// Log the user out
|
||||
$this->session()->inst_set('loggedInAs', null);
|
||||
}
|
||||
@ -140,8 +148,31 @@ class SecurityTest extends FunctionalTest {
|
||||
$this->assertEquals(302, $expiredResponse->getStatusCode());
|
||||
$this->assertEquals(Director::baseURL() . 'Security/changepassword', $expiredResponse->getHeader('Location'));
|
||||
$this->assertEquals($this->idFromFixture('Member', 'expiredpassword'), $this->session()->inst_get('loggedInAs'));
|
||||
|
||||
// Make sure it redirects correctly after the password has been changed
|
||||
$this->mainSession->followRedirection();
|
||||
$changedResponse = $this->doTestChangepasswordForm('1nitialPassword', 'changedPassword');
|
||||
$this->assertEquals(302, $changedResponse->getStatusCode());
|
||||
$this->assertEquals(Director::baseURL() . 'test/link', $changedResponse->getHeader('Location'));
|
||||
}
|
||||
|
||||
function testChangePassword() {
|
||||
$goodResponse = $this->doTestLoginForm('sam@silverstripe.com' , '1nitialPassword');
|
||||
|
||||
// Change the password
|
||||
$this->get('Security/changepassword?BackURL=test/back');
|
||||
$changedResponse = $this->doTestChangepasswordForm('1nitialPassword', 'changedPassword');
|
||||
$this->assertEquals(302, $changedResponse->getStatusCode());
|
||||
$this->assertEquals(Director::baseURL() . 'test/back', $changedResponse->getHeader('Location'));
|
||||
$this->assertEquals($this->idFromFixture('Member', 'test'), $this->session()->inst_get('loggedInAs'));
|
||||
|
||||
// Check if we can login with the new password
|
||||
$goodResponse = $this->doTestLoginForm('sam@silverstripe.com' , 'changedPassword');
|
||||
$this->assertEquals(302, $goodResponse->getStatusCode());
|
||||
$this->assertEquals(Director::baseURL() . 'test/link', $goodResponse->getHeader('Location'));
|
||||
$this->assertEquals($this->idFromFixture('Member', 'test'), $this->session()->inst_get('loggedInAs'));
|
||||
}
|
||||
|
||||
function testRepeatedLoginAttemptsLockingPeopleOut() {
|
||||
Member::lock_out_after_incorrect_logins(5);
|
||||
|
||||
@ -300,6 +331,22 @@ class SecurityTest extends FunctionalTest {
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* Helper method to execute a change password form
|
||||
*/
|
||||
function doTestChangepasswordForm($oldPassword, $newPassword) {
|
||||
return $this->submitForm(
|
||||
"ChangePasswordForm_ChangePasswordForm",
|
||||
null,
|
||||
array(
|
||||
'OldPassword' => $oldPassword,
|
||||
'NewPassword1' => $newPassword,
|
||||
'NewPassword2' => $newPassword,
|
||||
'action_doChangePassword' => 1,
|
||||
)
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* Get the error message on the login form
|
||||
*/
|
||||
|
Loading…
Reference in New Issue
Block a user