mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-10-06 16:18:41 +02:00
ENHANCEMENT: added tests for checking the change password functionality, including the resulting redirection (from #5420)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@103250 467b73ca-7a2a-4603-9d3b-597d59a354a9
This commit is contained in:
parent
f7c3c35a13
commit
f0677542a8
@ -111,6 +111,7 @@ class ControllerTest extends FunctionalTest {
|
|||||||
$controller = new ControllerTest_HasAction();
|
$controller = new ControllerTest_HasAction();
|
||||||
|
|
||||||
$this->assertFalse($controller->hasAction('1'), 'Numeric actions do not slip through.');
|
$this->assertFalse($controller->hasAction('1'), 'Numeric actions do not slip through.');
|
||||||
|
$this->assertFalse($controller->hasAction('lowercase_permission'), 'Lowercase permission does not slip through.');
|
||||||
$this->assertFalse($controller->hasAction('undefined'), 'undefined actions do not exist');
|
$this->assertFalse($controller->hasAction('undefined'), 'undefined actions do not exist');
|
||||||
$this->assertTrue($controller->hasAction('allowed_action'), 'allowed actions are recognised');
|
$this->assertTrue($controller->hasAction('allowed_action'), 'allowed actions are recognised');
|
||||||
$this->assertTrue($controller->hasAction('template_action'), 'action-specific templates are recognised');
|
$this->assertTrue($controller->hasAction('template_action'), 'action-specific templates are recognised');
|
||||||
@ -189,7 +190,8 @@ class ControllerTest_UnsecuredController extends ControllerTest_SecuredControlle
|
|||||||
class ControllerTest_HasAction extends Controller {
|
class ControllerTest_HasAction extends Controller {
|
||||||
|
|
||||||
public static $allowed_actions = array (
|
public static $allowed_actions = array (
|
||||||
'allowed_action'
|
'allowed_action',
|
||||||
|
'other_action' => 'lowercase_permission'
|
||||||
);
|
);
|
||||||
|
|
||||||
protected $templates = array (
|
protected $templates = array (
|
||||||
|
@ -115,6 +115,14 @@ class SecurityTest extends FunctionalTest {
|
|||||||
$this->assertNotRegExp('/^' . preg_quote('http://myspoofedhost.com', '/') . '/', $response->getHeader('Location'),
|
$this->assertNotRegExp('/^' . preg_quote('http://myspoofedhost.com', '/') . '/', $response->getHeader('Location'),
|
||||||
"Redirection to external links in login form BackURL gets prevented as a measure against spoofing attacks"
|
"Redirection to external links in login form BackURL gets prevented as a measure against spoofing attacks"
|
||||||
);
|
);
|
||||||
|
|
||||||
|
// Test external redirection on ChangePasswordForm
|
||||||
|
$this->get('Security/changepassword?BackURL=http://myspoofedhost.com');
|
||||||
|
$changedResponse = $this->doTestChangepasswordForm('1nitialPassword', 'changedPassword');
|
||||||
|
$this->assertNotRegExp('/^' . preg_quote('http://myspoofedhost.com', '/') . '/', $changedResponse->getHeader('Location'),
|
||||||
|
"Redirection to external links in change password form BackURL gets prevented as a measure against spoofing attacks"
|
||||||
|
);
|
||||||
|
|
||||||
// Log the user out
|
// Log the user out
|
||||||
$this->session()->inst_set('loggedInAs', null);
|
$this->session()->inst_set('loggedInAs', null);
|
||||||
}
|
}
|
||||||
@ -140,6 +148,29 @@ class SecurityTest extends FunctionalTest {
|
|||||||
$this->assertEquals(302, $expiredResponse->getStatusCode());
|
$this->assertEquals(302, $expiredResponse->getStatusCode());
|
||||||
$this->assertEquals(Director::baseURL() . 'Security/changepassword', $expiredResponse->getHeader('Location'));
|
$this->assertEquals(Director::baseURL() . 'Security/changepassword', $expiredResponse->getHeader('Location'));
|
||||||
$this->assertEquals($this->idFromFixture('Member', 'expiredpassword'), $this->session()->inst_get('loggedInAs'));
|
$this->assertEquals($this->idFromFixture('Member', 'expiredpassword'), $this->session()->inst_get('loggedInAs'));
|
||||||
|
|
||||||
|
// Make sure it redirects correctly after the password has been changed
|
||||||
|
$this->mainSession->followRedirection();
|
||||||
|
$changedResponse = $this->doTestChangepasswordForm('1nitialPassword', 'changedPassword');
|
||||||
|
$this->assertEquals(302, $changedResponse->getStatusCode());
|
||||||
|
$this->assertEquals(Director::baseURL() . 'test/link', $changedResponse->getHeader('Location'));
|
||||||
|
}
|
||||||
|
|
||||||
|
function testChangePassword() {
|
||||||
|
$goodResponse = $this->doTestLoginForm('sam@silverstripe.com' , '1nitialPassword');
|
||||||
|
|
||||||
|
// Change the password
|
||||||
|
$this->get('Security/changepassword?BackURL=test/back');
|
||||||
|
$changedResponse = $this->doTestChangepasswordForm('1nitialPassword', 'changedPassword');
|
||||||
|
$this->assertEquals(302, $changedResponse->getStatusCode());
|
||||||
|
$this->assertEquals(Director::baseURL() . 'test/back', $changedResponse->getHeader('Location'));
|
||||||
|
$this->assertEquals($this->idFromFixture('Member', 'test'), $this->session()->inst_get('loggedInAs'));
|
||||||
|
|
||||||
|
// Check if we can login with the new password
|
||||||
|
$goodResponse = $this->doTestLoginForm('sam@silverstripe.com' , 'changedPassword');
|
||||||
|
$this->assertEquals(302, $goodResponse->getStatusCode());
|
||||||
|
$this->assertEquals(Director::baseURL() . 'test/link', $goodResponse->getHeader('Location'));
|
||||||
|
$this->assertEquals($this->idFromFixture('Member', 'test'), $this->session()->inst_get('loggedInAs'));
|
||||||
}
|
}
|
||||||
|
|
||||||
function testRepeatedLoginAttemptsLockingPeopleOut() {
|
function testRepeatedLoginAttemptsLockingPeopleOut() {
|
||||||
@ -300,6 +331,22 @@ class SecurityTest extends FunctionalTest {
|
|||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Helper method to execute a change password form
|
||||||
|
*/
|
||||||
|
function doTestChangepasswordForm($oldPassword, $newPassword) {
|
||||||
|
return $this->submitForm(
|
||||||
|
"ChangePasswordForm_ChangePasswordForm",
|
||||||
|
null,
|
||||||
|
array(
|
||||||
|
'OldPassword' => $oldPassword,
|
||||||
|
'NewPassword1' => $newPassword,
|
||||||
|
'NewPassword2' => $newPassword,
|
||||||
|
'action_doChangePassword' => 1,
|
||||||
|
)
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Get the error message on the login form
|
* Get the error message on the login form
|
||||||
*/
|
*/
|
||||||
|
Loading…
Reference in New Issue
Block a user