tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-07-11 14:03:51 +02:00
Code Issues Projects Releases Wiki Activity
eaa6c6c49d
silverstripe-framework/tests/security/BasicAuthTest.php
Paul Meyrick dc36725869 MINOR Using BlankPage template in SecurityTest, BasicAuthTest to remove ContentController dependency 
MINOR Checking for SiteTree class existence in Security, Translatable
MINOR Checking for ContentController existence in FulltextSearchable
MINOR Removed unnecessary ContentController tests from ObjectTest
MINOR Replaced CMS specific examples in PermissionCheckboxSetFieldTest, DataObjectTest
MINOR Changed SecurityTest to make assertions against Security/login rather than relying on redirection from admin/cms
2011-03-29 18:07:55 +13:00

145 lines
4.7 KiB
PHP
Raw Blame History

<?php
/**
* @package sapphire
* @subpackage tests
*/
class BasicAuthTest extends FunctionalTest {
static $original_unique_identifier_field;
static $fixture_file = 'sapphire/tests/security/BasicAuthTest.yml';
function setUp() {
parent::setUp();
// Fixtures assume Email is the field used to identify the log in identity
self::$original_unique_identifier_field = Member::get_unique_identifier_field();
Member::set_unique_identifier_field('Email');
}
function tearDown() {
parent::tearDown();
BasicAuth::protect_entire_site(false);
Member::set_unique_identifier_field(self::$original_unique_identifier_field);
}
function testBasicAuthEnabledWithoutLogin() {
$origUser = @$_SERVER['PHP_AUTH_USER'];
$origPw = @$_SERVER['PHP_AUTH_PW'];
unset($_SERVER['PHP_AUTH_USER']);
unset($_SERVER['PHP_AUTH_PW']);
$response = Director::test('BasicAuthTest_ControllerSecuredWithPermission');
$this->assertEquals(401, $response->getStatusCode());
$_SERVER['PHP_AUTH_USER'] = $origUser;
$_SERVER['PHP_AUTH_PW'] = $origPw;
}
function testBasicAuthDoesntCallActionOrFurtherInitOnAuthFailure() {
$origUser = @$_SERVER['PHP_AUTH_USER'];
$origPw = @$_SERVER['PHP_AUTH_PW'];
unset($_SERVER['PHP_AUTH_USER']);
unset($_SERVER['PHP_AUTH_PW']);
$response = Director::test('BasicAuthTest_ControllerSecuredWithPermission');
$this->assertFalse(BasicAuthTest_ControllerSecuredWithPermission::$index_called);
$this->assertFalse(BasicAuthTest_ControllerSecuredWithPermission::$post_init_called);
$_SERVER['PHP_AUTH_USER'] = 'user-in-mygroup@test.com';
$_SERVER['PHP_AUTH_PW'] = 'test';
$response = Director::test('BasicAuthTest_ControllerSecuredWithPermission');
$this->assertTrue(BasicAuthTest_ControllerSecuredWithPermission::$index_called);
$this->assertTrue(BasicAuthTest_ControllerSecuredWithPermission::$post_init_called);
$_SERVER['PHP_AUTH_USER'] = $origUser;
$_SERVER['PHP_AUTH_PW'] = $origPw;
}
function testBasicAuthEnabledWithPermission() {
$origUser = @$_SERVER['PHP_AUTH_USER'];
$origPw = @$_SERVER['PHP_AUTH_PW'];
$_SERVER['PHP_AUTH_USER'] = 'user-in-mygroup@test.com';
$_SERVER['PHP_AUTH_PW'] = 'wrongpassword';
$response = Director::test('BasicAuthTest_ControllerSecuredWithPermission');
$this->assertEquals(401, $response->getStatusCode(), 'Invalid users dont have access');
$_SERVER['PHP_AUTH_USER'] = 'user-without-groups@test.com';
$_SERVER['PHP_AUTH_PW'] = 'test';
$response = Director::test('BasicAuthTest_ControllerSecuredWithPermission');
$this->assertEquals(401, $response->getStatusCode(), 'Valid user without required permission has no access');
$_SERVER['PHP_AUTH_USER'] = 'user-in-mygroup@test.com';
$_SERVER['PHP_AUTH_PW'] = 'test';
$response = Director::test('BasicAuthTest_ControllerSecuredWithPermission');
$this->assertEquals(200, $response->getStatusCode(), 'Valid user with required permission has access');
$_SERVER['PHP_AUTH_USER'] = $origUser;
$_SERVER['PHP_AUTH_PW'] = $origPw;
}
function testBasicAuthEnabledWithoutPermission() {
$origUser = @$_SERVER['PHP_AUTH_USER'];
$origPw = @$_SERVER['PHP_AUTH_PW'];
$_SERVER['PHP_AUTH_USER'] = 'user-without-groups@test.com';
$_SERVER['PHP_AUTH_PW'] = 'wrongpassword';
$response = Director::test('BasicAuthTest_ControllerSecuredWithoutPermission');
$this->assertEquals(401, $response->getStatusCode(), 'Invalid users dont have access');
$_SERVER['PHP_AUTH_USER'] = 'user-without-groups@test.com';
$_SERVER['PHP_AUTH_PW'] = 'test';
$response = Director::test('BasicAuthTest_ControllerSecuredWithoutPermission');
$this->assertEquals(200, $response->getStatusCode(), 'All valid users have access');
$_SERVER['PHP_AUTH_USER'] = 'user-in-mygroup@test.com';
$_SERVER['PHP_AUTH_PW'] = 'test';
$response = Director::test('BasicAuthTest_ControllerSecuredWithoutPermission');
$this->assertEquals(200, $response->getStatusCode(), 'All valid users have access');
$_SERVER['PHP_AUTH_USER'] = $origUser;
$_SERVER['PHP_AUTH_PW'] = $origPw;
}
}
class BasicAuthTest_ControllerSecuredWithPermission extends Controller implements TestOnly {
static $post_init_called = false;
static $index_called = false;
protected $template = '../sapphire/templates/BlankPage.ss';
function init() {
self::$post_init_called = false;
self::$index_called = false;
BasicAuth::protect_entire_site(true, 'MYCODE');
parent::init();
self::$post_init_called = true;
}
function index() {
self::$index_called = true;
}
}
class BasicAuthTest_ControllerSecuredWithoutPermission extends Controller implements TestOnly {
protected $template = '../sapphire/templates/BlankPage.ss';
function init() {
BasicAuth::protect_entire_site(true, null);
parent::init();
}
}
Reference in New Issue View Git Blame Copy Permalink