ManagerTest.php 12 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413
  1. <?php
  2. /**
  3. * @author Christoph Wurst <christoph@owncloud.com>
  4. *
  5. * @copyright Copyright (c) 2016, ownCloud, Inc.
  6. * @license AGPL-3.0
  7. *
  8. * This code is free software: you can redistribute it and/or modify
  9. * it under the terms of the GNU Affero General Public License, version 3,
  10. * as published by the Free Software Foundation.
  11. *
  12. * This program is distributed in the hope that it will be useful,
  13. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  14. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  15. * GNU Affero General Public License for more details.
  16. *
  17. * You should have received a copy of the GNU Affero General Public License, version 3,
  18. * along with this program. If not, see <http://www.gnu.org/licenses/>
  19. *
  20. */
  21. namespace Test\Authentication\TwoFactorAuth;
  22. use Exception;
  23. use OC;
  24. use OC\App\AppManager;
  25. use OC\Authentication\TwoFactorAuth\Manager;
  26. use OCP\Activity\IEvent;
  27. use OCP\Activity\IManager;
  28. use OCP\Authentication\TwoFactorAuth\IProvider;
  29. use OCP\IConfig;
  30. use OCP\ILogger;
  31. use OCP\ISession;
  32. use OCP\IUser;
  33. use Test\TestCase;
  34. class ManagerTest extends TestCase {
  35. /** @var IUser|PHPUnit_Framework_MockObject_MockObject */
  36. private $user;
  37. /** @var AppManager|PHPUnit_Framework_MockObject_MockObject */
  38. private $appManager;
  39. /** @var ISession|PHPUnit_Framework_MockObject_MockObject */
  40. private $session;
  41. /** @var Manager */
  42. private $manager;
  43. /** @var IConfig|PHPUnit_Framework_MockObject_MockObject */
  44. private $config;
  45. /** @var IManager|PHPUnit_Framework_MockObject_MockObject */
  46. private $activityManager;
  47. /** @var ILogger|PHPUnit_Framework_MockObject_MockObject */
  48. private $logger;
  49. /** @var IProvider|PHPUnit_Framework_MockObject_MockObject */
  50. private $fakeProvider;
  51. /** @var IProvider|PHPUnit_Framework_MockObject_MockObject */
  52. private $backupProvider;
  53. protected function setUp() {
  54. parent::setUp();
  55. $this->user = $this->createMock(IUser::class);
  56. $this->appManager = $this->createMock(AppManager::class);
  57. $this->session = $this->createMock(ISession::class);
  58. $this->config = $this->createMock(IConfig::class);
  59. $this->activityManager = $this->createMock(IManager::class);
  60. $this->logger = $this->createMock(ILogger::class);
  61. $this->manager = $this->getMockBuilder('\OC\Authentication\TwoFactorAuth\Manager')
  62. ->setConstructorArgs([$this->appManager, $this->session, $this->config, $this->activityManager, $this->logger])
  63. ->setMethods(['loadTwoFactorApp']) // Do not actually load the apps
  64. ->getMock();
  65. $this->fakeProvider = $this->createMock(IProvider::class);
  66. $this->fakeProvider->expects($this->any())
  67. ->method('getId')
  68. ->will($this->returnValue('email'));
  69. $this->fakeProvider->expects($this->any())
  70. ->method('isTwoFactorAuthEnabledForUser')
  71. ->will($this->returnValue(true));
  72. OC::$server->registerService('\OCA\MyCustom2faApp\FakeProvider', function() {
  73. return $this->fakeProvider;
  74. });
  75. $this->backupProvider = $this->getMockBuilder('\OCP\Authentication\TwoFactorAuth\IProvider')->getMock();
  76. $this->backupProvider->expects($this->any())
  77. ->method('getId')
  78. ->will($this->returnValue('backup_codes'));
  79. $this->backupProvider->expects($this->any())
  80. ->method('isTwoFactorAuthEnabledForUser')
  81. ->will($this->returnValue(true));
  82. OC::$server->registerService('\OCA\TwoFactorBackupCodes\Provider\FakeBackupCodesProvider', function () {
  83. return $this->backupProvider;
  84. });
  85. }
  86. private function prepareNoProviders() {
  87. $this->appManager->expects($this->any())
  88. ->method('getEnabledAppsForUser')
  89. ->with($this->user)
  90. ->will($this->returnValue([]));
  91. $this->appManager->expects($this->never())
  92. ->method('getAppInfo');
  93. $this->manager->expects($this->never())
  94. ->method('loadTwoFactorApp');
  95. }
  96. private function prepareProviders() {
  97. $this->appManager->expects($this->any())
  98. ->method('getEnabledAppsForUser')
  99. ->with($this->user)
  100. ->will($this->returnValue(['mycustom2faapp']));
  101. $this->appManager->expects($this->once())
  102. ->method('getAppInfo')
  103. ->with('mycustom2faapp')
  104. ->will($this->returnValue([
  105. 'two-factor-providers' => [
  106. '\OCA\MyCustom2faApp\FakeProvider',
  107. ],
  108. ]));
  109. $this->manager->expects($this->once())
  110. ->method('loadTwoFactorApp')
  111. ->with('mycustom2faapp');
  112. }
  113. private function prepareProvidersWitBackupProvider() {
  114. $this->appManager->expects($this->any())
  115. ->method('getEnabledAppsForUser')
  116. ->with($this->user)
  117. ->will($this->returnValue([
  118. 'mycustom2faapp',
  119. 'twofactor_backupcodes',
  120. ]));
  121. $this->appManager->expects($this->exactly(2))
  122. ->method('getAppInfo')
  123. ->will($this->returnValueMap([
  124. [
  125. 'mycustom2faapp',
  126. ['two-factor-providers' => [
  127. '\OCA\MyCustom2faApp\FakeProvider',
  128. ]
  129. ]
  130. ],
  131. [
  132. 'twofactor_backupcodes',
  133. ['two-factor-providers' => [
  134. '\OCA\TwoFactorBackupCodes\Provider\FakeBackupCodesProvider',
  135. ]
  136. ]
  137. ],
  138. ]));
  139. $this->manager->expects($this->exactly(2))
  140. ->method('loadTwoFactorApp');
  141. }
  142. /**
  143. * @expectedException Exception
  144. * @expectedExceptionMessage Could not load two-factor auth provider \OCA\MyFaulty2faApp\DoesNotExist
  145. */
  146. public function testFailHardIfProviderCanNotBeLoaded() {
  147. $this->appManager->expects($this->once())
  148. ->method('getEnabledAppsForUser')
  149. ->with($this->user)
  150. ->will($this->returnValue(['faulty2faapp']));
  151. $this->manager->expects($this->once())
  152. ->method('loadTwoFactorApp')
  153. ->with('faulty2faapp');
  154. $this->appManager->expects($this->once())
  155. ->method('getAppInfo')
  156. ->with('faulty2faapp')
  157. ->will($this->returnValue([
  158. 'two-factor-providers' => [
  159. '\OCA\MyFaulty2faApp\DoesNotExist',
  160. ],
  161. ]));
  162. $this->manager->getProviders($this->user);
  163. }
  164. public function testIsTwoFactorAuthenticated() {
  165. $this->prepareProviders();
  166. $this->user->expects($this->once())
  167. ->method('getUID')
  168. ->will($this->returnValue('user123'));
  169. $this->config->expects($this->once())
  170. ->method('getUserValue')
  171. ->with('user123', 'core', 'two_factor_auth_disabled', 0)
  172. ->will($this->returnValue(0));
  173. $this->assertTrue($this->manager->isTwoFactorAuthenticated($this->user));
  174. }
  175. public function testGetProvider() {
  176. $this->prepareProviders();
  177. $this->assertSame($this->fakeProvider, $this->manager->getProvider($this->user, 'email'));
  178. }
  179. public function testGetBackupProvider() {
  180. $this->prepareProvidersWitBackupProvider();
  181. $this->assertSame($this->backupProvider, $this->manager->getBackupProvider($this->user));
  182. }
  183. public function testGetInvalidProvider() {
  184. $this->prepareProviders();
  185. $this->assertSame(null, $this->manager->getProvider($this->user, 'nonexistent'));
  186. }
  187. public function testGetProviders() {
  188. $this->prepareProviders();
  189. $expectedProviders = [
  190. 'email' => $this->fakeProvider,
  191. ];
  192. $this->assertEquals($expectedProviders, $this->manager->getProviders($this->user));
  193. }
  194. public function testVerifyChallenge() {
  195. $this->prepareProviders();
  196. $challenge = 'passme';
  197. $event = $this->createMock(IEvent::class);
  198. $this->fakeProvider->expects($this->once())
  199. ->method('verifyChallenge')
  200. ->with($this->user, $challenge)
  201. ->will($this->returnValue(true));
  202. $this->session->expects($this->once())
  203. ->method('get')
  204. ->with('two_factor_remember_login')
  205. ->will($this->returnValue(false));
  206. $this->session->expects($this->at(1))
  207. ->method('remove')
  208. ->with('two_factor_auth_uid');
  209. $this->session->expects($this->at(2))
  210. ->method('remove')
  211. ->with('two_factor_remember_login');
  212. $this->activityManager->expects($this->once())
  213. ->method('generateEvent')
  214. ->willReturn($event);
  215. $this->user->expects($this->any())
  216. ->method('getUID')
  217. ->willReturn('jos');
  218. $event->expects($this->once())
  219. ->method('setApp')
  220. ->with($this->equalTo('twofactor_generic'))
  221. ->willReturnSelf();
  222. $event->expects($this->once())
  223. ->method('setType')
  224. ->with($this->equalTo('twofactor'))
  225. ->willReturnSelf();
  226. $event->expects($this->once())
  227. ->method('setAuthor')
  228. ->with($this->equalTo('jos'))
  229. ->willReturnSelf();
  230. $event->expects($this->once())
  231. ->method('setAffectedUser')
  232. ->with($this->equalTo('jos'))
  233. ->willReturnSelf();
  234. $this->fakeProvider->expects($this->once())
  235. ->method('getDisplayName')
  236. ->willReturn('Fake 2FA');
  237. $event->expects($this->once())
  238. ->method('setSubject')
  239. ->with($this->equalTo('twofactor_success'), $this->equalTo([
  240. 'provider' => 'Fake 2FA',
  241. ]))
  242. ->willReturnSelf();
  243. $this->assertTrue($this->manager->verifyChallenge('email', $this->user, $challenge));
  244. }
  245. public function testVerifyChallengeInvalidProviderId() {
  246. $this->prepareProviders();
  247. $challenge = 'passme';
  248. $this->fakeProvider->expects($this->never())
  249. ->method('verifyChallenge')
  250. ->with($this->user, $challenge);
  251. $this->session->expects($this->never())
  252. ->method('remove');
  253. $this->assertFalse($this->manager->verifyChallenge('dontexist', $this->user, $challenge));
  254. }
  255. public function testVerifyInvalidChallenge() {
  256. $this->prepareProviders();
  257. $challenge = 'dontpassme';
  258. $event = $this->createMock(IEvent::class);
  259. $this->fakeProvider->expects($this->once())
  260. ->method('verifyChallenge')
  261. ->with($this->user, $challenge)
  262. ->will($this->returnValue(false));
  263. $this->session->expects($this->never())
  264. ->method('remove');
  265. $this->activityManager->expects($this->once())
  266. ->method('generateEvent')
  267. ->willReturn($event);
  268. $this->user->expects($this->any())
  269. ->method('getUID')
  270. ->willReturn('jos');
  271. $event->expects($this->once())
  272. ->method('setApp')
  273. ->with($this->equalTo('twofactor_generic'))
  274. ->willReturnSelf();
  275. $event->expects($this->once())
  276. ->method('setType')
  277. ->with($this->equalTo('twofactor'))
  278. ->willReturnSelf();
  279. $event->expects($this->once())
  280. ->method('setAuthor')
  281. ->with($this->equalTo('jos'))
  282. ->willReturnSelf();
  283. $event->expects($this->once())
  284. ->method('setAffectedUser')
  285. ->with($this->equalTo('jos'))
  286. ->willReturnSelf();
  287. $this->fakeProvider->expects($this->once())
  288. ->method('getDisplayName')
  289. ->willReturn('Fake 2FA');
  290. $event->expects($this->once())
  291. ->method('setSubject')
  292. ->with($this->equalTo('twofactor_failed'), $this->equalTo([
  293. 'provider' => 'Fake 2FA',
  294. ]))
  295. ->willReturnSelf();
  296. $this->assertFalse($this->manager->verifyChallenge('email', $this->user, $challenge));
  297. }
  298. public function testNeedsSecondFactor() {
  299. $user = $this->createMock(IUser::class);
  300. $this->session->expects($this->once())
  301. ->method('exists')
  302. ->with('two_factor_auth_uid')
  303. ->will($this->returnValue(false));
  304. $this->assertFalse($this->manager->needsSecondFactor($user));
  305. }
  306. public function testNeedsSecondFactorUserIsNull() {
  307. $user = null;
  308. $this->session->expects($this->never())
  309. ->method('exists');
  310. $this->assertFalse($this->manager->needsSecondFactor($user));
  311. }
  312. public function testNeedsSecondFactorWithNoProviderAvailableAnymore() {
  313. $this->prepareNoProviders();
  314. $user = null;
  315. $this->session->expects($this->never())
  316. ->method('exists')
  317. ->with('two_factor_auth_uid')
  318. ->will($this->returnValue(true));
  319. $this->session->expects($this->never())
  320. ->method('remove')
  321. ->with('two_factor_auth_uid');
  322. $this->assertFalse($this->manager->needsSecondFactor($user));
  323. }
  324. public function testPrepareTwoFactorLogin() {
  325. $this->user->expects($this->once())
  326. ->method('getUID')
  327. ->will($this->returnValue('ferdinand'));
  328. $this->session->expects($this->at(0))
  329. ->method('set')
  330. ->with('two_factor_auth_uid', 'ferdinand');
  331. $this->session->expects($this->at(1))
  332. ->method('set')
  333. ->with('two_factor_remember_login', true);
  334. $this->manager->prepareTwoFactorLogin($this->user, true);
  335. }
  336. public function testPrepareTwoFactorLoginDontRemember() {
  337. $this->user->expects($this->once())
  338. ->method('getUID')
  339. ->will($this->returnValue('ferdinand'));
  340. $this->session->expects($this->at(0))
  341. ->method('set')
  342. ->with('two_factor_auth_uid', 'ferdinand');
  343. $this->session->expects($this->at(1))
  344. ->method('set')
  345. ->with('two_factor_remember_login', false);
  346. $this->manager->prepareTwoFactorLogin($this->user, false);
  347. }
  348. }