2021-08-03 11:24:01 +01:00
|
|
|
<?php
|
|
|
|
|
2021-10-10 09:26:18 +01:00
|
|
|
declare(strict_types = 1);
|
|
|
|
|
2021-08-03 11:24:01 +01:00
|
|
|
// {{{ License
|
|
|
|
|
|
|
|
// This file is part of GNU social - https://www.gnu.org/software/social
|
|
|
|
//
|
|
|
|
// GNU social is free software: you can redistribute it and/or modify
|
|
|
|
// it under the terms of the GNU Affero General Public License as published by
|
|
|
|
// the Free Software Foundation, either version 3 of the License, or
|
|
|
|
// (at your option) any later version.
|
|
|
|
//
|
|
|
|
// GNU social is distributed in the hope that it will be useful,
|
|
|
|
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
// GNU Affero General Public License for more details.
|
|
|
|
//
|
|
|
|
// You should have received a copy of the GNU Affero General Public License
|
|
|
|
// along with GNU social. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
|
|
|
|
// }}}
|
|
|
|
|
2022-03-14 18:33:47 +00:00
|
|
|
namespace App\Test\Controller;
|
2021-08-03 11:24:01 +01:00
|
|
|
|
|
|
|
use App\Util\GNUsocialTestCase;
|
|
|
|
|
|
|
|
class SecurityTest extends GNUsocialTestCase
|
|
|
|
{
|
|
|
|
// --------- Login --------------
|
|
|
|
|
|
|
|
private function testLogin(string $nickname, string $password)
|
|
|
|
{
|
|
|
|
// This calls static::bootKernel(), and creates a "client" that is acting as the browser
|
|
|
|
$client = static::createClient();
|
2021-11-11 12:24:45 +00:00
|
|
|
$crawler = $client->request('GET', '/main/login');
|
2021-08-03 11:24:01 +01:00
|
|
|
$this->assertResponseIsSuccessful();
|
|
|
|
// $form = $crawler->selectButton('Sign in')->form();
|
|
|
|
$crawler = $client->submitForm('Sign in', [
|
2021-11-23 22:34:35 +00:00
|
|
|
'_username' => $nickname,
|
|
|
|
'_password' => $password,
|
2021-08-03 11:24:01 +01:00
|
|
|
]);
|
|
|
|
$this->assertResponseStatusCodeSame(302);
|
|
|
|
$crawler = $client->followRedirect();
|
|
|
|
return [$client, $crawler];
|
|
|
|
}
|
|
|
|
|
|
|
|
public function testLoginSuccess()
|
|
|
|
{
|
2022-03-06 23:06:12 +00:00
|
|
|
[$client, $crawler] = self::testLogin($nickname = 'taken_user', 'foobar');
|
2021-12-23 13:27:31 +00:00
|
|
|
$this->assertRouteSame('root');
|
2022-03-06 23:06:12 +00:00
|
|
|
$client->followRedirect();
|
|
|
|
$this->assertSelectorNotExists('.alert');
|
|
|
|
$this->assertSelectorTextContains('.profile-info-url-nickname', $nickname);
|
2021-08-03 11:24:01 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
public function testLoginAttemptAlreadyLoggedIn()
|
|
|
|
{
|
|
|
|
[$client] = self::testLogin('taken_user', 'foobar'); // Normal login
|
2021-11-11 12:24:45 +00:00
|
|
|
$crawler = $client->request('GET', '/main/login'); // attempt to login again
|
2021-08-03 11:24:01 +01:00
|
|
|
$client->followRedirect();
|
2021-12-23 13:27:31 +00:00
|
|
|
$this->assertRouteSame('root');
|
2021-08-03 11:24:01 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
public function testLoginFailure()
|
|
|
|
{
|
|
|
|
self::testLogin('taken_user', 'wrong password');
|
|
|
|
$this->assertResponseIsSuccessful();
|
2022-03-13 18:53:53 +00:00
|
|
|
$this->assertSelectorTextContains('.alert', 'The presented password is invalid.');
|
2021-11-14 23:15:24 +00:00
|
|
|
$this->assertRouteSame('security_login');
|
2021-08-03 11:24:01 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
public function testLoginEmail()
|
|
|
|
{
|
2022-03-06 23:06:12 +00:00
|
|
|
[$client, $crawler] = self::testLogin('taken_user@provider.any', 'foobar');
|
2021-12-23 13:27:31 +00:00
|
|
|
$this->assertRouteSame('root');
|
2022-03-06 23:06:12 +00:00
|
|
|
$client->followRedirect();
|
|
|
|
$this->assertSelectorNotExists('.alert');
|
|
|
|
$this->assertSelectorTextContains('.profile-info-url-nickname', 'taken_user');
|
2021-08-03 11:24:01 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
// --------- Register --------------
|
|
|
|
|
|
|
|
private function testRegister(string $nickname, string $email, string $password)
|
|
|
|
{
|
|
|
|
$client = static::createClient();
|
2021-11-11 12:24:45 +00:00
|
|
|
$crawler = $client->request('GET', '/main/register');
|
2021-08-03 11:24:01 +01:00
|
|
|
$this->assertResponseIsSuccessful();
|
|
|
|
$crawler = $client->submitForm('Register', [
|
|
|
|
'register[nickname]' => $nickname,
|
|
|
|
'register[email]' => $email,
|
|
|
|
'register[password][first]' => $password,
|
|
|
|
'register[password][second]' => $password,
|
|
|
|
]);
|
|
|
|
return [$client, $crawler];
|
|
|
|
}
|
|
|
|
|
|
|
|
public function testRegisterSuccess()
|
|
|
|
{
|
2022-03-06 23:06:12 +00:00
|
|
|
[$client,] = self::testRegister('new_nickname', 'new_email@provider.any', 'foobar');
|
2021-08-03 11:24:01 +01:00
|
|
|
$this->assertResponseStatusCodeSame(302);
|
2022-03-06 23:06:12 +00:00
|
|
|
$crawler = $client->followRedirect();
|
2022-03-13 18:53:53 +00:00
|
|
|
$this->assertRouteSame('security_login');
|
2021-08-03 11:24:01 +01:00
|
|
|
$this->assertSelectorNotExists('.alert');
|
|
|
|
}
|
|
|
|
|
|
|
|
public function testRegisterDifferentPassword()
|
|
|
|
{
|
|
|
|
$client = static::createClient();
|
2021-11-11 12:24:45 +00:00
|
|
|
$crawler = $client->request('GET', '/main/register');
|
2021-08-03 11:24:01 +01:00
|
|
|
$this->assertResponseIsSuccessful();
|
|
|
|
$crawler = $client->submitForm('Register', [
|
|
|
|
'register[nickname]' => 'new_user',
|
2022-03-06 23:06:12 +00:00
|
|
|
'register[email]' => 'new_email@provider.any',
|
2021-08-03 11:24:01 +01:00
|
|
|
'register[password][first]' => 'fooobar',
|
|
|
|
'register[password][second]' => 'barquux',
|
|
|
|
]);
|
|
|
|
$this->assertSelectorTextContains('form[name=register] ul li', 'The password fields must match');
|
|
|
|
$this->assertResponseStatusCodeSame(200);
|
2021-11-14 23:15:24 +00:00
|
|
|
$this->assertRouteSame('security_register');
|
2021-08-03 11:24:01 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
private function testRegisterPasswordLength(string $password, string $error)
|
|
|
|
{
|
2022-03-06 23:06:12 +00:00
|
|
|
[$client, ] = self::testRegister('new_nickname', 'email@provider.any', $password);
|
2021-08-03 11:24:01 +01:00
|
|
|
$this->assertResponseIsSuccessful();
|
2022-03-06 23:06:12 +00:00
|
|
|
$this->assertSelectorTextContains('.form-error', $error);
|
2021-11-14 23:15:24 +00:00
|
|
|
$this->assertRouteSame('security_register');
|
2021-08-03 11:24:01 +01:00
|
|
|
}
|
|
|
|
|
2021-08-03 20:37:11 +01:00
|
|
|
public function testRegisterPasswordEmpty()
|
2021-08-03 11:24:01 +01:00
|
|
|
{
|
|
|
|
self::testRegisterPasswordLength('', error: 'Please enter a password');
|
|
|
|
}
|
|
|
|
|
|
|
|
public function testRegisterPasswordShort()
|
|
|
|
{
|
|
|
|
self::testRegisterPasswordLength('f', error: 'Your password should be at least');
|
|
|
|
}
|
|
|
|
|
|
|
|
public function testRegisterPasswordLong()
|
|
|
|
{
|
|
|
|
self::testRegisterPasswordLength(str_repeat('f', 128), error: 'Your password should be at most');
|
|
|
|
}
|
|
|
|
|
|
|
|
private function testRegisterNoEmail()
|
|
|
|
{
|
2022-03-06 23:06:12 +00:00
|
|
|
[$client, ] = self::testRegister('new_nickname', '', 'foobar');
|
2021-08-03 11:24:01 +01:00
|
|
|
$this->assertResponseIsSuccessful();
|
2022-03-06 23:06:12 +00:00
|
|
|
$this->assertSelectorTextContains('.form-error', 'Please enter an email');
|
2021-11-14 23:15:24 +00:00
|
|
|
$this->assertRouteSame('security_register');
|
2021-08-03 11:24:01 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
private function testRegisterNicknameLength(string $nickname, string $error)
|
|
|
|
{
|
2022-03-06 23:06:12 +00:00
|
|
|
[$client, ] = self::testRegister($nickname, 'email@provider.any', 'foobar');
|
2021-08-03 11:24:01 +01:00
|
|
|
$this->assertResponseIsSuccessful();
|
2022-03-06 23:06:12 +00:00
|
|
|
$this->assertSelectorTextContains('.form-error', $error);
|
2021-11-14 23:15:24 +00:00
|
|
|
$this->assertRouteSame('security_register');
|
2021-08-03 11:24:01 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
public function testRegisterNicknameEmpty()
|
|
|
|
{
|
|
|
|
self::testRegisterNicknameLength('', error: 'Please enter a nickname');
|
|
|
|
}
|
|
|
|
|
|
|
|
public function testRegisterNicknameLong()
|
|
|
|
{
|
|
|
|
self::testRegisterNicknameLength(str_repeat('f', 128), error: 'Your nickname must be at most');
|
|
|
|
}
|
|
|
|
|
|
|
|
public function testRegisterExistingNickname()
|
|
|
|
{
|
2022-03-06 23:06:12 +00:00
|
|
|
[$client, ] = self::testRegister('taken_user', 'new_new_email@provider.any', 'foobar');
|
2021-08-03 11:24:01 +01:00
|
|
|
$this->assertSelectorTextContains('.stacktrace', 'App\Util\Exception\NicknameTakenException');
|
|
|
|
}
|
|
|
|
|
|
|
|
public function testRegisterExistingEmail()
|
|
|
|
{
|
2022-03-07 00:31:02 +00:00
|
|
|
[$client, ] = self::testRegister('other_new_nickname', 'taken_user@provider.any', 'foobar');
|
2021-08-03 11:24:01 +01:00
|
|
|
$this->assertSelectorTextContains('.stacktrace', 'App\Util\Exception\EmailTakenException');
|
|
|
|
}
|
|
|
|
}
|