Ejemplo n.º 1
0
 /**
  * @covers ::isUsed
  * @covers ::markUsed
  */
 function test_reuse()
 {
     $type = CAS\Ticket::TYPE_ST;
     $user = get_user_by('id', $this->factory->user->create());
     $service = 'https://test/ÚÑ|Ǻ∂€/';
     $ticket = new CAS\Ticket($type, $user, $service);
     $this->assertFalse($ticket->isUsed(), 'Newly generated ticket is fresh.');
     $ticket->markUsed();
     $this->assertTrue($ticket->isUsed(), 'Ticket correctly marked as used.');
     Cassava\Options::set('allow_ticket_reuse', 1);
     $this->assertFalse($ticket->isUsed(), 'Settings allow ticket reuse.');
 }
 /**
  * @runInSeparateProcess
  * @covers ::validate
  */
 function test_validate()
 {
     /**
      * No service.
      */
     $args = array('service' => '', 'ticket' => 'ticket');
     $this->assertEquals($this->controller->handleRequest($args), "no\n\n", "Error on empty service.");
     /**
      * No ticket.
      */
     $args = array('service' => 'http://test.local/', 'ticket' => '');
     $this->assertEquals($this->controller->handleRequest($args), "no\n\n", "Error on empty ticket.");
     /**
      * Invalid ticket.
      */
     $args = array('service' => 'http://test.local/', 'ticket' => 'bad-ticket');
     $this->assertEquals($this->controller->handleRequest($args), "no\n\n", "Error on invalid ticket.");
     /**
      * Valid ticket.
      */
     $service = 'http://test/';
     $user_id = $this->factory->user->create();
     wp_set_current_user($user_id);
     try {
         $login = new CAS\Controller\LoginController($this->server);
         $login->handleRequest(array('service' => $service));
     } catch (WPDieException $message) {
         parse_str(parse_url($this->redirect_location, PHP_URL_QUERY), $query);
     }
     $args = array('service' => $service, 'ticket' => $query['ticket']);
     $user = get_user_by('id', $user_id);
     $this->assertEquals("yes\n" . $user->user_login . "\n", $this->controller->handleRequest($args), "Valid ticket.");
     Cassava\Options::set('allow_ticket_reuse', 1);
     $this->assertEquals("yes\n" . $user->user_login . "\n", $this->controller->handleRequest($args), "Tickets may reused.");
     Cassava\Options::set('allow_ticket_reuse', 0);
     $this->assertEquals("no\n\n", $this->controller->handleRequest($args), "Tickets may not be reused.");
     $this->markTestIncomplete("Test support for the optional 'pgtUrl' and 'renew' parameters.");
 }
Ejemplo n.º 3
0
 /**
  * @group filter
  */
 function test_cas_server_validation_user_attributes()
 {
     $filter = 'cas_server_validation_user_attributes';
     $controller = new Cassava\CAS\Controller\ServiceValidateController($this->server);
     $function = array($controller, 'handleRequest');
     $service = 'http://test/';
     wp_set_current_user($this->factory->user->create());
     try {
         $loginController = new Cassava\CAS\Controller\LoginController($this->server);
         $loginController->handleRequest(array('service' => $service));
     } catch (WPDieException $message) {
         parse_str(parse_url($this->redirect_location, PHP_URL_QUERY), $query);
     }
     Cassava\Options::set('attributes', array('user_email'));
     $args = array('service' => $service, 'ticket' => $query['ticket']);
     $this->_assertFilterIsCalled($filter, $function, array($args));
 }
 /**
  * @runInSeparateProcess
  * @covers ::proxyValidate
  *
  * @todo Test support for the optional 'pgtUrl' parameter.
  * @todo Test support for the optional 'renew' parameter.
  */
 function test_proxyValidate()
 {
     $service = 'http://test/';
     /**
      * No service.
      */
     $args = array('service' => '', 'ticket' => 'ticket');
     $error = $this->controller->handleRequest($args);
     $this->assertXPathMatch(1, 'count(//cas:authenticationFailure)', $error, 'Error if service not provided.');
     $this->assertXPathMatch(RequestException::ERROR_INVALID_REQUEST, 'string(//cas:authenticationFailure[1]/@code)', $error, 'INVALID_REQUEST error code if service not provided.');
     /**
      * No ticket.
      */
     $args = array('service' => $service, 'ticket' => '');
     $error = $this->controller->handleRequest($args);
     $this->assertXPathMatch(1, 'count(//cas:authenticationFailure)', $error, 'Error if ticket not provided.');
     $this->assertXPathMatch(RequestException::ERROR_INVALID_REQUEST, 'string(//cas:authenticationFailure[1]/@code)', $error, 'INVALID_REQUEST error code if ticket not provided.');
     /**
      * Invalid ticket.
      */
     $args = array('service' => $service, 'ticket' => 'bad-ticket');
     $error = $this->controller->handleRequest($args);
     $this->assertXPathMatch(1, 'count(//cas:authenticationFailure)', $error, 'Error on bad ticket.');
     $this->assertXPathMatch(TicketException::ERROR_INVALID_TICKET, 'string(//cas:authenticationFailure[1]/@code)', $error, 'INVALID_TICKET error code on bad ticket.');
     /**
      * Valid ticket.
      */
     $user_id = $this->factory->user->create();
     wp_set_current_user($user_id);
     try {
         $login = new CAS\Controller\LoginController($this->server);
         $login->handleRequest(array('service' => $service));
     } catch (WPDieException $message) {
         parse_str(parse_url($this->redirect_location, PHP_URL_QUERY), $query);
     }
     $args = array('service' => $service, 'ticket' => $query['ticket']);
     $user = get_user_by('id', $user_id);
     $xml = $this->controller->handleRequest($args);
     $this->assertXPathMatch(1, 'count(//cas:authenticationSuccess)', $xml, 'Successful validation.');
     $this->assertXPathMatch(1, 'count(//cas:authenticationSuccess/cas:user)', $xml, "Ticket validation response returns a user.");
     $this->assertXPathMatch($user->user_login, 'string(//cas:authenticationSuccess[1]/cas:user[1])', $xml, "Ticket validation returns user login.");
     /**
      * Do not enforce single-use tickets.
      */
     Cassava\Options::set('allow_ticket_reuse', 1);
     $xml = $this->controller->handleRequest($args);
     $this->assertXPathMatch(1, 'count(//cas:authenticationSuccess)', $xml, 'Settings allow ticket reuse.');
     /**
      * /proxyValidate may validate Proxy Tickets.
      */
     $args = array('service' => $service, 'ticket' => preg_replace('@^' . CAS\Ticket::TYPE_ST . '@', CAS\Ticket::TYPE_PT, $query['ticket']));
     $xml = $this->controller->handleRequest($args);
     $this->assertXPathMatch(1, 'count(//cas:authenticationSuccess)', $xml, "'proxyValidate' may validate proxy tickets.");
     /**
      * Enforce single-use tickets.
      */
     Cassava\Options::set('allow_ticket_reuse', 0);
     $args = array('service' => $service, 'ticket' => $query['ticket']);
     $error = $this->controller->handleRequest($args);
     $this->assertXPathMatch(1, 'count(//cas:authenticationFailure)', $error, "Settings do not allow ticket reuse.");
     $this->assertXPathMatch(TicketException::ERROR_INVALID_TICKET, 'string(//cas:authenticationFailure[1]/@code)', $error, 'INVALID_TICKET error code on ticket reuse.');
 }
 /**
  * @runInSeparateProcess
  * @covers ::proxy
  */
 function test_proxy()
 {
     $targetService = 'http://test/';
     /**
      * No proxy-granting ticket.
      */
     $args = array('targetService' => $targetService, 'pgt' => '');
     $error = $this->controller->handleRequest($args);
     $this->assertXPathMatch(1, 'count(//cas:proxyFailure)', $error, 'Error if proxy-granting ticket not provided.');
     $this->assertXPathMatch(RequestException::ERROR_INVALID_REQUEST, 'string(//cas:proxyFailure[1]/@code)', $error, 'INVALID_REQUEST error code if proxy-granting ticket not provided.');
     /**
      * No target service.
      */
     $args = array('targetService' => '', 'pgt' => 'pgt');
     $error = $this->controller->handleRequest($args);
     $this->assertXPathMatch(1, 'count(//cas:proxyFailure)', $error, 'Error if target service not provided.');
     $this->assertXPathMatch(RequestException::ERROR_INVALID_REQUEST, 'string(//cas:proxyFailure[1]/@code)', $error, 'INVALID_REQUEST error code if target service not provided.');
     /**
      * Invalid proxy-granting ticket.
      */
     $args = array('targetService' => $targetService, 'pgt' => 'bad-ticket');
     $error = $this->controller->handleRequest($args);
     $this->assertXPathMatch(1, 'count(//cas:proxyFailure)', $error, 'Error on bad proxy-granting ticket.');
     $this->assertXPathMatch(TicketException::ERROR_BAD_PGT, 'string(//cas:proxyFailure[1]/@code)', $error, 'BAD_PGT error code on bad proxy-granting ticket.');
     /**
      * /proxy should not validate service tickets.
      */
     $user_id = $this->factory->user->create();
     wp_set_current_user($user_id);
     try {
         $login = new CAS\Controller\LoginController($this->server);
         $login->handleRequest(array('service' => $targetService));
     } catch (WPDieException $message) {
         parse_str(parse_url($this->redirect_location, PHP_URL_QUERY), $query);
     }
     $args = array('targetService' => $targetService, 'pgt' => $query['ticket']);
     $xml = $this->controller->handleRequest($args);
     $this->assertXPathMatch(1, 'count(//cas:proxyFailure)', $xml, "'proxy' should not validate service tickets.");
     $this->assertXPathMatch(TicketException::ERROR_BAD_PGT, 'string(//cas:proxyFailure[1]/@code)', $xml, 'BAD_PGT error code on proxy ticket.');
     /**
      * /proxy should not validate proxy tickets.
      */
     $args = array('targetService' => $targetService, 'pgt' => preg_replace('@^' . CAS\Ticket::TYPE_ST . '@', CAS\Ticket::TYPE_PT, $query['ticket']));
     $xml = $this->controller->handleRequest($args);
     $this->assertXPathMatch(1, 'count(//cas:proxyFailure)', $xml, "'proxy' should not validate proxy tickets.");
     $this->assertXPathMatch(TicketException::ERROR_BAD_PGT, 'string(//cas:proxyFailure[1]/@code)', $xml, 'BAD_PGT error code on service ticket.');
     /**
      * /proxy validates a Proxy-Granting Ticket successfully.
      */
     Cassava\Options::set('allow_ticket_reuse', 1);
     $args = array('targetService' => $targetService, 'pgt' => preg_replace('@^' . CAS\Ticket::TYPE_ST . '@', CAS\Ticket::TYPE_PGT, $query['ticket']));
     $xml = $this->controller->handleRequest($args);
     $this->assertXPathMatch(1, 'count(//cas:proxySuccess)', $xml, 'Successful validation on proxy-granting ticket.');
     $this->assertXPathMatch(1, 'count(//cas:proxySuccess/cas:proxyTicket)', $xml, "'/proxy' response returns a proxy ticket.");
     $proxyTicket = $this->xpathEvaluate('string(//cas:proxySuccess[1]/cas:proxyTicket[1])', $xml);
     $args = array('service' => $targetService, 'ticket' => $proxyTicket);
     $proxyValidate = new CAS\Controller\ProxyValidateController($this->server);
     $xml = $proxyValidate->handleRequest($args);
     $this->assertXPathMatch(1, 'count(//cas:authenticationSuccess)', $xml, "'/proxy' response returns a valid proxy ticket.");
     /**
      * Do not enforce single-use tickets.
      */
     $args = array('targetService' => $targetService, 'pgt' => preg_replace('@^' . CAS\Ticket::TYPE_ST . '@', CAS\Ticket::TYPE_PGT, $query['ticket']));
     $xml = $this->controller->handleRequest($args);
     $this->assertXPathMatch(1, 'count(//cas:proxySuccess)', $xml, 'Settings allow ticket reuse.');
     /**
      * Enforce single-use tickets.
      */
     Cassava\Options::set('allow_ticket_reuse', 0);
     $error = $this->controller->handleRequest($args);
     $this->assertXPathMatch(1, 'count(//cas:proxyFailure)', $error, "Settings do not allow ticket reuse.");
     $this->assertXPathMatch(TicketException::ERROR_BAD_PGT, 'string(//cas:proxyFailure[1]/@code)', $error, 'BAD_PGT error code on ticket reuse.');
 }
 /**
  * @runInSeparateProcess
  * @covers ::serviceValidate
  *
  * @todo Test support for the optional 'pgtUrl' parameter.
  * @todo Test support for the optional 'renew' parameter.
  */
 function test_serviceValidate()
 {
     $service = 'http://test/';
     /**
      * No service.
      */
     $args = array('service' => '', 'ticket' => 'ticket');
     $error = $this->controller->handleRequest($args);
     $this->assertXPathMatch(1, 'count(//cas:authenticationFailure)', $error, 'Error if service not provided.');
     $this->assertXPathMatch(RequestException::ERROR_INVALID_REQUEST, 'string(//cas:authenticationFailure[1]/@code)', $error, 'INVALID_REQUEST error code if service not provided.');
     /**
      * No ticket.
      */
     $args = array('service' => $service, 'ticket' => '');
     $error = $this->controller->handleRequest($args);
     $this->assertXPathMatch(1, 'count(//cas:authenticationFailure)', $error, 'Error if ticket not provided.');
     $this->assertXPathMatch(RequestException::ERROR_INVALID_REQUEST, 'string(//cas:authenticationFailure[1]/@code)', $error, 'INVALID_REQUEST error code if ticket not provided.');
     /**
      * Invalid ticket.
      */
     $args = array('service' => $service, 'ticket' => 'bad-ticket');
     $error = $this->controller->handleRequest($args);
     $this->assertXPathMatch(1, 'count(//cas:authenticationFailure)', $error, 'Error on bad ticket.');
     $this->assertXPathMatch(TicketException::ERROR_INVALID_TICKET, 'string(//cas:authenticationFailure[1]/@code)', $error, 'INVALID_TICKET error code on bad ticket.');
     /**
      * Valid ticket.
      */
     $user_id = $this->factory->user->create();
     wp_set_current_user($user_id);
     try {
         $login = new CAS\Controller\LoginController($this->server);
         $login->handleRequest(array('service' => $service));
     } catch (WPDieException $message) {
         parse_str(parse_url($this->redirect_location, PHP_URL_QUERY), $query);
     }
     $args = array('service' => $service, 'ticket' => $query['ticket']);
     $user = get_user_by('id', $user_id);
     $xml = $this->controller->handleRequest($args);
     $this->assertXPathMatch(1, 'count(//cas:authenticationSuccess)', $xml, 'Successful validation.');
     $this->assertXPathMatch(1, 'count(//cas:authenticationSuccess/cas:user)', $xml, "Ticket validation response returns a user.");
     $this->assertXPathMatch($user->user_login, 'string(//cas:authenticationSuccess/cas:user)', $xml, "Ticket validation returns user login.");
     /**
      * Do not enforce single-use tickets.
      */
     Cassava\Options::set('allow_ticket_reuse', 1);
     $xml = $this->controller->handleRequest($args);
     $this->assertXPathMatch(1, 'count(//cas:authenticationSuccess)', $xml, 'Settings allow ticket reuse.');
     /**
      * Validate does not return any user attributes.
      */
     $this->assertXPathMatch(0, 'count(//cas:authenticationSuccess/cas:attributes)', $xml, "Ticket validation returns no user attributes.");
     /**
      * Validate returns selected user attributes.
      */
     Cassava\Options::set('attributes', array('display_name', 'user_email'));
     $xml = $this->controller->handleRequest($args);
     $this->assertXPathMatch($user->get('display_name'), 'string(//cas:authenticationSuccess/cas:attributes/cas:display_name)', $xml, 'Ticket validation returns the user display name.');
     $this->assertXPathMatch($user->get('user_email'), 'string(//cas:authenticationSuccess/cas:attributes/cas:user_email)', $xml, 'Ticket validation returns the user email.');
     /**
      * /serviceValidate should not validate Proxy Tickets.
      */
     $args = array('service' => $service, 'ticket' => preg_replace('@^' . CAS\Ticket::TYPE_ST . '@', CAS\Ticket::TYPE_PT, $query['ticket']));
     $error = $this->controller->handleRequest($args);
     $this->assertXPathMatch(1, 'count(//cas:authenticationFailure)', $error, "'serviceValidate' may not validate proxy tickets.");
     $this->assertXPathMatch(TicketException::ERROR_INVALID_TICKET, 'string(//cas:authenticationFailure[1]/@code)', $error, 'INVALID_TICKET error code on proxy ticket.');
     /**
      * Enforce single-use tickets.
      */
     Cassava\Options::set('allow_ticket_reuse', 0);
     $args = array('service' => $service, 'ticket' => $query['ticket']);
     $error = $this->controller->handleRequest($args);
     $this->assertXPathMatch(1, 'count(//cas:authenticationFailure)', $error, "Settings do not allow ticket reuse.");
     $this->assertXPathMatch(TicketException::ERROR_INVALID_TICKET, 'string(//cas:authenticationFailure[1]/@code)', $error, 'INVALID_TICKET error code on ticket reuse.');
     $this->markTestIncomplete("Test support for the optional 'pgtUrl' and 'renew' parameters.");
 }