public function setUp()
{
$this->mockSecurityContext = $this->getMockBuilder(Context::class)->disableOriginalConstructor()->getMock();
$this->mockSecurityContext->expects($this->any())->method('withoutAuthorizationChecks')->will($this->returnCallback(function ($callback) {
return $callback->__invoke();
}));
}
/**
* @test
*/
public function handleSetsRequestInSecurityContext()
{
$this->mockHttpRequest->expects($this->any())->method('getArguments')->will($this->returnValue(array()));
$this->mockPropertyMapper->expects($this->any())->method('convert')->with('', 'array', $this->mockPropertyMappingConfiguration)->will($this->returnValue(array()));
$this->mockSecurityContext->expects($this->once())->method('setRequest')->with($this->mockActionRequest);
$this->dispatchComponent->handle($this->mockComponentContext);
}
/**
* @test
*/
public function getUserWorkspaceNameReturnsTheUsersWorkspaceNameIfAUserIsLoggedIn()
{
$mockAccount = $this->getMockBuilder('TYPO3\\Flow\\Security\\Account')->disableOriginalConstructor()->getMock();
$mockAccount->expects($this->atLeastOnce())->method('getAccountIdentifier')->will($this->returnValue('The UserName'));
$this->mockSecurityContext->expects($this->atLeastOnce())->method('getAccount')->will($this->returnValue($mockAccount));
$this->assertSame('user-TheUserName', $this->userService->getUserWorkspaceName());
}
/**
* @test
* @todo adjust when AfterInvocationInterceptor is used again
*/
public function enforcePolicyDoesNotInvokeInterceptorIfAuthorizationChecksAreDisabled()
{
$this->mockAdviceChain->expects($this->once())->method('proceed')->with($this->mockJoinPoint);
$this->mockJoinPoint->expects($this->once())->method('getAdviceChain')->will($this->returnValue($this->mockAdviceChain));
$this->mockSecurityContext->expects($this->atLeastOnce())->method('areAuthorizationChecksDisabled')->will($this->returnValue(true));
$this->mockPolicyEnforcementInterceptor->expects($this->never())->method('invoke');
$this->policyEnforcementAspect->enforcePolicy($this->mockJoinPoint);
}
/**
* @test
*/
public function csrfTokenFieldIsRenderedForUnsafeRequests()
{
/** @var FormViewHelper|\PHPUnit_Framework_MockObject_MockObject $viewHelper */
$viewHelper = $this->getAccessibleMock(\TYPO3\Fluid\ViewHelpers\FormViewHelper::class, null, array(), '', false);
$this->injectDependenciesIntoViewHelper($viewHelper);
$this->securityContext->expects($this->any())->method('isInitialized')->will($this->returnValue(true));
$this->mockAuthenticationManager->expects($this->any())->method('isAuthenticated')->will($this->returnValue(true));
$this->securityContext->expects($this->atLeastOnce())->method('getCsrfProtectionToken')->will($this->returnValue('CSRFTOKEN'));
$this->assertEquals('<input type="hidden" name="__csrfToken" value="CSRFTOKEN" />' . chr(10), $viewHelper->_call('renderCsrfTokenField'));
}
/**
* @test
*/
public function isPrivilegeTargetGrantedReturnsTrueIfThereIsNoDenyVoteAndOneGrantVote()
{
$mockRole1 = $this->getMockBuilder(\TYPO3\Flow\Security\Policy\Role::class)->disableOriginalConstructor()->getMock();
$mockRole1->expects($this->any())->method('getPrivilegeForTarget')->will($this->returnValue($this->abstainPrivilege));
$mockRole2 = $this->getMockBuilder(\TYPO3\Flow\Security\Policy\Role::class)->disableOriginalConstructor()->getMock();
$mockRole2->expects($this->any())->method('getPrivilegeForTarget')->will($this->returnValue($this->grantPrivilege));
$mockRole3 = $this->getMockBuilder(\TYPO3\Flow\Security\Policy\Role::class)->disableOriginalConstructor()->getMock();
$mockRole3->expects($this->any())->method('getPrivilegeForTarget')->will($this->returnValue($this->abstainPrivilege));
$this->mockSecurityContext->expects($this->any())->method('getRoles')->will($this->returnValue(array($mockRole1, $mockRole2, $mockRole3)));
$this->assertTrue($this->privilegeManager->isPrivilegeTargetGranted('somePrivilegeTargetIdentifier'));
}
/**
* @test
*/
public function logoutRefreshesTokensInSecurityContext()
{
$this->authenticationProviderManager = $this->getAccessibleMock(\TYPO3\Flow\Security\Authentication\AuthenticationProviderManager::class, array('emitLoggedOut'), array(), '', false);
$this->inject($this->authenticationProviderManager, 'securityContext', $this->mockSecurityContext);
$this->inject($this->authenticationProviderManager, 'session', $this->mockSession);
$this->mockSession->expects($this->any())->method('canBeResumed')->will($this->returnValue(true));
$this->mockSession->expects($this->any())->method('isStarted')->will($this->returnValue(true));
$token = $this->createMock(\TYPO3\Flow\Security\Authentication\TokenInterface::class);
$token->expects($this->any())->method('isAuthenticated')->will($this->returnValue(true));
$this->mockSecurityContext->expects($this->any())->method('getAuthenticationTokens')->will($this->returnValue(array($token)));
$this->mockSecurityContext->expects($this->once())->method('refreshTokens');
$this->authenticationProviderManager->logout();
}
/**
* @test
*/
public function handleInjectsActionRequestToSecurityContext()
{
$mockWidgetId = 'SomeWidgetId';
$mockControllerObjectName = 'SomeControllerObjectName';
$this->mockHttpRequest->expects($this->at(0))->method('hasArgument')->with('__widgetId')->will($this->returnValue(true));
$this->mockHttpRequest->expects($this->atLeastOnce())->method('getArgument')->with('__widgetId')->will($this->returnValue($mockWidgetId));
$mockWidgetContext = $this->getMockBuilder(\TYPO3\Fluid\Core\Widget\WidgetContext::class)->getMock();
$mockWidgetContext->expects($this->atLeastOnce())->method('getControllerObjectName')->will($this->returnValue($mockControllerObjectName));
$this->mockAjaxWidgetContextHolder->expects($this->atLeastOnce())->method('get')->with($mockWidgetId)->will($this->returnValue($mockWidgetContext));
$mockActionRequest = $this->getMockBuilder(\TYPO3\Flow\Mvc\ActionRequest::class)->disableOriginalConstructor()->getMock();
$this->mockObjectManager->expects($this->atLeastOnce())->method('get')->with(\TYPO3\Flow\Mvc\ActionRequest::class)->will($this->returnValue($mockActionRequest));
$this->mockSecurityContext->expects($this->once())->method('setRequest')->with($mockActionRequest);
$this->ajaxWidgetComponent->handle($this->mockComponentContext);
}
/**
* @test
*/
public function renderAddsDefaultFieldNamePrefixToTemplateVariableContainerIfNoPrefixIsSpecifiedAndUseParentRequestArgumentIsSet()
{
$expectedPrefix = 'parentRequestsPrefix';
$mockParentRequest = $this->getMock('TYPO3\\Flow\\Mvc\\ActionRequest', array(), array(), '', FALSE);
$mockParentRequest->expects($this->once())->method('getArgumentNamespace')->will($this->returnValue($expectedPrefix));
$mockSubRequest = $this->getMock('TYPO3\\Flow\\Mvc\\ActionRequest', array(), array(), '', FALSE);
$mockSubRequest->expects($this->once())->method('getParentRequest')->will($this->returnValue($mockParentRequest));
$viewHelper = $this->getAccessibleMock('TYPO3\\Fluid\\ViewHelpers\\FormViewHelper', array('getFormActionUri', 'renderChildren', 'renderHiddenIdentityField', 'renderHiddenReferrerFields', 'addFormFieldNamesToViewHelperVariableContainer', 'removeFormFieldNamesFromViewHelperVariableContainer', 'addEmptyHiddenFieldNamesToViewHelperVariableContainer', 'removeEmptyHiddenFieldNamesFromViewHelperVariableContainer', 'renderEmptyHiddenFields', 'renderTrustedPropertiesField'), array(), '', FALSE);
$this->arguments['useParentRequest'] = TRUE;
$this->controllerContext = $this->getMock('TYPO3\\Flow\\Mvc\\Controller\\ControllerContext', array(), array(), '', FALSE);
$this->controllerContext->expects($this->once())->method('getRequest')->will($this->returnValue($mockSubRequest));
$this->renderingContext->setControllerContext($this->controllerContext);
$this->injectDependenciesIntoViewHelper($viewHelper);
$this->securityContext->expects($this->any())->method('isInitialized')->will($this->returnValue(FALSE));
$this->viewHelperVariableContainer->expects($this->once())->method('add')->with('TYPO3\\Fluid\\ViewHelpers\\FormViewHelper', 'fieldNamePrefix', $expectedPrefix);
$viewHelper->render('index');
}
/**
* @test
*/
public function dispatchCallsStartAuthenticationOnAllActiveEntryPoints()
{
$this->mockActionRequest->expects($this->any())->method('isDispatched')->will($this->returnValue(TRUE));
$mockAuthenticationToken1 = $this->getMockBuilder(\TYPO3\Flow\Security\Authentication\TokenInterface::class)->getMock();
$mockEntryPoint1 = $this->getMockBuilder(\TYPO3\Flow\Security\Authentication\EntryPointInterface::class)->getMock();
$mockAuthenticationToken1->expects($this->any())->method('getAuthenticationEntryPoint')->will($this->returnValue($mockEntryPoint1));
$mockAuthenticationToken2 = $this->getMockBuilder(\TYPO3\Flow\Security\Authentication\TokenInterface::class)->getMock();
$mockEntryPoint2 = $this->getMockBuilder(\TYPO3\Flow\Security\Authentication\EntryPointInterface::class)->getMock();
$mockAuthenticationToken2->expects($this->any())->method('getAuthenticationEntryPoint')->will($this->returnValue($mockEntryPoint2));
$this->mockSecurityContext->expects($this->atLeastOnce())->method('getAuthenticationTokens')->will($this->returnValue(array($mockAuthenticationToken1, $mockAuthenticationToken2)));
$this->mockFirewall->expects($this->once())->method('blockIllegalRequests')->will($this->throwException(new AuthenticationRequiredException()));
$mockEntryPoint1->expects($this->once())->method('startAuthentication')->with($this->mockHttpRequest, $this->mockHttpResponse);
$mockEntryPoint2->expects($this->once())->method('startAuthentication')->with($this->mockHttpRequest, $this->mockHttpResponse);
try {
$this->dispatcher->dispatch($this->mockActionRequest, $this->mockHttpResponse);
} catch (AuthenticationRequiredException $exception) {
}
}
/**
* @test
*/
public function shutdownCreatesSpecialDataEntryForSessionWithAuthenticatedAccounts()
{
$session = new Session();
$this->inject($session, 'bootstrap', $this->mockBootstrap);
$this->inject($session, 'objectManager', $this->mockObjectManager);
$this->inject($session, 'settings', $this->settings);
$this->inject($session, 'metaDataCache', $this->createCache('Meta'));
$this->inject($session, 'storageCache', $this->createCache('Storage'));
$session->initializeObject();
$session->start();
$account = new Account();
$account->setAccountIdentifier('admin');
$account->setAuthenticationProviderName('MyProvider');
$token = new UsernamePassword();
$token->setAuthenticationStatus(TokenInterface::AUTHENTICATION_SUCCESSFUL);
$token->setAccount($account);
$this->mockSecurityContext->expects($this->any())->method('isInitialized')->will($this->returnValue(TRUE));
$this->mockSecurityContext->expects($this->any())->method('getAuthenticationTokens')->will($this->returnValue(array($token)));
$session->close();
$this->httpRequest->setCookie($this->httpResponse->getCookie('TYPO3_Flow_Session'));
$session->resume();
$this->assertEquals(array('MyProvider:admin'), $session->getData('TYPO3_Flow_Security_Accounts'));
}
/**
* @test
*/
public function initializeSeparatesActiveAndInactiveTokens()
{
$this->securityContext->expects($this->once())->method('separateActiveAndInactiveTokens');
$this->securityContext->initialize();
}
/**
* @test
*/
public function authenticatingAnUsernamePasswordTokenFetchesAccountWithDisabledAuthorization()
{
$this->mockToken->expects($this->once())->method('getCredentials')->will($this->returnValue(array('username' => 'admin', 'password' => 'password')));
$this->mockSecurityContext->expects($this->once())->method('withoutAuthorizationChecks');
$this->persistedUsernamePasswordProvider->authenticate($this->mockToken);
}
