public static function createUserWithUsername($email = self::TEST_EMAIL, $password = self::TEST_PASSWORD, $username = self::TEST_USERNAME) { $user = new User(); $user->email = $email; $user->username = $username; $user->status = 1; $user->confirmed_on = time(); $user->setPassword($password); $user->save(false); $user->refresh(); // To load the defaults set by the database return $user; }
/** * Checks that the minimum password requirement is working as expected (IS-21). * * @param FunctionalTester $I */ public function testTheMinimumPasswordLength(FunctionalTester $I) { // assert that the property exists $I->assertTrue(isset(Yii::$app->user->minPasswordLength)); // assert that the default value of the property is 6 $I->assertEquals(6, Yii::$app->user->minPasswordLength); // try to register a user with a shorter password $registerPage = RegisterPage::openBy($I); $registerPage->register(Commons::TEST_EMAIL, '12345'); // it must fail $I->see('Password should contain at least 6 characters.'); $I->dontSeeRecord(User::className(), ['email' => Commons::TEST_EMAIL]); // try to register a user with a correct password length $registerPage->register(Commons::TEST_EMAIL, 'Innologica!23'); // it must pass $I->seeRecord(User::className(), ['email' => Commons::TEST_EMAIL]); }
/** * @return yii\db\ActiveQuery */ public function getUser() { return $this->hasOne(User::className(), ['id' => 'user_id']); }
public function _after(FunctionalTester $I) { User::deleteAll('email = :email', [':email' => Commons::TEST_EMAIL]); Utils::cleanDir($this->mailDir); // Delete all emails generated by the tests }
public function unlockUser(UserModel $model) { Yii::info("Unlocking user '{$model->id}'", __CLASS__); $model->login_attempts = 0; $model->locked_until = null; return $model->save(false); }
public function _after(FunctionalTester $I) { User::deleteAll('email = :email', [':email' => Commons::TEST_EMAIL]); }
use nkostadinov\user\models\User; use nkostadinov\user\tests\_pages\LoginPage; use nkostadinov\user\tests\_pages\LogoutPage; $I = new FunctionalTester($scenario); $I->wantTo('see that login works.'); $loginPage = LoginPage::openBy($I); $I->see('Login', 'h3'); //empty username and password $loginPage->login('', ''); $I->expectTo('see validations errors'); $I->see('Username cannot be blank.'); $I->see('Password cannot be blank.'); //wrong username and password $loginPage->login('test', 'test'); $I->expectTo('see validations errors'); $I->see('Incorrect username or password'); //see the forgot password link $I->seeLink('Forgot password?', '/user/recovery/request'); // Test that the login works Commons::createUserWithUsername(); $loginPage->login(Commons::TEST_EMAIL, Commons::TEST_PASSWORD); $I->seeInCurrentUrl('/'); // Logout the user LogoutPage::openBy($I); // Log the user in again $loginPage = LoginPage::openBy($I); // Test that the login works with the username as well $loginPage->login(Commons::TEST_USERNAME, Commons::TEST_PASSWORD); $I->seeInCurrentUrl('/'); User::deleteAll('email = :email', [':email' => Commons::TEST_EMAIL]);
/** * Finds a token with user by the user's email. * * @param string $email The user's email * @param integer $type The token's type. By default Token::TYPE_CONFIRMATION * @return Token The token if found * @throws NotFoundHttpException If the token is not found */ public static function findByUserEmail($email, $type = self::TYPE_CONFIRMATION) { $token = Token::find()->select('*')->leftJoin(User::tableName(), 'user.id = token.user_id')->where(['user.email' => $email, 'user.status' => User::STATUS_ACTIVE, 'type' => $type])->one(); if (empty($token)) { throw new NotFoundHttpException(Yii::t(Module::I18N_CATEGORY, 'Token not found!')); } return $token; }
$loginPage->openBy($I); //$I->assertTrue( // $I->seeExceptionThrown('yii\web\ForbiddenHttpException', function () use ($loginPage, $email) { // $loginPage->login($email, 'test123'); // }) //, "I see yii\\web\\ForbiddenHttpException when trying to login unconfirmed."); //The exception is handled therefore I cannot see the items below ! //$I->seeResponseCodeIs(403); //forbidden //$I->expectTo('see error that you cannot login without confirming your account.'); //$I->see('Unconfirmed account are not allowed to login'); //check database status $I->seeInDatabase('user', ['email' => $email, 'status' => 1, 'confirmed_on' => null]); $user_id = $I->grabFromDatabase('user', 'id', ['email' => $email]); $I->seeInDatabase('token', ['type' => 0, 'user_id' => $user_id]); $token_code = $I->grabFromDatabase('token', 'code', ['type' => 0, 'user_id' => $user_id]); //Confirmation tests //TODO: this fails on travis beacause of buggy phpunit, will enable when fixed //$I->assertTrue( // $I->seeExceptionThrown('yii\web\BadRequestHttpException', function () use ($I) { // ConfirmPage::openBy($I); // }) //, "I see yii\\web\\BadRequestHttpException when opening confirm URL without params."); $confirmPage = ConfirmPage::openBy($I, ['code' => $token_code]); //$I->assertTrue($confirmPage instanceof ConfirmPage); $I->expectTo('see successfully confirmed message!'); $I->see('Registration confirmed', 'h1'); $I->see('Your registration is confirmed succesfully!'); //token must be missing $I->dontSeeInDatabase('token', ['type' => 0, 'user_id' => $user_id]); User::deleteAll('email = :email', [':email' => $email]);
public function testLockOutPolicy() { // Asure that everything is configured properly verify('Check that the advanced directory exists', is_dir(Commons::ADVANCED_MIGRATIONS_DIR))->true(); $files = scandir(Commons::ADVANCED_MIGRATIONS_DIR); $result = preg_grep('/lock_out_policy/', $files); verify('Check that the migration exists', $result)->notEmpty(); $user = Yii::createObject(User::className()); verify('Check that the login_attempts field is added to the user\'s table', $user->hasAttribute(self::ATTR_LOGIN_ATTEMPTS))->true(); verify('Check that the locked_until field is added to the user\'s table', $user->hasAttribute(self::ATTR_LOCKED_UNTIL))->true(); // Behavior validations $loginForm = Yii::createObject(Yii::$app->user->loginForm); $loginForm->username = Commons::TEST_EMAIL; $behavior = $loginForm->attachBehavior('unsuccessfulLoginAttempts', 'nkostadinov\\user\\behaviors\\UnsuccessfulLoginAttemptsBehavior'); verify('Check that the behavior exists', $behavior)->notNull(); verify('Check that maxLoginAttempts field exists', isset($behavior->maxLoginAttempts))->true(); verify('Check that the default value of maxLoginAttempts is set to 5', $behavior->maxLoginAttempts)->equals(5); $user = Commons::createUser(); // Create one user and check the default values verify('Asure that the login_attempts field is empty', $user->login_attempts)->equals(0); verify('Asure that the locked_until field is empty', $user->locked_until)->null(); // Try to login with wrong password $loginForm->password = '******'; $loginForm->login(); $user->refresh(); verify('Check that the login attemps field is initialized', $user->login_attempts)->equals(1); $this->specify('Lock the account', function () use($loginForm, $user) { $behavior = $loginForm->getBehavior('unsuccessfulLoginAttempts'); for ($i = 1; $i < $behavior->maxLoginAttempts; $i++) { // Start from 1 because we already have one attempt $loginForm->login(); } }, ['throws' => new ForbiddenHttpException()]); // Check the lock values $behavior = $loginForm->getBehavior('unsuccessfulLoginAttempts'); $user->refresh(); verify('Check that the login_attemps field is properly set', $user->login_attempts)->equals($behavior->maxLoginAttempts); verify('Check that the locked_until field is set', $user->locked_until)->notNull(); verify('Check that the locked_until field is set in the future', $user->locked_until)->greaterThan(time()); // Login the account after the lock ends // Simulate that the lock ends $user->locked_until = strtotime('-2 weeks'); $user->save(false); $loginForm->password = Commons::TEST_PASSWORD; verify('Check that the login is successful', $loginForm->login())->true(); $user->refresh(); verify('Check that the login_attempts field is set to 0', $user->login_attempts)->equals(0); verify('Check that the locked_until field is null', $user->locked_until)->null(); // Try to login again with unsuccessful password to check the updated values after the clean up $loginForm->password = '******'; verify('Check that the login is unsuccessful', $loginForm->login())->false(); $user->refresh(); verify('Check that the login_attempts field is 1', $user->login_attempts)->equals(1); verify('Check that the locked_until field is still null', $user->locked_until)->null(); // Login and check the defaults, in order to prove that only consequent attempts are being counted $loginForm->password = Commons::TEST_PASSWORD; verify('Check that the login is successful', $loginForm->login())->true(); $user->refresh(); verify('Check that the login_attempts field is set to 0', $user->login_attempts)->equals(0); verify('Check that the locked_until field is still null', $user->locked_until)->null(); }