/** * Checks that the minimum password requirement is working as expected (IS-21). * * @param FunctionalTester $I */ public function testTheMinimumPasswordLength(FunctionalTester $I) { // assert that the property exists $I->assertTrue(isset(Yii::$app->user->minPasswordLength)); // assert that the default value of the property is 6 $I->assertEquals(6, Yii::$app->user->minPasswordLength); // try to register a user with a shorter password $registerPage = RegisterPage::openBy($I); $registerPage->register(Commons::TEST_EMAIL, '12345'); // it must fail $I->see('Password should contain at least 6 characters.'); $I->dontSeeRecord(User::className(), ['email' => Commons::TEST_EMAIL]); // try to register a user with a correct password length $registerPage->register(Commons::TEST_EMAIL, 'Innologica!23'); // it must pass $I->seeRecord(User::className(), ['email' => Commons::TEST_EMAIL]); }
/** * @return yii\db\ActiveQuery */ public function getUser() { return $this->hasOne(User::className(), ['id' => 'user_id']); }
public function testLockOutPolicy() { // Asure that everything is configured properly verify('Check that the advanced directory exists', is_dir(Commons::ADVANCED_MIGRATIONS_DIR))->true(); $files = scandir(Commons::ADVANCED_MIGRATIONS_DIR); $result = preg_grep('/lock_out_policy/', $files); verify('Check that the migration exists', $result)->notEmpty(); $user = Yii::createObject(User::className()); verify('Check that the login_attempts field is added to the user\'s table', $user->hasAttribute(self::ATTR_LOGIN_ATTEMPTS))->true(); verify('Check that the locked_until field is added to the user\'s table', $user->hasAttribute(self::ATTR_LOCKED_UNTIL))->true(); // Behavior validations $loginForm = Yii::createObject(Yii::$app->user->loginForm); $loginForm->username = Commons::TEST_EMAIL; $behavior = $loginForm->attachBehavior('unsuccessfulLoginAttempts', 'nkostadinov\\user\\behaviors\\UnsuccessfulLoginAttemptsBehavior'); verify('Check that the behavior exists', $behavior)->notNull(); verify('Check that maxLoginAttempts field exists', isset($behavior->maxLoginAttempts))->true(); verify('Check that the default value of maxLoginAttempts is set to 5', $behavior->maxLoginAttempts)->equals(5); $user = Commons::createUser(); // Create one user and check the default values verify('Asure that the login_attempts field is empty', $user->login_attempts)->equals(0); verify('Asure that the locked_until field is empty', $user->locked_until)->null(); // Try to login with wrong password $loginForm->password = '******'; $loginForm->login(); $user->refresh(); verify('Check that the login attemps field is initialized', $user->login_attempts)->equals(1); $this->specify('Lock the account', function () use($loginForm, $user) { $behavior = $loginForm->getBehavior('unsuccessfulLoginAttempts'); for ($i = 1; $i < $behavior->maxLoginAttempts; $i++) { // Start from 1 because we already have one attempt $loginForm->login(); } }, ['throws' => new ForbiddenHttpException()]); // Check the lock values $behavior = $loginForm->getBehavior('unsuccessfulLoginAttempts'); $user->refresh(); verify('Check that the login_attemps field is properly set', $user->login_attempts)->equals($behavior->maxLoginAttempts); verify('Check that the locked_until field is set', $user->locked_until)->notNull(); verify('Check that the locked_until field is set in the future', $user->locked_until)->greaterThan(time()); // Login the account after the lock ends // Simulate that the lock ends $user->locked_until = strtotime('-2 weeks'); $user->save(false); $loginForm->password = Commons::TEST_PASSWORD; verify('Check that the login is successful', $loginForm->login())->true(); $user->refresh(); verify('Check that the login_attempts field is set to 0', $user->login_attempts)->equals(0); verify('Check that the locked_until field is null', $user->locked_until)->null(); // Try to login again with unsuccessful password to check the updated values after the clean up $loginForm->password = '******'; verify('Check that the login is unsuccessful', $loginForm->login())->false(); $user->refresh(); verify('Check that the login_attempts field is 1', $user->login_attempts)->equals(1); verify('Check that the locked_until field is still null', $user->locked_until)->null(); // Login and check the defaults, in order to prove that only consequent attempts are being counted $loginForm->password = Commons::TEST_PASSWORD; verify('Check that the login is successful', $loginForm->login())->true(); $user->refresh(); verify('Check that the login_attempts field is set to 0', $user->login_attempts)->equals(0); verify('Check that the locked_until field is still null', $user->locked_until)->null(); }