public function setUp()
{
$this->mockSecurityContext = $this->getMockBuilder(Context::class)->disableOriginalConstructor()->getMock();
$this->mockSecurityContext->expects($this->any())->method('withoutAuthorizationChecks')->will($this->returnCallback(function ($callback) {
return $callback->__invoke();
}));
}
/**
* @test
*/
public function handleSetsRequestInSecurityContext()
{
$this->mockHttpRequest->expects($this->any())->method('getArguments')->will($this->returnValue([]));
$this->mockPropertyMapper->expects($this->any())->method('convert')->with('', 'array', $this->mockPropertyMappingConfiguration)->will($this->returnValue([]));
$this->mockSecurityContext->expects($this->once())->method('setRequest')->with($this->mockActionRequest);
$this->dispatchComponent->handle($this->mockComponentContext);
}
/**
* @test
* @todo adjust when AfterInvocationInterceptor is used again
*/
public function enforcePolicyDoesNotInvokeInterceptorIfAuthorizationChecksAreDisabled()
{
$this->mockAdviceChain->expects($this->once())->method('proceed')->with($this->mockJoinPoint);
$this->mockJoinPoint->expects($this->once())->method('getAdviceChain')->will($this->returnValue($this->mockAdviceChain));
$this->mockSecurityContext->expects($this->atLeastOnce())->method('areAuthorizationChecksDisabled')->will($this->returnValue(true));
$this->mockPolicyEnforcementInterceptor->expects($this->never())->method('invoke');
$this->policyEnforcementAspect->enforcePolicy($this->mockJoinPoint);
}
/**
* @test
*/
public function csrfTokenFieldIsRenderedForUnsafeRequests()
{
/** @var FormViewHelper|\PHPUnit_Framework_MockObject_MockObject $viewHelper */
$viewHelper = $this->getAccessibleMock(\Neos\FluidAdaptor\ViewHelpers\FormViewHelper::class, null, array(), '', false);
$this->injectDependenciesIntoViewHelper($viewHelper);
$this->securityContext->expects($this->any())->method('isInitialized')->will($this->returnValue(true));
$this->mockAuthenticationManager->expects($this->any())->method('isAuthenticated')->will($this->returnValue(true));
$this->securityContext->expects($this->atLeastOnce())->method('getCsrfProtectionToken')->will($this->returnValue('CSRFTOKEN'));
$this->assertEquals('<input type="hidden" name="__csrfToken" value="CSRFTOKEN" />' . chr(10), $viewHelper->_call('renderCsrfTokenField'));
}
/**
* @test
*/
public function isPrivilegeTargetGrantedReturnsTrueIfThereIsNoDenyVoteAndOneGrantVote()
{
$mockRole1 = $this->getMockBuilder(Security\Policy\Role::class)->disableOriginalConstructor()->getMock();
$mockRole1->expects($this->any())->method('getPrivilegeForTarget')->will($this->returnValue($this->abstainPrivilege));
$mockRole2 = $this->getMockBuilder(Security\Policy\Role::class)->disableOriginalConstructor()->getMock();
$mockRole2->expects($this->any())->method('getPrivilegeForTarget')->will($this->returnValue($this->grantPrivilege));
$mockRole3 = $this->getMockBuilder(Security\Policy\Role::class)->disableOriginalConstructor()->getMock();
$mockRole3->expects($this->any())->method('getPrivilegeForTarget')->will($this->returnValue($this->abstainPrivilege));
$this->mockSecurityContext->expects($this->any())->method('getRoles')->will($this->returnValue([$mockRole1, $mockRole2, $mockRole3]));
$this->assertTrue($this->privilegeManager->isPrivilegeTargetGranted('somePrivilegeTargetIdentifier'));
}
/**
* @test
*/
public function logoutRefreshesTokensInSecurityContext()
{
$this->authenticationProviderManager = $this->getAccessibleMock(AuthenticationProviderManager::class, ['emitLoggedOut'], [], '', false);
$this->inject($this->authenticationProviderManager, 'securityContext', $this->mockSecurityContext);
$this->inject($this->authenticationProviderManager, 'session', $this->mockSession);
$this->mockSession->expects($this->any())->method('canBeResumed')->will($this->returnValue(true));
$this->mockSession->expects($this->any())->method('isStarted')->will($this->returnValue(true));
$token = $this->getMockBuilder(TokenInterface::class)->disableOriginalConstructor()->getMock();
$token->expects($this->any())->method('isAuthenticated')->will($this->returnValue(true));
$this->mockSecurityContext->expects($this->any())->method('getAuthenticationTokens')->will($this->returnValue([$token]));
$this->mockSecurityContext->expects($this->once())->method('refreshTokens');
$this->authenticationProviderManager->logout();
}
/**
* @test
*/
public function handleInjectsActionRequestToSecurityContext()
{
$mockWidgetId = 'SomeWidgetId';
$mockControllerObjectName = 'SomeControllerObjectName';
$this->mockHttpRequest->expects($this->at(0))->method('hasArgument')->with('__widgetId')->will($this->returnValue(true));
$this->mockHttpRequest->expects($this->atLeastOnce())->method('getArgument')->with('__widgetId')->will($this->returnValue($mockWidgetId));
$mockWidgetContext = $this->getMockBuilder(\Neos\FluidAdaptor\Core\Widget\WidgetContext::class)->getMock();
$mockWidgetContext->expects($this->atLeastOnce())->method('getControllerObjectName')->will($this->returnValue($mockControllerObjectName));
$this->mockAjaxWidgetContextHolder->expects($this->atLeastOnce())->method('get')->with($mockWidgetId)->will($this->returnValue($mockWidgetContext));
$mockActionRequest = $this->getMockBuilder(\Neos\Flow\Mvc\ActionRequest::class)->disableOriginalConstructor()->getMock();
$this->mockObjectManager->expects($this->atLeastOnce())->method('get')->with(\Neos\Flow\Mvc\ActionRequest::class)->will($this->returnValue($mockActionRequest));
$this->mockSecurityContext->expects($this->once())->method('setRequest')->with($mockActionRequest);
$this->ajaxWidgetComponent->handle($this->mockComponentContext);
}
/**
* @test
*/
public function dispatchCallsStartAuthenticationOnAllActiveEntryPoints()
{
$this->mockActionRequest->expects($this->any())->method('isDispatched')->will($this->returnValue(true));
$mockAuthenticationToken1 = $this->getMockBuilder(TokenInterface::class)->getMock();
$mockEntryPoint1 = $this->getMockBuilder(EntryPointInterface::class)->getMock();
$mockAuthenticationToken1->expects($this->any())->method('getAuthenticationEntryPoint')->will($this->returnValue($mockEntryPoint1));
$mockAuthenticationToken2 = $this->getMockBuilder(TokenInterface::class)->getMock();
$mockEntryPoint2 = $this->getMockBuilder(EntryPointInterface::class)->getMock();
$mockAuthenticationToken2->expects($this->any())->method('getAuthenticationEntryPoint')->will($this->returnValue($mockEntryPoint2));
$this->mockSecurityContext->expects($this->atLeastOnce())->method('getAuthenticationTokens')->will($this->returnValue([$mockAuthenticationToken1, $mockAuthenticationToken2]));
$this->mockFirewall->expects($this->once())->method('blockIllegalRequests')->will($this->throwException(new AuthenticationRequiredException()));
$mockEntryPoint1->expects($this->once())->method('startAuthentication')->with($this->mockHttpRequest, $this->mockHttpResponse);
$mockEntryPoint2->expects($this->once())->method('startAuthentication')->with($this->mockHttpRequest, $this->mockHttpResponse);
try {
$this->dispatcher->dispatch($this->mockActionRequest, $this->mockHttpResponse);
} catch (AuthenticationRequiredException $exception) {
}
}
/**
* @test
*/
public function viewHelperHandlesPackageKeyAttributeCorrectly()
{
$this->mockSecurityContext->expects($this->any())->method('hasRole')->will($this->returnCallback(function ($role) {
switch ($role) {
case 'Neos.FluidAdaptor:Administrator':
return true;
case 'Neos.FluidAdaptor:User':
return false;
}
}));
$this->mockViewHelper->expects($this->any())->method('renderThenChild')->will($this->returnValue('true'));
$this->mockViewHelper->expects($this->any())->method('renderElseChild')->will($this->returnValue('false'));
$arguments = ['role' => new Role('Neos.FluidAdaptor:Administrator'), 'account' => null];
$this->mockViewHelper->setArguments($arguments);
$actualResult = $this->mockViewHelper->render();
$this->assertEquals('true', $actualResult, 'Full role identifier in role argument is accepted');
$arguments = ['role' => new Role('Neos.FluidAdaptor:User'), 'packageKey' => 'Neos.FluidAdaptor', 'account' => null];
$this->mockViewHelper->setArguments($arguments);
$actualResult = $this->mockViewHelper->render();
$this->assertEquals('false', $actualResult);
}
/**
* @test
*/
public function shutdownCreatesSpecialDataEntryForSessionWithAuthenticatedAccounts()
{
$session = new Session();
$this->inject($session, 'bootstrap', $this->mockBootstrap);
$this->inject($session, 'objectManager', $this->mockObjectManager);
$this->inject($session, 'settings', $this->settings);
$this->inject($session, 'metaDataCache', $this->createCache('Meta'));
$this->inject($session, 'storageCache', $this->createCache('Storage'));
$session->initializeObject();
$session->start();
$account = new Account();
$account->setAccountIdentifier('admin');
$account->setAuthenticationProviderName('MyProvider');
$token = new UsernamePassword();
$token->setAuthenticationStatus(TokenInterface::AUTHENTICATION_SUCCESSFUL);
$token->setAccount($account);
$this->mockSecurityContext->expects($this->any())->method('isInitialized')->will($this->returnValue(true));
$this->mockSecurityContext->expects($this->any())->method('getAuthenticationTokens')->will($this->returnValue([$token]));
$session->close();
$this->httpRequest->setCookie($this->httpResponse->getCookie('TYPO3_Flow_Session'));
$session->resume();
$this->assertEquals(['MyProvider:admin'], $session->getData('TYPO3_Flow_Security_Accounts'));
}
/**
* @test
*/
public function initializeSeparatesActiveAndInactiveTokens()
{
$this->securityContext->expects($this->once())->method('separateActiveAndInactiveTokens');
$this->securityContext->initialize();
}
/**
* @test
*/
public function authenticatingAnUsernamePasswordTokenFetchesAccountWithDisabledAuthorization()
{
$this->mockToken->expects($this->once())->method('getCredentials')->will($this->returnValue(array('username' => 'admin', 'password' => 'password')));
$this->mockSecurityContext->expects($this->once())->method('withoutAuthorizationChecks');
$this->persistedUsernamePasswordProvider->authenticate($this->mockToken);
}
