public function testReconnectAccount() { $owner_instance_dao = new OwnerInstanceMySQLDAO(); $instance_dao = new InstanceMySQLDAO(); $owner_dao = new OwnerMySQLDAO(); $_GET['p'] = 'facebook'; $_GET['perms'] = 'offline_access,read_stream,user_likes,user_location,user_website,read_friendlists'; $_GET['selected_profiles'] = '606837591'; $_GET['session'] = '{"session_key":"new-faux-access-token","uid":"606837591","expires":0,"secret":'. '"itsasecret","access_token":"new-faux-access-token","sig":"siggysigsig"}'; $options_arry = $this->buildPluginOptions(); $this->simulateLogin('*****@*****.**', true); $owner = $owner_dao->getByEmail(Session::getLoggedInUser()); $controller = new FacebookPluginConfigurationController($owner, 'facebook'); $output = $controller->go(); $v_mgr = $controller->getViewManager(); $this->assertEqual($v_mgr->getTemplateDataItem('successmsg'), "Success! You've reconnected your Facebook ". "account."); $instance = $instance_dao->getByUserIdOnNetwork('606837591', 'facebook'); $this->assertTrue(isset($instance)); $oinstance = $owner_instance_dao->get($owner->id, $instance->id); $this->assertTrue(isset($oinstance)); $this->assertEqual($oinstance->oauth_access_token, 'new-faux-access-token'); }
public function testForDeleteCSRFToken() { self::buildInstanceData(); $owner_instance_dao = new OwnerInstanceMySQLDAO(); $instance_dao = new InstanceMySQLDAO(); $owner_dao = new OwnerMySQLDAO(); $options_arry = $this->buildPluginOptions(); $this->simulateLogin('*****@*****.**', true, true); $owner = $owner_dao->getByEmail(Session::getLoggedInUser()); $controller = new FacebookPluginConfigurationController($owner, 'facebook'); // add mock page data to view $owner_instance_pages = array('123456' => array('id' => '123456', 'network_username' => 'test_username', 'network' => 'facebook')); $view = $controller->getViewManager(); $view->assign('owner_instance_pages', $owner_instance_pages); $output = $controller->go(); // looks for account delete token $this->assertPattern('/name="csrf_token" value="' . self::CSRF_TOKEN . '" \\/><!\\-\\- delete account csrf token \\-\\->/', $output); // looks for page delete token $this->assertPattern('/name="csrf_token" value="' . self::CSRF_TOKEN . '" \\/><!\\-\\- delete page csrf token \\-\\->/', $output); }
public function testAuthControlLoggedInTimeZone() { $owner_dao = new OwnerMySQLDAO(); $owner = $owner_dao->getByEmail('*****@*****.**'); $this->assertEqual('UTC', $owner->timezone); $this->simulateLogin('*****@*****.**', false, true); $_POST['updatepreferences'] = 'Update'; $_POST['timezone'] = 'America/New_York'; $controller = new AccountConfigurationController(true); $controller->go(); $owner = $owner_dao->getByEmail('*****@*****.**'); // No CSRF shouldn't update $this->assertNotEqual('America/NewYork', $owner->timezone); $this->simulateLogin('*****@*****.**', false, true); $_POST['updatepreferences'] = 'Update'; $_POST['timezone'] = 'bananas'; $_POST['csrf_token'] = parent::CSRF_TOKEN; $controller = new AccountConfigurationController(true); $output = $controller->go(); $owner = $owner_dao->getByEmail('*****@*****.**'); // bad value, shouldn't update $this->assertNotEqual('bananas', $owner->timezone); $this->assertEqual('UTC', $owner->timezone); $this->assertNoPattern('/time zone has been saved/', $output); $this->simulateLogin('*****@*****.**', false, true); $_POST['updatepreferences'] = 'Update'; $_POST['timezone'] = 'America/New_York'; $_POST['csrf_token'] = parent::CSRF_TOKEN; $controller = new AccountConfigurationController(true); $output = $controller->go(); $owner = $owner_dao->getByEmail('*****@*****.**'); $this->assertNotEqual('UTC', $owner->timezone); $this->assertEqual('America/New_York', $owner->timezone); $this->assertPattern('/time zone has been saved/', $output); }
public function testFailedLoginLockout() { $session = new Session(); $cryptpass = $session->pwdcrypt("blah"); $owner = array('id'=>2, 'email'=>'*****@*****.**', 'pwd'=>$cryptpass, 'is_activated'=>1); $builder = FixtureBuilder::build('owners', $owner); //force login lockout by providing the wrong password more than 10 times $i = 1; while ($i <= 15) { $_POST['Submit'] = 'Log In'; $_POST['email'] = '*****@*****.**'; $_POST['pwd'] = 'blah1'; $controller = new LoginController(true); $results = $controller->go(); $v_mgr = $controller->getViewManager(); $this->assertEqual($v_mgr->getTemplateDataItem('controller_title'), 'Log in'); if ($i <= 11) { $this->assertPattern("/Incorrect password/", $v_mgr->getTemplateDataItem('errormsg')); $owner_dao = new OwnerMySQLDAO(); $owner = $owner_dao->getByEmail('*****@*****.**'); $this->assertEqual($owner->failed_logins, $i); } else { $this->assertEqual("Inactive account. Account deactivated due to too many failed logins. ". '<a href="forgot.php">Reset your password.</a>', $v_mgr->getTemplateDataItem('errormsg')); $owner_dao = new OwnerMySQLDAO(); $owner = $owner_dao->getByEmail('*****@*****.**'); $this->assertEqual($owner->account_status, "Account deactivated due to too many failed logins"); } $i = $i + 1; } }
public function testAuthControlLoggedInChangeNotificationFrequency() { $owner_dao = new OwnerMySQLDAO(); $owner = $owner_dao->getByEmail('*****@*****.**'); $this->assertEqual('daily', $owner->email_notification_frequency); $this->simulateLogin('*****@*****.**', false, true); $controller = new AccountConfigurationController(true); $output = $controller->go(); $this->assertPattern('/"daily"[^>]*selected/', $output); $this->assertNoPattern('/"both"[^>]*selected/', $output); $this->simulateLogin('*****@*****.**', false, true); $_POST['updatefrequency'] = 'Update Frequency'; $_POST['notificationfrequency'] = 'both'; $controller = new AccountConfigurationController(true); $controller->go(); $owner = $owner_dao->getByEmail('*****@*****.**'); // No CSRF shouldn't update $this->assertNotEqual('both', $owner->email_notification_frequency); $this->simulateLogin('*****@*****.**', false, true); $_POST['updatefrequency'] = 'Update Frequency'; $_POST['notificationfrequency'] = 'bananas'; $_POST['csrf_token'] = parent::CSRF_TOKEN; $controller = new AccountConfigurationController(true); $output = $controller->go(); $owner = $owner_dao->getByEmail('*****@*****.**'); // bad value, shouldn't update $this->assertNotEqual('bananas', $owner->email_notification_frequency); $this->assertEqual('daily', $owner->email_notification_frequency); $this->assertNoPattern('/email notification frequency has been updated/', $output); $this->simulateLogin('*****@*****.**', false, true); $_POST['updatefrequency'] = 'Update Frequency'; $_POST['notificationfrequency'] = 'both'; $_POST['csrf_token'] = parent::CSRF_TOKEN; $controller = new AccountConfigurationController(true); $output = $controller->go(); $owner = $owner_dao->getByEmail('*****@*****.**'); $this->assertNotEqual('daily', $owner->email_notification_frequency); $this->assertEqual('both', $owner->email_notification_frequency); $this->assertNoPattern('/"daily"[^>]*selected/', $output); $this->assertPattern('/"both"[^>]*selected/', $output); $this->assertPattern('/email notification frequency has been updated/', $output); }