public static function createUserWithUsername($email = self::TEST_EMAIL, $password = self::TEST_PASSWORD, $username = self::TEST_USERNAME)
{
$user = new User();
$user->email = $email;
$user->username = $username;
$user->status = 1;
$user->confirmed_on = time();
$user->setPassword($password);
$user->save(false);
$user->refresh();
// To load the defaults set by the database
return $user;
}
/**
* Checks that the minimum password requirement is working as expected (IS-21).
*
* @param FunctionalTester $I
*/
public function testTheMinimumPasswordLength(FunctionalTester $I)
{
// assert that the property exists
$I->assertTrue(isset(Yii::$app->user->minPasswordLength));
// assert that the default value of the property is 6
$I->assertEquals(6, Yii::$app->user->minPasswordLength);
// try to register a user with a shorter password
$registerPage = RegisterPage::openBy($I);
$registerPage->register(Commons::TEST_EMAIL, '12345');
// it must fail
$I->see('Password should contain at least 6 characters.');
$I->dontSeeRecord(User::className(), ['email' => Commons::TEST_EMAIL]);
// try to register a user with a correct password length
$registerPage->register(Commons::TEST_EMAIL, 'Innologica!23');
// it must pass
$I->seeRecord(User::className(), ['email' => Commons::TEST_EMAIL]);
}
/**
* @return yii\db\ActiveQuery
*/
public function getUser()
{
return $this->hasOne(User::className(), ['id' => 'user_id']);
}
public function _after(FunctionalTester $I)
{
User::deleteAll('email = :email', [':email' => Commons::TEST_EMAIL]);
Utils::cleanDir($this->mailDir);
// Delete all emails generated by the tests
}
public function unlockUser(UserModel $model)
{
Yii::info("Unlocking user '{$model->id}'", __CLASS__);
$model->login_attempts = 0;
$model->locked_until = null;
return $model->save(false);
}
public function _after(FunctionalTester $I)
{
User::deleteAll('email = :email', [':email' => Commons::TEST_EMAIL]);
}
use nkostadinov\user\models\User;
use nkostadinov\user\tests\_pages\LoginPage;
use nkostadinov\user\tests\_pages\LogoutPage;
$I = new FunctionalTester($scenario);
$I->wantTo('see that login works.');
$loginPage = LoginPage::openBy($I);
$I->see('Login', 'h3');
//empty username and password
$loginPage->login('', '');
$I->expectTo('see validations errors');
$I->see('Username cannot be blank.');
$I->see('Password cannot be blank.');
//wrong username and password
$loginPage->login('test', 'test');
$I->expectTo('see validations errors');
$I->see('Incorrect username or password');
//see the forgot password link
$I->seeLink('Forgot password?', '/user/recovery/request');
// Test that the login works
Commons::createUserWithUsername();
$loginPage->login(Commons::TEST_EMAIL, Commons::TEST_PASSWORD);
$I->seeInCurrentUrl('/');
// Logout the user
LogoutPage::openBy($I);
// Log the user in again
$loginPage = LoginPage::openBy($I);
// Test that the login works with the username as well
$loginPage->login(Commons::TEST_USERNAME, Commons::TEST_PASSWORD);
$I->seeInCurrentUrl('/');
User::deleteAll('email = :email', [':email' => Commons::TEST_EMAIL]);
/**
* Finds a token with user by the user's email.
*
* @param string $email The user's email
* @param integer $type The token's type. By default Token::TYPE_CONFIRMATION
* @return Token The token if found
* @throws NotFoundHttpException If the token is not found
*/
public static function findByUserEmail($email, $type = self::TYPE_CONFIRMATION)
{
$token = Token::find()->select('*')->leftJoin(User::tableName(), 'user.id = token.user_id')->where(['user.email' => $email, 'user.status' => User::STATUS_ACTIVE, 'type' => $type])->one();
if (empty($token)) {
throw new NotFoundHttpException(Yii::t(Module::I18N_CATEGORY, 'Token not found!'));
}
return $token;
}
$loginPage->openBy($I);
//$I->assertTrue(
// $I->seeExceptionThrown('yii\web\ForbiddenHttpException', function () use ($loginPage, $email) {
// $loginPage->login($email, 'test123');
// })
//, "I see yii\\web\\ForbiddenHttpException when trying to login unconfirmed.");
//The exception is handled therefore I cannot see the items below !
//$I->seeResponseCodeIs(403); //forbidden
//$I->expectTo('see error that you cannot login without confirming your account.');
//$I->see('Unconfirmed account are not allowed to login');
//check database status
$I->seeInDatabase('user', ['email' => $email, 'status' => 1, 'confirmed_on' => null]);
$user_id = $I->grabFromDatabase('user', 'id', ['email' => $email]);
$I->seeInDatabase('token', ['type' => 0, 'user_id' => $user_id]);
$token_code = $I->grabFromDatabase('token', 'code', ['type' => 0, 'user_id' => $user_id]);
//Confirmation tests
//TODO: this fails on travis beacause of buggy phpunit, will enable when fixed
//$I->assertTrue(
// $I->seeExceptionThrown('yii\web\BadRequestHttpException', function () use ($I) {
// ConfirmPage::openBy($I);
// })
//, "I see yii\\web\\BadRequestHttpException when opening confirm URL without params.");
$confirmPage = ConfirmPage::openBy($I, ['code' => $token_code]);
//$I->assertTrue($confirmPage instanceof ConfirmPage);
$I->expectTo('see successfully confirmed message!');
$I->see('Registration confirmed', 'h1');
$I->see('Your registration is confirmed succesfully!');
//token must be missing
$I->dontSeeInDatabase('token', ['type' => 0, 'user_id' => $user_id]);
User::deleteAll('email = :email', [':email' => $email]);
public function testLockOutPolicy()
{
// Asure that everything is configured properly
verify('Check that the advanced directory exists', is_dir(Commons::ADVANCED_MIGRATIONS_DIR))->true();
$files = scandir(Commons::ADVANCED_MIGRATIONS_DIR);
$result = preg_grep('/lock_out_policy/', $files);
verify('Check that the migration exists', $result)->notEmpty();
$user = Yii::createObject(User::className());
verify('Check that the login_attempts field is added to the user\'s table', $user->hasAttribute(self::ATTR_LOGIN_ATTEMPTS))->true();
verify('Check that the locked_until field is added to the user\'s table', $user->hasAttribute(self::ATTR_LOCKED_UNTIL))->true();
// Behavior validations
$loginForm = Yii::createObject(Yii::$app->user->loginForm);
$loginForm->username = Commons::TEST_EMAIL;
$behavior = $loginForm->attachBehavior('unsuccessfulLoginAttempts', 'nkostadinov\\user\\behaviors\\UnsuccessfulLoginAttemptsBehavior');
verify('Check that the behavior exists', $behavior)->notNull();
verify('Check that maxLoginAttempts field exists', isset($behavior->maxLoginAttempts))->true();
verify('Check that the default value of maxLoginAttempts is set to 5', $behavior->maxLoginAttempts)->equals(5);
$user = Commons::createUser();
// Create one user and check the default values
verify('Asure that the login_attempts field is empty', $user->login_attempts)->equals(0);
verify('Asure that the locked_until field is empty', $user->locked_until)->null();
// Try to login with wrong password
$loginForm->password = '******';
$loginForm->login();
$user->refresh();
verify('Check that the login attemps field is initialized', $user->login_attempts)->equals(1);
$this->specify('Lock the account', function () use($loginForm, $user) {
$behavior = $loginForm->getBehavior('unsuccessfulLoginAttempts');
for ($i = 1; $i < $behavior->maxLoginAttempts; $i++) {
// Start from 1 because we already have one attempt
$loginForm->login();
}
}, ['throws' => new ForbiddenHttpException()]);
// Check the lock values
$behavior = $loginForm->getBehavior('unsuccessfulLoginAttempts');
$user->refresh();
verify('Check that the login_attemps field is properly set', $user->login_attempts)->equals($behavior->maxLoginAttempts);
verify('Check that the locked_until field is set', $user->locked_until)->notNull();
verify('Check that the locked_until field is set in the future', $user->locked_until)->greaterThan(time());
// Login the account after the lock ends
// Simulate that the lock ends
$user->locked_until = strtotime('-2 weeks');
$user->save(false);
$loginForm->password = Commons::TEST_PASSWORD;
verify('Check that the login is successful', $loginForm->login())->true();
$user->refresh();
verify('Check that the login_attempts field is set to 0', $user->login_attempts)->equals(0);
verify('Check that the locked_until field is null', $user->locked_until)->null();
// Try to login again with unsuccessful password to check the updated values after the clean up
$loginForm->password = '******';
verify('Check that the login is unsuccessful', $loginForm->login())->false();
$user->refresh();
verify('Check that the login_attempts field is 1', $user->login_attempts)->equals(1);
verify('Check that the locked_until field is still null', $user->locked_until)->null();
// Login and check the defaults, in order to prove that only consequent attempts are being counted
$loginForm->password = Commons::TEST_PASSWORD;
verify('Check that the login is successful', $loginForm->login())->true();
$user->refresh();
verify('Check that the login_attempts field is set to 0', $user->login_attempts)->equals(0);
verify('Check that the locked_until field is still null', $user->locked_until)->null();
}
