Mercurial > hg > Members > shoshi > webvirt
comparison cake/tests/cases/libs/controller/components/auth.test.php @ 0:261e66bd5a0c
hg init
author | Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp> |
---|---|
date | Sun, 24 Jul 2011 21:08:31 +0900 |
parents | |
children |
comparison
equal
deleted
inserted
replaced
-1:000000000000 | 0:261e66bd5a0c |
---|---|
1 <?php | |
2 /** | |
3 * AuthComponentTest file | |
4 * | |
5 * PHP versions 4 and 5 | |
6 * | |
7 * CakePHP(tm) Tests <http://book.cakephp.org/view/1196/Testing> | |
8 * Copyright 2005-2010, Cake Software Foundation, Inc. (http://cakefoundation.org) | |
9 * | |
10 * Licensed under The Open Group Test Suite License | |
11 * Redistributions of files must retain the above copyright notice. | |
12 * | |
13 * @copyright Copyright 2005-2010, Cake Software Foundation, Inc. (http://cakefoundation.org) | |
14 * @link http://book.cakephp.org/view/1196/Testing CakePHP(tm) Tests | |
15 * @package cake | |
16 * @subpackage cake.cake.tests.cases.libs.controller.components | |
17 * @since CakePHP(tm) v 1.2.0.5347 | |
18 * @license http://www.opensource.org/licenses/opengroup.php The Open Group Test Suite License | |
19 */ | |
20 App::import('Component', array('Auth', 'Acl')); | |
21 App::import('Model', 'DbAcl'); | |
22 App::import('Core', 'Xml'); | |
23 | |
24 Mock::generate('AclComponent', 'AuthTestMockAclComponent'); | |
25 | |
26 /** | |
27 * TestAuthComponent class | |
28 * | |
29 * @package cake | |
30 * @subpackage cake.tests.cases.libs.controller.components | |
31 */ | |
32 class TestAuthComponent extends AuthComponent { | |
33 | |
34 /** | |
35 * testStop property | |
36 * | |
37 * @var bool false | |
38 * @access public | |
39 */ | |
40 var $testStop = false; | |
41 | |
42 /** | |
43 * Sets default login state | |
44 * | |
45 * @var bool true | |
46 * @access protected | |
47 */ | |
48 var $_loggedIn = true; | |
49 | |
50 /** | |
51 * stop method | |
52 * | |
53 * @access public | |
54 * @return void | |
55 */ | |
56 function _stop() { | |
57 $this->testStop = true; | |
58 } | |
59 } | |
60 | |
61 /** | |
62 * AuthUser class | |
63 * | |
64 * @package cake | |
65 * @subpackage cake.tests.cases.libs.controller.components | |
66 */ | |
67 class AuthUser extends CakeTestModel { | |
68 | |
69 /** | |
70 * name property | |
71 * | |
72 * @var string 'AuthUser' | |
73 * @access public | |
74 */ | |
75 var $name = 'AuthUser'; | |
76 | |
77 /** | |
78 * useDbConfig property | |
79 * | |
80 * @var string 'test_suite' | |
81 * @access public | |
82 */ | |
83 var $useDbConfig = 'test_suite'; | |
84 | |
85 /** | |
86 * parentNode method | |
87 * | |
88 * @access public | |
89 * @return void | |
90 */ | |
91 function parentNode() { | |
92 return true; | |
93 } | |
94 | |
95 /** | |
96 * bindNode method | |
97 * | |
98 * @param mixed $object | |
99 * @access public | |
100 * @return void | |
101 */ | |
102 function bindNode($object) { | |
103 return 'Roles/Admin'; | |
104 } | |
105 | |
106 /** | |
107 * isAuthorized method | |
108 * | |
109 * @param mixed $user | |
110 * @param mixed $controller | |
111 * @param mixed $action | |
112 * @access public | |
113 * @return void | |
114 */ | |
115 function isAuthorized($user, $controller = null, $action = null) { | |
116 if (!empty($user)) { | |
117 return true; | |
118 } | |
119 return false; | |
120 } | |
121 } | |
122 | |
123 /** | |
124 * AuthUserCustomField class | |
125 * | |
126 * @package cake | |
127 * @subpackage cake.tests.cases.libs.controller.components | |
128 */ | |
129 class AuthUserCustomField extends AuthUser { | |
130 | |
131 /** | |
132 * name property | |
133 * | |
134 * @var string 'AuthUser' | |
135 * @access public | |
136 */ | |
137 var $name = 'AuthUserCustomField'; | |
138 } | |
139 | |
140 /** | |
141 * UuidUser class | |
142 * | |
143 * @package cake | |
144 * @subpackage cake.tests.cases.libs.controller.components | |
145 */ | |
146 class UuidUser extends CakeTestModel { | |
147 | |
148 /** | |
149 * name property | |
150 * | |
151 * @var string 'AuthUser' | |
152 * @access public | |
153 */ | |
154 var $name = 'UuidUser'; | |
155 | |
156 /** | |
157 * useDbConfig property | |
158 * | |
159 * @var string 'test_suite' | |
160 * @access public | |
161 */ | |
162 var $useDbConfig = 'test_suite'; | |
163 | |
164 /** | |
165 * useTable property | |
166 * | |
167 * @var string 'uuid' | |
168 * @access public | |
169 */ | |
170 var $useTable = 'uuids'; | |
171 | |
172 /** | |
173 * parentNode method | |
174 * | |
175 * @access public | |
176 * @return void | |
177 */ | |
178 function parentNode() { | |
179 return true; | |
180 } | |
181 | |
182 /** | |
183 * bindNode method | |
184 * | |
185 * @param mixed $object | |
186 * @access public | |
187 * @return void | |
188 */ | |
189 function bindNode($object) { | |
190 return 'Roles/Admin'; | |
191 } | |
192 | |
193 /** | |
194 * isAuthorized method | |
195 * | |
196 * @param mixed $user | |
197 * @param mixed $controller | |
198 * @param mixed $action | |
199 * @access public | |
200 * @return void | |
201 */ | |
202 function isAuthorized($user, $controller = null, $action = null) { | |
203 if (!empty($user)) { | |
204 return true; | |
205 } | |
206 return false; | |
207 } | |
208 } | |
209 | |
210 /** | |
211 * AuthTestController class | |
212 * | |
213 * @package cake | |
214 * @subpackage cake.tests.cases.libs.controller.components | |
215 */ | |
216 class AuthTestController extends Controller { | |
217 | |
218 /** | |
219 * name property | |
220 * | |
221 * @var string 'AuthTest' | |
222 * @access public | |
223 */ | |
224 var $name = 'AuthTest'; | |
225 | |
226 /** | |
227 * uses property | |
228 * | |
229 * @var array | |
230 * @access public | |
231 */ | |
232 var $uses = array('AuthUser'); | |
233 | |
234 /** | |
235 * components property | |
236 * | |
237 * @var array | |
238 * @access public | |
239 */ | |
240 var $components = array('Session', 'Auth', 'Acl'); | |
241 | |
242 /** | |
243 * testUrl property | |
244 * | |
245 * @var mixed null | |
246 * @access public | |
247 */ | |
248 var $testUrl = null; | |
249 | |
250 /** | |
251 * construct method | |
252 * | |
253 * @access private | |
254 * @return void | |
255 */ | |
256 function __construct() { | |
257 $this->params = Router::parse('/auth_test'); | |
258 Router::setRequestInfo(array($this->params, array('base' => null, 'here' => '/auth_test', 'webroot' => '/', 'passedArgs' => array(), 'argSeparator' => ':', 'namedArgs' => array()))); | |
259 parent::__construct(); | |
260 } | |
261 | |
262 /** | |
263 * beforeFilter method | |
264 * | |
265 * @access public | |
266 * @return void | |
267 */ | |
268 function beforeFilter() { | |
269 $this->Auth->userModel = 'AuthUser'; | |
270 } | |
271 | |
272 /** | |
273 * login method | |
274 * | |
275 * @access public | |
276 * @return void | |
277 */ | |
278 function login() { | |
279 } | |
280 | |
281 /** | |
282 * admin_login method | |
283 * | |
284 * @access public | |
285 * @return void | |
286 */ | |
287 function admin_login() { | |
288 } | |
289 | |
290 /** | |
291 * logout method | |
292 * | |
293 * @access public | |
294 * @return void | |
295 */ | |
296 function logout() { | |
297 // $this->redirect($this->Auth->logout()); | |
298 } | |
299 | |
300 /** | |
301 * add method | |
302 * | |
303 * @access public | |
304 * @return void | |
305 */ | |
306 function add() { | |
307 echo "add"; | |
308 } | |
309 | |
310 /** | |
311 * add method | |
312 * | |
313 * @access public | |
314 * @return void | |
315 */ | |
316 function camelCase() { | |
317 echo "camelCase"; | |
318 } | |
319 | |
320 /** | |
321 * redirect method | |
322 * | |
323 * @param mixed $url | |
324 * @param mixed $status | |
325 * @param mixed $exit | |
326 * @access public | |
327 * @return void | |
328 */ | |
329 function redirect($url, $status = null, $exit = true) { | |
330 $this->testUrl = Router::url($url); | |
331 return false; | |
332 } | |
333 | |
334 /** | |
335 * isAuthorized method | |
336 * | |
337 * @access public | |
338 * @return void | |
339 */ | |
340 function isAuthorized() { | |
341 if (isset($this->params['testControllerAuth'])) { | |
342 return false; | |
343 } | |
344 return true; | |
345 } | |
346 | |
347 /** | |
348 * Mock delete method | |
349 * | |
350 * @param mixed $url | |
351 * @param mixed $status | |
352 * @param mixed $exit | |
353 * @access public | |
354 * @return void | |
355 */ | |
356 function delete($id = null) { | |
357 if ($this->TestAuth->testStop !== true && $id !== null) { | |
358 echo 'Deleted Record: ' . var_export($id, true); | |
359 } | |
360 } | |
361 } | |
362 | |
363 /** | |
364 * AjaxAuthController class | |
365 * | |
366 * @package cake | |
367 * @subpackage cake.tests.cases.libs.controller.components | |
368 */ | |
369 class AjaxAuthController extends Controller { | |
370 | |
371 /** | |
372 * name property | |
373 * | |
374 * @var string 'AjaxAuth' | |
375 * @access public | |
376 */ | |
377 var $name = 'AjaxAuth'; | |
378 | |
379 /** | |
380 * components property | |
381 * | |
382 * @var array | |
383 * @access public | |
384 */ | |
385 var $components = array('Session', 'TestAuth'); | |
386 | |
387 /** | |
388 * uses property | |
389 * | |
390 * @var array | |
391 * @access public | |
392 */ | |
393 var $uses = array(); | |
394 | |
395 /** | |
396 * testUrl property | |
397 * | |
398 * @var mixed null | |
399 * @access public | |
400 */ | |
401 var $testUrl = null; | |
402 | |
403 /** | |
404 * beforeFilter method | |
405 * | |
406 * @access public | |
407 * @return void | |
408 */ | |
409 function beforeFilter() { | |
410 $this->TestAuth->ajaxLogin = 'test_element'; | |
411 $this->TestAuth->userModel = 'AuthUser'; | |
412 $this->TestAuth->RequestHandler->ajaxLayout = 'ajax2'; | |
413 } | |
414 | |
415 /** | |
416 * add method | |
417 * | |
418 * @access public | |
419 * @return void | |
420 */ | |
421 function add() { | |
422 if ($this->TestAuth->testStop !== true) { | |
423 echo 'Added Record'; | |
424 } | |
425 } | |
426 | |
427 /** | |
428 * redirect method | |
429 * | |
430 * @param mixed $url | |
431 * @param mixed $status | |
432 * @param mixed $exit | |
433 * @access public | |
434 * @return void | |
435 */ | |
436 function redirect($url, $status = null, $exit = true) { | |
437 $this->testUrl = Router::url($url); | |
438 return false; | |
439 } | |
440 } | |
441 | |
442 /** | |
443 * AuthTest class | |
444 * | |
445 * @package cake | |
446 * @subpackage cake.tests.cases.libs.controller.components | |
447 */ | |
448 class AuthTest extends CakeTestCase { | |
449 | |
450 /** | |
451 * name property | |
452 * | |
453 * @var string 'Auth' | |
454 * @access public | |
455 */ | |
456 var $name = 'Auth'; | |
457 | |
458 /** | |
459 * fixtures property | |
460 * | |
461 * @var array | |
462 * @access public | |
463 */ | |
464 var $fixtures = array('core.uuid', 'core.auth_user', 'core.auth_user_custom_field', 'core.aro', 'core.aco', 'core.aros_aco', 'core.aco_action'); | |
465 | |
466 /** | |
467 * initialized property | |
468 * | |
469 * @var bool false | |
470 * @access public | |
471 */ | |
472 var $initialized = false; | |
473 | |
474 /** | |
475 * startTest method | |
476 * | |
477 * @access public | |
478 * @return void | |
479 */ | |
480 function startTest() { | |
481 $this->_server = $_SERVER; | |
482 $this->_env = $_ENV; | |
483 | |
484 $this->_securitySalt = Configure::read('Security.salt'); | |
485 Configure::write('Security.salt', 'JfIxfs2guVoUubWDYhG93b0qyJfIxfs2guwvniR2G0FgaC9mi'); | |
486 | |
487 $this->_acl = Configure::read('Acl'); | |
488 Configure::write('Acl.database', 'test_suite'); | |
489 Configure::write('Acl.classname', 'DbAcl'); | |
490 | |
491 $this->Controller =& new AuthTestController(); | |
492 $this->Controller->Component->init($this->Controller); | |
493 $this->Controller->Component->initialize($this->Controller); | |
494 $this->Controller->beforeFilter(); | |
495 | |
496 ClassRegistry::addObject('view', new View($this->Controller)); | |
497 | |
498 $this->Controller->Session->delete('Auth'); | |
499 $this->Controller->Session->delete('Message.auth'); | |
500 | |
501 Router::reload(); | |
502 | |
503 $this->initialized = true; | |
504 } | |
505 | |
506 /** | |
507 * endTest method | |
508 * | |
509 * @access public | |
510 * @return void | |
511 */ | |
512 function endTest() { | |
513 $_SERVER = $this->_server; | |
514 $_ENV = $this->_env; | |
515 Configure::write('Acl', $this->_acl); | |
516 Configure::write('Security.salt', $this->_securitySalt); | |
517 | |
518 $this->Controller->Session->delete('Auth'); | |
519 $this->Controller->Session->delete('Message.auth'); | |
520 ClassRegistry::flush(); | |
521 unset($this->Controller, $this->AuthUser); | |
522 } | |
523 | |
524 /** | |
525 * testNoAuth method | |
526 * | |
527 * @access public | |
528 * @return void | |
529 */ | |
530 function testNoAuth() { | |
531 $this->assertFalse($this->Controller->Auth->isAuthorized()); | |
532 } | |
533 | |
534 /** | |
535 * testIsErrorOrTests | |
536 * | |
537 * @access public | |
538 * @return void | |
539 */ | |
540 function testIsErrorOrTests() { | |
541 $this->Controller->Auth->initialize($this->Controller); | |
542 | |
543 $this->Controller->name = 'CakeError'; | |
544 $this->assertTrue($this->Controller->Auth->startup($this->Controller)); | |
545 | |
546 $this->Controller->name = 'Post'; | |
547 $this->Controller->params['action'] = 'thisdoesnotexist'; | |
548 $this->assertTrue($this->Controller->Auth->startup($this->Controller)); | |
549 | |
550 $this->Controller->scaffold = null; | |
551 $this->Controller->params['action'] = 'index'; | |
552 $this->assertFalse($this->Controller->Auth->startup($this->Controller)); | |
553 } | |
554 | |
555 /** | |
556 * testIdentify method | |
557 * | |
558 * @access public | |
559 * @return void | |
560 */ | |
561 function testIdentify() { | |
562 $this->AuthUser =& new AuthUser(); | |
563 $user['id'] = 1; | |
564 $user['username'] = 'mariano'; | |
565 $user['password'] = Security::hash(Configure::read('Security.salt') . 'cake'); | |
566 $this->AuthUser->save($user, false); | |
567 | |
568 $this->Controller->Auth->initialize($this->Controller); | |
569 $this->Controller->Auth->userModel = 'AuthUser'; | |
570 $this->Controller->Auth->startup($this->Controller); | |
571 $this->assertTrue($this->Controller->Auth->identify($user)); | |
572 } | |
573 | |
574 /** | |
575 * testIdentifyWithConditions method | |
576 * | |
577 * @access public | |
578 * @return void | |
579 */ | |
580 function testIdentifyWithConditions() { | |
581 $this->AuthUser =& new AuthUser(); | |
582 $user['id'] = 1; | |
583 $user['username'] = 'mariano'; | |
584 $user['password'] = Security::hash(Configure::read('Security.salt') . 'cake'); | |
585 $this->AuthUser->save($user, false); | |
586 | |
587 $this->Controller->Auth->initialize($this->Controller); | |
588 $this->Controller->Auth->startup($this->Controller); | |
589 $this->Controller->Auth->userModel = 'AuthUser'; | |
590 | |
591 $this->assertFalse($this->Controller->Auth->identify($user, array('AuthUser.id >' => 2))); | |
592 | |
593 $this->Controller->Auth->userScope = array('id >' => 2); | |
594 $this->assertFalse($this->Controller->Auth->identify($user)); | |
595 $this->assertTrue($this->Controller->Auth->identify($user, false)); | |
596 } | |
597 | |
598 /** | |
599 * testLogin method | |
600 * | |
601 * @access public | |
602 * @return void | |
603 */ | |
604 function testLogin() { | |
605 $this->AuthUser =& new AuthUser(); | |
606 $user['id'] = 1; | |
607 $user['username'] = 'mariano'; | |
608 $user['password'] = Security::hash(Configure::read('Security.salt') . 'cake'); | |
609 $this->AuthUser->save($user, false); | |
610 | |
611 $authUser = $this->AuthUser->find(); | |
612 | |
613 $this->Controller->data['AuthUser']['username'] = $authUser['AuthUser']['username']; | |
614 $this->Controller->data['AuthUser']['password'] = 'cake'; | |
615 | |
616 $this->Controller->params = Router::parse('auth_test/login'); | |
617 $this->Controller->params['url']['url'] = 'auth_test/login'; | |
618 | |
619 $this->Controller->Auth->initialize($this->Controller); | |
620 | |
621 $this->Controller->Auth->loginAction = 'auth_test/login'; | |
622 $this->Controller->Auth->userModel = 'AuthUser'; | |
623 | |
624 $this->Controller->Auth->startup($this->Controller); | |
625 $user = $this->Controller->Auth->user(); | |
626 $expected = array('AuthUser' => array( | |
627 'id' => 1, 'username' => 'mariano', 'created' => '2007-03-17 01:16:23', 'updated' => date('Y-m-d H:i:s') | |
628 )); | |
629 $this->assertEqual($user, $expected); | |
630 $this->Controller->Session->delete('Auth'); | |
631 | |
632 $this->Controller->data['AuthUser']['username'] = 'blah'; | |
633 $this->Controller->data['AuthUser']['password'] = ''; | |
634 | |
635 $this->Controller->Auth->startup($this->Controller); | |
636 | |
637 $user = $this->Controller->Auth->user(); | |
638 $this->assertFalse($user); | |
639 $this->Controller->Session->delete('Auth'); | |
640 | |
641 $this->Controller->data['AuthUser']['username'] = 'now() or 1=1 --'; | |
642 $this->Controller->data['AuthUser']['password'] = ''; | |
643 | |
644 $this->Controller->Auth->startup($this->Controller); | |
645 | |
646 $user = $this->Controller->Auth->user(); | |
647 $this->assertFalse($user); | |
648 $this->Controller->Session->delete('Auth'); | |
649 | |
650 $this->Controller->data['AuthUser']['username'] = 'now() or 1=1 # something'; | |
651 $this->Controller->data['AuthUser']['password'] = ''; | |
652 | |
653 $this->Controller->Auth->startup($this->Controller); | |
654 | |
655 $user = $this->Controller->Auth->user(); | |
656 $this->assertFalse($user); | |
657 $this->Controller->Session->delete('Auth'); | |
658 | |
659 $this->Controller->Auth->userModel = 'UuidUser'; | |
660 $this->Controller->Auth->login('47c36f9c-bc00-4d17-9626-4e183ca6822b'); | |
661 | |
662 $user = $this->Controller->Auth->user(); | |
663 $expected = array('UuidUser' => array( | |
664 'id' => '47c36f9c-bc00-4d17-9626-4e183ca6822b', 'title' => 'Unique record 1', 'count' => 2, 'created' => '2008-03-13 01:16:23', 'updated' => '2008-03-13 01:18:31' | |
665 )); | |
666 $this->assertEqual($user, $expected); | |
667 $this->Controller->Session->delete('Auth'); | |
668 } | |
669 | |
670 /** | |
671 * test that being redirected to the login page, with no post data does | |
672 * not set the session value. Saving the session value in this circumstance | |
673 * can cause the user to be redirected to an already public page. | |
674 * | |
675 * @return void | |
676 */ | |
677 function testLoginActionNotSettingAuthRedirect() { | |
678 $_referer = $_SERVER['HTTP_REFERER']; | |
679 $_SERVER['HTTP_REFERER'] = '/pages/display/about'; | |
680 | |
681 $this->Controller->data = array(); | |
682 $this->Controller->params = Router::parse('auth_test/login'); | |
683 $this->Controller->params['url']['url'] = 'auth_test/login'; | |
684 $this->Controller->Session->delete('Auth'); | |
685 | |
686 $this->Controller->Auth->loginRedirect = '/users/dashboard'; | |
687 $this->Controller->Auth->loginAction = 'auth_test/login'; | |
688 $this->Controller->Auth->userModel = 'AuthUser'; | |
689 | |
690 $this->Controller->Auth->startup($this->Controller); | |
691 $redirect = $this->Controller->Session->read('Auth.redirect'); | |
692 $this->assertNull($redirect); | |
693 } | |
694 | |
695 /** | |
696 * testAuthorizeFalse method | |
697 * | |
698 * @access public | |
699 * @return void | |
700 */ | |
701 function testAuthorizeFalse() { | |
702 $this->AuthUser =& new AuthUser(); | |
703 $user = $this->AuthUser->find(); | |
704 $this->Controller->Session->write('Auth', $user); | |
705 $this->Controller->Auth->userModel = 'AuthUser'; | |
706 $this->Controller->Auth->authorize = false; | |
707 $this->Controller->params = Router::parse('auth_test/add'); | |
708 $result = $this->Controller->Auth->startup($this->Controller); | |
709 $this->assertTrue($result); | |
710 | |
711 $this->Controller->Session->delete('Auth'); | |
712 $result = $this->Controller->Auth->startup($this->Controller); | |
713 $this->assertFalse($result); | |
714 $this->assertTrue($this->Controller->Session->check('Message.auth')); | |
715 | |
716 $this->Controller->params = Router::parse('auth_test/camelCase'); | |
717 $result = $this->Controller->Auth->startup($this->Controller); | |
718 $this->assertFalse($result); | |
719 } | |
720 | |
721 /** | |
722 * testAuthorizeController method | |
723 * | |
724 * @access public | |
725 * @return void | |
726 */ | |
727 function testAuthorizeController() { | |
728 $this->AuthUser =& new AuthUser(); | |
729 $user = $this->AuthUser->find(); | |
730 $this->Controller->Session->write('Auth', $user); | |
731 $this->Controller->Auth->userModel = 'AuthUser'; | |
732 $this->Controller->Auth->authorize = 'controller'; | |
733 $this->Controller->params = Router::parse('auth_test/add'); | |
734 $result = $this->Controller->Auth->startup($this->Controller); | |
735 $this->assertTrue($result); | |
736 | |
737 $this->Controller->params['testControllerAuth'] = 1; | |
738 $result = $this->Controller->Auth->startup($this->Controller); | |
739 $this->assertTrue($this->Controller->Session->check('Message.auth')); | |
740 $this->assertFalse($result); | |
741 | |
742 $this->Controller->Session->delete('Auth'); | |
743 } | |
744 | |
745 /** | |
746 * testAuthorizeModel method | |
747 * | |
748 * @access public | |
749 * @return void | |
750 */ | |
751 function testAuthorizeModel() { | |
752 $this->AuthUser =& new AuthUser(); | |
753 $user = $this->AuthUser->find(); | |
754 $this->Controller->Session->write('Auth', $user); | |
755 | |
756 $this->Controller->params['controller'] = 'auth_test'; | |
757 $this->Controller->params['action'] = 'add'; | |
758 $this->Controller->Auth->userModel = 'AuthUser'; | |
759 $this->Controller->Auth->initialize($this->Controller); | |
760 $this->Controller->Auth->authorize = array('model'=>'AuthUser'); | |
761 $result = $this->Controller->Auth->startup($this->Controller); | |
762 $this->assertTrue($result); | |
763 | |
764 $this->Controller->Session->delete('Auth'); | |
765 $this->Controller->Auth->startup($this->Controller); | |
766 $this->assertTrue($this->Controller->Session->check('Message.auth')); | |
767 $result = $this->Controller->Auth->isAuthorized(); | |
768 $this->assertFalse($result); | |
769 } | |
770 | |
771 /** | |
772 * testAuthorizeCrud method | |
773 * | |
774 * @access public | |
775 * @return void | |
776 */ | |
777 function testAuthorizeCrud() { | |
778 $this->AuthUser =& new AuthUser(); | |
779 $user = $this->AuthUser->find(); | |
780 $this->Controller->Session->write('Auth', $user); | |
781 | |
782 $this->Controller->params['controller'] = 'auth_test'; | |
783 $this->Controller->params['action'] = 'add'; | |
784 | |
785 $this->Controller->Acl->name = 'DbAclTest'; | |
786 | |
787 $this->Controller->Acl->Aro->id = null; | |
788 $this->Controller->Acl->Aro->create(array('alias' => 'Roles')); | |
789 $result = $this->Controller->Acl->Aro->save(); | |
790 $this->assertTrue($result); | |
791 | |
792 $parent = $this->Controller->Acl->Aro->id; | |
793 | |
794 $this->Controller->Acl->Aro->create(array('parent_id' => $parent, 'alias' => 'Admin')); | |
795 $result = $this->Controller->Acl->Aro->save(); | |
796 $this->assertTrue($result); | |
797 | |
798 $parent = $this->Controller->Acl->Aro->id; | |
799 | |
800 $this->Controller->Acl->Aro->create(array( | |
801 'model' => 'AuthUser', 'parent_id' => $parent, 'foreign_key' => 1, 'alias'=> 'mariano' | |
802 )); | |
803 $result = $this->Controller->Acl->Aro->save(); | |
804 $this->assertTrue($result); | |
805 | |
806 $this->Controller->Acl->Aco->create(array('alias' => 'Root')); | |
807 $result = $this->Controller->Acl->Aco->save(); | |
808 $this->assertTrue($result); | |
809 | |
810 $parent = $this->Controller->Acl->Aco->id; | |
811 | |
812 $this->Controller->Acl->Aco->create(array('parent_id' => $parent, 'alias' => 'AuthTest')); | |
813 $result = $this->Controller->Acl->Aco->save(); | |
814 $this->assertTrue($result); | |
815 | |
816 $this->Controller->Acl->allow('Roles/Admin', 'Root'); | |
817 $this->Controller->Acl->allow('Roles/Admin', 'Root/AuthTest'); | |
818 | |
819 $this->Controller->Auth->initialize($this->Controller); | |
820 | |
821 $this->Controller->Auth->userModel = 'AuthUser'; | |
822 $this->Controller->Auth->authorize = 'crud'; | |
823 $this->Controller->Auth->actionPath = 'Root/'; | |
824 | |
825 $this->Controller->Auth->startup($this->Controller); | |
826 $this->assertTrue($this->Controller->Auth->isAuthorized()); | |
827 | |
828 $this->Controller->Session->delete('Auth'); | |
829 $this->Controller->Auth->startup($this->Controller); | |
830 $this->assertTrue($this->Controller->Session->check('Message.auth')); | |
831 } | |
832 | |
833 /** | |
834 * test authorize = 'actions' setting. | |
835 * | |
836 * @return void | |
837 */ | |
838 function testAuthorizeActions() { | |
839 $this->AuthUser =& new AuthUser(); | |
840 $user = $this->AuthUser->find(); | |
841 $this->Controller->Session->write('Auth', $user); | |
842 $this->Controller->params['controller'] = 'auth_test'; | |
843 $this->Controller->params['action'] = 'add'; | |
844 | |
845 $this->Controller->Acl =& new AuthTestMockAclComponent(); | |
846 $this->Controller->Acl->setReturnValue('check', true); | |
847 | |
848 $this->Controller->Auth->initialize($this->Controller); | |
849 | |
850 $this->Controller->Auth->userModel = 'AuthUser'; | |
851 $this->Controller->Auth->authorize = 'actions'; | |
852 $this->Controller->Auth->actionPath = 'Root/'; | |
853 | |
854 $this->Controller->Acl->expectAt(0, 'check', array( | |
855 $user, 'Root/AuthTest/add' | |
856 )); | |
857 | |
858 $this->Controller->Auth->startup($this->Controller); | |
859 $this->assertTrue($this->Controller->Auth->isAuthorized()); | |
860 } | |
861 | |
862 /** | |
863 * Tests that deny always takes precedence over allow | |
864 * | |
865 * @access public | |
866 * @return void | |
867 */ | |
868 function testAllowDenyAll() { | |
869 $this->Controller->Auth->initialize($this->Controller); | |
870 | |
871 $this->Controller->Auth->allow('*'); | |
872 $this->Controller->Auth->deny('add', 'camelcase'); | |
873 | |
874 $this->Controller->params['action'] = 'delete'; | |
875 $this->assertTrue($this->Controller->Auth->startup($this->Controller)); | |
876 | |
877 $this->Controller->params['action'] = 'add'; | |
878 $this->assertFalse($this->Controller->Auth->startup($this->Controller)); | |
879 | |
880 $this->Controller->params['action'] = 'Add'; | |
881 $this->assertFalse($this->Controller->Auth->startup($this->Controller)); | |
882 | |
883 $this->Controller->params['action'] = 'camelCase'; | |
884 $this->assertFalse($this->Controller->Auth->startup($this->Controller)); | |
885 | |
886 $this->Controller->Auth->allow('*'); | |
887 $this->Controller->Auth->deny(array('add', 'camelcase')); | |
888 | |
889 $this->Controller->params['action'] = 'camelCase'; | |
890 $this->assertFalse($this->Controller->Auth->startup($this->Controller)); | |
891 } | |
892 | |
893 /** | |
894 * test the action() method | |
895 * | |
896 * @return void | |
897 */ | |
898 function testActionMethod() { | |
899 $this->Controller->params['controller'] = 'auth_test'; | |
900 $this->Controller->params['action'] = 'add'; | |
901 | |
902 $this->Controller->Auth->initialize($this->Controller); | |
903 $this->Controller->Auth->actionPath = 'ROOT/'; | |
904 | |
905 $result = $this->Controller->Auth->action(); | |
906 $this->assertEqual($result, 'ROOT/AuthTest/add'); | |
907 | |
908 $result = $this->Controller->Auth->action(':controller'); | |
909 $this->assertEqual($result, 'ROOT/AuthTest'); | |
910 | |
911 $result = $this->Controller->Auth->action(':controller'); | |
912 $this->assertEqual($result, 'ROOT/AuthTest'); | |
913 | |
914 $this->Controller->params['plugin'] = 'test_plugin'; | |
915 $this->Controller->params['controller'] = 'auth_test'; | |
916 $this->Controller->params['action'] = 'add'; | |
917 $this->Controller->Auth->initialize($this->Controller); | |
918 $result = $this->Controller->Auth->action(); | |
919 $this->assertEqual($result, 'ROOT/TestPlugin/AuthTest/add'); | |
920 } | |
921 | |
922 /** | |
923 * test that deny() converts camel case inputs to lowercase. | |
924 * | |
925 * @return void | |
926 */ | |
927 function testDenyWithCamelCaseMethods() { | |
928 $this->Controller->Auth->initialize($this->Controller); | |
929 $this->Controller->Auth->allow('*'); | |
930 $this->Controller->Auth->deny('add', 'camelCase'); | |
931 | |
932 $url = '/auth_test/camelCase'; | |
933 $this->Controller->params = Router::parse($url); | |
934 $this->Controller->params['url']['url'] = Router::normalize($url); | |
935 | |
936 $this->assertFalse($this->Controller->Auth->startup($this->Controller)); | |
937 } | |
938 | |
939 /** | |
940 * test that allow() and allowedActions work with camelCase method names. | |
941 * | |
942 * @return void | |
943 */ | |
944 function testAllowedActionsWithCamelCaseMethods() { | |
945 $url = '/auth_test/camelCase'; | |
946 $this->Controller->params = Router::parse($url); | |
947 $this->Controller->params['url']['url'] = Router::normalize($url); | |
948 $this->Controller->Auth->initialize($this->Controller); | |
949 $this->Controller->Auth->loginAction = array('controller' => 'AuthTest', 'action' => 'login'); | |
950 $this->Controller->Auth->userModel = 'AuthUser'; | |
951 $this->Controller->Auth->allow('*'); | |
952 $result = $this->Controller->Auth->startup($this->Controller); | |
953 $this->assertTrue($result, 'startup() should return true, as action is allowed. %s'); | |
954 | |
955 $url = '/auth_test/camelCase'; | |
956 $this->Controller->params = Router::parse($url); | |
957 $this->Controller->params['url']['url'] = Router::normalize($url); | |
958 $this->Controller->Auth->initialize($this->Controller); | |
959 $this->Controller->Auth->loginAction = array('controller' => 'AuthTest', 'action' => 'login'); | |
960 $this->Controller->Auth->userModel = 'AuthUser'; | |
961 $this->Controller->Auth->allowedActions = array('delete', 'camelCase', 'add'); | |
962 $result = $this->Controller->Auth->startup($this->Controller); | |
963 $this->assertTrue($result, 'startup() should return true, as action is allowed. %s'); | |
964 | |
965 $this->Controller->Auth->allowedActions = array('delete', 'add'); | |
966 $result = $this->Controller->Auth->startup($this->Controller); | |
967 $this->assertFalse($result, 'startup() should return false, as action is not allowed. %s'); | |
968 | |
969 $url = '/auth_test/delete'; | |
970 $this->Controller->params = Router::parse($url); | |
971 $this->Controller->params['url']['url'] = Router::normalize($url); | |
972 $this->Controller->Auth->initialize($this->Controller); | |
973 $this->Controller->Auth->loginAction = array('controller' => 'AuthTest', 'action' => 'login'); | |
974 $this->Controller->Auth->userModel = 'AuthUser'; | |
975 | |
976 $this->Controller->Auth->allow(array('delete', 'add')); | |
977 $result = $this->Controller->Auth->startup($this->Controller); | |
978 $this->assertTrue($result, 'startup() should return true, as action is allowed. %s'); | |
979 } | |
980 | |
981 function testAllowedActionsSetWithAllowMethod() { | |
982 $url = '/auth_test/action_name'; | |
983 $this->Controller->params = Router::parse($url); | |
984 $this->Controller->params['url']['url'] = Router::normalize($url); | |
985 $this->Controller->Auth->initialize($this->Controller); | |
986 $this->Controller->Auth->allow('action_name', 'anotherAction'); | |
987 $this->assertEqual($this->Controller->Auth->allowedActions, array('action_name', 'anotheraction')); | |
988 } | |
989 | |
990 /** | |
991 * testLoginRedirect method | |
992 * | |
993 * @access public | |
994 * @return void | |
995 */ | |
996 function testLoginRedirect() { | |
997 if (isset($_SERVER['HTTP_REFERER'])) { | |
998 $backup = $_SERVER['HTTP_REFERER']; | |
999 } else { | |
1000 $backup = null; | |
1001 } | |
1002 | |
1003 $_SERVER['HTTP_REFERER'] = false; | |
1004 | |
1005 $this->Controller->Session->write('Auth', array( | |
1006 'AuthUser' => array('id' => '1', 'username' => 'nate') | |
1007 )); | |
1008 | |
1009 $this->Controller->params = Router::parse('users/login'); | |
1010 $this->Controller->params['url']['url'] = 'users/login'; | |
1011 $this->Controller->Auth->initialize($this->Controller); | |
1012 | |
1013 $this->Controller->Auth->userModel = 'AuthUser'; | |
1014 $this->Controller->Auth->loginRedirect = array( | |
1015 'controller' => 'pages', 'action' => 'display', 'welcome' | |
1016 ); | |
1017 $this->Controller->Auth->startup($this->Controller); | |
1018 $expected = Router::normalize($this->Controller->Auth->loginRedirect); | |
1019 $this->assertEqual($expected, $this->Controller->Auth->redirect()); | |
1020 | |
1021 $this->Controller->Session->delete('Auth'); | |
1022 | |
1023 $this->Controller->params['url']['url'] = 'admin/'; | |
1024 $this->Controller->Auth->initialize($this->Controller); | |
1025 $this->Controller->Auth->userModel = 'AuthUser'; | |
1026 $this->Controller->Auth->loginRedirect = null; | |
1027 $this->Controller->Auth->startup($this->Controller); | |
1028 $expected = Router::normalize('admin/'); | |
1029 $this->assertTrue($this->Controller->Session->check('Message.auth')); | |
1030 $this->assertEqual($expected, $this->Controller->Auth->redirect()); | |
1031 | |
1032 $this->Controller->Session->delete('Auth'); | |
1033 | |
1034 //empty referer no session | |
1035 $_SERVER['HTTP_REFERER'] = false; | |
1036 $_ENV['HTTP_REFERER'] = false; | |
1037 putenv('HTTP_REFERER='); | |
1038 $url = '/posts/view/1'; | |
1039 | |
1040 $this->Controller->Session->write('Auth', array( | |
1041 'AuthUser' => array('id' => '1', 'username' => 'nate')) | |
1042 ); | |
1043 $this->Controller->testUrl = null; | |
1044 $this->Controller->params = Router::parse($url); | |
1045 array_push($this->Controller->methods, 'view', 'edit', 'index'); | |
1046 | |
1047 $this->Controller->Auth->initialize($this->Controller); | |
1048 $this->Controller->Auth->authorize = 'controller'; | |
1049 $this->Controller->params['testControllerAuth'] = true; | |
1050 | |
1051 $this->Controller->Auth->loginAction = array( | |
1052 'controller' => 'AuthTest', 'action' => 'login' | |
1053 ); | |
1054 $this->Controller->Auth->userModel = 'AuthUser'; | |
1055 $this->Controller->Auth->startup($this->Controller); | |
1056 $expected = Router::normalize('/'); | |
1057 $this->assertEqual($expected, $this->Controller->testUrl); | |
1058 | |
1059 | |
1060 $this->Controller->Session->delete('Auth'); | |
1061 $_SERVER['HTTP_REFERER'] = Router::url('/admin/', true); | |
1062 | |
1063 $this->Controller->Session->write('Auth', array( | |
1064 'AuthUser' => array('id'=>'1', 'username'=>'nate')) | |
1065 ); | |
1066 $this->Controller->params['url']['url'] = 'auth_test/login'; | |
1067 $this->Controller->Auth->initialize($this->Controller); | |
1068 $this->Controller->Auth->loginAction = 'auth_test/login'; | |
1069 $this->Controller->Auth->userModel = 'AuthUser'; | |
1070 $this->Controller->Auth->loginRedirect = false; | |
1071 $this->Controller->Auth->startup($this->Controller); | |
1072 $expected = Router::normalize('/admin'); | |
1073 $this->assertEqual($expected, $this->Controller->Auth->redirect()); | |
1074 | |
1075 //Ticket #4750 | |
1076 //named params | |
1077 $this->Controller->Session->delete('Auth'); | |
1078 $url = '/posts/index/year:2008/month:feb'; | |
1079 $this->Controller->params = Router::parse($url); | |
1080 $this->Controller->params['url']['url'] = Router::normalize($url); | |
1081 $this->Controller->Auth->initialize($this->Controller); | |
1082 $this->Controller->Auth->loginAction = array('controller' => 'AuthTest', 'action' => 'login'); | |
1083 $this->Controller->Auth->userModel = 'AuthUser'; | |
1084 $this->Controller->Auth->startup($this->Controller); | |
1085 $expected = Router::normalize('posts/index/year:2008/month:feb'); | |
1086 $this->assertEqual($expected, $this->Controller->Session->read('Auth.redirect')); | |
1087 | |
1088 //passed args | |
1089 $this->Controller->Session->delete('Auth'); | |
1090 $url = '/posts/view/1'; | |
1091 $this->Controller->params = Router::parse($url); | |
1092 $this->Controller->params['url']['url'] = Router::normalize($url); | |
1093 $this->Controller->Auth->initialize($this->Controller); | |
1094 $this->Controller->Auth->loginAction = array('controller' => 'AuthTest', 'action' => 'login'); | |
1095 $this->Controller->Auth->userModel = 'AuthUser'; | |
1096 $this->Controller->Auth->startup($this->Controller); | |
1097 $expected = Router::normalize('posts/view/1'); | |
1098 $this->assertEqual($expected, $this->Controller->Session->read('Auth.redirect')); | |
1099 | |
1100 // QueryString parameters | |
1101 $_back = $_GET; | |
1102 $_GET = array( | |
1103 'url' => '/posts/index/29', | |
1104 'print' => 'true', | |
1105 'refer' => 'menu' | |
1106 ); | |
1107 $this->Controller->Session->delete('Auth'); | |
1108 $url = '/posts/index/29?print=true&refer=menu'; | |
1109 $this->Controller->params = Dispatcher::parseParams($url); | |
1110 $this->Controller->Auth->initialize($this->Controller); | |
1111 $this->Controller->Auth->loginAction = array('controller' => 'AuthTest', 'action' => 'login'); | |
1112 $this->Controller->Auth->userModel = 'AuthUser'; | |
1113 $this->Controller->Auth->startup($this->Controller); | |
1114 $expected = Router::normalize('posts/index/29?print=true&refer=menu'); | |
1115 $this->assertEqual($expected, $this->Controller->Session->read('Auth.redirect')); | |
1116 | |
1117 $_GET = array( | |
1118 'url' => '/posts/index/29', | |
1119 'print' => 'true', | |
1120 'refer' => 'menu', | |
1121 'ext' => 'html' | |
1122 ); | |
1123 $this->Controller->Session->delete('Auth'); | |
1124 $url = '/posts/index/29?print=true&refer=menu'; | |
1125 $this->Controller->params = Dispatcher::parseParams($url); | |
1126 $this->Controller->Auth->initialize($this->Controller); | |
1127 $this->Controller->Auth->loginAction = array('controller' => 'AuthTest', 'action' => 'login'); | |
1128 $this->Controller->Auth->userModel = 'AuthUser'; | |
1129 $this->Controller->Auth->startup($this->Controller); | |
1130 $expected = Router::normalize('posts/index/29?print=true&refer=menu'); | |
1131 $this->assertEqual($expected, $this->Controller->Session->read('Auth.redirect')); | |
1132 $_GET = $_back; | |
1133 | |
1134 //external authed action | |
1135 $_SERVER['HTTP_REFERER'] = 'http://webmail.example.com/view/message'; | |
1136 $this->Controller->Session->delete('Auth'); | |
1137 $url = '/posts/edit/1'; | |
1138 $this->Controller->params = Router::parse($url); | |
1139 $this->Controller->params['url']['url'] = Router::normalize($url); | |
1140 $this->Controller->Auth->initialize($this->Controller); | |
1141 $this->Controller->Auth->loginAction = array('controller' => 'AuthTest', 'action' => 'login'); | |
1142 $this->Controller->Auth->userModel = 'AuthUser'; | |
1143 $this->Controller->Auth->startup($this->Controller); | |
1144 $expected = Router::normalize('/posts/edit/1'); | |
1145 $this->assertEqual($expected, $this->Controller->Session->read('Auth.redirect')); | |
1146 | |
1147 //external direct login link | |
1148 $_SERVER['HTTP_REFERER'] = 'http://webmail.example.com/view/message'; | |
1149 $this->Controller->Session->delete('Auth'); | |
1150 $url = '/AuthTest/login'; | |
1151 $this->Controller->params = Router::parse($url); | |
1152 $this->Controller->params['url']['url'] = Router::normalize($url); | |
1153 $this->Controller->Auth->initialize($this->Controller); | |
1154 $this->Controller->Auth->loginAction = array('controller' => 'AuthTest', 'action' => 'login'); | |
1155 $this->Controller->Auth->userModel = 'AuthUser'; | |
1156 $this->Controller->Auth->startup($this->Controller); | |
1157 $expected = Router::normalize('/'); | |
1158 $this->assertEqual($expected, $this->Controller->Session->read('Auth.redirect')); | |
1159 | |
1160 $_SERVER['HTTP_REFERER'] = $backup; | |
1161 $this->Controller->Session->delete('Auth'); | |
1162 } | |
1163 | |
1164 /** | |
1165 * Ensure that no redirect is performed when a 404 is reached | |
1166 * And the user doesn't have a session. | |
1167 * | |
1168 * @return void | |
1169 */ | |
1170 function testNoRedirectOn404() { | |
1171 $this->Controller->Session->delete('Auth'); | |
1172 $this->Controller->Auth->initialize($this->Controller); | |
1173 $this->Controller->params = Router::parse('auth_test/something_totally_wrong'); | |
1174 $result = $this->Controller->Auth->startup($this->Controller); | |
1175 $this->assertTrue($result, 'Auth redirected a missing action %s'); | |
1176 } | |
1177 | |
1178 /** | |
1179 * testEmptyUsernameOrPassword method | |
1180 * | |
1181 * @access public | |
1182 * @return void | |
1183 */ | |
1184 function testEmptyUsernameOrPassword() { | |
1185 $this->AuthUser =& new AuthUser(); | |
1186 $user['id'] = 1; | |
1187 $user['username'] = 'mariano'; | |
1188 $user['password'] = Security::hash(Configure::read('Security.salt') . 'cake'); | |
1189 $this->AuthUser->save($user, false); | |
1190 | |
1191 $authUser = $this->AuthUser->find(); | |
1192 | |
1193 $this->Controller->data['AuthUser']['username'] = ''; | |
1194 $this->Controller->data['AuthUser']['password'] = ''; | |
1195 | |
1196 $this->Controller->params = Router::parse('auth_test/login'); | |
1197 $this->Controller->params['url']['url'] = 'auth_test/login'; | |
1198 $this->Controller->Auth->initialize($this->Controller); | |
1199 $this->Controller->Auth->loginAction = 'auth_test/login'; | |
1200 $this->Controller->Auth->userModel = 'AuthUser'; | |
1201 | |
1202 $this->Controller->Auth->startup($this->Controller); | |
1203 $user = $this->Controller->Auth->user(); | |
1204 $this->assertTrue($this->Controller->Session->check('Message.auth')); | |
1205 $this->assertEqual($user, false); | |
1206 $this->Controller->Session->delete('Auth'); | |
1207 } | |
1208 | |
1209 /** | |
1210 * testInjection method | |
1211 * | |
1212 * @access public | |
1213 * @return void | |
1214 */ | |
1215 function testInjection() { | |
1216 $this->AuthUser =& new AuthUser(); | |
1217 $this->AuthUser->id = 2; | |
1218 $this->AuthUser->saveField('password', Security::hash(Configure::read('Security.salt') . 'cake')); | |
1219 | |
1220 $this->Controller->data['AuthUser']['username'] = 'nate'; | |
1221 $this->Controller->data['AuthUser']['password'] = 'cake'; | |
1222 $this->Controller->params = Router::parse('auth_test/login'); | |
1223 $this->Controller->params['url']['url'] = 'auth_test/login'; | |
1224 $this->Controller->Auth->initialize($this->Controller); | |
1225 | |
1226 $this->Controller->Auth->loginAction = 'auth_test/login'; | |
1227 $this->Controller->Auth->userModel = 'AuthUser'; | |
1228 $this->Controller->Auth->startup($this->Controller); | |
1229 $this->assertTrue(is_array($this->Controller->Auth->user())); | |
1230 | |
1231 $this->Controller->Session->delete($this->Controller->Auth->sessionKey); | |
1232 | |
1233 $this->Controller->data['AuthUser']['username'] = 'nate'; | |
1234 $this->Controller->data['AuthUser']['password'] = 'cake1'; | |
1235 $this->Controller->params['url']['url'] = 'auth_test/login'; | |
1236 $this->Controller->Auth->initialize($this->Controller); | |
1237 | |
1238 $this->Controller->Auth->loginAction = 'auth_test/login'; | |
1239 $this->Controller->Auth->userModel = 'AuthUser'; | |
1240 $this->Controller->Auth->startup($this->Controller); | |
1241 $this->assertTrue(is_null($this->Controller->Auth->user())); | |
1242 | |
1243 $this->Controller->Session->delete($this->Controller->Auth->sessionKey); | |
1244 | |
1245 $this->Controller->data['AuthUser']['username'] = '> n'; | |
1246 $this->Controller->data['AuthUser']['password'] = 'cake'; | |
1247 $this->Controller->Auth->initialize($this->Controller); | |
1248 | |
1249 $this->Controller->Auth->startup($this->Controller); | |
1250 $this->assertTrue(is_null($this->Controller->Auth->user())); | |
1251 | |
1252 unset($this->Controller->data['AuthUser']['password']); | |
1253 $this->Controller->data['AuthUser']['username'] = "1'1"; | |
1254 $this->Controller->Auth->initialize($this->Controller); | |
1255 | |
1256 $this->Controller->Auth->startup($this->Controller); | |
1257 $this->assertTrue(is_null($this->Controller->Auth->user())); | |
1258 | |
1259 unset($this->Controller->data['AuthUser']['username']); | |
1260 $this->Controller->data['AuthUser']['password'] = "1'1"; | |
1261 $this->Controller->Auth->initialize($this->Controller); | |
1262 | |
1263 $this->Controller->Auth->startup($this->Controller); | |
1264 $this->assertTrue(is_null($this->Controller->Auth->user())); | |
1265 } | |
1266 | |
1267 /** | |
1268 * test Hashing of passwords | |
1269 * | |
1270 * @return void | |
1271 */ | |
1272 function testHashPasswords() { | |
1273 $this->Controller->Auth->userModel = 'AuthUser'; | |
1274 | |
1275 $data['AuthUser']['password'] = 'superSecret'; | |
1276 $data['AuthUser']['username'] = 'superman@dailyplanet.com'; | |
1277 $return = $this->Controller->Auth->hashPasswords($data); | |
1278 $expected = $data; | |
1279 $expected['AuthUser']['password'] = Security::hash($expected['AuthUser']['password'], null, true); | |
1280 $this->assertEqual($return, $expected); | |
1281 | |
1282 $data['Wrong']['password'] = 'superSecret'; | |
1283 $data['Wrong']['username'] = 'superman@dailyplanet.com'; | |
1284 $data['AuthUser']['password'] = 'IcantTellYou'; | |
1285 $return = $this->Controller->Auth->hashPasswords($data); | |
1286 $expected = $data; | |
1287 $expected['AuthUser']['password'] = Security::hash($expected['AuthUser']['password'], null, true); | |
1288 $this->assertEqual($return, $expected); | |
1289 | |
1290 if (PHP5) { | |
1291 $xml = array( | |
1292 'User' => array( | |
1293 'username' => 'batman@batcave.com', | |
1294 'password' => 'bruceWayne', | |
1295 ) | |
1296 ); | |
1297 $data =& new Xml($xml); | |
1298 $return = $this->Controller->Auth->hashPasswords($data); | |
1299 $expected = $data; | |
1300 $this->assertEqual($return, $expected); | |
1301 } | |
1302 } | |
1303 | |
1304 /** | |
1305 * testCustomRoute method | |
1306 * | |
1307 * @access public | |
1308 * @return void | |
1309 */ | |
1310 function testCustomRoute() { | |
1311 Router::reload(); | |
1312 Router::connect( | |
1313 '/:lang/:controller/:action/*', | |
1314 array('lang' => null), | |
1315 array('lang' => '[a-z]{2,3}') | |
1316 ); | |
1317 | |
1318 $url = '/en/users/login'; | |
1319 $this->Controller->params = Router::parse($url); | |
1320 Router::setRequestInfo(array($this->Controller->passedArgs, array( | |
1321 'base' => null, 'here' => $url, 'webroot' => '/', 'passedArgs' => array(), | |
1322 'argSeparator' => ':', 'namedArgs' => array() | |
1323 ))); | |
1324 | |
1325 $this->AuthUser =& new AuthUser(); | |
1326 $user = array( | |
1327 'id' => 1, 'username' => 'felix', | |
1328 'password' => Security::hash(Configure::read('Security.salt') . 'cake' | |
1329 )); | |
1330 $user = $this->AuthUser->save($user, false); | |
1331 | |
1332 $this->Controller->data['AuthUser'] = array('username' => 'felix', 'password' => 'cake'); | |
1333 $this->Controller->params['url']['url'] = substr($url, 1); | |
1334 $this->Controller->Auth->initialize($this->Controller); | |
1335 $this->Controller->Auth->loginAction = array('lang' => 'en', 'controller' => 'users', 'action' => 'login'); | |
1336 $this->Controller->Auth->userModel = 'AuthUser'; | |
1337 | |
1338 $this->Controller->Auth->startup($this->Controller); | |
1339 $user = $this->Controller->Auth->user(); | |
1340 $this->assertTrue(!!$user); | |
1341 | |
1342 $this->Controller->Session->delete('Auth'); | |
1343 Router::reload(); | |
1344 Router::connect('/', array('controller' => 'people', 'action' => 'login')); | |
1345 $url = '/'; | |
1346 $this->Controller->params = Router::parse($url); | |
1347 Router::setRequestInfo(array($this->Controller->passedArgs, array( | |
1348 'base' => null, 'here' => $url, 'webroot' => '/', 'passedArgs' => array(), | |
1349 'argSeparator' => ':', 'namedArgs' => array() | |
1350 ))); | |
1351 $this->Controller->data['AuthUser'] = array('username' => 'felix', 'password' => 'cake'); | |
1352 $this->Controller->params['url']['url'] = substr($url, 1); | |
1353 $this->Controller->Auth->initialize($this->Controller); | |
1354 $this->Controller->Auth->loginAction = array('controller' => 'people', 'action' => 'login'); | |
1355 $this->Controller->Auth->userModel = 'AuthUser'; | |
1356 | |
1357 $this->Controller->Auth->startup($this->Controller); | |
1358 $user = $this->Controller->Auth->user(); | |
1359 $this->assertTrue(!!$user); | |
1360 } | |
1361 | |
1362 /** | |
1363 * testCustomField method | |
1364 * | |
1365 * @access public | |
1366 * @return void | |
1367 */ | |
1368 function testCustomField() { | |
1369 Router::reload(); | |
1370 | |
1371 $this->AuthUserCustomField =& new AuthUserCustomField(); | |
1372 $user = array( | |
1373 'id' => 1, 'email' => 'harking@example.com', | |
1374 'password' => Security::hash(Configure::read('Security.salt') . 'cake' | |
1375 )); | |
1376 $user = $this->AuthUserCustomField->save($user, false); | |
1377 | |
1378 Router::connect('/', array('controller' => 'people', 'action' => 'login')); | |
1379 $url = '/'; | |
1380 $this->Controller->params = Router::parse($url); | |
1381 Router::setRequestInfo(array($this->Controller->passedArgs, array( | |
1382 'base' => null, 'here' => $url, 'webroot' => '/', 'passedArgs' => array(), | |
1383 'argSeparator' => ':', 'namedArgs' => array() | |
1384 ))); | |
1385 $this->Controller->data['AuthUserCustomField'] = array('email' => 'harking@example.com', 'password' => 'cake'); | |
1386 $this->Controller->params['url']['url'] = substr($url, 1); | |
1387 $this->Controller->Auth->initialize($this->Controller); | |
1388 $this->Controller->Auth->fields = array('username' => 'email', 'password' => 'password'); | |
1389 $this->Controller->Auth->loginAction = array('controller' => 'people', 'action' => 'login'); | |
1390 $this->Controller->Auth->userModel = 'AuthUserCustomField'; | |
1391 | |
1392 $this->Controller->Auth->startup($this->Controller); | |
1393 $user = $this->Controller->Auth->user(); | |
1394 $this->assertTrue(!!$user); | |
1395 } | |
1396 | |
1397 /** | |
1398 * testAdminRoute method | |
1399 * | |
1400 * @access public | |
1401 * @return void | |
1402 */ | |
1403 function testAdminRoute() { | |
1404 $prefixes = Configure::read('Routing.prefixes'); | |
1405 Configure::write('Routing.prefixes', array('admin')); | |
1406 Router::reload(); | |
1407 | |
1408 $url = '/admin/auth_test/add'; | |
1409 $this->Controller->params = Router::parse($url); | |
1410 $this->Controller->params['url']['url'] = ltrim($url, '/'); | |
1411 Router::setRequestInfo(array( | |
1412 array( | |
1413 'pass' => array(), 'action' => 'add', 'plugin' => null, | |
1414 'controller' => 'auth_test', 'admin' => true, | |
1415 'url' => array('url' => $this->Controller->params['url']['url']) | |
1416 ), | |
1417 array( | |
1418 'base' => null, 'here' => $url, | |
1419 'webroot' => '/', 'passedArgs' => array(), | |
1420 ) | |
1421 )); | |
1422 $this->Controller->Auth->initialize($this->Controller); | |
1423 | |
1424 $this->Controller->Auth->loginAction = array( | |
1425 'admin' => true, 'controller' => 'auth_test', 'action' => 'login' | |
1426 ); | |
1427 $this->Controller->Auth->userModel = 'AuthUser'; | |
1428 | |
1429 $this->Controller->Auth->startup($this->Controller); | |
1430 $this->assertEqual($this->Controller->testUrl, '/admin/auth_test/login'); | |
1431 | |
1432 Configure::write('Routing.prefixes', $prefixes); | |
1433 } | |
1434 | |
1435 /** | |
1436 * testPluginModel method | |
1437 * | |
1438 * @access public | |
1439 * @return void | |
1440 */ | |
1441 function testPluginModel() { | |
1442 // Adding plugins | |
1443 Cache::delete('object_map', '_cake_core_'); | |
1444 App::build(array( | |
1445 'plugins' => array(TEST_CAKE_CORE_INCLUDE_PATH . 'tests' . DS . 'test_app' . DS . 'plugins' . DS), | |
1446 'models' => array(TEST_CAKE_CORE_INCLUDE_PATH . 'tests' . DS . 'test_app' . DS . 'models' . DS) | |
1447 ), true); | |
1448 App::objects('plugin', null, false); | |
1449 | |
1450 $PluginModel =& ClassRegistry::init('TestPlugin.TestPluginAuthUser'); | |
1451 $user['id'] = 1; | |
1452 $user['username'] = 'gwoo'; | |
1453 $user['password'] = Security::hash(Configure::read('Security.salt') . 'cake'); | |
1454 $PluginModel->save($user, false); | |
1455 | |
1456 $authUser = $PluginModel->find(); | |
1457 | |
1458 $this->Controller->data['TestPluginAuthUser']['username'] = $authUser['TestPluginAuthUser']['username']; | |
1459 $this->Controller->data['TestPluginAuthUser']['password'] = 'cake'; | |
1460 | |
1461 $this->Controller->params = Router::parse('auth_test/login'); | |
1462 $this->Controller->params['url']['url'] = 'auth_test/login'; | |
1463 | |
1464 $this->Controller->Auth->initialize($this->Controller); | |
1465 | |
1466 $this->Controller->Auth->loginAction = 'auth_test/login'; | |
1467 $this->Controller->Auth->userModel = 'TestPlugin.TestPluginAuthUser'; | |
1468 | |
1469 $this->Controller->Auth->startup($this->Controller); | |
1470 $user = $this->Controller->Auth->user(); | |
1471 $expected = array('TestPluginAuthUser' => array( | |
1472 'id' => 1, 'username' => 'gwoo', 'created' => '2007-03-17 01:16:23', 'updated' => date('Y-m-d H:i:s') | |
1473 )); | |
1474 $this->assertEqual($user, $expected); | |
1475 $sessionKey = $this->Controller->Auth->sessionKey; | |
1476 $this->assertEqual('Auth.TestPluginAuthUser', $sessionKey); | |
1477 | |
1478 $this->Controller->Auth->loginAction = null; | |
1479 $this->Controller->Auth->__setDefaults(); | |
1480 $loginAction = $this->Controller->Auth->loginAction; | |
1481 $expected = array( | |
1482 'controller' => 'test_plugin_auth_users', | |
1483 'action' => 'login', | |
1484 'plugin' => 'test_plugin' | |
1485 ); | |
1486 $this->assertEqual($loginAction, $expected); | |
1487 | |
1488 // Reverting changes | |
1489 Cache::delete('object_map', '_cake_core_'); | |
1490 App::build(); | |
1491 App::objects('plugin', null, false); | |
1492 } | |
1493 | |
1494 /** | |
1495 * testAjaxLogin method | |
1496 * | |
1497 * @access public | |
1498 * @return void | |
1499 */ | |
1500 function testAjaxLogin() { | |
1501 App::build(array('views' => array(TEST_CAKE_CORE_INCLUDE_PATH . 'tests' . DS . 'test_app' . DS . 'views'. DS))); | |
1502 $_SERVER['HTTP_X_REQUESTED_WITH'] = "XMLHttpRequest"; | |
1503 | |
1504 if (!class_exists('dispatcher')) { | |
1505 require CAKE . 'dispatcher.php'; | |
1506 } | |
1507 | |
1508 ob_start(); | |
1509 $Dispatcher =& new Dispatcher(); | |
1510 $Dispatcher->dispatch('/ajax_auth/add', array('return' => 1)); | |
1511 $result = ob_get_clean(); | |
1512 $this->assertEqual("Ajax!\nthis is the test element", str_replace("\r\n", "\n", $result)); | |
1513 unset($_SERVER['HTTP_X_REQUESTED_WITH']); | |
1514 } | |
1515 | |
1516 /** | |
1517 * testLoginActionRedirect method | |
1518 * | |
1519 * @access public | |
1520 * @return void | |
1521 */ | |
1522 function testLoginActionRedirect() { | |
1523 $admin = Configure::read('Routing.admin'); | |
1524 Configure::write('Routing.admin', 'admin'); | |
1525 Router::reload(); | |
1526 | |
1527 $url = '/admin/auth_test/login'; | |
1528 $this->Controller->params = Router::parse($url); | |
1529 $this->Controller->params['url']['url'] = ltrim($url, '/'); | |
1530 Router::setRequestInfo(array( | |
1531 array( | |
1532 'pass' => array(), 'action' => 'admin_login', 'plugin' => null, 'controller' => 'auth_test', | |
1533 'admin' => true, 'url' => array('url' => $this->Controller->params['url']['url']), | |
1534 ), | |
1535 array( | |
1536 'base' => null, 'here' => $url, | |
1537 'webroot' => '/', 'passedArgs' => array(), | |
1538 ) | |
1539 )); | |
1540 | |
1541 $this->Controller->Auth->initialize($this->Controller); | |
1542 | |
1543 $this->Controller->Auth->loginAction = array('admin' => true, 'controller' => 'auth_test', 'action' => 'login'); | |
1544 $this->Controller->Auth->userModel = 'AuthUser'; | |
1545 | |
1546 $this->Controller->Auth->startup($this->Controller); | |
1547 | |
1548 $this->assertNull($this->Controller->testUrl); | |
1549 | |
1550 Configure::write('Routing.admin', $admin); | |
1551 } | |
1552 | |
1553 /** | |
1554 * Tests that shutdown destroys the redirect session var | |
1555 * | |
1556 * @access public | |
1557 * @return void | |
1558 */ | |
1559 function testShutDown() { | |
1560 $this->Controller->Session->write('Auth.redirect', 'foo'); | |
1561 $this->Controller->Auth->_loggedIn = true; | |
1562 $this->Controller->Auth->shutdown($this->Controller); | |
1563 $this->assertFalse($this->Controller->Session->read('Auth.redirect')); | |
1564 } | |
1565 | |
1566 /** | |
1567 * test the initialize callback and its interactions with Router::prefixes() | |
1568 * | |
1569 * @return void | |
1570 */ | |
1571 function testInitializeAndRoutingPrefixes() { | |
1572 $restore = Configure::read('Routing'); | |
1573 Configure::write('Routing.prefixes', array('admin', 'super_user')); | |
1574 Router::reload(); | |
1575 $this->Controller->Auth->initialize($this->Controller); | |
1576 | |
1577 $this->assertTrue(isset($this->Controller->Auth->actionMap['delete'])); | |
1578 $this->assertTrue(isset($this->Controller->Auth->actionMap['view'])); | |
1579 $this->assertTrue(isset($this->Controller->Auth->actionMap['add'])); | |
1580 $this->assertTrue(isset($this->Controller->Auth->actionMap['admin_view'])); | |
1581 $this->assertTrue(isset($this->Controller->Auth->actionMap['super_user_delete'])); | |
1582 | |
1583 Configure::write('Routing', $restore); | |
1584 } | |
1585 | |
1586 /** | |
1587 * test $settings in Controller::$components | |
1588 * | |
1589 * @access public | |
1590 * @return void | |
1591 */ | |
1592 function testComponentSettings() { | |
1593 $this->Controller =& new AuthTestController(); | |
1594 $this->Controller->components = array( | |
1595 'Auth' => array( | |
1596 'fields' => array('username' => 'email', 'password' => 'password'), | |
1597 'loginAction' => array('controller' => 'people', 'action' => 'login'), | |
1598 'userModel' => 'AuthUserCustomField', | |
1599 'sessionKey' => 'AltAuth.AuthUserCustomField' | |
1600 ), | |
1601 'Session' | |
1602 ); | |
1603 $this->Controller->Component->init($this->Controller); | |
1604 $this->Controller->Component->initialize($this->Controller); | |
1605 Router::reload(); | |
1606 | |
1607 $this->AuthUserCustomField =& new AuthUserCustomField(); | |
1608 $user = array( | |
1609 'id' => 1, 'email' => 'harking@example.com', | |
1610 'password' => Security::hash(Configure::read('Security.salt') . 'cake' | |
1611 )); | |
1612 $user = $this->AuthUserCustomField->save($user, false); | |
1613 | |
1614 Router::connect('/', array('controller' => 'people', 'action' => 'login')); | |
1615 $url = '/'; | |
1616 $this->Controller->params = Router::parse($url); | |
1617 Router::setRequestInfo(array($this->Controller->passedArgs, array( | |
1618 'base' => null, 'here' => $url, 'webroot' => '/', 'passedArgs' => array(), | |
1619 'argSeparator' => ':', 'namedArgs' => array() | |
1620 ))); | |
1621 $this->Controller->data['AuthUserCustomField'] = array('email' => 'harking@example.com', 'password' => 'cake'); | |
1622 $this->Controller->params['url']['url'] = substr($url, 1); | |
1623 $this->Controller->Auth->startup($this->Controller); | |
1624 | |
1625 $user = $this->Controller->Auth->user(); | |
1626 $this->assertTrue(!!$user); | |
1627 | |
1628 $expected = array( | |
1629 'fields' => array('username' => 'email', 'password' => 'password'), | |
1630 'loginAction' => array('controller' => 'people', 'action' => 'login'), | |
1631 'logoutRedirect' => array('controller' => 'people', 'action' => 'login'), | |
1632 'userModel' => 'AuthUserCustomField', | |
1633 'sessionKey' => 'AltAuth.AuthUserCustomField' | |
1634 ); | |
1635 $this->assertEqual($expected['fields'], $this->Controller->Auth->fields); | |
1636 $this->assertEqual($expected['loginAction'], $this->Controller->Auth->loginAction); | |
1637 $this->assertEqual($expected['logoutRedirect'], $this->Controller->Auth->logoutRedirect); | |
1638 $this->assertEqual($expected['userModel'], $this->Controller->Auth->userModel); | |
1639 $this->assertEqual($expected['sessionKey'], $this->Controller->Auth->sessionKey); | |
1640 } | |
1641 | |
1642 /** | |
1643 * test that logout deletes the session variables. and returns the correct url | |
1644 * | |
1645 * @return void | |
1646 */ | |
1647 function testLogout() { | |
1648 $this->Controller->Session->write('Auth.User.id', '1'); | |
1649 $this->Controller->Session->write('Auth.redirect', '/users/login'); | |
1650 $this->Controller->Auth->logoutRedirect = '/'; | |
1651 $result = $this->Controller->Auth->logout(); | |
1652 | |
1653 $this->assertEqual($result, '/'); | |
1654 $this->assertNull($this->Controller->Session->read('Auth.AuthUser')); | |
1655 $this->assertNull($this->Controller->Session->read('Auth.redirect')); | |
1656 } | |
1657 } |