Mercurial > hg > Members > shoshi > webvirt

comparison cake/tests/cases/libs/controller/components/auth.test.php @ 0:261e66bd5a0c

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
hg init
author Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
date Sun, 24 Jul 2011 21:08:31 +0900
parents
children
comparison
equal deleted inserted replaced
-1:000000000000 0:261e66bd5a0c
1 <?php
2 /**
3 * AuthComponentTest file
4 *
5 * PHP versions 4 and 5
6 *
7 * CakePHP(tm) Tests <http://book.cakephp.org/view/1196/Testing>
8 * Copyright 2005-2010, Cake Software Foundation, Inc. (http://cakefoundation.org)
9 *
10 * Licensed under The Open Group Test Suite License
11 * Redistributions of files must retain the above copyright notice.
12 *
13 * @copyright Copyright 2005-2010, Cake Software Foundation, Inc. (http://cakefoundation.org)
14 * @link http://book.cakephp.org/view/1196/Testing CakePHP(tm) Tests
15 * @package cake
16 * @subpackage cake.cake.tests.cases.libs.controller.components
17 * @since CakePHP(tm) v 1.2.0.5347
18 * @license http://www.opensource.org/licenses/opengroup.php The Open Group Test Suite License
19 */
20 App::import('Component', array('Auth', 'Acl'));
21 App::import('Model', 'DbAcl');
22 App::import('Core', 'Xml');
23
24 Mock::generate('AclComponent', 'AuthTestMockAclComponent');
25
26 /**
27 * TestAuthComponent class
28 *
29 * @package cake
30 * @subpackage cake.tests.cases.libs.controller.components
31 */
32 class TestAuthComponent extends AuthComponent {
33
34 /**
35 * testStop property
36 *
37 * @var bool false
38 * @access public
39 */
40 var $testStop = false;
41
42 /**
43 * Sets default login state
44 *
45 * @var bool true
46 * @access protected
47 */
48 var $_loggedIn = true;
49
50 /**
51 * stop method
52 *
53 * @access public
54 * @return void
55 */
56 function _stop() {
57 $this->testStop = true;
58 }
59 }
60
61 /**
62 * AuthUser class
63 *
64 * @package cake
65 * @subpackage cake.tests.cases.libs.controller.components
66 */
67 class AuthUser extends CakeTestModel {
68
69 /**
70 * name property
71 *
72 * @var string 'AuthUser'
73 * @access public
74 */
75 var $name = 'AuthUser';
76
77 /**
78 * useDbConfig property
79 *
80 * @var string 'test_suite'
81 * @access public
82 */
83 var $useDbConfig = 'test_suite';
84
85 /**
86 * parentNode method
87 *
88 * @access public
89 * @return void
90 */
91 function parentNode() {
92 return true;
93 }
94
95 /**
96 * bindNode method
97 *
98 * @param mixed $object
99 * @access public
100 * @return void
101 */
102 function bindNode($object) {
103 return 'Roles/Admin';
104 }
105
106 /**
107 * isAuthorized method
108 *
109 * @param mixed $user
110 * @param mixed $controller
111 * @param mixed $action
112 * @access public
113 * @return void
114 */
115 function isAuthorized($user, $controller = null, $action = null) {
116 if (!empty($user)) {
117 return true;
118 }
119 return false;
120 }
121 }
122
123 /**
124 * AuthUserCustomField class
125 *
126 * @package cake
127 * @subpackage cake.tests.cases.libs.controller.components
128 */
129 class AuthUserCustomField extends AuthUser {
130
131 /**
132 * name property
133 *
134 * @var string 'AuthUser'
135 * @access public
136 */
137 var $name = 'AuthUserCustomField';
138 }
139
140 /**
141 * UuidUser class
142 *
143 * @package cake
144 * @subpackage cake.tests.cases.libs.controller.components
145 */
146 class UuidUser extends CakeTestModel {
147
148 /**
149 * name property
150 *
151 * @var string 'AuthUser'
152 * @access public
153 */
154 var $name = 'UuidUser';
155
156 /**
157 * useDbConfig property
158 *
159 * @var string 'test_suite'
160 * @access public
161 */
162 var $useDbConfig = 'test_suite';
163
164 /**
165 * useTable property
166 *
167 * @var string 'uuid'
168 * @access public
169 */
170 var $useTable = 'uuids';
171
172 /**
173 * parentNode method
174 *
175 * @access public
176 * @return void
177 */
178 function parentNode() {
179 return true;
180 }
181
182 /**
183 * bindNode method
184 *
185 * @param mixed $object
186 * @access public
187 * @return void
188 */
189 function bindNode($object) {
190 return 'Roles/Admin';
191 }
192
193 /**
194 * isAuthorized method
195 *
196 * @param mixed $user
197 * @param mixed $controller
198 * @param mixed $action
199 * @access public
200 * @return void
201 */
202 function isAuthorized($user, $controller = null, $action = null) {
203 if (!empty($user)) {
204 return true;
205 }
206 return false;
207 }
208 }
209
210 /**
211 * AuthTestController class
212 *
213 * @package cake
214 * @subpackage cake.tests.cases.libs.controller.components
215 */
216 class AuthTestController extends Controller {
217
218 /**
219 * name property
220 *
221 * @var string 'AuthTest'
222 * @access public
223 */
224 var $name = 'AuthTest';
225
226 /**
227 * uses property
228 *
229 * @var array
230 * @access public
231 */
232 var $uses = array('AuthUser');
233
234 /**
235 * components property
236 *
237 * @var array
238 * @access public
239 */
240 var $components = array('Session', 'Auth', 'Acl');
241
242 /**
243 * testUrl property
244 *
245 * @var mixed null
246 * @access public
247 */
248 var $testUrl = null;
249
250 /**
251 * construct method
252 *
253 * @access private
254 * @return void
255 */
256 function __construct() {
257 $this->params = Router::parse('/auth_test');
258 Router::setRequestInfo(array($this->params, array('base' => null, 'here' => '/auth_test', 'webroot' => '/', 'passedArgs' => array(), 'argSeparator' => ':', 'namedArgs' => array())));
259 parent::__construct();
260 }
261
262 /**
263 * beforeFilter method
264 *
265 * @access public
266 * @return void
267 */
268 function beforeFilter() {
269 $this->Auth->userModel = 'AuthUser';
270 }
271
272 /**
273 * login method
274 *
275 * @access public
276 * @return void
277 */
278 function login() {
279 }
280
281 /**
282 * admin_login method
283 *
284 * @access public
285 * @return void
286 */
287 function admin_login() {
288 }
289
290 /**
291 * logout method
292 *
293 * @access public
294 * @return void
295 */
296 function logout() {
297 // $this->redirect($this->Auth->logout());
298 }
299
300 /**
301 * add method
302 *
303 * @access public
304 * @return void
305 */
306 function add() {
307 echo "add";
308 }
309
310 /**
311 * add method
312 *
313 * @access public
314 * @return void
315 */
316 function camelCase() {
317 echo "camelCase";
318 }
319
320 /**
321 * redirect method
322 *
323 * @param mixed $url
324 * @param mixed $status
325 * @param mixed $exit
326 * @access public
327 * @return void
328 */
329 function redirect($url, $status = null, $exit = true) {
330 $this->testUrl = Router::url($url);
331 return false;
332 }
333
334 /**
335 * isAuthorized method
336 *
337 * @access public
338 * @return void
339 */
340 function isAuthorized() {
341 if (isset($this->params['testControllerAuth'])) {
342 return false;
343 }
344 return true;
345 }
346
347 /**
348 * Mock delete method
349 *
350 * @param mixed $url
351 * @param mixed $status
352 * @param mixed $exit
353 * @access public
354 * @return void
355 */
356 function delete($id = null) {
357 if ($this->TestAuth->testStop !== true && $id !== null) {
358 echo 'Deleted Record: ' . var_export($id, true);
359 }
360 }
361 }
362
363 /**
364 * AjaxAuthController class
365 *
366 * @package cake
367 * @subpackage cake.tests.cases.libs.controller.components
368 */
369 class AjaxAuthController extends Controller {
370
371 /**
372 * name property
373 *
374 * @var string 'AjaxAuth'
375 * @access public
376 */
377 var $name = 'AjaxAuth';
378
379 /**
380 * components property
381 *
382 * @var array
383 * @access public
384 */
385 var $components = array('Session', 'TestAuth');
386
387 /**
388 * uses property
389 *
390 * @var array
391 * @access public
392 */
393 var $uses = array();
394
395 /**
396 * testUrl property
397 *
398 * @var mixed null
399 * @access public
400 */
401 var $testUrl = null;
402
403 /**
404 * beforeFilter method
405 *
406 * @access public
407 * @return void
408 */
409 function beforeFilter() {
410 $this->TestAuth->ajaxLogin = 'test_element';
411 $this->TestAuth->userModel = 'AuthUser';
412 $this->TestAuth->RequestHandler->ajaxLayout = 'ajax2';
413 }
414
415 /**
416 * add method
417 *
418 * @access public
419 * @return void
420 */
421 function add() {
422 if ($this->TestAuth->testStop !== true) {
423 echo 'Added Record';
424 }
425 }
426
427 /**
428 * redirect method
429 *
430 * @param mixed $url
431 * @param mixed $status
432 * @param mixed $exit
433 * @access public
434 * @return void
435 */
436 function redirect($url, $status = null, $exit = true) {
437 $this->testUrl = Router::url($url);
438 return false;
439 }
440 }
441
442 /**
443 * AuthTest class
444 *
445 * @package cake
446 * @subpackage cake.tests.cases.libs.controller.components
447 */
448 class AuthTest extends CakeTestCase {
449
450 /**
451 * name property
452 *
453 * @var string 'Auth'
454 * @access public
455 */
456 var $name = 'Auth';
457
458 /**
459 * fixtures property
460 *
461 * @var array
462 * @access public
463 */
464 var $fixtures = array('core.uuid', 'core.auth_user', 'core.auth_user_custom_field', 'core.aro', 'core.aco', 'core.aros_aco', 'core.aco_action');
465
466 /**
467 * initialized property
468 *
469 * @var bool false
470 * @access public
471 */
472 var $initialized = false;
473
474 /**
475 * startTest method
476 *
477 * @access public
478 * @return void
479 */
480 function startTest() {
481 $this->_server = $_SERVER;
482 $this->_env = $_ENV;
483
484 $this->_securitySalt = Configure::read('Security.salt');
485 Configure::write('Security.salt', 'JfIxfs2guVoUubWDYhG93b0qyJfIxfs2guwvniR2G0FgaC9mi');
486
487 $this->_acl = Configure::read('Acl');
488 Configure::write('Acl.database', 'test_suite');
489 Configure::write('Acl.classname', 'DbAcl');
490
491 $this->Controller =& new AuthTestController();
492 $this->Controller->Component->init($this->Controller);
493 $this->Controller->Component->initialize($this->Controller);
494 $this->Controller->beforeFilter();
495
496 ClassRegistry::addObject('view', new View($this->Controller));
497
498 $this->Controller->Session->delete('Auth');
499 $this->Controller->Session->delete('Message.auth');
500
501 Router::reload();
502
503 $this->initialized = true;
504 }
505
506 /**
507 * endTest method
508 *
509 * @access public
510 * @return void
511 */
512 function endTest() {
513 $_SERVER = $this->_server;
514 $_ENV = $this->_env;
515 Configure::write('Acl', $this->_acl);
516 Configure::write('Security.salt', $this->_securitySalt);
517
518 $this->Controller->Session->delete('Auth');
519 $this->Controller->Session->delete('Message.auth');
520 ClassRegistry::flush();
521 unset($this->Controller, $this->AuthUser);
522 }
523
524 /**
525 * testNoAuth method
526 *
527 * @access public
528 * @return void
529 */
530 function testNoAuth() {
531 $this->assertFalse($this->Controller->Auth->isAuthorized());
532 }
533
534 /**
535 * testIsErrorOrTests
536 *
537 * @access public
538 * @return void
539 */
540 function testIsErrorOrTests() {
541 $this->Controller->Auth->initialize($this->Controller);
542
543 $this->Controller->name = 'CakeError';
544 $this->assertTrue($this->Controller->Auth->startup($this->Controller));
545
546 $this->Controller->name = 'Post';
547 $this->Controller->params['action'] = 'thisdoesnotexist';
548 $this->assertTrue($this->Controller->Auth->startup($this->Controller));
549
550 $this->Controller->scaffold = null;
551 $this->Controller->params['action'] = 'index';
552 $this->assertFalse($this->Controller->Auth->startup($this->Controller));
553 }
554
555 /**
556 * testIdentify method
557 *
558 * @access public
559 * @return void
560 */
561 function testIdentify() {
562 $this->AuthUser =& new AuthUser();
563 $user['id'] = 1;
564 $user['username'] = 'mariano';
565 $user['password'] = Security::hash(Configure::read('Security.salt') . 'cake');
566 $this->AuthUser->save($user, false);
567
568 $this->Controller->Auth->initialize($this->Controller);
569 $this->Controller->Auth->userModel = 'AuthUser';
570 $this->Controller->Auth->startup($this->Controller);
571 $this->assertTrue($this->Controller->Auth->identify($user));
572 }
573
574 /**
575 * testIdentifyWithConditions method
576 *
577 * @access public
578 * @return void
579 */
580 function testIdentifyWithConditions() {
581 $this->AuthUser =& new AuthUser();
582 $user['id'] = 1;
583 $user['username'] = 'mariano';
584 $user['password'] = Security::hash(Configure::read('Security.salt') . 'cake');
585 $this->AuthUser->save($user, false);
586
587 $this->Controller->Auth->initialize($this->Controller);
588 $this->Controller->Auth->startup($this->Controller);
589 $this->Controller->Auth->userModel = 'AuthUser';
590
591 $this->assertFalse($this->Controller->Auth->identify($user, array('AuthUser.id >' => 2)));
592
593 $this->Controller->Auth->userScope = array('id >' => 2);
594 $this->assertFalse($this->Controller->Auth->identify($user));
595 $this->assertTrue($this->Controller->Auth->identify($user, false));
596 }
597
598 /**
599 * testLogin method
600 *
601 * @access public
602 * @return void
603 */
604 function testLogin() {
605 $this->AuthUser =& new AuthUser();
606 $user['id'] = 1;
607 $user['username'] = 'mariano';
608 $user['password'] = Security::hash(Configure::read('Security.salt') . 'cake');
609 $this->AuthUser->save($user, false);
610
611 $authUser = $this->AuthUser->find();
612
613 $this->Controller->data['AuthUser']['username'] = $authUser['AuthUser']['username'];
614 $this->Controller->data['AuthUser']['password'] = 'cake';
615
616 $this->Controller->params = Router::parse('auth_test/login');
617 $this->Controller->params['url']['url'] = 'auth_test/login';
618
619 $this->Controller->Auth->initialize($this->Controller);
620
621 $this->Controller->Auth->loginAction = 'auth_test/login';
622 $this->Controller->Auth->userModel = 'AuthUser';
623
624 $this->Controller->Auth->startup($this->Controller);
625 $user = $this->Controller->Auth->user();
626 $expected = array('AuthUser' => array(
627 'id' => 1, 'username' => 'mariano', 'created' => '2007-03-17 01:16:23', 'updated' => date('Y-m-d H:i:s')
628 ));
629 $this->assertEqual($user, $expected);
630 $this->Controller->Session->delete('Auth');
631
632 $this->Controller->data['AuthUser']['username'] = 'blah';
633 $this->Controller->data['AuthUser']['password'] = '';
634
635 $this->Controller->Auth->startup($this->Controller);
636
637 $user = $this->Controller->Auth->user();
638 $this->assertFalse($user);
639 $this->Controller->Session->delete('Auth');
640
641 $this->Controller->data['AuthUser']['username'] = 'now() or 1=1 --';
642 $this->Controller->data['AuthUser']['password'] = '';
643
644 $this->Controller->Auth->startup($this->Controller);
645
646 $user = $this->Controller->Auth->user();
647 $this->assertFalse($user);
648 $this->Controller->Session->delete('Auth');
649
650 $this->Controller->data['AuthUser']['username'] = 'now() or 1=1 # something';
651 $this->Controller->data['AuthUser']['password'] = '';
652
653 $this->Controller->Auth->startup($this->Controller);
654
655 $user = $this->Controller->Auth->user();
656 $this->assertFalse($user);
657 $this->Controller->Session->delete('Auth');
658
659 $this->Controller->Auth->userModel = 'UuidUser';
660 $this->Controller->Auth->login('47c36f9c-bc00-4d17-9626-4e183ca6822b');
661
662 $user = $this->Controller->Auth->user();
663 $expected = array('UuidUser' => array(
664 'id' => '47c36f9c-bc00-4d17-9626-4e183ca6822b', 'title' => 'Unique record 1', 'count' => 2, 'created' => '2008-03-13 01:16:23', 'updated' => '2008-03-13 01:18:31'
665 ));
666 $this->assertEqual($user, $expected);
667 $this->Controller->Session->delete('Auth');
668 }
669
670 /**
671 * test that being redirected to the login page, with no post data does
672 * not set the session value. Saving the session value in this circumstance
673 * can cause the user to be redirected to an already public page.
674 *
675 * @return void
676 */
677 function testLoginActionNotSettingAuthRedirect() {
678 $_referer = $_SERVER['HTTP_REFERER'];
679 $_SERVER['HTTP_REFERER'] = '/pages/display/about';
680
681 $this->Controller->data = array();
682 $this->Controller->params = Router::parse('auth_test/login');
683 $this->Controller->params['url']['url'] = 'auth_test/login';
684 $this->Controller->Session->delete('Auth');
685
686 $this->Controller->Auth->loginRedirect = '/users/dashboard';
687 $this->Controller->Auth->loginAction = 'auth_test/login';
688 $this->Controller->Auth->userModel = 'AuthUser';
689
690 $this->Controller->Auth->startup($this->Controller);
691 $redirect = $this->Controller->Session->read('Auth.redirect');
692 $this->assertNull($redirect);
693 }
694
695 /**
696 * testAuthorizeFalse method
697 *
698 * @access public
699 * @return void
700 */
701 function testAuthorizeFalse() {
702 $this->AuthUser =& new AuthUser();
703 $user = $this->AuthUser->find();
704 $this->Controller->Session->write('Auth', $user);
705 $this->Controller->Auth->userModel = 'AuthUser';
706 $this->Controller->Auth->authorize = false;
707 $this->Controller->params = Router::parse('auth_test/add');
708 $result = $this->Controller->Auth->startup($this->Controller);
709 $this->assertTrue($result);
710
711 $this->Controller->Session->delete('Auth');
712 $result = $this->Controller->Auth->startup($this->Controller);
713 $this->assertFalse($result);
714 $this->assertTrue($this->Controller->Session->check('Message.auth'));
715
716 $this->Controller->params = Router::parse('auth_test/camelCase');
717 $result = $this->Controller->Auth->startup($this->Controller);
718 $this->assertFalse($result);
719 }
720
721 /**
722 * testAuthorizeController method
723 *
724 * @access public
725 * @return void
726 */
727 function testAuthorizeController() {
728 $this->AuthUser =& new AuthUser();
729 $user = $this->AuthUser->find();
730 $this->Controller->Session->write('Auth', $user);
731 $this->Controller->Auth->userModel = 'AuthUser';
732 $this->Controller->Auth->authorize = 'controller';
733 $this->Controller->params = Router::parse('auth_test/add');
734 $result = $this->Controller->Auth->startup($this->Controller);
735 $this->assertTrue($result);
736
737 $this->Controller->params['testControllerAuth'] = 1;
738 $result = $this->Controller->Auth->startup($this->Controller);
739 $this->assertTrue($this->Controller->Session->check('Message.auth'));
740 $this->assertFalse($result);
741
742 $this->Controller->Session->delete('Auth');
743 }
744
745 /**
746 * testAuthorizeModel method
747 *
748 * @access public
749 * @return void
750 */
751 function testAuthorizeModel() {
752 $this->AuthUser =& new AuthUser();
753 $user = $this->AuthUser->find();
754 $this->Controller->Session->write('Auth', $user);
755
756 $this->Controller->params['controller'] = 'auth_test';
757 $this->Controller->params['action'] = 'add';
758 $this->Controller->Auth->userModel = 'AuthUser';
759 $this->Controller->Auth->initialize($this->Controller);
760 $this->Controller->Auth->authorize = array('model'=>'AuthUser');
761 $result = $this->Controller->Auth->startup($this->Controller);
762 $this->assertTrue($result);
763
764 $this->Controller->Session->delete('Auth');
765 $this->Controller->Auth->startup($this->Controller);
766 $this->assertTrue($this->Controller->Session->check('Message.auth'));
767 $result = $this->Controller->Auth->isAuthorized();
768 $this->assertFalse($result);
769 }
770
771 /**
772 * testAuthorizeCrud method
773 *
774 * @access public
775 * @return void
776 */
777 function testAuthorizeCrud() {
778 $this->AuthUser =& new AuthUser();
779 $user = $this->AuthUser->find();
780 $this->Controller->Session->write('Auth', $user);
781
782 $this->Controller->params['controller'] = 'auth_test';
783 $this->Controller->params['action'] = 'add';
784
785 $this->Controller->Acl->name = 'DbAclTest';
786
787 $this->Controller->Acl->Aro->id = null;
788 $this->Controller->Acl->Aro->create(array('alias' => 'Roles'));
789 $result = $this->Controller->Acl->Aro->save();
790 $this->assertTrue($result);
791
792 $parent = $this->Controller->Acl->Aro->id;
793
794 $this->Controller->Acl->Aro->create(array('parent_id' => $parent, 'alias' => 'Admin'));
795 $result = $this->Controller->Acl->Aro->save();
796 $this->assertTrue($result);
797
798 $parent = $this->Controller->Acl->Aro->id;
799
800 $this->Controller->Acl->Aro->create(array(
801 'model' => 'AuthUser', 'parent_id' => $parent, 'foreign_key' => 1, 'alias'=> 'mariano'
802 ));
803 $result = $this->Controller->Acl->Aro->save();
804 $this->assertTrue($result);
805
806 $this->Controller->Acl->Aco->create(array('alias' => 'Root'));
807 $result = $this->Controller->Acl->Aco->save();
808 $this->assertTrue($result);
809
810 $parent = $this->Controller->Acl->Aco->id;
811
812 $this->Controller->Acl->Aco->create(array('parent_id' => $parent, 'alias' => 'AuthTest'));
813 $result = $this->Controller->Acl->Aco->save();
814 $this->assertTrue($result);
815
816 $this->Controller->Acl->allow('Roles/Admin', 'Root');
817 $this->Controller->Acl->allow('Roles/Admin', 'Root/AuthTest');
818
819 $this->Controller->Auth->initialize($this->Controller);
820
821 $this->Controller->Auth->userModel = 'AuthUser';
822 $this->Controller->Auth->authorize = 'crud';
823 $this->Controller->Auth->actionPath = 'Root/';
824
825 $this->Controller->Auth->startup($this->Controller);
826 $this->assertTrue($this->Controller->Auth->isAuthorized());
827
828 $this->Controller->Session->delete('Auth');
829 $this->Controller->Auth->startup($this->Controller);
830 $this->assertTrue($this->Controller->Session->check('Message.auth'));
831 }
832
833 /**
834 * test authorize = 'actions' setting.
835 *
836 * @return void
837 */
838 function testAuthorizeActions() {
839 $this->AuthUser =& new AuthUser();
840 $user = $this->AuthUser->find();
841 $this->Controller->Session->write('Auth', $user);
842 $this->Controller->params['controller'] = 'auth_test';
843 $this->Controller->params['action'] = 'add';
844
845 $this->Controller->Acl =& new AuthTestMockAclComponent();
846 $this->Controller->Acl->setReturnValue('check', true);
847
848 $this->Controller->Auth->initialize($this->Controller);
849
850 $this->Controller->Auth->userModel = 'AuthUser';
851 $this->Controller->Auth->authorize = 'actions';
852 $this->Controller->Auth->actionPath = 'Root/';
853
854 $this->Controller->Acl->expectAt(0, 'check', array(
855 $user, 'Root/AuthTest/add'
856 ));
857
858 $this->Controller->Auth->startup($this->Controller);
859 $this->assertTrue($this->Controller->Auth->isAuthorized());
860 }
861
862 /**
863 * Tests that deny always takes precedence over allow
864 *
865 * @access public
866 * @return void
867 */
868 function testAllowDenyAll() {
869 $this->Controller->Auth->initialize($this->Controller);
870
871 $this->Controller->Auth->allow('*');
872 $this->Controller->Auth->deny('add', 'camelcase');
873
874 $this->Controller->params['action'] = 'delete';
875 $this->assertTrue($this->Controller->Auth->startup($this->Controller));
876
877 $this->Controller->params['action'] = 'add';
878 $this->assertFalse($this->Controller->Auth->startup($this->Controller));
879
880 $this->Controller->params['action'] = 'Add';
881 $this->assertFalse($this->Controller->Auth->startup($this->Controller));
882
883 $this->Controller->params['action'] = 'camelCase';
884 $this->assertFalse($this->Controller->Auth->startup($this->Controller));
885
886 $this->Controller->Auth->allow('*');
887 $this->Controller->Auth->deny(array('add', 'camelcase'));
888
889 $this->Controller->params['action'] = 'camelCase';
890 $this->assertFalse($this->Controller->Auth->startup($this->Controller));
891 }
892
893 /**
894 * test the action() method
895 *
896 * @return void
897 */
898 function testActionMethod() {
899 $this->Controller->params['controller'] = 'auth_test';
900 $this->Controller->params['action'] = 'add';
901
902 $this->Controller->Auth->initialize($this->Controller);
903 $this->Controller->Auth->actionPath = 'ROOT/';
904
905 $result = $this->Controller->Auth->action();
906 $this->assertEqual($result, 'ROOT/AuthTest/add');
907
908 $result = $this->Controller->Auth->action(':controller');
909 $this->assertEqual($result, 'ROOT/AuthTest');
910
911 $result = $this->Controller->Auth->action(':controller');
912 $this->assertEqual($result, 'ROOT/AuthTest');
913
914 $this->Controller->params['plugin'] = 'test_plugin';
915 $this->Controller->params['controller'] = 'auth_test';
916 $this->Controller->params['action'] = 'add';
917 $this->Controller->Auth->initialize($this->Controller);
918 $result = $this->Controller->Auth->action();
919 $this->assertEqual($result, 'ROOT/TestPlugin/AuthTest/add');
920 }
921
922 /**
923 * test that deny() converts camel case inputs to lowercase.
924 *
925 * @return void
926 */
927 function testDenyWithCamelCaseMethods() {
928 $this->Controller->Auth->initialize($this->Controller);
929 $this->Controller->Auth->allow('*');
930 $this->Controller->Auth->deny('add', 'camelCase');
931
932 $url = '/auth_test/camelCase';
933 $this->Controller->params = Router::parse($url);
934 $this->Controller->params['url']['url'] = Router::normalize($url);
935
936 $this->assertFalse($this->Controller->Auth->startup($this->Controller));
937 }
938
939 /**
940 * test that allow() and allowedActions work with camelCase method names.
941 *
942 * @return void
943 */
944 function testAllowedActionsWithCamelCaseMethods() {
945 $url = '/auth_test/camelCase';
946 $this->Controller->params = Router::parse($url);
947 $this->Controller->params['url']['url'] = Router::normalize($url);
948 $this->Controller->Auth->initialize($this->Controller);
949 $this->Controller->Auth->loginAction = array('controller' => 'AuthTest', 'action' => 'login');
950 $this->Controller->Auth->userModel = 'AuthUser';
951 $this->Controller->Auth->allow('*');
952 $result = $this->Controller->Auth->startup($this->Controller);
953 $this->assertTrue($result, 'startup() should return true, as action is allowed. %s');
954
955 $url = '/auth_test/camelCase';
956 $this->Controller->params = Router::parse($url);
957 $this->Controller->params['url']['url'] = Router::normalize($url);
958 $this->Controller->Auth->initialize($this->Controller);
959 $this->Controller->Auth->loginAction = array('controller' => 'AuthTest', 'action' => 'login');
960 $this->Controller->Auth->userModel = 'AuthUser';
961 $this->Controller->Auth->allowedActions = array('delete', 'camelCase', 'add');
962 $result = $this->Controller->Auth->startup($this->Controller);
963 $this->assertTrue($result, 'startup() should return true, as action is allowed. %s');
964
965 $this->Controller->Auth->allowedActions = array('delete', 'add');
966 $result = $this->Controller->Auth->startup($this->Controller);
967 $this->assertFalse($result, 'startup() should return false, as action is not allowed. %s');
968
969 $url = '/auth_test/delete';
970 $this->Controller->params = Router::parse($url);
971 $this->Controller->params['url']['url'] = Router::normalize($url);
972 $this->Controller->Auth->initialize($this->Controller);
973 $this->Controller->Auth->loginAction = array('controller' => 'AuthTest', 'action' => 'login');
974 $this->Controller->Auth->userModel = 'AuthUser';
975
976 $this->Controller->Auth->allow(array('delete', 'add'));
977 $result = $this->Controller->Auth->startup($this->Controller);
978 $this->assertTrue($result, 'startup() should return true, as action is allowed. %s');
979 }
980
981 function testAllowedActionsSetWithAllowMethod() {
982 $url = '/auth_test/action_name';
983 $this->Controller->params = Router::parse($url);
984 $this->Controller->params['url']['url'] = Router::normalize($url);
985 $this->Controller->Auth->initialize($this->Controller);
986 $this->Controller->Auth->allow('action_name', 'anotherAction');
987 $this->assertEqual($this->Controller->Auth->allowedActions, array('action_name', 'anotheraction'));
988 }
989
990 /**
991 * testLoginRedirect method
992 *
993 * @access public
994 * @return void
995 */
996 function testLoginRedirect() {
997 if (isset($_SERVER['HTTP_REFERER'])) {
998 $backup = $_SERVER['HTTP_REFERER'];
999 } else {
1000 $backup = null;
1001 }
1002
1003 $_SERVER['HTTP_REFERER'] = false;
1004
1005 $this->Controller->Session->write('Auth', array(
1006 'AuthUser' => array('id' => '1', 'username' => 'nate')
1007 ));
1008
1009 $this->Controller->params = Router::parse('users/login');
1010 $this->Controller->params['url']['url'] = 'users/login';
1011 $this->Controller->Auth->initialize($this->Controller);
1012
1013 $this->Controller->Auth->userModel = 'AuthUser';
1014 $this->Controller->Auth->loginRedirect = array(
1015 'controller' => 'pages', 'action' => 'display', 'welcome'
1016 );
1017 $this->Controller->Auth->startup($this->Controller);
1018 $expected = Router::normalize($this->Controller->Auth->loginRedirect);
1019 $this->assertEqual($expected, $this->Controller->Auth->redirect());
1020
1021 $this->Controller->Session->delete('Auth');
1022
1023 $this->Controller->params['url']['url'] = 'admin/';
1024 $this->Controller->Auth->initialize($this->Controller);
1025 $this->Controller->Auth->userModel = 'AuthUser';
1026 $this->Controller->Auth->loginRedirect = null;
1027 $this->Controller->Auth->startup($this->Controller);
1028 $expected = Router::normalize('admin/');
1029 $this->assertTrue($this->Controller->Session->check('Message.auth'));
1030 $this->assertEqual($expected, $this->Controller->Auth->redirect());
1031
1032 $this->Controller->Session->delete('Auth');
1033
1034 //empty referer no session
1035 $_SERVER['HTTP_REFERER'] = false;
1036 $_ENV['HTTP_REFERER'] = false;
1037 putenv('HTTP_REFERER=');
1038 $url = '/posts/view/1';
1039
1040 $this->Controller->Session->write('Auth', array(
1041 'AuthUser' => array('id' => '1', 'username' => 'nate'))
1042 );
1043 $this->Controller->testUrl = null;
1044 $this->Controller->params = Router::parse($url);
1045 array_push($this->Controller->methods, 'view', 'edit', 'index');
1046
1047 $this->Controller->Auth->initialize($this->Controller);
1048 $this->Controller->Auth->authorize = 'controller';
1049 $this->Controller->params['testControllerAuth'] = true;
1050
1051 $this->Controller->Auth->loginAction = array(
1052 'controller' => 'AuthTest', 'action' => 'login'
1053 );
1054 $this->Controller->Auth->userModel = 'AuthUser';
1055 $this->Controller->Auth->startup($this->Controller);
1056 $expected = Router::normalize('/');
1057 $this->assertEqual($expected, $this->Controller->testUrl);
1058
1059
1060 $this->Controller->Session->delete('Auth');
1061 $_SERVER['HTTP_REFERER'] = Router::url('/admin/', true);
1062
1063 $this->Controller->Session->write('Auth', array(
1064 'AuthUser' => array('id'=>'1', 'username'=>'nate'))
1065 );
1066 $this->Controller->params['url']['url'] = 'auth_test/login';
1067 $this->Controller->Auth->initialize($this->Controller);
1068 $this->Controller->Auth->loginAction = 'auth_test/login';
1069 $this->Controller->Auth->userModel = 'AuthUser';
1070 $this->Controller->Auth->loginRedirect = false;
1071 $this->Controller->Auth->startup($this->Controller);
1072 $expected = Router::normalize('/admin');
1073 $this->assertEqual($expected, $this->Controller->Auth->redirect());
1074
1075 //Ticket #4750
1076 //named params
1077 $this->Controller->Session->delete('Auth');
1078 $url = '/posts/index/year:2008/month:feb';
1079 $this->Controller->params = Router::parse($url);
1080 $this->Controller->params['url']['url'] = Router::normalize($url);
1081 $this->Controller->Auth->initialize($this->Controller);
1082 $this->Controller->Auth->loginAction = array('controller' => 'AuthTest', 'action' => 'login');
1083 $this->Controller->Auth->userModel = 'AuthUser';
1084 $this->Controller->Auth->startup($this->Controller);
1085 $expected = Router::normalize('posts/index/year:2008/month:feb');
1086 $this->assertEqual($expected, $this->Controller->Session->read('Auth.redirect'));
1087
1088 //passed args
1089 $this->Controller->Session->delete('Auth');
1090 $url = '/posts/view/1';
1091 $this->Controller->params = Router::parse($url);
1092 $this->Controller->params['url']['url'] = Router::normalize($url);
1093 $this->Controller->Auth->initialize($this->Controller);
1094 $this->Controller->Auth->loginAction = array('controller' => 'AuthTest', 'action' => 'login');
1095 $this->Controller->Auth->userModel = 'AuthUser';
1096 $this->Controller->Auth->startup($this->Controller);
1097 $expected = Router::normalize('posts/view/1');
1098 $this->assertEqual($expected, $this->Controller->Session->read('Auth.redirect'));
1099
1100 // QueryString parameters
1101 $_back = $_GET;
1102 $_GET = array(
1103 'url' => '/posts/index/29',
1104 'print' => 'true',
1105 'refer' => 'menu'
1106 );
1107 $this->Controller->Session->delete('Auth');
1108 $url = '/posts/index/29?print=true&refer=menu';
1109 $this->Controller->params = Dispatcher::parseParams($url);
1110 $this->Controller->Auth->initialize($this->Controller);
1111 $this->Controller->Auth->loginAction = array('controller' => 'AuthTest', 'action' => 'login');
1112 $this->Controller->Auth->userModel = 'AuthUser';
1113 $this->Controller->Auth->startup($this->Controller);
1114 $expected = Router::normalize('posts/index/29?print=true&refer=menu');
1115 $this->assertEqual($expected, $this->Controller->Session->read('Auth.redirect'));
1116
1117 $_GET = array(
1118 'url' => '/posts/index/29',
1119 'print' => 'true',
1120 'refer' => 'menu',
1121 'ext' => 'html'
1122 );
1123 $this->Controller->Session->delete('Auth');
1124 $url = '/posts/index/29?print=true&refer=menu';
1125 $this->Controller->params = Dispatcher::parseParams($url);
1126 $this->Controller->Auth->initialize($this->Controller);
1127 $this->Controller->Auth->loginAction = array('controller' => 'AuthTest', 'action' => 'login');
1128 $this->Controller->Auth->userModel = 'AuthUser';
1129 $this->Controller->Auth->startup($this->Controller);
1130 $expected = Router::normalize('posts/index/29?print=true&refer=menu');
1131 $this->assertEqual($expected, $this->Controller->Session->read('Auth.redirect'));
1132 $_GET = $_back;
1133
1134 //external authed action
1135 $_SERVER['HTTP_REFERER'] = 'http://webmail.example.com/view/message';
1136 $this->Controller->Session->delete('Auth');
1137 $url = '/posts/edit/1';
1138 $this->Controller->params = Router::parse($url);
1139 $this->Controller->params['url']['url'] = Router::normalize($url);
1140 $this->Controller->Auth->initialize($this->Controller);
1141 $this->Controller->Auth->loginAction = array('controller' => 'AuthTest', 'action' => 'login');
1142 $this->Controller->Auth->userModel = 'AuthUser';
1143 $this->Controller->Auth->startup($this->Controller);
1144 $expected = Router::normalize('/posts/edit/1');
1145 $this->assertEqual($expected, $this->Controller->Session->read('Auth.redirect'));
1146
1147 //external direct login link
1148 $_SERVER['HTTP_REFERER'] = 'http://webmail.example.com/view/message';
1149 $this->Controller->Session->delete('Auth');
1150 $url = '/AuthTest/login';
1151 $this->Controller->params = Router::parse($url);
1152 $this->Controller->params['url']['url'] = Router::normalize($url);
1153 $this->Controller->Auth->initialize($this->Controller);
1154 $this->Controller->Auth->loginAction = array('controller' => 'AuthTest', 'action' => 'login');
1155 $this->Controller->Auth->userModel = 'AuthUser';
1156 $this->Controller->Auth->startup($this->Controller);
1157 $expected = Router::normalize('/');
1158 $this->assertEqual($expected, $this->Controller->Session->read('Auth.redirect'));
1159
1160 $_SERVER['HTTP_REFERER'] = $backup;
1161 $this->Controller->Session->delete('Auth');
1162 }
1163
1164 /**
1165 * Ensure that no redirect is performed when a 404 is reached
1166 * And the user doesn't have a session.
1167 *
1168 * @return void
1169 */
1170 function testNoRedirectOn404() {
1171 $this->Controller->Session->delete('Auth');
1172 $this->Controller->Auth->initialize($this->Controller);
1173 $this->Controller->params = Router::parse('auth_test/something_totally_wrong');
1174 $result = $this->Controller->Auth->startup($this->Controller);
1175 $this->assertTrue($result, 'Auth redirected a missing action %s');
1176 }
1177
1178 /**
1179 * testEmptyUsernameOrPassword method
1180 *
1181 * @access public
1182 * @return void
1183 */
1184 function testEmptyUsernameOrPassword() {
1185 $this->AuthUser =& new AuthUser();
1186 $user['id'] = 1;
1187 $user['username'] = 'mariano';
1188 $user['password'] = Security::hash(Configure::read('Security.salt') . 'cake');
1189 $this->AuthUser->save($user, false);
1190
1191 $authUser = $this->AuthUser->find();
1192
1193 $this->Controller->data['AuthUser']['username'] = '';
1194 $this->Controller->data['AuthUser']['password'] = '';
1195
1196 $this->Controller->params = Router::parse('auth_test/login');
1197 $this->Controller->params['url']['url'] = 'auth_test/login';
1198 $this->Controller->Auth->initialize($this->Controller);
1199 $this->Controller->Auth->loginAction = 'auth_test/login';
1200 $this->Controller->Auth->userModel = 'AuthUser';
1201
1202 $this->Controller->Auth->startup($this->Controller);
1203 $user = $this->Controller->Auth->user();
1204 $this->assertTrue($this->Controller->Session->check('Message.auth'));
1205 $this->assertEqual($user, false);
1206 $this->Controller->Session->delete('Auth');
1207 }
1208
1209 /**
1210 * testInjection method
1211 *
1212 * @access public
1213 * @return void
1214 */
1215 function testInjection() {
1216 $this->AuthUser =& new AuthUser();
1217 $this->AuthUser->id = 2;
1218 $this->AuthUser->saveField('password', Security::hash(Configure::read('Security.salt') . 'cake'));
1219
1220 $this->Controller->data['AuthUser']['username'] = 'nate';
1221 $this->Controller->data['AuthUser']['password'] = 'cake';
1222 $this->Controller->params = Router::parse('auth_test/login');
1223 $this->Controller->params['url']['url'] = 'auth_test/login';
1224 $this->Controller->Auth->initialize($this->Controller);
1225
1226 $this->Controller->Auth->loginAction = 'auth_test/login';
1227 $this->Controller->Auth->userModel = 'AuthUser';
1228 $this->Controller->Auth->startup($this->Controller);
1229 $this->assertTrue(is_array($this->Controller->Auth->user()));
1230
1231 $this->Controller->Session->delete($this->Controller->Auth->sessionKey);
1232
1233 $this->Controller->data['AuthUser']['username'] = 'nate';
1234 $this->Controller->data['AuthUser']['password'] = 'cake1';
1235 $this->Controller->params['url']['url'] = 'auth_test/login';
1236 $this->Controller->Auth->initialize($this->Controller);
1237
1238 $this->Controller->Auth->loginAction = 'auth_test/login';
1239 $this->Controller->Auth->userModel = 'AuthUser';
1240 $this->Controller->Auth->startup($this->Controller);
1241 $this->assertTrue(is_null($this->Controller->Auth->user()));
1242
1243 $this->Controller->Session->delete($this->Controller->Auth->sessionKey);
1244
1245 $this->Controller->data['AuthUser']['username'] = '> n';
1246 $this->Controller->data['AuthUser']['password'] = 'cake';
1247 $this->Controller->Auth->initialize($this->Controller);
1248
1249 $this->Controller->Auth->startup($this->Controller);
1250 $this->assertTrue(is_null($this->Controller->Auth->user()));
1251
1252 unset($this->Controller->data['AuthUser']['password']);
1253 $this->Controller->data['AuthUser']['username'] = "1'1";
1254 $this->Controller->Auth->initialize($this->Controller);
1255
1256 $this->Controller->Auth->startup($this->Controller);
1257 $this->assertTrue(is_null($this->Controller->Auth->user()));
1258
1259 unset($this->Controller->data['AuthUser']['username']);
1260 $this->Controller->data['AuthUser']['password'] = "1'1";
1261 $this->Controller->Auth->initialize($this->Controller);
1262
1263 $this->Controller->Auth->startup($this->Controller);
1264 $this->assertTrue(is_null($this->Controller->Auth->user()));
1265 }
1266
1267 /**
1268 * test Hashing of passwords
1269 *
1270 * @return void
1271 */
1272 function testHashPasswords() {
1273 $this->Controller->Auth->userModel = 'AuthUser';
1274
1275 $data['AuthUser']['password'] = 'superSecret';
1276 $data['AuthUser']['username'] = 'superman@dailyplanet.com';
1277 $return = $this->Controller->Auth->hashPasswords($data);
1278 $expected = $data;
1279 $expected['AuthUser']['password'] = Security::hash($expected['AuthUser']['password'], null, true);
1280 $this->assertEqual($return, $expected);
1281
1282 $data['Wrong']['password'] = 'superSecret';
1283 $data['Wrong']['username'] = 'superman@dailyplanet.com';
1284 $data['AuthUser']['password'] = 'IcantTellYou';
1285 $return = $this->Controller->Auth->hashPasswords($data);
1286 $expected = $data;
1287 $expected['AuthUser']['password'] = Security::hash($expected['AuthUser']['password'], null, true);
1288 $this->assertEqual($return, $expected);
1289
1290 if (PHP5) {
1291 $xml = array(
1292 'User' => array(
1293 'username' => 'batman@batcave.com',
1294 'password' => 'bruceWayne',
1295 )
1296 );
1297 $data =& new Xml($xml);
1298 $return = $this->Controller->Auth->hashPasswords($data);
1299 $expected = $data;
1300 $this->assertEqual($return, $expected);
1301 }
1302 }
1303
1304 /**
1305 * testCustomRoute method
1306 *
1307 * @access public
1308 * @return void
1309 */
1310 function testCustomRoute() {
1311 Router::reload();
1312 Router::connect(
1313 '/:lang/:controller/:action/*',
1314 array('lang' => null),
1315 array('lang' => '[a-z]{2,3}')
1316 );
1317
1318 $url = '/en/users/login';
1319 $this->Controller->params = Router::parse($url);
1320 Router::setRequestInfo(array($this->Controller->passedArgs, array(
1321 'base' => null, 'here' => $url, 'webroot' => '/', 'passedArgs' => array(),
1322 'argSeparator' => ':', 'namedArgs' => array()
1323 )));
1324
1325 $this->AuthUser =& new AuthUser();
1326 $user = array(
1327 'id' => 1, 'username' => 'felix',
1328 'password' => Security::hash(Configure::read('Security.salt') . 'cake'
1329 ));
1330 $user = $this->AuthUser->save($user, false);
1331
1332 $this->Controller->data['AuthUser'] = array('username' => 'felix', 'password' => 'cake');
1333 $this->Controller->params['url']['url'] = substr($url, 1);
1334 $this->Controller->Auth->initialize($this->Controller);
1335 $this->Controller->Auth->loginAction = array('lang' => 'en', 'controller' => 'users', 'action' => 'login');
1336 $this->Controller->Auth->userModel = 'AuthUser';
1337
1338 $this->Controller->Auth->startup($this->Controller);
1339 $user = $this->Controller->Auth->user();
1340 $this->assertTrue(!!$user);
1341
1342 $this->Controller->Session->delete('Auth');
1343 Router::reload();
1344 Router::connect('/', array('controller' => 'people', 'action' => 'login'));
1345 $url = '/';
1346 $this->Controller->params = Router::parse($url);
1347 Router::setRequestInfo(array($this->Controller->passedArgs, array(
1348 'base' => null, 'here' => $url, 'webroot' => '/', 'passedArgs' => array(),
1349 'argSeparator' => ':', 'namedArgs' => array()
1350 )));
1351 $this->Controller->data['AuthUser'] = array('username' => 'felix', 'password' => 'cake');
1352 $this->Controller->params['url']['url'] = substr($url, 1);
1353 $this->Controller->Auth->initialize($this->Controller);
1354 $this->Controller->Auth->loginAction = array('controller' => 'people', 'action' => 'login');
1355 $this->Controller->Auth->userModel = 'AuthUser';
1356
1357 $this->Controller->Auth->startup($this->Controller);
1358 $user = $this->Controller->Auth->user();
1359 $this->assertTrue(!!$user);
1360 }
1361
1362 /**
1363 * testCustomField method
1364 *
1365 * @access public
1366 * @return void
1367 */
1368 function testCustomField() {
1369 Router::reload();
1370
1371 $this->AuthUserCustomField =& new AuthUserCustomField();
1372 $user = array(
1373 'id' => 1, 'email' => 'harking@example.com',
1374 'password' => Security::hash(Configure::read('Security.salt') . 'cake'
1375 ));
1376 $user = $this->AuthUserCustomField->save($user, false);
1377
1378 Router::connect('/', array('controller' => 'people', 'action' => 'login'));
1379 $url = '/';
1380 $this->Controller->params = Router::parse($url);
1381 Router::setRequestInfo(array($this->Controller->passedArgs, array(
1382 'base' => null, 'here' => $url, 'webroot' => '/', 'passedArgs' => array(),
1383 'argSeparator' => ':', 'namedArgs' => array()
1384 )));
1385 $this->Controller->data['AuthUserCustomField'] = array('email' => 'harking@example.com', 'password' => 'cake');
1386 $this->Controller->params['url']['url'] = substr($url, 1);
1387 $this->Controller->Auth->initialize($this->Controller);
1388 $this->Controller->Auth->fields = array('username' => 'email', 'password' => 'password');
1389 $this->Controller->Auth->loginAction = array('controller' => 'people', 'action' => 'login');
1390 $this->Controller->Auth->userModel = 'AuthUserCustomField';
1391
1392 $this->Controller->Auth->startup($this->Controller);
1393 $user = $this->Controller->Auth->user();
1394 $this->assertTrue(!!$user);
1395 }
1396
1397 /**
1398 * testAdminRoute method
1399 *
1400 * @access public
1401 * @return void
1402 */
1403 function testAdminRoute() {
1404 $prefixes = Configure::read('Routing.prefixes');
1405 Configure::write('Routing.prefixes', array('admin'));
1406 Router::reload();
1407
1408 $url = '/admin/auth_test/add';
1409 $this->Controller->params = Router::parse($url);
1410 $this->Controller->params['url']['url'] = ltrim($url, '/');
1411 Router::setRequestInfo(array(
1412 array(
1413 'pass' => array(), 'action' => 'add', 'plugin' => null,
1414 'controller' => 'auth_test', 'admin' => true,
1415 'url' => array('url' => $this->Controller->params['url']['url'])
1416 ),
1417 array(
1418 'base' => null, 'here' => $url,
1419 'webroot' => '/', 'passedArgs' => array(),
1420 )
1421 ));
1422 $this->Controller->Auth->initialize($this->Controller);
1423
1424 $this->Controller->Auth->loginAction = array(
1425 'admin' => true, 'controller' => 'auth_test', 'action' => 'login'
1426 );
1427 $this->Controller->Auth->userModel = 'AuthUser';
1428
1429 $this->Controller->Auth->startup($this->Controller);
1430 $this->assertEqual($this->Controller->testUrl, '/admin/auth_test/login');
1431
1432 Configure::write('Routing.prefixes', $prefixes);
1433 }
1434
1435 /**
1436 * testPluginModel method
1437 *
1438 * @access public
1439 * @return void
1440 */
1441 function testPluginModel() {
1442 // Adding plugins
1443 Cache::delete('object_map', '_cake_core_');
1444 App::build(array(
1445 'plugins' => array(TEST_CAKE_CORE_INCLUDE_PATH . 'tests' . DS . 'test_app' . DS . 'plugins' . DS),
1446 'models' => array(TEST_CAKE_CORE_INCLUDE_PATH . 'tests' . DS . 'test_app' . DS . 'models' . DS)
1447 ), true);
1448 App::objects('plugin', null, false);
1449
1450 $PluginModel =& ClassRegistry::init('TestPlugin.TestPluginAuthUser');
1451 $user['id'] = 1;
1452 $user['username'] = 'gwoo';
1453 $user['password'] = Security::hash(Configure::read('Security.salt') . 'cake');
1454 $PluginModel->save($user, false);
1455
1456 $authUser = $PluginModel->find();
1457
1458 $this->Controller->data['TestPluginAuthUser']['username'] = $authUser['TestPluginAuthUser']['username'];
1459 $this->Controller->data['TestPluginAuthUser']['password'] = 'cake';
1460
1461 $this->Controller->params = Router::parse('auth_test/login');
1462 $this->Controller->params['url']['url'] = 'auth_test/login';
1463
1464 $this->Controller->Auth->initialize($this->Controller);
1465
1466 $this->Controller->Auth->loginAction = 'auth_test/login';
1467 $this->Controller->Auth->userModel = 'TestPlugin.TestPluginAuthUser';
1468
1469 $this->Controller->Auth->startup($this->Controller);
1470 $user = $this->Controller->Auth->user();
1471 $expected = array('TestPluginAuthUser' => array(
1472 'id' => 1, 'username' => 'gwoo', 'created' => '2007-03-17 01:16:23', 'updated' => date('Y-m-d H:i:s')
1473 ));
1474 $this->assertEqual($user, $expected);
1475 $sessionKey = $this->Controller->Auth->sessionKey;
1476 $this->assertEqual('Auth.TestPluginAuthUser', $sessionKey);
1477
1478 $this->Controller->Auth->loginAction = null;
1479 $this->Controller->Auth->__setDefaults();
1480 $loginAction = $this->Controller->Auth->loginAction;
1481 $expected = array(
1482 'controller' => 'test_plugin_auth_users',
1483 'action' => 'login',
1484 'plugin' => 'test_plugin'
1485 );
1486 $this->assertEqual($loginAction, $expected);
1487
1488 // Reverting changes
1489 Cache::delete('object_map', '_cake_core_');
1490 App::build();
1491 App::objects('plugin', null, false);
1492 }
1493
1494 /**
1495 * testAjaxLogin method
1496 *
1497 * @access public
1498 * @return void
1499 */
1500 function testAjaxLogin() {
1501 App::build(array('views' => array(TEST_CAKE_CORE_INCLUDE_PATH . 'tests' . DS . 'test_app' . DS . 'views'. DS)));
1502 $_SERVER['HTTP_X_REQUESTED_WITH'] = "XMLHttpRequest";
1503
1504 if (!class_exists('dispatcher')) {
1505 require CAKE . 'dispatcher.php';
1506 }
1507
1508 ob_start();
1509 $Dispatcher =& new Dispatcher();
1510 $Dispatcher->dispatch('/ajax_auth/add', array('return' => 1));
1511 $result = ob_get_clean();
1512 $this->assertEqual("Ajax!\nthis is the test element", str_replace("\r\n", "\n", $result));
1513 unset($_SERVER['HTTP_X_REQUESTED_WITH']);
1514 }
1515
1516 /**
1517 * testLoginActionRedirect method
1518 *
1519 * @access public
1520 * @return void
1521 */
1522 function testLoginActionRedirect() {
1523 $admin = Configure::read('Routing.admin');
1524 Configure::write('Routing.admin', 'admin');
1525 Router::reload();
1526
1527 $url = '/admin/auth_test/login';
1528 $this->Controller->params = Router::parse($url);
1529 $this->Controller->params['url']['url'] = ltrim($url, '/');
1530 Router::setRequestInfo(array(
1531 array(
1532 'pass' => array(), 'action' => 'admin_login', 'plugin' => null, 'controller' => 'auth_test',
1533 'admin' => true, 'url' => array('url' => $this->Controller->params['url']['url']),
1534 ),
1535 array(
1536 'base' => null, 'here' => $url,
1537 'webroot' => '/', 'passedArgs' => array(),
1538 )
1539 ));
1540
1541 $this->Controller->Auth->initialize($this->Controller);
1542
1543 $this->Controller->Auth->loginAction = array('admin' => true, 'controller' => 'auth_test', 'action' => 'login');
1544 $this->Controller->Auth->userModel = 'AuthUser';
1545
1546 $this->Controller->Auth->startup($this->Controller);
1547
1548 $this->assertNull($this->Controller->testUrl);
1549
1550 Configure::write('Routing.admin', $admin);
1551 }
1552
1553 /**
1554 * Tests that shutdown destroys the redirect session var
1555 *
1556 * @access public
1557 * @return void
1558 */
1559 function testShutDown() {
1560 $this->Controller->Session->write('Auth.redirect', 'foo');
1561 $this->Controller->Auth->_loggedIn = true;
1562 $this->Controller->Auth->shutdown($this->Controller);
1563 $this->assertFalse($this->Controller->Session->read('Auth.redirect'));
1564 }
1565
1566 /**
1567 * test the initialize callback and its interactions with Router::prefixes()
1568 *
1569 * @return void
1570 */
1571 function testInitializeAndRoutingPrefixes() {
1572 $restore = Configure::read('Routing');
1573 Configure::write('Routing.prefixes', array('admin', 'super_user'));
1574 Router::reload();
1575 $this->Controller->Auth->initialize($this->Controller);
1576
1577 $this->assertTrue(isset($this->Controller->Auth->actionMap['delete']));
1578 $this->assertTrue(isset($this->Controller->Auth->actionMap['view']));
1579 $this->assertTrue(isset($this->Controller->Auth->actionMap['add']));
1580 $this->assertTrue(isset($this->Controller->Auth->actionMap['admin_view']));
1581 $this->assertTrue(isset($this->Controller->Auth->actionMap['super_user_delete']));
1582
1583 Configure::write('Routing', $restore);
1584 }
1585
1586 /**
1587 * test $settings in Controller::$components
1588 *
1589 * @access public
1590 * @return void
1591 */
1592 function testComponentSettings() {
1593 $this->Controller =& new AuthTestController();
1594 $this->Controller->components = array(
1595 'Auth' => array(
1596 'fields' => array('username' => 'email', 'password' => 'password'),
1597 'loginAction' => array('controller' => 'people', 'action' => 'login'),
1598 'userModel' => 'AuthUserCustomField',
1599 'sessionKey' => 'AltAuth.AuthUserCustomField'
1600 ),
1601 'Session'
1602 );
1603 $this->Controller->Component->init($this->Controller);
1604 $this->Controller->Component->initialize($this->Controller);
1605 Router::reload();
1606
1607 $this->AuthUserCustomField =& new AuthUserCustomField();
1608 $user = array(
1609 'id' => 1, 'email' => 'harking@example.com',
1610 'password' => Security::hash(Configure::read('Security.salt') . 'cake'
1611 ));
1612 $user = $this->AuthUserCustomField->save($user, false);
1613
1614 Router::connect('/', array('controller' => 'people', 'action' => 'login'));
1615 $url = '/';
1616 $this->Controller->params = Router::parse($url);
1617 Router::setRequestInfo(array($this->Controller->passedArgs, array(
1618 'base' => null, 'here' => $url, 'webroot' => '/', 'passedArgs' => array(),
1619 'argSeparator' => ':', 'namedArgs' => array()
1620 )));
1621 $this->Controller->data['AuthUserCustomField'] = array('email' => 'harking@example.com', 'password' => 'cake');
1622 $this->Controller->params['url']['url'] = substr($url, 1);
1623 $this->Controller->Auth->startup($this->Controller);
1624
1625 $user = $this->Controller->Auth->user();
1626 $this->assertTrue(!!$user);
1627
1628 $expected = array(
1629 'fields' => array('username' => 'email', 'password' => 'password'),
1630 'loginAction' => array('controller' => 'people', 'action' => 'login'),
1631 'logoutRedirect' => array('controller' => 'people', 'action' => 'login'),
1632 'userModel' => 'AuthUserCustomField',
1633 'sessionKey' => 'AltAuth.AuthUserCustomField'
1634 );
1635 $this->assertEqual($expected['fields'], $this->Controller->Auth->fields);
1636 $this->assertEqual($expected['loginAction'], $this->Controller->Auth->loginAction);
1637 $this->assertEqual($expected['logoutRedirect'], $this->Controller->Auth->logoutRedirect);
1638 $this->assertEqual($expected['userModel'], $this->Controller->Auth->userModel);
1639 $this->assertEqual($expected['sessionKey'], $this->Controller->Auth->sessionKey);
1640 }
1641
1642 /**
1643 * test that logout deletes the session variables. and returns the correct url
1644 *
1645 * @return void
1646 */
1647 function testLogout() {
1648 $this->Controller->Session->write('Auth.User.id', '1');
1649 $this->Controller->Session->write('Auth.redirect', '/users/login');
1650 $this->Controller->Auth->logoutRedirect = '/';
1651 $result = $this->Controller->Auth->logout();
1652
1653 $this->assertEqual($result, '/');
1654 $this->assertNull($this->Controller->Session->read('Auth.AuthUser'));
1655 $this->assertNull($this->Controller->Session->read('Auth.redirect'));
1656 }
1657 }