Subversion Repositories SmartDukaan

Rev

Details | Last modification | View Log | RSS feed

Rev Author Line No. Line
13532 anikendra 1
<?php
2
/**
3
 * BasicAuthenticateTest file
4
 *
5
 * CakePHP(tm) : Rapid Development Framework (http://cakephp.org)
6
 * Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
7
 *
8
 * Licensed under The MIT License
9
 * For full copyright and license information, please see the LICENSE.txt
10
 * Redistributions of files must retain the above copyright notice.
11
 *
12
 * @copyright     Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
13
 * @link          http://cakephp.org CakePHP(tm) Project
14
 * @package       Cake.Test.Case.Controller.Component.Auth
15
 * @since         CakePHP(tm) v 2.0
16
 * @license       http://www.opensource.org/licenses/mit-license.php MIT License
17
 */
18
 
19
App::uses('AuthComponent', 'Controller/Component');
20
App::uses('BasicAuthenticate', 'Controller/Component/Auth');
21
App::uses('AppModel', 'Model');
22
App::uses('CakeRequest', 'Network');
23
App::uses('CakeResponse', 'Network');
24
 
25
require_once CAKE . 'Test' . DS . 'Case' . DS . 'Model' . DS . 'models.php';
26
 
27
/**
28
 * Test case for BasicAuthentication
29
 *
30
 * @package       Cake.Test.Case.Controller.Component.Auth
31
 */
32
class BasicAuthenticateTest extends CakeTestCase {
33
 
34
/**
35
 * Fixtures
36
 *
37
 * @var array
38
 */
39
	public $fixtures = array('core.user', 'core.auth_user');
40
 
41
/**
42
 * setup
43
 *
44
 * @return void
45
 */
46
	public function setUp() {
47
		parent::setUp();
48
		$this->Collection = $this->getMock('ComponentCollection');
49
		$this->auth = new BasicAuthenticate($this->Collection, array(
50
			'fields' => array('username' => 'user', 'password' => 'password'),
51
			'userModel' => 'User',
52
			'realm' => 'localhost',
53
			'recursive' => 0
54
		));
55
 
56
		$password = Security::hash('password', null, true);
57
		$User = ClassRegistry::init('User');
58
		$User->updateAll(array('password' => $User->getDataSource()->value($password)));
59
		$this->response = $this->getMock('CakeResponse');
60
	}
61
 
62
/**
63
 * test applying settings in the constructor
64
 *
65
 * @return void
66
 */
67
	public function testConstructor() {
68
		$object = new BasicAuthenticate($this->Collection, array(
69
			'userModel' => 'AuthUser',
70
			'fields' => array('username' => 'user', 'password' => 'password')
71
		));
72
		$this->assertEquals('AuthUser', $object->settings['userModel']);
73
		$this->assertEquals(array('username' => 'user', 'password' => 'password'), $object->settings['fields']);
74
		$this->assertEquals(env('SERVER_NAME'), $object->settings['realm']);
75
	}
76
 
77
/**
78
 * test the authenticate method
79
 *
80
 * @return void
81
 */
82
	public function testAuthenticateNoData() {
83
		$request = new CakeRequest('posts/index', false);
84
 
85
		$this->response->expects($this->never())
86
			->method('header');
87
 
88
		$this->assertFalse($this->auth->getUser($request));
89
	}
90
 
91
/**
92
 * test the authenticate method
93
 *
94
 * @return void
95
 */
96
	public function testAuthenticateNoUsername() {
97
		$request = new CakeRequest('posts/index', false);
98
		$_SERVER['PHP_AUTH_PW'] = 'foobar';
99
 
100
		$this->assertFalse($this->auth->authenticate($request, $this->response));
101
	}
102
 
103
/**
104
 * test the authenticate method
105
 *
106
 * @return void
107
 */
108
	public function testAuthenticateNoPassword() {
109
		$request = new CakeRequest('posts/index', false);
110
		$_SERVER['PHP_AUTH_USER'] = 'mariano';
111
		$_SERVER['PHP_AUTH_PW'] = null;
112
 
113
		$this->assertFalse($this->auth->authenticate($request, $this->response));
114
	}
115
 
116
/**
117
 * test the authenticate method
118
 *
119
 * @return void
120
 */
121
	public function testAuthenticateInjection() {
122
		$request = new CakeRequest('posts/index', false);
123
		$request->addParams(array('pass' => array(), 'named' => array()));
124
 
125
		$_SERVER['PHP_AUTH_USER'] = '> 1';
126
		$_SERVER['PHP_AUTH_PW'] = "' OR 1 = 1";
127
 
128
		$this->assertFalse($this->auth->getUser($request));
129
 
130
		$this->assertFalse($this->auth->authenticate($request, $this->response));
131
	}
132
 
133
/**
134
 * test that challenge headers are sent when no credentials are found.
135
 *
136
 * @return void
137
 */
138
	public function testAuthenticateChallenge() {
139
		$request = new CakeRequest('posts/index', false);
140
		$request->addParams(array('pass' => array(), 'named' => array()));
141
 
142
		try {
143
			$this->auth->unauthenticated($request, $this->response);
144
		} catch (UnauthorizedException $e) {
145
		}
146
 
147
		$this->assertNotEmpty($e);
148
 
149
		$expected = array('WWW-Authenticate: Basic realm="localhost"');
150
		$this->assertEquals($expected, $e->responseHeader());
151
	}
152
 
153
/**
154
 * test authenticate success
155
 *
156
 * @return void
157
 */
158
	public function testAuthenticateSuccess() {
159
		$request = new CakeRequest('posts/index', false);
160
		$request->addParams(array('pass' => array(), 'named' => array()));
161
 
162
		$_SERVER['PHP_AUTH_USER'] = 'mariano';
163
		$_SERVER['PHP_AUTH_PW'] = 'password';
164
 
165
		$result = $this->auth->authenticate($request, $this->response);
166
		$expected = array(
167
			'id' => 1,
168
			'user' => 'mariano',
169
			'created' => '2007-03-17 01:16:23',
170
			'updated' => '2007-03-17 01:18:31'
171
		);
172
		$this->assertEquals($expected, $result);
173
	}
174
 
175
/**
176
 * test scope failure.
177
 *
178
 * @expectedException UnauthorizedException
179
 * @expectedExceptionCode 401
180
 * @return void
181
 */
182
	public function testAuthenticateFailReChallenge() {
183
		$this->auth->settings['scope'] = array('user' => 'nate');
184
		$request = new CakeRequest('posts/index', false);
185
		$request->addParams(array('pass' => array(), 'named' => array()));
186
 
187
		$_SERVER['PHP_AUTH_USER'] = 'mariano';
188
		$_SERVER['PHP_AUTH_PW'] = 'password';
189
 
190
		$this->auth->unauthenticated($request, $this->response);
191
	}
192
 
193
/**
194
 * testAuthenticateWithBlowfish
195
 *
196
 * @return void
197
 */
198
	public function testAuthenticateWithBlowfish() {
199
		$hash = Security::hash('password', 'blowfish');
200
		$this->skipIf(strpos($hash, '$2a$') === false, 'Skipping blowfish tests as hashing is not working');
201
 
202
		$request = new CakeRequest('posts/index', false);
203
		$request->addParams(array('pass' => array(), 'named' => array()));
204
 
205
		$_SERVER['PHP_AUTH_USER'] = 'mariano';
206
		$_SERVER['PHP_AUTH_PW'] = 'password';
207
 
208
		$User = ClassRegistry::init('User');
209
		$User->updateAll(
210
			array('password' => $User->getDataSource()->value($hash)),
211
			array('User.user' => 'mariano')
212
		);
213
 
214
		$this->auth->settings['passwordHasher'] = 'Blowfish';
215
 
216
		$result = $this->auth->authenticate($request, $this->response);
217
		$expected = array(
218
			'id' => 1,
219
			'user' => 'mariano',
220
			'created' => '2007-03-17 01:16:23',
221
			'updated' => '2007-03-17 01:18:31'
222
		);
223
		$this->assertEquals($expected, $result);
224
	}
225
 
226
}