| 13532 |
anikendra |
1 |
<?php
|
|
|
2 |
/**
|
|
|
3 |
* AuthComponentTest file
|
|
|
4 |
*
|
|
|
5 |
* CakePHP(tm) Tests <http://book.cakephp.org/2.0/en/development/testing.html>
|
|
|
6 |
* Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
|
|
|
7 |
*
|
|
|
8 |
* Licensed under The MIT License
|
|
|
9 |
* For full copyright and license information, please see the LICENSE.txt
|
|
|
10 |
* Redistributions of files must retain the above copyright notice
|
|
|
11 |
*
|
|
|
12 |
* @copyright Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
|
|
|
13 |
* @link http://book.cakephp.org/2.0/en/development/testing.html CakePHP(tm) Tests
|
|
|
14 |
* @package Cake.Test.Case.Controller.Component
|
|
|
15 |
* @since CakePHP(tm) v 1.2.0.5347
|
|
|
16 |
* @license http://www.opensource.org/licenses/mit-license.php MIT License
|
|
|
17 |
*/
|
|
|
18 |
|
|
|
19 |
App::uses('Controller', 'Controller');
|
|
|
20 |
App::uses('AuthComponent', 'Controller/Component');
|
|
|
21 |
App::uses('AclComponent', 'Controller/Component');
|
|
|
22 |
App::uses('FormAuthenticate', 'Controller/Component/Auth');
|
|
|
23 |
|
|
|
24 |
/**
|
|
|
25 |
* TestAuthComponent class
|
|
|
26 |
*
|
|
|
27 |
* @package Cake.Test.Case.Controller.Component
|
|
|
28 |
*/
|
|
|
29 |
class TestAuthComponent extends AuthComponent {
|
|
|
30 |
|
|
|
31 |
/**
|
|
|
32 |
* testStop property
|
|
|
33 |
*
|
|
|
34 |
* @var boolean
|
|
|
35 |
*/
|
|
|
36 |
public $testStop = false;
|
|
|
37 |
|
|
|
38 |
/**
|
|
|
39 |
* stop method
|
|
|
40 |
*
|
|
|
41 |
* @return void
|
|
|
42 |
*/
|
|
|
43 |
protected function _stop($status = 0) {
|
|
|
44 |
$this->testStop = true;
|
|
|
45 |
}
|
|
|
46 |
|
|
|
47 |
public static function clearUser() {
|
|
|
48 |
self::$_user = array();
|
|
|
49 |
}
|
|
|
50 |
|
|
|
51 |
}
|
|
|
52 |
|
|
|
53 |
/**
|
|
|
54 |
* AuthUser class
|
|
|
55 |
*
|
|
|
56 |
* @package Cake.Test.Case.Controller.Component
|
|
|
57 |
*/
|
|
|
58 |
class AuthUser extends CakeTestModel {
|
|
|
59 |
|
|
|
60 |
/**
|
|
|
61 |
* useDbConfig property
|
|
|
62 |
*
|
|
|
63 |
* @var string
|
|
|
64 |
*/
|
|
|
65 |
public $useDbConfig = 'test';
|
|
|
66 |
|
|
|
67 |
}
|
|
|
68 |
|
|
|
69 |
/**
|
|
|
70 |
* AuthTestController class
|
|
|
71 |
*
|
|
|
72 |
* @package Cake.Test.Case.Controller.Component
|
|
|
73 |
*/
|
|
|
74 |
class AuthTestController extends Controller {
|
|
|
75 |
|
|
|
76 |
/**
|
|
|
77 |
* uses property
|
|
|
78 |
*
|
|
|
79 |
* @var array
|
|
|
80 |
*/
|
|
|
81 |
public $uses = array('AuthUser');
|
|
|
82 |
|
|
|
83 |
/**
|
|
|
84 |
* components property
|
|
|
85 |
*
|
|
|
86 |
* @var array
|
|
|
87 |
*/
|
|
|
88 |
public $components = array('Session', 'Auth');
|
|
|
89 |
|
|
|
90 |
/**
|
|
|
91 |
* testUrl property
|
|
|
92 |
*
|
|
|
93 |
* @var mixed null
|
|
|
94 |
*/
|
|
|
95 |
public $testUrl = null;
|
|
|
96 |
|
|
|
97 |
/**
|
|
|
98 |
* construct method
|
|
|
99 |
*
|
|
|
100 |
*/
|
|
|
101 |
public function __construct($request, $response) {
|
|
|
102 |
$request->addParams(Router::parse('/auth_test'));
|
|
|
103 |
$request->here = '/auth_test';
|
|
|
104 |
$request->webroot = '/';
|
|
|
105 |
Router::setRequestInfo($request);
|
|
|
106 |
parent::__construct($request, $response);
|
|
|
107 |
}
|
|
|
108 |
|
|
|
109 |
/**
|
|
|
110 |
* login method
|
|
|
111 |
*
|
|
|
112 |
* @return void
|
|
|
113 |
*/
|
|
|
114 |
public function login() {
|
|
|
115 |
}
|
|
|
116 |
|
|
|
117 |
/**
|
|
|
118 |
* admin_login method
|
|
|
119 |
*
|
|
|
120 |
* @return void
|
|
|
121 |
*/
|
|
|
122 |
public function admin_login() {
|
|
|
123 |
}
|
|
|
124 |
|
|
|
125 |
/**
|
|
|
126 |
* admin_add method
|
|
|
127 |
*
|
|
|
128 |
* @return void
|
|
|
129 |
*/
|
|
|
130 |
public function admin_add() {
|
|
|
131 |
}
|
|
|
132 |
|
|
|
133 |
/**
|
|
|
134 |
* logout method
|
|
|
135 |
*
|
|
|
136 |
* @return void
|
|
|
137 |
*/
|
|
|
138 |
public function logout() {
|
|
|
139 |
}
|
|
|
140 |
|
|
|
141 |
/**
|
|
|
142 |
* add method
|
|
|
143 |
*
|
|
|
144 |
* @return void
|
|
|
145 |
*/
|
|
|
146 |
public function add() {
|
|
|
147 |
echo "add";
|
|
|
148 |
}
|
|
|
149 |
|
|
|
150 |
/**
|
|
|
151 |
* add method
|
|
|
152 |
*
|
|
|
153 |
* @return void
|
|
|
154 |
*/
|
|
|
155 |
public function camelCase() {
|
|
|
156 |
echo "camelCase";
|
|
|
157 |
}
|
|
|
158 |
|
|
|
159 |
/**
|
|
|
160 |
* redirect method
|
|
|
161 |
*
|
|
|
162 |
* @param string|array $url
|
|
|
163 |
* @param mixed $status
|
|
|
164 |
* @param mixed $exit
|
|
|
165 |
* @return void
|
|
|
166 |
*/
|
|
|
167 |
public function redirect($url, $status = null, $exit = true) {
|
|
|
168 |
$this->testUrl = Router::url($url);
|
|
|
169 |
return false;
|
|
|
170 |
}
|
|
|
171 |
|
|
|
172 |
/**
|
|
|
173 |
* isAuthorized method
|
|
|
174 |
*
|
|
|
175 |
* @return void
|
|
|
176 |
*/
|
|
|
177 |
public function isAuthorized() {
|
|
|
178 |
}
|
|
|
179 |
|
|
|
180 |
}
|
|
|
181 |
|
|
|
182 |
/**
|
|
|
183 |
* AjaxAuthController class
|
|
|
184 |
*
|
|
|
185 |
* @package Cake.Test.Case.Controller.Component
|
|
|
186 |
*/
|
|
|
187 |
class AjaxAuthController extends Controller {
|
|
|
188 |
|
|
|
189 |
/**
|
|
|
190 |
* components property
|
|
|
191 |
*
|
|
|
192 |
* @var array
|
|
|
193 |
*/
|
|
|
194 |
public $components = array('Session', 'TestAuth');
|
|
|
195 |
|
|
|
196 |
/**
|
|
|
197 |
* uses property
|
|
|
198 |
*
|
|
|
199 |
* @var array
|
|
|
200 |
*/
|
|
|
201 |
public $uses = array();
|
|
|
202 |
|
|
|
203 |
/**
|
|
|
204 |
* testUrl property
|
|
|
205 |
*
|
|
|
206 |
* @var mixed null
|
|
|
207 |
*/
|
|
|
208 |
public $testUrl = null;
|
|
|
209 |
|
|
|
210 |
/**
|
|
|
211 |
* beforeFilter method
|
|
|
212 |
*
|
|
|
213 |
* @return void
|
|
|
214 |
*/
|
|
|
215 |
public function beforeFilter() {
|
|
|
216 |
$this->TestAuth->ajaxLogin = 'test_element';
|
|
|
217 |
$this->TestAuth->userModel = 'AuthUser';
|
|
|
218 |
$this->TestAuth->RequestHandler->ajaxLayout = 'ajax2';
|
|
|
219 |
}
|
|
|
220 |
|
|
|
221 |
/**
|
|
|
222 |
* add method
|
|
|
223 |
*
|
|
|
224 |
* @return void
|
|
|
225 |
*/
|
|
|
226 |
public function add() {
|
|
|
227 |
if ($this->TestAuth->testStop !== true) {
|
|
|
228 |
echo 'Added Record';
|
|
|
229 |
}
|
|
|
230 |
}
|
|
|
231 |
|
|
|
232 |
/**
|
|
|
233 |
* redirect method
|
|
|
234 |
*
|
|
|
235 |
* @param string|array $url
|
|
|
236 |
* @param mixed $status
|
|
|
237 |
* @param mixed $exit
|
|
|
238 |
* @return void
|
|
|
239 |
*/
|
|
|
240 |
public function redirect($url, $status = null, $exit = true) {
|
|
|
241 |
$this->testUrl = Router::url($url);
|
|
|
242 |
return false;
|
|
|
243 |
}
|
|
|
244 |
|
|
|
245 |
}
|
|
|
246 |
|
|
|
247 |
/**
|
|
|
248 |
* AuthComponentTest class
|
|
|
249 |
*
|
|
|
250 |
* @package Cake.Test.Case.Controller.Component
|
|
|
251 |
*/
|
|
|
252 |
class AuthComponentTest extends CakeTestCase {
|
|
|
253 |
|
|
|
254 |
/**
|
|
|
255 |
* name property
|
|
|
256 |
*
|
|
|
257 |
* @var string
|
|
|
258 |
*/
|
|
|
259 |
public $name = 'Auth';
|
|
|
260 |
|
|
|
261 |
/**
|
|
|
262 |
* fixtures property
|
|
|
263 |
*
|
|
|
264 |
* @var array
|
|
|
265 |
*/
|
|
|
266 |
public $fixtures = array('core.auth_user');
|
|
|
267 |
|
|
|
268 |
/**
|
|
|
269 |
* initialized property
|
|
|
270 |
*
|
|
|
271 |
* @var boolean
|
|
|
272 |
*/
|
|
|
273 |
public $initialized = false;
|
|
|
274 |
|
|
|
275 |
/**
|
|
|
276 |
* setUp method
|
|
|
277 |
*
|
|
|
278 |
* @return void
|
|
|
279 |
*/
|
|
|
280 |
public function setUp() {
|
|
|
281 |
parent::setUp();
|
|
|
282 |
Configure::write('Security.salt', 'YJfIxfs2guVoUubWDYhG93b0qyJfIxfs2guwvniR2G0FgaC9mi');
|
|
|
283 |
Configure::write('Security.cipherSeed', 770011223369876);
|
|
|
284 |
|
|
|
285 |
$request = new CakeRequest(null, false);
|
|
|
286 |
|
|
|
287 |
$this->Controller = new AuthTestController($request, $this->getMock('CakeResponse'));
|
|
|
288 |
|
|
|
289 |
$collection = new ComponentCollection();
|
|
|
290 |
$collection->init($this->Controller);
|
|
|
291 |
$this->Auth = new TestAuthComponent($collection);
|
|
|
292 |
$this->Auth->request = $request;
|
|
|
293 |
$this->Auth->response = $this->getMock('CakeResponse');
|
|
|
294 |
AuthComponent::$sessionKey = 'Auth.User';
|
|
|
295 |
|
|
|
296 |
$this->Controller->Components->init($this->Controller);
|
|
|
297 |
|
|
|
298 |
$this->initialized = true;
|
|
|
299 |
Router::reload();
|
|
|
300 |
Router::connect('/:controller/:action/*');
|
|
|
301 |
|
|
|
302 |
$User = ClassRegistry::init('AuthUser');
|
|
|
303 |
$User->updateAll(array('password' => $User->getDataSource()->value(Security::hash('cake', null, true))));
|
|
|
304 |
}
|
|
|
305 |
|
|
|
306 |
/**
|
|
|
307 |
* tearDown method
|
|
|
308 |
*
|
|
|
309 |
* @return void
|
|
|
310 |
*/
|
|
|
311 |
public function tearDown() {
|
|
|
312 |
parent::tearDown();
|
|
|
313 |
|
|
|
314 |
TestAuthComponent::clearUser();
|
|
|
315 |
$this->Auth->Session->delete('Auth');
|
|
|
316 |
$this->Auth->Session->delete('Message.auth');
|
|
|
317 |
unset($this->Controller, $this->Auth);
|
|
|
318 |
}
|
|
|
319 |
|
|
|
320 |
/**
|
|
|
321 |
* testNoAuth method
|
|
|
322 |
*
|
|
|
323 |
* @return void
|
|
|
324 |
*/
|
|
|
325 |
public function testNoAuth() {
|
|
|
326 |
$this->assertFalse($this->Auth->isAuthorized());
|
|
|
327 |
}
|
|
|
328 |
|
|
|
329 |
/**
|
|
|
330 |
* testIsErrorOrTests
|
|
|
331 |
*
|
|
|
332 |
* @return void
|
|
|
333 |
*/
|
|
|
334 |
public function testIsErrorOrTests() {
|
|
|
335 |
$this->Controller->Auth->initialize($this->Controller);
|
|
|
336 |
|
|
|
337 |
$this->Controller->name = 'CakeError';
|
|
|
338 |
$this->assertTrue($this->Controller->Auth->startup($this->Controller));
|
|
|
339 |
|
|
|
340 |
$this->Controller->name = 'Post';
|
|
|
341 |
$this->Controller->request['action'] = 'thisdoesnotexist';
|
|
|
342 |
$this->assertTrue($this->Controller->Auth->startup($this->Controller));
|
|
|
343 |
|
|
|
344 |
$this->Controller->scaffold = null;
|
|
|
345 |
$this->Controller->request['action'] = 'index';
|
|
|
346 |
$this->assertFalse($this->Controller->Auth->startup($this->Controller));
|
|
|
347 |
}
|
|
|
348 |
|
|
|
349 |
/**
|
|
|
350 |
* testLogin method
|
|
|
351 |
*
|
|
|
352 |
* @return void
|
|
|
353 |
*/
|
|
|
354 |
public function testLogin() {
|
|
|
355 |
$this->getMock('FormAuthenticate', array(), array(), 'AuthLoginFormAuthenticate', false);
|
|
|
356 |
$this->Auth->authenticate = array(
|
|
|
357 |
'AuthLoginForm' => array(
|
|
|
358 |
'userModel' => 'AuthUser'
|
|
|
359 |
)
|
|
|
360 |
);
|
|
|
361 |
$this->Auth->Session = $this->getMock('SessionComponent', array('renew'), array(), '', false);
|
|
|
362 |
|
|
|
363 |
$mocks = $this->Auth->constructAuthenticate();
|
|
|
364 |
$this->mockObjects[] = $mocks[0];
|
|
|
365 |
|
|
|
366 |
$this->Auth->request->data = array(
|
|
|
367 |
'AuthUser' => array(
|
|
|
368 |
'username' => 'mark',
|
|
|
369 |
'password' => Security::hash('cake', null, true)
|
|
|
370 |
)
|
|
|
371 |
);
|
|
|
372 |
|
|
|
373 |
$user = array(
|
|
|
374 |
'id' => 1,
|
|
|
375 |
'username' => 'mark'
|
|
|
376 |
);
|
|
|
377 |
|
|
|
378 |
$mocks[0]->expects($this->once())
|
|
|
379 |
->method('authenticate')
|
|
|
380 |
->with($this->Auth->request)
|
|
|
381 |
->will($this->returnValue($user));
|
|
|
382 |
|
|
|
383 |
$this->Auth->Session->expects($this->once())
|
|
|
384 |
->method('renew');
|
|
|
385 |
|
|
|
386 |
$result = $this->Auth->login();
|
|
|
387 |
$this->assertTrue($result);
|
|
|
388 |
|
|
|
389 |
$this->assertTrue($this->Auth->loggedIn());
|
|
|
390 |
$this->assertEquals($user, $this->Auth->user());
|
|
|
391 |
}
|
|
|
392 |
|
|
|
393 |
/**
|
|
|
394 |
* testRedirectVarClearing method
|
|
|
395 |
*
|
|
|
396 |
* @return void
|
|
|
397 |
*/
|
|
|
398 |
public function testRedirectVarClearing() {
|
|
|
399 |
$this->Controller->request['controller'] = 'auth_test';
|
|
|
400 |
$this->Controller->request['action'] = 'admin_add';
|
|
|
401 |
$this->Controller->here = '/auth_test/admin_add';
|
|
|
402 |
$this->assertNull($this->Auth->Session->read('Auth.redirect'));
|
|
|
403 |
|
|
|
404 |
$this->Auth->authenticate = array('Form');
|
|
|
405 |
$this->Auth->startup($this->Controller);
|
|
|
406 |
$this->assertEquals('/auth_test/admin_add', $this->Auth->Session->read('Auth.redirect'));
|
|
|
407 |
|
|
|
408 |
$this->Auth->Session->write('Auth.User', array('username' => 'admad'));
|
|
|
409 |
$this->Auth->startup($this->Controller);
|
|
|
410 |
$this->assertNull($this->Auth->Session->read('Auth.redirect'));
|
|
|
411 |
}
|
|
|
412 |
|
|
|
413 |
/**
|
|
|
414 |
* testAuthorizeFalse method
|
|
|
415 |
*
|
|
|
416 |
* @return void
|
|
|
417 |
*/
|
|
|
418 |
public function testAuthorizeFalse() {
|
|
|
419 |
$this->AuthUser = new AuthUser();
|
|
|
420 |
$user = $this->AuthUser->find();
|
|
|
421 |
$this->Auth->Session->write('Auth.User', $user['AuthUser']);
|
|
|
422 |
$this->Controller->Auth->userModel = 'AuthUser';
|
|
|
423 |
$this->Controller->Auth->authorize = false;
|
|
|
424 |
$this->Controller->request->addParams(Router::parse('auth_test/add'));
|
|
|
425 |
$this->Controller->Auth->initialize($this->Controller);
|
|
|
426 |
$result = $this->Controller->Auth->startup($this->Controller);
|
|
|
427 |
$this->assertTrue($result);
|
|
|
428 |
|
|
|
429 |
$this->Auth->Session->delete('Auth');
|
|
|
430 |
$result = $this->Controller->Auth->startup($this->Controller);
|
|
|
431 |
$this->assertFalse($result);
|
|
|
432 |
$this->assertTrue($this->Auth->Session->check('Message.auth'));
|
|
|
433 |
|
|
|
434 |
$this->Controller->request->addParams(Router::parse('auth_test/camelCase'));
|
|
|
435 |
$result = $this->Controller->Auth->startup($this->Controller);
|
|
|
436 |
$this->assertFalse($result);
|
|
|
437 |
}
|
|
|
438 |
|
|
|
439 |
/**
|
|
|
440 |
* @expectedException CakeException
|
|
|
441 |
* @return void
|
|
|
442 |
*/
|
|
|
443 |
public function testIsAuthorizedMissingFile() {
|
|
|
444 |
$this->Controller->Auth->authorize = 'Missing';
|
|
|
445 |
$this->Controller->Auth->isAuthorized(array('User' => array('id' => 1)));
|
|
|
446 |
}
|
|
|
447 |
|
|
|
448 |
/**
|
|
|
449 |
* test that isAuthorized calls methods correctly
|
|
|
450 |
*
|
|
|
451 |
* @return void
|
|
|
452 |
*/
|
|
|
453 |
public function testIsAuthorizedDelegation() {
|
|
|
454 |
$this->getMock('BaseAuthorize', array('authorize'), array(), 'AuthMockOneAuthorize', false);
|
|
|
455 |
$this->getMock('BaseAuthorize', array('authorize'), array(), 'AuthMockTwoAuthorize', false);
|
|
|
456 |
$this->getMock('BaseAuthorize', array('authorize'), array(), 'AuthMockThreeAuthorize', false);
|
|
|
457 |
|
|
|
458 |
$this->Auth->authorize = array(
|
|
|
459 |
'AuthMockOne',
|
|
|
460 |
'AuthMockTwo',
|
|
|
461 |
'AuthMockThree'
|
|
|
462 |
);
|
|
|
463 |
$mocks = $this->Auth->constructAuthorize();
|
|
|
464 |
$request = $this->Auth->request;
|
|
|
465 |
|
|
|
466 |
$this->assertEquals(3, count($mocks));
|
|
|
467 |
$mocks[0]->expects($this->once())
|
|
|
468 |
->method('authorize')
|
|
|
469 |
->with(array('User'), $request)
|
|
|
470 |
->will($this->returnValue(false));
|
|
|
471 |
|
|
|
472 |
$mocks[1]->expects($this->once())
|
|
|
473 |
->method('authorize')
|
|
|
474 |
->with(array('User'), $request)
|
|
|
475 |
->will($this->returnValue(true));
|
|
|
476 |
|
|
|
477 |
$mocks[2]->expects($this->never())
|
|
|
478 |
->method('authorize');
|
|
|
479 |
|
|
|
480 |
$this->assertTrue($this->Auth->isAuthorized(array('User'), $request));
|
|
|
481 |
}
|
|
|
482 |
|
|
|
483 |
/**
|
|
|
484 |
* test that isAuthorized will use the session user if none is given.
|
|
|
485 |
*
|
|
|
486 |
* @return void
|
|
|
487 |
*/
|
|
|
488 |
public function testIsAuthorizedUsingUserInSession() {
|
|
|
489 |
$this->getMock('BaseAuthorize', array('authorize'), array(), 'AuthMockFourAuthorize', false);
|
|
|
490 |
$this->Auth->authorize = array('AuthMockFour');
|
|
|
491 |
|
|
|
492 |
$user = array('user' => 'mark');
|
|
|
493 |
$this->Auth->Session->write('Auth.User', $user);
|
|
|
494 |
$mocks = $this->Auth->constructAuthorize();
|
|
|
495 |
$request = $this->Controller->request;
|
|
|
496 |
|
|
|
497 |
$mocks[0]->expects($this->once())
|
|
|
498 |
->method('authorize')
|
|
|
499 |
->with($user, $request)
|
|
|
500 |
->will($this->returnValue(true));
|
|
|
501 |
|
|
|
502 |
$this->assertTrue($this->Auth->isAuthorized(null, $request));
|
|
|
503 |
}
|
|
|
504 |
|
|
|
505 |
/**
|
|
|
506 |
* test that loadAuthorize resets the loaded objects each time.
|
|
|
507 |
*
|
|
|
508 |
* @return void
|
|
|
509 |
*/
|
|
|
510 |
public function testLoadAuthorizeResets() {
|
|
|
511 |
$this->Controller->Auth->authorize = array(
|
|
|
512 |
'Controller'
|
|
|
513 |
);
|
|
|
514 |
$result = $this->Controller->Auth->constructAuthorize();
|
|
|
515 |
$this->assertEquals(1, count($result));
|
|
|
516 |
|
|
|
517 |
$result = $this->Controller->Auth->constructAuthorize();
|
|
|
518 |
$this->assertEquals(1, count($result));
|
|
|
519 |
}
|
|
|
520 |
|
|
|
521 |
/**
|
|
|
522 |
* @expectedException CakeException
|
|
|
523 |
* @return void
|
|
|
524 |
*/
|
|
|
525 |
public function testLoadAuthenticateNoFile() {
|
|
|
526 |
$this->Controller->Auth->authenticate = 'Missing';
|
|
|
527 |
$this->Controller->Auth->identify($this->Controller->request, $this->Controller->response);
|
|
|
528 |
}
|
|
|
529 |
|
|
|
530 |
/**
|
|
|
531 |
* test the * key with authenticate
|
|
|
532 |
*
|
|
|
533 |
* @return void
|
|
|
534 |
*/
|
|
|
535 |
public function testAllConfigWithAuthorize() {
|
|
|
536 |
$this->Controller->Auth->authorize = array(
|
|
|
537 |
AuthComponent::ALL => array('actionPath' => 'controllers/'),
|
|
|
538 |
'Actions'
|
|
|
539 |
);
|
|
|
540 |
$objects = $this->Controller->Auth->constructAuthorize();
|
|
|
541 |
$result = $objects[0];
|
|
|
542 |
$this->assertEquals('controllers/', $result->settings['actionPath']);
|
|
|
543 |
}
|
|
|
544 |
|
|
|
545 |
/**
|
|
|
546 |
* test that loadAuthorize resets the loaded objects each time.
|
|
|
547 |
*
|
|
|
548 |
* @return void
|
|
|
549 |
*/
|
|
|
550 |
public function testLoadAuthenticateResets() {
|
|
|
551 |
$this->Controller->Auth->authenticate = array(
|
|
|
552 |
'Form'
|
|
|
553 |
);
|
|
|
554 |
$result = $this->Controller->Auth->constructAuthenticate();
|
|
|
555 |
$this->assertEquals(1, count($result));
|
|
|
556 |
|
|
|
557 |
$result = $this->Controller->Auth->constructAuthenticate();
|
|
|
558 |
$this->assertEquals(1, count($result));
|
|
|
559 |
}
|
|
|
560 |
|
|
|
561 |
/**
|
|
|
562 |
* test the * key with authenticate
|
|
|
563 |
*
|
|
|
564 |
* @return void
|
|
|
565 |
*/
|
|
|
566 |
public function testAllConfigWithAuthenticate() {
|
|
|
567 |
$this->Controller->Auth->authenticate = array(
|
|
|
568 |
AuthComponent::ALL => array('userModel' => 'AuthUser'),
|
|
|
569 |
'Form'
|
|
|
570 |
);
|
|
|
571 |
$objects = $this->Controller->Auth->constructAuthenticate();
|
|
|
572 |
$result = $objects[0];
|
|
|
573 |
$this->assertEquals('AuthUser', $result->settings['userModel']);
|
|
|
574 |
}
|
|
|
575 |
|
|
|
576 |
/**
|
|
|
577 |
* Tests that deny always takes precedence over allow
|
|
|
578 |
*
|
|
|
579 |
* @return void
|
|
|
580 |
*/
|
|
|
581 |
public function testAllowDenyAll() {
|
|
|
582 |
$this->Controller->Auth->initialize($this->Controller);
|
|
|
583 |
|
|
|
584 |
$this->Controller->Auth->allow();
|
|
|
585 |
$this->Controller->Auth->deny('add', 'camelCase');
|
|
|
586 |
|
|
|
587 |
$this->Controller->request['action'] = 'delete';
|
|
|
588 |
$this->assertTrue($this->Controller->Auth->startup($this->Controller));
|
|
|
589 |
|
|
|
590 |
$this->Controller->request['action'] = 'add';
|
|
|
591 |
$this->assertFalse($this->Controller->Auth->startup($this->Controller));
|
|
|
592 |
|
|
|
593 |
$this->Controller->request['action'] = 'camelCase';
|
|
|
594 |
$this->assertFalse($this->Controller->Auth->startup($this->Controller));
|
|
|
595 |
|
|
|
596 |
$this->Controller->Auth->allow();
|
|
|
597 |
$this->Controller->Auth->deny(array('add', 'camelCase'));
|
|
|
598 |
|
|
|
599 |
$this->Controller->request['action'] = 'delete';
|
|
|
600 |
$this->assertTrue($this->Controller->Auth->startup($this->Controller));
|
|
|
601 |
|
|
|
602 |
$this->Controller->request['action'] = 'camelCase';
|
|
|
603 |
$this->assertFalse($this->Controller->Auth->startup($this->Controller));
|
|
|
604 |
|
|
|
605 |
$this->Controller->Auth->allow('*');
|
|
|
606 |
$this->Controller->Auth->deny();
|
|
|
607 |
|
|
|
608 |
$this->Controller->request['action'] = 'camelCase';
|
|
|
609 |
$this->assertFalse($this->Controller->Auth->startup($this->Controller));
|
|
|
610 |
|
|
|
611 |
$this->Controller->request['action'] = 'add';
|
|
|
612 |
$this->assertFalse($this->Controller->Auth->startup($this->Controller));
|
|
|
613 |
|
|
|
614 |
$this->Controller->Auth->allow('camelCase');
|
|
|
615 |
$this->Controller->Auth->deny();
|
|
|
616 |
|
|
|
617 |
$this->Controller->request['action'] = 'camelCase';
|
|
|
618 |
$this->assertFalse($this->Controller->Auth->startup($this->Controller));
|
|
|
619 |
|
|
|
620 |
$this->Controller->request['action'] = 'login';
|
|
|
621 |
$this->assertFalse($this->Controller->Auth->startup($this->Controller));
|
|
|
622 |
|
|
|
623 |
$this->Controller->Auth->deny();
|
|
|
624 |
$this->Controller->Auth->allow(null);
|
|
|
625 |
|
|
|
626 |
$this->Controller->request['action'] = 'camelCase';
|
|
|
627 |
$this->assertTrue($this->Controller->Auth->startup($this->Controller));
|
|
|
628 |
|
|
|
629 |
$this->Controller->Auth->allow();
|
|
|
630 |
$this->Controller->Auth->deny(null);
|
|
|
631 |
|
|
|
632 |
$this->Controller->request['action'] = 'camelCase';
|
|
|
633 |
$this->assertFalse($this->Controller->Auth->startup($this->Controller));
|
|
|
634 |
}
|
|
|
635 |
|
|
|
636 |
/**
|
|
|
637 |
* test that deny() converts camel case inputs to lowercase.
|
|
|
638 |
*
|
|
|
639 |
* @return void
|
|
|
640 |
*/
|
|
|
641 |
public function testDenyWithCamelCaseMethods() {
|
|
|
642 |
$this->Controller->Auth->initialize($this->Controller);
|
|
|
643 |
$this->Controller->Auth->allow();
|
|
|
644 |
$this->Controller->Auth->deny('add', 'camelCase');
|
|
|
645 |
|
|
|
646 |
$url = '/auth_test/camelCase';
|
|
|
647 |
$this->Controller->request->addParams(Router::parse($url));
|
|
|
648 |
$this->Controller->request->query['url'] = Router::normalize($url);
|
|
|
649 |
|
|
|
650 |
$this->assertFalse($this->Controller->Auth->startup($this->Controller));
|
|
|
651 |
|
|
|
652 |
$url = '/auth_test/CamelCase';
|
|
|
653 |
$this->Controller->request->addParams(Router::parse($url));
|
|
|
654 |
$this->Controller->request->query['url'] = Router::normalize($url);
|
|
|
655 |
$this->assertFalse($this->Controller->Auth->startup($this->Controller));
|
|
|
656 |
}
|
|
|
657 |
|
|
|
658 |
/**
|
|
|
659 |
* test that allow() and allowedActions work with camelCase method names.
|
|
|
660 |
*
|
|
|
661 |
* @return void
|
|
|
662 |
*/
|
|
|
663 |
public function testAllowedActionsWithCamelCaseMethods() {
|
|
|
664 |
$url = '/auth_test/camelCase';
|
|
|
665 |
$this->Controller->request->addParams(Router::parse($url));
|
|
|
666 |
$this->Controller->request->query['url'] = Router::normalize($url);
|
|
|
667 |
$this->Controller->Auth->initialize($this->Controller);
|
|
|
668 |
$this->Controller->Auth->loginAction = array('controller' => 'AuthTest', 'action' => 'login');
|
|
|
669 |
$this->Controller->Auth->userModel = 'AuthUser';
|
|
|
670 |
$this->Controller->Auth->allow();
|
|
|
671 |
$result = $this->Controller->Auth->startup($this->Controller);
|
|
|
672 |
$this->assertTrue($result, 'startup() should return true, as action is allowed. %s');
|
|
|
673 |
|
|
|
674 |
$url = '/auth_test/camelCase';
|
|
|
675 |
$this->Controller->request->addParams(Router::parse($url));
|
|
|
676 |
$this->Controller->request->query['url'] = Router::normalize($url);
|
|
|
677 |
$this->Controller->Auth->initialize($this->Controller);
|
|
|
678 |
$this->Controller->Auth->loginAction = array('controller' => 'AuthTest', 'action' => 'login');
|
|
|
679 |
$this->Controller->Auth->userModel = 'AuthUser';
|
|
|
680 |
$this->Controller->Auth->allowedActions = array('delete', 'camelCase', 'add');
|
|
|
681 |
$result = $this->Controller->Auth->startup($this->Controller);
|
|
|
682 |
$this->assertTrue($result, 'startup() should return true, as action is allowed. %s');
|
|
|
683 |
|
|
|
684 |
$this->Controller->Auth->allowedActions = array('delete', 'add');
|
|
|
685 |
$result = $this->Controller->Auth->startup($this->Controller);
|
|
|
686 |
$this->assertFalse($result, 'startup() should return false, as action is not allowed. %s');
|
|
|
687 |
|
|
|
688 |
$url = '/auth_test/delete';
|
|
|
689 |
$this->Controller->request->addParams(Router::parse($url));
|
|
|
690 |
$this->Controller->request->query['url'] = Router::normalize($url);
|
|
|
691 |
$this->Controller->Auth->initialize($this->Controller);
|
|
|
692 |
$this->Controller->Auth->loginAction = array('controller' => 'AuthTest', 'action' => 'login');
|
|
|
693 |
$this->Controller->Auth->userModel = 'AuthUser';
|
|
|
694 |
|
|
|
695 |
$this->Controller->Auth->allow(array('delete', 'add'));
|
|
|
696 |
$result = $this->Controller->Auth->startup($this->Controller);
|
|
|
697 |
$this->assertTrue($result, 'startup() should return true, as action is allowed. %s');
|
|
|
698 |
}
|
|
|
699 |
|
|
|
700 |
public function testAllowedActionsSetWithAllowMethod() {
|
|
|
701 |
$url = '/auth_test/action_name';
|
|
|
702 |
$this->Controller->request->addParams(Router::parse($url));
|
|
|
703 |
$this->Controller->request->query['url'] = Router::normalize($url);
|
|
|
704 |
$this->Controller->Auth->initialize($this->Controller);
|
|
|
705 |
$this->Controller->Auth->allow('action_name', 'anotherAction');
|
|
|
706 |
$this->assertEquals(array('action_name', 'anotherAction'), $this->Controller->Auth->allowedActions);
|
|
|
707 |
}
|
|
|
708 |
|
|
|
709 |
/**
|
|
|
710 |
* testLoginRedirect method
|
|
|
711 |
*
|
|
|
712 |
* @return void
|
|
|
713 |
*/
|
|
|
714 |
public function testLoginRedirect() {
|
|
|
715 |
$_SERVER['HTTP_REFERER'] = false;
|
|
|
716 |
$_ENV['HTTP_REFERER'] = false;
|
|
|
717 |
putenv('HTTP_REFERER=');
|
|
|
718 |
|
|
|
719 |
$this->Auth->Session->write('Auth', array(
|
|
|
720 |
'AuthUser' => array('id' => '1', 'username' => 'nate')
|
|
|
721 |
));
|
|
|
722 |
|
|
|
723 |
$this->Auth->request->addParams(Router::parse('users/login'));
|
|
|
724 |
$this->Auth->request->url = 'users/login';
|
|
|
725 |
$this->Auth->initialize($this->Controller);
|
|
|
726 |
|
|
|
727 |
$this->Auth->loginRedirect = array(
|
|
|
728 |
'controller' => 'pages', 'action' => 'display', 'welcome'
|
|
|
729 |
);
|
|
|
730 |
$this->Auth->startup($this->Controller);
|
|
|
731 |
$expected = Router::normalize($this->Auth->loginRedirect);
|
|
|
732 |
$this->assertEquals($expected, $this->Auth->redirectUrl());
|
|
|
733 |
|
|
|
734 |
$this->Auth->Session->delete('Auth');
|
|
|
735 |
|
|
|
736 |
//empty referer no session
|
|
|
737 |
$_SERVER['HTTP_REFERER'] = false;
|
|
|
738 |
$_ENV['HTTP_REFERER'] = false;
|
|
|
739 |
putenv('HTTP_REFERER=');
|
|
|
740 |
$url = '/posts/view/1';
|
|
|
741 |
|
|
|
742 |
$this->Auth->Session->write('Auth', array(
|
|
|
743 |
'AuthUser' => array('id' => '1', 'username' => 'nate'))
|
|
|
744 |
);
|
|
|
745 |
$this->Controller->testUrl = null;
|
|
|
746 |
$this->Auth->request->addParams(Router::parse($url));
|
|
|
747 |
array_push($this->Controller->methods, 'view', 'edit', 'index');
|
|
|
748 |
|
|
|
749 |
$this->Auth->initialize($this->Controller);
|
|
|
750 |
$this->Auth->authorize = 'controller';
|
|
|
751 |
|
|
|
752 |
$this->Auth->loginAction = array(
|
|
|
753 |
'controller' => 'AuthTest', 'action' => 'login'
|
|
|
754 |
);
|
|
|
755 |
$this->Auth->startup($this->Controller);
|
|
|
756 |
$expected = Router::normalize('/AuthTest/login');
|
|
|
757 |
$this->assertEquals($expected, $this->Controller->testUrl);
|
|
|
758 |
|
|
|
759 |
$this->Auth->Session->delete('Auth');
|
|
|
760 |
$_SERVER['HTTP_REFERER'] = $_ENV['HTTP_REFERER'] = Router::url('/admin', true);
|
|
|
761 |
$this->Auth->Session->write('Auth', array(
|
|
|
762 |
'AuthUser' => array('id' => '1', 'username' => 'nate')
|
|
|
763 |
));
|
|
|
764 |
$this->Auth->request->params['action'] = 'login';
|
|
|
765 |
$this->Auth->request->url = 'auth_test/login';
|
|
|
766 |
$this->Auth->initialize($this->Controller);
|
|
|
767 |
$this->Auth->loginAction = 'auth_test/login';
|
|
|
768 |
$this->Auth->loginRedirect = false;
|
|
|
769 |
$this->Auth->startup($this->Controller);
|
|
|
770 |
$expected = Router::normalize('/admin');
|
|
|
771 |
$this->assertEquals($expected, $this->Auth->redirectUrl());
|
|
|
772 |
|
|
|
773 |
// Ticket #4750
|
|
|
774 |
// Named Parameters
|
|
|
775 |
$this->Controller->request = $this->Auth->request;
|
|
|
776 |
$this->Auth->Session->delete('Auth');
|
|
|
777 |
$url = '/posts/index/year:2008/month:feb';
|
|
|
778 |
$this->Auth->request->addParams(Router::parse($url));
|
|
|
779 |
$this->Auth->request->url = $this->Auth->request->here = Router::normalize($url);
|
|
|
780 |
$this->Auth->initialize($this->Controller);
|
|
|
781 |
$this->Auth->loginAction = array('controller' => 'AuthTest', 'action' => 'login');
|
|
|
782 |
$this->Auth->startup($this->Controller);
|
|
|
783 |
$expected = Router::normalize('posts/index/year:2008/month:feb');
|
|
|
784 |
$this->assertEquals($expected, $this->Auth->Session->read('Auth.redirect'));
|
|
|
785 |
|
|
|
786 |
// Passed Arguments
|
|
|
787 |
$this->Auth->Session->delete('Auth');
|
|
|
788 |
$url = '/posts/view/1';
|
|
|
789 |
$this->Auth->request->addParams(Router::parse($url));
|
|
|
790 |
$this->Auth->request->url = $this->Auth->request->here = Router::normalize($url);
|
|
|
791 |
$this->Auth->initialize($this->Controller);
|
|
|
792 |
$this->Auth->loginAction = array('controller' => 'AuthTest', 'action' => 'login');
|
|
|
793 |
$this->Auth->startup($this->Controller);
|
|
|
794 |
$expected = Router::normalize('posts/view/1');
|
|
|
795 |
$this->assertEquals($expected, $this->Auth->Session->read('Auth.redirect'));
|
|
|
796 |
|
|
|
797 |
// QueryString parameters
|
|
|
798 |
$_back = $_GET;
|
|
|
799 |
$_GET = array(
|
|
|
800 |
'print' => 'true',
|
|
|
801 |
'refer' => 'menu'
|
|
|
802 |
);
|
|
|
803 |
$this->Auth->Session->delete('Auth');
|
|
|
804 |
$url = '/posts/index/29';
|
|
|
805 |
$this->Auth->request->addParams(Router::parse($url));
|
|
|
806 |
$this->Auth->request->url = $this->Auth->request->here = Router::normalize($url);
|
|
|
807 |
$this->Auth->request->query = $_GET;
|
|
|
808 |
|
|
|
809 |
$this->Auth->initialize($this->Controller);
|
|
|
810 |
$this->Auth->loginAction = array('controller' => 'AuthTest', 'action' => 'login');
|
|
|
811 |
$this->Auth->startup($this->Controller);
|
|
|
812 |
$expected = Router::normalize('posts/index/29?print=true&refer=menu');
|
|
|
813 |
$this->assertEquals($expected, $this->Auth->Session->read('Auth.redirect'));
|
|
|
814 |
|
|
|
815 |
// Different base urls.
|
|
|
816 |
$appConfig = Configure::read('App');
|
|
|
817 |
|
|
|
818 |
$_GET = array();
|
|
|
819 |
|
|
|
820 |
Configure::write('App', array(
|
|
|
821 |
'dir' => APP_DIR,
|
|
|
822 |
'webroot' => WEBROOT_DIR,
|
|
|
823 |
'base' => false,
|
|
|
824 |
'baseUrl' => '/cake/index.php'
|
|
|
825 |
));
|
|
|
826 |
|
|
|
827 |
$this->Auth->Session->delete('Auth');
|
|
|
828 |
|
|
|
829 |
$url = '/posts/add';
|
|
|
830 |
$this->Auth->request = $this->Controller->request = new CakeRequest($url);
|
|
|
831 |
$this->Auth->request->addParams(Router::parse($url));
|
|
|
832 |
$this->Auth->request->url = Router::normalize($url);
|
|
|
833 |
|
|
|
834 |
$this->Auth->initialize($this->Controller);
|
|
|
835 |
$this->Auth->loginAction = array('controller' => 'users', 'action' => 'login');
|
|
|
836 |
$this->Auth->startup($this->Controller);
|
|
|
837 |
$expected = Router::normalize('/posts/add');
|
|
|
838 |
$this->assertEquals($expected, $this->Auth->Session->read('Auth.redirect'));
|
|
|
839 |
|
|
|
840 |
$this->Auth->Session->delete('Auth');
|
|
|
841 |
Configure::write('App', $appConfig);
|
|
|
842 |
|
|
|
843 |
$_GET = $_back;
|
|
|
844 |
|
|
|
845 |
// External Authed Action
|
|
|
846 |
$_SERVER['HTTP_REFERER'] = 'http://webmail.example.com/view/message';
|
|
|
847 |
$this->Auth->Session->delete('Auth');
|
|
|
848 |
$url = '/posts/edit/1';
|
|
|
849 |
$request = new CakeRequest($url);
|
|
|
850 |
$request->query = array();
|
|
|
851 |
$this->Auth->request = $this->Controller->request = $request;
|
|
|
852 |
$this->Auth->request->addParams(Router::parse($url));
|
|
|
853 |
$this->Auth->request->url = $this->Auth->request->here = Router::normalize($url);
|
|
|
854 |
$this->Auth->initialize($this->Controller);
|
|
|
855 |
$this->Auth->loginAction = array('controller' => 'AuthTest', 'action' => 'login');
|
|
|
856 |
$this->Auth->startup($this->Controller);
|
|
|
857 |
$expected = Router::normalize('/posts/edit/1');
|
|
|
858 |
$this->assertEquals($expected, $this->Auth->Session->read('Auth.redirect'));
|
|
|
859 |
|
|
|
860 |
// External Direct Login Link
|
|
|
861 |
$_SERVER['HTTP_REFERER'] = 'http://webmail.example.com/view/message';
|
|
|
862 |
$this->Auth->Session->delete('Auth');
|
|
|
863 |
$url = '/AuthTest/login';
|
|
|
864 |
$this->Auth->request = $this->Controller->request = new CakeRequest($url);
|
|
|
865 |
$this->Auth->request->addParams(Router::parse($url));
|
|
|
866 |
$this->Auth->request->url = Router::normalize($url);
|
|
|
867 |
$this->Auth->initialize($this->Controller);
|
|
|
868 |
$this->Auth->loginAction = array('controller' => 'AuthTest', 'action' => 'login');
|
|
|
869 |
$this->Auth->startup($this->Controller);
|
|
|
870 |
$expected = Router::normalize('/');
|
|
|
871 |
$this->assertEquals($expected, $this->Auth->Session->read('Auth.redirect'));
|
|
|
872 |
|
|
|
873 |
$this->Auth->Session->delete('Auth');
|
|
|
874 |
}
|
|
|
875 |
|
|
|
876 |
/**
|
|
|
877 |
* testNoLoginRedirectForAuthenticatedUser method
|
|
|
878 |
*
|
|
|
879 |
* @return void
|
|
|
880 |
*/
|
|
|
881 |
public function testNoLoginRedirectForAuthenticatedUser() {
|
|
|
882 |
$this->Controller->request['controller'] = 'auth_test';
|
|
|
883 |
$this->Controller->request['action'] = 'login';
|
|
|
884 |
$this->Controller->here = '/auth_test/login';
|
|
|
885 |
$this->Auth->request->url = 'auth_test/login';
|
|
|
886 |
|
|
|
887 |
$this->Auth->Session->write('Auth.User.id', '1');
|
|
|
888 |
$this->Auth->authenticate = array('Form');
|
|
|
889 |
$this->getMock('BaseAuthorize', array('authorize'), array(), 'NoLoginRedirectMockAuthorize', false);
|
|
|
890 |
$this->Auth->authorize = array('NoLoginRedirectMockAuthorize');
|
|
|
891 |
$this->Auth->loginAction = array('controller' => 'auth_test', 'action' => 'login');
|
|
|
892 |
|
|
|
893 |
$return = $this->Auth->startup($this->Controller);
|
|
|
894 |
$this->assertTrue($return);
|
|
|
895 |
$this->assertNull($this->Controller->testUrl);
|
|
|
896 |
}
|
|
|
897 |
|
|
|
898 |
/**
|
|
|
899 |
* Default to loginRedirect, if set, on authError.
|
|
|
900 |
*
|
|
|
901 |
* @return void
|
|
|
902 |
*/
|
|
|
903 |
public function testDefaultToLoginRedirect() {
|
|
|
904 |
$_SERVER['HTTP_REFERER'] = false;
|
|
|
905 |
$_ENV['HTTP_REFERER'] = false;
|
|
|
906 |
putenv('HTTP_REFERER=');
|
|
|
907 |
|
|
|
908 |
$url = '/party/on';
|
|
|
909 |
$this->Auth->request = $CakeRequest = new CakeRequest($url);
|
|
|
910 |
$this->Auth->request->addParams(Router::parse($url));
|
|
|
911 |
$this->Auth->authorize = array('Controller');
|
|
|
912 |
$this->Auth->login(array('username' => 'mariano', 'password' => 'cake'));
|
|
|
913 |
$this->Auth->loginRedirect = array(
|
|
|
914 |
'controller' => 'something', 'action' => 'else',
|
|
|
915 |
);
|
|
|
916 |
|
|
|
917 |
$CakeResponse = new CakeResponse();
|
|
|
918 |
$Controller = $this->getMock(
|
|
|
919 |
'Controller',
|
|
|
920 |
array('on', 'redirect'),
|
|
|
921 |
array($CakeRequest, $CakeResponse)
|
|
|
922 |
);
|
|
|
923 |
|
|
|
924 |
$expected = Router::url($this->Auth->loginRedirect, true);
|
|
|
925 |
$Controller->expects($this->once())
|
|
|
926 |
->method('redirect')
|
|
|
927 |
->with($this->equalTo($expected));
|
|
|
928 |
$this->Auth->startup($Controller);
|
|
|
929 |
}
|
|
|
930 |
|
|
|
931 |
/**
|
|
|
932 |
* testRedirectToUnauthorizedRedirect
|
|
|
933 |
*
|
|
|
934 |
* @return void
|
|
|
935 |
*/
|
|
|
936 |
public function testRedirectToUnauthorizedRedirect() {
|
|
|
937 |
$url = '/party/on';
|
|
|
938 |
$this->Auth->request = $CakeRequest = new CakeRequest($url);
|
|
|
939 |
$this->Auth->request->addParams(Router::parse($url));
|
|
|
940 |
$this->Auth->authorize = array('Controller');
|
|
|
941 |
$this->Auth->login(array('username' => 'admad', 'password' => 'cake'));
|
|
|
942 |
$this->Auth->unauthorizedRedirect = array(
|
|
|
943 |
'controller' => 'no_can_do', 'action' => 'jack'
|
|
|
944 |
);
|
|
|
945 |
|
|
|
946 |
$CakeResponse = new CakeResponse();
|
|
|
947 |
$Controller = $this->getMock(
|
|
|
948 |
'Controller',
|
|
|
949 |
array('on', 'redirect'),
|
|
|
950 |
array($CakeRequest, $CakeResponse)
|
|
|
951 |
);
|
|
|
952 |
$this->Auth->Session = $this->getMock(
|
|
|
953 |
'SessionComponent',
|
|
|
954 |
array('setFlash'),
|
|
|
955 |
array($Controller->Components)
|
|
|
956 |
);
|
|
|
957 |
|
|
|
958 |
$expected = array(
|
|
|
959 |
'controller' => 'no_can_do', 'action' => 'jack'
|
|
|
960 |
);
|
|
|
961 |
$Controller->expects($this->once())
|
|
|
962 |
->method('redirect')
|
|
|
963 |
->with($this->equalTo($expected));
|
|
|
964 |
$this->Auth->Session->expects($this->once())
|
|
|
965 |
->method('setFlash');
|
|
|
966 |
$this->Auth->startup($Controller);
|
|
|
967 |
}
|
|
|
968 |
|
|
|
969 |
/**
|
|
|
970 |
* testRedirectToUnauthorizedRedirectSuppressedAuthError
|
|
|
971 |
*
|
|
|
972 |
* @return void
|
|
|
973 |
*/
|
|
|
974 |
public function testRedirectToUnauthorizedRedirectSuppressedAuthError() {
|
|
|
975 |
$url = '/party/on';
|
|
|
976 |
$this->Auth->request = $CakeRequest = new CakeRequest($url);
|
|
|
977 |
$this->Auth->request->addParams(Router::parse($url));
|
|
|
978 |
$this->Auth->authorize = array('Controller');
|
|
|
979 |
$this->Auth->login(array('username' => 'admad', 'password' => 'cake'));
|
|
|
980 |
$this->Auth->unauthorizedRedirect = array(
|
|
|
981 |
'controller' => 'no_can_do', 'action' => 'jack'
|
|
|
982 |
);
|
|
|
983 |
$this->Auth->authError = false;
|
|
|
984 |
|
|
|
985 |
$CakeResponse = new CakeResponse();
|
|
|
986 |
$Controller = $this->getMock(
|
|
|
987 |
'Controller',
|
|
|
988 |
array('on', 'redirect'),
|
|
|
989 |
array($CakeRequest, $CakeResponse)
|
|
|
990 |
);
|
|
|
991 |
$this->Auth->Session = $this->getMock(
|
|
|
992 |
'SessionComponent',
|
|
|
993 |
array('setFlash'),
|
|
|
994 |
array($Controller->Components)
|
|
|
995 |
);
|
|
|
996 |
|
|
|
997 |
$expected = array(
|
|
|
998 |
'controller' => 'no_can_do', 'action' => 'jack'
|
|
|
999 |
);
|
|
|
1000 |
$Controller->expects($this->once())
|
|
|
1001 |
->method('redirect')
|
|
|
1002 |
->with($this->equalTo($expected));
|
|
|
1003 |
$this->Auth->Session->expects($this->never())
|
|
|
1004 |
->method('setFlash');
|
|
|
1005 |
$this->Auth->startup($Controller);
|
|
|
1006 |
}
|
|
|
1007 |
|
|
|
1008 |
/**
|
|
|
1009 |
* Throw ForbiddenException if AuthComponent::$unauthorizedRedirect set to false
|
|
|
1010 |
* @expectedException ForbiddenException
|
|
|
1011 |
* @return void
|
|
|
1012 |
*/
|
|
|
1013 |
public function testForbiddenException() {
|
|
|
1014 |
$url = '/party/on';
|
|
|
1015 |
$this->Auth->request = $CakeRequest = new CakeRequest($url);
|
|
|
1016 |
$this->Auth->request->addParams(Router::parse($url));
|
|
|
1017 |
$this->Auth->authorize = array('Controller');
|
|
|
1018 |
$this->Auth->authorize = array('Controller');
|
|
|
1019 |
$this->Auth->unauthorizedRedirect = false;
|
|
|
1020 |
$this->Auth->login(array('username' => 'baker', 'password' => 'cake'));
|
|
|
1021 |
|
|
|
1022 |
$CakeResponse = new CakeResponse();
|
|
|
1023 |
$Controller = $this->getMock(
|
|
|
1024 |
'Controller',
|
|
|
1025 |
array('on', 'redirect'),
|
|
|
1026 |
array($CakeRequest, $CakeResponse)
|
|
|
1027 |
);
|
|
|
1028 |
|
|
|
1029 |
$this->Auth->startup($Controller);
|
|
|
1030 |
}
|
|
|
1031 |
|
|
|
1032 |
/**
|
|
|
1033 |
* Test that no redirects or authorization tests occur on the loginAction
|
|
|
1034 |
*
|
|
|
1035 |
* @return void
|
|
|
1036 |
*/
|
|
|
1037 |
public function testNoRedirectOnLoginAction() {
|
|
|
1038 |
$controller = $this->getMock('Controller');
|
|
|
1039 |
$controller->methods = array('login');
|
|
|
1040 |
|
|
|
1041 |
$url = '/AuthTest/login';
|
|
|
1042 |
$this->Auth->request = $controller->request = new CakeRequest($url);
|
|
|
1043 |
$this->Auth->request->addParams(Router::parse($url));
|
|
|
1044 |
$this->Auth->loginAction = array('controller' => 'AuthTest', 'action' => 'login');
|
|
|
1045 |
$this->Auth->authorize = array('Controller');
|
|
|
1046 |
|
|
|
1047 |
$controller->expects($this->never())
|
|
|
1048 |
->method('redirect');
|
|
|
1049 |
|
|
|
1050 |
$this->Auth->startup($controller);
|
|
|
1051 |
}
|
|
|
1052 |
|
|
|
1053 |
/**
|
|
|
1054 |
* Ensure that no redirect is performed when a 404 is reached
|
|
|
1055 |
* And the user doesn't have a session.
|
|
|
1056 |
*
|
|
|
1057 |
* @return void
|
|
|
1058 |
*/
|
|
|
1059 |
public function testNoRedirectOn404() {
|
|
|
1060 |
$this->Auth->Session->delete('Auth');
|
|
|
1061 |
$this->Auth->initialize($this->Controller);
|
|
|
1062 |
$this->Auth->request->addParams(Router::parse('auth_test/something_totally_wrong'));
|
|
|
1063 |
$result = $this->Auth->startup($this->Controller);
|
|
|
1064 |
$this->assertTrue($result, 'Auth redirected a missing action %s');
|
|
|
1065 |
}
|
|
|
1066 |
|
|
|
1067 |
/**
|
|
|
1068 |
* testAdminRoute method
|
|
|
1069 |
*
|
|
|
1070 |
* @return void
|
|
|
1071 |
*/
|
|
|
1072 |
public function testAdminRoute() {
|
|
|
1073 |
$pref = Configure::read('Routing.prefixes');
|
|
|
1074 |
Configure::write('Routing.prefixes', array('admin'));
|
|
|
1075 |
Router::reload();
|
|
|
1076 |
require CAKE . 'Config' . DS . 'routes.php';
|
|
|
1077 |
|
|
|
1078 |
$url = '/admin/auth_test/add';
|
|
|
1079 |
$this->Auth->request->addParams(Router::parse($url));
|
|
|
1080 |
$this->Auth->request->query['url'] = ltrim($url, '/');
|
|
|
1081 |
$this->Auth->request->base = '';
|
|
|
1082 |
|
|
|
1083 |
Router::setRequestInfo($this->Auth->request);
|
|
|
1084 |
$this->Auth->initialize($this->Controller);
|
|
|
1085 |
|
|
|
1086 |
$this->Auth->loginAction = array(
|
|
|
1087 |
'admin' => true, 'controller' => 'auth_test', 'action' => 'login'
|
|
|
1088 |
);
|
|
|
1089 |
|
|
|
1090 |
$this->Auth->startup($this->Controller);
|
|
|
1091 |
$this->assertEquals('/admin/auth_test/login', $this->Controller->testUrl);
|
|
|
1092 |
|
|
|
1093 |
Configure::write('Routing.prefixes', $pref);
|
|
|
1094 |
}
|
|
|
1095 |
|
|
|
1096 |
/**
|
|
|
1097 |
* testAjaxLogin method
|
|
|
1098 |
*
|
|
|
1099 |
* @return void
|
|
|
1100 |
*/
|
|
|
1101 |
public function testAjaxLogin() {
|
|
|
1102 |
App::build(array(
|
|
|
1103 |
'View' => array(CAKE . 'Test' . DS . 'test_app' . DS . 'View' . DS)
|
|
|
1104 |
));
|
|
|
1105 |
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'XMLHttpRequest';
|
|
|
1106 |
|
|
|
1107 |
App::uses('Dispatcher', 'Routing');
|
|
|
1108 |
|
|
|
1109 |
ob_start();
|
|
|
1110 |
$Dispatcher = new Dispatcher();
|
|
|
1111 |
$Dispatcher->dispatch(new CakeRequest('/ajax_auth/add'), new CakeResponse(), array('return' => 1));
|
|
|
1112 |
$result = ob_get_clean();
|
|
|
1113 |
|
|
|
1114 |
$this->assertEquals("Ajax!\nthis is the test element", str_replace("\r\n", "\n", $result));
|
|
|
1115 |
unset($_SERVER['HTTP_X_REQUESTED_WITH']);
|
|
|
1116 |
}
|
|
|
1117 |
|
|
|
1118 |
/**
|
|
|
1119 |
* testLoginActionRedirect method
|
|
|
1120 |
*
|
|
|
1121 |
* @return void
|
|
|
1122 |
*/
|
|
|
1123 |
public function testLoginActionRedirect() {
|
|
|
1124 |
$admin = Configure::read('Routing.prefixes');
|
|
|
1125 |
Configure::write('Routing.prefixes', array('admin'));
|
|
|
1126 |
Router::reload();
|
|
|
1127 |
require CAKE . 'Config' . DS . 'routes.php';
|
|
|
1128 |
|
|
|
1129 |
$url = '/admin/auth_test/login';
|
|
|
1130 |
$this->Auth->request->addParams(Router::parse($url));
|
|
|
1131 |
$this->Auth->request->url = ltrim($url, '/');
|
|
|
1132 |
Router::setRequestInfo(array(
|
|
|
1133 |
array(
|
|
|
1134 |
'pass' => array(), 'action' => 'admin_login', 'plugin' => null, 'controller' => 'auth_test',
|
|
|
1135 |
'admin' => true,
|
|
|
1136 |
),
|
|
|
1137 |
array(
|
|
|
1138 |
'base' => null, 'here' => $url,
|
|
|
1139 |
'webroot' => '/', 'passedArgs' => array(),
|
|
|
1140 |
)
|
|
|
1141 |
));
|
|
|
1142 |
|
|
|
1143 |
$this->Auth->initialize($this->Controller);
|
|
|
1144 |
$this->Auth->loginAction = array('admin' => true, 'controller' => 'auth_test', 'action' => 'login');
|
|
|
1145 |
$this->Auth->startup($this->Controller);
|
|
|
1146 |
|
|
|
1147 |
$this->assertNull($this->Controller->testUrl);
|
|
|
1148 |
|
|
|
1149 |
Configure::write('Routing.prefixes', $admin);
|
|
|
1150 |
}
|
|
|
1151 |
|
|
|
1152 |
/**
|
|
|
1153 |
* Stateless auth methods like Basic should populate data that can be
|
|
|
1154 |
* accessed by $this->user().
|
|
|
1155 |
*
|
|
|
1156 |
* @return void
|
|
|
1157 |
*/
|
|
|
1158 |
public function testStatelessAuthWorksWithUser() {
|
|
|
1159 |
$_SERVER['PHP_AUTH_USER'] = 'mariano';
|
|
|
1160 |
$_SERVER['PHP_AUTH_PW'] = 'cake';
|
|
|
1161 |
$url = '/auth_test/add';
|
|
|
1162 |
$this->Auth->request->addParams(Router::parse($url));
|
|
|
1163 |
|
|
|
1164 |
$this->Auth->authenticate = array(
|
|
|
1165 |
'Basic' => array('userModel' => 'AuthUser')
|
|
|
1166 |
);
|
|
|
1167 |
$this->Auth->startup($this->Controller);
|
|
|
1168 |
|
|
|
1169 |
$result = $this->Auth->user();
|
|
|
1170 |
$this->assertEquals('mariano', $result['username']);
|
|
|
1171 |
|
|
|
1172 |
$result = $this->Auth->user('username');
|
|
|
1173 |
$this->assertEquals('mariano', $result);
|
|
|
1174 |
}
|
|
|
1175 |
|
|
|
1176 |
/**
|
|
|
1177 |
* test $settings in Controller::$components
|
|
|
1178 |
*
|
|
|
1179 |
* @return void
|
|
|
1180 |
*/
|
|
|
1181 |
public function testComponentSettings() {
|
|
|
1182 |
$request = new CakeRequest(null, false);
|
|
|
1183 |
$this->Controller = new AuthTestController($request, $this->getMock('CakeResponse'));
|
|
|
1184 |
|
|
|
1185 |
$this->Controller->components = array(
|
|
|
1186 |
'Auth' => array(
|
|
|
1187 |
'loginAction' => array('controller' => 'people', 'action' => 'login'),
|
|
|
1188 |
'logoutRedirect' => array('controller' => 'people', 'action' => 'login'),
|
|
|
1189 |
),
|
|
|
1190 |
'Session'
|
|
|
1191 |
);
|
|
|
1192 |
$this->Controller->Components->init($this->Controller);
|
|
|
1193 |
$this->Controller->Components->trigger('initialize', array(&$this->Controller));
|
|
|
1194 |
Router::reload();
|
|
|
1195 |
|
|
|
1196 |
$expected = array(
|
|
|
1197 |
'loginAction' => array('controller' => 'people', 'action' => 'login'),
|
|
|
1198 |
'logoutRedirect' => array('controller' => 'people', 'action' => 'login'),
|
|
|
1199 |
);
|
|
|
1200 |
$this->assertEquals($expected['loginAction'], $this->Controller->Auth->loginAction);
|
|
|
1201 |
$this->assertEquals($expected['logoutRedirect'], $this->Controller->Auth->logoutRedirect);
|
|
|
1202 |
}
|
|
|
1203 |
|
|
|
1204 |
/**
|
|
|
1205 |
* test that logout deletes the session variables. and returns the correct URL
|
|
|
1206 |
*
|
|
|
1207 |
* @return void
|
|
|
1208 |
*/
|
|
|
1209 |
public function testLogout() {
|
|
|
1210 |
$this->Auth->Session->write('Auth.User.id', '1');
|
|
|
1211 |
$this->Auth->Session->write('Auth.redirect', '/users/login');
|
|
|
1212 |
$this->Auth->logoutRedirect = '/';
|
|
|
1213 |
$result = $this->Auth->logout();
|
|
|
1214 |
|
|
|
1215 |
$this->assertEquals('/', $result);
|
|
|
1216 |
$this->assertNull($this->Auth->Session->read('Auth.AuthUser'));
|
|
|
1217 |
$this->assertNull($this->Auth->Session->read('Auth.redirect'));
|
|
|
1218 |
}
|
|
|
1219 |
|
|
|
1220 |
/**
|
|
|
1221 |
* Logout should trigger a logout method on authentication objects.
|
|
|
1222 |
*
|
|
|
1223 |
* @return void
|
|
|
1224 |
*/
|
|
|
1225 |
public function testLogoutTrigger() {
|
|
|
1226 |
$this->getMock('BaseAuthenticate', array('authenticate', 'logout'), array(), 'LogoutTriggerMockAuthenticate', false);
|
|
|
1227 |
|
|
|
1228 |
$this->Auth->authenticate = array('LogoutTriggerMock');
|
|
|
1229 |
$mock = $this->Auth->constructAuthenticate();
|
|
|
1230 |
$mock[0]->expects($this->once())
|
|
|
1231 |
->method('logout');
|
|
|
1232 |
|
|
|
1233 |
$this->Auth->logout();
|
|
|
1234 |
}
|
|
|
1235 |
|
|
|
1236 |
/**
|
|
|
1237 |
* test mapActions loading and delegating to authorize objects.
|
|
|
1238 |
*
|
|
|
1239 |
* @return void
|
|
|
1240 |
*/
|
|
|
1241 |
public function testMapActionsDelegation() {
|
|
|
1242 |
$this->getMock('BaseAuthorize', array('authorize'), array(), 'MapActionMockAuthorize', false);
|
|
|
1243 |
$this->Auth->authorize = array('MapActionMock');
|
|
|
1244 |
$mock = $this->Auth->constructAuthorize();
|
|
|
1245 |
$mock[0]->expects($this->once())
|
|
|
1246 |
->method('mapActions')
|
|
|
1247 |
->with(array('create' => array('my_action')));
|
|
|
1248 |
|
|
|
1249 |
$this->Auth->mapActions(array('create' => array('my_action')));
|
|
|
1250 |
}
|
|
|
1251 |
|
|
|
1252 |
/**
|
|
|
1253 |
* test logging in with a request.
|
|
|
1254 |
*
|
|
|
1255 |
* @return void
|
|
|
1256 |
*/
|
|
|
1257 |
public function testLoginWithRequestData() {
|
|
|
1258 |
$this->getMock('FormAuthenticate', array(), array(), 'RequestLoginMockAuthenticate', false);
|
|
|
1259 |
$request = new CakeRequest('users/login', false);
|
|
|
1260 |
$user = array('username' => 'mark', 'role' => 'admin');
|
|
|
1261 |
|
|
|
1262 |
$this->Auth->request = $request;
|
|
|
1263 |
$this->Auth->authenticate = array('RequestLoginMock');
|
|
|
1264 |
$mock = $this->Auth->constructAuthenticate();
|
|
|
1265 |
$mock[0]->expects($this->once())
|
|
|
1266 |
->method('authenticate')
|
|
|
1267 |
->with($request)
|
|
|
1268 |
->will($this->returnValue($user));
|
|
|
1269 |
|
|
|
1270 |
$this->assertTrue($this->Auth->login());
|
|
|
1271 |
$this->assertEquals($user['username'], $this->Auth->user('username'));
|
|
|
1272 |
}
|
|
|
1273 |
|
|
|
1274 |
/**
|
|
|
1275 |
* test login() with user data
|
|
|
1276 |
*
|
|
|
1277 |
* @return void
|
|
|
1278 |
*/
|
|
|
1279 |
public function testLoginWithUserData() {
|
|
|
1280 |
$this->assertFalse($this->Auth->loggedIn());
|
|
|
1281 |
|
|
|
1282 |
$user = array(
|
|
|
1283 |
'username' => 'mariano',
|
|
|
1284 |
'password' => '5f4dcc3b5aa765d61d8327deb882cf99',
|
|
|
1285 |
'created' => '2007-03-17 01:16:23',
|
|
|
1286 |
'updated' => '2007-03-17 01:18:31'
|
|
|
1287 |
);
|
|
|
1288 |
$this->assertTrue($this->Auth->login($user));
|
|
|
1289 |
$this->assertTrue($this->Auth->loggedIn());
|
|
|
1290 |
$this->assertEquals($user['username'], $this->Auth->user('username'));
|
|
|
1291 |
}
|
|
|
1292 |
|
|
|
1293 |
/**
|
|
|
1294 |
* test flash settings.
|
|
|
1295 |
*
|
|
|
1296 |
* @return void
|
|
|
1297 |
*/
|
|
|
1298 |
public function testFlashSettings() {
|
|
|
1299 |
$this->Auth->Session = $this->getMock('SessionComponent', array(), array(), '', false);
|
|
|
1300 |
$this->Auth->Session->expects($this->once())
|
|
|
1301 |
->method('setFlash')
|
|
|
1302 |
->with('Auth failure', 'custom', array(1), 'auth-key');
|
|
|
1303 |
|
|
|
1304 |
$this->Auth->flash = array(
|
|
|
1305 |
'element' => 'custom',
|
|
|
1306 |
'params' => array(1),
|
|
|
1307 |
'key' => 'auth-key'
|
|
|
1308 |
);
|
|
|
1309 |
$this->Auth->flash('Auth failure');
|
|
|
1310 |
}
|
|
|
1311 |
|
|
|
1312 |
/**
|
|
|
1313 |
* test the various states of Auth::redirect()
|
|
|
1314 |
*
|
|
|
1315 |
* @return void
|
|
|
1316 |
*/
|
|
|
1317 |
public function testRedirectSet() {
|
|
|
1318 |
$value = array('controller' => 'users', 'action' => 'home');
|
|
|
1319 |
$result = $this->Auth->redirectUrl($value);
|
|
|
1320 |
$this->assertEquals('/users/home', $result);
|
|
|
1321 |
$this->assertEquals($value, $this->Auth->Session->read('Auth.redirect'));
|
|
|
1322 |
}
|
|
|
1323 |
|
|
|
1324 |
/**
|
|
|
1325 |
* test redirect using Auth.redirect from the session.
|
|
|
1326 |
*
|
|
|
1327 |
* @return void
|
|
|
1328 |
*/
|
|
|
1329 |
public function testRedirectSessionRead() {
|
|
|
1330 |
$this->Auth->loginAction = array('controller' => 'users', 'action' => 'login');
|
|
|
1331 |
$this->Auth->Session->write('Auth.redirect', '/users/home');
|
|
|
1332 |
|
|
|
1333 |
$result = $this->Auth->redirectUrl();
|
|
|
1334 |
$this->assertEquals('/users/home', $result);
|
|
|
1335 |
$this->assertFalse($this->Auth->Session->check('Auth.redirect'));
|
|
|
1336 |
}
|
|
|
1337 |
|
|
|
1338 |
/**
|
|
|
1339 |
* test redirectUrl with duplicate base.
|
|
|
1340 |
*
|
|
|
1341 |
* @return void
|
|
|
1342 |
*/
|
|
|
1343 |
public function testRedirectSessionReadDuplicateBase() {
|
|
|
1344 |
$this->Auth->request->webroot = '/waves/';
|
|
|
1345 |
$this->Auth->request->base = '/waves';
|
|
|
1346 |
|
|
|
1347 |
Router::setRequestInfo($this->Auth->request);
|
|
|
1348 |
|
|
|
1349 |
$this->Auth->Session->write('Auth.redirect', '/waves/add');
|
|
|
1350 |
|
|
|
1351 |
$result = $this->Auth->redirectUrl();
|
|
|
1352 |
$this->assertEquals('/waves/add', $result);
|
|
|
1353 |
}
|
|
|
1354 |
|
|
|
1355 |
/**
|
|
|
1356 |
* test that redirect does not return loginAction if that is what's stored in Auth.redirect.
|
|
|
1357 |
* instead loginRedirect should be used.
|
|
|
1358 |
*
|
|
|
1359 |
* @return void
|
|
|
1360 |
*/
|
|
|
1361 |
public function testRedirectSessionReadEqualToLoginAction() {
|
|
|
1362 |
$this->Auth->loginAction = array('controller' => 'users', 'action' => 'login');
|
|
|
1363 |
$this->Auth->loginRedirect = array('controller' => 'users', 'action' => 'home');
|
|
|
1364 |
$this->Auth->Session->write('Auth.redirect', array('controller' => 'users', 'action' => 'login'));
|
|
|
1365 |
|
|
|
1366 |
$result = $this->Auth->redirectUrl();
|
|
|
1367 |
$this->assertEquals('/users/home', $result);
|
|
|
1368 |
$this->assertFalse($this->Auth->Session->check('Auth.redirect'));
|
|
|
1369 |
}
|
|
|
1370 |
|
|
|
1371 |
/**
|
|
|
1372 |
* test that the returned URL doesn't contain the base URL.
|
|
|
1373 |
*
|
|
|
1374 |
* @see https://cakephp.lighthouseapp.com/projects/42648/tickets/3922-authcomponentredirecturl-prepends-appbaseurl
|
|
|
1375 |
*
|
|
|
1376 |
* @return void This test method doesn't return anything.
|
|
|
1377 |
*/
|
|
|
1378 |
public function testRedirectUrlWithBaseSet() {
|
|
|
1379 |
$App = Configure::read('App');
|
|
|
1380 |
|
|
|
1381 |
Configure::write('App', array(
|
|
|
1382 |
'dir' => APP_DIR,
|
|
|
1383 |
'webroot' => WEBROOT_DIR,
|
|
|
1384 |
'base' => false,
|
|
|
1385 |
'baseUrl' => '/cake/index.php'
|
|
|
1386 |
));
|
|
|
1387 |
|
|
|
1388 |
$url = '/users/login';
|
|
|
1389 |
$this->Auth->request = $this->Controller->request = new CakeRequest($url);
|
|
|
1390 |
$this->Auth->request->addParams(Router::parse($url));
|
|
|
1391 |
$this->Auth->request->url = Router::normalize($url);
|
|
|
1392 |
|
|
|
1393 |
Router::setRequestInfo($this->Auth->request);
|
|
|
1394 |
|
|
|
1395 |
$this->Auth->loginAction = array('controller' => 'users', 'action' => 'login');
|
|
|
1396 |
$this->Auth->loginRedirect = array('controller' => 'users', 'action' => 'home');
|
|
|
1397 |
|
|
|
1398 |
$result = $this->Auth->redirectUrl();
|
|
|
1399 |
$this->assertEquals('/users/home', $result);
|
|
|
1400 |
$this->assertFalse($this->Auth->Session->check('Auth.redirect'));
|
|
|
1401 |
|
|
|
1402 |
Configure::write('App', $App);
|
|
|
1403 |
Router::reload();
|
|
|
1404 |
}
|
|
|
1405 |
|
|
|
1406 |
/**
|
|
|
1407 |
* test password hashing
|
|
|
1408 |
*
|
|
|
1409 |
* @return void
|
|
|
1410 |
*/
|
|
|
1411 |
public function testPassword() {
|
|
|
1412 |
$result = $this->Auth->password('password');
|
|
|
1413 |
$expected = Security::hash('password', null, true);
|
|
|
1414 |
$this->assertEquals($expected, $result);
|
|
|
1415 |
}
|
|
|
1416 |
|
|
|
1417 |
/**
|
|
|
1418 |
* testUser method
|
|
|
1419 |
*
|
|
|
1420 |
* @return void
|
|
|
1421 |
*/
|
|
|
1422 |
public function testUser() {
|
|
|
1423 |
$data = array(
|
|
|
1424 |
'User' => array(
|
|
|
1425 |
'id' => '2',
|
|
|
1426 |
'username' => 'mark',
|
|
|
1427 |
'group_id' => 1,
|
|
|
1428 |
'Group' => array(
|
|
|
1429 |
'id' => '1',
|
|
|
1430 |
'name' => 'Members'
|
|
|
1431 |
),
|
|
|
1432 |
'is_admin' => false,
|
|
|
1433 |
));
|
|
|
1434 |
$this->Auth->Session->write('Auth', $data);
|
|
|
1435 |
|
|
|
1436 |
$result = $this->Auth->user();
|
|
|
1437 |
$this->assertEquals($data['User'], $result);
|
|
|
1438 |
|
|
|
1439 |
$result = $this->Auth->user('username');
|
|
|
1440 |
$this->assertEquals($data['User']['username'], $result);
|
|
|
1441 |
|
|
|
1442 |
$result = $this->Auth->user('Group.name');
|
|
|
1443 |
$this->assertEquals($data['User']['Group']['name'], $result);
|
|
|
1444 |
|
|
|
1445 |
$result = $this->Auth->user('invalid');
|
|
|
1446 |
$this->assertEquals(null, $result);
|
|
|
1447 |
|
|
|
1448 |
$result = $this->Auth->user('Company.invalid');
|
|
|
1449 |
$this->assertEquals(null, $result);
|
|
|
1450 |
|
|
|
1451 |
$result = $this->Auth->user('is_admin');
|
|
|
1452 |
$this->assertFalse($result);
|
|
|
1453 |
}
|
|
|
1454 |
|
|
|
1455 |
/**
|
|
|
1456 |
* testStatelessAuthNoRedirect method
|
|
|
1457 |
*
|
|
|
1458 |
* @expectedException UnauthorizedException
|
|
|
1459 |
* @expectedExceptionCode 401
|
|
|
1460 |
* @return void
|
|
|
1461 |
*/
|
|
|
1462 |
public function testStatelessAuthNoRedirect() {
|
|
|
1463 |
if (CakeSession::id()) {
|
|
|
1464 |
session_destroy();
|
|
|
1465 |
CakeSession::$id = null;
|
|
|
1466 |
}
|
|
|
1467 |
$_SESSION = null;
|
|
|
1468 |
|
|
|
1469 |
AuthComponent::$sessionKey = false;
|
|
|
1470 |
$this->Auth->authenticate = array('Basic');
|
|
|
1471 |
$this->Controller->request['action'] = 'admin_add';
|
|
|
1472 |
|
|
|
1473 |
$this->Auth->startup($this->Controller);
|
|
|
1474 |
}
|
|
|
1475 |
|
|
|
1476 |
/**
|
|
|
1477 |
* testStatelessAuthNoSessionStart method
|
|
|
1478 |
*
|
|
|
1479 |
* @return void
|
|
|
1480 |
*/
|
|
|
1481 |
public function testStatelessAuthNoSessionStart() {
|
|
|
1482 |
if (CakeSession::id()) {
|
|
|
1483 |
session_destroy();
|
|
|
1484 |
CakeSession::$id = null;
|
|
|
1485 |
}
|
|
|
1486 |
$_SESSION = null;
|
|
|
1487 |
|
|
|
1488 |
$_SERVER['PHP_AUTH_USER'] = 'mariano';
|
|
|
1489 |
$_SERVER['PHP_AUTH_PW'] = 'cake';
|
|
|
1490 |
|
|
|
1491 |
AuthComponent::$sessionKey = false;
|
|
|
1492 |
$this->Auth->authenticate = array(
|
|
|
1493 |
'Basic' => array('userModel' => 'AuthUser')
|
|
|
1494 |
);
|
|
|
1495 |
$this->Controller->request['action'] = 'admin_add';
|
|
|
1496 |
|
|
|
1497 |
$result = $this->Auth->startup($this->Controller);
|
|
|
1498 |
$this->assertTrue($result);
|
|
|
1499 |
|
|
|
1500 |
$this->assertNull(CakeSession::id());
|
|
|
1501 |
}
|
|
|
1502 |
|
|
|
1503 |
/**
|
|
|
1504 |
* testStatelessAuthRedirect method
|
|
|
1505 |
*
|
|
|
1506 |
* @return void
|
|
|
1507 |
*/
|
|
|
1508 |
public function testStatelessFollowedByStatefulAuth() {
|
|
|
1509 |
$this->Auth->authenticate = array('Basic', 'Form');
|
|
|
1510 |
$this->Controller->request['action'] = 'admin_add';
|
|
|
1511 |
|
|
|
1512 |
$this->Auth->response->expects($this->never())->method('statusCode');
|
|
|
1513 |
$this->Auth->response->expects($this->never())->method('send');
|
|
|
1514 |
|
|
|
1515 |
$result = $this->Auth->startup($this->Controller);
|
|
|
1516 |
$this->assertFalse($result);
|
|
|
1517 |
|
|
|
1518 |
$this->assertEquals('/users/login', $this->Controller->testUrl);
|
|
|
1519 |
}
|
|
|
1520 |
}
|