Subversion Repositories SmartDukaan

Rev

Details | Last modification | View Log | RSS feed

Rev Author Line No. Line
16591 anikendra 1
<?php
2
/**
3
 * BasicAuthenticateTest file
4
 *
5
 * CakePHP(tm) : Rapid Development Framework (http://cakephp.org)
6
 * Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
7
 *
8
 * Licensed under The MIT License
9
 * For full copyright and license information, please see the LICENSE.txt
10
 * Redistributions of files must retain the above copyright notice.
11
 *
12
 * @copyright     Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
13
 * @link          http://cakephp.org CakePHP(tm) Project
14
 * @package       Cake.Test.Case.Controller.Component.Auth
15
 * @since         CakePHP(tm) v 2.0
16
 * @license       http://www.opensource.org/licenses/mit-license.php MIT License
17
 */
18
 
19
App::uses('AuthComponent', 'Controller/Component');
20
App::uses('BasicAuthenticate', 'Controller/Component/Auth');
21
App::uses('AppModel', 'Model');
22
App::uses('CakeRequest', 'Network');
23
App::uses('CakeResponse', 'Network');
24
 
25
require_once CAKE . 'Test' . DS . 'Case' . DS . 'Model' . DS . 'models.php';
26
 
27
/**
28
 * Test case for BasicAuthentication
29
 *
30
 * @package       Cake.Test.Case.Controller.Component.Auth
31
 */
32
class BasicAuthenticateTest extends CakeTestCase {
33
 
34
/**
35
 * Fixtures
36
 *
37
 * @var array
38
 */
39
	public $fixtures = array('core.user', 'core.auth_user', 'core.article');
40
 
41
/**
42
 * setup
43
 *
44
 * @return void
45
 */
46
	public function setUp() {
47
		parent::setUp();
48
		$this->Collection = $this->getMock('ComponentCollection');
49
		$this->auth = new BasicAuthenticate($this->Collection, array(
50
			'fields' => array('username' => 'user', 'password' => 'password'),
51
			'userModel' => 'User',
52
			'realm' => 'localhost',
53
			'recursive' => 0
54
		));
55
 
56
		$password = Security::hash('password', null, true);
57
		$User = ClassRegistry::init('User');
58
		$User->updateAll(array('password' => $User->getDataSource()->value($password)));
59
		$this->response = $this->getMock('CakeResponse');
60
	}
61
 
62
/**
63
 * test applying settings in the constructor
64
 *
65
 * @return void
66
 */
67
	public function testConstructor() {
68
		$object = new BasicAuthenticate($this->Collection, array(
69
			'userModel' => 'AuthUser',
70
			'fields' => array('username' => 'user', 'password' => 'password')
71
		));
72
		$this->assertEquals('AuthUser', $object->settings['userModel']);
73
		$this->assertEquals(array('username' => 'user', 'password' => 'password'), $object->settings['fields']);
74
		$this->assertEquals(env('SERVER_NAME'), $object->settings['realm']);
75
	}
76
 
77
/**
78
 * test the authenticate method
79
 *
80
 * @return void
81
 */
82
	public function testAuthenticateNoData() {
83
		$request = new CakeRequest('posts/index', false);
84
 
85
		$this->response->expects($this->never())
86
			->method('header');
87
 
88
		$this->assertFalse($this->auth->getUser($request));
89
	}
90
 
91
/**
92
 * test the authenticate method
93
 *
94
 * @return void
95
 */
96
	public function testAuthenticateNoUsername() {
97
		$request = new CakeRequest('posts/index', false);
98
		$_SERVER['PHP_AUTH_PW'] = 'foobar';
99
 
100
		$this->assertFalse($this->auth->authenticate($request, $this->response));
101
	}
102
 
103
/**
104
 * test the authenticate method
105
 *
106
 * @return void
107
 */
108
	public function testAuthenticateNoPassword() {
109
		$request = new CakeRequest('posts/index', false);
110
		$_SERVER['PHP_AUTH_USER'] = 'mariano';
111
		$_SERVER['PHP_AUTH_PW'] = null;
112
 
113
		$this->assertFalse($this->auth->authenticate($request, $this->response));
114
	}
115
 
116
/**
117
 * test the authenticate method
118
 *
119
 * @return void
120
 */
121
	public function testAuthenticateInjection() {
122
		$request = new CakeRequest('posts/index', false);
123
		$request->addParams(array('pass' => array(), 'named' => array()));
124
 
125
		$_SERVER['PHP_AUTH_USER'] = '> 1';
126
		$_SERVER['PHP_AUTH_PW'] = "' OR 1 = 1";
127
 
128
		$this->assertFalse($this->auth->getUser($request));
129
		$this->assertFalse($this->auth->authenticate($request, $this->response));
130
	}
131
 
132
/**
133
 * Test that username of 0 works.
134
 *
135
 * @return void
136
 */
137
	public function testAuthenticateUsernameZero() {
138
		$User = ClassRegistry::init('User');
139
		$User->updateAll(array('user' => $User->getDataSource()->value('0')), array('user' => 'mariano'));
140
 
141
		$request = new CakeRequest('posts/index', false);
142
		$request->data = array('User' => array(
143
			'user' => '0',
144
			'password' => 'password'
145
		));
146
		$_SERVER['PHP_AUTH_USER'] = '0';
147
		$_SERVER['PHP_AUTH_PW'] = 'password';
148
 
149
		$expected = array(
150
			'id' => 1,
151
			'user' => '0',
152
			'created' => '2007-03-17 01:16:23',
153
			'updated' => '2007-03-17 01:18:31'
154
		);
155
		$this->assertEquals($expected, $this->auth->authenticate($request, $this->response));
156
	}
157
 
158
/**
159
 * test that challenge headers are sent when no credentials are found.
160
 *
161
 * @return void
162
 */
163
	public function testAuthenticateChallenge() {
164
		$request = new CakeRequest('posts/index', false);
165
		$request->addParams(array('pass' => array(), 'named' => array()));
166
 
167
		try {
168
			$this->auth->unauthenticated($request, $this->response);
169
		} catch (UnauthorizedException $e) {
170
		}
171
 
172
		$this->assertNotEmpty($e);
173
 
174
		$expected = array('WWW-Authenticate: Basic realm="localhost"');
175
		$this->assertEquals($expected, $e->responseHeader());
176
	}
177
 
178
/**
179
 * test authenticate success
180
 *
181
 * @return void
182
 */
183
	public function testAuthenticateSuccess() {
184
		$request = new CakeRequest('posts/index', false);
185
		$request->addParams(array('pass' => array(), 'named' => array()));
186
 
187
		$_SERVER['PHP_AUTH_USER'] = 'mariano';
188
		$_SERVER['PHP_AUTH_PW'] = 'password';
189
 
190
		$result = $this->auth->authenticate($request, $this->response);
191
		$expected = array(
192
			'id' => 1,
193
			'user' => 'mariano',
194
			'created' => '2007-03-17 01:16:23',
195
			'updated' => '2007-03-17 01:18:31'
196
		);
197
		$this->assertEquals($expected, $result);
198
	}
199
 
200
/**
201
 * test contain success
202
 *
203
 * @return void
204
 */
205
	public function testAuthenticateContainSuccess() {
206
		$User = ClassRegistry::init('User');
207
		$User->bindModel(array('hasMany' => array('Article')));
208
		$User->Behaviors->load('Containable');
209
		$this->auth->settings['contain'] = 'Article';
210
		$request = new CakeRequest('posts/index', false);
211
		$request->addParams(array('pass' => array(), 'named' => array()));
212
 
213
		$_SERVER['PHP_AUTH_USER'] = 'mariano';
214
		$_SERVER['PHP_AUTH_PW'] = 'password';
215
 
216
		$result = $this->auth->authenticate($request, $this->response);
217
		$expected = array(
218
			'id' => 1,
219
			'user_id' => 1,
220
			'title' => 'First Article',
221
			'body' => 'First Article Body',
222
			'published' => 'Y',
223
			'created' => '2007-03-18 10:39:23',
224
			'updated' => '2007-03-18 10:41:31'
225
		);
226
		$this->assertEquals($expected, $result['Article'][0]);
227
	}
228
 
229
/**
230
 * test userFields success
231
 *
232
 * @return void
233
 */
234
	public function testAuthenticateUserFieldsSuccess() {
235
		$this->auth->settings['userFields'] = array('id', 'user');
236
		$request = new CakeRequest('posts/index', false);
237
		$request->addParams(array('pass' => array(), 'named' => array()));
238
 
239
		$_SERVER['PHP_AUTH_USER'] = 'mariano';
240
		$_SERVER['PHP_AUTH_PW'] = 'password';
241
 
242
		$result = $this->auth->authenticate($request, $this->response);
243
		$expected = array(
244
			'id' => 1,
245
			'user' => 'mariano',
246
		);
247
		$this->assertEquals($expected, $result);
248
	}
249
 
250
/**
251
 * test userFields and related models success
252
 *
253
 * @return void
254
 */
255
	public function testAuthenticateUserFieldsRelatedModelsSuccess() {
256
		$User = ClassRegistry::init('User');
257
		$User->bindModel(array('hasOne' => array(
258
			'Article' => array(
259
				'order' => 'Article.id ASC'
260
			)
261
		)));
262
		$this->auth->settings['recursive'] = 0;
263
		$this->auth->settings['userFields'] = array('Article.id', 'Article.title');
264
		$request = new CakeRequest('posts/index', false);
265
		$request->addParams(array('pass' => array(), 'named' => array()));
266
 
267
		$_SERVER['PHP_AUTH_USER'] = 'mariano';
268
		$_SERVER['PHP_AUTH_PW'] = 'password';
269
 
270
		$result = $this->auth->authenticate($request, $this->response);
271
		$expected = array(
272
			'id' => 1,
273
			'title' => 'First Article',
274
		);
275
		$this->assertEquals($expected, $result['Article']);
276
	}
277
 
278
/**
279
 * test scope failure.
280
 *
281
 * @expectedException UnauthorizedException
282
 * @expectedExceptionCode 401
283
 * @return void
284
 */
285
	public function testAuthenticateFailReChallenge() {
286
		$this->auth->settings['scope'] = array('user' => 'nate');
287
		$request = new CakeRequest('posts/index', false);
288
		$request->addParams(array('pass' => array(), 'named' => array()));
289
 
290
		$_SERVER['PHP_AUTH_USER'] = 'mariano';
291
		$_SERVER['PHP_AUTH_PW'] = 'password';
292
 
293
		$this->auth->unauthenticated($request, $this->response);
294
	}
295
 
296
/**
297
 * testAuthenticateWithBlowfish
298
 *
299
 * @return void
300
 */
301
	public function testAuthenticateWithBlowfish() {
302
		$hash = Security::hash('password', 'blowfish');
303
		$this->skipIf(strpos($hash, '$2a$') === false, 'Skipping blowfish tests as hashing is not working');
304
 
305
		$request = new CakeRequest('posts/index', false);
306
		$request->addParams(array('pass' => array(), 'named' => array()));
307
 
308
		$_SERVER['PHP_AUTH_USER'] = 'mariano';
309
		$_SERVER['PHP_AUTH_PW'] = 'password';
310
 
311
		$User = ClassRegistry::init('User');
312
		$User->updateAll(
313
			array('password' => $User->getDataSource()->value($hash)),
314
			array('User.user' => 'mariano')
315
		);
316
 
317
		$this->auth->settings['passwordHasher'] = 'Blowfish';
318
 
319
		$result = $this->auth->authenticate($request, $this->response);
320
		$expected = array(
321
			'id' => 1,
322
			'user' => 'mariano',
323
			'created' => '2007-03-17 01:16:23',
324
			'updated' => '2007-03-17 01:18:31'
325
		);
326
		$this->assertEquals($expected, $result);
327
	}
328
 
329
}