2020-09-25 22:31:45 +02:00
|
|
|
<?php
|
|
|
|
|
2021-03-22 10:28:28 +01:00
|
|
|
class LoginTest extends \PHPUnit\Framework\TestCase
|
|
|
|
{
|
2021-04-13 22:19:16 +02:00
|
|
|
public function setUp(): void
|
|
|
|
{
|
2021-01-14 18:05:50 +01:00
|
|
|
global $CONF;
|
|
|
|
|
2020-09-25 22:31:45 +02:00
|
|
|
$this->cleanUp();
|
|
|
|
|
2021-01-14 18:05:50 +01:00
|
|
|
$CONF['pacrypt'] = 'md5'; // crap
|
|
|
|
|
2021-01-19 17:50:56 +01:00
|
|
|
db_execute("INSERT INTO domain(domain, description, transport) values ('example.com', 'test', 'foo')", [], true);
|
2020-09-25 22:31:45 +02:00
|
|
|
|
|
|
|
db_execute(
|
2021-01-19 17:50:56 +01:00
|
|
|
"INSERT INTO mailbox(username, password, name, maildir, local_part, domain) VALUES(:username, :password, :name, :maildir, :local_part, :domain)",
|
2020-09-25 22:31:45 +02:00
|
|
|
[
|
|
|
|
'username' => 'test@example.com',
|
|
|
|
'password' => pacrypt('foobar'),
|
|
|
|
'name' => 'test user',
|
|
|
|
'maildir' => '/foo/bar',
|
|
|
|
'local_part' => 'test',
|
|
|
|
'domain' => 'example.com',
|
|
|
|
]);
|
2021-01-19 17:50:56 +01:00
|
|
|
|
|
|
|
|
2020-09-25 22:31:45 +02:00
|
|
|
parent::setUp();
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2021-04-13 22:19:16 +02:00
|
|
|
public function tearDown(): void
|
|
|
|
{
|
2020-09-25 22:31:45 +02:00
|
|
|
$this->cleanUp();
|
|
|
|
parent::tearDown(); // TODO: Change the autogenerated stub
|
|
|
|
}
|
|
|
|
|
2021-04-13 22:19:16 +02:00
|
|
|
private function cleanUp()
|
|
|
|
{
|
2021-01-19 17:50:56 +01:00
|
|
|
db_query('DELETE FROM alias');
|
|
|
|
db_query('DELETE FROM alias_domain');
|
2020-09-25 22:31:45 +02:00
|
|
|
db_query('DELETE FROM mailbox');
|
2021-01-19 17:50:56 +01:00
|
|
|
db_query('DELETE FROM domain_admins');
|
2020-09-25 22:31:45 +02:00
|
|
|
db_query('DELETE FROM domain');
|
|
|
|
}
|
|
|
|
|
2023-12-27 17:09:35 +01:00
|
|
|
public function testChangePassword()
|
2021-04-13 22:19:16 +02:00
|
|
|
{
|
2021-02-23 10:57:01 +01:00
|
|
|
$login = new Login('mailbox');
|
|
|
|
|
|
|
|
$this->assertTrue($login->login('test@example.com', 'foobar'));
|
|
|
|
|
|
|
|
// Can't change - current password wrong.
|
|
|
|
try {
|
|
|
|
$login->changePassword('test@example.com', 'foobar2', 'foobar2');
|
|
|
|
$this->fail("Exception should have been thrown");
|
|
|
|
} catch (\Exception $e) {
|
|
|
|
$this->assertEquals("You didn't supply your current password!", $e->getMessage());
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// Should change, current password correct.
|
|
|
|
$this->assertTrue($login->changePassword('test@example.com', 'foobar2', 'foobar'));
|
|
|
|
|
|
|
|
// Can't now login with the old password
|
|
|
|
$this->assertFalse($login->login('test@example.com', 'foobar'));
|
|
|
|
|
|
|
|
// Can login with the new one...
|
|
|
|
$this->assertTrue($login->login('test@example.com', 'foobar2'));
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2021-04-13 22:19:16 +02:00
|
|
|
public function testInvalidUsers()
|
|
|
|
{
|
2020-09-26 10:58:05 +02:00
|
|
|
$login = new Login('mailbox');
|
2020-09-25 22:31:45 +02:00
|
|
|
|
|
|
|
$this->assertFalse($login->login('test', 'password'));
|
|
|
|
$this->assertFalse($login->login('test', ''));
|
|
|
|
$this->assertFalse($login->login('', ''));
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2021-04-13 22:19:16 +02:00
|
|
|
public function testEmptyStringWithDovecot()
|
|
|
|
{
|
2021-01-14 18:05:50 +01:00
|
|
|
global $CONF;
|
|
|
|
|
|
|
|
if (!file_exists('/usr/bin/doveadm')) {
|
|
|
|
$this->markTestSkipped("/usr/bin/doveadm doesn't exist.");
|
|
|
|
}
|
|
|
|
|
|
|
|
$CONF['encrypt'] = 'dovecot:sha512';
|
|
|
|
|
|
|
|
|
|
|
|
db_execute(
|
|
|
|
"UPDATE mailbox SET password = :password WHERE username = :username",
|
|
|
|
[
|
|
|
|
'username' => 'test@example.com',
|
|
|
|
'password' => '{SHA512}ClAmHr0aOQ/tK/Mm8mc8FFWCpjQtUjIElz0CGTN/gWFqgGmwElh89WNfaSXxtWw2AjDBmyc1AO4BPgMGAb8kJQ==', // pacrypt('foobar'),
|
|
|
|
]
|
|
|
|
);
|
|
|
|
|
|
|
|
$l = new Login('mailbox');
|
|
|
|
$this->assertFalse($l->login('test@example.com', ''));
|
|
|
|
|
|
|
|
$this->assertTrue($l->login('test@example.com', 'foobar'));
|
|
|
|
|
|
|
|
$this->assertFalse($l->login('test@fails.com', 'foobar'));
|
|
|
|
}
|
|
|
|
|
2023-12-27 17:09:35 +01:00
|
|
|
public function testInvalidLogin()
|
2021-04-13 22:19:16 +02:00
|
|
|
{
|
2020-09-26 10:58:05 +02:00
|
|
|
$login = new Login('mailbox');
|
2020-09-25 22:31:45 +02:00
|
|
|
|
|
|
|
$this->assertFalse($login->login('test', 'password'));
|
|
|
|
$this->assertFalse($login->login('test', 'foobar'));
|
|
|
|
$this->assertFalse($login->login('', ''));
|
|
|
|
}
|
|
|
|
|
2021-04-13 22:19:16 +02:00
|
|
|
public function testPasswordRecovery()
|
|
|
|
{
|
2020-09-26 10:58:05 +02:00
|
|
|
$login = new Login('mailbox');
|
2020-09-25 22:31:45 +02:00
|
|
|
$this->assertFalse($login->generatePasswordRecoveryCode(''));
|
|
|
|
$this->assertFalse($login->generatePasswordRecoveryCode('doesnotexist'));
|
|
|
|
$this->assertNotEmpty($login->generatePasswordRecoveryCode('test@example.com'));
|
|
|
|
}
|
2023-12-27 17:09:35 +01:00
|
|
|
|
|
|
|
public function testAddAppPasswordIncorrectPassword()
|
|
|
|
{
|
|
|
|
$login = new Login('mailbox');
|
|
|
|
$this->assertTrue($login->login('test@example.com', 'foobar'));
|
|
|
|
|
|
|
|
$this->expectExceptionMessage("You didn't supply your current password!");
|
|
|
|
$this->assertTrue($login->addAppPassword('test@example.com', 'fish', '1st-app-password', 'something'));
|
|
|
|
}
|
|
|
|
public function testAddAppPassword()
|
|
|
|
{
|
|
|
|
$login = new Login('mailbox');
|
|
|
|
$this->assertTrue($login->login('test@example.com', 'foobar'));
|
|
|
|
|
|
|
|
$this->assertTrue($login->addAppPassword('test@example.com', 'foobar', '1st-app-password', 'something'));
|
|
|
|
$this->assertTrue($login->addAppPassword('test@example.com', 'foobar', '1st-app-password', 'something'));
|
|
|
|
|
|
|
|
$rows = db_query_all('SELECT * FROM mailbox_app_password');
|
|
|
|
|
|
|
|
$this->assertEquals(2, count($rows));
|
|
|
|
|
|
|
|
foreach ($rows as $r) {
|
|
|
|
$this->assertEquals('1st-app-password', $r['description']);
|
|
|
|
$this->assertNotEmpty($r['password_hash']);
|
|
|
|
$this->assertEquals('test@example.com', $r['username']);
|
|
|
|
}
|
|
|
|
}
|
2020-09-25 22:31:45 +02:00
|
|
|
}
|