postfixadmin/tests/LoginTest.php

<?php

class LoginTest extends \PHPUnit\Framework\TestCase
{
    public function setUp(): void {
        global $CONF;

        $this->cleanUp();

        $CONF['pacrypt'] = 'md5'; // crap

        db_execute("INSERT INTO domain(domain, description, transport) values ('example.com', 'test', 'foo')", [], true);

        db_execute(
            "INSERT INTO mailbox(username, password, name, maildir, local_part, domain) VALUES(:username, :password, :name, :maildir, :local_part, :domain)",
            [
                'username' => 'test@example.com',
                'password' => pacrypt('foobar'),
                'name' => 'test user',
                'maildir' => '/foo/bar',
                'local_part' => 'test',
                'domain' => 'example.com',
            ]);


        parent::setUp();
    }


    public function tearDown(): void {
        $this->cleanUp();
        parent::tearDown(); // TODO: Change the autogenerated stub
    }

    private function cleanUp() {
        db_query('DELETE FROM alias');
        db_query('DELETE FROM alias_domain');
        db_query('DELETE FROM mailbox');
        db_query('DELETE FROM domain_admins');
        db_query('DELETE FROM domain');
    }

    public function testPasswordchange() {
        $login = new Login('mailbox');

        $this->assertTrue($login->login('test@example.com', 'foobar'));

        // Can't change - current password wrong.
        try {
            $login->changePassword('test@example.com', 'foobar2', 'foobar2');
            $this->fail("Exception should have been thrown");
        } catch (\Exception $e) {
            $this->assertEquals("You didn't supply your current password!", $e->getMessage());
        }


        // Should change, current password correct.
        $this->assertTrue($login->changePassword('test@example.com', 'foobar2', 'foobar'));

        // Can't now login with the old password
        $this->assertFalse($login->login('test@example.com', 'foobar'));

        // Can login with the new one...
        $this->assertTrue($login->login('test@example.com', 'foobar2'));
    }


    public function testInvalidUsers() {
        $login = new Login('mailbox');

        $this->assertFalse($login->login('test', 'password'));
        $this->assertFalse($login->login('test', ''));
        $this->assertFalse($login->login('', ''));
    }


    public function testEmptyStringWithDovecot() {
        global $CONF;

        if (!file_exists('/usr/bin/doveadm')) {
            $this->markTestSkipped("/usr/bin/doveadm doesn't exist.");
        }

        $CONF['encrypt'] = 'dovecot:sha512';


        db_execute(
            "UPDATE mailbox SET password = :password WHERE username = :username",
            [
                'username' => 'test@example.com',
                'password' => '{SHA512}ClAmHr0aOQ/tK/Mm8mc8FFWCpjQtUjIElz0CGTN/gWFqgGmwElh89WNfaSXxtWw2AjDBmyc1AO4BPgMGAb8kJQ==', // pacrypt('foobar'),
            ]
        );

        $l = new Login('mailbox');
        $this->assertFalse($l->login('test@example.com', ''));

        $this->assertTrue($l->login('test@example.com', 'foobar'));

        $this->assertFalse($l->login('test@fails.com', 'foobar'));
    }

    public function testValidLogin() {
        $login = new Login('mailbox');

        $this->assertFalse($login->login('test', 'password'));
        $this->assertFalse($login->login('test', 'foobar'));
        $this->assertFalse($login->login('', ''));
    }

    public function testPasswordRecovery() {
        $login = new Login('mailbox');
        $this->assertFalse($login->generatePasswordRecoveryCode(''));
        $this->assertFalse($login->generatePasswordRecoveryCode('doesnotexist'));
        $this->assertNotEmpty($login->generatePasswordRecoveryCode('test@example.com'));
    }
}
move password check and recovery code generation out of PFAHandlers and into a Login class 2020-09-25 22:31:45 +02:00			`<?php`

phpcs wants to change ... 2021-03-22 10:28:28 +01:00			`class LoginTest extends \PHPUnit\Framework\TestCase`
			`{`
composer format 2020-09-25 22:33:26 +02:00			`public function setUp(): void {`
update changelog; try and improve tests 2021-01-14 18:05:50 +01:00			`global $CONF;`

move password check and recovery code generation out of PFAHandlers and into a Login class 2020-09-25 22:31:45 +02:00			`$this->cleanUp();`

update changelog; try and improve tests 2021-01-14 18:05:50 +01:00			`$CONF['pacrypt'] = 'md5'; // crap`

fix postgresql test 2021-01-19 17:50:56 +01:00			`db_execute("INSERT INTO domain(domain, description, transport) values ('example.com', 'test', 'foo')", [], true);`
move password check and recovery code generation out of PFAHandlers and into a Login class 2020-09-25 22:31:45 +02:00
			`db_execute(`
fix postgresql test 2021-01-19 17:50:56 +01:00			`"INSERT INTO mailbox(username, password, name, maildir, local_part, domain) VALUES(:username, :password, :name, :maildir, :local_part, :domain)",`
move password check and recovery code generation out of PFAHandlers and into a Login class 2020-09-25 22:31:45 +02:00			`[`
			`'username' => 'test@example.com',`
			`'password' => pacrypt('foobar'),`
			`'name' => 'test user',`
			`'maildir' => '/foo/bar',`
			`'local_part' => 'test',`
			`'domain' => 'example.com',`
			`]);`
fix postgresql test 2021-01-19 17:50:56 +01:00

move password check and recovery code generation out of PFAHandlers and into a Login class 2020-09-25 22:31:45 +02:00			`parent::setUp();`
			`}`


composer format 2020-09-25 22:33:26 +02:00			`public function tearDown(): void {`
move password check and recovery code generation out of PFAHandlers and into a Login class 2020-09-25 22:31:45 +02:00			`$this->cleanUp();`
			`parent::tearDown(); // TODO: Change the autogenerated stub`
			`}`

composer format 2020-09-25 22:33:26 +02:00			`private function cleanUp() {`
fix postgresql test 2021-01-19 17:50:56 +01:00			`db_query('DELETE FROM alias');`
			`db_query('DELETE FROM alias_domain');`
move password check and recovery code generation out of PFAHandlers and into a Login class 2020-09-25 22:31:45 +02:00			`db_query('DELETE FROM mailbox');`
fix postgresql test 2021-01-19 17:50:56 +01:00			`db_query('DELETE FROM domain_admins');`
move password check and recovery code generation out of PFAHandlers and into a Login class 2020-09-25 22:31:45 +02:00			`db_query('DELETE FROM domain');`
			`}`

add something to test Login::passwordChange() works 2021-02-23 10:57:01 +01:00			`public function testPasswordchange() {`
			`$login = new Login('mailbox');`

			`$this->assertTrue($login->login('test@example.com', 'foobar'));`

			`// Can't change - current password wrong.`
			`try {`
			`$login->changePassword('test@example.com', 'foobar2', 'foobar2');`
			`$this->fail("Exception should have been thrown");`
			`} catch (\Exception $e) {`
			`$this->assertEquals("You didn't supply your current password!", $e->getMessage());`
			`}`


			`// Should change, current password correct.`
			`$this->assertTrue($login->changePassword('test@example.com', 'foobar2', 'foobar'));`

			`// Can't now login with the old password`
			`$this->assertFalse($login->login('test@example.com', 'foobar'));`

			`// Can login with the new one...`
			`$this->assertTrue($login->login('test@example.com', 'foobar2'));`
			`}`


composer format 2020-09-25 22:33:26 +02:00			`public function testInvalidUsers() {`
rejig Login::__construct() as only one arg is really needed 2020-09-26 10:58:05 +02:00			`$login = new Login('mailbox');`
move password check and recovery code generation out of PFAHandlers and into a Login class 2020-09-25 22:31:45 +02:00
			`$this->assertFalse($login->login('test', 'password'));`
			`$this->assertFalse($login->login('test', ''));`
			`$this->assertFalse($login->login('', ''));`
			`}`


update changelog; try and improve tests 2021-01-14 18:05:50 +01:00			`public function testEmptyStringWithDovecot() {`
			`global $CONF;`

			`if (!file_exists('/usr/bin/doveadm')) {`
			`$this->markTestSkipped("/usr/bin/doveadm doesn't exist.");`
			`}`

			`$CONF['encrypt'] = 'dovecot:sha512';`


			`db_execute(`
			`"UPDATE mailbox SET password = :password WHERE username = :username",`
			`[`
			`'username' => 'test@example.com',`
			`'password' => '{SHA512}ClAmHr0aOQ/tK/Mm8mc8FFWCpjQtUjIElz0CGTN/gWFqgGmwElh89WNfaSXxtWw2AjDBmyc1AO4BPgMGAb8kJQ==', // pacrypt('foobar'),`
			`]`
			`);`

			`$l = new Login('mailbox');`
			`$this->assertFalse($l->login('test@example.com', ''));`

			`$this->assertTrue($l->login('test@example.com', 'foobar'));`

			`$this->assertFalse($l->login('test@fails.com', 'foobar'));`
			`}`

composer format 2020-09-25 22:33:26 +02:00			`public function testValidLogin() {`
rejig Login::__construct() as only one arg is really needed 2020-09-26 10:58:05 +02:00			`$login = new Login('mailbox');`
move password check and recovery code generation out of PFAHandlers and into a Login class 2020-09-25 22:31:45 +02:00
			`$this->assertFalse($login->login('test', 'password'));`
			`$this->assertFalse($login->login('test', 'foobar'));`
			`$this->assertFalse($login->login('', ''));`
			`}`

composer format 2020-09-25 22:33:26 +02:00			`public function testPasswordRecovery() {`
rejig Login::__construct() as only one arg is really needed 2020-09-26 10:58:05 +02:00			`$login = new Login('mailbox');`
move password check and recovery code generation out of PFAHandlers and into a Login class 2020-09-25 22:31:45 +02:00			`$this->assertFalse($login->generatePasswordRecoveryCode(''));`
			`$this->assertFalse($login->generatePasswordRecoveryCode('doesnotexist'));`
			`$this->assertNotEmpty($login->generatePasswordRecoveryCode('test@example.com'));`
			`}`
			`}`