summaryrefslogtreecommitdiffstats
path: root/Tests/Http/Firewall
diff options
context:
space:
mode:
Diffstat (limited to 'Tests/Http/Firewall')
-rw-r--r--Tests/Http/Firewall/AnonymousAuthenticationListenerTest.php17
-rw-r--r--Tests/Http/Firewall/BasicAuthenticationListenerTest.php14
-rw-r--r--Tests/Http/Firewall/ContextListenerTest.php82
-rw-r--r--Tests/Http/Firewall/DigestDataTest.php12
-rw-r--r--Tests/Http/Firewall/SwitchUserListenerTest.php175
5 files changed, 287 insertions, 13 deletions
diff --git a/Tests/Http/Firewall/AnonymousAuthenticationListenerTest.php b/Tests/Http/Firewall/AnonymousAuthenticationListenerTest.php
index 9e7ea90..73ee821 100644
--- a/Tests/Http/Firewall/AnonymousAuthenticationListenerTest.php
+++ b/Tests/Http/Firewall/AnonymousAuthenticationListenerTest.php
@@ -59,4 +59,21 @@ class AnonymousAuthenticationListenerTest extends \PHPUnit_Framework_TestCase
$listener = new AnonymousAuthenticationListener($context, 'TheKey');
$listener->handle($this->getMock('Symfony\Component\HttpKernel\Event\GetResponseEvent', array(), array(), '', false));
}
+
+ public function testHandledEventIsLogged()
+ {
+ if (!interface_exists('Psr\Log\LoggerInterface')) {
+ $this->markTestSkipped('The "LoggerInterface" is not available');
+ }
+
+ $context = $this->getMock('Symfony\Component\Security\Core\SecurityContextInterface');
+ $logger = $this->getMock('Psr\Log\LoggerInterface');
+ $logger->expects($this->once())
+ ->method('info')
+ ->with('Populated SecurityContext with an anonymous Token')
+ ;
+
+ $listener = new AnonymousAuthenticationListener($context, 'TheKey', $logger);
+ $listener->handle($this->getMock('Symfony\Component\HttpKernel\Event\GetResponseEvent', array(), array(), '', false));
+ }
}
diff --git a/Tests/Http/Firewall/BasicAuthenticationListenerTest.php b/Tests/Http/Firewall/BasicAuthenticationListenerTest.php
index 84564bf..7616149 100644
--- a/Tests/Http/Firewall/BasicAuthenticationListenerTest.php
+++ b/Tests/Http/Firewall/BasicAuthenticationListenerTest.php
@@ -196,6 +196,20 @@ class BasicAuthenticationListenerTest extends \PHPUnit_Framework_TestCase
$listener->handle($event);
}
+ /**
+ * @expectedException \InvalidArgumentException
+ * @expectedExceptionMessage $providerKey must not be empty
+ */
+ public function testItRequiresProviderKey()
+ {
+ new BasicAuthenticationListener(
+ $this->getMock('Symfony\Component\Security\Core\SecurityContextInterface'),
+ $this->getMock('Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface'),
+ '',
+ $this->getMock('Symfony\Component\Security\Http\EntryPoint\AuthenticationEntryPointInterface')
+ );
+ }
+
public function testHandleWithADifferentAuthenticatedToken()
{
$request = new Request(array(), array(), array(), array(), array(), array(
diff --git a/Tests/Http/Firewall/ContextListenerTest.php b/Tests/Http/Firewall/ContextListenerTest.php
index ffe6195..336c333 100644
--- a/Tests/Http/Firewall/ContextListenerTest.php
+++ b/Tests/Http/Firewall/ContextListenerTest.php
@@ -17,6 +17,7 @@ use Symfony\Component\HttpFoundation\Session\Session;
use Symfony\Component\HttpFoundation\Session\Storage\MockArraySessionStorage;
use Symfony\Component\HttpKernel\Event\FilterResponseEvent;
use Symfony\Component\HttpKernel\HttpKernelInterface;
+use Symfony\Component\HttpKernel\KernelEvents;
use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
use Symfony\Component\Security\Core\SecurityContext;
use Symfony\Component\Security\Http\Firewall\ContextListener;
@@ -48,6 +49,32 @@ class ContextListenerTest extends \PHPUnit_Framework_TestCase
unset($this->securityContext);
}
+ /**
+ * @expectedException \InvalidArgumentException
+ * @expectedExceptionMessage $contextKey must not be empty
+ */
+ public function testItRequiresContextKey()
+ {
+ new ContextListener(
+ $this->getMock('Symfony\Component\Security\Core\SecurityContextInterface'),
+ array(),
+ ''
+ );
+ }
+
+ /**
+ * @expectedException \InvalidArgumentException
+ * @expectedExceptionMessage User provider "stdClass" must implement "Symfony\Component\Security\Core\User\UserProviderInterface
+ */
+ public function testUserProvidersNeedToImplementAnInterface()
+ {
+ new ContextListener(
+ $this->getMock('Symfony\Component\Security\Core\SecurityContextInterface'),
+ array(new \stdClass()),
+ 'key123'
+ );
+ }
+
public function testOnKernelResponseWillAddSession()
{
$session = $this->runSessionOnKernelResponse(
@@ -131,9 +158,7 @@ class ContextListenerTest extends \PHPUnit_Framework_TestCase
->disableOriginalConstructor()
->getMock();
$request = $this->getMock('Symfony\Component\HttpFoundation\Request');
- $session = $this->getMockBuilder('Symfony\Component\HttpFoundation\Session\Session')
- ->disableOriginalConstructor()
- ->getMock();
+ $session = $this->getMock('Symfony\Component\HttpFoundation\Session\SessionInterface');
$event->expects($this->any())
->method('getRequest')
@@ -147,7 +172,7 @@ class ContextListenerTest extends \PHPUnit_Framework_TestCase
$session->expects($this->any())
->method('get')
->with('_security_key123')
- ->will($this->returnValue(serialize($token)));
+ ->will($this->returnValue($token));
$context->expects($this->once())
->method('setToken')
->with(null);
@@ -159,11 +184,53 @@ class ContextListenerTest extends \PHPUnit_Framework_TestCase
public function provideInvalidToken()
{
return array(
- array(new \__PHP_Incomplete_Class()),
- array(null),
+ array(serialize(new \__PHP_Incomplete_Class())),
+ array(serialize(null)),
+ array(null)
);
}
+ public function testHandleAddsKernelResponseListener()
+ {
+ $context = $this->getMock('Symfony\Component\Security\Core\SecurityContextInterface');
+ $dispatcher = $this->getMock('Symfony\Component\EventDispatcher\EventDispatcherInterface');
+ $event = $this->getMockBuilder('Symfony\Component\HttpKernel\Event\GetResponseEvent')
+ ->disableOriginalConstructor()
+ ->getMock();
+
+ $listener = new ContextListener($context, array(), 'key123', null, $dispatcher);
+
+ $event->expects($this->any())
+ ->method('getRequestType')
+ ->will($this->returnValue(HttpKernelInterface::MASTER_REQUEST));
+ $event->expects($this->any())
+ ->method('getRequest')
+ ->will($this->returnValue($this->getMock('Symfony\Component\HttpFoundation\Request')));
+
+ $dispatcher->expects($this->once())
+ ->method('addListener')
+ ->with(KernelEvents::RESPONSE, array($listener, 'onKernelResponse'));
+
+ $listener->handle($event);
+ }
+
+ public function testHandleRemovesTokenIfNoPreviousSessionWasFound()
+ {
+ $request = $this->getMock('Symfony\Component\HttpFoundation\Request');
+ $request->expects($this->any())->method('hasPreviousSession')->will($this->returnValue(false));
+
+ $event = $this->getMockBuilder('Symfony\Component\HttpKernel\Event\GetResponseEvent')
+ ->disableOriginalConstructor()
+ ->getMock();
+ $event->expects($this->any())->method('getRequest')->will($this->returnValue($request));
+
+ $context = $this->getMock('Symfony\Component\Security\Core\SecurityContextInterface');
+ $context->expects($this->once())->method('setToken')->with(null);
+
+ $listener = new ContextListener($context, array(), 'key123');
+ $listener->handle($event);
+ }
+
protected function runSessionOnKernelResponse($newToken, $original = null)
{
$session = new Session(new MockArraySessionStorage());
@@ -189,4 +256,5 @@ class ContextListenerTest extends \PHPUnit_Framework_TestCase
$listener->onKernelResponse($event);
return $session;
- }}
+ }
+}
diff --git a/Tests/Http/Firewall/DigestDataTest.php b/Tests/Http/Firewall/DigestDataTest.php
index cfb929c..8b63d9c 100644
--- a/Tests/Http/Firewall/DigestDataTest.php
+++ b/Tests/Http/Firewall/DigestDataTest.php
@@ -103,10 +103,10 @@ class DigestDataTest extends \PHPUnit_Framework_TestCase
{
$time = microtime(true);
$key = 'ThisIsAKey';
- $nonce = base64_encode($time . ':' . md5($time . ':' . $key));
+ $nonce = base64_encode($time.':'.md5($time.':'.$key));
$digestAuth = new DigestData(
- 'username="user", realm="Welcome, robot!", nonce="' . $nonce . '", ' .
+ 'username="user", realm="Welcome, robot!", nonce="'.$nonce.'", ' .
'uri="/path/info?p1=5&p2=5", cnonce="MDIwODkz", nc=00000001, qop="auth", ' .
'response="b52938fc9e6d7c01be7702ece9031b42"'
);
@@ -143,10 +143,10 @@ class DigestDataTest extends \PHPUnit_Framework_TestCase
{
$time = microtime(true) + 10;
$key = 'ThisIsAKey';
- $nonce = base64_encode($time . ':' . md5($time . ':' . $key));
+ $nonce = base64_encode($time.':'.md5($time.':'.$key));
$digestAuth = new DigestData(
- 'username="user", realm="Welcome, robot!", nonce="' . $nonce . '", ' .
+ 'username="user", realm="Welcome, robot!", nonce="'.$nonce.'", ' .
'uri="/path/info?p1=5&p2=5", cnonce="MDIwODkz", nc=00000001, qop="auth", ' .
'response="b52938fc9e6d7c01be7702ece9031b42"'
);
@@ -164,10 +164,10 @@ class DigestDataTest extends \PHPUnit_Framework_TestCase
private function calculateServerDigest($username, $realm, $password, $key, $nc, $cnonce, $qop, $method, $uri)
{
$time = microtime(true);
- $nonce = base64_encode($time . ':' . md5($time . ':' . $key));
+ $nonce = base64_encode($time.':'.md5($time.':'.$key));
$response = md5(
- md5($username . ':' . $realm . ':' . $password) . ':' . $nonce . ':' . $nc . ':' . $cnonce . ':' . $qop . ':' . md5($method . ':' . $uri)
+ md5($username.':'.$realm.':'.$password).':'.$nonce.':'.$nc.':'.$cnonce.':'.$qop.':'.md5($method.':'.$uri)
);
$digest = sprintf('username="%s", realm="%s", nonce="%s", uri="%s", cnonce="%s", nc=%s, qop="%s", response="%s"',
diff --git a/Tests/Http/Firewall/SwitchUserListenerTest.php b/Tests/Http/Firewall/SwitchUserListenerTest.php
new file mode 100644
index 0000000..f8bb9f6
--- /dev/null
+++ b/Tests/Http/Firewall/SwitchUserListenerTest.php
@@ -0,0 +1,175 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\Security\Tests\Http\Firewall;
+
+use Symfony\Component\Security\Http\Firewall\SwitchUserListener;
+
+class SwitchUserListenerTest extends \PHPUnit_Framework_TestCase
+{
+ private $securityContext;
+
+ private $userProvider;
+
+ private $userChecker;
+
+ private $accessDecisionManager;
+
+ private $request;
+
+ private $event;
+
+ protected function setUp()
+ {
+ if (!class_exists('Symfony\Component\HttpFoundation\Request')) {
+ $this->markTestSkipped('The "HttpFoundation" component is not available');
+ }
+
+ if (!class_exists('Symfony\Component\HttpKernel\HttpKernel')) {
+ $this->markTestSkipped('The "HttpKernel" component is not available');
+ }
+
+ $this->securityContext = $this->getMock('Symfony\Component\Security\Core\SecurityContextInterface');
+ $this->userProvider = $this->getMock('Symfony\Component\Security\Core\User\UserProviderInterface');
+ $this->userChecker = $this->getMock('Symfony\Component\Security\Core\User\UserCheckerInterface');
+ $this->accessDecisionManager = $this->getMock('Symfony\Component\Security\Core\Authorization\AccessDecisionManagerInterface');
+ $this->request = $this->getMock('Symfony\Component\HttpFoundation\Request');
+ $this->request->server = $this->getMock('Symfony\Component\HttpFoundation\ServerBag');
+ $this->event = $this->getEvent($this->request);
+ }
+
+ /**
+ * @expectedException \InvalidArgumentException
+ * @expectedExceptionMessage $providerKey must not be empty
+ */
+ public function testProviderKeyIsRequired()
+ {
+ new SwitchUserListener($this->securityContext, $this->userProvider, $this->userChecker, '', $this->accessDecisionManager);
+ }
+
+ public function testEventIsIgnoredIfUsernameIsNotPassedWithTheRequest()
+ {
+ $this->request->expects($this->any())->method('get')->with('_switch_user')->will($this->returnValue(null));
+
+ $this->event->expects($this->never())->method('setResopnse');
+ $this->securityContext->expects($this->never())->method('setToken');
+
+ $listener = new SwitchUserListener($this->securityContext, $this->userProvider, $this->userChecker, 'provider123', $this->accessDecisionManager);
+ $listener->handle($this->event);
+ }
+
+ /**
+ * @expectedException \Symfony\Component\Security\Core\Exception\AuthenticationCredentialsNotFoundException
+ */
+ public function testExitUserThrowsAuthenticationExceptionIfOriginalTokenCannotBeFound()
+ {
+ $token = $this->getToken(array($this->getMock('Symfony\Component\Security\Core\Role\RoleInterface')));
+
+ $this->securityContext->expects($this->any())->method('getToken')->will($this->returnValue($token));
+ $this->request->expects($this->any())->method('get')->with('_switch_user')->will($this->returnValue('_exit'));
+
+ $listener = new SwitchUserListener($this->securityContext, $this->userProvider, $this->userChecker, 'provider123', $this->accessDecisionManager);
+ $listener->handle($this->event);
+ }
+
+ public function testExitUserUpdatesToken()
+ {
+ $originalToken = $this->getToken();
+ $role = $this->getMockBuilder('Symfony\Component\Security\Core\Role\SwitchUserRole')
+ ->disableOriginalConstructor()
+ ->getMock();
+ $role->expects($this->any())->method('getSource')->will($this->returnValue($originalToken));
+
+ $this->securityContext->expects($this->any())
+ ->method('getToken')
+ ->will($this->returnValue($this->getToken(array($role))));
+
+ $this->request->expects($this->any())->method('get')->with('_switch_user')->will($this->returnValue('_exit'));
+ $this->request->expects($this->any())->method('getUri')->will($this->returnValue('/'));
+ $this->request->server->expects($this->once())->method('set')->with('QUERY_STRING', '');
+
+ $this->securityContext->expects($this->once())
+ ->method('setToken')->with($originalToken);
+ $this->event->expects($this->once())
+ ->method('setResponse')->with($this->isInstanceOf('Symfony\Component\HttpFoundation\RedirectResponse'));
+
+ $listener = new SwitchUserListener($this->securityContext, $this->userProvider, $this->userChecker, 'provider123', $this->accessDecisionManager);
+ $listener->handle($this->event);
+ }
+
+ /**
+ * @expectedException \Symfony\Component\Security\Core\Exception\AccessDeniedException
+ */
+ public function testSwitchUserIsDissallowed()
+ {
+ $token = $this->getToken(array($this->getMock('Symfony\Component\Security\Core\Role\RoleInterface')));
+
+ $this->securityContext->expects($this->any())->method('getToken')->will($this->returnValue($token));
+ $this->request->expects($this->any())->method('get')->with('_switch_user')->will($this->returnValue('kuba'));
+
+ $this->accessDecisionManager->expects($this->once())
+ ->method('decide')->with($token, array('ROLE_ALLOWED_TO_SWITCH'))
+ ->will($this->returnValue(false));
+
+ $listener = new SwitchUserListener($this->securityContext, $this->userProvider, $this->userChecker, 'provider123', $this->accessDecisionManager);
+ $listener->handle($this->event);
+ }
+
+ public function testSwitchUser()
+ {
+ $token = $this->getToken(array($this->getMock('Symfony\Component\Security\Core\Role\RoleInterface')));
+ $user = $this->getMock('Symfony\Component\Security\Core\User\UserInterface');
+ $user->expects($this->any())->method('getRoles')->will($this->returnValue(array()));
+
+ $this->securityContext->expects($this->any())->method('getToken')->will($this->returnValue($token));
+ $this->request->expects($this->any())->method('get')->with('_switch_user')->will($this->returnValue('kuba'));
+ $this->request->expects($this->any())->method('getUri')->will($this->returnValue('/'));
+ $this->request->server->expects($this->once())->method('set')->with('QUERY_STRING', '');
+
+ $this->accessDecisionManager->expects($this->once())
+ ->method('decide')->with($token, array('ROLE_ALLOWED_TO_SWITCH'))
+ ->will($this->returnValue(true));
+
+ $this->userProvider->expects($this->once())
+ ->method('loadUserByUsername')->with('kuba')
+ ->will($this->returnValue($user));
+ $this->userChecker->expects($this->once())
+ ->method('checkPostAuth')->with($user);
+ $this->securityContext->expects($this->once())
+ ->method('setToken')->with($this->isInstanceOf('Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken'));
+
+ $listener = new SwitchUserListener($this->securityContext, $this->userProvider, $this->userChecker, 'provider123', $this->accessDecisionManager);
+ $listener->handle($this->event);
+ }
+
+ private function getEvent($request)
+ {
+ $event = $this->getMockBuilder('Symfony\Component\HttpKernel\Event\GetResponseEvent')
+ ->disableOriginalConstructor()
+ ->getMock();
+
+ $event->expects($this->any())
+ ->method('getRequest')
+ ->will($this->returnValue($request));
+
+ return $event;
+ }
+
+ private function getToken(array $roles = array())
+ {
+ $token = $this->getMock('Symfony\Component\Security\Core\Authentication\Token\TokenInterface');
+ $token->expects($this->any())
+ ->method('getRoles')
+ ->will($this->returnValue($roles));
+
+ return $token;
+ }
+}
generated by cgit v1.1 at 2025-05-17 15:20:02 +0000