2008-05-30 11:40:08 +00:00
|
|
|
<?php
|
|
|
|
/* SVN FILE: $Id$ */
|
|
|
|
/**
|
|
|
|
* Short description for file.
|
|
|
|
*
|
|
|
|
* Long description for file
|
|
|
|
*
|
|
|
|
* PHP versions 4 and 5
|
|
|
|
*
|
|
|
|
* CakePHP(tm) Tests <https://trac.cakephp.org/wiki/Developement/TestSuite>
|
|
|
|
* Copyright 2005-2008, Cake Software Foundation, Inc.
|
|
|
|
* 1785 E. Sahara Avenue, Suite 490-204
|
|
|
|
* Las Vegas, Nevada 89104
|
|
|
|
*
|
|
|
|
* Licensed under The Open Group Test Suite License
|
|
|
|
* Redistributions of files must retain the above copyright notice.
|
|
|
|
*
|
|
|
|
* @filesource
|
|
|
|
* @copyright Copyright 2005-2008, Cake Software Foundation, Inc.
|
|
|
|
* @link https://trac.cakephp.org/wiki/Developement/TestSuite CakePHP(tm) Tests
|
|
|
|
* @package cake.tests
|
|
|
|
* @subpackage cake.tests.cases.libs.controller.components
|
|
|
|
* @since CakePHP(tm) v 1.2.0.5435
|
|
|
|
* @version $Revision$
|
|
|
|
* @modifiedby $LastChangedBy$
|
|
|
|
* @lastmodified $Date$
|
|
|
|
* @license http://www.opensource.org/licenses/opengroup.php The Open Group Test Suite License
|
|
|
|
*/
|
|
|
|
uses('controller' . DS . 'components' . DS .'security');
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Short description for class.
|
|
|
|
*
|
|
|
|
* @package cake.tests
|
|
|
|
* @subpackage cake.tests.cases.libs.controller.components
|
|
|
|
*/
|
|
|
|
class SecurityTestController extends Controller {
|
2008-06-02 19:22:55 +00:00
|
|
|
/**
|
|
|
|
* name property
|
|
|
|
*
|
|
|
|
* @var string 'SecurityTest'
|
|
|
|
* @access public
|
|
|
|
*/
|
2008-05-30 11:40:08 +00:00
|
|
|
var $name = 'SecurityTest';
|
2008-06-02 19:22:55 +00:00
|
|
|
/**
|
|
|
|
* components property
|
|
|
|
*
|
|
|
|
* @var array
|
|
|
|
* @access public
|
|
|
|
*/
|
2008-05-30 11:40:08 +00:00
|
|
|
var $components = array('Security');
|
2008-06-02 19:22:55 +00:00
|
|
|
/**
|
|
|
|
* failed property
|
|
|
|
*
|
|
|
|
* @var bool false
|
|
|
|
* @access public
|
|
|
|
*/
|
2008-05-30 11:40:08 +00:00
|
|
|
var $failed = false;
|
2008-06-02 19:22:55 +00:00
|
|
|
/**
|
|
|
|
* fail method
|
|
|
|
*
|
|
|
|
* @access public
|
|
|
|
* @return void
|
|
|
|
*/
|
2008-05-30 11:40:08 +00:00
|
|
|
function fail() {
|
|
|
|
$this->failed = true;
|
|
|
|
}
|
2008-06-02 19:22:55 +00:00
|
|
|
/**
|
|
|
|
* redirect method
|
|
|
|
*
|
|
|
|
* @param mixed $option
|
|
|
|
* @param mixed $code
|
|
|
|
* @param mixed $exit
|
|
|
|
* @access public
|
|
|
|
* @return void
|
|
|
|
*/
|
2008-05-30 11:40:08 +00:00
|
|
|
function redirect($option, $code, $exit) {
|
|
|
|
return $code;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Short description for class.
|
|
|
|
*
|
|
|
|
* @package cake.tests
|
|
|
|
* @subpackage cake.tests.cases.libs.controller.components
|
|
|
|
*/
|
|
|
|
class SecurityComponentTest extends CakeTestCase {
|
2008-06-02 19:22:55 +00:00
|
|
|
/**
|
|
|
|
* setUp method
|
|
|
|
*
|
|
|
|
* @access public
|
|
|
|
* @return void
|
|
|
|
*/
|
2008-05-30 11:40:08 +00:00
|
|
|
function setUp() {
|
|
|
|
$this->Controller =& new SecurityTestController();
|
2008-05-31 03:54:22 +00:00
|
|
|
$this->Controller->Component->init($this->Controller);
|
2008-05-30 11:40:08 +00:00
|
|
|
$this->Controller->Security->blackHoleCallback = 'fail';
|
|
|
|
}
|
2008-06-02 19:22:55 +00:00
|
|
|
/**
|
|
|
|
* testStartup method
|
|
|
|
*
|
|
|
|
* @access public
|
|
|
|
* @return void
|
|
|
|
*/
|
2008-05-30 11:40:08 +00:00
|
|
|
function testStartup() {
|
|
|
|
$this->Controller->Security->startup($this->Controller);
|
|
|
|
$result = $this->Controller->params['_Token']['key'];
|
|
|
|
$this->assertNotNull($result);
|
|
|
|
$this->assertTrue($this->Controller->Session->check('_Token'));
|
|
|
|
}
|
2008-06-02 19:22:55 +00:00
|
|
|
/**
|
|
|
|
* testRequirePostFail method
|
|
|
|
*
|
|
|
|
* @access public
|
|
|
|
* @return void
|
|
|
|
*/
|
2008-05-30 11:40:08 +00:00
|
|
|
function testRequirePostFail() {
|
|
|
|
$_SERVER['REQUEST_METHOD'] = 'GET';
|
|
|
|
$this->Controller->action = 'posted';
|
|
|
|
$this->Controller->Security->requirePost('posted');
|
|
|
|
$this->Controller->Security->startup($this->Controller);
|
|
|
|
$this->assertTrue($this->Controller->failed);
|
|
|
|
}
|
2008-06-02 19:22:55 +00:00
|
|
|
/**
|
|
|
|
* testRequirePostSucceed method
|
|
|
|
*
|
|
|
|
* @access public
|
|
|
|
* @return void
|
|
|
|
*/
|
2008-05-30 11:40:08 +00:00
|
|
|
function testRequirePostSucceed() {
|
|
|
|
$_SERVER['REQUEST_METHOD'] = 'POST';
|
|
|
|
$this->Controller->action = 'posted';
|
|
|
|
$this->Controller->Security->requirePost('posted');
|
|
|
|
$this->Controller->Security->startup($this->Controller);
|
|
|
|
$this->assertFalse($this->Controller->failed);
|
|
|
|
}
|
2008-06-02 19:22:55 +00:00
|
|
|
/**
|
|
|
|
* testRequireSecureFail method
|
|
|
|
*
|
|
|
|
* @access public
|
|
|
|
* @return void
|
|
|
|
*/
|
2008-05-30 11:40:08 +00:00
|
|
|
function testRequireSecureFail() {
|
|
|
|
$_SERVER['REQUEST_METHOD'] = 'POST';
|
|
|
|
$this->Controller->action = 'posted';
|
|
|
|
$this->Controller->Security->requireSecure('posted');
|
|
|
|
$this->Controller->Security->startup($this->Controller);
|
|
|
|
$this->assertTrue($this->Controller->failed);
|
|
|
|
}
|
2008-06-02 19:22:55 +00:00
|
|
|
/**
|
|
|
|
* testRequireSecureSucceed method
|
|
|
|
*
|
|
|
|
* @access public
|
|
|
|
* @return void
|
|
|
|
*/
|
2008-05-30 11:40:08 +00:00
|
|
|
function testRequireSecureSucceed() {
|
|
|
|
$_SERVER['REQUEST_METHOD'] = 'Secure';
|
|
|
|
$this->Controller->action = 'posted';
|
|
|
|
$_SERVER['HTTPS'] = true;
|
|
|
|
$this->Controller->Security->requireSecure('posted');
|
|
|
|
$this->Controller->Security->startup($this->Controller);
|
|
|
|
$this->assertFalse($this->Controller->failed);
|
|
|
|
}
|
2008-06-02 19:22:55 +00:00
|
|
|
/**
|
|
|
|
* testRequireAuthFail method
|
|
|
|
*
|
|
|
|
* @access public
|
|
|
|
* @return void
|
|
|
|
*/
|
2008-05-30 11:40:08 +00:00
|
|
|
function testRequireAuthFail() {
|
|
|
|
$_SERVER['REQUEST_METHOD'] = 'AUTH';
|
|
|
|
$this->Controller->action = 'posted';
|
|
|
|
$this->Controller->data = array('username' => 'willy', 'password' => 'somePass');
|
|
|
|
$this->Controller->Security->requireAuth('posted');
|
|
|
|
$this->Controller->Security->startup($this->Controller);
|
|
|
|
$this->assertTrue($this->Controller->failed);
|
|
|
|
|
|
|
|
$this->Controller->Session->write('_Token', array('allowedControllers' => array()));
|
|
|
|
$this->Controller->data = array('username' => 'willy', 'password' => 'somePass');
|
|
|
|
$this->Controller->action = 'posted';
|
|
|
|
$this->Controller->Security->requireAuth('posted');
|
|
|
|
$this->Controller->Security->startup($this->Controller);
|
|
|
|
$this->assertTrue($this->Controller->failed);
|
|
|
|
|
|
|
|
$this->Controller->Session->write('_Token', array('allowedControllers' => array('SecurityTest'), 'allowedActions' => array('posted2')));
|
|
|
|
$this->Controller->data = array('username' => 'willy', 'password' => 'somePass');
|
|
|
|
$this->Controller->action = 'posted';
|
|
|
|
$this->Controller->Security->requireAuth('posted');
|
|
|
|
$this->Controller->Security->startup($this->Controller);
|
|
|
|
$this->assertTrue($this->Controller->failed);
|
|
|
|
}
|
2008-06-02 19:22:55 +00:00
|
|
|
/**
|
|
|
|
* testRequireAuthSucceed method
|
|
|
|
*
|
|
|
|
* @access public
|
|
|
|
* @return void
|
|
|
|
*/
|
2008-05-30 11:40:08 +00:00
|
|
|
function testRequireAuthSucceed() {
|
|
|
|
$_SERVER['REQUEST_METHOD'] = 'AUTH';
|
|
|
|
$this->Controller->action = 'posted';
|
|
|
|
$this->Controller->Security->requireAuth('posted');
|
|
|
|
$this->Controller->Security->startup($this->Controller);
|
|
|
|
$this->assertFalse($this->Controller->failed);
|
|
|
|
|
|
|
|
$this->Controller->Security->Session->write('_Token', serialize(array('allowedControllers' => array('SecurityTest'), 'allowedActions' => array('posted'))));
|
|
|
|
$this->Controller->params['controller'] = 'SecurityTest';
|
|
|
|
$this->Controller->params['action'] = 'posted';
|
|
|
|
|
|
|
|
$this->Controller->data = array('username' => 'willy', 'password' => 'somePass', '__Token' => '');
|
|
|
|
$this->Controller->action = 'posted';
|
|
|
|
$this->Controller->Security->requireAuth('posted');
|
|
|
|
$this->Controller->Security->startup($this->Controller);
|
|
|
|
$this->assertFalse($this->Controller->failed);
|
|
|
|
}
|
2008-06-02 19:22:55 +00:00
|
|
|
/**
|
|
|
|
* testRequirePostSucceedWrongMethod method
|
|
|
|
*
|
|
|
|
* @access public
|
|
|
|
* @return void
|
|
|
|
*/
|
2008-05-30 11:40:08 +00:00
|
|
|
function testRequirePostSucceedWrongMethod() {
|
|
|
|
$_SERVER['REQUEST_METHOD'] = 'GET';
|
|
|
|
$this->Controller->action = 'getted';
|
|
|
|
$this->Controller->Security->requirePost('posted');
|
|
|
|
$this->Controller->Security->startup($this->Controller);
|
|
|
|
$this->assertFalse($this->Controller->failed);
|
|
|
|
}
|
2008-06-02 19:22:55 +00:00
|
|
|
/**
|
|
|
|
* testRequireGetFail method
|
|
|
|
*
|
|
|
|
* @access public
|
|
|
|
* @return void
|
|
|
|
*/
|
2008-05-30 11:40:08 +00:00
|
|
|
function testRequireGetFail() {
|
|
|
|
$_SERVER['REQUEST_METHOD'] = 'POST';
|
|
|
|
$this->Controller->action = 'getted';
|
|
|
|
$this->Controller->Security->requireGet('getted');
|
|
|
|
$this->Controller->Security->startup($this->Controller);
|
|
|
|
$this->assertTrue($this->Controller->failed);
|
|
|
|
}
|
2008-06-02 19:22:55 +00:00
|
|
|
/**
|
|
|
|
* testRequireGetSucceed method
|
|
|
|
*
|
|
|
|
* @access public
|
|
|
|
* @return void
|
|
|
|
*/
|
2008-05-30 11:40:08 +00:00
|
|
|
function testRequireGetSucceed() {
|
|
|
|
$_SERVER['REQUEST_METHOD'] = 'GET';
|
|
|
|
$this->Controller->action = 'getted';
|
|
|
|
$this->Controller->Security->requireGet('getted');
|
|
|
|
$this->Controller->Security->startup($this->Controller);
|
|
|
|
$this->assertFalse($this->Controller->failed);
|
|
|
|
}
|
2008-06-02 19:22:55 +00:00
|
|
|
/**
|
|
|
|
* testRequireLogin method
|
|
|
|
*
|
|
|
|
* @access public
|
|
|
|
* @return void
|
|
|
|
*/
|
2008-05-30 11:40:08 +00:00
|
|
|
function testRequireLogin() {
|
|
|
|
$this->Controller->action = 'posted';
|
|
|
|
$this->Controller->Security->requireLogin(
|
|
|
|
'posted',
|
|
|
|
array('type' => 'basic', 'users' => array('admin' => 'password'))
|
|
|
|
);
|
2008-06-20 20:17:23 +00:00
|
|
|
$_SERVER['PHP_AUTH_USER'] = 'admin';
|
2008-05-30 11:40:08 +00:00
|
|
|
$_SERVER['PHP_AUTH_PW'] = 'password';
|
|
|
|
$this->Controller->Security->startup($this->Controller);
|
|
|
|
$this->assertFalse($this->Controller->failed);
|
|
|
|
|
|
|
|
|
|
|
|
$this->Controller->action = 'posted';
|
|
|
|
$this->Controller->Security->requireLogin(
|
|
|
|
'posted',
|
|
|
|
array('type' => 'basic', 'users' => array('admin' => 'password'))
|
|
|
|
);
|
2008-06-20 20:17:23 +00:00
|
|
|
$_SERVER['PHP_AUTH_USER'] = 'admin2';
|
2008-05-30 11:40:08 +00:00
|
|
|
$_SERVER['PHP_AUTH_PW'] = 'password';
|
|
|
|
$this->Controller->Security->startup($this->Controller);
|
|
|
|
$this->assertTrue($this->Controller->failed);
|
|
|
|
|
|
|
|
$this->Controller->action = 'posted';
|
|
|
|
$this->Controller->Security->requireLogin(
|
|
|
|
'posted',
|
|
|
|
array('type' => 'basic', 'users' => array('admin' => 'password'))
|
|
|
|
);
|
2008-06-20 20:17:23 +00:00
|
|
|
$_SERVER['PHP_AUTH_USER'] = 'admin';
|
2008-05-30 11:40:08 +00:00
|
|
|
$_SERVER['PHP_AUTH_PW'] = 'password2';
|
|
|
|
$this->Controller->Security->startup($this->Controller);
|
|
|
|
$this->assertTrue($this->Controller->failed);
|
|
|
|
}
|
2008-06-02 19:22:55 +00:00
|
|
|
/**
|
|
|
|
* testDigestAuth method
|
|
|
|
*
|
|
|
|
* @access public
|
|
|
|
* @return void
|
|
|
|
*/
|
2008-05-30 11:40:08 +00:00
|
|
|
function testDigestAuth() {
|
|
|
|
$this->Controller->action = 'posted';
|
|
|
|
$_SERVER['PHP_AUTH_DIGEST'] = $digest = <<<DIGEST
|
|
|
|
Digest username="Mufasa",
|
|
|
|
realm="testrealm@host.com",
|
|
|
|
nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093",
|
|
|
|
uri="/dir/index.html",
|
|
|
|
qop=auth,
|
|
|
|
nc=00000001,
|
|
|
|
cnonce="0a4f113b",
|
|
|
|
response="460d0d3c6867c2f1ab85b1ada1aece48",
|
|
|
|
opaque="5ccc069c403ebaf9f0171e9517f40e41"
|
|
|
|
DIGEST;
|
|
|
|
$this->Controller->Security->requireLogin(
|
|
|
|
'posted',
|
|
|
|
array('type' => 'digest', 'users' => array('Mufasa' => 'password'), 'realm' => 'testrealm@host.com')
|
|
|
|
);
|
|
|
|
$this->Controller->Security->startup($this->Controller);
|
|
|
|
$this->assertFalse($this->Controller->failed);
|
|
|
|
}
|
2008-06-02 19:22:55 +00:00
|
|
|
/**
|
|
|
|
* testRequireGetSucceedWrongMethod method
|
|
|
|
*
|
|
|
|
* @access public
|
|
|
|
* @return void
|
|
|
|
*/
|
2008-05-30 11:40:08 +00:00
|
|
|
function testRequireGetSucceedWrongMethod() {
|
|
|
|
$_SERVER['REQUEST_METHOD'] = 'POST';
|
|
|
|
$this->Controller->action = 'posted';
|
|
|
|
$this->Controller->Security->requireGet('getted');
|
|
|
|
$this->Controller->Security->startup($this->Controller);
|
|
|
|
$this->assertFalse($this->Controller->failed);
|
|
|
|
}
|
2008-06-02 19:22:55 +00:00
|
|
|
/**
|
|
|
|
* testRequirePutFail method
|
|
|
|
*
|
|
|
|
* @access public
|
|
|
|
* @return void
|
|
|
|
*/
|
2008-05-30 11:40:08 +00:00
|
|
|
function testRequirePutFail() {
|
|
|
|
$_SERVER['REQUEST_METHOD'] = 'POST';
|
|
|
|
$this->Controller->action = 'putted';
|
|
|
|
$this->Controller->Security->requirePut('putted');
|
|
|
|
$this->Controller->Security->startup($this->Controller);
|
|
|
|
$this->assertTrue($this->Controller->failed);
|
|
|
|
}
|
2008-06-02 19:22:55 +00:00
|
|
|
/**
|
|
|
|
* testRequirePutSucceed method
|
|
|
|
*
|
|
|
|
* @access public
|
|
|
|
* @return void
|
|
|
|
*/
|
2008-05-30 11:40:08 +00:00
|
|
|
function testRequirePutSucceed() {
|
|
|
|
$_SERVER['REQUEST_METHOD'] = 'PUT';
|
|
|
|
$this->Controller->action = 'putted';
|
|
|
|
$this->Controller->Security->requirePut('putted');
|
|
|
|
$this->Controller->Security->startup($this->Controller);
|
|
|
|
$this->assertFalse($this->Controller->failed);
|
|
|
|
}
|
2008-06-02 19:22:55 +00:00
|
|
|
/**
|
|
|
|
* testRequirePutSucceedWrongMethod method
|
|
|
|
*
|
|
|
|
* @access public
|
|
|
|
* @return void
|
|
|
|
*/
|
2008-05-30 11:40:08 +00:00
|
|
|
function testRequirePutSucceedWrongMethod() {
|
|
|
|
$_SERVER['REQUEST_METHOD'] = 'POST';
|
|
|
|
$this->Controller->action = 'posted';
|
|
|
|
$this->Controller->Security->requirePut('putted');
|
|
|
|
$this->Controller->Security->startup($this->Controller);
|
|
|
|
$this->assertFalse($this->Controller->failed);
|
|
|
|
}
|
2008-06-02 19:22:55 +00:00
|
|
|
/**
|
|
|
|
* testRequireDeleteFail method
|
|
|
|
*
|
|
|
|
* @access public
|
|
|
|
* @return void
|
|
|
|
*/
|
2008-05-30 11:40:08 +00:00
|
|
|
function testRequireDeleteFail() {
|
|
|
|
$_SERVER['REQUEST_METHOD'] = 'POST';
|
|
|
|
$this->Controller->action = 'deleted';
|
|
|
|
$this->Controller->Security->requireDelete('deleted');
|
|
|
|
$this->Controller->Security->startup($this->Controller);
|
|
|
|
$this->assertTrue($this->Controller->failed);
|
|
|
|
}
|
2008-06-02 19:22:55 +00:00
|
|
|
/**
|
|
|
|
* testRequireDeleteSucceed method
|
|
|
|
*
|
|
|
|
* @access public
|
|
|
|
* @return void
|
|
|
|
*/
|
2008-05-30 11:40:08 +00:00
|
|
|
function testRequireDeleteSucceed() {
|
|
|
|
$_SERVER['REQUEST_METHOD'] = 'DELETE';
|
|
|
|
$this->Controller->action = 'deleted';
|
|
|
|
$this->Controller->Security->requireDelete('deleted');
|
|
|
|
$this->Controller->Security->startup($this->Controller);
|
|
|
|
$this->assertFalse($this->Controller->failed);
|
|
|
|
}
|
2008-06-02 19:22:55 +00:00
|
|
|
/**
|
|
|
|
* testRequireDeleteSucceedWrongMethod method
|
|
|
|
*
|
|
|
|
* @access public
|
|
|
|
* @return void
|
|
|
|
*/
|
2008-05-30 11:40:08 +00:00
|
|
|
function testRequireDeleteSucceedWrongMethod() {
|
|
|
|
$_SERVER['REQUEST_METHOD'] = 'POST';
|
|
|
|
$this->Controller->action = 'posted';
|
|
|
|
$this->Controller->Security->requireDelete('deleted');
|
|
|
|
$this->Controller->Security->startup($this->Controller);
|
|
|
|
$this->assertFalse($this->Controller->failed);
|
|
|
|
}
|
2008-06-02 19:22:55 +00:00
|
|
|
/**
|
|
|
|
* testRequireLoginSettings method
|
|
|
|
*
|
|
|
|
* @access public
|
|
|
|
* @return void
|
|
|
|
*/
|
2008-05-30 11:40:08 +00:00
|
|
|
function testRequireLoginSettings() {
|
|
|
|
$this->Controller->Security->requireLogin(
|
|
|
|
'add', 'edit',
|
|
|
|
array('type' => 'basic', 'users' => array('admin' => 'password'))
|
|
|
|
);
|
|
|
|
$this->assertEqual($this->Controller->Security->requireLogin, array('add', 'edit'));
|
|
|
|
$this->assertEqual($this->Controller->Security->loginUsers, array('admin' => 'password'));
|
|
|
|
}
|
2008-06-02 19:22:55 +00:00
|
|
|
/**
|
|
|
|
* testRequireLoginAllActions method
|
|
|
|
*
|
|
|
|
* @access public
|
|
|
|
* @return void
|
|
|
|
*/
|
2008-05-30 11:40:08 +00:00
|
|
|
function testRequireLoginAllActions() {
|
|
|
|
$this->Controller->Security->requireLogin(
|
|
|
|
array('type' => 'basic', 'users' => array('admin' => 'password'))
|
|
|
|
);
|
|
|
|
$this->assertEqual($this->Controller->Security->requireLogin, array('*'));
|
|
|
|
$this->assertEqual($this->Controller->Security->loginUsers, array('admin' => 'password'));
|
|
|
|
}
|
2008-06-02 19:22:55 +00:00
|
|
|
/**
|
|
|
|
* testValidatePostNoModel method
|
|
|
|
*
|
|
|
|
* @access public
|
|
|
|
* @return void
|
|
|
|
*/
|
2008-05-30 11:40:08 +00:00
|
|
|
function testValidatePostNoModel() {
|
|
|
|
$this->Controller->Security->startup($this->Controller);
|
|
|
|
$key = $this->Controller->params['_Token']['key'];
|
|
|
|
|
|
|
|
$data['anything'] = 'some_data';
|
|
|
|
$data['__Token']['key'] = $key;
|
|
|
|
$fields = $this->__sortFields(array('anything', '__Token' => array('key' => $key)));
|
|
|
|
|
|
|
|
$fields = urlencode(Security::hash(serialize($fields) . Configure::read('Security.salt')));
|
|
|
|
$data['__Token']['fields'] = $fields;
|
|
|
|
$this->Controller->data = $data;
|
|
|
|
$result = $this->Controller->Security->__validatePost($this->Controller);
|
|
|
|
$this->assertTrue($result);
|
|
|
|
$this->assertEqual($this->Controller->data, $data);
|
|
|
|
}
|
2008-06-02 19:22:55 +00:00
|
|
|
/**
|
|
|
|
* testValidatePostSimple method
|
|
|
|
*
|
|
|
|
* @access public
|
|
|
|
* @return void
|
|
|
|
*/
|
2008-05-30 11:40:08 +00:00
|
|
|
function testValidatePostSimple() {
|
|
|
|
$this->Controller->Security->startup($this->Controller);
|
|
|
|
$key = $this->Controller->params['_Token']['key'];
|
|
|
|
|
|
|
|
$data['Model']['username'] = '';
|
|
|
|
$data['Model']['password'] = '';
|
|
|
|
$data['__Token']['key'] = $key;
|
|
|
|
|
|
|
|
$fields = array('Model' => array('username','password'), '__Token' => array('key' => $key));
|
|
|
|
$fields = $this->__sortFields($fields);
|
|
|
|
|
|
|
|
$fields = urlencode(Security::hash(serialize($fields) . Configure::read('Security.salt')));
|
|
|
|
$data['__Token']['fields'] = $fields;
|
|
|
|
$this->Controller->data = $data;
|
|
|
|
$result = $this->Controller->Security->__validatePost($this->Controller);
|
|
|
|
$this->assertTrue($result);
|
|
|
|
$this->assertEqual($this->Controller->data, $data);
|
|
|
|
}
|
2008-06-02 19:22:55 +00:00
|
|
|
/**
|
|
|
|
* testValidatePostCheckbox method
|
|
|
|
*
|
|
|
|
* @access public
|
|
|
|
* @return void
|
|
|
|
*/
|
2008-05-30 11:40:08 +00:00
|
|
|
function testValidatePostCheckbox() {
|
|
|
|
$this->Controller->Security->startup($this->Controller);
|
|
|
|
$key = $this->Controller->params['_Token']['key'];
|
|
|
|
|
|
|
|
$data['Model']['username'] = '';
|
|
|
|
$data['Model']['password'] = '';
|
|
|
|
$data['_Model']['valid'] = '0';
|
|
|
|
$data['__Token']['key'] = $key;
|
|
|
|
|
|
|
|
$fields = array(
|
|
|
|
'Model' => array('username', 'password', 'valid'),
|
|
|
|
'_Model' => array('valid' => '0'),
|
|
|
|
'__Token' => array('key' => $key)
|
|
|
|
);
|
|
|
|
$fields = $this->__sortFields($fields);
|
|
|
|
|
|
|
|
$fields = urlencode(Security::hash(serialize($fields) . Configure::read('Security.salt')));
|
|
|
|
$data['__Token']['fields'] = $fields;
|
|
|
|
|
|
|
|
$this->Controller->data = $data;
|
|
|
|
$result = $this->Controller->Security->__validatePost($this->Controller);
|
|
|
|
$this->assertTrue($result);
|
|
|
|
|
|
|
|
unset($data['_Model']);
|
|
|
|
$data['Model']['valid'] = '0';
|
|
|
|
$this->assertEqual($this->Controller->data, $data);
|
|
|
|
}
|
2008-06-02 19:22:55 +00:00
|
|
|
/**
|
|
|
|
* testValidatePostHidden method
|
|
|
|
*
|
|
|
|
* @access public
|
|
|
|
* @return void
|
|
|
|
*/
|
2008-05-30 11:40:08 +00:00
|
|
|
function testValidatePostHidden() {
|
|
|
|
$this->Controller->Security->startup($this->Controller);
|
|
|
|
$key = $this->Controller->params['_Token']['key'];
|
|
|
|
|
|
|
|
$data['Model']['username'] = '';
|
|
|
|
$data['Model']['password'] = '';
|
|
|
|
$data['_Model']['hidden'] = '0';
|
|
|
|
$data['__Token']['key'] = $key;
|
|
|
|
|
|
|
|
$fields = array(
|
|
|
|
'Model' => array('username', 'password', 'hidden'),
|
|
|
|
'_Model' => array('hidden' => '0'),
|
|
|
|
'__Token' => array('key' => $key)
|
|
|
|
);
|
|
|
|
$fields = $this->__sortFields($fields);
|
|
|
|
|
|
|
|
$fields = urlencode(Security::hash(serialize($fields) . Configure::read('Security.salt')));
|
|
|
|
$data['__Token']['fields'] = $fields;
|
|
|
|
|
|
|
|
$this->Controller->data = $data;
|
|
|
|
$result = $this->Controller->Security->__validatePost($this->Controller);
|
|
|
|
$this->assertTrue($result);
|
|
|
|
|
|
|
|
unset($data['_Model']);
|
|
|
|
$data['Model']['hidden'] = '0';
|
|
|
|
$this->assertTrue($this->Controller->data == $data);
|
|
|
|
}
|
2008-06-02 19:22:55 +00:00
|
|
|
/**
|
|
|
|
* testValidatePostWithDisabledFields method
|
|
|
|
*
|
|
|
|
* @access public
|
|
|
|
* @return void
|
|
|
|
*/
|
2008-05-30 11:40:08 +00:00
|
|
|
function testValidatePostWithDisabledFields() {
|
|
|
|
$this->Controller->Security->startup($this->Controller);
|
|
|
|
$this->Controller->Security->disabledFields = array('Model.username', 'Model.password');
|
|
|
|
$key = $this->Controller->params['_Token']['key'];
|
|
|
|
|
|
|
|
$data['Model']['username'] = '';
|
|
|
|
$data['Model']['password'] = '';
|
|
|
|
$data['_Model']['hidden'] = '0';
|
|
|
|
$data['__Token']['key'] = $key;
|
|
|
|
|
|
|
|
$fields = array(
|
|
|
|
'Model' => array('hidden'),
|
|
|
|
'_Model' => array('hidden' => '0'),
|
|
|
|
'__Token' => array('key' => $key)
|
|
|
|
);
|
|
|
|
$fields = $this->__sortFields($fields);
|
|
|
|
|
|
|
|
$fields = urlencode(Security::hash(serialize($fields) . Configure::read('Security.salt')));
|
|
|
|
$data['__Token']['fields'] = $fields;
|
|
|
|
|
|
|
|
$this->Controller->data = $data;
|
|
|
|
$result = $this->Controller->Security->__validatePost($this->Controller);
|
|
|
|
$this->assertTrue($result);
|
|
|
|
|
|
|
|
unset($data['_Model']);
|
|
|
|
$data['Model']['hidden'] = '0';
|
|
|
|
$this->assertTrue($this->Controller->data == $data);
|
|
|
|
}
|
2008-06-02 19:22:55 +00:00
|
|
|
/**
|
|
|
|
* testValidateHiddenMultipleModel method
|
|
|
|
*
|
|
|
|
* @access public
|
|
|
|
* @return void
|
|
|
|
*/
|
2008-05-30 11:40:08 +00:00
|
|
|
function testValidateHiddenMultipleModel() {
|
|
|
|
$this->Controller->Security->startup($this->Controller);
|
|
|
|
$key = $this->Controller->params['_Token']['key'];
|
|
|
|
|
|
|
|
$data['Model']['username'] = '';
|
|
|
|
$data['Model']['password'] = '';
|
|
|
|
$data['_Model']['valid'] = '0';
|
|
|
|
$data['_Model2']['valid'] = '0';
|
|
|
|
$data['_Model3']['valid'] = '0';
|
|
|
|
$data['__Token']['key'] = $key;
|
|
|
|
|
|
|
|
$fields = array(
|
|
|
|
'Model' => array('username', 'password', 'valid'),
|
|
|
|
'Model2'=> array('valid'),
|
|
|
|
'Model3'=> array('valid'),
|
|
|
|
'_Model2'=> array('valid' => '0'),
|
|
|
|
'_Model3'=> array('valid' => '0'),
|
|
|
|
'_Model' => array('valid' => '0'),
|
|
|
|
'__Token' => array('key' => $key)
|
|
|
|
);
|
|
|
|
|
|
|
|
$fields = urlencode(Security::hash(serialize($this->__sortFields($fields)) . Configure::read('Security.salt')));
|
|
|
|
$data['__Token']['fields'] = $fields;
|
|
|
|
|
|
|
|
$this->Controller->data = $data;
|
|
|
|
$result = $this->Controller->Security->__validatePost($this->Controller);
|
|
|
|
$this->assertTrue($result);
|
|
|
|
|
|
|
|
unset($data['_Model'], $data['_Model2'], $data['_Model3']);
|
|
|
|
$data['Model']['valid'] = '0';
|
|
|
|
$data['Model2']['valid'] = '0';
|
|
|
|
$data['Model3']['valid'] = '0';
|
|
|
|
$this->assertTrue($this->Controller->data == $data);
|
|
|
|
}
|
2008-06-05 15:20:45 +00:00
|
|
|
/**
|
|
|
|
* testLoginValidation method
|
|
|
|
*
|
|
|
|
* @access public
|
|
|
|
* @return void
|
|
|
|
*/
|
2008-05-30 11:40:08 +00:00
|
|
|
function testLoginValidation() {
|
2008-05-31 03:54:22 +00:00
|
|
|
|
2008-05-30 11:40:08 +00:00
|
|
|
}
|
2008-06-05 15:20:45 +00:00
|
|
|
/**
|
|
|
|
* testValidateHasManyModel method
|
|
|
|
*
|
|
|
|
* @access public
|
|
|
|
* @return void
|
|
|
|
*/
|
2008-05-30 11:40:08 +00:00
|
|
|
function testValidateHasManyModel() {
|
|
|
|
$this->Controller->Security->startup($this->Controller);
|
|
|
|
$key = $this->Controller->params['_Token']['key'];
|
|
|
|
|
|
|
|
$data['Model'][0]['username'] = 'username';
|
|
|
|
$data['Model'][0]['password'] = 'password';
|
|
|
|
$data['Model'][1]['username'] = 'username';
|
|
|
|
$data['Model'][1]['password'] = 'password';
|
|
|
|
$data['_Model'][0]['hidden'] = 'value';
|
|
|
|
$data['_Model'][1]['hidden'] = 'value';
|
|
|
|
$data['_Model'][0]['valid'] = '0';
|
|
|
|
$data['_Model'][1]['valid'] = '0';
|
|
|
|
$data['__Token']['key'] = $key;
|
|
|
|
|
|
|
|
$fields = array(
|
|
|
|
'Model' => array(
|
|
|
|
0 => array('username', 'password', 'valid'),
|
|
|
|
1 => array('username', 'password', 'valid')),
|
|
|
|
'_Model' => array(
|
|
|
|
0 => array('hidden' => 'value', 'valid' => '0'),
|
|
|
|
1 => array('hidden' => 'value', 'valid' => '0')),
|
|
|
|
'__Token' => array('key' => $key));
|
|
|
|
|
|
|
|
$fields = $this->__sortFields($fields);
|
|
|
|
|
|
|
|
$fields = urlencode(Security::hash(serialize($fields) . Configure::read('Security.salt')));
|
|
|
|
$data['__Token']['fields'] = $fields;
|
|
|
|
|
|
|
|
$this->Controller->data = $data;
|
|
|
|
$result = $this->Controller->Security->__validatePost($this->Controller);
|
|
|
|
$this->assertTrue($result);
|
|
|
|
|
|
|
|
unset($data['_Model']);
|
|
|
|
$data['Model'][0]['hidden'] = 'value';
|
|
|
|
$data['Model'][1]['hidden'] = 'value';
|
|
|
|
$data['Model'][0]['valid'] = '0';
|
|
|
|
$data['Model'][1]['valid'] = '0';
|
|
|
|
|
|
|
|
$this->assertTrue($this->Controller->data == $data);
|
|
|
|
}
|
2008-06-05 15:20:45 +00:00
|
|
|
/**
|
|
|
|
* testLoginRequest method
|
|
|
|
*
|
|
|
|
* @access public
|
|
|
|
* @return void
|
|
|
|
*/
|
2008-05-30 11:40:08 +00:00
|
|
|
function testLoginRequest() {
|
|
|
|
$this->Controller->Security->startup($this->Controller);
|
|
|
|
$realm = 'cakephp.org';
|
|
|
|
$options = array('realm' => $realm, 'type' => 'basic');
|
|
|
|
$result = $this->Controller->Security->loginRequest($options);
|
|
|
|
$expected = 'WWW-Authenticate: Basic realm="'.$realm.'"';
|
|
|
|
$this->assertEqual($result, $expected);
|
|
|
|
|
|
|
|
$this->Controller->Security->startup($this->Controller);
|
|
|
|
$options = array('realm' => $realm, 'type' => 'digest');
|
|
|
|
$result = $this->Controller->Security->loginRequest($options);
|
|
|
|
$this->assertPattern('/realm="'.$realm.'"/', $result);
|
|
|
|
$this->assertPattern('/qop="auth"/', $result);
|
|
|
|
}
|
2008-06-05 15:20:45 +00:00
|
|
|
/**
|
|
|
|
* testGenerateDigestResponseHash method
|
|
|
|
*
|
|
|
|
* @access public
|
|
|
|
* @return void
|
|
|
|
*/
|
2008-05-30 11:40:08 +00:00
|
|
|
function testGenerateDigestResponseHash() {
|
|
|
|
$this->Controller->Security->startup($this->Controller);
|
|
|
|
$realm = 'cakephp.org';
|
|
|
|
$loginData = array('realm' => $realm, 'users' => array('Willy Smith' => 'password'));
|
|
|
|
$this->Controller->Security->requireLogin($loginData);
|
|
|
|
|
|
|
|
$data = array(
|
|
|
|
'username' => 'Willy Smith',
|
|
|
|
'password' => 'password',
|
|
|
|
'nonce' => String::uuid(),
|
|
|
|
'nc' => 1,
|
|
|
|
'cnonce' => 1,
|
|
|
|
'realm' => $realm,
|
|
|
|
'uri' => 'path_to_identifier',
|
|
|
|
'qop' => 'testme'
|
|
|
|
);
|
|
|
|
$_SERVER['REQUEST_METHOD'] = 'POST';
|
|
|
|
|
|
|
|
$result = $this->Controller->Security->generateDigestResponseHash($data);
|
2008-06-20 20:17:23 +00:00
|
|
|
$expected = md5(
|
2008-05-30 11:40:08 +00:00
|
|
|
md5($data['username'] . ':' . $loginData['realm'].':'.$data['password']) . ':' . $data['nonce'] . ':' . $data['nc'] . ':' . $data['cnonce'] . ':' . $data['qop'] . ':' .
|
2008-06-20 20:17:23 +00:00
|
|
|
md5(env('REQUEST_METHOD') . ':' . $data['uri'])
|
|
|
|
);
|
2008-05-30 11:40:08 +00:00
|
|
|
$this->assertIdentical($result, $expected);
|
|
|
|
}
|
2008-06-05 15:20:45 +00:00
|
|
|
/**
|
|
|
|
* testLoginCredentials method
|
|
|
|
*
|
|
|
|
* @access public
|
|
|
|
* @return void
|
|
|
|
*/
|
2008-05-30 11:40:08 +00:00
|
|
|
function testLoginCredentials() {
|
|
|
|
$this->Controller->Security->startup($this->Controller);
|
|
|
|
$_SERVER['PHP_AUTH_USER'] = $user = 'Willy Test';
|
|
|
|
$_SERVER['PHP_AUTH_PW'] = $pw = 'some password for the nice test';
|
2008-05-31 03:54:22 +00:00
|
|
|
|
2008-05-30 11:40:08 +00:00
|
|
|
$result = $this->Controller->Security->loginCredentials('basic');
|
|
|
|
$expected = array('username' => $user, 'password' => $pw);
|
|
|
|
$this->assertIdentical($result, $expected);
|
|
|
|
|
|
|
|
if (version_compare(phpversion(), '5.1') != -1) {
|
|
|
|
$_SERVER['PHP_AUTH_DIGEST'] = $digest = <<<DIGEST
|
|
|
|
Digest username="Mufasa",
|
|
|
|
realm="testrealm@host.com",
|
|
|
|
nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093",
|
|
|
|
uri="/dir/index.html",
|
|
|
|
qop=auth,
|
|
|
|
nc=00000001,
|
|
|
|
cnonce="0a4f113b",
|
|
|
|
response="6629fae49393a05397450978507c4ef1",
|
|
|
|
opaque="5ccc069c403ebaf9f0171e9517f40e41"
|
|
|
|
DIGEST;
|
|
|
|
$expected = array(
|
|
|
|
'username' => 'Mufasa',
|
|
|
|
'nonce' => 'dcd98b7102dd2f0e8b11d0f600bfb0c093',
|
|
|
|
'uri' => '/dir/index.html',
|
|
|
|
'qop' => 'auth',
|
|
|
|
'nc' => '00000001',
|
|
|
|
'cnonce' => '0a4f113b',
|
|
|
|
'response' => '6629fae49393a05397450978507c4ef1',
|
|
|
|
'opaque' => '5ccc069c403ebaf9f0171e9517f40e41'
|
|
|
|
);
|
|
|
|
$result = $this->Controller->Security->loginCredentials('digest');
|
|
|
|
$this->assertIdentical($result, $expected);
|
|
|
|
}
|
|
|
|
}
|
2008-06-05 15:20:45 +00:00
|
|
|
/**
|
|
|
|
* testParseDigestAuthData method
|
|
|
|
*
|
|
|
|
* @access public
|
|
|
|
* @return void
|
|
|
|
*/
|
2008-05-30 11:40:08 +00:00
|
|
|
function testParseDigestAuthData() {
|
|
|
|
$this->Controller->Security->startup($this->Controller);
|
|
|
|
$digest = <<<DIGEST
|
|
|
|
Digest username="Mufasa",
|
|
|
|
realm="testrealm@host.com",
|
|
|
|
nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093",
|
|
|
|
uri="/dir/index.html",
|
|
|
|
qop=auth,
|
|
|
|
nc=00000001,
|
|
|
|
cnonce="0a4f113b",
|
|
|
|
response="6629fae49393a05397450978507c4ef1",
|
|
|
|
opaque="5ccc069c403ebaf9f0171e9517f40e41"
|
|
|
|
DIGEST;
|
|
|
|
$expected = array(
|
|
|
|
'username' => 'Mufasa',
|
|
|
|
'nonce' => 'dcd98b7102dd2f0e8b11d0f600bfb0c093',
|
|
|
|
'uri' => '/dir/index.html',
|
|
|
|
'qop' => 'auth',
|
|
|
|
'nc' => '00000001',
|
|
|
|
'cnonce' => '0a4f113b',
|
|
|
|
'response' => '6629fae49393a05397450978507c4ef1',
|
|
|
|
'opaque' => '5ccc069c403ebaf9f0171e9517f40e41'
|
|
|
|
);
|
|
|
|
$result = $this->Controller->Security->parseDigestAuthData($digest);
|
|
|
|
$this->assertIdentical($result, $expected);
|
|
|
|
|
|
|
|
$result = $this->Controller->Security->parseDigestAuthData('');
|
|
|
|
$this->assertNull($result);
|
|
|
|
}
|
2008-06-05 15:20:45 +00:00
|
|
|
/**
|
|
|
|
* sortFields method
|
|
|
|
*
|
|
|
|
* @param mixed $fields
|
|
|
|
* @access private
|
|
|
|
* @return void
|
|
|
|
*/
|
2008-05-30 11:40:08 +00:00
|
|
|
function __sortFields($fields) {
|
|
|
|
foreach ($fields as $key => $value) {
|
|
|
|
if ($key[0] != '_' && is_array($fields[$key])) {
|
|
|
|
sort($fields[$key]);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
ksort($fields, SORT_STRING);
|
|
|
|
return $fields;
|
|
|
|
}
|
|
|
|
}
|
2008-06-27 08:17:02 +00:00
|
|
|
?>
|