Collection = $this->getMock('ComponentCollection'); $this->auth = new BasicAuthenticate($this->Collection, array( 'fields' => array('username' => 'user', 'password' => 'password'), 'userModel' => 'User', 'realm' => 'localhost', 'recursive' => 0 )); $password = Security::hash('password', null, true); $User = ClassRegistry::init('User'); $User->updateAll(array('password' => $User->getDataSource()->value($password))); $this->response = $this->getMock('CakeResponse'); } /** * tearDown * * @return void */ public function tearDown() { parent::tearDown(); } /** * test applying settings in the constructor * * @return void */ public function testConstructor() { $object = new BasicAuthenticate($this->Collection, array( 'userModel' => 'AuthUser', 'fields' => array('username' => 'user', 'password' => 'password') )); $this->assertEquals('AuthUser', $object->settings['userModel']); $this->assertEquals(array('username' => 'user', 'password' => 'password'), $object->settings['fields']); $this->assertEquals(env('SERVER_NAME'), $object->settings['realm']); } /** * test the authenticate method * * @return void */ public function testAuthenticateNoData() { $request = new CakeRequest('posts/index', false); $this->response->expects($this->once()) ->method('header') ->with('WWW-Authenticate: Basic realm="localhost"'); $this->assertFalse($this->auth->authenticate($request, $this->response)); } /** * test the authenticate method * * @return void */ public function testAuthenticateNoUsername() { $request = new CakeRequest('posts/index', false); $_SERVER['PHP_AUTH_PW'] = 'foobar'; $this->response->expects($this->once()) ->method('header') ->with('WWW-Authenticate: Basic realm="localhost"'); $this->assertFalse($this->auth->authenticate($request, $this->response)); } /** * test the authenticate method * * @return void */ public function testAuthenticateNoPassword() { $request = new CakeRequest('posts/index', false); $_SERVER['PHP_AUTH_USER'] = 'mariano'; $_SERVER['PHP_AUTH_PW'] = null; $this->response->expects($this->once()) ->method('header') ->with('WWW-Authenticate: Basic realm="localhost"'); $this->assertFalse($this->auth->authenticate($request, $this->response)); } /** * test the authenticate method * * @return void */ public function testAuthenticateInjection() { $request = new CakeRequest('posts/index', false); $request->addParams(array('pass' => array(), 'named' => array())); $_SERVER['PHP_AUTH_USER'] = '> 1'; $_SERVER['PHP_AUTH_PW'] = "' OR 1 = 1"; $this->assertFalse($this->auth->authenticate($request, $this->response)); } /** * test that challenge headers are sent when no credentials are found. * * @return void */ public function testAuthenticateChallenge() { $request = new CakeRequest('posts/index', false); $request->addParams(array('pass' => array(), 'named' => array())); $this->response->expects($this->at(0)) ->method('header') ->with('WWW-Authenticate: Basic realm="localhost"'); $this->response->expects($this->at(1)) ->method('send'); $result = $this->auth->authenticate($request, $this->response); $this->assertFalse($result); } /** * test authenticate sucesss * * @return void */ public function testAuthenticateSuccess() { $request = new CakeRequest('posts/index', false); $request->addParams(array('pass' => array(), 'named' => array())); $_SERVER['PHP_AUTH_USER'] = 'mariano'; $_SERVER['PHP_AUTH_PW'] = 'password'; $result = $this->auth->authenticate($request, $this->response); $expected = array( 'id' => 1, 'user' => 'mariano', 'created' => '2007-03-17 01:16:23', 'updated' => '2007-03-17 01:18:31' ); $this->assertEquals($expected, $result); } /** * test scope failure. * * @return void */ public function testAuthenticateFailReChallenge() { $this->auth->settings['scope'] = array('user' => 'nate'); $request = new CakeRequest('posts/index', false); $request->addParams(array('pass' => array(), 'named' => array())); $_SERVER['PHP_AUTH_USER'] = 'mariano'; $_SERVER['PHP_AUTH_PW'] = 'password'; $this->response->expects($this->at(0)) ->method('header') ->with('WWW-Authenticate: Basic realm="localhost"'); $this->response->expects($this->at(1)) ->method('statusCode') ->with(401); $this->response->expects($this->at(2)) ->method('send'); $this->assertFalse($this->auth->authenticate($request, $this->response)); } }