mirror of
https://github.com/kamilwylegala/cakephp2-php8.git
synced 2024-12-26 15:37:22 +00:00
ba42eb05c1
git-svn-id: https://svn.cakephp.org/repo/branches/1.2.x.x@7986 3807eeeb-6ff5-0310-8944-8be069107fe0
1082 lines
No EOL
30 KiB
PHP
1082 lines
No EOL
30 KiB
PHP
<?php
|
|
/* SVN FILE: $Id$ */
|
|
/**
|
|
* Short description for file.
|
|
*
|
|
* Long description for file
|
|
*
|
|
* PHP versions 4 and 5
|
|
*
|
|
* CakePHP(tm) Tests <https://trac.cakephp.org/wiki/Developement/TestSuite>
|
|
* Copyright 2005-2008, Cake Software Foundation, Inc. (http://www.cakefoundation.org)
|
|
*
|
|
* Licensed under The Open Group Test Suite License
|
|
* Redistributions of files must retain the above copyright notice.
|
|
*
|
|
* @filesource
|
|
* @copyright Copyright 2005-2008, Cake Software Foundation, Inc. (http://www.cakefoundation.org)
|
|
* @link https://trac.cakephp.org/wiki/Developement/TestSuite CakePHP(tm) Tests
|
|
* @package cake
|
|
* @subpackage cake.cake.tests.cases.libs.controller.components
|
|
* @since CakePHP(tm) v 1.2.0.5347
|
|
* @version $Revision$
|
|
* @modifiedby $LastChangedBy$
|
|
* @lastmodified $Date$
|
|
* @license http://www.opensource.org/licenses/opengroup.php The Open Group Test Suite License
|
|
*/
|
|
App::import(array('controller' . DS . 'components' . DS .'auth', 'controller' . DS . 'components' . DS .'acl'));
|
|
App::import(array('controller'.DS.'components'.DS.'acl', 'model'.DS.'db_acl'));
|
|
App::import('Core', 'Xml');
|
|
|
|
Configure::write('Security.salt', 'JfIxfs2guVoUubWDYhG93b0qyJfIxfs2guwvniR2G0FgaC9mi');
|
|
/**
|
|
* Short description for class.
|
|
*
|
|
* @package cake.tests
|
|
* @subpackage cake.tests.cases.libs.controller.components
|
|
*/
|
|
class TestAuthComponent extends AuthComponent {
|
|
/**
|
|
* testStop property
|
|
*
|
|
* @var bool false
|
|
* @access public
|
|
*/
|
|
var $testStop = false;
|
|
/**
|
|
* Sets default login state
|
|
*
|
|
* @var bool true
|
|
* @access protected
|
|
*/
|
|
var $_loggedIn = true;
|
|
/**
|
|
* stop method
|
|
*
|
|
* @access public
|
|
* @return void
|
|
*/
|
|
function _stop() {
|
|
$this->testStop = true;
|
|
}
|
|
}
|
|
/**
|
|
* Short description for class.
|
|
*
|
|
* @package cake.tests
|
|
* @subpackage cake.tests.cases.libs.controller.components
|
|
*/
|
|
class AuthUser extends CakeTestModel {
|
|
/**
|
|
* name property
|
|
*
|
|
* @var string 'AuthUser'
|
|
* @access public
|
|
*/
|
|
var $name = 'AuthUser';
|
|
/**
|
|
* useDbConfig property
|
|
*
|
|
* @var string 'test_suite'
|
|
* @access public
|
|
*/
|
|
var $useDbConfig = 'test_suite';
|
|
/**
|
|
* parentNode method
|
|
*
|
|
* @access public
|
|
* @return void
|
|
*/
|
|
function parentNode() {
|
|
return true;
|
|
}
|
|
/**
|
|
* bindNode method
|
|
*
|
|
* @param mixed $object
|
|
* @access public
|
|
* @return void
|
|
*/
|
|
function bindNode($object) {
|
|
return 'Roles/Admin';
|
|
}
|
|
/**
|
|
* isAuthorized method
|
|
*
|
|
* @param mixed $user
|
|
* @param mixed $controller
|
|
* @param mixed $action
|
|
* @access public
|
|
* @return void
|
|
*/
|
|
function isAuthorized($user, $controller = null, $action = null) {
|
|
if (!empty($user)) {
|
|
return true;
|
|
}
|
|
return false;
|
|
}
|
|
}
|
|
/**
|
|
* Short description for class.
|
|
*
|
|
* @package cake.tests
|
|
* @subpackage cake.tests.cases.libs.controller.components
|
|
*/
|
|
class UuidUser extends CakeTestModel {
|
|
/**
|
|
* name property
|
|
*
|
|
* @var string 'AuthUser'
|
|
* @access public
|
|
*/
|
|
var $name = 'UuidUser';
|
|
/**
|
|
* useDbConfig property
|
|
*
|
|
* @var string 'test_suite'
|
|
* @access public
|
|
*/
|
|
var $useDbConfig = 'test_suite';
|
|
/**
|
|
* useTable property
|
|
*
|
|
* @var string 'uuid'
|
|
* @access public
|
|
*/
|
|
var $useTable = 'uuids';
|
|
/**
|
|
* parentNode method
|
|
*
|
|
* @access public
|
|
* @return void
|
|
*/
|
|
function parentNode() {
|
|
return true;
|
|
}
|
|
/**
|
|
* bindNode method
|
|
*
|
|
* @param mixed $object
|
|
* @access public
|
|
* @return void
|
|
*/
|
|
function bindNode($object) {
|
|
return 'Roles/Admin';
|
|
}
|
|
/**
|
|
* isAuthorized method
|
|
*
|
|
* @param mixed $user
|
|
* @param mixed $controller
|
|
* @param mixed $action
|
|
* @access public
|
|
* @return void
|
|
*/
|
|
function isAuthorized($user, $controller = null, $action = null) {
|
|
if (!empty($user)) {
|
|
return true;
|
|
}
|
|
return false;
|
|
}
|
|
}
|
|
/**
|
|
* Short description for class.
|
|
*
|
|
* @package cake.tests
|
|
* @subpackage cake.tests.cases.libs.controller.components
|
|
*/
|
|
class AuthTestController extends Controller {
|
|
/**
|
|
* name property
|
|
*
|
|
* @var string 'AuthTest'
|
|
* @access public
|
|
*/
|
|
var $name = 'AuthTest';
|
|
/**
|
|
* uses property
|
|
*
|
|
* @var array
|
|
* @access public
|
|
*/
|
|
var $uses = array('AuthUser');
|
|
/**
|
|
* components property
|
|
*
|
|
* @var array
|
|
* @access public
|
|
*/
|
|
var $components = array('Auth', 'Acl');
|
|
/**
|
|
* testUrl property
|
|
*
|
|
* @var mixed null
|
|
* @access public
|
|
*/
|
|
var $testUrl = null;
|
|
/**
|
|
* construct method
|
|
*
|
|
* @access private
|
|
* @return void
|
|
*/
|
|
function __construct() {
|
|
$this->params = Router::parse('/auth_test');
|
|
Router::setRequestInfo(array($this->params, array('base' => null, 'here' => '/auth_test', 'webroot' => '/', 'passedArgs' => array(), 'argSeparator' => ':', 'namedArgs' => array())));
|
|
parent::__construct();
|
|
}
|
|
/**
|
|
* beforeFilter method
|
|
*
|
|
* @access public
|
|
* @return void
|
|
*/
|
|
function beforeFilter() {
|
|
}
|
|
/**
|
|
* login method
|
|
*
|
|
* @access public
|
|
* @return void
|
|
*/
|
|
function login() {
|
|
}
|
|
/**
|
|
* admin_login method
|
|
*
|
|
* @access public
|
|
* @return void
|
|
*/
|
|
function admin_login() {
|
|
}
|
|
/**
|
|
* logout method
|
|
*
|
|
* @access public
|
|
* @return void
|
|
*/
|
|
function logout() {
|
|
//$this->redirect($this->Auth->logout());
|
|
}
|
|
/**
|
|
* add method
|
|
*
|
|
* @access public
|
|
* @return void
|
|
*/
|
|
function add() {
|
|
echo "add";
|
|
}
|
|
/**
|
|
* redirect method
|
|
*
|
|
* @param mixed $url
|
|
* @param mixed $status
|
|
* @param mixed $exit
|
|
* @access public
|
|
* @return void
|
|
*/
|
|
function redirect($url, $status = null, $exit = true) {
|
|
$this->testUrl = Router::url($url);
|
|
return false;
|
|
}
|
|
/**
|
|
* isAuthorized method
|
|
*
|
|
* @access public
|
|
* @return void
|
|
*/
|
|
function isAuthorized() {
|
|
if (isset($this->params['testControllerAuth'])) {
|
|
return false;
|
|
}
|
|
return true;
|
|
}
|
|
/**
|
|
* Mock delete method
|
|
*
|
|
* @param mixed $url
|
|
* @param mixed $status
|
|
* @param mixed $exit
|
|
* @access public
|
|
* @return void
|
|
*/
|
|
function delete($id = null) {
|
|
if ($this->TestAuth->testStop !== true && $id !== null) {
|
|
echo 'Deleted Record: ' . var_export($id, true);
|
|
}
|
|
}
|
|
}
|
|
/**
|
|
* AjaxAuthController class
|
|
*
|
|
* @package cake
|
|
* @subpackage cake.tests.cases.libs.controller.components
|
|
*/
|
|
class AjaxAuthController extends Controller {
|
|
/**
|
|
* name property
|
|
*
|
|
* @var string 'AjaxAuth'
|
|
* @access public
|
|
*/
|
|
var $name = 'AjaxAuth';
|
|
/**
|
|
* components property
|
|
*
|
|
* @var array
|
|
* @access public
|
|
*/
|
|
var $components = array('TestAuth');
|
|
/**
|
|
* uses property
|
|
*
|
|
* @var array
|
|
* @access public
|
|
*/
|
|
var $uses = array();
|
|
/**
|
|
* testUrl property
|
|
*
|
|
* @var mixed null
|
|
* @access public
|
|
*/
|
|
var $testUrl = null;
|
|
/**
|
|
* beforeFilter method
|
|
*
|
|
* @access public
|
|
* @return void
|
|
*/
|
|
function beforeFilter() {
|
|
$this->TestAuth->ajaxLogin = 'test_element';
|
|
$this->TestAuth->userModel = 'AuthUser';
|
|
$this->TestAuth->RequestHandler->ajaxLayout = 'ajax2';
|
|
}
|
|
/**
|
|
* add method
|
|
*
|
|
* @access public
|
|
* @return void
|
|
*/
|
|
function add() {
|
|
if ($this->TestAuth->testStop !== true) {
|
|
echo 'Added Record';
|
|
}
|
|
}
|
|
/**
|
|
* redirect method
|
|
*
|
|
* @param mixed $url
|
|
* @param mixed $status
|
|
* @param mixed $exit
|
|
* @access public
|
|
* @return void
|
|
*/
|
|
function redirect($url, $status = null, $exit = true) {
|
|
$this->testUrl = Router::url($url);
|
|
return false;
|
|
}
|
|
}
|
|
/**
|
|
* Short description for class.
|
|
*
|
|
* @package cake.tests
|
|
* @subpackage cake.tests.cases.libs.controller.components
|
|
*/
|
|
class AuthTest extends CakeTestCase {
|
|
/**
|
|
* name property
|
|
*
|
|
* @var string 'Auth'
|
|
* @access public
|
|
*/
|
|
var $name = 'Auth';
|
|
/**
|
|
* fixtures property
|
|
*
|
|
* @var array
|
|
* @access public
|
|
*/
|
|
var $fixtures = array('core.uuid', 'core.auth_user', 'core.aro', 'core.aco', 'core.aros_aco', 'core.aco_action');
|
|
/**
|
|
* initialized property
|
|
*
|
|
* @var bool false
|
|
* @access public
|
|
*/
|
|
var $initialized = false;
|
|
/**
|
|
* startTest method
|
|
*
|
|
* @access public
|
|
* @return void
|
|
*/
|
|
function startTest() {
|
|
Configure::write('Acl.database', 'test_suite');
|
|
Configure::write('Acl.classname', 'DbAcl');
|
|
|
|
$this->Controller =& new AuthTestController();
|
|
$this->Controller->Component->init($this->Controller);
|
|
|
|
ClassRegistry::addObject('view', new View($this->Controller));
|
|
$this->Controller->Session->del('Auth');
|
|
$this->Controller->Session->del('Message.auth');
|
|
$this->initialized = true;
|
|
}
|
|
/**
|
|
* testNoAuth method
|
|
*
|
|
* @access public
|
|
* @return void
|
|
*/
|
|
function testNoAuth() {
|
|
$this->assertFalse($this->Controller->Auth->isAuthorized());
|
|
}
|
|
/**
|
|
* testLogin method
|
|
*
|
|
* @access public
|
|
* @return void
|
|
*/
|
|
function testLogin() {
|
|
$this->AuthUser =& new AuthUser();
|
|
$user['id'] = 1;
|
|
$user['username'] = 'mariano';
|
|
$user['password'] = Security::hash(Configure::read('Security.salt') . 'cake');
|
|
$this->AuthUser->save($user, false);
|
|
|
|
$authUser = $this->AuthUser->find();
|
|
|
|
$this->Controller->data['AuthUser']['username'] = $authUser['AuthUser']['username'];
|
|
$this->Controller->data['AuthUser']['password'] = 'cake';
|
|
|
|
$this->Controller->params = Router::parse('auth_test/login');
|
|
$this->Controller->params['url']['url'] = 'auth_test/login';
|
|
|
|
$this->Controller->Auth->initialize($this->Controller);
|
|
|
|
$this->Controller->Auth->loginAction = 'auth_test/login';
|
|
$this->Controller->Auth->userModel = 'AuthUser';
|
|
|
|
$this->Controller->Auth->startup($this->Controller);
|
|
$user = $this->Controller->Auth->user();
|
|
$expected = array('AuthUser' => array(
|
|
'id' => 1, 'username' => 'mariano', 'created' => '2007-03-17 01:16:23', 'updated' => date('Y-m-d H:i:s')
|
|
));
|
|
$this->assertEqual($user, $expected);
|
|
$this->Controller->Session->del('Auth');
|
|
|
|
$this->Controller->data['AuthUser']['username'] = 'blah';
|
|
$this->Controller->data['AuthUser']['password'] = '';
|
|
|
|
$this->Controller->Auth->startup($this->Controller);
|
|
|
|
$user = $this->Controller->Auth->user();
|
|
$this->assertFalse($user);
|
|
$this->Controller->Session->del('Auth');
|
|
|
|
$this->Controller->data['AuthUser']['username'] = 'now() or 1=1 --';
|
|
$this->Controller->data['AuthUser']['password'] = '';
|
|
|
|
$this->Controller->Auth->startup($this->Controller);
|
|
|
|
$user = $this->Controller->Auth->user();
|
|
$this->assertFalse($user);
|
|
$this->Controller->Session->del('Auth');
|
|
|
|
$this->Controller->data['AuthUser']['username'] = 'now() or 1=1 # something';
|
|
$this->Controller->data['AuthUser']['password'] = '';
|
|
|
|
$this->Controller->Auth->startup($this->Controller);
|
|
|
|
$user = $this->Controller->Auth->user();
|
|
$this->assertFalse($user);
|
|
$this->Controller->Session->del('Auth');
|
|
|
|
$this->Controller->Auth->userModel = 'UuidUser';
|
|
$this->Controller->Auth->login('47c36f9c-bc00-4d17-9626-4e183ca6822b');
|
|
|
|
$user = $this->Controller->Auth->user();
|
|
$expected = array('UuidUser' => array(
|
|
'id' => '47c36f9c-bc00-4d17-9626-4e183ca6822b', 'title' => 'Unique record 1', 'count' => 2, 'created' => '2008-03-13 01:16:23', 'updated' => '2008-03-13 01:18:31'
|
|
));
|
|
$this->assertEqual($user, $expected);
|
|
$this->Controller->Session->del('Auth');
|
|
}
|
|
/**
|
|
* testAuthorizeFalse method
|
|
*
|
|
* @access public
|
|
* @return void
|
|
*/
|
|
function testAuthorizeFalse() {
|
|
$this->AuthUser =& new AuthUser();
|
|
$user = $this->AuthUser->find();
|
|
$this->Controller->Session->write('Auth', $user);
|
|
$this->Controller->Auth->userModel = 'AuthUser';
|
|
$this->Controller->Auth->authorize = false;
|
|
$this->Controller->params = Router::parse('auth_test/add');
|
|
$result = $this->Controller->Auth->startup($this->Controller);
|
|
$this->assertTrue($result);
|
|
|
|
$this->Controller->Session->del('Auth');
|
|
$result = $this->Controller->Auth->startup($this->Controller);
|
|
$this->assertTrue($this->Controller->Session->check('Message.auth'));
|
|
}
|
|
/**
|
|
* testAuthorizeController method
|
|
*
|
|
* @access public
|
|
* @return void
|
|
*/
|
|
function testAuthorizeController() {
|
|
$this->AuthUser =& new AuthUser();
|
|
$user = $this->AuthUser->find();
|
|
$this->Controller->Session->write('Auth', $user);
|
|
$this->Controller->Auth->userModel = 'AuthUser';
|
|
$this->Controller->Auth->authorize = 'controller';
|
|
$this->Controller->params = Router::parse('auth_test/add');
|
|
$result = $this->Controller->Auth->startup($this->Controller);
|
|
$this->assertTrue($result);
|
|
|
|
$this->Controller->params['testControllerAuth'] = 1;
|
|
$result = $this->Controller->Auth->startup($this->Controller);
|
|
$this->assertTrue($this->Controller->Session->check('Message.auth'));
|
|
$this->assertFalse($result);
|
|
|
|
$this->Controller->Session->del('Auth');
|
|
}
|
|
/**
|
|
* testAuthorizeModel method
|
|
*
|
|
* @access public
|
|
* @return void
|
|
*/
|
|
function testAuthorizeModel() {
|
|
$this->AuthUser =& new AuthUser();
|
|
$user = $this->AuthUser->find();
|
|
$this->Controller->Session->write('Auth', $user);
|
|
|
|
$this->Controller->params['controller'] = 'auth_test';
|
|
$this->Controller->params['action'] = 'add';
|
|
$this->Controller->Auth->userModel = 'AuthUser';
|
|
$this->Controller->Auth->initialize($this->Controller);
|
|
$this->Controller->Auth->authorize = array('model'=>'AuthUser');
|
|
$result = $this->Controller->Auth->startup($this->Controller);
|
|
$this->assertTrue($result);
|
|
|
|
$this->Controller->Session->del('Auth');
|
|
$this->Controller->Auth->startup($this->Controller);
|
|
$this->assertTrue($this->Controller->Session->check('Message.auth'));
|
|
$result = $this->Controller->Auth->isAuthorized();
|
|
$this->assertFalse($result);
|
|
}
|
|
|
|
/**
|
|
* testAuthorizeCrud method
|
|
*
|
|
* @access public
|
|
* @return void
|
|
*/
|
|
function testAuthorizeCrud() {
|
|
$this->AuthUser =& new AuthUser();
|
|
$user = $this->AuthUser->find();
|
|
$this->Controller->Session->write('Auth', $user);
|
|
|
|
$this->Controller->params['controller'] = 'auth_test';
|
|
$this->Controller->params['action'] = 'add';
|
|
|
|
$this->Controller->Acl->name = 'DbAclTest';
|
|
|
|
$this->Controller->Acl->Aro->id = null;
|
|
$this->Controller->Acl->Aro->create(array('alias' => 'Roles'));
|
|
$result = $this->Controller->Acl->Aro->save();
|
|
$this->assertTrue($result);
|
|
|
|
$parent = $this->Controller->Acl->Aro->id;
|
|
|
|
$this->Controller->Acl->Aro->create(array('parent_id' => $parent, 'alias' => 'Admin'));
|
|
$result = $this->Controller->Acl->Aro->save();
|
|
$this->assertTrue($result);
|
|
|
|
$parent = $this->Controller->Acl->Aro->id;
|
|
|
|
$this->Controller->Acl->Aro->create(array(
|
|
'model' => 'AuthUser', 'parent_id' => $parent, 'foreign_key' => 1, 'alias'=> 'mariano'
|
|
));
|
|
$result = $this->Controller->Acl->Aro->save();
|
|
$this->assertTrue($result);
|
|
|
|
$this->Controller->Acl->Aco->create(array('alias'=>'Root'));
|
|
$result = $this->Controller->Acl->Aco->save();
|
|
$this->assertTrue($result);
|
|
|
|
$parent = $this->Controller->Acl->Aco->id;
|
|
|
|
$this->Controller->Acl->Aco->create(array('parent_id' => $parent, 'alias' => 'AuthTest'));
|
|
$result = $this->Controller->Acl->Aco->save();
|
|
$this->assertTrue($result);
|
|
|
|
$this->Controller->Acl->allow('Roles/Admin', 'Root');
|
|
$this->Controller->Acl->allow('Roles/Admin', 'Root/AuthTest');
|
|
|
|
$this->Controller->Auth->initialize($this->Controller);
|
|
|
|
$this->Controller->Auth->userModel = 'AuthUser';
|
|
$this->Controller->Auth->authorize = 'crud';
|
|
$this->Controller->Auth->actionPath = 'Root/';
|
|
|
|
$this->Controller->Auth->startup($this->Controller);
|
|
$this->assertTrue($this->Controller->Auth->isAuthorized());
|
|
|
|
$this->Controller->Session->del('Auth');
|
|
$this->Controller->Auth->startup($this->Controller);
|
|
$this->assertTrue($this->Controller->Session->check('Message.auth'));
|
|
}
|
|
/**
|
|
* Tests that deny always takes precedence over allow
|
|
*
|
|
* @access public
|
|
* @return void
|
|
*/
|
|
function testAllowDenyAll() {
|
|
$this->Controller->Auth->initialize($this->Controller);
|
|
|
|
$this->Controller->Auth->allow('*');
|
|
$this->Controller->Auth->deny('add');
|
|
|
|
$this->Controller->params['action'] = 'delete';
|
|
$this->assertTrue($this->Controller->Auth->startup($this->Controller));
|
|
|
|
$this->Controller->params['action'] = 'add';
|
|
$this->assertFalse($this->Controller->Auth->startup($this->Controller));
|
|
}
|
|
/**
|
|
* testLoginRedirect method
|
|
*
|
|
* @access public
|
|
* @return void
|
|
*/
|
|
function testLoginRedirect() {
|
|
if (isset($_SERVER['HTTP_REFERER'])) {
|
|
$backup = $_SERVER['HTTP_REFERER'];
|
|
} else {
|
|
$backup = null;
|
|
}
|
|
|
|
$_SERVER['HTTP_REFERER'] = false;
|
|
|
|
$this->Controller->Session->write('Auth', array(
|
|
'AuthUser' => array('id' => '1', 'username' => 'nate')
|
|
));
|
|
|
|
$this->Controller->params = Router::parse('users/login');
|
|
$this->Controller->params['url']['url'] = 'users/login';
|
|
$this->Controller->Auth->initialize($this->Controller);
|
|
|
|
$this->Controller->Auth->userModel = 'AuthUser';
|
|
$this->Controller->Auth->loginRedirect = array(
|
|
'controller' => 'pages', 'action' => 'display', 'welcome'
|
|
);
|
|
$this->Controller->Auth->startup($this->Controller);
|
|
$expected = Router::normalize($this->Controller->Auth->loginRedirect);
|
|
$this->assertEqual($expected, $this->Controller->Auth->redirect());
|
|
|
|
$this->Controller->Session->del('Auth');
|
|
|
|
$this->Controller->params['url']['url'] = 'admin/';
|
|
$this->Controller->Auth->initialize($this->Controller);
|
|
$this->Controller->Auth->userModel = 'AuthUser';
|
|
$this->Controller->Auth->loginRedirect = null;
|
|
$this->Controller->Auth->startup($this->Controller);
|
|
$expected = Router::normalize('admin/');
|
|
$this->assertTrue($this->Controller->Session->check('Message.auth'));
|
|
$this->assertEqual($expected, $this->Controller->Auth->redirect());
|
|
|
|
$this->Controller->Session->del('Auth');
|
|
|
|
//empty referer no session
|
|
$_SERVER['HTTP_REFERER'] = false;
|
|
$_ENV['HTTP_REFERER'] = false;
|
|
putenv('HTTP_REFERER=');
|
|
$url = '/posts/view/1';
|
|
|
|
$this->Controller->Session->write('Auth', array(
|
|
'AuthUser' => array('id' => '1', 'username' => 'nate'))
|
|
);
|
|
$this->Controller->testUrl = null;
|
|
$this->Controller->params = Router::parse($url);
|
|
array_push($this->Controller->methods, 'view', 'edit', 'index');
|
|
|
|
$this->Controller->Auth->initialize($this->Controller);
|
|
$this->Controller->Auth->authorize = 'controller';
|
|
$this->Controller->params['testControllerAuth'] = true;
|
|
|
|
$this->Controller->Auth->loginAction = array(
|
|
'controller' => 'AuthTest', 'action' => 'login'
|
|
);
|
|
$this->Controller->Auth->userModel = 'AuthUser';
|
|
$this->Controller->Auth->startup($this->Controller);
|
|
$expected = Router::normalize('/');
|
|
$this->assertEqual($expected, $this->Controller->testUrl);
|
|
|
|
|
|
$this->Controller->Session->del('Auth');
|
|
$_SERVER['HTTP_REFERER'] = Router::url('/admin/', true);
|
|
|
|
$this->Controller->Session->write('Auth', array(
|
|
'AuthUser' => array('id'=>'1', 'username'=>'nate'))
|
|
);
|
|
$this->Controller->params['url']['url'] = 'auth_test/login';
|
|
$this->Controller->Auth->initialize($this->Controller);
|
|
$this->Controller->Auth->loginAction = 'auth_test/login';
|
|
$this->Controller->Auth->userModel = 'AuthUser';
|
|
$this->Controller->Auth->loginRedirect = false;
|
|
$this->Controller->Auth->startup($this->Controller);
|
|
$expected = Router::normalize('/admin');
|
|
$this->assertEqual($expected, $this->Controller->Auth->redirect());
|
|
|
|
//Ticket #4750
|
|
//named params
|
|
$this->Controller->Session->del('Auth');
|
|
$url = '/posts/index/year:2008/month:feb';
|
|
$this->Controller->params = Router::parse($url);
|
|
$this->Controller->params['url']['url'] = Router::normalize($url);
|
|
$this->Controller->Auth->initialize($this->Controller);
|
|
$this->Controller->Auth->loginAction = array('controller' => 'AuthTest', 'action' => 'login');
|
|
$this->Controller->Auth->userModel = 'AuthUser';
|
|
$this->Controller->Auth->startup($this->Controller);
|
|
$expected = Router::normalize('posts/index/year:2008/month:feb');
|
|
$this->assertEqual($expected, $this->Controller->Session->read('Auth.redirect'));
|
|
|
|
//passed args
|
|
$this->Controller->Session->del('Auth');
|
|
$url = '/posts/view/1';
|
|
$this->Controller->params = Router::parse($url);
|
|
$this->Controller->params['url']['url'] = Router::normalize($url);
|
|
$this->Controller->Auth->initialize($this->Controller);
|
|
$this->Controller->Auth->loginAction = array('controller' => 'AuthTest', 'action' => 'login');
|
|
$this->Controller->Auth->userModel = 'AuthUser';
|
|
$this->Controller->Auth->startup($this->Controller);
|
|
$expected = Router::normalize('posts/view/1');
|
|
$this->assertEqual($expected, $this->Controller->Session->read('Auth.redirect'));
|
|
|
|
//external authed action
|
|
$_SERVER['HTTP_REFERER'] = 'http://webmail.example.com/view/message';
|
|
$this->Controller->Session->del('Auth');
|
|
$url = '/posts/edit/1';
|
|
$this->Controller->params = Router::parse($url);
|
|
$this->Controller->params['url']['url'] = Router::normalize($url);
|
|
$this->Controller->Auth->initialize($this->Controller);
|
|
$this->Controller->Auth->loginAction = array('controller' => 'AuthTest', 'action' => 'login');
|
|
$this->Controller->Auth->userModel = 'AuthUser';
|
|
$this->Controller->Auth->startup($this->Controller);
|
|
$expected = Router::normalize('/posts/edit/1');
|
|
$this->assertEqual($expected, $this->Controller->Session->read('Auth.redirect'));
|
|
|
|
//external direct login link
|
|
$_SERVER['HTTP_REFERER'] = 'http://webmail.example.com/view/message';
|
|
$this->Controller->Session->del('Auth');
|
|
$url = '/AuthTest/login';
|
|
$this->Controller->params = Router::parse($url);
|
|
$this->Controller->params['url']['url'] = Router::normalize($url);
|
|
$this->Controller->Auth->initialize($this->Controller);
|
|
$this->Controller->Auth->loginAction = array('controller' => 'AuthTest', 'action' => 'login');
|
|
$this->Controller->Auth->userModel = 'AuthUser';
|
|
$this->Controller->Auth->startup($this->Controller);
|
|
$expected = Router::normalize('/');
|
|
$this->assertEqual($expected, $this->Controller->Session->read('Auth.redirect'));
|
|
|
|
$_SERVER['HTTP_REFERER'] = $backup;
|
|
$this->Controller->Session->del('Auth');
|
|
}
|
|
/**
|
|
* Ensure that no redirect is performed when a 404 is reached
|
|
* And the user doesn't have a session.
|
|
*
|
|
* @return void
|
|
**/
|
|
function testNoRedirectOn404() {
|
|
$this->Controller->Session->del('Auth');
|
|
$this->Controller->Auth->initialize($this->Controller);
|
|
$this->Controller->params = Router::parse('auth_test/something_totally_wrong');
|
|
$result = $this->Controller->Auth->startup($this->Controller);
|
|
$this->assertTrue($result, 'Auth redirected a missing action %s');
|
|
}
|
|
/**
|
|
* testEmptyUsernameOrPassword method
|
|
*
|
|
* @access public
|
|
* @return void
|
|
*/
|
|
function testEmptyUsernameOrPassword() {
|
|
$this->AuthUser =& new AuthUser();
|
|
$user['id'] = 1;
|
|
$user['username'] = 'mariano';
|
|
$user['password'] = Security::hash(Configure::read('Security.salt') . 'cake');
|
|
$this->AuthUser->save($user, false);
|
|
|
|
$authUser = $this->AuthUser->find();
|
|
|
|
$this->Controller->data['AuthUser']['username'] = '';
|
|
$this->Controller->data['AuthUser']['password'] = '';
|
|
|
|
$this->Controller->params = Router::parse('auth_test/login');
|
|
$this->Controller->params['url']['url'] = 'auth_test/login';
|
|
$this->Controller->Auth->initialize($this->Controller);
|
|
$this->Controller->Auth->loginAction = 'auth_test/login';
|
|
$this->Controller->Auth->userModel = 'AuthUser';
|
|
|
|
$this->Controller->Auth->startup($this->Controller);
|
|
$user = $this->Controller->Auth->user();
|
|
$this->assertTrue($this->Controller->Session->check('Message.auth'));
|
|
$this->assertEqual($user, false);
|
|
$this->Controller->Session->del('Auth');
|
|
}
|
|
/**
|
|
* testInjection method
|
|
*
|
|
* @access public
|
|
* @return void
|
|
*/
|
|
function testInjection() {
|
|
$this->AuthUser =& new AuthUser();
|
|
$this->AuthUser->id = 2;
|
|
$this->AuthUser->saveField('password', Security::hash(Configure::read('Security.salt') . 'cake'));
|
|
|
|
$this->Controller->data['AuthUser']['username'] = 'nate';
|
|
$this->Controller->data['AuthUser']['password'] = 'cake';
|
|
$this->Controller->params = Router::parse('auth_test/login');
|
|
$this->Controller->params['url']['url'] = 'auth_test/login';
|
|
$this->Controller->Auth->initialize($this->Controller);
|
|
|
|
$this->Controller->Auth->loginAction = 'auth_test/login';
|
|
$this->Controller->Auth->userModel = 'AuthUser';
|
|
$this->Controller->Auth->startup($this->Controller);
|
|
$this->assertTrue(is_array($this->Controller->Auth->user()));
|
|
|
|
$this->Controller->Session->del($this->Controller->Auth->sessionKey);
|
|
|
|
$this->Controller->data['AuthUser']['username'] = 'nate';
|
|
$this->Controller->data['AuthUser']['password'] = 'cake1';
|
|
$this->Controller->params['url']['url'] = 'auth_test/login';
|
|
$this->Controller->Auth->initialize($this->Controller);
|
|
|
|
$this->Controller->Auth->loginAction = 'auth_test/login';
|
|
$this->Controller->Auth->userModel = 'AuthUser';
|
|
$this->Controller->Auth->startup($this->Controller);
|
|
$this->assertTrue(is_null($this->Controller->Auth->user()));
|
|
|
|
$this->Controller->Session->del($this->Controller->Auth->sessionKey);
|
|
|
|
$this->Controller->data['AuthUser']['username'] = '> n';
|
|
$this->Controller->data['AuthUser']['password'] = 'cake';
|
|
$this->Controller->Auth->initialize($this->Controller);
|
|
|
|
$this->Controller->Auth->startup($this->Controller);
|
|
$this->assertTrue(is_null($this->Controller->Auth->user()));
|
|
|
|
unset($this->Controller->data['AuthUser']['password']);
|
|
$this->Controller->data['AuthUser']['username'] = "1'1";
|
|
$this->Controller->Auth->initialize($this->Controller);
|
|
|
|
$this->Controller->Auth->startup($this->Controller);
|
|
$this->assertTrue(is_null($this->Controller->Auth->user()));
|
|
|
|
unset($this->Controller->data['AuthUser']['username']);
|
|
$this->Controller->data['AuthUser']['password'] = "1'1";
|
|
$this->Controller->Auth->initialize($this->Controller);
|
|
|
|
$this->Controller->Auth->startup($this->Controller);
|
|
$this->assertTrue(is_null($this->Controller->Auth->user()));
|
|
}
|
|
/**
|
|
* test Hashing of passwords
|
|
*
|
|
* @return void
|
|
**/
|
|
function testHashPasswords() {
|
|
$this->Controller->Auth->userModel = 'AuthUser';
|
|
|
|
$data['AuthUser']['password'] = 'superSecret';
|
|
$data['AuthUser']['username'] = 'superman@dailyplanet.com';
|
|
$return = $this->Controller->Auth->hashPasswords($data);
|
|
$expected = $data;
|
|
$expected['AuthUser']['password'] = Security::hash($expected['AuthUser']['password'], null, true);
|
|
$this->assertEqual($return, $expected);
|
|
|
|
$data['Wrong']['password'] = 'superSecret';
|
|
$data['Wrong']['username'] = 'superman@dailyplanet.com';
|
|
$data['AuthUser']['password'] = 'IcantTellYou';
|
|
$return = $this->Controller->Auth->hashPasswords($data);
|
|
$expected = $data;
|
|
$expected['AuthUser']['password'] = Security::hash($expected['AuthUser']['password'], null, true);
|
|
$this->assertEqual($return, $expected);
|
|
|
|
$xml = array(
|
|
'User' => array(
|
|
'username' => 'batman@batcave.com',
|
|
'password' => 'bruceWayne',
|
|
)
|
|
);
|
|
$data = new Xml($xml);
|
|
$return = $this->Controller->Auth->hashPasswords($data);
|
|
$expected = $data;
|
|
$this->assertEqual($return, $expected);
|
|
}
|
|
/**
|
|
* testCustomRoute method
|
|
*
|
|
* @access public
|
|
* @return void
|
|
*/
|
|
function testCustomRoute() {
|
|
Router::reload();
|
|
Router::connect(
|
|
'/:lang/:controller/:action/*',
|
|
array('lang' => null),
|
|
array('lang' => '[a-z]{2,3}')
|
|
);
|
|
|
|
$url = '/en/users/login';
|
|
$this->Controller->params = Router::parse($url);
|
|
Router::setRequestInfo(array($this->Controller->passedArgs, array(
|
|
'base' => null, 'here' => $url, 'webroot' => '/', 'passedArgs' => array(),
|
|
'argSeparator' => ':', 'namedArgs' => array()
|
|
)));
|
|
|
|
$this->AuthUser =& new AuthUser();
|
|
$user = array(
|
|
'id' => 1, 'username' => 'felix',
|
|
'password' => Security::hash(Configure::read('Security.salt') . 'cake'
|
|
));
|
|
$user = $this->AuthUser->save($user, false);
|
|
|
|
$this->Controller->data['AuthUser'] = array('username' => 'felix', 'password' => 'cake');
|
|
$this->Controller->params['url']['url'] = substr($url, 1);
|
|
$this->Controller->Auth->initialize($this->Controller);
|
|
$this->Controller->Auth->loginAction = array('lang' => 'en', 'controller' => 'users', 'action' => 'login');
|
|
$this->Controller->Auth->userModel = 'AuthUser';
|
|
|
|
$this->Controller->Auth->startup($this->Controller);
|
|
$user = $this->Controller->Auth->user();
|
|
$this->assertTrue(!!$user);
|
|
}
|
|
/**
|
|
* testAdminRoute method
|
|
*
|
|
* @access public
|
|
* @return void
|
|
*/
|
|
function testAdminRoute() {
|
|
$admin = Configure::read('Routing.admin');
|
|
Configure::write('Routing.admin', 'admin');
|
|
Router::reload();
|
|
|
|
$url = '/admin/auth_test/add';
|
|
$this->Controller->params = Router::parse($url);
|
|
$this->Controller->params['url']['url'] = ltrim($url, '/');
|
|
Router::setRequestInfo(array(
|
|
array(
|
|
'pass' => array(), 'action' => 'add', 'plugin' => null,
|
|
'controller' => 'auth_test', 'admin' => true,
|
|
'url' => array('url' => $this->Controller->params['url']['url'])
|
|
),
|
|
array(
|
|
'base' => null, 'here' => $url,
|
|
'webroot' => '/', 'passedArgs' => array(),
|
|
)
|
|
));
|
|
$this->Controller->Auth->initialize($this->Controller);
|
|
|
|
$this->Controller->Auth->loginAction = array(
|
|
'admin' => true, 'controller' => 'auth_test', 'action' => 'login'
|
|
);
|
|
$this->Controller->Auth->userModel = 'AuthUser';
|
|
|
|
$this->Controller->Auth->startup($this->Controller);
|
|
$this->assertEqual($this->Controller->testUrl, '/admin/auth_test/login');
|
|
|
|
Configure::write('Routing.admin', $admin);
|
|
}
|
|
/**
|
|
* testAjaxLogin method
|
|
*
|
|
* @access public
|
|
* @return void
|
|
*/
|
|
function testAjaxLogin() {
|
|
Configure::write('viewPaths', array(TEST_CAKE_CORE_INCLUDE_PATH . 'tests' . DS . 'test_app' . DS . 'views'. DS));
|
|
$_SERVER['HTTP_X_REQUESTED_WITH'] = "XMLHttpRequest";
|
|
|
|
if (!class_exists('dispatcher')) {
|
|
require CAKE . 'dispatcher.php';
|
|
}
|
|
|
|
ob_start();
|
|
$Dispatcher =& new Dispatcher();
|
|
$Dispatcher->dispatch('/ajax_auth/add', array('return' => 1));
|
|
$result = ob_get_clean();
|
|
$this->assertEqual("Ajax!\nthis is the test element", $result);
|
|
unset($_SERVER['HTTP_X_REQUESTED_WITH']);
|
|
}
|
|
/**
|
|
* testLoginActionRedirect method
|
|
*
|
|
* @access public
|
|
* @return void
|
|
*/
|
|
function testLoginActionRedirect() {
|
|
$admin = Configure::read('Routing.admin');
|
|
Configure::write('Routing.admin', 'admin');
|
|
Router::reload();
|
|
|
|
$url = '/admin/auth_test/login';
|
|
$this->Controller->params = Router::parse($url);
|
|
$this->Controller->params['url']['url'] = ltrim($url, '/');
|
|
Router::setRequestInfo(array(
|
|
array(
|
|
'pass' => array(), 'action' => 'admin_login', 'plugin' => null, 'controller' => 'auth_test',
|
|
'admin' => true, 'url' => array('url' => $this->Controller->params['url']['url']),
|
|
),
|
|
array(
|
|
'base' => null, 'here' => $url,
|
|
'webroot' => '/', 'passedArgs' => array(),
|
|
)
|
|
));
|
|
|
|
$this->Controller->Auth->initialize($this->Controller);
|
|
|
|
$this->Controller->Auth->loginAction = array('admin' => true, 'controller' => 'auth_test', 'action' => 'login');
|
|
$this->Controller->Auth->userModel = 'AuthUser';
|
|
|
|
$this->Controller->Auth->startup($this->Controller);
|
|
|
|
$this->assertNull($this->Controller->testUrl);
|
|
|
|
Configure::write('Routing.admin', $admin);
|
|
}
|
|
/**
|
|
* Tests that shutdown destroys the redirect session var
|
|
*
|
|
* @access public
|
|
* @return void
|
|
*/
|
|
function testShutDown() {
|
|
$this->Controller->Session->write('Auth.redirect', 'foo');
|
|
$this->Controller->Auth->_loggedIn = true;
|
|
$this->Controller->Auth->shutdown($this->Controller);
|
|
$this->assertFalse($this->Controller->Session->read('Auth.redirect'));
|
|
}
|
|
/**
|
|
* tearDown method
|
|
*
|
|
* @access public
|
|
* @return void
|
|
*/
|
|
function tearDown() {
|
|
unset($this->Controller, $this->AuthUser);
|
|
}
|
|
}
|
|
?>
|