Skip to content

Commit 4acc3e8

Browse files
committed
Create tests for MFA pages [temp]
1 parent f9d56f2 commit 4acc3e8

4 files changed

Lines changed: 77 additions & 7 deletions

File tree

src/Controller/Dashboard/DashboardAccountController.php

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -112,8 +112,6 @@ public function mfa(Request $request, #[CurrentUser] User $user): Response
112112
$totpCode = $form->get('totpCode')->getData();
113113

114114
if (!$this->totpAuthenticator->checkCode($user, $totpCode)) {
115-
$user->setTotpSecret(null);
116-
117115
$form->get('totpCode')->addError(new FormError('account.error.totp-incorrect'));
118116
}
119117

src/Doctrine/Entity/User.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -189,6 +189,6 @@ public function getTotpAuthenticationUsername(): string
189189

190190
public function getTotpAuthenticationConfiguration(): ?TotpConfigurationInterface
191191
{
192-
return new TotpConfiguration($this->totpSecret, TotpConfiguration::ALGORITHM_SHA1, 30, 6);
192+
return $this->totpSecret ? new TotpConfiguration($this->totpSecret, TotpConfiguration::ALGORITHM_SHA1, 30, 6) : null;
193193
}
194194
}

tests/FunctionalTests/Controller/Dashboard/DashboardAccountControllerTest.php

Lines changed: 74 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,6 @@
88
use CodedMonkey\Dirigent\Tests\Helper\WebTestCaseTrait;
99
use Doctrine\ORM\EntityManagerInterface;
1010
use PHPUnit\Framework\Attributes\CoversClass;
11-
use PHPUnit\Framework\Attributes\RequiresFunction;
1211
use Scheb\TwoFactorBundle\Security\TwoFactor\Provider\Totp\TotpFactory;
1312
use Symfony\Bundle\FrameworkBundle\Test\WebTestCase;
1413
use Symfony\Component\HttpFoundation\Response;
@@ -28,7 +27,7 @@ public function testMfaUnauthenticated(): void
2827
$this->assertResponseRedirects('/login', Response::HTTP_FOUND);
2928
}
3029

31-
#[RequiresFunction('\Safe\unpack')] // todo test fails with Lowest Composer dependencies
30+
// #[RequiresFunction('\Safe\unpack')] // todo test fails with Lowest Composer dependencies
3231
public function testMfaSetup(): void
3332
{
3433
$client = static::createClient();
@@ -48,9 +47,60 @@ public function testMfaSetup(): void
4847

4948
$this->assertResponseRedirects('/account', Response::HTTP_FOUND);
5049

50+
$user = $this->getService(EntityManagerInterface::class)->find(User::class, $user->getId());
51+
5152
$this->assertNotNull($user->getTotpSecret());
5253
}
5354

55+
public function testMfaSetupWrongPassword(): void
56+
{
57+
$client = static::createClient();
58+
$totpFactory = $this->getService(TotpFactory::class, 'scheb_two_factor.security.totp_factory');
59+
60+
$user = $this->createMockUser();
61+
$this->persistEntities($user);
62+
63+
$client->loginUser($user);
64+
65+
$client->request('GET', '/account/mfa');
66+
67+
$client->submitForm('Enable MFA authentication', [
68+
'mfa_setup_form[currentPassword]' => 'OddPassword11',
69+
'mfa_setup_form[totpCode]' => $totpFactory->createTotpForUser($user)->now(),
70+
]);
71+
72+
$this->assertResponseStatusCodeSame(Response::HTTP_UNPROCESSABLE_ENTITY);
73+
74+
$this->clearEntities();
75+
$user = $this->getService(EntityManagerInterface::class)->find(User::class, $user->getId());
76+
77+
$this->assertNull($user->getTotpSecret());
78+
}
79+
80+
public function testMfaSetupWrongTotpCode(): void
81+
{
82+
$client = static::createClient();
83+
84+
$user = $this->createMockUser();
85+
$this->persistEntities($user);
86+
87+
$client->loginUser($user);
88+
89+
$client->request('GET', '/account/mfa');
90+
91+
$client->submitForm('Enable MFA authentication', [
92+
'mfa_setup_form[currentPassword]' => 'PlainPassword99',
93+
'mfa_setup_form[totpCode]' => 'abcdef',
94+
]);
95+
96+
$this->assertResponseStatusCodeSame(Response::HTTP_UNPROCESSABLE_ENTITY);
97+
98+
$this->clearEntities();
99+
$user = $this->getService(EntityManagerInterface::class)->find(User::class, $user->getId());
100+
101+
$this->assertNull($user->getTotpSecret());
102+
}
103+
54104
public function testMfaClear(): void
55105
{
56106
$client = static::createClient();
@@ -73,6 +123,28 @@ public function testMfaClear(): void
73123
$this->assertNull($user->getTotpSecret());
74124
}
75125

126+
public function testMfaClearWrongPassword(): void
127+
{
128+
$client = static::createClient();
129+
130+
$user = $this->createMockUser(mfaEnabled: true);
131+
$this->persistEntities($user);
132+
133+
$client->loginUser($user);
134+
135+
$client->request('GET', '/account/mfa');
136+
137+
$client->submitForm('Disable MFA authentication', [
138+
'mfa_clear_form[currentPassword]' => 'OddPassword11',
139+
]);
140+
141+
$this->assertResponseStatusCodeSame(Response::HTTP_UNPROCESSABLE_ENTITY);
142+
143+
$user = $this->getService(EntityManagerInterface::class)->find(User::class, $user->getId());
144+
145+
$this->assertNotNull($user->getTotpSecret());
146+
}
147+
76148
public function testMfaQrCodeUnauthenticated(): void
77149
{
78150
$client = static::createClient();

tests/Helper/MockEntityFactoryTrait.php

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -65,10 +65,10 @@ protected function persistEntities(...$entities): void
6565
$entityManager->flush();
6666
}
6767

68-
protected function refreshEntity(object $entity): void
68+
protected function clearEntities(): void
6969
{
7070
$entityManager = $this->getService(EntityManagerInterface::class);
7171

72-
$entityManager->refresh($entity);
72+
$entityManager->clear();
7373
}
7474
}

0 commit comments

Comments
 (0)