@@ -28,7 +28,7 @@ public function testMfaUnauthenticated(): void
2828 $ this ->assertResponseRedirects ('/login ' , Response::HTTP_FOUND );
2929 }
3030
31- #[RequiresFunction('\Safe\unpack ' )] // todo test fails with Lowest Composer dependencies
31+ // #[RequiresFunction('\Safe\unpack')] // todo test fails with Lowest Composer dependencies
3232 public function testMfaSetup (): void
3333 {
3434 $ client = static ::createClient ();
@@ -48,9 +48,58 @@ public function testMfaSetup(): void
4848
4949 $ this ->assertResponseRedirects ('/account ' , Response::HTTP_FOUND );
5050
51+ $ user = $ this ->getService (EntityManagerInterface::class)->find (User::class, $ user ->getId ());
52+
5153 $ this ->assertNotNull ($ user ->getTotpSecret ());
5254 }
5355
56+ public function testMfaSetupWrongPassword (): void
57+ {
58+ $ client = static ::createClient ();
59+ $ totpFactory = $ this ->getService (TotpFactory::class, 'scheb_two_factor.security.totp_factory ' );
60+
61+ $ user = $ this ->createMockUser ();
62+ $ this ->persistEntities ($ user );
63+
64+ $ client ->loginUser ($ user );
65+
66+ $ client ->request ('GET ' , '/account/mfa ' );
67+
68+ $ client ->submitForm ('Enable MFA authentication ' , [
69+ 'mfa_setup_form[currentPassword] ' => 'OddPassword11 ' ,
70+ 'mfa_setup_form[totpCode] ' => $ totpFactory ->createTotpForUser ($ user )->now (),
71+ ]);
72+
73+ $ this ->assertResponseStatusCodeSame (Response::HTTP_UNPROCESSABLE_ENTITY );
74+
75+ $ user = $ this ->getService (EntityManagerInterface::class)->find (User::class, $ user ->getId ());
76+
77+ $ this ->assertNull ($ user ->getTotpSecret ());
78+ }
79+
80+ public function testMfaSetupWrongTotpCode (): void
81+ {
82+ $ client = static ::createClient ();
83+
84+ $ user = $ this ->createMockUser ();
85+ $ this ->persistEntities ($ user );
86+
87+ $ client ->loginUser ($ user );
88+
89+ $ client ->request ('GET ' , '/account/mfa ' );
90+
91+ $ client ->submitForm ('Enable MFA authentication ' , [
92+ 'mfa_setup_form[currentPassword] ' => 'PlainPassword99 ' ,
93+ 'mfa_setup_form[totpCode] ' => 'abcdef ' ,
94+ ]);
95+
96+ $ this ->assertResponseStatusCodeSame (Response::HTTP_UNPROCESSABLE_ENTITY );
97+
98+ $ user = $ this ->getService (EntityManagerInterface::class)->find (User::class, $ user ->getId ());
99+
100+ $ this ->assertNull ($ user ->getTotpSecret ());
101+ }
102+
54103 public function testMfaClear (): void
55104 {
56105 $ client = static ::createClient ();
@@ -73,6 +122,28 @@ public function testMfaClear(): void
73122 $ this ->assertNull ($ user ->getTotpSecret ());
74123 }
75124
125+ public function testMfaClearWrongPassword (): void
126+ {
127+ $ client = static ::createClient ();
128+
129+ $ user = $ this ->createMockUser (mfaEnabled: true );
130+ $ this ->persistEntities ($ user );
131+
132+ $ client ->loginUser ($ user );
133+
134+ $ client ->request ('GET ' , '/account/mfa ' );
135+
136+ $ client ->submitForm ('Disable MFA authentication ' , [
137+ 'mfa_clear_form[currentPassword] ' => 'OddPassword11 ' ,,
138+ ]);
139+
140+ $ this ->assertResponseStatusCodeSame (Response::HTTP_UNPROCESSABLE_ENTITY );
141+
142+ $ user = $ this ->getService (EntityManagerInterface::class)->find (User::class, $ user ->getId ());
143+
144+ $ this ->assertNotNull ($ user ->getTotpSecret ());
145+ }
146+
76147 public function testMfaQrCodeUnauthenticated (): void
77148 {
78149 $ client = static ::createClient ();
0 commit comments