plugin-McpServer/tests/Integration/ControllerTest.php at c7f1507c33100c3d9906d956000e68dbe89bfb39 · matomo-org/plugin-McpServer · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
<?php

/**
 * Matomo - free/libre analytics platform
 *
 * @link    https://matomo.org
 * @license https://www.gnu.org/licenses/gpl-3.0.html GPL v3 or later
 */

declare(strict_types=1);

namespace Piwik\Plugins\McpServer\tests\Integration;

use Piwik\Access;
use Piwik\Container\StaticContainer;
use Piwik\Date;
use Piwik\NoAccessException;
use Piwik\Plugins\McpServer\Controller;
use Piwik\Plugins\McpServer\SystemSettings;
use Piwik\Plugins\McpServer\tests\Framework\McpAuthTestHelper;
use Piwik\Plugins\UsersManager\Model as UsersManagerModel;
use Piwik\Tests\Framework\Fixture;
use Piwik\Tests\Framework\TestCase\IntegrationTestCase;

/**
 * @group McpServer
 * @group Plugins
 */
class ControllerTest extends IntegrationTestCase
{
    private ?string $anonymousAccessBackup = null;

    private bool $createdAnonymousUser = false;

    private int $idSite = 0;

    public function setUp(): void
    {
        parent::setUp();

        $this->idSite = Fixture::createWebsite(
            '2010-01-01 00:00:00',
            0,
            'MCP Controller Test Site',
            'https://mcp-controller.test',
        );
    }

    public function tearDown(): void
    {
        $this->restoreAnonymousAccessForSite($this->idSite);
        Access::getInstance()->setSuperUserAccess(false);

        parent::tearDown();
    }

    public function testConnectRejectsAnonymousWithViewAccess(): void
    {
        $this->setAnonymousAccessForSite($this->idSite, 'view');
        $originalTokenAuth = McpAuthTestHelper::captureCurrentTokenAuth();

        try {
            McpAuthTestHelper::switchToAnonymous();

            $this->expectException(NoAccessException::class);

            (new Controller(StaticContainer::get(SystemSettings::class)))->connect();
        } finally {
            McpAuthTestHelper::restoreAuth($originalTokenAuth);
        }
    }

    private function setAnonymousAccessForSite(int $idSite, string $access): void
    {
        $model = new UsersManagerModel();
        if (!$model->userExists('anonymous')) {
            $model->addUser('anonymous', 'not_a_hash', 'anonymous@example.com', Date::now()->getDatetime());
            $this->createdAnonymousUser = true;
        }

        if ($this->anonymousAccessBackup === null) {
            $usersAccess = $model->getUsersAccessFromSite($idSite);
            $this->anonymousAccessBackup = $usersAccess['anonymous'] ?? 'noaccess';
        }

        $model->deleteUserAccess('anonymous', [$idSite]);
        if ($access !== 'noaccess') {
            $model->addUserAccess('anonymous', $access, [$idSite]);
        }
    }

    private function restoreAnonymousAccessForSite(int $idSite): void
    {
        if ($this->anonymousAccessBackup === null) {
            return;
        }

        $model = new UsersManagerModel();
        $model->deleteUserAccess('anonymous', [$idSite]);
        if ($this->anonymousAccessBackup !== 'noaccess') {
            $model->addUserAccess('anonymous', $this->anonymousAccessBackup, [$idSite]);
        }

        if ($this->createdAnonymousUser) {
            $model->deleteUser('anonymous');
            $this->createdAnonymousUser = false;
        }

        $this->anonymousAccessBackup = null;
    }
}