2017-03-30 03:41:05 +00:00
< ? php
2017-11-17 01:23:18 +00:00
/** @ license MIT
* Copyright 2017 J . King , Dustin Wilson et al .
* See LICENSE and AUTHORS files for details */
2017-03-30 03:41:05 +00:00
declare ( strict_types = 1 );
2017-03-31 17:24:00 +00:00
namespace JKingWeb\Arsse\Test\Database ;
2017-08-29 14:50:31 +00:00
2017-07-17 11:47:57 +00:00
use JKingWeb\Arsse\Arsse ;
2017-03-31 17:24:00 +00:00
use JKingWeb\Arsse\User\Driver as UserDriver ;
2017-03-30 03:41:05 +00:00
use Phake ;
2017-03-31 17:24:00 +00:00
trait SeriesUser {
2017-06-18 16:48:29 +00:00
protected $data = [
'arsse_users' => [
'columns' => [
'id' => 'str' ,
'password' => 'str' ,
'name' => 'str' ,
'rights' => 'int' ,
2017-06-18 16:24:19 +00:00
],
2017-06-18 16:48:29 +00:00
'rows' => [
[ " admin@example.net " , '$2y$10$PbcG2ZR3Z8TuPzM7aHTF8.v61dtCjzjK78gdZJcp4UePE8T9jEgBW' , " Hard Lip Herbert " , UserDriver :: RIGHTS_GLOBAL_ADMIN ], // password is hash of "secret"
[ " jane.doe@example.com " , " " , " Jane Doe " , UserDriver :: RIGHTS_NONE ],
[ " john.doe@example.com " , " " , " John Doe " , UserDriver :: RIGHTS_NONE ],
],
],
];
2017-03-30 03:41:05 +00:00
2017-08-29 14:50:31 +00:00
public function testCheckThatAUserExists () {
2017-07-17 11:47:57 +00:00
$this -> assertTrue ( Arsse :: $db -> userExists ( " jane.doe@example.com " ));
$this -> assertFalse ( Arsse :: $db -> userExists ( " jane.doe@example.org " ));
Phake :: verify ( Arsse :: $user ) -> authorize ( " jane.doe@example.com " , " userExists " );
Phake :: verify ( Arsse :: $user ) -> authorize ( " jane.doe@example.org " , " userExists " );
2017-03-30 03:41:05 +00:00
$this -> compareExpectations ( $this -> data );
}
2017-08-29 14:50:31 +00:00
public function testCheckThatAUserExistsWithoutAuthority () {
2017-07-17 11:47:57 +00:00
Phake :: when ( Arsse :: $user ) -> authorize -> thenReturn ( false );
2017-03-30 03:41:05 +00:00
$this -> assertException ( " notAuthorized " , " User " , " ExceptionAuthz " );
2017-07-17 11:47:57 +00:00
Arsse :: $db -> userExists ( " jane.doe@example.com " );
2017-03-30 03:41:05 +00:00
}
2017-08-29 14:50:31 +00:00
public function testGetAPassword () {
2017-07-17 11:47:57 +00:00
$hash = Arsse :: $db -> userPasswordGet ( " admin@example.net " );
2017-03-30 03:41:05 +00:00
$this -> assertSame ( '$2y$10$PbcG2ZR3Z8TuPzM7aHTF8.v61dtCjzjK78gdZJcp4UePE8T9jEgBW' , $hash );
2017-07-17 11:47:57 +00:00
Phake :: verify ( Arsse :: $user ) -> authorize ( " admin@example.net " , " userPasswordGet " );
2017-03-30 03:41:05 +00:00
$this -> assertTrue ( password_verify ( " secret " , $hash ));
}
2017-08-29 14:50:31 +00:00
public function testGetThePasswordOfAMissingUser () {
2017-07-23 03:08:08 +00:00
$this -> assertException ( " doesNotExist " , " User " );
Arsse :: $db -> userPasswordGet ( " john.doe@example.org " );
}
2017-08-29 14:50:31 +00:00
public function testGetAPasswordWithoutAuthority () {
2017-07-17 11:47:57 +00:00
Phake :: when ( Arsse :: $user ) -> authorize -> thenReturn ( false );
2017-03-30 03:41:05 +00:00
$this -> assertException ( " notAuthorized " , " User " , " ExceptionAuthz " );
2017-07-17 11:47:57 +00:00
Arsse :: $db -> userPasswordGet ( " admin@example.net " );
2017-03-30 03:41:05 +00:00
}
2018-10-26 18:58:04 +00:00
2017-08-29 14:50:31 +00:00
public function testAddANewUser () {
2017-07-17 11:47:57 +00:00
$this -> assertSame ( " " , Arsse :: $db -> userAdd ( " john.doe@example.org " , " " ));
Phake :: verify ( Arsse :: $user ) -> authorize ( " john.doe@example.org " , " userAdd " );
2017-03-30 03:41:05 +00:00
$state = $this -> primeExpectations ( $this -> data , [ 'arsse_users' => [ 'id' , 'name' , 'rights' ]]);
2017-03-31 17:24:00 +00:00
$state [ 'arsse_users' ][ 'rows' ][] = [ " john.doe@example.org " , null , UserDriver :: RIGHTS_NONE ];
2017-03-30 03:41:05 +00:00
$this -> compareExpectations ( $state );
}
/**
* @ depends testGetAPassword
* @ depends testAddANewUser
*/
2017-08-29 14:50:31 +00:00
public function testAddANewUserWithARandomPassword () {
2017-03-30 03:41:05 +00:00
$user1 = " john.doe@example.org " ;
$user2 = " john.doe@example.net " ;
2017-07-17 11:47:57 +00:00
$pass1 = Arsse :: $db -> userAdd ( $user1 );
$pass2 = Arsse :: $db -> userAdd ( $user2 );
$this -> assertSame ( Arsse :: $conf -> userTempPasswordLength , strlen ( $pass1 ));
$this -> assertSame ( Arsse :: $conf -> userTempPasswordLength , strlen ( $pass2 ));
2017-03-30 03:41:05 +00:00
$this -> assertNotEquals ( $pass1 , $pass2 );
2017-07-17 11:47:57 +00:00
$hash1 = Arsse :: $db -> userPasswordGet ( $user1 );
$hash2 = Arsse :: $db -> userPasswordGet ( $user2 );
Phake :: verify ( Arsse :: $user ) -> authorize ( $user1 , " userAdd " );
Phake :: verify ( Arsse :: $user ) -> authorize ( $user2 , " userAdd " );
Phake :: verify ( Arsse :: $user ) -> authorize ( $user1 , " userPasswordGet " );
Phake :: verify ( Arsse :: $user ) -> authorize ( $user2 , " userPasswordGet " );
2017-03-30 03:41:05 +00:00
$this -> assertTrue ( password_verify ( $pass1 , $hash1 ), " Failed verifying password of $user1 ' $pass1 ' against hash ' $hash1 '. " );
$this -> assertTrue ( password_verify ( $pass2 , $hash2 ), " Failed verifying password of $user2 ' $pass2 ' against hash ' $hash2 '. " );
}
2017-08-29 14:50:31 +00:00
public function testAddAnExistingUser () {
2017-03-30 03:41:05 +00:00
$this -> assertException ( " alreadyExists " , " User " );
2017-07-17 11:47:57 +00:00
Arsse :: $db -> userAdd ( " john.doe@example.com " , " " );
2017-03-30 03:41:05 +00:00
}
2017-08-29 14:50:31 +00:00
public function testAddANewUserWithoutAuthority () {
2017-07-17 11:47:57 +00:00
Phake :: when ( Arsse :: $user ) -> authorize -> thenReturn ( false );
2017-03-30 03:41:05 +00:00
$this -> assertException ( " notAuthorized " , " User " , " ExceptionAuthz " );
2017-07-17 11:47:57 +00:00
Arsse :: $db -> userAdd ( " john.doe@example.org " , " " );
2017-03-30 03:41:05 +00:00
}
2018-10-26 18:58:04 +00:00
2017-08-29 14:50:31 +00:00
public function testRemoveAUser () {
2017-07-17 11:47:57 +00:00
$this -> assertTrue ( Arsse :: $db -> userRemove ( " admin@example.net " ));
Phake :: verify ( Arsse :: $user ) -> authorize ( " admin@example.net " , " userRemove " );
2017-03-30 03:41:05 +00:00
$state = $this -> primeExpectations ( $this -> data , [ 'arsse_users' => [ 'id' ]]);
array_shift ( $state [ 'arsse_users' ][ 'rows' ]);
$this -> compareExpectations ( $state );
}
2017-08-29 14:50:31 +00:00
public function testRemoveAMissingUser () {
2017-03-30 03:41:05 +00:00
$this -> assertException ( " doesNotExist " , " User " );
2017-07-17 11:47:57 +00:00
Arsse :: $db -> userRemove ( " john.doe@example.org " );
2017-03-30 03:41:05 +00:00
}
2018-10-26 18:58:04 +00:00
2017-08-29 14:50:31 +00:00
public function testRemoveAUserWithoutAuthority () {
2017-07-17 11:47:57 +00:00
Phake :: when ( Arsse :: $user ) -> authorize -> thenReturn ( false );
2017-03-30 03:41:05 +00:00
$this -> assertException ( " notAuthorized " , " User " , " ExceptionAuthz " );
2017-07-17 11:47:57 +00:00
Arsse :: $db -> userRemove ( " admin@example.net " );
2017-03-30 03:41:05 +00:00
}
2017-08-29 14:50:31 +00:00
public function testListAllUsers () {
2017-03-30 03:41:05 +00:00
$users = [ " admin@example.net " , " jane.doe@example.com " , " john.doe@example.com " ];
2017-07-17 11:47:57 +00:00
$this -> assertSame ( $users , Arsse :: $db -> userList ());
Phake :: verify ( Arsse :: $user ) -> authorize ( " " , " userList " );
2017-03-30 03:41:05 +00:00
}
2017-08-29 14:50:31 +00:00
public function testListUsersOnADomain () {
2017-03-30 03:41:05 +00:00
$users = [ " jane.doe@example.com " , " john.doe@example.com " ];
2017-07-17 11:47:57 +00:00
$this -> assertSame ( $users , Arsse :: $db -> userList ( " example.com " ));
Phake :: verify ( Arsse :: $user ) -> authorize ( " @example.com " , " userList " );
2017-03-30 03:41:05 +00:00
}
2018-10-26 18:58:04 +00:00
2017-08-29 14:50:31 +00:00
public function testListAllUsersWithoutAuthority () {
2017-07-17 11:47:57 +00:00
Phake :: when ( Arsse :: $user ) -> authorize -> thenReturn ( false );
2017-03-30 03:41:05 +00:00
$this -> assertException ( " notAuthorized " , " User " , " ExceptionAuthz " );
2017-07-17 11:47:57 +00:00
Arsse :: $db -> userList ();
2017-03-30 03:41:05 +00:00
}
2018-10-26 18:58:04 +00:00
2017-08-29 14:50:31 +00:00
public function testListUsersOnADomainWithoutAuthority () {
2017-07-17 11:47:57 +00:00
Phake :: when ( Arsse :: $user ) -> authorize -> thenReturn ( false );
2017-03-30 03:41:05 +00:00
$this -> assertException ( " notAuthorized " , " User " , " ExceptionAuthz " );
2017-07-17 11:47:57 +00:00
Arsse :: $db -> userList ( " example.com " );
2017-03-30 03:41:05 +00:00
}
/**
* @ depends testGetAPassword
*/
2017-08-29 14:50:31 +00:00
public function testSetAPassword () {
2017-03-30 03:41:05 +00:00
$user = " john.doe@example.com " ;
2017-07-17 11:47:57 +00:00
$this -> assertEquals ( " " , Arsse :: $db -> userPasswordGet ( $user ));
$pass = Arsse :: $db -> userPasswordSet ( $user , " secret " );
$hash = Arsse :: $db -> userPasswordGet ( $user );
2017-03-30 03:41:05 +00:00
$this -> assertNotEquals ( " " , $hash );
2017-07-17 11:47:57 +00:00
Phake :: verify ( Arsse :: $user ) -> authorize ( $user , " userPasswordSet " );
2017-03-30 03:41:05 +00:00
$this -> assertTrue ( password_verify ( $pass , $hash ), " Failed verifying password of $user ' $pass ' against hash ' $hash '. " );
}
2017-08-29 14:50:31 +00:00
public function testSetARandomPassword () {
2017-07-23 03:08:08 +00:00
$user = " john.doe@example.com " ;
$this -> assertEquals ( " " , Arsse :: $db -> userPasswordGet ( $user ));
$pass = Arsse :: $db -> userPasswordSet ( $user );
$hash = Arsse :: $db -> userPasswordGet ( $user );
}
2017-03-30 03:41:05 +00:00
2017-08-29 14:50:31 +00:00
public function testSetThePasswordOfAMissingUser () {
2017-03-30 03:41:05 +00:00
$this -> assertException ( " doesNotExist " , " User " );
2017-07-17 11:47:57 +00:00
Arsse :: $db -> userPasswordSet ( " john.doe@example.org " , " secret " );
2017-03-30 03:41:05 +00:00
}
2018-10-26 18:58:04 +00:00
2017-08-29 14:50:31 +00:00
public function testSetAPasswordWithoutAuthority () {
2017-07-17 11:47:57 +00:00
Phake :: when ( Arsse :: $user ) -> authorize -> thenReturn ( false );
2017-03-30 03:41:05 +00:00
$this -> assertException ( " notAuthorized " , " User " , " ExceptionAuthz " );
2017-07-17 11:47:57 +00:00
Arsse :: $db -> userPasswordSet ( " john.doe@example.com " , " secret " );
2017-03-30 03:41:05 +00:00
}
2017-08-29 14:50:31 +00:00
public function testGetUserProperties () {
2017-03-30 03:41:05 +00:00
$exp = [
'name' => 'Hard Lip Herbert' ,
2017-03-31 17:24:00 +00:00
'rights' => UserDriver :: RIGHTS_GLOBAL_ADMIN ,
2017-03-30 03:41:05 +00:00
];
2017-07-17 11:47:57 +00:00
$props = Arsse :: $db -> userPropertiesGet ( " admin@example.net " );
Phake :: verify ( Arsse :: $user ) -> authorize ( " admin@example.net " , " userPropertiesGet " );
2017-03-30 03:41:05 +00:00
$this -> assertArraySubset ( $exp , $props );
$this -> assertArrayNotHasKey ( " password " , $props );
}
2017-08-29 14:50:31 +00:00
public function testGetThePropertiesOfAMissingUser () {
2017-03-30 03:41:05 +00:00
$this -> assertException ( " doesNotExist " , " User " );
2017-07-17 11:47:57 +00:00
Arsse :: $db -> userPropertiesGet ( " john.doe@example.org " );
2017-03-30 03:41:05 +00:00
}
2018-10-26 18:58:04 +00:00
2017-08-29 14:50:31 +00:00
public function testGetUserPropertiesWithoutAuthority () {
2017-07-17 11:47:57 +00:00
Phake :: when ( Arsse :: $user ) -> authorize -> thenReturn ( false );
2017-03-30 03:41:05 +00:00
$this -> assertException ( " notAuthorized " , " User " , " ExceptionAuthz " );
2017-07-17 11:47:57 +00:00
Arsse :: $db -> userPropertiesGet ( " john.doe@example.com " );
2017-03-30 03:41:05 +00:00
}
2017-08-29 14:50:31 +00:00
public function testSetUserProperties () {
2017-03-30 03:41:05 +00:00
$try = [
'name' => 'James Kirk' , // only this should actually change
'password' => '000destruct0' ,
2017-03-31 17:24:00 +00:00
'rights' => UserDriver :: RIGHTS_NONE ,
2017-03-30 03:41:05 +00:00
'lifeform' => 'tribble' ,
];
$exp = [
'name' => 'James Kirk' ,
2017-03-31 17:24:00 +00:00
'rights' => UserDriver :: RIGHTS_GLOBAL_ADMIN ,
2017-03-30 03:41:05 +00:00
];
2017-07-17 11:47:57 +00:00
$props = Arsse :: $db -> userPropertiesSet ( " admin@example.net " , $try );
Phake :: verify ( Arsse :: $user ) -> authorize ( " admin@example.net " , " userPropertiesSet " );
2017-03-30 03:41:05 +00:00
$this -> assertArraySubset ( $exp , $props );
$this -> assertArrayNotHasKey ( " password " , $props );
$state = $this -> primeExpectations ( $this -> data , [ 'arsse_users' => [ 'id' , 'password' , 'name' , 'rights' ]]);
$state [ 'arsse_users' ][ 'rows' ][ 0 ][ 2 ] = " James Kirk " ;
$this -> compareExpectations ( $state );
2017-10-05 21:42:12 +00:00
// making now changes should make no changes :)
Arsse :: $db -> userPropertiesSet ( " admin@example.net " , [ 'lifeform' => " tribble " ]);
$this -> compareExpectations ( $state );
2017-03-30 03:41:05 +00:00
}
2017-08-29 14:50:31 +00:00
public function testSetThePropertiesOfAMissingUser () {
2017-03-30 03:41:05 +00:00
$try = [ 'name' => 'John Doe' ];
$this -> assertException ( " doesNotExist " , " User " );
2017-07-17 11:47:57 +00:00
Arsse :: $db -> userPropertiesSet ( " john.doe@example.org " , $try );
2017-03-30 03:41:05 +00:00
}
2018-10-26 18:58:04 +00:00
2017-08-29 14:50:31 +00:00
public function testSetUserPropertiesWithoutAuthority () {
2017-03-30 03:41:05 +00:00
$try = [ 'name' => 'John Doe' ];
2017-07-17 11:47:57 +00:00
Phake :: when ( Arsse :: $user ) -> authorize -> thenReturn ( false );
2017-03-30 03:41:05 +00:00
$this -> assertException ( " notAuthorized " , " User " , " ExceptionAuthz " );
2017-07-17 11:47:57 +00:00
Arsse :: $db -> userPropertiesSet ( " john.doe@example.com " , $try );
2017-03-30 03:41:05 +00:00
}
2017-08-29 14:50:31 +00:00
public function testGetUserRights () {
2017-03-30 03:41:05 +00:00
$user1 = " john.doe@example.com " ;
$user2 = " admin@example.net " ;
2017-07-17 11:47:57 +00:00
$this -> assertSame ( UserDriver :: RIGHTS_NONE , Arsse :: $db -> userRightsGet ( $user1 ));
$this -> assertSame ( UserDriver :: RIGHTS_GLOBAL_ADMIN , Arsse :: $db -> userRightsGet ( $user2 ));
Phake :: verify ( Arsse :: $user ) -> authorize ( $user1 , " userRightsGet " );
Phake :: verify ( Arsse :: $user ) -> authorize ( $user2 , " userRightsGet " );
2017-03-30 03:41:05 +00:00
}
2017-08-29 14:50:31 +00:00
public function testGetTheRightsOfAMissingUser () {
2017-07-17 11:47:57 +00:00
$this -> assertSame ( UserDriver :: RIGHTS_NONE , Arsse :: $db -> userRightsGet ( " john.doe@example.org " ));
Phake :: verify ( Arsse :: $user ) -> authorize ( " john.doe@example.org " , " userRightsGet " );
2017-03-30 03:41:05 +00:00
}
2018-10-26 18:58:04 +00:00
2017-08-29 14:50:31 +00:00
public function testGetUserRightsWithoutAuthority () {
2017-07-17 11:47:57 +00:00
Phake :: when ( Arsse :: $user ) -> authorize -> thenReturn ( false );
2017-03-30 03:41:05 +00:00
$this -> assertException ( " notAuthorized " , " User " , " ExceptionAuthz " );
2017-07-17 11:47:57 +00:00
Arsse :: $db -> userRightsGet ( " john.doe@example.com " );
2017-03-30 03:41:05 +00:00
}
2017-08-29 14:50:31 +00:00
public function testSetUserRights () {
2017-03-30 03:41:05 +00:00
$user = " john.doe@example.com " ;
2017-03-31 17:24:00 +00:00
$rights = UserDriver :: RIGHTS_GLOBAL_ADMIN ;
2017-07-17 11:47:57 +00:00
$this -> assertTrue ( Arsse :: $db -> userRightsSet ( $user , $rights ));
Phake :: verify ( Arsse :: $user ) -> authorize ( $user , " userRightsSet " , $rights );
2017-03-30 03:41:05 +00:00
$state = $this -> primeExpectations ( $this -> data , [ 'arsse_users' => [ 'id' , 'rights' ]]);
$state [ 'arsse_users' ][ 'rows' ][ 2 ][ 1 ] = $rights ;
$this -> compareExpectations ( $state );
}
2017-08-29 14:50:31 +00:00
public function testSetTheRightsOfAMissingUser () {
2017-03-31 17:24:00 +00:00
$rights = UserDriver :: RIGHTS_GLOBAL_ADMIN ;
2017-03-30 03:41:05 +00:00
$this -> assertException ( " doesNotExist " , " User " );
2017-07-17 11:47:57 +00:00
Arsse :: $db -> userRightsSet ( " john.doe@example.org " , $rights );
2017-03-30 03:41:05 +00:00
}
2018-10-26 18:58:04 +00:00
2017-08-29 14:50:31 +00:00
public function testSetUserRightsWithoutAuthority () {
2017-03-31 17:24:00 +00:00
$rights = UserDriver :: RIGHTS_GLOBAL_ADMIN ;
2017-07-17 11:47:57 +00:00
Phake :: when ( Arsse :: $user ) -> authorize -> thenReturn ( false );
2017-03-30 03:41:05 +00:00
$this -> assertException ( " notAuthorized " , " User " , " ExceptionAuthz " );
2017-07-17 11:47:57 +00:00
Arsse :: $db -> userRightsSet ( " john.doe@example.com " , $rights );
2017-03-30 03:41:05 +00:00
}
2017-08-29 14:50:31 +00:00
}