hackware
/
hawese-core


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223
							<?php

// Copyright 2019 Hackware SpA <human@hackware.cl>
// "Hackware Web Services Core" is released under the MIT License terms.

namespace Hawese\Tests;

use Hawese\Core\User;
use Hawese\Core\Token;
use Laravel\Lumen\Testing\DatabaseTransactions;

class UserTest extends TestCase
{
    use DatabaseTransactions;

    public function setUp(): void
    {
        parent::setUp();
        $this->user = new User([
            'uid' => 'user',
            'email' => 'user@domain.name',
            'password' => password_hash('password', PASSWORD_DEFAULT),
            'display_name' => 'User',
            'info' => null
        ]);
        $this->user->insert();
    }

    public function testChangePassword()
    {
        $this->user->changePassword('new_password');
        $this->assertTrue(
            password_verify('new_password', $this->user->password)
        );
    }

    public function testLogin()
    {
        $this->assertNull(app('session')->get('user_uid'));
        $this->user->login();
        $this->assertSame($this->user->uid, app('session')->get('user_uid'));
    }

    public function testLoginByPassword()
    {
        $_SERVER['REMOTE_ADDR'] = '127.0.0.1';
        $this->assertEqualsCanonicalizing(
            $this->user,
            User::loginByPassword($this->user->uid, 'password')
        );
        $this->assertSame(app('session')->get('user_uid'), $this->user->uid);
    }

    public function testFailedLoginByPassword()
    {
        $_SERVER['REMOTE_ADDR'] = '127.0.0.240';
        $this->expectExceptionMessage('Too many failed requests');
        for ($i = 0; $i < 5; $i++) {
            try {
                User::loginByPassword($this->user->uid, 'notpassword');
            } catch (\Hawese\Core\Exceptions\WrongCredentialsException $e) {
                // nothing, continue
            }
        }
    }

    public function testLoginByPasswordRemember()
    {
        $_SERVER['REMOTE_ADDR'] = '127.0.0.1';

        $this->assertEqualsCanonicalizing(
            $this->user,
            User::loginByPassword($this->user->uid, 'password', true),
        );
        $this->assertSame($this->user->uid, app('session')->get('user_uid'));

        // I should test cookies!! ... and probably don't set cookies here
        $this->assertSame(1, Token::select()->count());
    }

    public function testLoginByTokenHumanDontRemember()
    {
        $_SERVER['REMOTE_ADDR'] = '127.0.0.1';

        $token = Token::generate(Token::HUMAN, $this->user->uid);
        $this->assertEqualsCanonicalizing(
            $this->user,
            User::loginByToken($token->key, $token->secret, false)
        );
        $this->assertSame($this->user->uid, app('session')->get('user_uid'));

        // Verify previous token has been deleted after login
        $this->assertSame(0, Token::select()->count());
    }

    public function testLoginByTokenRemember()
    {
        $_SERVER['REMOTE_ADDR'] = '127.0.0.1';

        $token = Token::generate(Token::HUMAN, $this->user->uid);
        $this->assertEqualsCanonicalizing(
            $this->user,
            User::loginByToken($token->key, $token->secret)
        );
        $this->assertSame($this->user->uid, app('session')->get('user_uid'));

        // Verify previous token has been deleted after login
        $this->assertSame(1, Token::select()->count());
        $this->assertNotSame($token->key, Token::select()->first()->key);
    }

    public function testLoginByTokenSystem()
    {
        $_SERVER['REMOTE_ADDR'] = '127.0.0.1';

        $token = Token::generate(Token::SYSTEM, $this->user->uid);
        $this->assertEqualsCanonicalizing(
            $this->user,
            // 3rd param shouldn't be considered for system tokens
            User::loginByToken($token->key, $token->secret, true)
        );

        // Verify previous token has NOT been deleted after login
        $this->assertSame($token->key, Token::select()->first()->key);
    }

    public function testFailedLoginByToken()
    {
        $_SERVER['REMOTE_ADDR'] = '127.0.0.241';

        $token = Token::generate(Token::HUMAN, $this->user->uid);

        $this->expectExceptionMessage('Too many failed requests');
        for ($i = 0; $i < 5; $i++) {
            try {
                User::loginByToken($token->key, 'notsecret');
            } catch (\Hawese\Core\Exceptions\WrongCredentialsException $e) {
                // nothing, continue
            }
        }
    }

    public function testGenerateHumanToken()
    {
        $token = $this->user->generateHumanToken();
        $this->assertInstanceOf(Token::class, $token);
        $this->assertSame(Token::HUMAN, $token->type);
    }

    public function testGenerateSystemToken()
    {
        $token = $this->user->generateSystemToken();
        $this->assertInstanceOf(Token::class, $token);
        $this->assertSame(Token::SYSTEM, $token->type);
    }

    public function testLogout()
    {
        app('session')->set('user_uid', $this->user->uid);
        $token = Token::generate(Token::HUMAN, $this->user->uid);
        $_COOKIE['auth_token'] = $token->key . ':' . $token->secret;

        $this->assertTrue($this->user->logout());
        $this->assertSame(0, Token::select()->count());
        $this->assertNull(app('session')->get('user_uid'));
    }

    public function testLogoutSystemToken()
    {
        $token = Token::generate(Token::SYSTEM, $this->user->uid);
        $_COOKIE['auth_token'] = $token->key . ':' . $token->secret;

        $this->assertFalse($this->user->logout());
    }

    public function testEmailToken()
    {
        $origin = preg_split('/, ?/', env('CORS_ALLOW_ORIGINS'))[0];
        $this->assertInstanceOf(
            \Hawese\Core\Mailer::class,
            User::emailToken($this->user->uid, $origin)
        );
    }

    public function testEmailTokenException()
    {
        $origin = preg_split('/, ?/', env('CORS_ALLOW_ORIGINS'))[0];
        $this->user->email = null;
        $this->user->update(['email']);
        $this->expectException(\PHPMailer\PHPMailer\Exception::class);
        User::emailToken($this->user->uid, $origin);
    }

    public function testEmailTokenWrongOrigin()
    {
        $this->expectExceptionMessage('Unacceptable origin');
        User::emailToken($this->user->uid, 'not_origin');
    }

    public function testAmI()
    {
        $this->assertFalse($this->user->amI());
        app('session')->set('user_uid', $this->user->uid);
        $this->assertTrue($this->user->amI());
    }

    public function testIsOwner()
    {
        $this->assertTrue($this->user->isOwner($this->user));

        $otherUser = new User();
        $this->assertFalse($this->user->isOwner($otherUser));
    }

    public function testIsSuperUser()
    {
        $this->assertFalse($this->user->isSuperUser());

        $user = new User(['uid' => 'hawese']);
        $this->assertTrue($user->isSuperUser());
    }
}