diff options
| author | Andreas Gohr <andi@splitbrain.org> | 2024-01-06 17:22:33 +0100 |
|---|---|---|
| committer | Andreas Gohr <andi@splitbrain.org> | 2024-01-07 13:41:19 +0100 |
| commit | cad27e80a983b270a13cd79a42d90d4e82d90c83 (patch) | |
| tree | 0fba578ac9da6ddd6f35bf0e33b08c94e7e8418b | |
| parent | d1f06eb4f0e4febc5434c97e319fce6d0253e533 (diff) | |
| download | dokuwiki-cad27e80a983b270a13cd79a42d90d4e82d90c83.tar.gz dokuwiki-cad27e80a983b270a13cd79a42d90d4e82d90c83.zip | |
API: move user related tests to usermanager plugin
| -rw-r--r-- | _test/mock/AuthCreatePlugin.php | 36 | ||||
| -rw-r--r-- | _test/tests/Remote/ApiCoreCreateUserTest.php | 193 | ||||
| -rw-r--r-- | _test/tests/Remote/ApiCoreTest.php | 2 | ||||
| -rw-r--r-- | lib/plugins/usermanager/_test/AuthPlugin.php | 54 | ||||
| -rw-r--r-- | lib/plugins/usermanager/_test/RemoteApiTest.php | 241 | ||||
| -rw-r--r-- | lib/plugins/usermanager/remote.php | 13 |
6 files changed, 306 insertions, 233 deletions
diff --git a/_test/mock/AuthCreatePlugin.php b/_test/mock/AuthCreatePlugin.php deleted file mode 100644 index 38d93a1a8..000000000 --- a/_test/mock/AuthCreatePlugin.php +++ /dev/null @@ -1,36 +0,0 @@ -<?php - -namespace dokuwiki\test\mock; - -/** - * Class dokuwiki\Plugin\DokuWiki_Auth_Plugin - */ -class AuthCreatePlugin extends AuthPlugin { - - public $loggedOff = false; - - /** @var array user cache */ - protected $users = null; - - public function __construct($canAddUser = true) { - $this->cando['addUser'] = $canAddUser; - } - - public function checkPass($user, $pass) { - return $pass == 'password'; - } - - public function createUser($user, $pwd, $name, $mail, $grps = null) { - if (isset($this->users[$user])) { - return false; - } - $pass = md5($pwd); - $this->users[$user] = compact('pass', 'name', 'mail', 'grps'); - return true; - } - - public function logoff() { - $this->loggedOff = true; - } - -} diff --git a/_test/tests/Remote/ApiCoreCreateUserTest.php b/_test/tests/Remote/ApiCoreCreateUserTest.php deleted file mode 100644 index cffeac06c..000000000 --- a/_test/tests/Remote/ApiCoreCreateUserTest.php +++ /dev/null @@ -1,193 +0,0 @@ -<?php - -namespace dokuwiki\test\Remote; - -use dokuwiki\Remote\AccessDeniedException; -use dokuwiki\Remote\Api; -use dokuwiki\Remote\RemoteException; -use dokuwiki\test\mock\AuthCreatePlugin; -use dokuwiki\test\mock\AuthPlugin; - -/** - * Class remoteapicore_test - */ -class ApiCoreCreateUserTest extends \DokuWikiTest -{ - - protected $userinfo; - protected $oldAuthAcl; - /** @var Api */ - protected $remote; - - public function setUp(): void - { - // we need a clean setup before each single test: - \DokuWikiTest::setUpBeforeClass(); - - parent::setUp(); - global $conf; - global $USERINFO; - global $AUTH_ACL; - global $auth; - $this->oldAuthAcl = $AUTH_ACL; - $this->userinfo = $USERINFO; - $auth = new AuthPlugin(); - - $conf['remote'] = 1; - $conf['remoteuser'] = '@user'; - $conf['useacl'] = 0; - - $this->remote = new Api(); - } - - public function tearDown(): void - { - parent::tearDown(); - - global $USERINFO; - global $AUTH_ACL; - - $USERINFO = $this->userinfo; - $AUTH_ACL = $this->oldAuthAcl; - } - - public function testCreateUser() - { - global $conf, $auth; - $conf['remote'] = 1; - $conf['remoteuser'] = 'testuser'; - $_SERVER['REMOTE_USER'] = 'testuser'; - - $auth = new AuthCreatePlugin(); - // $user, $pwd, $name, $mail, $grps = null - $params = [ - [ - 'user' => 'user1', - 'password' => 'password1', - 'name' => 'user1', - 'mail' => 'user1@localhost', - 'groups' => [ - 'user', - 'test' - ], - 'notify' => false - ] - ]; - - $actualCallResult = $this->remote->call('dokuwiki.createUser', $params); - $this->assertTrue($actualCallResult); - - // if the user exists, no data is overwritten - $actualCallResult = $this->remote->call('dokuwiki.createUser', $params); - $this->assertFalse($actualCallResult); - } - - public function testCreateUserAuthPlain() - { - global $conf, $auth; - $conf['remote'] = 1; - $conf['remoteuser'] = 'testuser'; - $_SERVER['REMOTE_USER'] = 'testuser'; - $auth = new \auth_plugin_authplain(); - $params = [ - [ - 'user' => 'user1', - 'password' => 'password1', - 'name' => 'user1', - 'mail' => 'user1@localhost', - 'groups' => [ - 'user', - 'test' - ], - 'notify' => false - ] - - ]; - - $callResult = $this->remote->call('dokuwiki.createUser', $params); - $this->assertTrue($callResult); - } - - public function testCreateUserAuthPlainUndefinedUser() - { - global $conf, $auth; - $conf['remote'] = 1; - $conf['remoteuser'] = 'testuser'; - $_SERVER['REMOTE_USER'] = 'testuser'; - $auth = new \auth_plugin_authplain(); - $params = [ - [ - 'user' => '' - ], - ]; - - $this->expectException(RemoteException::class); - $this->expectExceptionCode(401); - $this->remote->call('dokuwiki.createUser', $params); - } - - public function testCreateUserAuthPlainUndefinedName() - { - global $conf, $auth; - $conf['remote'] = 1; - $conf['remoteuser'] = 'testuser'; - $_SERVER['REMOTE_USER'] = 'testuser'; - $auth = new \auth_plugin_authplain(); - $params = [ - [ - 'user' => 'hello' - ], - ]; - - $this->expectException(RemoteException::class); - $this->expectExceptionCode(402); - $this->remote->call('dokuwiki.createUser', $params); - } - - public function testCreateUserAuthPlainBadEmail() - { - global $conf, $auth; - $conf['remote'] = 1; - $conf['remoteuser'] = 'testuser'; - $_SERVER['REMOTE_USER'] = 'testuser'; - $auth = new \auth_plugin_authplain(); - $params = [ - [ - 'user' => 'hello', - 'name' => 'A new user', - 'mail' => 'this is not an email address' - ], - ]; - - $this->expectException(RemoteException::class); - $this->expectExceptionCode(403); - $this->remote->call('dokuwiki.createUser', $params); - } - - public function testCreateUserAuthCanNotDoAddUser() - { - $this->expectException(AccessDeniedException::class); - $this->expectExceptionMessageMatches('/can\'t do addUser/'); - global $conf, $auth; - $conf['remote'] = 1; - $conf['remoteuser'] = 'testuser'; - $_SERVER['REMOTE_USER'] = 'testuser'; - - $auth = new AuthCreatePlugin(false); - $params = [ - [ - 'user' => 'user1', - 'password' => 'password1', - 'name' => 'user1', - 'mail' => 'user1@localhost', - 'groups' => [ - 'user', - 'test' - ], - 'notify' => false - ], - ]; - $this->remote->call('dokuwiki.createUser', $params); - } - -} diff --git a/_test/tests/Remote/ApiCoreTest.php b/_test/tests/Remote/ApiCoreTest.php index 1f57f8483..7da1007e0 100644 --- a/_test/tests/Remote/ApiCoreTest.php +++ b/_test/tests/Remote/ApiCoreTest.php @@ -2,12 +2,10 @@ namespace dokuwiki\test\Remote; -use dokuwiki\Extension\Event; use dokuwiki\Remote\AccessDeniedException; use dokuwiki\Remote\Api; use dokuwiki\Remote\ApiCore; use dokuwiki\Remote\RemoteException; -use dokuwiki\test\mock\AuthDeletePlugin; use dokuwiki\test\mock\AuthPlugin; diff --git a/lib/plugins/usermanager/_test/AuthPlugin.php b/lib/plugins/usermanager/_test/AuthPlugin.php new file mode 100644 index 000000000..99805fa8c --- /dev/null +++ b/lib/plugins/usermanager/_test/AuthPlugin.php @@ -0,0 +1,54 @@ +<?php + +namespace dokuwiki\plugin\usermanager\test; + +/** + * Simple Auth Plugin for testing + * + * All users are stored in a simple array + * @todo This might be useful for other tests and could replace the remaining mock auth plugins + */ +class AuthPlugin extends \dokuwiki\Extension\AuthPlugin { + + public $loggedOff = false; + + /** @var array user storage */ + public $users = []; + + /** @inheritdoc */ + public function __construct($cando = []) { + parent::__construct(); // for compatibility + + // our own default capabilities + $this->cando['addUser'] = true; + $this->cando['delUser'] = true; + + // merge in given capabilities for testing + $this->cando = array_merge($this->cando, $cando); + } + + /** @inheritdoc */ + public function createUser($user, $pwd, $name, $mail, $grps = null) { + if (isset($this->users[$user])) { + return false; + } + $pass = md5($pwd); + $grps = (array) $grps; + $this->users[$user] = compact('pass', 'name', 'mail', 'grps'); + return true; + } + + /** @inheritdoc */ + public function deleteUsers($users) + { + $deleted = 0; + foreach ($users as $user) { + if (isset($this->users[$user])) { + unset($this->users[$user]); + $deleted++; + } + + } + return $deleted; + } +} diff --git a/lib/plugins/usermanager/_test/RemoteApiTest.php b/lib/plugins/usermanager/_test/RemoteApiTest.php new file mode 100644 index 000000000..d24b34dbe --- /dev/null +++ b/lib/plugins/usermanager/_test/RemoteApiTest.php @@ -0,0 +1,241 @@ +<?php + +namespace dokuwiki\plugin\usermanager\test; + +use dokuwiki\Remote\AccessDeniedException; +use dokuwiki\Remote\Api; +use dokuwiki\Remote\RemoteException; +use DokuWikiTest; + +/** + * Remote API tests for the usermanager plugin + * + * @group plugin_usermanager + * @group plugins + */ +class RemoteApiTest extends DokuWikiTest +{ + /** @var Api */ + protected $remote; + + public function __construct() + { + parent::__construct(); + $this->remote = new Api(); + } + + public function setUp(): void + { + parent::setUp(); + + global $conf; + $conf['remote'] = 1; + $conf['remoteuser'] = 'testuser, admin'; + $conf['superuser'] = 'admin'; + } + + public function testCreateUserSuccess() + { + global $auth; + $auth = new AuthPlugin(); + + $params = [ + 'user' => 'user1', + 'password' => 'password1', + 'name' => 'user one', + 'mail' => 'user1@localhost', + 'groups' => [ + 'user', + 'test' + ], + 'notify' => false + ]; + + $_SERVER['REMOTE_USER'] = 'admin'; + $this->assertTrue( + $this->remote->call('plugin.usermanager.createUser', $params) + ); + $this->assertArrayHasKey('user1', $auth->users); + + // try again should fail, because user already exists + $this->assertFalse( + $this->remote->call('plugin.usermanager.createUser', $params) + ); + } + + public function testCreateUserFailAccess() + { + global $auth; + $auth = new AuthPlugin(); + + $params = [ + 'user' => 'user1', + 'password' => 'password1', + 'name' => 'user one', + 'mail' => 'user1@localhost', + 'groups' => [ + 'user', + 'test' + ], + 'notify' => false + ]; + + $_SERVER['REMOTE_USER'] = 'testuser'; + + $this->expectException(AccessDeniedException::class); + $this->expectExceptionCode(114); + $this->remote->call('plugin.usermanager.createUser', $params); + } + + public function testCreateUserFailMissingUser() + { + global $auth; + $auth = new AuthPlugin(); + + $params = [ + 'user' => '', + 'password' => 'password1', + 'name' => 'user one', + 'mail' => 'user1@localhost', + 'groups' => [ + 'user', + 'test' + ], + 'notify' => false + ]; + + $_SERVER['REMOTE_USER'] = 'admin'; + + $this->expectException(RemoteException::class); + $this->expectExceptionCode(401); + $this->remote->call('plugin.usermanager.createUser', $params); + } + + public function testCreateUserFailMissingName() + { + global $auth; + $auth = new AuthPlugin(); + + $params = [ + 'user' => 'user1', + 'password' => 'password1', + 'name' => '', + 'mail' => 'user1@localhost', + 'groups' => [ + 'user', + 'test' + ], + 'notify' => false + ]; + + $_SERVER['REMOTE_USER'] = 'admin'; + + $this->expectException(RemoteException::class); + $this->expectExceptionCode(402); + $this->remote->call('plugin.usermanager.createUser', $params); + } + + public function testCreateUserFailBadEmail() + { + global $auth; + $auth = new AuthPlugin(); + + $params = [ + 'user' => 'user1', + 'password' => 'password1', + 'name' => 'user one', + 'mail' => 'This is not an email', + 'groups' => [ + 'user', + 'test' + ], + 'notify' => false + ]; + + $_SERVER['REMOTE_USER'] = 'admin'; + + $this->expectException(RemoteException::class); + $this->expectExceptionCode(403); + $this->remote->call('plugin.usermanager.createUser', $params); + } + + public function testCreateUserFailAuthCapability() + { + global $auth; + $auth = new AuthPlugin(['addUser' => false]); + + $params = [ + 'user' => 'user1', + 'password' => 'password1', + 'name' => 'user one', + 'mail' => 'user1@localhost', + 'groups' => [ + 'user', + 'test' + ], + 'notify' => false + ]; + + $_SERVER['REMOTE_USER'] = 'admin'; + + $this->expectException(AccessDeniedException::class); + $this->expectExceptionCode(404); + $this->expectExceptionMessageMatches('/can\'t do addUser/'); + $this->remote->call('plugin.usermanager.createUser', $params); + } + + public function testDeleteUserSuccess() + { + global $auth; + $auth = new AuthPlugin(); + $auth->users = [ + 'user1' => [ + 'pass' => 'password1', + 'name' => 'user one', + 'mail' => 'user1@localhost', + 'grps' => [ + 'user', + 'test' + ] + ], + 'user2' => [ + 'pass' => 'password2', + 'name' => 'user two', + 'mail' => 'user2@localhost', + 'grps' => [ + 'user', + 'test' + ] + ], + ]; + + $_SERVER['REMOTE_USER'] = 'admin'; + + $this->assertTrue($this->remote->call('plugin.usermanager.deleteUser', ['user' => 'user1'])); + $this->assertArrayNotHasKey('user1', $auth->users); + $this->assertArrayHasKey('user2', $auth->users); + } + + public function testDeleteUserFailNoExist() + { + global $auth; + $auth = new AuthPlugin(); + + $_SERVER['REMOTE_USER'] = 'admin'; + + $this->assertFalse($this->remote->call('plugin.usermanager.deleteUser', ['user' => 'user1'])); + } + + public function testDeleteUserFailAuthCapability() + { + global $auth; + $auth = new AuthPlugin(['delUser' => false]); + + $_SERVER['REMOTE_USER'] = 'admin'; + + $this->expectException(AccessDeniedException::class); + $this->expectExceptionCode(404); + $this->expectExceptionMessageMatches('/can\'t do delUser/'); + $this->remote->call('plugin.usermanager.deleteUser', ['user' => 'user1']); + } +} diff --git a/lib/plugins/usermanager/remote.php b/lib/plugins/usermanager/remote.php index 5db4a54f9..c2b61f361 100644 --- a/lib/plugins/usermanager/remote.php +++ b/lib/plugins/usermanager/remote.php @@ -46,7 +46,7 @@ class remote_plugin_usermanager extends RemotePlugin if (!$auth->canDo('addUser')) { throw new AccessDeniedException( sprintf('Authentication backend %s can\'t do addUser', $auth->getPluginName()), - 114 + 404 ); } @@ -62,7 +62,7 @@ class remote_plugin_usermanager extends RemotePlugin try { $password = auth_pwgen($user); } catch (\Exception $e) { - throw new RemoteException('Could not generate password', 404); // FIXME adjust code + throw new RemoteException('Could not generate password', 405); } } @@ -95,6 +95,15 @@ class remote_plugin_usermanager extends RemotePlugin if (!auth_isadmin()) { throw new AccessDeniedException('Only admins are allowed to delete users', 114); } + + global $auth; + if (!$auth->canDo('delUser')) { + throw new AccessDeniedException( + sprintf('Authentication backend %s can\'t do delUser', $auth->getPluginName()), + 404 + ); + } + /** @var AuthPlugin $auth */ global $auth; return (bool)$auth->triggerUserMod('delete', [[$user]]); |