[ Index ]

PHP Cross Reference of DokuWiki

title

Body

[close]

/_test/tests/inc/ -> auth_deleteprofile.test.php (source)

   1  <?php
   2  
   3  use dokuwiki\Input\Input;
   4  use dokuwiki\Extension\AuthPlugin;
   5  
   6  class Mock_Auth_Plugin extends AuthPlugin {
   7  
   8      public $loggedOff = false;
   9  
  10      public function __construct($canDeleteUser = true) {
  11          $this->cando['delUser'] = $canDeleteUser;
  12      }
  13  
  14      public function checkPass($user, $pass) {
  15          return $pass == 'password';
  16      }
  17  
  18      public function deleteUsers($users) {
  19          return in_array($_SERVER['REMOTE_USER'], $users);
  20      }
  21  
  22      public function logoff() {
  23          $this->loggedOff = true;
  24      }
  25  
  26  }
  27  
  28  class auth_deleteprofile_test extends DokuWikiTest {
  29  
  30      /*
  31       * Tests:
  32       *
  33       * 1.   It works and the user is logged off
  34       * 2.   Password matches when config requires it
  35       * 3,4. Auth plugin can prevent & wiki config can prevent
  36       * 5.  Any of invalid security token, missing/not set 'delete' flag, missing/unchecked 'confirm_delete'
  37       *
  38       */
  39  
  40      function test_success() {
  41  
  42          global $ACT, $INPUT, $conf, $auth;
  43  
  44          $ACT = 'profile_delete';
  45          $conf['profileconfirm'] = false;
  46          $_SERVER['REMOTE_USER'] = 'testuser';
  47  
  48          $input = array(
  49              'do'                 => $ACT,
  50              'sectok'             => getSecurityToken(),
  51              'delete'             => '1',
  52              'confirm_delete'     => '1',
  53          );
  54  
  55          $_POST = $input;
  56          $_REQUEST = $input;
  57          $INPUT = new Input();
  58  
  59          $auth = new Mock_Auth_Plugin();
  60  
  61          $this->assertTrue(auth_deleteprofile());
  62          $this->assertTrue($auth->loggedOff);
  63      }
  64  
  65      function test_confirmation_required() {
  66  
  67          global $ACT, $INPUT, $conf, $auth;
  68  
  69          $ACT = 'profile_delete';
  70          $conf['profileconfirm'] = true;
  71          $_SERVER['REMOTE_USER'] = 'testuser';
  72  
  73          $input = array(
  74              'do'                 => $ACT,
  75              'sectok'             => getSecurityToken(),
  76              'delete'             => '1',
  77              'confirm_delete'     => '1',
  78              'oldpass'            => 'wrong',
  79          );
  80  
  81          $_POST = $input;
  82          $_REQUEST = $input;
  83          $INPUT = new Input();
  84  
  85          $auth = new Mock_Auth_Plugin();
  86  
  87          // password check required - it fails, so don't delete profile
  88          $this->assertFalse(auth_deleteprofile());
  89  
  90          // now it passes, we're good to go
  91          $INPUT->set('oldpass','password');
  92          $INPUT->post->set('oldpass','password');
  93          $this->assertTrue(auth_deleteprofile());
  94      }
  95  
  96      function test_authconfig_prevents() {
  97  
  98          global $ACT, $INPUT, $conf, $auth;
  99  
 100          $ACT = 'profile_delete';
 101          $conf['profileconfirm'] = false;
 102          $_SERVER['REMOTE_USER'] = 'testuser';
 103  
 104          $input = array(
 105              'do'                 => $ACT,
 106              'sectok'             => getSecurityToken(),
 107              'delete'             => '1',
 108              'confirm_delete'     => '1',
 109          );
 110  
 111          $_POST = $input;
 112          $_REQUEST = $input;
 113          $INPUT = new Input();
 114  
 115          $auth = new Mock_Auth_Plugin(false);
 116          $conf['disableactions'] = '';
 117          $this->assertFalse(auth_deleteprofile());
 118      }
 119  
 120      function test_wikiconfig_prevents() {
 121  
 122          global $ACT, $INPUT, $conf, $auth;
 123  
 124          $ACT = 'profile_delete';
 125          $conf['profileconfirm'] = false;
 126          $_SERVER['REMOTE_USER'] = 'testuser';
 127  
 128          $input = array(
 129              'do'                 => $ACT,
 130              'sectok'             => getSecurityToken(),
 131              'delete'             => '1',
 132              'confirm_delete'     => '1',
 133          );
 134  
 135          $_POST = $input;
 136          $_REQUEST = $input;
 137          $INPUT = new Input();
 138  
 139          $auth = new Mock_Auth_Plugin();
 140          $conf['disableactions'] = 'profile_delete';
 141  
 142          $this->assertFalse(actionOK('profile_delete'));
 143          $this->assertTrue($auth->canDo('delUser'));
 144  
 145          $this->assertFalse(auth_deleteprofile());
 146      }
 147  
 148      function test_basic_parameters() {
 149  
 150          global $ACT, $INPUT, $conf, $auth;
 151  
 152          $ACT = 'profile_delete';
 153          $conf['profileconfirm'] = true;
 154          $_SERVER['REMOTE_USER'] = 'testuser';
 155  
 156          $input = array(
 157              'do'                 => $ACT,
 158              'sectok'             => getSecurityToken(),
 159              'delete'             => '1',
 160              'confirm_delete'     => '1',
 161              'oldpass'            => 'password',
 162          );
 163  
 164          $_POST = $input;
 165          $_REQUEST = $input;
 166          $input_foundation = new Input();
 167  
 168          $auth = new Mock_Auth_Plugin();
 169  
 170          $INPUT = clone $input_foundation;
 171          $INPUT->remove('delete');
 172          $this->assertFalse(auth_deleteprofile());
 173  
 174          $INPUT = clone $input_foundation;
 175          $INPUT->set('sectok','wrong');
 176          $this->assertFalse(auth_deleteprofile());
 177  
 178          $INPUT = clone $input_foundation;
 179          $INPUT->remove('confirm_delete');
 180          $this->assertFalse(auth_deleteprofile());
 181      }
 182  }