Changeset View
Changeset View
Standalone View
Standalone View
src/tests/Feature/Controller/NGINXTest.php
Show First 20 Lines • Show All 157 Lines • ▼ Show 20 Lines | public function testNGINXWebhook(): void | ||||
// 2-FA with accepted auth attempt | // 2-FA with accepted auth attempt | ||||
$authAttempt = \App\AuthAttempt::recordAuthAttempt($john, "127.0.0.1"); | $authAttempt = \App\AuthAttempt::recordAuthAttempt($john, "127.0.0.1"); | ||||
$authAttempt->accept(); | $authAttempt->accept(); | ||||
$response = $this->withHeaders($headers)->get("api/webhooks/nginx"); | $response = $this->withHeaders($headers)->get("api/webhooks/nginx"); | ||||
$response->assertStatus(200); | $response->assertStatus(200); | ||||
$response->assertHeader('auth-status', 'OK'); | $response->assertHeader('auth-status', 'OK'); | ||||
} | } | ||||
/** | |||||
* Test the httpauth webhook | |||||
*/ | |||||
public function testNGINXHttpAuthHook(): void | |||||
{ | |||||
$john = $this->getTestUser('john@kolab.org'); | |||||
$response = $this->get("api/webhooks/nginx-httpauth"); | |||||
$response->assertStatus(403); | |||||
$pass = \App\Utils::generatePassphrase(); | |||||
$headers = [ | |||||
'Php-Auth-Pw' => $pass, | |||||
'Php-Auth-User' => 'john@kolab.org', | |||||
'X-Forwarded-For' => '127.0.0.1', | |||||
'X-Forwarded-Proto' => 'https', | |||||
'X-Original-Uri' => '/iRony/', | |||||
'X-Real-Ip' => '127.0.0.1', | |||||
]; | |||||
// Pass | |||||
$response = $this->withHeaders($headers)->get("api/webhooks/nginx-httpauth"); | |||||
$response->assertStatus(200); | |||||
// domain.tld\username | |||||
$modifiedHeaders = $headers; | |||||
$modifiedHeaders['Php-Auth-User'] = "kolab.org\\john"; | |||||
$response = $this->withHeaders($modifiedHeaders)->get("api/webhooks/nginx-httpauth"); | |||||
$response->assertStatus(200); | |||||
// Invalid Password | |||||
$modifiedHeaders = $headers; | |||||
$modifiedHeaders['Php-Auth-Pw'] = "Invalid"; | |||||
$response = $this->withHeaders($modifiedHeaders)->get("api/webhooks/nginx-httpauth"); | |||||
$response->assertStatus(403); | |||||
// Empty Password | |||||
$modifiedHeaders = $headers; | |||||
$modifiedHeaders['Php-Auth-Pw'] = ""; | |||||
$response = $this->withHeaders($modifiedHeaders)->get("api/webhooks/nginx-httpauth"); | |||||
$response->assertStatus(403); | |||||
// Empty User | |||||
$modifiedHeaders = $headers; | |||||
$modifiedHeaders['Php-Auth-User'] = ""; | |||||
$response = $this->withHeaders($modifiedHeaders)->get("api/webhooks/nginx-httpauth"); | |||||
$response->assertStatus(403); | |||||
// Invalid User | |||||
$modifiedHeaders = $headers; | |||||
$modifiedHeaders['Php-Auth-User'] = "foo@kolab.org"; | |||||
$response = $this->withHeaders($modifiedHeaders)->get("api/webhooks/nginx-httpauth"); | |||||
$response->assertStatus(403); | |||||
// Empty Ip | |||||
$modifiedHeaders = $headers; | |||||
$modifiedHeaders['X-Real-Ip'] = ""; | |||||
$response = $this->withHeaders($modifiedHeaders)->get("api/webhooks/nginx-httpauth"); | |||||
$response->assertStatus(403); | |||||
// 2-FA without device | |||||
$john->setSettings( | |||||
machniak: I'd rather use ned@kolab.org who has 2FA configured already. It will not require to unset the… | |||||
mollekopfAuthorUnsubmitted Done Inline ActionsPersonally I think using the same user is clearer, as this makes explicit that we simply test the same situation with a different setting. I don't particularly mind changing to ned@kolab.org, but note that I can't currently remove resetting the settings, since we also change other settings and I'm resetting in tearDown. So unless it's really worth it to avoid setting the settings one to many times, I'd leave it as is. mollekopf: Personally I think using the same user is clearer, as this makes explicit that we simply test… | |||||
[ | |||||
'2fa_enabled' => true, | |||||
] | |||||
); | |||||
\App\CompanionApp::where('user_id', $john->id)->delete(); | |||||
$response = $this->withHeaders($headers)->get("api/webhooks/nginx-httpauth"); | |||||
$response->assertStatus(403); | |||||
// 2-FA with accepted auth attempt | |||||
$authAttempt = \App\AuthAttempt::recordAuthAttempt($john, "127.0.0.1"); | |||||
$authAttempt->accept(); | |||||
$response = $this->withHeaders($headers)->get("api/webhooks/nginx-httpauth"); | |||||
$response->assertStatus(200); | |||||
} | |||||
} | } |
I'd rather use ned@kolab.org who has 2FA configured already. It will not require to unset the setting for john afterwards.