Changeset View
Changeset View
Standalone View
Standalone View
src/tests/Feature/Controller/NGINXTest.php
Show All 14 Lines | public function setUp(): void | ||||
$john = $this->getTestUser('john@kolab.org'); | $john = $this->getTestUser('john@kolab.org'); | ||||
\App\CompanionApp::where('user_id', $john->id)->delete(); | \App\CompanionApp::where('user_id', $john->id)->delete(); | ||||
\App\AuthAttempt::where('user_id', $john->id)->delete(); | \App\AuthAttempt::where('user_id', $john->id)->delete(); | ||||
$john->setSettings( | $john->setSettings( | ||||
[ | [ | ||||
// 'limit_geo' => json_encode(["CH"]), | // 'limit_geo' => json_encode(["CH"]), | ||||
'guam_enabled' => false, | 'guam_enabled' => false, | ||||
'2fa_enabled' => false | |||||
] | ] | ||||
); | ); | ||||
$this->useServicesUrl(); | $this->useServicesUrl(); | ||||
} | } | ||||
public function tearDown(): void | public function tearDown(): void | ||||
{ | { | ||||
$john = $this->getTestUser('john@kolab.org'); | $john = $this->getTestUser('john@kolab.org'); | ||||
\App\CompanionApp::where('user_id', $john->id)->delete(); | \App\CompanionApp::where('user_id', $john->id)->delete(); | ||||
\App\AuthAttempt::where('user_id', $john->id)->delete(); | \App\AuthAttempt::where('user_id', $john->id)->delete(); | ||||
$john->setSettings( | $john->setSettings( | ||||
[ | [ | ||||
// 'limit_geo' => json_encode(["CH"]), | // 'limit_geo' => json_encode(["CH"]), | ||||
'guam_enabled' => false, | 'guam_enabled' => false, | ||||
'2fa_enabled' => false | |||||
] | ] | ||||
); | ); | ||||
parent::tearDown(); | parent::tearDown(); | ||||
} | } | ||||
/** | /** | ||||
* Test the webhook | * Test the webhook | ||||
*/ | */ | ||||
▲ Show 20 Lines • Show All 90 Lines • ▼ Show 20 Lines | public function testNGINXWebhook(): void | ||||
); | ); | ||||
$response = $this->withHeaders($headers)->get("api/webhooks/nginx"); | $response = $this->withHeaders($headers)->get("api/webhooks/nginx"); | ||||
$response->assertStatus(200); | $response->assertStatus(200); | ||||
$response->assertHeader('auth-status', 'OK'); | $response->assertHeader('auth-status', 'OK'); | ||||
$response->assertHeader('auth-server', '127.0.0.1'); | $response->assertHeader('auth-server', '127.0.0.1'); | ||||
$response->assertHeader('auth-port', '9143'); | $response->assertHeader('auth-port', '9143'); | ||||
// 2-FA without device | |||||
$john->setSettings( | $companionApp = $this->getTestCompanionApp( | ||||
'testdevice', | |||||
$john, | |||||
[ | [ | ||||
'2fa_enabled' => true, | 'notification_token' => 'notificationtoken', | ||||
'mfa_enabled' => 1, | |||||
'name' => 'testname', | |||||
] | ] | ||||
); | ); | ||||
\App\CompanionApp::where('user_id', $john->id)->delete(); | |||||
$response = $this->withHeaders($headers)->get("api/webhooks/nginx"); | |||||
$response->assertStatus(200); | |||||
$response->assertHeader('auth-status', 'authentication failure'); | |||||
// 2-FA with accepted auth attempt | // 2-FA with accepted auth attempt | ||||
$authAttempt = \App\AuthAttempt::recordAuthAttempt($john, "127.0.0.1"); | $authAttempt = \App\AuthAttempt::recordAuthAttempt($john, "127.0.0.1"); | ||||
$authAttempt->accept(); | $authAttempt->accept(); | ||||
$response = $this->withHeaders($headers)->get("api/webhooks/nginx"); | $response = $this->withHeaders($headers)->get("api/webhooks/nginx"); | ||||
$response->assertStatus(200); | $response->assertStatus(200); | ||||
$response->assertHeader('auth-status', 'OK'); | $response->assertHeader('auth-status', 'OK'); | ||||
// Deny | |||||
$authAttempt->deny(); | |||||
$response = $this->withHeaders($headers)->get("api/webhooks/nginx"); | |||||
$response->assertStatus(200); | |||||
$response->assertHeader('auth-status', 'authentication failure'); | |||||
// 2-FA without device | |||||
$companionApp->delete(); | |||||
$response = $this->withHeaders($headers)->get("api/webhooks/nginx"); | |||||
$response->assertStatus(200); | |||||
$response->assertHeader('auth-status', 'OK'); | |||||
} | } | ||||
/** | /** | ||||
* Test the httpauth webhook | * Test the httpauth webhook | ||||
*/ | */ | ||||
public function testNGINXHttpAuthHook(): void | public function testNGINXHttpAuthHook(): void | ||||
{ | { | ||||
$john = $this->getTestUser('john@kolab.org'); | $john = $this->getTestUser('john@kolab.org'); | ||||
▲ Show 20 Lines • Show All 46 Lines • ▼ Show 20 Lines | public function testNGINXHttpAuthHook(): void | ||||
$response->assertStatus(403); | $response->assertStatus(403); | ||||
// Empty Ip | // Empty Ip | ||||
$modifiedHeaders = $headers; | $modifiedHeaders = $headers; | ||||
$modifiedHeaders['X-Real-Ip'] = ""; | $modifiedHeaders['X-Real-Ip'] = ""; | ||||
$response = $this->withHeaders($modifiedHeaders)->get("api/webhooks/nginx-httpauth"); | $response = $this->withHeaders($modifiedHeaders)->get("api/webhooks/nginx-httpauth"); | ||||
$response->assertStatus(403); | $response->assertStatus(403); | ||||
$companionApp = $this->getTestCompanionApp( | |||||
// 2-FA without device | 'testdevice', | ||||
$john->setSettings( | $john, | ||||
[ | [ | ||||
'2fa_enabled' => true, | 'notification_token' => 'notificationtoken', | ||||
'mfa_enabled' => 1, | |||||
'name' => 'testname', | |||||
] | ] | ||||
); | ); | ||||
\App\CompanionApp::where('user_id', $john->id)->delete(); | |||||
$response = $this->withHeaders($headers)->get("api/webhooks/nginx-httpauth"); | |||||
$response->assertStatus(403); | |||||
// 2-FA with accepted auth attempt | // 2-FA with accepted auth attempt | ||||
$authAttempt = \App\AuthAttempt::recordAuthAttempt($john, "127.0.0.1"); | $authAttempt = \App\AuthAttempt::recordAuthAttempt($john, "127.0.0.1"); | ||||
$authAttempt->accept(); | $authAttempt->accept(); | ||||
$response = $this->withHeaders($headers)->get("api/webhooks/nginx-httpauth"); | $response = $this->withHeaders($headers)->get("api/webhooks/nginx-httpauth"); | ||||
$response->assertStatus(200); | $response->assertStatus(200); | ||||
// Deny | |||||
$authAttempt->deny(); | |||||
$response = $this->withHeaders($headers)->get("api/webhooks/nginx-httpauth"); | |||||
$response->assertStatus(403); | |||||
// 2-FA without device | |||||
$companionApp->delete(); | |||||
$response = $this->withHeaders($headers)->get("api/webhooks/nginx-httpauth"); | |||||
$response->assertStatus(200); | |||||
} | } | ||||
} | } |