Differential D3029 Diff 9925 src/tests/Feature/Controller/NGINXTest.php

Changeset View

Standalone View

src/tests/Feature/Controller/NGINXTest.php

Show All 14 Lines	public function setUp(): void

$john = $this->getTestUser('john@kolab.org');		$john = $this->getTestUser('john@kolab.org');
\App\CompanionApp::where('user_id', $john->id)->delete();		\App\CompanionApp::where('user_id', $john->id)->delete();
\App\AuthAttempt::where('user_id', $john->id)->delete();		\App\AuthAttempt::where('user_id', $john->id)->delete();
$john->setSettings(		$john->setSettings(
[		[
// 'limit_geo' => json_encode(["CH"]),		// 'limit_geo' => json_encode(["CH"]),
'guam_enabled' => false,		'guam_enabled' => false,
'2fa_enabled' => false
]		]
);		);
$this->useServicesUrl();		$this->useServicesUrl();
}		}

public function tearDown(): void		public function tearDown(): void
{		{

$john = $this->getTestUser('john@kolab.org');		$john = $this->getTestUser('john@kolab.org');
\App\CompanionApp::where('user_id', $john->id)->delete();		\App\CompanionApp::where('user_id', $john->id)->delete();
\App\AuthAttempt::where('user_id', $john->id)->delete();		\App\AuthAttempt::where('user_id', $john->id)->delete();
$john->setSettings(		$john->setSettings(
[		[
// 'limit_geo' => json_encode(["CH"]),		// 'limit_geo' => json_encode(["CH"]),
'guam_enabled' => false,		'guam_enabled' => false,
'2fa_enabled' => false
]		]
);		);
parent::tearDown();		parent::tearDown();
}		}

/**		/**
* Test the webhook		* Test the webhook
*/		*/
▲ Show 20 Lines • Show All 90 Lines • ▼ Show 20 Lines	public function testNGINXWebhook(): void
);		);

$response = $this->withHeaders($headers)->get("api/webhooks/nginx");		$response = $this->withHeaders($headers)->get("api/webhooks/nginx");
$response->assertStatus(200);		$response->assertStatus(200);
$response->assertHeader('auth-status', 'OK');		$response->assertHeader('auth-status', 'OK');
$response->assertHeader('auth-server', '127.0.0.1');		$response->assertHeader('auth-server', '127.0.0.1');
$response->assertHeader('auth-port', '9143');		$response->assertHeader('auth-port', '9143');

// 2-FA without device
$john->setSettings(		$companionApp = $this->getTestCompanionApp(
		'testdevice',
		$john,
[		[
'2fa_enabled' => true,		'notification_token' => 'notificationtoken',
		'mfa_enabled' => 1,
		'name' => 'testname',
]		]
);		);
\App\CompanionApp::where('user_id', $john->id)->delete();

$response = $this->withHeaders($headers)->get("api/webhooks/nginx");
$response->assertStatus(200);
$response->assertHeader('auth-status', 'authentication failure');

// 2-FA with accepted auth attempt		// 2-FA with accepted auth attempt
$authAttempt = \App\AuthAttempt::recordAuthAttempt($john, "127.0.0.1");		$authAttempt = \App\AuthAttempt::recordAuthAttempt($john, "127.0.0.1");
$authAttempt->accept();		$authAttempt->accept();

$response = $this->withHeaders($headers)->get("api/webhooks/nginx");		$response = $this->withHeaders($headers)->get("api/webhooks/nginx");
$response->assertStatus(200);		$response->assertStatus(200);
$response->assertHeader('auth-status', 'OK');		$response->assertHeader('auth-status', 'OK');

		// Deny
		$authAttempt->deny();
		$response = $this->withHeaders($headers)->get("api/webhooks/nginx");
		$response->assertStatus(200);
		$response->assertHeader('auth-status', 'authentication failure');

		// 2-FA without device
		$companionApp->delete();
		$response = $this->withHeaders($headers)->get("api/webhooks/nginx");
		$response->assertStatus(200);
		$response->assertHeader('auth-status', 'OK');
}		}

/**		/**
* Test the httpauth webhook		* Test the httpauth webhook
*/		*/
public function testNGINXHttpAuthHook(): void		public function testNGINXHttpAuthHook(): void
{		{
$john = $this->getTestUser('john@kolab.org');		$john = $this->getTestUser('john@kolab.org');
▲ Show 20 Lines • Show All 46 Lines • ▼ Show 20 Lines	public function testNGINXHttpAuthHook(): void
$response->assertStatus(403);		$response->assertStatus(403);

// Empty Ip		// Empty Ip
$modifiedHeaders = $headers;		$modifiedHeaders = $headers;
$modifiedHeaders['X-Real-Ip'] = "";		$modifiedHeaders['X-Real-Ip'] = "";
$response = $this->withHeaders($modifiedHeaders)->get("api/webhooks/nginx-httpauth");		$response = $this->withHeaders($modifiedHeaders)->get("api/webhooks/nginx-httpauth");
$response->assertStatus(403);		$response->assertStatus(403);

		$companionApp = $this->getTestCompanionApp(
// 2-FA without device		'testdevice',
$john->setSettings(		$john,
[		[
'2fa_enabled' => true,		'notification_token' => 'notificationtoken',
		'mfa_enabled' => 1,
		'name' => 'testname',
]		]
);		);
\App\CompanionApp::where('user_id', $john->id)->delete();

$response = $this->withHeaders($headers)->get("api/webhooks/nginx-httpauth");
$response->assertStatus(403);

// 2-FA with accepted auth attempt		// 2-FA with accepted auth attempt
$authAttempt = \App\AuthAttempt::recordAuthAttempt($john, "127.0.0.1");		$authAttempt = \App\AuthAttempt::recordAuthAttempt($john, "127.0.0.1");
$authAttempt->accept();		$authAttempt->accept();

$response = $this->withHeaders($headers)->get("api/webhooks/nginx-httpauth");		$response = $this->withHeaders($headers)->get("api/webhooks/nginx-httpauth");
$response->assertStatus(200);		$response->assertStatus(200);

		// Deny
		$authAttempt->deny();
		$response = $this->withHeaders($headers)->get("api/webhooks/nginx-httpauth");
		$response->assertStatus(403);

		// 2-FA without device
		$companionApp->delete();
		$response = $this->withHeaders($headers)->get("api/webhooks/nginx-httpauth");
		$response->assertStatus(200);
}		}
}		}