| [ Index ] |
PHP Cross Reference of Unnamed Project |
[Summary view] [Print] [Text view]
1 <?php 2 // This file is part of Moodle - http://moodle.org/ 3 // 4 // Moodle is free software: you can redistribute it and/or modify 5 // it under the terms of the GNU General Public License as published by 6 // the Free Software Foundation, either version 3 of the License, or 7 // (at your option) any later version. 8 // 9 // Moodle is distributed in the hope that it will be useful, 10 // but WITHOUT ANY WARRANTY; without even the implied warranty of 11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 // GNU General Public License for more details. 13 // 14 // You should have received a copy of the GNU General Public License 15 // along with Moodle. If not, see <http://www.gnu.org/licenses/>. 16 17 /** 18 * Authentication related tests. 19 * 20 * @package core_auth 21 * @category phpunit 22 * @copyright 2012 Petr Skoda {@link http://skodak.org} 23 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later 24 */ 25 26 defined('MOODLE_INTERNAL') || die(); 27 28 29 /** 30 * Functional test for authentication related APIs. 31 */ 32 class core_authlib_testcase extends advanced_testcase { 33 public function test_lockout() { 34 global $CFG; 35 require_once("$CFG->libdir/authlib.php"); 36 37 $this->resetAfterTest(); 38 39 $oldlog = ini_get('error_log'); 40 ini_set('error_log', "$CFG->dataroot/testlog.log"); // Prevent standard logging. 41 42 unset_config('noemailever'); 43 44 set_config('lockoutthreshold', 0); 45 set_config('lockoutwindow', 60*20); 46 set_config('lockoutduration', 60*30); 47 48 $user = $this->getDataGenerator()->create_user(); 49 50 // Test lockout is disabled when threshold not set. 51 52 $this->assertFalse(login_is_lockedout($user)); 53 login_attempt_failed($user); 54 login_attempt_failed($user); 55 login_attempt_failed($user); 56 login_attempt_failed($user); 57 $this->assertFalse(login_is_lockedout($user)); 58 59 // Test lockout threshold works. 60 61 set_config('lockoutthreshold', 3); 62 login_attempt_failed($user); 63 login_attempt_failed($user); 64 $this->assertFalse(login_is_lockedout($user)); 65 $sink = $this->redirectEmails(); 66 login_attempt_failed($user); 67 $this->assertCount(1, $sink->get_messages()); 68 $sink->close(); 69 $this->assertTrue(login_is_lockedout($user)); 70 71 // Test unlock works. 72 73 login_unlock_account($user); 74 $this->assertFalse(login_is_lockedout($user)); 75 76 // Test lockout window works. 77 78 login_attempt_failed($user); 79 login_attempt_failed($user); 80 $this->assertFalse(login_is_lockedout($user)); 81 set_user_preference('login_failed_last', time()-60*20-10, $user); 82 login_attempt_failed($user); 83 $this->assertFalse(login_is_lockedout($user)); 84 85 // Test valid login resets window. 86 87 login_attempt_valid($user); 88 $this->assertFalse(login_is_lockedout($user)); 89 login_attempt_failed($user); 90 login_attempt_failed($user); 91 $this->assertFalse(login_is_lockedout($user)); 92 93 // Test lock duration works. 94 95 $sink = $this->redirectEmails(); 96 login_attempt_failed($user); 97 $this->assertCount(1, $sink->get_messages()); 98 $sink->close(); 99 $this->assertTrue(login_is_lockedout($user)); 100 set_user_preference('login_lockout', time()-60*30+10, $user); 101 $this->assertTrue(login_is_lockedout($user)); 102 set_user_preference('login_lockout', time()-60*30-10, $user); 103 $this->assertFalse(login_is_lockedout($user)); 104 105 // Test lockout ignored pref works. 106 107 set_user_preference('login_lockout_ignored', 1, $user); 108 login_attempt_failed($user); 109 login_attempt_failed($user); 110 login_attempt_failed($user); 111 login_attempt_failed($user); 112 $this->assertFalse(login_is_lockedout($user)); 113 114 ini_set('error_log', $oldlog); 115 } 116 117 public function test_authenticate_user_login() { 118 global $CFG; 119 120 $this->resetAfterTest(); 121 122 $oldlog = ini_get('error_log'); 123 ini_set('error_log', "$CFG->dataroot/testlog.log"); // Prevent standard logging. 124 125 unset_config('noemailever'); 126 127 set_config('lockoutthreshold', 0); 128 set_config('lockoutwindow', 60*20); 129 set_config('lockoutduration', 60*30); 130 131 $_SERVER['HTTP_USER_AGENT'] = 'no browser'; // Hack around missing user agent in CLI scripts. 132 133 $user1 = $this->getDataGenerator()->create_user(array('username'=>'username1', 'password'=>'password1', 'email'=>'email1@example.com')); 134 $user2 = $this->getDataGenerator()->create_user(array('username'=>'username2', 'password'=>'password2', 'email'=>'email2@example.com', 'suspended'=>1)); 135 $user3 = $this->getDataGenerator()->create_user(array('username'=>'username3', 'password'=>'password3', 'email'=>'email2@example.com', 'auth'=>'nologin')); 136 137 // Normal login. 138 $sink = $this->redirectEvents(); 139 $result = authenticate_user_login('username1', 'password1'); 140 $events = $sink->get_events(); 141 $sink->close(); 142 $this->assertEmpty($events); 143 $this->assertInstanceOf('stdClass', $result); 144 $this->assertEquals($user1->id, $result->id); 145 146 // Normal login with reason. 147 $reason = null; 148 $sink = $this->redirectEvents(); 149 $result = authenticate_user_login('username1', 'password1', false, $reason); 150 $events = $sink->get_events(); 151 $sink->close(); 152 $this->assertEmpty($events); 153 $this->assertInstanceOf('stdClass', $result); 154 $this->assertEquals(AUTH_LOGIN_OK, $reason); 155 156 // Test login via email 157 $reason = null; 158 $this->assertEmpty($CFG->authloginviaemail); 159 $sink = $this->redirectEvents(); 160 $result = authenticate_user_login('email1@example.com', 'password1', false, $reason); 161 $sink->close(); 162 $this->assertFalse($result); 163 $this->assertEquals(AUTH_LOGIN_NOUSER, $reason); 164 165 set_config('authloginviaemail', 1); 166 $this->assertNotEmpty($CFG->authloginviaemail); 167 $sink = $this->redirectEvents(); 168 $result = authenticate_user_login('email1@example.com', 'password1'); 169 $events = $sink->get_events(); 170 $sink->close(); 171 $this->assertEmpty($events); 172 $this->assertInstanceOf('stdClass', $result); 173 $this->assertEquals($user1->id, $result->id); 174 175 $reason = null; 176 $sink = $this->redirectEvents(); 177 $result = authenticate_user_login('email2@example.com', 'password2', false, $reason); 178 $events = $sink->get_events(); 179 $sink->close(); 180 $this->assertFalse($result); 181 $this->assertEquals(AUTH_LOGIN_NOUSER, $reason); 182 set_config('authloginviaemail', 0); 183 184 $reason = null; 185 // Capture failed login event. 186 $sink = $this->redirectEvents(); 187 $result = authenticate_user_login('username1', 'nopass', false, $reason); 188 $events = $sink->get_events(); 189 $sink->close(); 190 $event = array_pop($events); 191 192 $this->assertFalse($result); 193 $this->assertEquals(AUTH_LOGIN_FAILED, $reason); 194 // Test Event. 195 $this->assertInstanceOf('\core\event\user_login_failed', $event); 196 $expectedlogdata = array(SITEID, 'login', 'error', 'index.php', 'username1'); 197 $this->assertEventLegacyLogData($expectedlogdata, $event); 198 $eventdata = $event->get_data(); 199 $this->assertSame($eventdata['other']['username'], 'username1'); 200 $this->assertSame($eventdata['other']['reason'], AUTH_LOGIN_FAILED); 201 $this->assertEventContextNotUsed($event); 202 203 $reason = null; 204 // Capture failed login event. 205 $sink = $this->redirectEvents(); 206 $result = authenticate_user_login('username2', 'password2', false, $reason); 207 $events = $sink->get_events(); 208 $sink->close(); 209 $event = array_pop($events); 210 211 $this->assertFalse($result); 212 $this->assertEquals(AUTH_LOGIN_SUSPENDED, $reason); 213 // Test Event. 214 $this->assertInstanceOf('\core\event\user_login_failed', $event); 215 $expectedlogdata = array(SITEID, 'login', 'error', 'index.php', 'username2'); 216 $this->assertEventLegacyLogData($expectedlogdata, $event); 217 $eventdata = $event->get_data(); 218 $this->assertSame($eventdata['other']['username'], 'username2'); 219 $this->assertSame($eventdata['other']['reason'], AUTH_LOGIN_SUSPENDED); 220 $this->assertEventContextNotUsed($event); 221 222 $reason = null; 223 // Capture failed login event. 224 $sink = $this->redirectEvents(); 225 $result = authenticate_user_login('username3', 'password3', false, $reason); 226 $events = $sink->get_events(); 227 $sink->close(); 228 $event = array_pop($events); 229 230 $this->assertFalse($result); 231 $this->assertEquals(AUTH_LOGIN_SUSPENDED, $reason); 232 // Test Event. 233 $this->assertInstanceOf('\core\event\user_login_failed', $event); 234 $expectedlogdata = array(SITEID, 'login', 'error', 'index.php', 'username3'); 235 $this->assertEventLegacyLogData($expectedlogdata, $event); 236 $eventdata = $event->get_data(); 237 $this->assertSame($eventdata['other']['username'], 'username3'); 238 $this->assertSame($eventdata['other']['reason'], AUTH_LOGIN_SUSPENDED); 239 $this->assertEventContextNotUsed($event); 240 241 $reason = null; 242 // Capture failed login event. 243 $sink = $this->redirectEvents(); 244 $result = authenticate_user_login('username4', 'password3', false, $reason); 245 $events = $sink->get_events(); 246 $sink->close(); 247 $event = array_pop($events); 248 249 $this->assertFalse($result); 250 $this->assertEquals(AUTH_LOGIN_NOUSER, $reason); 251 // Test Event. 252 $this->assertInstanceOf('\core\event\user_login_failed', $event); 253 $expectedlogdata = array(SITEID, 'login', 'error', 'index.php', 'username4'); 254 $this->assertEventLegacyLogData($expectedlogdata, $event); 255 $eventdata = $event->get_data(); 256 $this->assertSame($eventdata['other']['username'], 'username4'); 257 $this->assertSame($eventdata['other']['reason'], AUTH_LOGIN_NOUSER); 258 $this->assertEventContextNotUsed($event); 259 260 set_config('lockoutthreshold', 3); 261 262 $reason = null; 263 $result = authenticate_user_login('username1', 'nopass', false, $reason); 264 $this->assertFalse($result); 265 $this->assertEquals(AUTH_LOGIN_FAILED, $reason); 266 $result = authenticate_user_login('username1', 'nopass', false, $reason); 267 $this->assertFalse($result); 268 $this->assertEquals(AUTH_LOGIN_FAILED, $reason); 269 $sink = $this->redirectEmails(); 270 $result = authenticate_user_login('username1', 'nopass', false, $reason); 271 $this->assertCount(1, $sink->get_messages()); 272 $sink->close(); 273 $this->assertFalse($result); 274 $this->assertEquals(AUTH_LOGIN_FAILED, $reason); 275 276 $result = authenticate_user_login('username1', 'password1', false, $reason); 277 $this->assertFalse($result); 278 $this->assertEquals(AUTH_LOGIN_LOCKOUT, $reason); 279 280 $result = authenticate_user_login('username1', 'password1', true, $reason); 281 $this->assertInstanceOf('stdClass', $result); 282 $this->assertEquals(AUTH_LOGIN_OK, $reason); 283 284 ini_set('error_log', $oldlog); 285 } 286 287 public function test_user_loggedin_event_exceptions() { 288 try { 289 $event = \core\event\user_loggedin::create(array('objectid' => 1)); 290 $this->fail('\core\event\user_loggedin requires other[\'username\']'); 291 } catch(Exception $e) { 292 $this->assertInstanceOf('coding_exception', $e); 293 } 294 } 295 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Thu Aug 11 10:00:09 2016 | Cross-referenced by PHPXref 0.7.1 |