Mirrors/sysPass
2
0
Fork 0
mirror of https://github.com/nuxsmin/sysPass.git synced 2026-03-12 03:16:54 +01:00
Code Issues Packages Projects Releases Wiki Activity

chore(tests): UT for Provider auth

Browse Source 
Signed-off-by: Rubén D <nuxsmin@syspass.org>
This commit is contained in:
Rubén D
2023-11-12 23:33:03 +01:00
parent 17083f10d8
commit 3dd1966e1a
14 changed files with 345 additions and 162 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
lib/SP/Core/Application.php
View File

@@ -4,7 +4,7 @@
*
* @author nuxsmin
* @link https://syspass.org
* @copyright 2012-2022, Rubén Domínguez nuxsmin@$syspass.org
* @copyright 2012-2023, Rubén Domínguez nuxsmin@$syspass.org
*
* This file is part of sysPass.
*
@@ -36,15 +36,16 @@ final class Application
/**
* Module constructor.
*
* @param ConfigInterface $config
* @param EventDispatcherInterface $eventDispatcher
* @param ContextInterface $context
* @param ConfigInterface $config
* @param EventDispatcherInterface $eventDispatcher
* @param ContextInterface $context
*/
public function __construct(
private ConfigInterface $config,
private EventDispatcherInterface $eventDispatcher,
private ContextInterface $context
) {}
private readonly ConfigInterface $config,
private readonly EventDispatcherInterface $eventDispatcher,
private readonly ContextInterface $context
) {
}
public function getConfig(): ConfigInterface
{

24
lib/SP/Core/Definitions/CoreDefinitions.php
View File

@@ -78,6 +78,7 @@ use SP\Mvc\View\TemplateInterface;
use SP\Providers\Acl\AclHandler;
use SP\Providers\Auth\AuthProvider;
use SP\Providers\Auth\AuthProviderInterface;
use SP\Providers\Auth\AuthTypeEnum;
use SP\Providers\Auth\Browser\BrowserAuth;
use SP\Providers\Auth\Browser\BrowserAuthInterface;
use SP\Providers\Auth\Database\DatabaseAuth;
@@ -155,20 +156,27 @@ final class CoreDefinitions
'ldap',
factory([LdapBase::class, 'factory'])
),
AuthProviderInterface::class =>
static function (ContainerInterface $c, ConfigDataInterface $configData) {
$provider = $c->get(AuthProvider::class);
AuthProviderInterface::class => factory(
static function (
AuthProvider $authProvider,
ConfigDataInterface $configData,
LdapAuthInterface $ldapAuth,
BrowserAuthInterface $browserAuth,
DatabaseAuthInterface $databaseAuth,
) {
if ($configData->isLdapEnabled()) {
$provider->withLdapAuth($c->get(LdapAuthInterface::class));
$authProvider->registerAuth($ldapAuth, AuthTypeEnum::Ldap);
}
if ($configData->isAuthBasicEnabled()) {
$provider->withBrowserAuth($c->get(BrowserAuthInterface::class));
$authProvider->registerAuth($browserAuth, AuthTypeEnum::Browser);
}
return $provider;
},
$authProvider->registerAuth($databaseAuth, AuthTypeEnum::Database);
return $authProvider;
}
)->parameter('authProvider', autowire(AuthProvider::class)),
Logger::class => create(Logger::class)
->constructor('syspass'),
\GuzzleHttp\Client::class => create(\GuzzleHttp\Client::class)

2
lib/SP/Providers/Acl/AclHandler.php
View File

@@ -83,8 +83,6 @@ final class AclHandler extends Provider implements EventReceiver
*
* @param string $eventType event's type
* @param Event $event event's source object
*
* @throws SPException
*/
public function update(string $eventType, Event $event): void
{

7
lib/SP/Providers/Auth/AuthInterface.php
View File

@@ -29,19 +29,18 @@ use SP\DataModel\UserLoginData;
/**
* Interface AuthInterface
*
* @template T of AuthDataBase
* @template T
* @package Auth
*/
interface AuthInterface
{
/**
* Autentificar al usuario
* Authenticate using user's data
*
* @param UserLoginData $userLoginData
*
* @return T
*/
public function authenticate(UserLoginData $userLoginData): object;
public function authenticate(UserLoginData $userLoginData): AuthDataBase;
/**
* Indica si es requerida para acceder a la aplicación

138
lib/SP/Providers/Auth/AuthProvider.php
View File

@@ -27,11 +27,9 @@ namespace SP\Providers\Auth;
use SP\Core\Application;
use SP\Core\Exceptions\SPException;
use SP\DataModel\UserLoginData;
use SP\Domain\Auth\Ports\LdapAuthInterface;
use SP\Domain\Auth\Services\AuthException;
use SP\Providers\Auth\Browser\BrowserAuthInterface;
use SP\Providers\Auth\Database\DatabaseAuthInterface;
use SP\Providers\Provider;
use SplObjectStorage;
use function SP\__u;
@@ -46,18 +44,41 @@ defined('APP_ROOT') || die();
*/
class AuthProvider extends Provider implements AuthProviderInterface
{
/**
* @var callable[]
*/
protected array $auths = [];
protected ?BrowserAuthInterface $browserAuth = null;
protected ?LdapAuthInterface $ldapAuth = null;
protected readonly SplObjectStorage $auths;
public function __construct(
Application $application,
protected readonly DatabaseAuthInterface $databaseAuth
) {
public function __construct(Application $application)
{
parent::__construct($application);
$this->auths = new SplObjectStorage();
}
/**
* Auth initializer
*
*/
public function initialize(): void
{
}
/**
* Register authentication methods
*
* @param AuthInterface $auth
* @param AuthTypeEnum $authTypeEnum
* @throws AuthException
*/
public function registerAuth(AuthInterface $auth, AuthTypeEnum $authTypeEnum): void
{
if ($this->auths->contains($auth)) {
throw new AuthException(
__u('Authentication already initialized'),
SPException::ERROR,
$auth::class
);
}
$this->auths->attach($auth, $authTypeEnum->value);
}
/**
@@ -71,91 +92,18 @@ class AuthProvider extends Provider implements AuthProviderInterface
{
$authsResult = [];
foreach ($this->auths as $authName => $auth) {
$data = $auth($userLoginData);
$this->auths->rewind();
if ($data instanceof AuthDataBase) {
$authsResult[] = new AuthResult($authName, $data);
}
while ($this->auths->valid()) {
/** @var AuthInterface $auth */
$auth = $this->auths->current();
$authName = $this->auths->getInfo();
$authsResult[] = new AuthResult($authName, $auth->authenticate($userLoginData));
$this->auths->next();
}
return count($authsResult) > 0 ? $authsResult : false;
}
/**
* Auth initializer
*
* @throws AuthException
*/
public function initialize(): void
{
$configData = $this->config->getConfigData();
if ($this->browserAuth && $configData->isAuthBasicEnabled()) {
$this->registerAuth(
function (UserLoginData $userLoginData) {
return $this->browserAuth->authenticate($userLoginData);
},
'authBrowser'
);
}
if ($this->ldapAuth && $configData->isLdapEnabled()) {
$this->registerAuth(
function (UserLoginData $userLoginData) {
$ldapAuthData = $this->ldapAuth->authenticate($userLoginData);
if ($ldapAuthData->getAuthenticated()) {
// Comprobamos si la cuenta está bloqueada o expirada
if ($ldapAuthData->getExpire() > 0) {
$ldapAuthData->setStatusCode(LdapAuthInterface::ACCOUNT_EXPIRED);
} elseif (!$ldapAuthData->isInGroup()) {
$ldapAuthData->setStatusCode(LdapAuthInterface::ACCOUNT_NO_GROUPS);
}
}
return $ldapAuthData;
},
'authLdap'
);
}
$this->registerAuth(
function (UserLoginData $userLoginData) {
return $this->databaseAuth->authenticate($userLoginData);
},
'authDatabase'
);
}
/**
* Registrar un método de autentificación primarios
*
* @param callable $auth Función de autentificación
* @param string $name
*
* @throws AuthException
*/
private function registerAuth(callable $auth, string $name): void
{
if (array_key_exists($name, $this->auths)) {
throw new AuthException(
__u('Authentication already initialized'),
SPException::ERROR,
__FUNCTION__
);
}
$this->auths[$name] = $auth;
}
public function withLdapAuth(LdapAuthInterface $ldapAuth): void
{
$this->ldapAuth = $ldapAuth;
}
public function withBrowserAuth(BrowserAuthInterface $browserAuth): void
{
$this->browserAuth = $browserAuth;
}
}

18
lib/SP/Providers/Auth/AuthProviderInterface.php
View File

@@ -24,11 +24,8 @@
namespace SP\Providers\Auth;
use SP\DataModel\UserLoginData;
use SP\Domain\Auth\Ports\LdapAuthInterface;
use SP\Domain\Auth\Services\AuthException;
use SP\Providers\Auth\Browser\BrowserAuthInterface;
/**
* Class Auth
@@ -42,20 +39,9 @@ interface AuthProviderInterface
/**
* Probar los métodos de autentificación
*
* @param UserLoginData $userLoginData
* @param UserLoginData $userLoginData
*
* @return false|AuthResult[]
*/
public function doAuth(UserLoginData $userLoginData);
/**
* Auth initializer
*
* @throws AuthException
*/
public function initialize(): void;
public function withLdapAuth(LdapAuthInterface $ldapAuth): void;
public function withBrowserAuth(BrowserAuthInterface $browserAuth): void;
public function doAuth(UserLoginData $userLoginData): array|bool;
}

18
lib/SP/Providers/Auth/AuthResult.php
View File

@@ -4,7 +4,7 @@
*
* @author nuxsmin
* @link https://syspass.org
* @copyright 2012-2021, Rubén Domínguez nuxsmin@$syspass.org
* @copyright 2012-2023, Rubén Domínguez nuxsmin@$syspass.org
*
* This file is part of sysPass.
*
@@ -31,25 +31,15 @@ namespace SP\Providers\Auth;
*/
final class AuthResult
{
/**
* @var string
*/
public string $authName;
/**
* @var AuthDataBase
*/
public AuthDataBase $data;
/**
* AuthResult constructor.
*
* @param string $authName
* @param string $authName
* @param AuthDataBase $data
*/
public function __construct(string $authName, AuthDataBase $data)
public function __construct(private readonly string $authName, private readonly AuthDataBase $data)
{
$this->authName = $authName;
$this->data = $data;
}
/**
@@ -67,4 +57,4 @@ final class AuthResult
{
return $this->data;
}
}
}

36
lib/SP/Providers/Auth/AuthTypeEnum.php Normal file
View File

@@ -0,0 +1,36 @@
<?php
/*
* sysPass
*
* @author nuxsmin
* @link https://syspass.org
* @copyright 2012-2023, Rubén Domínguez nuxsmin@$syspass.org
*
* This file is part of sysPass.
*
* sysPass is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* sysPass is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with sysPass. If not, see <http://www.gnu.org/licenses/>.
*/
namespace SP\Providers\Auth;
/**
* Class AuthTypeEnum
*/
enum AuthTypeEnum: string
{
case Ldap = 'authLdap';
case Browser = 'authDatabase';
case Database = 'authBrowser';
}

7
lib/SP/Providers/Auth/Browser/BrowserAuth.php
View File

@@ -48,11 +48,12 @@ final class BrowserAuth implements BrowserAuthInterface
}
/**
* Autentificar al usuario
* Authenticate using user's data
*
* @param UserLoginData $userLoginData Datos del usuario
* @param UserLoginData $userLoginData
* @return BrowserAuthData
*/
public function authenticate(UserLoginData $userLoginData): object
public function authenticate(UserLoginData $userLoginData): BrowserAuthData
{
$browserAuthData = new BrowserAuthData($this->isAuthGranted());

6
lib/SP/Providers/Auth/Database/DatabaseAuth.php
View File

@@ -49,12 +49,10 @@ final class DatabaseAuth implements DatabaseAuthInterface
) {
}
/**
* Autentificar al usuario
*
* @param UserLoginData $userLoginData Datos del usuario
* Authenticate using user's data
*
* @param UserLoginData $userLoginData
* @return DatabaseAuthData
*/
public function authenticate(UserLoginData $userLoginData): DatabaseAuthData

18
lib/SP/Providers/Auth/Ldap/LdapAuth.php
View File

@@ -58,11 +58,12 @@ final class LdapAuth implements LdapAuthInterface
}
/**
* Autentificar al usuario
* Authenticate using user's data
*
* @param UserLoginData $userLoginData Datos del usuario
* @param UserLoginData $userLoginData
* @return LdapAuthData
*/
public function authenticate(UserLoginData $userLoginData): object
public function authenticate(UserLoginData $userLoginData): LdapAuthData
{
$ldapAuthData = new LdapAuthData($this->isAuthGranted());
@@ -73,6 +74,17 @@ final class LdapAuth implements LdapAuthInterface
$this->getAttributes($userLoginData->getLoginUser(), $ldapAuthData);
// Comprobamos si la cuenta está bloqueada o expirada
if ($ldapAuthData->getExpire() > 0) {
$ldapAuthData->setStatusCode(LdapAuthInterface::ACCOUNT_EXPIRED);
return $ldapAuthData->fail();
} elseif (!$ldapAuthData->isInGroup()) {
$ldapAuthData->setStatusCode(LdapAuthInterface::ACCOUNT_NO_GROUPS);
return $ldapAuthData->fail();
}
$this->ldap->connect($ldapAuthData->getDn(), $userLoginData->getLoginPass());
return $ldapAuthData->success();

8
lib/SP/Providers/Provider.php
View File

@@ -36,10 +36,10 @@ use SP\Domain\Config\Ports\ConfigInterface;
*/
abstract class Provider implements ProviderInterface
{
protected ConfigInterface $config;
protected ContextInterface $context;
protected EventDispatcherInterface $eventDispatcher;
protected bool $initialized = false;
protected readonly ConfigInterface $config;
protected readonly ContextInterface $context;
protected readonly EventDispatcherInterface $eventDispatcher;
protected bool $initialized = false;
/**
* Provider constructor.

101
tests/SP/Providers/Auth/AuthProviderTest.php Normal file
View File

@@ -0,0 +1,101 @@
<?php
/*
* sysPass
*
* @author nuxsmin
* @link https://syspass.org
* @copyright 2012-2023, Rubén Domínguez nuxsmin@$syspass.org
*
* This file is part of sysPass.
*
* sysPass is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* sysPass is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with sysPass. If not, see <http://www.gnu.org/licenses/>.
*/
namespace SP\Tests\Providers\Auth;
use PHPUnit\Framework\MockObject\Exception;
use SP\DataModel\UserLoginData;
use SP\Domain\Auth\Services\AuthException;
use SP\Providers\Auth\AuthInterface;
use SP\Providers\Auth\AuthProvider;
use SP\Providers\Auth\AuthTypeEnum;
use SP\Providers\Auth\Browser\BrowserAuthData;
use SP\Tests\UnitaryTestCase;
/**
* Class AuthProviderTest
*
* @group unitary
*/
class AuthProviderTest extends UnitaryTestCase
{
private AuthProvider $authProvider;
/**
* @throws AuthException
* @throws Exception
*/
public function testRegisterAuthFail()
{
$auth1 = $this->createMock(AuthInterface::class);
$this->authProvider->registerAuth($auth1, AuthTypeEnum::Ldap);
$this->expectException(AuthException::class);
$this->expectExceptionMessage('Authentication already initialized');
$this->authProvider->registerAuth($auth1, AuthTypeEnum::Ldap);
}
/**
* @throws AuthException
* @throws Exception
*/
public function testDoAuth()
{
$userLoginData = new UserLoginData();
$userLoginData->setLoginUser(self::$faker->userName);
$userLoginData->setLoginPass(self::$faker->password);
$browserAuthData = new BrowserAuthData(false);
$browserAuthData->setName(self::$faker->name);
$browserAuthData->setEmail(self::$faker->email);
$browserAuthData->setStatusCode(0);
$browserAuthData->success();
$auth = $this->createMock(AuthInterface::class);
$auth->expects(self::once())
->method('authenticate')
->with($userLoginData)
->willReturn($browserAuthData);
$this->authProvider->registerAuth($auth, AuthTypeEnum::Ldap);
$out = $this->authProvider->doAuth($userLoginData);
self::assertCount(1, $out);
self::assertEquals(AuthTypeEnum::Ldap->value, $out[0]->getAuthName());
self::assertEquals($browserAuthData, $out[0]->getData());
}
protected function setUp(): void
{
parent::setUp();
$this->authProvider = new AuthProvider($this->application);
}
}

107
tests/SP/Providers/Auth/Ldap/LdapAuthTest.php
View File

@@ -94,11 +94,20 @@ class LdapAuthTest extends UnitaryTestCase
->method('actions')
->willReturn($ldapActions);
$attributes = $this->buildAttributes();
$attributes->set('expire', 0);
$ldapActions
->expects(self::once())
->method('getAttributes')
->with($filter)
->willReturn($this->buildAttributes());
->willReturn($attributes);
$this->ldap
->expects(self::once())
->method('isUserInGroup')
->with($attributes->get('dn'), $userLoginData->getLoginUser(), $attributes->get('group'))
->willReturn(true);
$out = $this->ldapAuth->authenticate($userLoginData);
@@ -125,6 +134,102 @@ class LdapAuthTest extends UnitaryTestCase
]);
}
/**
* @throws Exception
*/
public function testAuthenticateWithExpireFail()
{
$userLoginData = new UserLoginData();
$userLoginData->setLoginUser(self::$faker->userName);
$userLoginData->setLoginPass(self::$faker->password);
$ldapActions = $this->createMock(LdapActionsInterface::class);
$this->ldap
->expects(self::once())
->method('connect')
->with(null, null);
$filter = 'test';
$this->ldap
->expects(self::once())
->method('getUserDnFilter')
->with($userLoginData->getLoginUser())
->willReturn($filter);
$this->ldap
->expects(self::once())
->method('actions')
->willReturn($ldapActions);
$attributes = $this->buildAttributes();
$ldapActions
->expects(self::once())
->method('getAttributes')
->with($filter)
->willReturn($attributes);
$this->ldap
->expects(self::once())
->method('isUserInGroup')
->with($attributes->get('dn'), $userLoginData->getLoginUser(), $attributes->get('group'))
->willReturn(true);
$out = $this->ldapAuth->authenticate($userLoginData);
self::assertFalse($out->isOk());
}
/**
* @throws Exception
*/
public function testAuthenticateWithGroupFail()
{
$userLoginData = new UserLoginData();
$userLoginData->setLoginUser(self::$faker->userName);
$userLoginData->setLoginPass(self::$faker->password);
$ldapActions = $this->createMock(LdapActionsInterface::class);
$this->ldap
->expects(self::once())
->method('connect')
->with(null, null);
$filter = 'test';
$this->ldap
->expects(self::once())
->method('getUserDnFilter')
->with($userLoginData->getLoginUser())
->willReturn($filter);
$this->ldap
->expects(self::once())
->method('actions')
->willReturn($ldapActions);
$attributes = $this->buildAttributes();
$ldapActions
->expects(self::once())
->method('getAttributes')
->with($filter)
->willReturn($attributes);
$this->ldap
->expects(self::once())
->method('isUserInGroup')
->with($attributes->get('dn'), $userLoginData->getLoginUser(), $attributes->get('group'))
->willReturn(false);
$out = $this->ldapAuth->authenticate($userLoginData);
self::assertFalse($out->isOk());
}
/**
* @throws Exception
*/