diff --git a/tests/phpunit/integration/Api/Module/ApiOATHValidateTest.php b/tests/phpunit/integration/Api/Module/ApiOATHValidateTest.php new file mode 100644 index 00000000..ef6d1842 --- /dev/null +++ b/tests/phpunit/integration/Api/Module/ApiOATHValidateTest.php @@ -0,0 +1,168 @@ + + * @group Database + */ +class ApiOATHValidateTest extends ApiTestCase { + /** + * @covers \MediaWiki\Extension\OATHAuth\Api\Module\ApiOATHValidate::execute + */ + public function testNonexistentUser() { + [ $result, ] = $this->doApiRequestWithToken( + [ + 'action' => 'oathvalidate', + 'user' => 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAA I am fake', + 'data' => '{"token": "123456"}', + ], + null, + new UltimateAuthority( $this->getTestUser()->getUserIdentity() ) + ); + + $this->assertArraySubmapSame( + [ + 'oathvalidate' => [ + 'enabled' => false, + 'valid' => false, + ], + ], + $result + ); + } + + /** + * @covers \MediaWiki\Extension\OATHAuth\Api\Module\ApiOATHValidate::execute + */ + public function testDisabled() { + $testUser = $this->getTestUser(); + + [ $result, ] = $this->doApiRequestWithToken( + [ + 'action' => 'oathvalidate', + 'user' => $testUser->getUserIdentity()->getName(), + 'data' => '{"token": "123456"}', + ], + null, + new UltimateAuthority( $testUser->getUserIdentity() ) + ); + + $this->assertArraySubmapSame( + [ + 'oathvalidate' => [ + 'enabled' => false, + 'valid' => false, + ], + ], + $result + ); + } + + /** + * @covers \MediaWiki\Extension\OATHAuth\Api\Module\ApiOATHValidate::execute + */ + public function testCorrectToken() { + $testUser = $this->getTestUser(); + + $key = TOTPKey::newFromRandom(); + $userRepository = OATHAuthServices::getInstance( $this->getServiceContainer() )->getUserRepository(); + $userRepository->createKey( + $userRepository->findByUser( $testUser->getUserIdentity() ), + OATHAuthServices::getInstance( $this->getServiceContainer() ) + ->getModuleRegistry() + ->getModuleByKey( 'totp' ), + $key->jsonSerialize(), + '127.0.0.1' + ); + + $secret = TestingAccessWrapper::newFromObject( $key )->secret; + $correctToken = HOTP::generateByTime( + Base32::decode( $secret['secret'] ), + $secret['period'], + )->toHOTP( 6 ); + + [ $result, ] = $this->doApiRequestWithToken( + [ + 'action' => 'oathvalidate', + 'user' => $testUser->getUserIdentity()->getName(), + 'data' => json_encode( [ 'token' => $correctToken ] ), + ], + null, + new UltimateAuthority( $testUser->getUserIdentity() ) + ); + + $this->assertArraySubmapSame( + [ + 'oathvalidate' => [ + 'enabled' => true, + 'valid' => true, + ], + ], + $result + ); + } + + /** + * @covers \MediaWiki\Extension\OATHAuth\Api\Module\ApiOATHValidate::execute + */ + public function testWrongToken() { + $testUser = $this->getTestUser(); + + $userRepository = OATHAuthServices::getInstance( $this->getServiceContainer() )->getUserRepository(); + $userRepository->createKey( + $userRepository->findByUser( $testUser->getUserIdentity() ), + OATHAuthServices::getInstance( $this->getServiceContainer() ) + ->getModuleRegistry() + ->getModuleByKey( 'totp' ), + TOTPKey::newFromRandom()->jsonSerialize(), + '127.0.0.1' + ); + + [ $result, ] = $this->doApiRequestWithToken( + [ + 'action' => 'oathvalidate', + 'user' => $testUser->getUserIdentity()->getName(), + 'data' => json_encode( [ 'token' => '000000' ] ), + ], + null, + new UltimateAuthority( $testUser->getUserIdentity() ) + ); + + $this->assertArraySubmapSame( + [ + 'oathvalidate' => [ + 'enabled' => true, + 'valid' => false, + ], + ], + $result + ); + } +}