extern/2FAuth
1
0
Fork 0
mirror of https://github.com/Bubka/2FAuth.git synced 2024-11-22 16:23:18 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix and complete phpunit tests

Browse Source
This commit is contained in:
Bubka 2020-11-22 12:26:39 +01:00
parent fa90fb0867
commit 9344648567
4 changed files with 393 additions and 112 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
tests/Feature/ProtectDbTest.php
View File

@ -77,7 +77,7 @@ public function testDbEncryption()
*
* @test
*/
public function testTwoFAccountUpdateOnProtectedDB()
public function testTwofaccountUpdateOnProtectedDb()
{
// Encrypt db
$response = $this->actingAs($this->user, 'api')
@ -263,7 +263,8 @@ public function testBadPayloadDontBreakEncryptedAccountFetching()
DB::table('twofaccounts')
->where('id', 1)
->update([
'account' => 'YoushallNotPass',
'account' => 'YouShallNotPass',
'uri' => 'PasDeBrasPasDeChocolat',
]);
$response = $this->actingAs($this->user, 'api')
@ -271,6 +272,16 @@ public function testBadPayloadDontBreakEncryptedAccountFetching()
->assertStatus(200)
->assertJsonFragment([
'account' => '*encrypted*',
'service' => 'test',
'group_id' => null,
'isConsistent' => false,
'otpType' => null,
'digits' => null,
'hotpCounter' => null,
'totpPeriod' => null,
])
->assertJsonMissing([
'uri' => '*encrypted*',
]);
}

32
tests/Unit/ApiExceptionTest.php
View File

@ -34,12 +34,12 @@ public function setUp(): void
*
* @test
*/
public function test_HTTP_UNAUTHORIZED()
public function testHttpUnauthenticated()
{
$response = $this->json('GET', '/api/settings/options')
->assertStatus(401)
->assertJson([
'message' => 'Unauthorized'
'message' => 'Unauthenticated.'
]);
}
@ -49,14 +49,11 @@ public function test_HTTP_UNAUTHORIZED()
*
* @test
*/
public function test_HTTP_NOT_FOUND()
public function testHttpNotFound()
{
$response = $this->actingAs($this->user, 'api')
->json('GET', '/api/twofaccounts/1000')
->assertStatus(404)
->assertJson([
'message' => 'Not Found'
]);
->assertStatus(404);
}
@ -65,14 +62,11 @@ public function test_HTTP_NOT_FOUND()
*
* @test
*/
public function test_HTTP_METHOD_NOT_ALLOWED()
public function testHttpMethodNotAllowed()
{
$response = $this->actingAs($this->user, 'api')
->json('PATCH', '/api/settings/options')
->assertStatus(405)
->assertJson([
'message' => 'Method Not Allowed'
]);
->assertStatus(405);
}
@ -81,7 +75,7 @@ public function test_HTTP_METHOD_NOT_ALLOWED()
*
* @test
*/
public function test_HTTP_UNPROCESSABLE_ENTITY()
public function testHttpUnprocessableEntity()
{
$response = $this->json('POST', '/api/login')
->assertStatus(422)
@ -101,22 +95,14 @@ public function test_HTTP_UNPROCESSABLE_ENTITY()
*
* @test
*/
public function test_HTTP_INTERNAL_SERVER_ERROR()
public function testHttpInternalServerError()
{
factory(TwoFAccount::class, 3)->create();
$response = $this->actingAs($this->user, 'api')
->json('PATCH', '/api/twofaccounts/reorder', [
'orderedIds' => 'x'])
->assertStatus(500)
->assertJsonStructure([
'message',
'originalMessage',
'debug'
])
->assertJsonFragment([
'message' => 'Whoops, looks like something went wrong :('
]);
->assertStatus(500);
}

55
tests/Unit/QrcodeTest.php
View File

@ -38,43 +38,20 @@ public function testQrcodeDecodeWithMissingImage()
*
* @test
*/
public function testDecodeInvalidQrcode()
{
$file = LocalFile::fake()->invalidQrcode();
// public function testDecodeInvalidQrcode()
// {
// $file = LocalFile::fake()->invalidQrcode();
$response = $this->withHeaders([
'Content-Type' => 'multipart/form-data',
])
->json('POST', '/api/qrcode/decode', [
'qrcode' => $file,
'inputFormat' => 'fileUpload'
]);
// $response = $this->withHeaders([
// 'Content-Type' => 'multipart/form-data',
// ])
// ->json('POST', '/api/qrcode/decode', [
// 'qrcode' => $file,
// 'inputFormat' => 'fileUpload'
// ]);
$response->assertStatus(422);
}
/**
* test Decode a qrcode via API
*
* @test
*/
public function testDecodeValidUri()
{
$response = $this->json('POST', '/api/qrcode/decode', [
'uri' => 'otpauth://totp/service:account?secret=A4GRFHVIRBGY7UIW'
]);
$response->assertStatus(200)
->assertJsonFragment([
'service' => 'service',
'account' => 'account',
'algorithm' => 'sha1',
'digits' => 6,
'totpPeriod' => 30,
'secret' => 'A4GRFHVIRBGY7UIW'
]);
}
// $response->assertStatus(422);
// }
/**
@ -95,12 +72,8 @@ public function testDecodeValidQrcode()
]);
$response->assertStatus(200)
->assertJsonFragment([
'account' => 'test@test.com',
'algorithm' => 'sha1',
'digits' => 6,
'totpPeriod' => 30,
'secret' => 'A4GRFHVIRBGY7UIW'
->assertJsonStructure([
'uri',
]);
}

403
tests/Unit/TwoFAccountTest.php
View File

@ -26,11 +26,11 @@ public function setUp(): void
/**
* test TwoFAccount display via API
* test Totp TwoFAccount display via API
*
* @test
*/
public function testTwoFAccountDisplay()
public function testTotpTwofaccountDisplay()
{
Storage::put('test.png', 'emptied to prevent missing resource replaced by null by the model getter');
@ -53,7 +53,6 @@ public function testTwoFAccountDisplay()
'otpType' => 'totp',
'digits' => 6,
'totpPeriod' => 30,
'hotpCounter' => null,
'imageLink' => null,
])
->assertJsonMissing([
@ -64,12 +63,50 @@ public function testTwoFAccountDisplay()
}
/**
* test Hotp TwoFAccount display via API
*
* @test
*/
public function testHotpTwofaccountDisplayWithCounterIncrement()
{
$twofaccount = factory(TwoFAccount::class)->create([
'service' => 'testTOTP',
'account' => 'test@test.com',
'uri' => 'otpauth://hotp/test@test.com?secret=A4GRFHVVRBGY7UIW&issuer=test&counter=1',
]);
$response = $this->actingAs($this->user, 'api')
->json('POST', '/api/twofaccounts/token', ['id' => $twofaccount->id])
->assertStatus(200);
$response = $this->actingAs($this->user, 'api')
->json('GET', '/api/twofaccounts/' . $twofaccount->id)
->assertStatus(200)
->assertJsonFragment([
'service' => 'testTOTP',
'account' => 'test@test.com',
'group_id' => null,
'isConsistent' => true,
'otpType' => 'hotp',
'digits' => 6,
'hotpCounter' => 2,
'imageLink' => null,
])
->assertJsonMissing([
'uri' => 'otpauth://hotp/test@test.com?secret=A4GRFHVVRBGY7UIW&issuer=test',
'secret' => 'A4GRFHVVRBGY7UIW',
'algorithm' => 'sha1',
]);
}
/**
* test TwoFAccount display via API
*
* @test
*/
public function testTwoFAccountDisplayWithSensitive()
public function testTwofaccountDisplayWithSensitive()
{
$twofaccount = factory(TwoFAccount::class)->create([
'service' => 'testTOTP',
@ -94,7 +131,7 @@ public function testTwoFAccountDisplayWithSensitive()
*
* @test
*/
public function testMissingTwoFAccountDisplay()
public function testMissingTwofaccountDisplay()
{
$response = $this->actingAs($this->user, 'api')
->json('GET', '/api/twofaccounts/1000')
@ -102,12 +139,63 @@ public function testMissingTwoFAccountDisplay()
}
/**
* test TwoFAccount preview via API
*
* @test
*/
public function testTwofaccountPreview()
{
Storage::put('test.png', 'emptied to prevent missing resource replaced by null by the model getter');
$response = $this->actingAs($this->user, 'api')
->json('POST', '/api/twofaccounts/preview', [
'uri' => 'otpauth://totp/service:account?secret=A4GRFHVVRBGY7UIW&issuer=service&image=https%3A%2F%2Fen.opensuse.org%2Fimages%2F4%2F44%2FButton-filled-colour.png',
])
->assertStatus(200)
->assertJsonFragment([
'service' => 'service',
'account' => 'account',
'uri' => 'otpauth://totp/service:account?secret=A4GRFHVVRBGY7UIW&issuer=service&image=https%3A%2F%2Fen.opensuse.org%2Fimages%2F4%2F44%2FButton-filled-colour.png',
'secret' => 'A4GRFHVVRBGY7UIW',
'algorithm' => 'sha1',
'otpType' => 'totp',
'digits' => 6,
'totpPeriod' => 30,
'hotpCounter' => null,
'imageLink' => 'https://en.opensuse.org/images/4/44/Button-filled-colour.png',
])
->assertJsonStructure([
'icon'
]);
}
/**
* test TwoFAccount preview with unreachable image parameter via API
*
* @test
*/
public function testTwofaccountPreviewWithUnreachableImage()
{
$response = $this->actingAs($this->user, 'api')
->json('POST', '/api/twofaccounts/preview', [
'uri' => 'otpauth://totp/service:account?secret=A4GRFHVVRBGY7UIW&issuer=service&image=https%3A%2F%2Fen.opensuse.org%2Fimage.png',
])
->assertStatus(200)
->assertJsonMissing([
'icon'
]);
}
/**
* test TwoFAccount creation via API
*
* @test
*/
public function testTwoFAccountCreation()
public function testTwofaccountCreationSubmittedByQuickForm()
{
$response = $this->actingAs($this->user, 'api')
->json('POST', '/api/twofaccounts', [
@ -128,12 +216,88 @@ public function testTwoFAccountCreation()
}
/**
* test Twofaccount Creation Submitted By Advanced Form Without Otp Option via API
*
* @test
*/
public function testTwofaccountCreationSubmittedByAdvancedFormWithoutOtpOption()
{
$response = $this->actingAs($this->user, 'api')
->json('POST', '/api/twofaccounts', [
'service' => 'testCreation',
'account' => 'test@example.org',
'icon' => 'test.png',
'secret' => 'A4GRFHVVRBGY7UIW',
'secretIsBase32Encoded' => 1,
'otpType' => 'totp',
'algorithm' => null,
'digits' => null,
'totpPeriod' => null,
'hotpCounter' => null,
'imageLink' => null,
])
->assertStatus(201)
->assertJsonFragment([
'service' => 'testCreation',
'account' => 'test@example.org',
'icon' => 'test.png',
'digits' => 6,
'totpPeriod' => 30,
'hotpCounter' => null,
'imageLink' => null,
])
->assertJsonMissing([
'uri' => 'otpauth://totp/test@test.com?secret=A4GRFHVVRBGY7UIW&issuer=test',
'algorithm' => null,
'secret' => 'A4GRFHVVRBGY7UIW',
]);
}
/**
* test Twofaccount Creation Submitted By Advanced Form with Otp Option via API
*
* @test
*/
public function testTwofaccountCreationSubmittedByAdvancedFormWithOtpOption()
{
$response = $this->actingAs($this->user, 'api')
->json('POST', '/api/twofaccounts', [
'service' => 'testCreation',
'account' => 'test@example.org',
'icon' => 'test.png',
'secret' => 'A4GRFHVVRBGY7UIW',
'secretIsBase32Encoded' => 1,
'otpType' => 'totp',
'algorithm' => 'sha256',
'digits' => 8,
'totpPeriod' => 40,
'hotpCounter' => null,
])
->assertStatus(201)
->assertJsonFragment([
'service' => 'testCreation',
'account' => 'test@example.org',
'icon' => 'test.png',
'digits' => 8,
'totpPeriod' => 40,
'hotpCounter' => null,
])
->assertJsonMissing([
'uri' => '',
'algorithm' => null,
'secret' => 'A4GRFHVVRBGY7UIW',
]);
}
/**
* test TwoFAccount creation when fiels are empty via API
*
* @test
*/
public function testTwoFAccountCreationWithEmptyRequest()
public function testTwofaccountCreationWithEmptyRequest()
{
$response = $this->actingAs($this->user, 'api')
->json('POST', '/api/twofaccounts', [
@ -151,7 +315,7 @@ public function testTwoFAccountCreationWithEmptyRequest()
*
* @test
*/
public function testTwoFAccountCreationWithInvalidTOTP()
public function testTwofaccountCreationWithInvalidTotp()
{
$response = $this->actingAs($this->user, 'api')
->json('POST', '/api/twofaccounts', [
@ -188,16 +352,19 @@ public function testShowAccountWithUndecipheredUri()
$response = $this->actingAs($this->user, 'api')
->json('GET', '/api/twofaccounts/1')
->assertStatus(422);
->assertStatus(200)
->assertJsonFragment([
'isConsistent' => false,
]);
}
/**
* test token generation for a given existing account via API
* test totp token generation for a given existing account via API
*
* @test
*/
public function testTokenGenerationWithAccountId()
public function testTotpTokenGenerationWithAccountId()
{
$twofaccount = factory(TwoFAccount::class)->create([
'service' => 'testService',
@ -206,11 +373,34 @@ public function testTokenGenerationWithAccountId()
]);
$response = $this->actingAs($this->user, 'api')
->json('POST', '/api/twofaccounts/otp', ['id' => $twofaccount->id])
->json('POST', '/api/twofaccounts/token', ['id' => $twofaccount->id])
->assertStatus(200)
->assertJsonStructure([
'token',
'totpTimestamp',
'totpPeriod',
]);
}
/**
* test hotp token generation for a given existing account via API
*
* @test
*/
public function testHotpTokenGenerationWithAccountId()
{
$twofaccount = factory(TwoFAccount::class)->create([
'service' => 'testService',
'account' => 'testAccount',
'uri' => 'otpauth://hotp/testService:testAccount?secret=A4GRFHVVRBGY7UIW&issuer=testService&counter=1'
]);
$response = $this->actingAs($this->user, 'api')
->json('POST', '/api/twofaccounts/token', ['id' => $twofaccount->id])
->assertStatus(200)
->assertJsonStructure([
'token',
'totpTimestamp'
]);
}
@ -225,28 +415,25 @@ public function testTokenGenerationWithUri()
$uri = 'otpauth://totp/service:account?secret=A4GRFHVVRBGY7UIW&issuer=service';
$response = $this->actingAs($this->user, 'api')
->json('POST', '/api/twofaccounts/otp', ['otp' => ['uri' => $uri]])
->json('POST', '/api/twofaccounts/token', ['otp' => ['uri' => $uri]])
->assertStatus(200)
->assertJsonFragment([
'service' => 'service',
'account' => 'account',
])
->assertJsonStructure([
'token',
'totpTimestamp'
'totpTimestamp',
'totpPeriod',
]);
}
/**
* test token generation by providing an array of otp attributes without URI via API
* test totp token generation by providing an array of otp attributes without URI via API
*
* @test
*/
public function testTokenGenerationWithAttributesArray()
public function testTotpTokenGenerationWithAttributesArray()
{
$response = $this->actingAs($this->user, 'api')
->json('POST', '/api/twofaccounts/otp', ['otp' => [
->json('POST', '/api/twofaccounts/token', ['otp' => [
'service' => 'service',
'account' => 'account',
'otpType' => 'totp',
@ -258,13 +445,121 @@ public function testTokenGenerationWithAttributesArray()
'uri' => ''
]])
->assertStatus(200)
->assertJsonFragment([
'service' => 'service',
'account' => 'account',
])
->assertJsonStructure([
'token',
'totpTimestamp'
'totpTimestamp',
'totpPeriod',
]);
}
/**
* test hotp token generation by providing an array of otp attributes without URI via API
*
* @test
*/
public function testHotpTokenGenerationWithAttributesArray()
{
$response = $this->actingAs($this->user, 'api')
->json('POST', '/api/twofaccounts/token', ['otp' => [
'service' => 'service',
'account' => 'account',
'otpType' => 'hotp',
'secret' => 'A4GRFHVVRBGY7UIW',
'secretIsBase32Encoded' => 1,
'digits' => 6,
'hotpCounter' => 1,
'algorithm' => 'sha1',
'uri' => ''
]])
->assertStatus(200)
->assertJsonStructure([
'token',
'hotpCounter',
]);
}
/**
* test token generation by providing an array of otp attributes with a bad otp type via API
*
* @test
*/
public function testTokenGenerationWithBadOtptypeAttribute()
{
$response = $this->actingAs($this->user, 'api')
->json('POST', '/api/twofaccounts/token', ['otp' => [
'service' => 'service',
'account' => 'account',
'otpType' => 'otp',
'secret' => 'A4GRFHVVRBGY7UIW',
'secretIsBase32Encoded' => 1,
'digits' => 6,
'totpPeriod' => 30,
'algorithm' => 'sha1',
'uri' => ''
]])
->assertStatus(422)
->assertJsonStructure([
'errors' => [
'otpType'
]
]);
}
/**
* test token generation by providing an array of otp attributes without secret via API
*
* @test
*/
public function testTokenGenerationWithMissingSecretAttribute()
{
$response = $this->actingAs($this->user, 'api')
->json('POST', '/api/twofaccounts/token', ['otp' => [
'service' => 'service',
'account' => 'account',
'otpType' => 'totp',
'secret' => 'A4GRFHVVRBGY7UIW',
'secretIsBase32Encoded' => 1,
'digits' => 'x',
'totpPeriod' => 'y',
'algorithm' => 'sha1',
'uri' => ''
]])
->assertStatus(422)
->assertJsonStructure([
'errors' => [
'qrcode'
]
]);
}
/**
* test token generation by providing an array of bad attributes via API
*
* @test
*/
public function testTokenGenerationWithBadAttribute()
{
$response = $this->actingAs($this->user, 'api')
->json('POST', '/api/twofaccounts/token', ['otp' => [
'service' => 'service',
'account' => 'account',
'otpType' => 'totp',
'secret' => '',
'secretIsBase32Encoded' => 1,
'digits' => 6,
'totpPeriod' => 30,
'algorithm' => 'sha1',
'uri' => ''
]])
->assertStatus(422)
->assertJsonStructure([
'errors' => [
'secret'
]
]);
}
@ -274,7 +569,7 @@ public function testTokenGenerationWithAttributesArray()
*
* @test
*/
public function testTwoFAccountTOTPUpdate()
public function testTwofaccountTotpUpdate()
{
$twofaccount = factory(TwoFAccount::class)->create();
@ -289,8 +584,7 @@ public function testTwoFAccountTOTPUpdate()
'digits' => 8,
'totpPeriod' => 40,
'algorithm' => 'sha256',
'uri' => '',
'imageLink' => 'http://www.image.net/file.png'
'uri' => ''
])
->assertStatus(200)
->assertJsonFragment([
@ -300,8 +594,7 @@ public function testTwoFAccountTOTPUpdate()
'icon' => 'testUpdate.png',
'otpType' => 'totp',
'digits' => 8,
'totpPeriod' => 40,
'imageLink' => 'http://www.image.net/file.png'
'totpPeriod' => 40
])
->assertJsonMissing([
'uri' => $twofaccount->uri,
@ -327,7 +620,7 @@ public function testTwoFAccountTOTPUpdate()
*
* @test
*/
public function testTwoFAccountHOTPUpdate()
public function testTwofaccountHotpUpdate()
{
$twofaccount = factory(TwoFAccount::class)->create([
'service' => 'service',
@ -346,8 +639,7 @@ public function testTwoFAccountHOTPUpdate()
'digits' => 8,
'hotpCounter' => 5,
'algorithm' => 'sha256',
'uri' => '',
'imageLink' => 'http://www.image.net/file.png'
'uri' => ''
])
->assertStatus(200)
->assertJsonFragment([
@ -357,8 +649,7 @@ public function testTwoFAccountHOTPUpdate()
'icon' => 'testUpdate.png',
'otpType' => 'hotp',
'digits' => 8,
'hotpCounter' => 5,
'imageLink' => 'http://www.image.net/file.png'
'hotpCounter' => 5
])
->assertJsonMissing([
'uri' => $twofaccount->uri,
@ -384,7 +675,7 @@ public function testTwoFAccountHOTPUpdate()
*
* @test
*/
public function testTwoFAccountUpdateOfMissingTwoFAccount()
public function testTwofaccountUpdateOfMissingTwoFAccount()
{
$twofaccount = factory(TwoFAccount::class)->create();
$id = $twofaccount->id;
@ -413,7 +704,7 @@ public function testTwoFAccountUpdateOfMissingTwoFAccount()
*
* @test
*/
public function testTwoFAccountIndexListing()
public function testTwofaccountIndexListing()
{
$twofaccount = factory(TwoFAccount::class, 3)->create();
@ -427,21 +718,41 @@ public function testTwoFAccountIndexListing()
'service',
'account',
'icon',
'created_at',
'updated_at',
'isConsistent'
'isConsistent',
'order_column',
'group_id',
'otpType'
]
]
);
}
/**
* test TwoFAccount index fetching via API
*
* @test
*/
public function testTwofaccountCount()
{
$twofaccount = factory(TwoFAccount::class, 3)->create();
$response = $this->actingAs($this->user, 'api')
->json('GET', '/api/twofaccounts/count')
->assertStatus(200)
->assertJson([
'count' => 3
]
);
}
/**
* test TwoFAccount deletion via API
*
* @test
*/
public function testTwoFAccountDeletion()
public function testTwofaccountDeletion()
{
$twofaccount = factory(TwoFAccount::class)->create();
@ -456,7 +767,7 @@ public function testTwoFAccountDeletion()
*
* @test
*/
public function testTwoFAccountBatchDestroy()
public function testTwofaccountBatchDestroy()
{
factory(TwoFAccount::class, 3)->create();
@ -474,7 +785,7 @@ public function testTwoFAccountBatchDestroy()
*
* @test
*/
public function testTwoFAccountReorder()
public function testTwofaccountReorder()
{
factory(TwoFAccount::class, 3)->create();
@ -490,7 +801,7 @@ public function testTwoFAccountReorder()
*
* @test
*/
public function testShowQRCode()
public function testShowQrcode()
{
$twofaccount = factory(TwoFAccount::class)->create();