‪TYPO3CMS  10.4
PasswordResetTest.php
Go to the documentation of this file.
1 <?php
2 
3 declare(strict_types=1);
4 
5 /*
6  * This file is part of the TYPO3 CMS project.
7  *
8  * It is free software; you can redistribute it and/or modify it under
9  * the terms of the GNU General Public License, either version 2
10  * of the License, or any later version.
11  *
12  * For the full copyright and license information, please read the
13  * LICENSE.txt file that was distributed with this source code.
14  *
15  * The TYPO3 project - inspiring people to share!
16  */
17 
18 namespace ‪TYPO3\CMS\Backend\Tests\Functional\Authentication;
19 
20 use Psr\Log\LoggerInterface;
21 use ‪TYPO3\CMS\Backend\Authentication\PasswordReset;
22 use ‪TYPO3\CMS\Core\Context\Context;
23 use ‪TYPO3\CMS\Core\Http\ServerRequest;
24 use TYPO3\TestingFramework\Core\Functional\FunctionalTestCase;
25 
26 class ‪PasswordResetTest extends FunctionalTestCase
27 {
31  public function ‪isNotEnabledWorks(): void
32  {
33  $subject = new ‪PasswordReset();
34  ‪$GLOBALS['TYPO3_CONF_VARS']['BE']['passwordReset'] = false;
35  ‪$GLOBALS['TYPO3_CONF_VARS']['BE']['passwordResetForAdmins'] = false;
36  self::assertFalse($subject->isEnabled());
37  ‪$GLOBALS['TYPO3_CONF_VARS']['BE']['passwordResetForAdmins'] = true;
38  self::assertFalse($subject->isEnabled());
39  }
40 
44  public function ‪isNotEnabledWithNoUsers(): void
45  {
46  $subject = new ‪PasswordReset();
47  ‪$GLOBALS['TYPO3_CONF_VARS']['BE']['passwordReset'] = true;
48  ‪$GLOBALS['TYPO3_CONF_VARS']['BE']['passwordResetForAdmins'] = false;
49  self::assertFalse($subject->isEnabled());
50  ‪$GLOBALS['TYPO3_CONF_VARS']['BE']['passwordReset'] = true;
51  ‪$GLOBALS['TYPO3_CONF_VARS']['BE']['passwordResetForAdmins'] = true;
52  self::assertFalse($subject->isEnabled());
53  }
54 
58  public function ‪isEnabledExcludesAdministrators(): void
59  {
60  $this->importDataSet(__DIR__ . '/Fixtures/be_users_only_admins.xml');
61  $subject = new ‪PasswordReset();
62  ‪$GLOBALS['TYPO3_CONF_VARS']['BE']['passwordReset'] = false;
63  ‪$GLOBALS['TYPO3_CONF_VARS']['BE']['passwordResetForAdmins'] = false;
64  self::assertFalse($subject->isEnabled());
65  ‪$GLOBALS['TYPO3_CONF_VARS']['BE']['passwordReset'] = true;
66  ‪$GLOBALS['TYPO3_CONF_VARS']['BE']['passwordResetForAdmins'] = false;
67  self::assertFalse($subject->isEnabled());
68  ‪$GLOBALS['TYPO3_CONF_VARS']['BE']['passwordReset'] = true;
69  ‪$GLOBALS['TYPO3_CONF_VARS']['BE']['passwordResetForAdmins'] = true;
70  self::assertTrue($subject->isEnabled());
71  }
72 
76  public function ‪noEmailIsFound(): void
77  {
78  $this->importDataSet(__DIR__ . '/Fixtures/be_users.xml');
79  ‪$GLOBALS['TYPO3_CONF_VARS']['BE']['passwordReset'] = true;
80  ‪$GLOBALS['TYPO3_CONF_VARS']['BE']['passwordResetForAdmins'] = true;
81  ‪$GLOBALS['TYPO3_CONF_VARS']['MAIL']['transport'] = 'null';
82  $emailAddress = 'does-not-exist@example.com';
83  $subject = new ‪PasswordReset();
84  $loggerProphecy = $this->prophesize(LoggerInterface::class);
85  $loggerProphecy->warning()->withArguments(['Password reset requested for email but no valid users'])->shouldBeCalled();
86  $subject->setLogger($loggerProphecy->reveal());
87  $context = new ‪Context();
88  $request = new ‪ServerRequest();
89  $subject->initiateReset($request, $context, $emailAddress);
90  }
91 
95  public function ‪ambiguousEmailIsTriggeredForMultipleValidUsers(): void
96  {
97  $this->importDataSet(__DIR__ . '/Fixtures/be_users.xml');
98  ‪$GLOBALS['TYPO3_CONF_VARS']['BE']['passwordReset'] = true;
99  ‪$GLOBALS['TYPO3_CONF_VARS']['BE']['passwordResetForAdmins'] = true;
100  ‪$GLOBALS['TYPO3_CONF_VARS']['MAIL']['transport'] = 'null';
101  $emailAddress = 'duplicate@example.com';
102  $subject = new ‪PasswordReset();
103  $loggerProphecy = $this->prophesize(LoggerInterface::class);
104  $loggerProphecy->warning()->withArguments(['Password reset sent to email address ' . $emailAddress . ' but multiple accounts found'])->shouldBeCalled();
105  $subject->setLogger($loggerProphecy->reveal());
106  $context = new ‪Context();
107  $request = new ‪ServerRequest();
108  $subject->initiateReset($request, $context, $emailAddress);
109  }
110 
114  public function ‪passwordResetEmailIsTriggeredForValidUser(): void
115  {
116  $this->importDataSet(__DIR__ . '/Fixtures/be_users.xml');
117  ‪$GLOBALS['TYPO3_CONF_VARS']['BE']['passwordReset'] = true;
118  ‪$GLOBALS['TYPO3_CONF_VARS']['BE']['passwordResetForAdmins'] = true;
119  ‪$GLOBALS['TYPO3_CONF_VARS']['MAIL']['transport'] = 'null';
120  $emailAddress = 'editor-with-email@example.com';
121  $username = 'editor-with-email';
122  $subject = new ‪PasswordReset();
123  $loggerProphecy = $this->prophesize(LoggerInterface::class);
124  $loggerProphecy->info()->withArguments(['Sent password reset email to email address ' . $emailAddress . ' for user ' . $username])->shouldBeCalled();
125  $subject->setLogger($loggerProphecy->reveal());
126  $context = new ‪Context();
127  $request = new ‪ServerRequest();
128  $subject->initiateReset($request, $context, $emailAddress);
129  }
130 
134  public function ‪invalidTokenCannotResetPassword(): void
135  {
136  $this->importDataSet(__DIR__ . '/Fixtures/be_users.xml');
137  ‪$GLOBALS['TYPO3_CONF_VARS']['BE']['passwordReset'] = true;
138  ‪$GLOBALS['TYPO3_CONF_VARS']['BE']['passwordResetForAdmins'] = true;
139  ‪$GLOBALS['TYPO3_CONF_VARS']['MAIL']['transport'] = 'null';
140  $subject = new ‪PasswordReset();
141  $loggerProphecy = $this->prophesize(LoggerInterface::class);
142  $loggerProphecy->debug()->withArguments(['Password reset not possible due to weak password'])->shouldBeCalled();
143  $subject->setLogger($loggerProphecy->reveal());
144 
145  $context = new ‪Context();
146  $request = new ‪ServerRequest();
147  $request = $request->withQueryParams(['t' => 'token', 'i' => 'identity', 'e' => 13465444]);
148  $subject->resetPassword($request, $context);
149 
150  // Now with a password
151  $request = $request->withParsedBody(['password' => 'str0NGpassw0RD!', 'passwordrepeat' => 'str0NGpassw0RD!']);
152  $loggerProphecy = $this->prophesize(LoggerInterface::class);
153  $loggerProphecy->warning()->withArguments(['Password reset not possible. Valid user for token not found.'])->shouldBeCalled();
154  $subject->setLogger($loggerProphecy->reveal());
155  $subject->resetPassword($request, $context);
156  }
157 }
‪TYPO3\CMS\Backend\Tests\Functional\Authentication\PasswordResetTest
Definition: PasswordResetTest.php:27
‪TYPO3\CMS\Backend\Tests\Functional\Authentication\PasswordResetTest\isNotEnabledWorks
‪isNotEnabledWorks()
Definition: PasswordResetTest.php:31
‪TYPO3\CMS\Backend\Tests\Functional\Authentication\PasswordResetTest\invalidTokenCannotResetPassword
‪invalidTokenCannotResetPassword()
Definition: PasswordResetTest.php:134
‪TYPO3\CMS\Backend\Authentication\PasswordReset
Definition: PasswordReset.php:58
‪TYPO3\CMS\Core\Context\Context
Definition: Context.php:53
‪TYPO3\CMS\Backend\Tests\Functional\Authentication\PasswordResetTest\ambiguousEmailIsTriggeredForMultipleValidUsers
‪ambiguousEmailIsTriggeredForMultipleValidUsers()
Definition: PasswordResetTest.php:95
‪TYPO3\CMS\Backend\Tests\Functional\Authentication\PasswordResetTest\passwordResetEmailIsTriggeredForValidUser
‪passwordResetEmailIsTriggeredForValidUser()
Definition: PasswordResetTest.php:114
‪TYPO3\CMS\Backend\Tests\Functional\Authentication
Definition: PasswordResetTest.php:18
‪TYPO3\CMS\Core\Http\ServerRequest
Definition: ServerRequest.php:37
‪TYPO3\CMS\Backend\Tests\Functional\Authentication\PasswordResetTest\noEmailIsFound
‪noEmailIsFound()
Definition: PasswordResetTest.php:76
‪$GLOBALS
‪$GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['adminpanel']['modules']
Definition: ext_localconf.php:5
‪TYPO3\CMS\Backend\Tests\Functional\Authentication\PasswordResetTest\isEnabledExcludesAdministrators
‪isEnabledExcludesAdministrators()
Definition: PasswordResetTest.php:58
‪TYPO3\CMS\Backend\Tests\Functional\Authentication\PasswordResetTest\isNotEnabledWithNoUsers
‪isNotEnabledWithNoUsers()
Definition: PasswordResetTest.php:44