‪TYPO3CMS  11.5
PasswordResetTest.php
Go to the documentation of this file.
1 <?php
2 
3 declare(strict_types=1);
4 
5 /*
6  * This file is part of the TYPO3 CMS project.
7  *
8  * It is free software; you can redistribute it and/or modify it under
9  * the terms of the GNU General Public License, either version 2
10  * of the License, or any later version.
11  *
12  * For the full copyright and license information, please read the
13  * LICENSE.txt file that was distributed with this source code.
14  *
15  * The TYPO3 project - inspiring people to share!
16  */
17 
18 namespace ‪TYPO3\CMS\Backend\Tests\Functional\Authentication;
19 
20 use Prophecy\PhpUnit\ProphecyTrait;
21 use Psr\Log\LoggerInterface;
22 use Psr\Log\LoggerTrait;
23 use ‪TYPO3\CMS\Backend\Authentication\PasswordReset;
24 use ‪TYPO3\CMS\Core\Context\Context;
25 use ‪TYPO3\CMS\Core\Http\ServerRequest;
26 use TYPO3\TestingFramework\Core\Functional\FunctionalTestCase;
27 
28 class ‪PasswordResetTest extends FunctionalTestCase
29 {
30  use ProphecyTrait;
31 
35  protected ‪$logger;
36 
37  public function ‪setUp(): void
38  {
39  parent::setUp();
40  $this->logger = new class () implements LoggerInterface {
41  use LoggerTrait;
42  public array $records = [];
43  public function log($level, $message, array $context = []): void
44  {
45  $this->records[] = [
46  'level' => $level,
47  'message' => $message,
48  'context' => $context,
49  ];
50  }
51  };
52  }
53 
57  public function ‪isNotEnabledWorks(): void
58  {
59  $subject = new ‪PasswordReset();
60  ‪$GLOBALS['TYPO3_CONF_VARS']['BE']['passwordReset'] = false;
61  ‪$GLOBALS['TYPO3_CONF_VARS']['BE']['passwordResetForAdmins'] = false;
62  self::assertFalse($subject->isEnabled());
63  ‪$GLOBALS['TYPO3_CONF_VARS']['BE']['passwordResetForAdmins'] = true;
64  self::assertFalse($subject->isEnabled());
65  }
66 
70  public function ‪isNotEnabledWithNoUsers(): void
71  {
72  $subject = new PasswordReset();
73  ‪$GLOBALS['TYPO3_CONF_VARS']['BE']['passwordReset'] = true;
74  ‪$GLOBALS['TYPO3_CONF_VARS']['BE']['passwordResetForAdmins'] = false;
75  self::assertFalse($subject->isEnabled());
76  ‪$GLOBALS['TYPO3_CONF_VARS']['BE']['passwordReset'] = true;
77  ‪$GLOBALS['TYPO3_CONF_VARS']['BE']['passwordResetForAdmins'] = true;
78  self::assertFalse($subject->isEnabled());
79  }
80 
84  public function ‪isEnabledExcludesAdministrators(): void
85  {
86  $this->importCSVDataSet(__DIR__ . '/Fixtures/be_users_only_admins.csv');
87  $subject = new PasswordReset();
88  ‪$GLOBALS['TYPO3_CONF_VARS']['BE']['passwordReset'] = false;
89  ‪$GLOBALS['TYPO3_CONF_VARS']['BE']['passwordResetForAdmins'] = false;
90  self::assertFalse($subject->isEnabled());
91  ‪$GLOBALS['TYPO3_CONF_VARS']['BE']['passwordReset'] = true;
92  ‪$GLOBALS['TYPO3_CONF_VARS']['BE']['passwordResetForAdmins'] = false;
93  self::assertFalse($subject->isEnabled());
94  ‪$GLOBALS['TYPO3_CONF_VARS']['BE']['passwordReset'] = true;
95  ‪$GLOBALS['TYPO3_CONF_VARS']['BE']['passwordResetForAdmins'] = true;
96  self::assertTrue($subject->isEnabled());
97  }
98 
102  public function ‪isEnabledForUserTest(): void
103  {
104  $subject = new PasswordReset();
105  ‪$GLOBALS['TYPO3_CONF_VARS']['BE']['passwordResetForAdmins'] = false;
106 
107  // False since no users exist
108  self::assertFalse($subject->isEnabledForUser(3));
109 
110  $this->importCSVDataSet(__DIR__ . '/Fixtures/be_users.csv');
111 
112  // False since reset for admins is not enabled
113  self::assertFalse($subject->isEnabledForUser(1));
114  // False since user has no email set
115  self::assertFalse($subject->isEnabledForUser(2));
116  // False since user has no password set
117  self::assertFalse($subject->isEnabledForUser(4));
118  // False since user is disabled
119  self::assertFalse($subject->isEnabledForUser(7));
120 
121  // Now true since user with email+password exist
122  self::assertTrue($subject->isEnabledForUser(3));
123 
124  ‪$GLOBALS['TYPO3_CONF_VARS']['BE']['passwordResetForAdmins'] = true;
125  // True since "passwordResetForAdmins" is now set
126  self::assertTrue($subject->isEnabledForUser(1));
127  }
128 
132  public function ‪noEmailIsFound(): void
133  {
134  $this->importCSVDataSet(__DIR__ . '/Fixtures/be_users.csv');
135  ‪$GLOBALS['TYPO3_CONF_VARS']['BE']['passwordReset'] = true;
136  ‪$GLOBALS['TYPO3_CONF_VARS']['BE']['passwordResetForAdmins'] = true;
137  ‪$GLOBALS['TYPO3_CONF_VARS']['MAIL']['transport'] = 'null';
138  $emailAddress = 'does-not-exist@example.com';
139  $subject = new PasswordReset();
140  $loggerProphecy = $this->prophesize(LoggerInterface::class);
141  $loggerProphecy->warning()->withArguments(['Password reset requested for email but no valid users'])->shouldBeCalled();
142  $subject->setLogger($loggerProphecy->reveal());
143  $context = new Context();
144  $request = new ServerRequest();
145  $subject->initiateReset($request, $context, $emailAddress);
146  }
147 
151  public function ‪ambiguousEmailIsTriggeredForMultipleValidUsers(): void
152  {
153  $this->importCSVDataSet(__DIR__ . '/Fixtures/be_users.csv');
154  ‪$GLOBALS['TYPO3_CONF_VARS']['BE']['passwordReset'] = true;
155  ‪$GLOBALS['TYPO3_CONF_VARS']['BE']['passwordResetForAdmins'] = true;
156  ‪$GLOBALS['TYPO3_CONF_VARS']['MAIL']['transport'] = 'null';
157  $emailAddress = 'duplicate@example.com';
158  $subject = new PasswordReset();
159  $subject->setLogger($this->logger);
160  $context = new Context();
161  $request = new ServerRequest();
162  $subject->initiateReset($request, $context, $emailAddress);
163  self::assertEquals('warning', $this->logger->records[0]['level']);
164  self::assertEquals($emailAddress, $this->logger->records[0]['context']['email']);
165  }
166 
170  public function ‪passwordResetEmailIsTriggeredForValidUser(): void
171  {
172  $this->importCSVDataSet(__DIR__ . '/Fixtures/be_users.csv');
173  ‪$GLOBALS['TYPO3_CONF_VARS']['BE']['passwordReset'] = true;
174  ‪$GLOBALS['TYPO3_CONF_VARS']['BE']['passwordResetForAdmins'] = true;
175  ‪$GLOBALS['TYPO3_CONF_VARS']['MAIL']['transport'] = 'null';
176  $emailAddress = 'editor-with-email@example.com';
177  $username = 'editor-with-email';
178  $subject = new PasswordReset();
179  $subject->setLogger($this->logger);
180  $context = new Context();
181  $request = new ServerRequest();
182  $subject->initiateReset($request, $context, $emailAddress);
183  self::assertEquals('info', $this->logger->records[0]['level']);
184  self::assertEquals($emailAddress, $this->logger->records[0]['context']['email']);
185  self::assertEquals($username, $this->logger->records[0]['context']['username']);
186  }
187 
191  public function ‪invalidTokenCannotResetPassword(): void
192  {
193  $this->importCSVDataSet(__DIR__ . '/Fixtures/be_users.csv');
194  ‪$GLOBALS['TYPO3_CONF_VARS']['BE']['passwordReset'] = true;
195  ‪$GLOBALS['TYPO3_CONF_VARS']['BE']['passwordResetForAdmins'] = true;
196  ‪$GLOBALS['TYPO3_CONF_VARS']['MAIL']['transport'] = 'null';
197  $subject = new PasswordReset();
198  $loggerProphecy = $this->prophesize(LoggerInterface::class);
199  $loggerProphecy->debug()->withArguments(['Password reset not possible due to weak password'])->shouldBeCalled();
200  $subject->setLogger($loggerProphecy->reveal());
201 
202  $context = new Context();
203  $request = new ServerRequest();
204  $request = $request->withQueryParams(['t' => 'token', 'i' => 'identity', 'e' => 13465444]);
205  $subject->resetPassword($request, $context);
206 
207  // Now with a password
208  $request = $request->withParsedBody(['password' => 'str0NGpassw0RD!', 'passwordrepeat' => 'str0NGpassw0RD!']);
209  $loggerProphecy = $this->prophesize(LoggerInterface::class);
210  $loggerProphecy->warning()->withArguments(['Password reset not possible. Valid user for token not found.'])->shouldBeCalled();
211  $subject->setLogger($loggerProphecy->reveal());
212  $subject->resetPassword($request, $context);
213  }
214 }
‪TYPO3\CMS\Backend\Tests\Functional\Authentication\PasswordResetTest\isEnabledForUserTest
‪isEnabledForUserTest()
Definition: PasswordResetTest.php:100
‪TYPO3\CMS\Backend\Tests\Functional\Authentication\PasswordResetTest
Definition: PasswordResetTest.php:29
‪TYPO3\CMS\Backend\Tests\Functional\Authentication\PasswordResetTest\isNotEnabledWorks
‪isNotEnabledWorks()
Definition: PasswordResetTest.php:55
‪TYPO3\CMS\Backend\Tests\Functional\Authentication\PasswordResetTest\$logger
‪LoggerInterface object $logger
Definition: PasswordResetTest.php:33
‪TYPO3\CMS\Backend\Tests\Functional\Authentication\PasswordResetTest\invalidTokenCannotResetPassword
‪invalidTokenCannotResetPassword()
Definition: PasswordResetTest.php:189
‪TYPO3\CMS\Backend\Authentication\PasswordReset
Definition: PasswordReset.php:59
‪TYPO3\CMS\Core\Context\Context
Definition: Context.php:53
‪TYPO3\CMS\Backend\Tests\Functional\Authentication\PasswordResetTest\ambiguousEmailIsTriggeredForMultipleValidUsers
‪ambiguousEmailIsTriggeredForMultipleValidUsers()
Definition: PasswordResetTest.php:149
‪TYPO3\CMS\Backend\Tests\Functional\Authentication\PasswordResetTest\setUp
‪setUp()
Definition: PasswordResetTest.php:35
‪TYPO3\CMS\Backend\Tests\Functional\Authentication\PasswordResetTest\passwordResetEmailIsTriggeredForValidUser
‪passwordResetEmailIsTriggeredForValidUser()
Definition: PasswordResetTest.php:168
‪TYPO3\CMS\Backend\Tests\Functional\Authentication
Definition: PasswordResetTest.php:18
‪TYPO3\CMS\Core\Http\ServerRequest
Definition: ServerRequest.php:37
‪TYPO3\CMS\Backend\Tests\Functional\Authentication\PasswordResetTest\noEmailIsFound
‪noEmailIsFound()
Definition: PasswordResetTest.php:130
‪$GLOBALS
‪$GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['adminpanel']['modules']
Definition: ext_localconf.php:25
‪TYPO3\CMS\Backend\Tests\Functional\Authentication\PasswordResetTest\isEnabledExcludesAdministrators
‪isEnabledExcludesAdministrators()
Definition: PasswordResetTest.php:82
‪TYPO3\CMS\Backend\Tests\Functional\Authentication\PasswordResetTest\isNotEnabledWithNoUsers
‪isNotEnabledWithNoUsers()
Definition: PasswordResetTest.php:68