‪TYPO3CMS  11.5
ResetPasswordControllerTest.php
Go to the documentation of this file.
1 <?php
2 
3 declare(strict_types=1);
4 
5 /*
6  * This file is part of the TYPO3 CMS project.
7  *
8  * It is free software; you can redistribute it and/or modify it under
9  * the terms of the GNU General Public License, either version 2
10  * of the License, or any later version.
11  *
12  * For the full copyright and license information, please read the
13  * LICENSE.txt file that was distributed with this source code.
14  *
15  * The TYPO3 project - inspiring people to share!
16  */
17 
18 namespace ‪TYPO3\CMS\Backend\Tests\Functional\Controller;
19 
20 use Prophecy\Argument;
21 use Prophecy\PhpUnit\ProphecyTrait;
22 use Psr\Http\Message\ServerRequestInterface;
23 use ‪TYPO3\CMS\Backend\Authentication\PasswordReset;
24 use ‪TYPO3\CMS\Backend\Controller\ResetPasswordController;
25 use ‪TYPO3\CMS\Backend\Routing\UriBuilder;
26 use ‪TYPO3\CMS\Backend\Template\ModuleTemplateFactory;
27 use ‪TYPO3\CMS\Backend\View\AuthenticationStyleInformation;
28 use ‪TYPO3\CMS\Core\Authentication\BackendUserAuthentication;
29 use ‪TYPO3\CMS\Core\Configuration\Features;
30 use ‪TYPO3\CMS\Core\Context\Context;
31 use ‪TYPO3\CMS\Core\Context\UserAspect;
32 use ‪TYPO3\CMS\Core\Core\SystemEnvironmentBuilder;
33 use ‪TYPO3\CMS\Core\Http\PropagateResponseException;
34 use ‪TYPO3\CMS\Core\Http\ServerRequest;
35 use ‪TYPO3\CMS\Core\Information\Typo3Information;
36 use ‪TYPO3\CMS\Core\Localization\LanguageServiceFactory;
37 use ‪TYPO3\CMS\Core\Localization\Locales;
38 use TYPO3\CMS\Core\Page\PageRenderer;
39 use ‪TYPO3\CMS\Core\Utility\GeneralUtility;
40 use TYPO3\TestingFramework\Core\Functional\FunctionalTestCase;
41 
42 class ‪ResetPasswordControllerTest extends FunctionalTestCase
43 {
44  use ProphecyTrait;
45 
46  protected ‪ResetPasswordController ‪$subject;
47  protected ServerRequestInterface ‪$request;
48 
49  protected ‪$configurationToUseInTestInstance = [
50  'EXTENSIONS' => [
51  'backend' => [
52  'loginHighlightColor' => '#abcdef',
53  ],
54  ],
55  ];
56 
57  protected function ‪setUp(): void
58  {
59  parent::setUp();
60 
61  $passwordResetProphecy = $this->prophesize(PasswordReset::class);
62  $passwordResetProphecy->isEnabled()->willReturn(true);
63  $passwordResetProphecy->isValidResetTokenFromRequest(Argument::any())->willReturn(true);
64  $passwordResetProphecy->resetPassword(Argument::any(), Argument::any())->willReturn(true);
65 
66  $this->subject = new ‪ResetPasswordController(
67  $this->‪getService(Context::class),
68  $this->‪getService(Locales::class),
69  $this->‪getService(Features::class),
70  $this->‪getService(UriBuilder::class),
71  $this->‪getService(PageRenderer::class),
72  $passwordResetProphecy->reveal(),
73  $this->getService(Typo3Information::class),
74  $this->getService(ModuleTemplateFactory::class),
75  $this->getService(AuthenticationStyleInformation::class),
76  );
77 
78  $this->request = (new ‪ServerRequest())
79  ->withAttribute('applicationType', ‪SystemEnvironmentBuilder::REQUESTTYPE_BE);
80 
81  ‪$GLOBALS['BE_USER'] = new ‪BackendUserAuthentication();
82  ‪$GLOBALS['BE_USER']->initializeUserSessionManager();
83  ‪$GLOBALS['LANG'] = GeneralUtility::makeInstance(LanguageServiceFactory::class)->create('default');
84  }
85 
89  public function ‪throwsPropagateResponseExceptionOnLoggedInUser(): void
90  {
91  $backendUser = new ‪BackendUserAuthentication();
92  $backendUser->user['uid'] = 13;
93  GeneralUtility::makeInstance(Context::class)->setAspect('backend.user', new ‪UserAspect($backendUser));
94 
95  $this->expectExceptionCode(1618342858);
96  $this->expectException(PropagateResponseException::class);
97  $this->subject->forgetPasswordFormAction($this->request);
98  }
99 
103  public function ‪customStylingIsApplied(): void
104  {
105  ‪$request = ‪$this->request;
106  ‪$GLOBALS['TYPO3_REQUEST'] = ‪$request;
107  $response = $this->subject->forgetPasswordFormAction(‪$request)->getBody()->getContents();
108  self::assertStringContainsString('/*loginHighlightColor*/', $response);
109  self::assertMatchesRegularExpression('/\.btn-login { background-color: #abcdef; }.*\.card-login \.card-footer { border-color: #abcdef; }/s', $response);
110  }
111 
115  public function ‪queryArgumentsAreKept(): void
116  {
117  $queryParams = [
118  'loginProvider' => '123456789',
119  'redirect' => 'web_list',
120  'redirectParams' => 'id=123',
121  ];
122  ‪$request = $this->request->withQueryParams($queryParams);
123  ‪$GLOBALS['TYPO3_REQUEST'] = ‪$request;
124 
125  // Both views supply "go back" links which should contain the defined queryParams
126  $expected = htmlspecialchars(http_build_query($queryParams));
127 
128  self::assertStringContainsString($expected, $this->subject->forgetPasswordFormAction(‪$request)->getBody()->getContents());
129  self::assertStringContainsString($expected, $this->subject->initiatePasswordResetAction(‪$request)->getBody()->getContents());
130  self::assertStringContainsString($expected, $this->subject->passwordResetAction(‪$request)->getBody()->getContents());
131  self::assertStringContainsString($expected, $this->subject->passwordResetFinishAction(‪$request)->getBody()->getContents());
132  }
133 
137  public function ‪initiatePasswordResetPreventsTimeBasedInformationDisclosure(): void
138  {
139  $start = microtime(true);
140  ‪$request = ‪$this->request;
141  ‪$GLOBALS['TYPO3_REQUEST'] = ‪$request;
142  $this->subject->initiatePasswordResetAction(‪$request);
143  self::assertGreaterThan(0.2, microtime(true) - $start);
144  }
145 
149  public function ‪initiatePasswordResetValidatesGivenEmailAddress(): void
150  {
151  ‪$request = $this->request->withParsedBody(['email' => 'email..email@example.com']);
152  ‪$GLOBALS['TYPO3_REQUEST'] = ‪$request;
153  self::assertStringContainsString(
154  'The entered email address is invalid. Please try again.',
155  $this->subject->initiatePasswordResetAction(‪$request)->getBody()->getContents()
156  );
157  }
158 
162  public function ‪resetPasswordFormUrlContainsQueryParameters(): void
163  {
164  $queryParams = [
165  't' => 'some-token-123',
166  'i' => 'some-identifier-456',
167  'e' => '1618401660',
168  ];
169  ‪$request = $this->request->withQueryParams($queryParams);
170  ‪$GLOBALS['TYPO3_REQUEST'] = ‪$request;
171 
172  // Expect the form action to contain the necessary reset query params
173  $expected = '<form action="/typo3/login/password-reset/finish?' . htmlspecialchars(http_build_query($queryParams));
174 
175  self::assertStringContainsString($expected, $this->subject->passwordResetAction(‪$request)->getBody()->getContents());
176  }
177 
181  protected function ‪getService(string $service, array $constructorArguments = [])
182  {
183  $container = $this->getContainer();
184 
185  return $container->has($service)
186  ? $container->get($service)
187  : GeneralUtility::makeInstance($service, ...$constructorArguments);
188  }
189 }
‪TYPO3\CMS\Core\Localization\LanguageServiceFactory
Definition: LanguageServiceFactory.php:25
‪TYPO3\CMS\Backend\View\AuthenticationStyleInformation
Definition: AuthenticationStyleInformation.php:32
‪TYPO3\CMS\Backend\Tests\Functional\Controller\ResetPasswordControllerTest\$configurationToUseInTestInstance
‪$configurationToUseInTestInstance
Definition: ResetPasswordControllerTest.php:48
‪TYPO3\CMS\Core\Information\Typo3Information
Definition: Typo3Information.php:28
‪TYPO3\CMS\Backend\Template\ModuleTemplateFactory
Definition: ModuleTemplateFactory.php:29
‪TYPO3\CMS\Core\Core\SystemEnvironmentBuilder
Definition: SystemEnvironmentBuilder.php:41
‪TYPO3\CMS\Backend\Tests\Functional\Controller\ResetPasswordControllerTest\initiatePasswordResetPreventsTimeBasedInformationDisclosure
‪initiatePasswordResetPreventsTimeBasedInformationDisclosure()
Definition: ResetPasswordControllerTest.php:136
‪TYPO3\CMS\Backend\Authentication\PasswordReset
Definition: PasswordReset.php:59
‪TYPO3\CMS\Backend\Tests\Functional\Controller\ResetPasswordControllerTest\throwsPropagateResponseExceptionOnLoggedInUser
‪throwsPropagateResponseExceptionOnLoggedInUser()
Definition: ResetPasswordControllerTest.php:88
‪TYPO3\CMS\Backend\Tests\Functional\Controller\ResetPasswordControllerTest\customStylingIsApplied
‪customStylingIsApplied()
Definition: ResetPasswordControllerTest.php:102
‪TYPO3\CMS\Core\Core\SystemEnvironmentBuilder\REQUESTTYPE_BE
‪const REQUESTTYPE_BE
Definition: SystemEnvironmentBuilder.php:45
‪TYPO3\CMS\Core\Localization\Locales
Definition: Locales.php:30
‪TYPO3\CMS\Backend\Tests\Functional\Controller\ResetPasswordControllerTest
Definition: ResetPasswordControllerTest.php:43
‪TYPO3\CMS\Core\Context\Context
Definition: Context.php:53
‪TYPO3\CMS\Backend\Tests\Functional\Controller\ResetPasswordControllerTest\getService
‪mixed object Psr Log LoggerAwareInterface TYPO3 CMS Core SingletonInterface getService(string $service, array $constructorArguments=[])
Definition: ResetPasswordControllerTest.php:180
‪TYPO3\CMS\Backend\Tests\Functional\Controller\ResetPasswordControllerTest\queryArgumentsAreKept
‪queryArgumentsAreKept()
Definition: ResetPasswordControllerTest.php:114
‪TYPO3\CMS\Backend\Tests\Functional\Controller\ResetPasswordControllerTest\initiatePasswordResetValidatesGivenEmailAddress
‪initiatePasswordResetValidatesGivenEmailAddress()
Definition: ResetPasswordControllerTest.php:148
‪TYPO3\CMS\Backend\Tests\Functional\Controller\ResetPasswordControllerTest\$subject
‪ResetPasswordController $subject
Definition: ResetPasswordControllerTest.php:45
‪TYPO3\CMS\Backend\Routing\UriBuilder
Definition: UriBuilder.php:40
‪TYPO3\CMS\Core\Configuration\Features
Definition: Features.php:56
‪TYPO3\CMS\Core\Http\ServerRequest
Definition: ServerRequest.php:37
‪TYPO3\CMS\Core\Authentication\BackendUserAuthentication
Definition: BackendUserAuthentication.php:62
‪TYPO3\CMS\Backend\Tests\Functional\Controller\ResetPasswordControllerTest\$request
‪ServerRequestInterface $request
Definition: ResetPasswordControllerTest.php:46
‪TYPO3\CMS\Backend\Tests\Functional\Controller\ResetPasswordControllerTest\resetPasswordFormUrlContainsQueryParameters
‪resetPasswordFormUrlContainsQueryParameters()
Definition: ResetPasswordControllerTest.php:161
‪TYPO3\CMS\Core\Http\PropagateResponseException
Definition: PropagateResponseException.php:47
‪TYPO3\CMS\Backend\Controller\ResetPasswordController
Definition: ResetPasswordController.php:46
‪TYPO3\CMS\Core\SingletonInterface
Definition: SingletonInterface.php:22
‪$GLOBALS
‪$GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['adminpanel']['modules']
Definition: ext_localconf.php:25
‪TYPO3\CMS\Core\Utility\GeneralUtility
Definition: GeneralUtility.php:50
‪TYPO3\CMS\Backend\Tests\Functional\Controller
Definition: EditDocumentControllerTest.php:18
‪TYPO3\CMS\Core\Context\UserAspect
Definition: UserAspect.php:37
‪TYPO3\CMS\Backend\Tests\Functional\Controller\ResetPasswordControllerTest\setUp
‪setUp()
Definition: ResetPasswordControllerTest.php:56