TYPO3 CMS  TYPO3_6-2
FrontendLoginControllerTest.php
Go to the documentation of this file.
1 <?php
2 namespace TYPO3\CMS\Felogin\Tests\Unit\Controller;
3 
22 class FrontendLoginTest extends \TYPO3\CMS\Core\Tests\UnitTestCase {
23 
27  protected $accessibleFixture;
28 
32  protected $testHostName;
33 
37  protected $testSitePath;
38 
42  protected $testTableName;
43 
47  public function setUp() {
48  $this->testTableName = 'sys_domain';
49  $this->testHostName = 'hostname.tld';
50  $this->testSitePath = '/';
51  $this->accessibleFixture = $this->getAccessibleMock('TYPO3\\CMS\\Felogin\\Controller\\FrontendLoginController', array('dummy'));
52  $this->accessibleFixture->cObj = $this->getMock('TYPO3\\CMS\\Frontend\\ContentObject\\ContentObjectRenderer');
53  $GLOBALS['TSFE'] = $this->getMock('TYPO3\\CMS\\Frontend\\Controller\\TypoScriptFrontendController', array(), array(), '', FALSE);
54  $this->setUpFakeSitePathAndHost();
55  }
56 
60  protected function setUpFakeSitePathAndHost() {
61  $_SERVER['ORIG_PATH_INFO'] = $_SERVER['PATH_INFO'] = $_SERVER['ORIG_SCRIPT_NAME'] = $_SERVER['SCRIPT_NAME'] = $this->testSitePath . TYPO3_mainDir;
62  $_SERVER['HTTP_HOST'] = $this->testHostName;
63  }
64 
68  protected function setUpDatabaseMock() {
69  $GLOBALS['TYPO3_DB'] = $this->getMock('TYPO3\\CMS\\Core\\Database\\DatabaseConnection', array('exec_SELECTgetRows'));
70  $GLOBALS['TYPO3_DB']
71  ->expects($this->any())
72  ->method('exec_SELECTgetRows')
73  ->will($this->returnCallback(array($this, 'getDomainRecordsCallback')));
74  }
75 
86  public function getDomainRecordsCallback($fields, $table, $where) {
87  if ($table !== $this->testTableName) {
88  return FALSE;
89  }
90  return array(
91  array('domainName' => 'domainhostname.tld'),
92  array('domainName' => 'otherhostname.tld/path'),
93  array('domainName' => 'sub.domainhostname.tld/path/')
94  );
95  }
96 
100  public function typo3SitePathEqualsStubSitePath() {
101  $this->assertEquals(\TYPO3\CMS\Core\Utility\GeneralUtility::getIndpEnv('TYPO3_SITE_PATH'), $this->testSitePath);
102  }
103 
107  public function typo3SiteUrlEqualsStubSiteUrl() {
108  $this->assertEquals(\TYPO3\CMS\Core\Utility\GeneralUtility::getIndpEnv('TYPO3_SITE_URL'), ('http://' . $this->testHostName) . $this->testSitePath);
109  }
110 
114  public function typo3SitePathEqualsStubSitePathAfterChangingInTest() {
115  $this->testHostName = 'somenewhostname.com';
116  $this->testSitePath = '/somenewpath/';
117  $this->setUpFakeSitePathAndHost();
118  $this->assertEquals(\TYPO3\CMS\Core\Utility\GeneralUtility::getIndpEnv('TYPO3_SITE_PATH'), $this->testSitePath);
119  }
120 
124  public function typo3SiteUrlEqualsStubSiteUrlAfterChangingInTest() {
125  $this->testHostName = 'somenewhostname.com';
126  $this->testSitePath = '/somenewpath/';
127  $this->setUpFakeSitePathAndHost();
128  $this->assertEquals(\TYPO3\CMS\Core\Utility\GeneralUtility::getIndpEnv('TYPO3_SITE_URL'), ('http://' . $this->testHostName) . $this->testSitePath);
129  }
130 
136  public function validateRedirectUrlClearsUrlDataProvider() {
137  return array(
138  'absolute URL, hostname not in sys_domain, trailing slash' => array('http://badhost.tld/'),
139  'absolute URL, hostname not in sys_domain, no trailing slash' => array('http://badhost.tld'),
140  'absolute URL, subdomain in sys_domain, but main domain not, trailing slash' => array('http://domainhostname.tld.badhost.tld/'),
141  'absolute URL, subdomain in sys_domain, but main domain not, no trailing slash' => array('http://domainhostname.tld.badhost.tld'),
142  'non http absolute URL 1' => array('its://domainhostname.tld/itunes/'),
143  'non http absolute URL 2' => array('ftp://domainhostname.tld/download/'),
144  'XSS attempt 1' => array('javascript:alert(123)'),
145  'XSS attempt 2' => array('" onmouseover="alert(123)"'),
146  'invalid URL, HTML break out attempt' => array('" >blabuubb'),
147  'invalid URL, UNC path' => array('\\\\foo\\bar\\'),
148  'invalid URL, backslashes in path' => array('http://domainhostname.tld\\bla\\blupp'),
149  'invalid URL, linefeed in path' => array('http://domainhostname.tld/bla/blupp' . LF),
150  'invalid URL, only one slash after scheme' => array('http:/domainhostname.tld/bla/blupp'),
151  'invalid URL, illegal chars' => array('http://(<>domainhostname).tld/bla/blupp'),
152  );
153  }
154 
160  public function validateRedirectUrlClearsUrl($url) {
161  $this->setUpDatabaseMock();
162  $this->assertEquals('', $this->accessibleFixture->_call('validateRedirectUrl', $url));
163  }
164 
170  public function validateRedirectUrlKeepsCleanUrlDataProvider() {
171  return array(
172  'sane absolute URL' => array('http://domainhostname.tld/'),
173  'sane absolute URL with script' => array('http://domainhostname.tld/index.php?id=1'),
174  'sane absolute URL with realurl' => array('http://domainhostname.tld/foo/bar/foo.html'),
175  'sane absolute URL with homedir' => array('http://domainhostname.tld/~user/'),
176  'sane absolute URL with some strange chars encoded' => array('http://domainhostname.tld/~user/a%cc%88o%cc%88%c3%9fa%cc%82/foo.html'),
177  'sane absolute URL (domain record with path)' => array('http://otherhostname.tld/path/'),
178  'sane absolute URL with script (domain record with path)' => array('http://otherhostname.tld/path/index.php?id=1'),
179  'sane absolute URL with realurl (domain record with path)' => array('http://otherhostname.tld/path/foo/bar/foo.html'),
180  'sane absolute URL (domain record with path and slash)' => array('http://sub.domainhostname.tld/path/'),
181  'sane absolute URL with script (domain record with path slash)' => array('http://sub.domainhostname.tld/path/index.php?id=1'),
182  'sane absolute URL with realurl (domain record with path slash)' => array('http://sub.domainhostname.tld/path/foo/bar/foo.html'),
183  'relative URL, no leading slash 1' => array('index.php?id=1'),
184  'relative URL, no leading slash 2' => array('foo/bar/index.php?id=2'),
185  'relative URL, leading slash, no realurl' => array('/index.php?id=1'),
186  'relative URL, leading slash, realurl' => array('/de/service/imprint.html'),
187  );
188  }
189 
195  public function validateRedirectUrlKeepsCleanUrl($url) {
196  $this->setUpDatabaseMock();
197  $this->assertEquals($url, $this->accessibleFixture->_call('validateRedirectUrl', $url));
198  }
199 
205  public function validateRedirectUrlClearsInvalidUrlInSubdirectoryDataProvider() {
206  return array(
207  'absolute URL, missing subdirectory' => array('http://hostname.tld/'),
208  'absolute URL, wrong subdirectory' => array('http://hostname.tld/hacker/index.php'),
209  'absolute URL, correct subdirectory, no trailing slash' => array('http://hostname.tld/subdir'),
210  'absolute URL, correct subdirectory of sys_domain record, no trailing slash' => array('http://otherhostname.tld/path'),
211  'absolute URL, correct subdirectory of sys_domain record, no trailing slash, subdomain' => array('http://sub.domainhostname.tld/path'),
212  'relative URL, leading slash, no path' => array('/index.php?id=1'),
213  'relative URL, leading slash, wrong path' => array('/de/sub/site.html'),
214  'relative URL, leading slash, slash only' => array('/'),
215  );
216  }
217 
223  public function validateRedirectUrlClearsInvalidUrlInSubdirectory($url) {
224  $this->testSitePath = '/subdir/';
225  $this->setUpFakeSitePathAndHost();
226  $this->setUpDatabaseMock();
227  $this->assertEquals('', $this->accessibleFixture->_call('validateRedirectUrl', $url));
228  }
229 
235  public function validateRedirectUrlKeepsCleanUrlInSubdirectoryDataProvider() {
236  return array(
237  'absolute URL, correct subdirectory' => array('http://hostname.tld/subdir/'),
238  'absolute URL, correct subdirectory, realurl' => array('http://hostname.tld/subdir/de/imprint.html'),
239  'absolute URL, correct subdirectory, no realurl' => array('http://hostname.tld/subdir/index.php?id=10'),
240  'absolute URL, correct subdirectory of sys_domain record' => array('http://otherhostname.tld/path/'),
241  'absolute URL, correct subdirectory of sys_domain record, subdomain' => array('http://sub.domainhostname.tld/path/'),
242  'relative URL, no leading slash, realurl' => array('de/service/imprint.html'),
243  'relative URL, no leading slash, no realurl' => array('index.php?id=1'),
244  'relative nested URL, no leading slash, no realurl' => array('foo/bar/index.php?id=2')
245  );
246  }
247 
253  public function validateRedirectUrlKeepsCleanUrlInSubdirectory($url) {
254  $this->testSitePath = '/subdir/';
255  $this->setUpFakeSitePathAndHost();
256  $this->setUpDatabaseMock();
257  $this->assertEquals($url, $this->accessibleFixture->_call('validateRedirectUrl', $url));
258  }
259 
260 
261  /*************************
262  * Test concerning getPreverveGetVars
263  *************************/
264 
268  public function getPreserveGetVarsReturnsCorrectResultDataProvider() {
269  return array(
270  'special get var id is not preserved' => array(
271  array(
272  'id' => 42,
273  ),
274  '',
275  '',
276  ),
277  'simple additional parameter is not preserved if not specified in preservedGETvars' => array(
278  array(
279  'id' => 42,
280  'special' => 23,
281  ),
282  '',
283  '',
284  ),
285  'all params except ignored ones are preserved if preservedGETvars is set to "all"' => array(
286  array(
287  'id' => 42,
288  'special1' => 23,
289  'special2' => array(
290  'foo' => 'bar',
291  ),
292  'tx_felogin_pi1' => array(
293  'forgot' => 1,
294  ),
295  ),
296  'all',
297  '&special1=23&special2[foo]=bar',
298  ),
299  'preserve single parameter' => array(
300  array(
301  'L' => 42,
302  ),
303  'L',
304  '&L=42'
305  ),
306  'preserve whole parameter array' => array(
307  array(
308  'L' => 3,
309  'tx_someext' => array(
310  'foo' => 'simple',
311  'bar' => array(
312  'baz' => 'simple',
313  ),
314  ),
315  ),
316  'L,tx_someext',
317  '&L=3&tx_someext[foo]=simple&tx_someext[bar][baz]=simple',
318  ),
319  'preserve part of sub array' => array(
320  array(
321  'L' => 3,
322  'tx_someext' => array(
323  'foo' => 'simple',
324  'bar' => array(
325  'baz' => 'simple',
326  ),
327  ),
328  ),
329  'L,tx_someext[bar]',
330  '&L=3&tx_someext[bar][baz]=simple',
331  ),
332  'preserve keys on different levels' => array(
333  array(
334  'L' => 3,
335  'no-preserve' => 'whatever',
336  'tx_ext2' => array(
337  'foo' => 'simple',
338  ),
339  'tx_ext3' => array(
340  'bar' => array(
341  'baz' => 'simple',
342  ),
343  'go-away' => '',
344  ),
345  ),
346  'L,tx_ext2,tx_ext3[bar]',
347  '&L=3&tx_ext2[foo]=simple&tx_ext3[bar][baz]=simple',
348  ),
349  'preserved value that does not exist in get' => array(
350  array(),
351  'L,foo[bar]',
352  ''
353  ),
354  'url params are encoded' => array(
355  array('tx_ext1' => 'param with spaces and \\ %<>& /'),
356  'L,tx_ext1',
357  '&tx_ext1=param%20with%20spaces%20and%20%20%25%3C%3E%26%20%2F'
358  ),
359  );
360  }
361 
370  public function getPreserveGetVarsReturnsCorrectResult(array $getArray, $preserveVars, $expected) {
371  $_GET = $getArray;
372  $this->accessibleFixture->conf['preserveGETvars'] = $preserveVars;
373  $this->assertSame($expected, $this->accessibleFixture->_call('getPreserveGetVars'));
374  }
375 
376 
377  /**************************************************
378  * Tests concerning isInLocalDomain
379  **************************************************/
380 
386  public function isInCurrentDomainIgnoresSchemeDataProvider() {
387  return array(
388  'url https, current host http' => array(
389  'example.com', // HTTP_HOST
390  '0', // HTTPS
391  'https://example.com/foo.html' // URL
392  ),
393  'url http, current host https' => array(
394  'example.com',
395  '1',
396  'http://example.com/foo.html'
397  ),
398  'url https, current host https' => array(
399  'example.com',
400  '1',
401  'https://example.com/foo.html'
402  ),
403  'url http, current host http' => array(
404  'example.com',
405  '0',
406  'http://example.com/foo.html'
407  )
408  );
409  }
410 
418  public function isInCurrentDomainIgnoresScheme($host, $https, $url) {
419  $_SERVER['HTTP_HOST'] = $host;
420  $_SERVER['HTTPS'] = $https;
421  $this->assertTrue($this->accessibleFixture->_call('isInCurrentDomain', $url));
422  }
423 
427  public function isInCurrentDomainReturnsFalseIfDomainsAreDifferentDataProvider() {
428  return array(
429  'simple difference' => array(
430  'example.com', // HTTP_HOST
431  'http://typo3.org/foo.html' // URL
432  ),
433  'subdomain different' => array(
434  'example.com',
435  'http://foo.example.com/bar.html'
436  )
437  );
438  }
439 
446  public function isInCurrentDomainReturnsFalseIfDomainsAreDifferent($host, $url) {
447  $_SERVER['HTTP_HOST'] = $host;
448  $this->assertFalse($this->accessibleFixture->_call('isInCurrentDomain', $url));
449  }
450 
454  public function processRedirectReferrerDomainsMatchesDomains() {
455  $conf = array(
456  'redirectMode' => 'refererDomains',
457  'domains' => 'example.com'
458  );
459 
460  $this->accessibleFixture->_set('conf', $conf);
461  $this->accessibleFixture->_set('logintype', 'login');
462  $this->accessibleFixture->_set('referer', 'http://www.example.com/snafu');
463  $GLOBALS['TSFE']->loginUser = TRUE;
464  $this->assertSame(array('http://www.example.com/snafu'), $this->accessibleFixture->_call('processRedirect'));
465  }
466 
467 }
TYPO3\CMS\Felogin\Tests\Unit\Controller\FrontendLoginTest\getPreserveGetVarsReturnsCorrectResult
getPreserveGetVarsReturnsCorrectResult(array $getArray, $preserveVars, $expected)
Definition: FrontendLoginControllerTest.php:370
TYPO3\CMS\Core\Tests\BaseTestCase\getAccessibleMock
getAccessibleMock( $originalClassName, array $methods=array(), array $arguments=array(), $mockClassName='', $callOriginalConstructor=TRUE, $callOriginalClone=TRUE, $callAutoload=TRUE)
Definition: BaseTestCase.php:56
$host
$host
Definition: server.php:35
$GLOBALS
if(!defined('TYPO3_MODE')) $GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['t3lib/class.t3lib_userauth.php']['logoff_pre_processing'][]
Definition: ext_localconf.php:5