1<?php 2 3use dokuwiki\Input\Input; 4use dokuwiki\test\mock\AuthDeletePlugin; 5 6class auth_deleteprofile_test extends DokuWikiTest { 7 8 /* 9 * Tests: 10 * 11 * 1. It works and the user is logged off 12 * 2. Password matches when config requires it 13 * 3,4. Auth plugin can prevent & wiki config can prevent 14 * 5. Any of invalid security token, missing/not set 'delete' flag, missing/unchecked 'confirm_delete' 15 * 16 */ 17 18 function test_success() { 19 20 global $ACT, $INPUT, $conf, $auth; 21 22 $ACT = 'profile_delete'; 23 $conf['profileconfirm'] = false; 24 $_SERVER['REMOTE_USER'] = 'testuser'; 25 26 $input = array( 27 'do' => $ACT, 28 'sectok' => getSecurityToken(), 29 'delete' => '1', 30 'confirm_delete' => '1', 31 ); 32 33 $_POST = $input; 34 $_REQUEST = $input; 35 $INPUT = new Input(); 36 37 $auth = new AuthDeletePlugin(); 38 39 $this->assertTrue(auth_deleteprofile()); 40 $this->assertTrue($auth->loggedOff); 41 } 42 43 function test_confirmation_required() { 44 45 global $ACT, $INPUT, $conf, $auth; 46 47 $ACT = 'profile_delete'; 48 $conf['profileconfirm'] = true; 49 $_SERVER['REMOTE_USER'] = 'testuser'; 50 51 $input = array( 52 'do' => $ACT, 53 'sectok' => getSecurityToken(), 54 'delete' => '1', 55 'confirm_delete' => '1', 56 'oldpass' => 'wrong', 57 ); 58 59 $_POST = $input; 60 $_REQUEST = $input; 61 $INPUT = new Input(); 62 63 $auth = new AuthDeletePlugin(); 64 65 // password check required - it fails, so don't delete profile 66 $this->assertFalse(auth_deleteprofile()); 67 68 // now it passes, we're good to go 69 $INPUT->set('oldpass','password'); 70 $INPUT->post->set('oldpass','password'); 71 $this->assertTrue(auth_deleteprofile()); 72 } 73 74 function test_authconfig_prevents() { 75 76 global $ACT, $INPUT, $conf, $auth; 77 78 $ACT = 'profile_delete'; 79 $conf['profileconfirm'] = false; 80 $_SERVER['REMOTE_USER'] = 'testuser'; 81 82 $input = array( 83 'do' => $ACT, 84 'sectok' => getSecurityToken(), 85 'delete' => '1', 86 'confirm_delete' => '1', 87 ); 88 89 $_POST = $input; 90 $_REQUEST = $input; 91 $INPUT = new Input(); 92 93 $auth = new AuthDeletePlugin(false); 94 $conf['disableactions'] = ''; 95 $this->assertFalse(auth_deleteprofile()); 96 } 97 98 function test_wikiconfig_prevents() { 99 100 global $ACT, $INPUT, $conf, $auth; 101 102 $ACT = 'profile_delete'; 103 $conf['profileconfirm'] = false; 104 $_SERVER['REMOTE_USER'] = 'testuser'; 105 106 $input = array( 107 'do' => $ACT, 108 'sectok' => getSecurityToken(), 109 'delete' => '1', 110 'confirm_delete' => '1', 111 ); 112 113 $_POST = $input; 114 $_REQUEST = $input; 115 $INPUT = new Input(); 116 117 $auth = new AuthDeletePlugin(); 118 $conf['disableactions'] = 'profile_delete'; 119 120 $this->assertFalse(actionOK('profile_delete')); 121 $this->assertTrue($auth->canDo('delUser')); 122 123 $this->assertFalse(auth_deleteprofile()); 124 } 125 126 function test_basic_parameters() { 127 128 global $ACT, $INPUT, $conf, $auth; 129 130 $ACT = 'profile_delete'; 131 $conf['profileconfirm'] = true; 132 $_SERVER['REMOTE_USER'] = 'testuser'; 133 134 $input = array( 135 'do' => $ACT, 136 'sectok' => getSecurityToken(), 137 'delete' => '1', 138 'confirm_delete' => '1', 139 'oldpass' => 'password', 140 ); 141 142 $_POST = $input; 143 $_REQUEST = $input; 144 $input_foundation = new Input(); 145 146 $auth = new AuthDeletePlugin(); 147 148 $INPUT = clone $input_foundation; 149 $INPUT->remove('delete'); 150 $this->assertFalse(auth_deleteprofile()); 151 152 $INPUT = clone $input_foundation; 153 $INPUT->set('sectok','wrong'); 154 $this->assertFalse(auth_deleteprofile()); 155 156 $INPUT = clone $input_foundation; 157 $INPUT->remove('confirm_delete'); 158 $this->assertFalse(auth_deleteprofile()); 159 } 160} 161