1020ea9e1SChristopher Smith<?php 2020ea9e1SChristopher Smith 3ccc4c71cSAndreas Gohruse dokuwiki\Input\Input; 4*4bdfdb32SPhyuse dokuwiki\test\mock\AuthDeletePlugin; 5020ea9e1SChristopher Smith 6020ea9e1SChristopher Smithclass auth_deleteprofile_test extends DokuWikiTest { 7020ea9e1SChristopher Smith 8020ea9e1SChristopher Smith /* 9020ea9e1SChristopher Smith * Tests: 10020ea9e1SChristopher Smith * 11020ea9e1SChristopher Smith * 1. It works and the user is logged off 12020ea9e1SChristopher Smith * 2. Password matches when config requires it 13020ea9e1SChristopher Smith * 3,4. Auth plugin can prevent & wiki config can prevent 14020ea9e1SChristopher Smith * 5. Any of invalid security token, missing/not set 'delete' flag, missing/unchecked 'confirm_delete' 15020ea9e1SChristopher Smith * 16020ea9e1SChristopher Smith */ 17020ea9e1SChristopher Smith 18020ea9e1SChristopher Smith function test_success() { 19020ea9e1SChristopher Smith 20020ea9e1SChristopher Smith global $ACT, $INPUT, $conf, $auth; 21020ea9e1SChristopher Smith 22020ea9e1SChristopher Smith $ACT = 'profile_delete'; 23020ea9e1SChristopher Smith $conf['profileconfirm'] = false; 24020ea9e1SChristopher Smith $_SERVER['REMOTE_USER'] = 'testuser'; 25020ea9e1SChristopher Smith 26020ea9e1SChristopher Smith $input = array( 27020ea9e1SChristopher Smith 'do' => $ACT, 28020ea9e1SChristopher Smith 'sectok' => getSecurityToken(), 29020ea9e1SChristopher Smith 'delete' => '1', 30020ea9e1SChristopher Smith 'confirm_delete' => '1', 31020ea9e1SChristopher Smith ); 32020ea9e1SChristopher Smith 33020ea9e1SChristopher Smith $_POST = $input; 34020ea9e1SChristopher Smith $_REQUEST = $input; 35020ea9e1SChristopher Smith $INPUT = new Input(); 36020ea9e1SChristopher Smith 37*4bdfdb32SPhy $auth = new AuthDeletePlugin(); 38020ea9e1SChristopher Smith 39020ea9e1SChristopher Smith $this->assertTrue(auth_deleteprofile()); 40020ea9e1SChristopher Smith $this->assertTrue($auth->loggedOff); 41020ea9e1SChristopher Smith } 42020ea9e1SChristopher Smith 43020ea9e1SChristopher Smith function test_confirmation_required() { 44020ea9e1SChristopher Smith 45020ea9e1SChristopher Smith global $ACT, $INPUT, $conf, $auth; 46020ea9e1SChristopher Smith 47020ea9e1SChristopher Smith $ACT = 'profile_delete'; 48020ea9e1SChristopher Smith $conf['profileconfirm'] = true; 49020ea9e1SChristopher Smith $_SERVER['REMOTE_USER'] = 'testuser'; 50020ea9e1SChristopher Smith 51020ea9e1SChristopher Smith $input = array( 52020ea9e1SChristopher Smith 'do' => $ACT, 53020ea9e1SChristopher Smith 'sectok' => getSecurityToken(), 54020ea9e1SChristopher Smith 'delete' => '1', 55020ea9e1SChristopher Smith 'confirm_delete' => '1', 56020ea9e1SChristopher Smith 'oldpass' => 'wrong', 57020ea9e1SChristopher Smith ); 58020ea9e1SChristopher Smith 59020ea9e1SChristopher Smith $_POST = $input; 60020ea9e1SChristopher Smith $_REQUEST = $input; 61020ea9e1SChristopher Smith $INPUT = new Input(); 62020ea9e1SChristopher Smith 63*4bdfdb32SPhy $auth = new AuthDeletePlugin(); 64020ea9e1SChristopher Smith 65020ea9e1SChristopher Smith // password check required - it fails, so don't delete profile 66020ea9e1SChristopher Smith $this->assertFalse(auth_deleteprofile()); 67020ea9e1SChristopher Smith 68020ea9e1SChristopher Smith // now it passes, we're good to go 69020ea9e1SChristopher Smith $INPUT->set('oldpass','password'); 70020ea9e1SChristopher Smith $INPUT->post->set('oldpass','password'); 71020ea9e1SChristopher Smith $this->assertTrue(auth_deleteprofile()); 72020ea9e1SChristopher Smith } 73020ea9e1SChristopher Smith 74020ea9e1SChristopher Smith function test_authconfig_prevents() { 75020ea9e1SChristopher Smith 76020ea9e1SChristopher Smith global $ACT, $INPUT, $conf, $auth; 77020ea9e1SChristopher Smith 78020ea9e1SChristopher Smith $ACT = 'profile_delete'; 79020ea9e1SChristopher Smith $conf['profileconfirm'] = false; 80020ea9e1SChristopher Smith $_SERVER['REMOTE_USER'] = 'testuser'; 81020ea9e1SChristopher Smith 82020ea9e1SChristopher Smith $input = array( 83020ea9e1SChristopher Smith 'do' => $ACT, 84020ea9e1SChristopher Smith 'sectok' => getSecurityToken(), 85020ea9e1SChristopher Smith 'delete' => '1', 86020ea9e1SChristopher Smith 'confirm_delete' => '1', 87020ea9e1SChristopher Smith ); 88020ea9e1SChristopher Smith 89020ea9e1SChristopher Smith $_POST = $input; 90020ea9e1SChristopher Smith $_REQUEST = $input; 91020ea9e1SChristopher Smith $INPUT = new Input(); 92020ea9e1SChristopher Smith 93*4bdfdb32SPhy $auth = new AuthDeletePlugin(false); 94020ea9e1SChristopher Smith $conf['disableactions'] = ''; 95020ea9e1SChristopher Smith $this->assertFalse(auth_deleteprofile()); 96020ea9e1SChristopher Smith } 97020ea9e1SChristopher Smith 98020ea9e1SChristopher Smith function test_wikiconfig_prevents() { 99020ea9e1SChristopher Smith 100020ea9e1SChristopher Smith global $ACT, $INPUT, $conf, $auth; 101020ea9e1SChristopher Smith 102020ea9e1SChristopher Smith $ACT = 'profile_delete'; 103020ea9e1SChristopher Smith $conf['profileconfirm'] = false; 104020ea9e1SChristopher Smith $_SERVER['REMOTE_USER'] = 'testuser'; 105020ea9e1SChristopher Smith 106020ea9e1SChristopher Smith $input = array( 107020ea9e1SChristopher Smith 'do' => $ACT, 108020ea9e1SChristopher Smith 'sectok' => getSecurityToken(), 109020ea9e1SChristopher Smith 'delete' => '1', 110020ea9e1SChristopher Smith 'confirm_delete' => '1', 111020ea9e1SChristopher Smith ); 112020ea9e1SChristopher Smith 113020ea9e1SChristopher Smith $_POST = $input; 114020ea9e1SChristopher Smith $_REQUEST = $input; 115020ea9e1SChristopher Smith $INPUT = new Input(); 116020ea9e1SChristopher Smith 117*4bdfdb32SPhy $auth = new AuthDeletePlugin(); 118020ea9e1SChristopher Smith $conf['disableactions'] = 'profile_delete'; 119020ea9e1SChristopher Smith 120020ea9e1SChristopher Smith $this->assertFalse(actionOK('profile_delete')); 121020ea9e1SChristopher Smith $this->assertTrue($auth->canDo('delUser')); 122020ea9e1SChristopher Smith 123020ea9e1SChristopher Smith $this->assertFalse(auth_deleteprofile()); 124020ea9e1SChristopher Smith } 125020ea9e1SChristopher Smith 126020ea9e1SChristopher Smith function test_basic_parameters() { 127020ea9e1SChristopher Smith 128020ea9e1SChristopher Smith global $ACT, $INPUT, $conf, $auth; 129020ea9e1SChristopher Smith 130020ea9e1SChristopher Smith $ACT = 'profile_delete'; 131020ea9e1SChristopher Smith $conf['profileconfirm'] = true; 132020ea9e1SChristopher Smith $_SERVER['REMOTE_USER'] = 'testuser'; 133020ea9e1SChristopher Smith 134020ea9e1SChristopher Smith $input = array( 135020ea9e1SChristopher Smith 'do' => $ACT, 136020ea9e1SChristopher Smith 'sectok' => getSecurityToken(), 137020ea9e1SChristopher Smith 'delete' => '1', 138020ea9e1SChristopher Smith 'confirm_delete' => '1', 139020ea9e1SChristopher Smith 'oldpass' => 'password', 140020ea9e1SChristopher Smith ); 141020ea9e1SChristopher Smith 142020ea9e1SChristopher Smith $_POST = $input; 143020ea9e1SChristopher Smith $_REQUEST = $input; 144020ea9e1SChristopher Smith $input_foundation = new Input(); 145020ea9e1SChristopher Smith 146*4bdfdb32SPhy $auth = new AuthDeletePlugin(); 147020ea9e1SChristopher Smith 148020ea9e1SChristopher Smith $INPUT = clone $input_foundation; 149020ea9e1SChristopher Smith $INPUT->remove('delete'); 150020ea9e1SChristopher Smith $this->assertFalse(auth_deleteprofile()); 151020ea9e1SChristopher Smith 152020ea9e1SChristopher Smith $INPUT = clone $input_foundation; 153020ea9e1SChristopher Smith $INPUT->set('sectok','wrong'); 154020ea9e1SChristopher Smith $this->assertFalse(auth_deleteprofile()); 155020ea9e1SChristopher Smith 156020ea9e1SChristopher Smith $INPUT = clone $input_foundation; 157020ea9e1SChristopher Smith $INPUT->remove('confirm_delete'); 158020ea9e1SChristopher Smith $this->assertFalse(auth_deleteprofile()); 159020ea9e1SChristopher Smith } 160020ea9e1SChristopher Smith} 161