1*020ea9e1SChristopher Smith<?php 2*020ea9e1SChristopher Smith 3*020ea9e1SChristopher Smithclass Mock_Auth_Plugin extends DokuWiki_Auth_Plugin { 4*020ea9e1SChristopher Smith 5*020ea9e1SChristopher Smith public $loggedOff = false; 6*020ea9e1SChristopher Smith 7*020ea9e1SChristopher Smith public function __construct($canDeleteUser = true) { 8*020ea9e1SChristopher Smith $this->cando['delUser'] = $canDeleteUser; 9*020ea9e1SChristopher Smith } 10*020ea9e1SChristopher Smith 11*020ea9e1SChristopher Smith public function checkPass($user, $pass) { 12*020ea9e1SChristopher Smith return $pass == 'password'; 13*020ea9e1SChristopher Smith } 14*020ea9e1SChristopher Smith 15*020ea9e1SChristopher Smith public function deleteUsers($users) { 16*020ea9e1SChristopher Smith return in_array($_SERVER['REMOTE_USER'], $users); 17*020ea9e1SChristopher Smith } 18*020ea9e1SChristopher Smith 19*020ea9e1SChristopher Smith public function logoff() { 20*020ea9e1SChristopher Smith $this->loggedOff = true; 21*020ea9e1SChristopher Smith } 22*020ea9e1SChristopher Smith 23*020ea9e1SChristopher Smith} 24*020ea9e1SChristopher Smith 25*020ea9e1SChristopher Smithclass auth_deleteprofile_test extends DokuWikiTest { 26*020ea9e1SChristopher Smith 27*020ea9e1SChristopher Smith /* 28*020ea9e1SChristopher Smith * Tests: 29*020ea9e1SChristopher Smith * 30*020ea9e1SChristopher Smith * 1. It works and the user is logged off 31*020ea9e1SChristopher Smith * 2. Password matches when config requires it 32*020ea9e1SChristopher Smith * 3,4. Auth plugin can prevent & wiki config can prevent 33*020ea9e1SChristopher Smith * 5. Any of invalid security token, missing/not set 'delete' flag, missing/unchecked 'confirm_delete' 34*020ea9e1SChristopher Smith * 35*020ea9e1SChristopher Smith */ 36*020ea9e1SChristopher Smith 37*020ea9e1SChristopher Smith function test_success() { 38*020ea9e1SChristopher Smith 39*020ea9e1SChristopher Smith global $ACT, $INPUT, $conf, $auth; 40*020ea9e1SChristopher Smith 41*020ea9e1SChristopher Smith $ACT = 'profile_delete'; 42*020ea9e1SChristopher Smith $conf['profileconfirm'] = false; 43*020ea9e1SChristopher Smith $_SERVER['REMOTE_USER'] = 'testuser'; 44*020ea9e1SChristopher Smith 45*020ea9e1SChristopher Smith $input = array( 46*020ea9e1SChristopher Smith 'do' => $ACT, 47*020ea9e1SChristopher Smith 'sectok' => getSecurityToken(), 48*020ea9e1SChristopher Smith 'delete' => '1', 49*020ea9e1SChristopher Smith 'confirm_delete' => '1', 50*020ea9e1SChristopher Smith ); 51*020ea9e1SChristopher Smith 52*020ea9e1SChristopher Smith $_POST = $input; 53*020ea9e1SChristopher Smith $_REQUEST = $input; 54*020ea9e1SChristopher Smith $INPUT = new Input(); 55*020ea9e1SChristopher Smith 56*020ea9e1SChristopher Smith $auth = new Mock_Auth_Plugin(); 57*020ea9e1SChristopher Smith 58*020ea9e1SChristopher Smith $this->assertTrue(auth_deleteprofile()); 59*020ea9e1SChristopher Smith $this->assertTrue($auth->loggedOff); 60*020ea9e1SChristopher Smith } 61*020ea9e1SChristopher Smith 62*020ea9e1SChristopher Smith function test_confirmation_required() { 63*020ea9e1SChristopher Smith 64*020ea9e1SChristopher Smith global $ACT, $INPUT, $conf, $auth; 65*020ea9e1SChristopher Smith 66*020ea9e1SChristopher Smith $ACT = 'profile_delete'; 67*020ea9e1SChristopher Smith $conf['profileconfirm'] = true; 68*020ea9e1SChristopher Smith $_SERVER['REMOTE_USER'] = 'testuser'; 69*020ea9e1SChristopher Smith 70*020ea9e1SChristopher Smith $input = array( 71*020ea9e1SChristopher Smith 'do' => $ACT, 72*020ea9e1SChristopher Smith 'sectok' => getSecurityToken(), 73*020ea9e1SChristopher Smith 'delete' => '1', 74*020ea9e1SChristopher Smith 'confirm_delete' => '1', 75*020ea9e1SChristopher Smith 'oldpass' => 'wrong', 76*020ea9e1SChristopher Smith ); 77*020ea9e1SChristopher Smith 78*020ea9e1SChristopher Smith $_POST = $input; 79*020ea9e1SChristopher Smith $_REQUEST = $input; 80*020ea9e1SChristopher Smith $INPUT = new Input(); 81*020ea9e1SChristopher Smith 82*020ea9e1SChristopher Smith $auth = new Mock_Auth_Plugin(); 83*020ea9e1SChristopher Smith 84*020ea9e1SChristopher Smith // password check required - it fails, so don't delete profile 85*020ea9e1SChristopher Smith $this->assertFalse(auth_deleteprofile()); 86*020ea9e1SChristopher Smith 87*020ea9e1SChristopher Smith // now it passes, we're good to go 88*020ea9e1SChristopher Smith $INPUT->set('oldpass','password'); 89*020ea9e1SChristopher Smith $INPUT->post->set('oldpass','password'); 90*020ea9e1SChristopher Smith $this->assertTrue(auth_deleteprofile()); 91*020ea9e1SChristopher Smith } 92*020ea9e1SChristopher Smith 93*020ea9e1SChristopher Smith function test_authconfig_prevents() { 94*020ea9e1SChristopher Smith 95*020ea9e1SChristopher Smith global $ACT, $INPUT, $conf, $auth; 96*020ea9e1SChristopher Smith 97*020ea9e1SChristopher Smith $ACT = 'profile_delete'; 98*020ea9e1SChristopher Smith $conf['profileconfirm'] = false; 99*020ea9e1SChristopher Smith $_SERVER['REMOTE_USER'] = 'testuser'; 100*020ea9e1SChristopher Smith 101*020ea9e1SChristopher Smith $input = array( 102*020ea9e1SChristopher Smith 'do' => $ACT, 103*020ea9e1SChristopher Smith 'sectok' => getSecurityToken(), 104*020ea9e1SChristopher Smith 'delete' => '1', 105*020ea9e1SChristopher Smith 'confirm_delete' => '1', 106*020ea9e1SChristopher Smith ); 107*020ea9e1SChristopher Smith 108*020ea9e1SChristopher Smith $_POST = $input; 109*020ea9e1SChristopher Smith $_REQUEST = $input; 110*020ea9e1SChristopher Smith $INPUT = new Input(); 111*020ea9e1SChristopher Smith 112*020ea9e1SChristopher Smith $auth = new Mock_Auth_Plugin(false); 113*020ea9e1SChristopher Smith $conf['disableactions'] = ''; 114*020ea9e1SChristopher Smith $this->assertFalse(auth_deleteprofile()); 115*020ea9e1SChristopher Smith } 116*020ea9e1SChristopher Smith 117*020ea9e1SChristopher Smith function test_wikiconfig_prevents() { 118*020ea9e1SChristopher Smith 119*020ea9e1SChristopher Smith global $ACT, $INPUT, $conf, $auth; 120*020ea9e1SChristopher Smith 121*020ea9e1SChristopher Smith $ACT = 'profile_delete'; 122*020ea9e1SChristopher Smith $conf['profileconfirm'] = false; 123*020ea9e1SChristopher Smith $_SERVER['REMOTE_USER'] = 'testuser'; 124*020ea9e1SChristopher Smith 125*020ea9e1SChristopher Smith $input = array( 126*020ea9e1SChristopher Smith 'do' => $ACT, 127*020ea9e1SChristopher Smith 'sectok' => getSecurityToken(), 128*020ea9e1SChristopher Smith 'delete' => '1', 129*020ea9e1SChristopher Smith 'confirm_delete' => '1', 130*020ea9e1SChristopher Smith ); 131*020ea9e1SChristopher Smith 132*020ea9e1SChristopher Smith $_POST = $input; 133*020ea9e1SChristopher Smith $_REQUEST = $input; 134*020ea9e1SChristopher Smith $INPUT = new Input(); 135*020ea9e1SChristopher Smith 136*020ea9e1SChristopher Smith $auth = new Mock_Auth_Plugin(); 137*020ea9e1SChristopher Smith $conf['disableactions'] = 'profile_delete'; 138*020ea9e1SChristopher Smith 139*020ea9e1SChristopher Smith $this->assertFalse(actionOK('profile_delete')); 140*020ea9e1SChristopher Smith $this->assertTrue($auth->canDo('delUser')); 141*020ea9e1SChristopher Smith 142*020ea9e1SChristopher Smith $this->assertFalse(auth_deleteprofile()); 143*020ea9e1SChristopher Smith } 144*020ea9e1SChristopher Smith 145*020ea9e1SChristopher Smith function test_basic_parameters() { 146*020ea9e1SChristopher Smith 147*020ea9e1SChristopher Smith global $ACT, $INPUT, $conf, $auth; 148*020ea9e1SChristopher Smith 149*020ea9e1SChristopher Smith $ACT = 'profile_delete'; 150*020ea9e1SChristopher Smith $conf['profileconfirm'] = true; 151*020ea9e1SChristopher Smith $_SERVER['REMOTE_USER'] = 'testuser'; 152*020ea9e1SChristopher Smith 153*020ea9e1SChristopher Smith $input = array( 154*020ea9e1SChristopher Smith 'do' => $ACT, 155*020ea9e1SChristopher Smith 'sectok' => getSecurityToken(), 156*020ea9e1SChristopher Smith 'delete' => '1', 157*020ea9e1SChristopher Smith 'confirm_delete' => '1', 158*020ea9e1SChristopher Smith 'oldpass' => 'password', 159*020ea9e1SChristopher Smith ); 160*020ea9e1SChristopher Smith 161*020ea9e1SChristopher Smith $_POST = $input; 162*020ea9e1SChristopher Smith $_REQUEST = $input; 163*020ea9e1SChristopher Smith $input_foundation = new Input(); 164*020ea9e1SChristopher Smith 165*020ea9e1SChristopher Smith $auth = new Mock_Auth_Plugin(); 166*020ea9e1SChristopher Smith 167*020ea9e1SChristopher Smith $INPUT = clone $input_foundation; 168*020ea9e1SChristopher Smith $INPUT->remove('delete'); 169*020ea9e1SChristopher Smith $this->assertFalse(auth_deleteprofile()); 170*020ea9e1SChristopher Smith 171*020ea9e1SChristopher Smith $INPUT = clone $input_foundation; 172*020ea9e1SChristopher Smith $INPUT->set('sectok','wrong'); 173*020ea9e1SChristopher Smith $this->assertFalse(auth_deleteprofile()); 174*020ea9e1SChristopher Smith 175*020ea9e1SChristopher Smith $INPUT = clone $input_foundation; 176*020ea9e1SChristopher Smith $INPUT->remove('confirm_delete'); 177*020ea9e1SChristopher Smith $this->assertFalse(auth_deleteprofile()); 178*020ea9e1SChristopher Smith } 179*020ea9e1SChristopher Smith}