1020ea9e1SChristopher Smith<?php 2020ea9e1SChristopher Smith 3*ccc4c71cSAndreas Gohruse dokuwiki\Input\Input; 4*ccc4c71cSAndreas Gohr 5020ea9e1SChristopher Smithclass Mock_Auth_Plugin extends DokuWiki_Auth_Plugin { 6020ea9e1SChristopher Smith 7020ea9e1SChristopher Smith public $loggedOff = false; 8020ea9e1SChristopher Smith 9020ea9e1SChristopher Smith public function __construct($canDeleteUser = true) { 10020ea9e1SChristopher Smith $this->cando['delUser'] = $canDeleteUser; 11020ea9e1SChristopher Smith } 12020ea9e1SChristopher Smith 13020ea9e1SChristopher Smith public function checkPass($user, $pass) { 14020ea9e1SChristopher Smith return $pass == 'password'; 15020ea9e1SChristopher Smith } 16020ea9e1SChristopher Smith 17020ea9e1SChristopher Smith public function deleteUsers($users) { 18020ea9e1SChristopher Smith return in_array($_SERVER['REMOTE_USER'], $users); 19020ea9e1SChristopher Smith } 20020ea9e1SChristopher Smith 21020ea9e1SChristopher Smith public function logoff() { 22020ea9e1SChristopher Smith $this->loggedOff = true; 23020ea9e1SChristopher Smith } 24020ea9e1SChristopher Smith 25020ea9e1SChristopher Smith} 26020ea9e1SChristopher Smith 27020ea9e1SChristopher Smithclass auth_deleteprofile_test extends DokuWikiTest { 28020ea9e1SChristopher Smith 29020ea9e1SChristopher Smith /* 30020ea9e1SChristopher Smith * Tests: 31020ea9e1SChristopher Smith * 32020ea9e1SChristopher Smith * 1. It works and the user is logged off 33020ea9e1SChristopher Smith * 2. Password matches when config requires it 34020ea9e1SChristopher Smith * 3,4. Auth plugin can prevent & wiki config can prevent 35020ea9e1SChristopher Smith * 5. Any of invalid security token, missing/not set 'delete' flag, missing/unchecked 'confirm_delete' 36020ea9e1SChristopher Smith * 37020ea9e1SChristopher Smith */ 38020ea9e1SChristopher Smith 39020ea9e1SChristopher Smith function test_success() { 40020ea9e1SChristopher Smith 41020ea9e1SChristopher Smith global $ACT, $INPUT, $conf, $auth; 42020ea9e1SChristopher Smith 43020ea9e1SChristopher Smith $ACT = 'profile_delete'; 44020ea9e1SChristopher Smith $conf['profileconfirm'] = false; 45020ea9e1SChristopher Smith $_SERVER['REMOTE_USER'] = 'testuser'; 46020ea9e1SChristopher Smith 47020ea9e1SChristopher Smith $input = array( 48020ea9e1SChristopher Smith 'do' => $ACT, 49020ea9e1SChristopher Smith 'sectok' => getSecurityToken(), 50020ea9e1SChristopher Smith 'delete' => '1', 51020ea9e1SChristopher Smith 'confirm_delete' => '1', 52020ea9e1SChristopher Smith ); 53020ea9e1SChristopher Smith 54020ea9e1SChristopher Smith $_POST = $input; 55020ea9e1SChristopher Smith $_REQUEST = $input; 56020ea9e1SChristopher Smith $INPUT = new Input(); 57020ea9e1SChristopher Smith 58020ea9e1SChristopher Smith $auth = new Mock_Auth_Plugin(); 59020ea9e1SChristopher Smith 60020ea9e1SChristopher Smith $this->assertTrue(auth_deleteprofile()); 61020ea9e1SChristopher Smith $this->assertTrue($auth->loggedOff); 62020ea9e1SChristopher Smith } 63020ea9e1SChristopher Smith 64020ea9e1SChristopher Smith function test_confirmation_required() { 65020ea9e1SChristopher Smith 66020ea9e1SChristopher Smith global $ACT, $INPUT, $conf, $auth; 67020ea9e1SChristopher Smith 68020ea9e1SChristopher Smith $ACT = 'profile_delete'; 69020ea9e1SChristopher Smith $conf['profileconfirm'] = true; 70020ea9e1SChristopher Smith $_SERVER['REMOTE_USER'] = 'testuser'; 71020ea9e1SChristopher Smith 72020ea9e1SChristopher Smith $input = array( 73020ea9e1SChristopher Smith 'do' => $ACT, 74020ea9e1SChristopher Smith 'sectok' => getSecurityToken(), 75020ea9e1SChristopher Smith 'delete' => '1', 76020ea9e1SChristopher Smith 'confirm_delete' => '1', 77020ea9e1SChristopher Smith 'oldpass' => 'wrong', 78020ea9e1SChristopher Smith ); 79020ea9e1SChristopher Smith 80020ea9e1SChristopher Smith $_POST = $input; 81020ea9e1SChristopher Smith $_REQUEST = $input; 82020ea9e1SChristopher Smith $INPUT = new Input(); 83020ea9e1SChristopher Smith 84020ea9e1SChristopher Smith $auth = new Mock_Auth_Plugin(); 85020ea9e1SChristopher Smith 86020ea9e1SChristopher Smith // password check required - it fails, so don't delete profile 87020ea9e1SChristopher Smith $this->assertFalse(auth_deleteprofile()); 88020ea9e1SChristopher Smith 89020ea9e1SChristopher Smith // now it passes, we're good to go 90020ea9e1SChristopher Smith $INPUT->set('oldpass','password'); 91020ea9e1SChristopher Smith $INPUT->post->set('oldpass','password'); 92020ea9e1SChristopher Smith $this->assertTrue(auth_deleteprofile()); 93020ea9e1SChristopher Smith } 94020ea9e1SChristopher Smith 95020ea9e1SChristopher Smith function test_authconfig_prevents() { 96020ea9e1SChristopher Smith 97020ea9e1SChristopher Smith global $ACT, $INPUT, $conf, $auth; 98020ea9e1SChristopher Smith 99020ea9e1SChristopher Smith $ACT = 'profile_delete'; 100020ea9e1SChristopher Smith $conf['profileconfirm'] = false; 101020ea9e1SChristopher Smith $_SERVER['REMOTE_USER'] = 'testuser'; 102020ea9e1SChristopher Smith 103020ea9e1SChristopher Smith $input = array( 104020ea9e1SChristopher Smith 'do' => $ACT, 105020ea9e1SChristopher Smith 'sectok' => getSecurityToken(), 106020ea9e1SChristopher Smith 'delete' => '1', 107020ea9e1SChristopher Smith 'confirm_delete' => '1', 108020ea9e1SChristopher Smith ); 109020ea9e1SChristopher Smith 110020ea9e1SChristopher Smith $_POST = $input; 111020ea9e1SChristopher Smith $_REQUEST = $input; 112020ea9e1SChristopher Smith $INPUT = new Input(); 113020ea9e1SChristopher Smith 114020ea9e1SChristopher Smith $auth = new Mock_Auth_Plugin(false); 115020ea9e1SChristopher Smith $conf['disableactions'] = ''; 116020ea9e1SChristopher Smith $this->assertFalse(auth_deleteprofile()); 117020ea9e1SChristopher Smith } 118020ea9e1SChristopher Smith 119020ea9e1SChristopher Smith function test_wikiconfig_prevents() { 120020ea9e1SChristopher Smith 121020ea9e1SChristopher Smith global $ACT, $INPUT, $conf, $auth; 122020ea9e1SChristopher Smith 123020ea9e1SChristopher Smith $ACT = 'profile_delete'; 124020ea9e1SChristopher Smith $conf['profileconfirm'] = false; 125020ea9e1SChristopher Smith $_SERVER['REMOTE_USER'] = 'testuser'; 126020ea9e1SChristopher Smith 127020ea9e1SChristopher Smith $input = array( 128020ea9e1SChristopher Smith 'do' => $ACT, 129020ea9e1SChristopher Smith 'sectok' => getSecurityToken(), 130020ea9e1SChristopher Smith 'delete' => '1', 131020ea9e1SChristopher Smith 'confirm_delete' => '1', 132020ea9e1SChristopher Smith ); 133020ea9e1SChristopher Smith 134020ea9e1SChristopher Smith $_POST = $input; 135020ea9e1SChristopher Smith $_REQUEST = $input; 136020ea9e1SChristopher Smith $INPUT = new Input(); 137020ea9e1SChristopher Smith 138020ea9e1SChristopher Smith $auth = new Mock_Auth_Plugin(); 139020ea9e1SChristopher Smith $conf['disableactions'] = 'profile_delete'; 140020ea9e1SChristopher Smith 141020ea9e1SChristopher Smith $this->assertFalse(actionOK('profile_delete')); 142020ea9e1SChristopher Smith $this->assertTrue($auth->canDo('delUser')); 143020ea9e1SChristopher Smith 144020ea9e1SChristopher Smith $this->assertFalse(auth_deleteprofile()); 145020ea9e1SChristopher Smith } 146020ea9e1SChristopher Smith 147020ea9e1SChristopher Smith function test_basic_parameters() { 148020ea9e1SChristopher Smith 149020ea9e1SChristopher Smith global $ACT, $INPUT, $conf, $auth; 150020ea9e1SChristopher Smith 151020ea9e1SChristopher Smith $ACT = 'profile_delete'; 152020ea9e1SChristopher Smith $conf['profileconfirm'] = true; 153020ea9e1SChristopher Smith $_SERVER['REMOTE_USER'] = 'testuser'; 154020ea9e1SChristopher Smith 155020ea9e1SChristopher Smith $input = array( 156020ea9e1SChristopher Smith 'do' => $ACT, 157020ea9e1SChristopher Smith 'sectok' => getSecurityToken(), 158020ea9e1SChristopher Smith 'delete' => '1', 159020ea9e1SChristopher Smith 'confirm_delete' => '1', 160020ea9e1SChristopher Smith 'oldpass' => 'password', 161020ea9e1SChristopher Smith ); 162020ea9e1SChristopher Smith 163020ea9e1SChristopher Smith $_POST = $input; 164020ea9e1SChristopher Smith $_REQUEST = $input; 165020ea9e1SChristopher Smith $input_foundation = new Input(); 166020ea9e1SChristopher Smith 167020ea9e1SChristopher Smith $auth = new Mock_Auth_Plugin(); 168020ea9e1SChristopher Smith 169020ea9e1SChristopher Smith $INPUT = clone $input_foundation; 170020ea9e1SChristopher Smith $INPUT->remove('delete'); 171020ea9e1SChristopher Smith $this->assertFalse(auth_deleteprofile()); 172020ea9e1SChristopher Smith 173020ea9e1SChristopher Smith $INPUT = clone $input_foundation; 174020ea9e1SChristopher Smith $INPUT->set('sectok','wrong'); 175020ea9e1SChristopher Smith $this->assertFalse(auth_deleteprofile()); 176020ea9e1SChristopher Smith 177020ea9e1SChristopher Smith $INPUT = clone $input_foundation; 178020ea9e1SChristopher Smith $INPUT->remove('confirm_delete'); 179020ea9e1SChristopher Smith $this->assertFalse(auth_deleteprofile()); 180020ea9e1SChristopher Smith } 181020ea9e1SChristopher Smith} 182