xref: /dokuwiki/_test/tests/inc/auth_deleteprofile.test.php (revision 47de339b47c45069e8b9525bc0ef4396bcc60cfd) 
1<?php
2
3use dokuwiki\Input\Input;
4
5class Mock_Auth_Plugin extends DokuWiki_Auth_Plugin {
6
7	public $loggedOff = false;
8
9    public function __construct($canDeleteUser = true) {
10		$this->cando['delUser'] = $canDeleteUser;
11    }
12
13    public function checkPass($user, $pass) {
14        return $pass == 'password';
15    }
16
17    public function deleteUsers($users) {
18    	return in_array($_SERVER['REMOTE_USER'], $users);
19    }
20
21    public function logoff() {
22    	$this->loggedOff = true;
23    }
24
25}
26
27class auth_deleteprofile_test extends DokuWikiTest {
28
29    /*
30     * Tests:
31     *
32     * 1.   It works and the user is logged off
33     * 2.   Password matches when config requires it
34     * 3,4. Auth plugin can prevent & wiki config can prevent
35     * 5.  Any of invalid security token, missing/not set 'delete' flag, missing/unchecked 'confirm_delete'
36     *
37     */
38
39    function test_success() {
40
41        global $ACT, $INPUT, $conf, $auth;
42
43        $ACT = 'profile_delete';
44        $conf['profileconfirm'] = false;
45    	$_SERVER['REMOTE_USER'] = 'testuser';
46
47        $input = array(
48            'do'                 => $ACT,
49            'sectok'             => getSecurityToken(),
50            'delete'             => '1',
51            'confirm_delete'     => '1',
52        );
53
54        $_POST = $input;
55        $_REQUEST = $input;
56        $INPUT = new Input();
57
58        $auth = new Mock_Auth_Plugin();
59
60        $this->assertTrue(auth_deleteprofile());
61        $this->assertTrue($auth->loggedOff);
62    }
63
64    function test_confirmation_required() {
65
66        global $ACT, $INPUT, $conf, $auth;
67
68        $ACT = 'profile_delete';
69        $conf['profileconfirm'] = true;
70    	$_SERVER['REMOTE_USER'] = 'testuser';
71
72        $input = array(
73            'do'                 => $ACT,
74            'sectok'             => getSecurityToken(),
75            'delete'             => '1',
76            'confirm_delete'     => '1',
77            'oldpass'            => 'wrong',
78        );
79
80        $_POST = $input;
81        $_REQUEST = $input;
82        $INPUT = new Input();
83
84        $auth = new Mock_Auth_Plugin();
85
86        // password check required - it fails, so don't delete profile
87        $this->assertFalse(auth_deleteprofile());
88
89        // now it passes, we're good to go
90        $INPUT->set('oldpass','password');
91        $INPUT->post->set('oldpass','password');
92        $this->assertTrue(auth_deleteprofile());
93    }
94
95    function test_authconfig_prevents() {
96
97        global $ACT, $INPUT, $conf, $auth;
98
99        $ACT = 'profile_delete';
100        $conf['profileconfirm'] = false;
101    	$_SERVER['REMOTE_USER'] = 'testuser';
102
103        $input = array(
104            'do'                 => $ACT,
105            'sectok'             => getSecurityToken(),
106            'delete'             => '1',
107            'confirm_delete'     => '1',
108        );
109
110        $_POST = $input;
111        $_REQUEST = $input;
112        $INPUT = new Input();
113
114        $auth = new Mock_Auth_Plugin(false);
115        $conf['disableactions'] = '';
116        $this->assertFalse(auth_deleteprofile());
117    }
118
119    function test_wikiconfig_prevents() {
120
121        global $ACT, $INPUT, $conf, $auth;
122
123        $ACT = 'profile_delete';
124        $conf['profileconfirm'] = false;
125    	$_SERVER['REMOTE_USER'] = 'testuser';
126
127        $input = array(
128            'do'                 => $ACT,
129            'sectok'             => getSecurityToken(),
130            'delete'             => '1',
131            'confirm_delete'     => '1',
132        );
133
134        $_POST = $input;
135        $_REQUEST = $input;
136        $INPUT = new Input();
137
138        $auth = new Mock_Auth_Plugin();
139        $conf['disableactions'] = 'profile_delete';
140
141        $this->assertFalse(actionOK('profile_delete'));
142        $this->assertTrue($auth->canDo('delUser'));
143
144        $this->assertFalse(auth_deleteprofile());
145    }
146
147    function test_basic_parameters() {
148
149        global $ACT, $INPUT, $conf, $auth;
150
151        $ACT = 'profile_delete';
152        $conf['profileconfirm'] = true;
153    	$_SERVER['REMOTE_USER'] = 'testuser';
154
155        $input = array(
156            'do'                 => $ACT,
157            'sectok'             => getSecurityToken(),
158            'delete'             => '1',
159            'confirm_delete'     => '1',
160            'oldpass'            => 'password',
161        );
162
163        $_POST = $input;
164        $_REQUEST = $input;
165        $input_foundation = new Input();
166
167        $auth = new Mock_Auth_Plugin();
168
169        $INPUT = clone $input_foundation;
170        $INPUT->remove('delete');
171        $this->assertFalse(auth_deleteprofile());
172
173        $INPUT = clone $input_foundation;
174        $INPUT->set('sectok','wrong');
175        $this->assertFalse(auth_deleteprofile());
176
177        $INPUT = clone $input_foundation;
178        $INPUT->remove('confirm_delete');
179        $this->assertFalse(auth_deleteprofile());
180    }
181}
182