xref: /dokuwiki/_test/tests/inc/auth_deleteprofile.test.php (revision e1d9dcc8b460b6f029ac9c8d5d3b8d23b6e73402) 
1<?php
2
3use dokuwiki\Input\Input;
4use dokuwiki\Extension\AuthPlugin;
5
6class Mock_Auth_Plugin extends AuthPlugin {
7
8    public $loggedOff = false;
9
10    public function __construct($canDeleteUser = true) {
11        $this->cando['delUser'] = $canDeleteUser;
12    }
13
14    public function checkPass($user, $pass) {
15        return $pass == 'password';
16    }
17
18    public function deleteUsers($users) {
19        return in_array($_SERVER['REMOTE_USER'], $users);
20    }
21
22    public function logoff() {
23        $this->loggedOff = true;
24    }
25
26}
27
28class auth_deleteprofile_test extends DokuWikiTest {
29
30    /*
31     * Tests:
32     *
33     * 1.   It works and the user is logged off
34     * 2.   Password matches when config requires it
35     * 3,4. Auth plugin can prevent & wiki config can prevent
36     * 5.  Any of invalid security token, missing/not set 'delete' flag, missing/unchecked 'confirm_delete'
37     *
38     */
39
40    function test_success() {
41
42        global $ACT, $INPUT, $conf, $auth;
43
44        $ACT = 'profile_delete';
45        $conf['profileconfirm'] = false;
46    	$_SERVER['REMOTE_USER'] = 'testuser';
47
48        $input = array(
49            'do'                 => $ACT,
50            'sectok'             => getSecurityToken(),
51            'delete'             => '1',
52            'confirm_delete'     => '1',
53        );
54
55        $_POST = $input;
56        $_REQUEST = $input;
57        $INPUT = new Input();
58
59        $auth = new Mock_Auth_Plugin();
60
61        $this->assertTrue(auth_deleteprofile());
62        $this->assertTrue($auth->loggedOff);
63    }
64
65    function test_confirmation_required() {
66
67        global $ACT, $INPUT, $conf, $auth;
68
69        $ACT = 'profile_delete';
70        $conf['profileconfirm'] = true;
71    	$_SERVER['REMOTE_USER'] = 'testuser';
72
73        $input = array(
74            'do'                 => $ACT,
75            'sectok'             => getSecurityToken(),
76            'delete'             => '1',
77            'confirm_delete'     => '1',
78            'oldpass'            => 'wrong',
79        );
80
81        $_POST = $input;
82        $_REQUEST = $input;
83        $INPUT = new Input();
84
85        $auth = new Mock_Auth_Plugin();
86
87        // password check required - it fails, so don't delete profile
88        $this->assertFalse(auth_deleteprofile());
89
90        // now it passes, we're good to go
91        $INPUT->set('oldpass','password');
92        $INPUT->post->set('oldpass','password');
93        $this->assertTrue(auth_deleteprofile());
94    }
95
96    function test_authconfig_prevents() {
97
98        global $ACT, $INPUT, $conf, $auth;
99
100        $ACT = 'profile_delete';
101        $conf['profileconfirm'] = false;
102    	$_SERVER['REMOTE_USER'] = 'testuser';
103
104        $input = array(
105            'do'                 => $ACT,
106            'sectok'             => getSecurityToken(),
107            'delete'             => '1',
108            'confirm_delete'     => '1',
109        );
110
111        $_POST = $input;
112        $_REQUEST = $input;
113        $INPUT = new Input();
114
115        $auth = new Mock_Auth_Plugin(false);
116        $conf['disableactions'] = '';
117        $this->assertFalse(auth_deleteprofile());
118    }
119
120    function test_wikiconfig_prevents() {
121
122        global $ACT, $INPUT, $conf, $auth;
123
124        $ACT = 'profile_delete';
125        $conf['profileconfirm'] = false;
126    	$_SERVER['REMOTE_USER'] = 'testuser';
127
128        $input = array(
129            'do'                 => $ACT,
130            'sectok'             => getSecurityToken(),
131            'delete'             => '1',
132            'confirm_delete'     => '1',
133        );
134
135        $_POST = $input;
136        $_REQUEST = $input;
137        $INPUT = new Input();
138
139        $auth = new Mock_Auth_Plugin();
140        $conf['disableactions'] = 'profile_delete';
141
142        $this->assertFalse(actionOK('profile_delete'));
143        $this->assertTrue($auth->canDo('delUser'));
144
145        $this->assertFalse(auth_deleteprofile());
146    }
147
148    function test_basic_parameters() {
149
150        global $ACT, $INPUT, $conf, $auth;
151
152        $ACT = 'profile_delete';
153        $conf['profileconfirm'] = true;
154    	$_SERVER['REMOTE_USER'] = 'testuser';
155
156        $input = array(
157            'do'                 => $ACT,
158            'sectok'             => getSecurityToken(),
159            'delete'             => '1',
160            'confirm_delete'     => '1',
161            'oldpass'            => 'password',
162        );
163
164        $_POST = $input;
165        $_REQUEST = $input;
166        $input_foundation = new Input();
167
168        $auth = new Mock_Auth_Plugin();
169
170        $INPUT = clone $input_foundation;
171        $INPUT->remove('delete');
172        $this->assertFalse(auth_deleteprofile());
173
174        $INPUT = clone $input_foundation;
175        $INPUT->set('sectok','wrong');
176        $this->assertFalse(auth_deleteprofile());
177
178        $INPUT = clone $input_foundation;
179        $INPUT->remove('confirm_delete');
180        $this->assertFalse(auth_deleteprofile());
181    }
182}
183