xref: /dokuwiki/_test/tests/inc/auth_deleteprofile.test.php (revision f95ecbbf8b1de8bc1270d3cf91dfdf055ea5c78c) 
1<?php
2
3class Mock_Auth_Plugin extends DokuWiki_Auth_Plugin {
4
5	public $loggedOff = false;
6
7    public function __construct($canDeleteUser = true) {
8		$this->cando['delUser'] = $canDeleteUser;
9    }
10
11    public function checkPass($user, $pass) {
12        return $pass == 'password';
13    }
14
15    public function deleteUsers($users) {
16    	return in_array($_SERVER['REMOTE_USER'], $users);
17    }
18
19    public function logoff() {
20    	$this->loggedOff = true;
21    }
22
23}
24
25class auth_deleteprofile_test extends DokuWikiTest {
26
27    /*
28     * Tests:
29     *
30     * 1.   It works and the user is logged off
31     * 2.   Password matches when config requires it
32     * 3,4. Auth plugin can prevent & wiki config can prevent
33     * 5.  Any of invalid security token, missing/not set 'delete' flag, missing/unchecked 'confirm_delete'
34     *
35     */
36
37    function test_success() {
38
39        global $ACT, $INPUT, $conf, $auth;
40
41        $ACT = 'profile_delete';
42        $conf['profileconfirm'] = false;
43    	$_SERVER['REMOTE_USER'] = 'testuser';
44
45        $input = array(
46            'do'                 => $ACT,
47            'sectok'             => getSecurityToken(),
48            'delete'             => '1',
49            'confirm_delete'     => '1',
50        );
51
52        $_POST = $input;
53        $_REQUEST = $input;
54        $INPUT = new Input();
55
56        $auth = new Mock_Auth_Plugin();
57
58        $this->assertTrue(auth_deleteprofile());
59        $this->assertTrue($auth->loggedOff);
60    }
61
62    function test_confirmation_required() {
63
64        global $ACT, $INPUT, $conf, $auth;
65
66        $ACT = 'profile_delete';
67        $conf['profileconfirm'] = true;
68    	$_SERVER['REMOTE_USER'] = 'testuser';
69
70        $input = array(
71            'do'                 => $ACT,
72            'sectok'             => getSecurityToken(),
73            'delete'             => '1',
74            'confirm_delete'     => '1',
75            'oldpass'            => 'wrong',
76        );
77
78        $_POST = $input;
79        $_REQUEST = $input;
80        $INPUT = new Input();
81
82        $auth = new Mock_Auth_Plugin();
83
84        // password check required - it fails, so don't delete profile
85        $this->assertFalse(auth_deleteprofile());
86
87        // now it passes, we're good to go
88        $INPUT->set('oldpass','password');
89        $INPUT->post->set('oldpass','password');
90        $this->assertTrue(auth_deleteprofile());
91    }
92
93    function test_authconfig_prevents() {
94
95        global $ACT, $INPUT, $conf, $auth;
96
97        $ACT = 'profile_delete';
98        $conf['profileconfirm'] = false;
99    	$_SERVER['REMOTE_USER'] = 'testuser';
100
101        $input = array(
102            'do'                 => $ACT,
103            'sectok'             => getSecurityToken(),
104            'delete'             => '1',
105            'confirm_delete'     => '1',
106        );
107
108        $_POST = $input;
109        $_REQUEST = $input;
110        $INPUT = new Input();
111
112        $auth = new Mock_Auth_Plugin(false);
113        $conf['disableactions'] = '';
114        $this->assertFalse(auth_deleteprofile());
115    }
116
117    function test_wikiconfig_prevents() {
118
119        global $ACT, $INPUT, $conf, $auth;
120
121        $ACT = 'profile_delete';
122        $conf['profileconfirm'] = false;
123    	$_SERVER['REMOTE_USER'] = 'testuser';
124
125        $input = array(
126            'do'                 => $ACT,
127            'sectok'             => getSecurityToken(),
128            'delete'             => '1',
129            'confirm_delete'     => '1',
130        );
131
132        $_POST = $input;
133        $_REQUEST = $input;
134        $INPUT = new Input();
135
136        $auth = new Mock_Auth_Plugin();
137        $conf['disableactions'] = 'profile_delete';
138
139        $this->assertFalse(actionOK('profile_delete'));
140        $this->assertTrue($auth->canDo('delUser'));
141
142        $this->assertFalse(auth_deleteprofile());
143    }
144
145    function test_basic_parameters() {
146
147        global $ACT, $INPUT, $conf, $auth;
148
149        $ACT = 'profile_delete';
150        $conf['profileconfirm'] = true;
151    	$_SERVER['REMOTE_USER'] = 'testuser';
152
153        $input = array(
154            'do'                 => $ACT,
155            'sectok'             => getSecurityToken(),
156            'delete'             => '1',
157            'confirm_delete'     => '1',
158            'oldpass'            => 'password',
159        );
160
161        $_POST = $input;
162        $_REQUEST = $input;
163        $input_foundation = new Input();
164
165        $auth = new Mock_Auth_Plugin();
166
167        $INPUT = clone $input_foundation;
168        $INPUT->remove('delete');
169        $this->assertFalse(auth_deleteprofile());
170
171        $INPUT = clone $input_foundation;
172        $INPUT->set('sectok','wrong');
173        $this->assertFalse(auth_deleteprofile());
174
175        $INPUT = clone $input_foundation;
176        $INPUT->remove('confirm_delete');
177        $this->assertFalse(auth_deleteprofile());
178    }
179}