From aa6088a37fa11fc386f9099d758f01cf63af9e2e Mon Sep 17 00:00:00 2001 From: ADmad Date: Fri, 15 Nov 2013 20:07:22 +0530 Subject: [PATCH] Updated AuthComponent and friends to use new ORM and other 3.x changes. --- .../Component/Auth/BaseAuthenticate.php | 74 ++++--- .../Component/Auth/BaseAuthorize.php | 2 +- .../Component/Auth/BasicAuthenticate.php | 2 +- .../Component/Auth/DigestAuthenticate.php | 7 +- .../Component/Auth/FormAuthenticate.php | 2 +- Cake/Controller/Component/AuthComponent.php | 17 +- .../TestApp/Controller/AjaxAuthController.php | 3 +- .../TestApp/Controller/AuthTestController.php | 2 +- .../Model/Repository/AuthUsersTable.php | 22 +++ .../Component/Auth/ActionsAuthorizeTest.php | 14 +- .../Component/Auth/BasicAuthenticateTest.php | 37 ++-- .../Component/Auth/CrudAuthorizeTest.php | 10 +- .../Component/Auth/DigestAuthenticateTest.php | 37 ++-- .../Component/Auth/FormAuthenticateTest.php | 89 ++++----- .../Component/AuthComponentTest.php | 185 +++++++++--------- 15 files changed, 256 insertions(+), 247 deletions(-) create mode 100644 Cake/Test/TestApp/Model/Repository/AuthUsersTable.php diff --git a/Cake/Controller/Component/Auth/BaseAuthenticate.php b/Cake/Controller/Component/Auth/BaseAuthenticate.php index bb985d434b7..877a6f9c2f8 100644 --- a/Cake/Controller/Component/Auth/BaseAuthenticate.php +++ b/Cake/Controller/Component/Auth/BaseAuthenticate.php @@ -16,10 +16,12 @@ namespace Cake\Controller\Component\Auth; use Cake\Controller\ComponentRegistry; +use Cake\Controller\Component\Auth\AbstractPasswordHasher; +use Cake\Core\App; use Cake\Error; use Cake\Network\Request; use Cake\Network\Response; -use Cake\Utility\ClassRegistry; +use Cake\ORM\TableRegistry; use Cake\Utility\Hash; use Cake\Utility\Security; @@ -33,10 +35,9 @@ abstract class BaseAuthenticate { * Settings for this object. * * - `fields` The fields to use to identify a user by. - * - `userModel` The model name of the User, defaults to User. + * - `userModel` The alias for users table, defaults to Users. * - `scope` Additional conditions to use when looking up and authenticating users, - * i.e. `array('User.is_active' => 1).` - * - `recursive` The value of the recursive key passed to find(). Defaults to 0. + * i.e. `['Users.is_active' => 1].` * - `contain` Extra models to contain and store in session. * - `passwordHasher` Password hasher class. Can be a string specifying class name * or an array containing `className` key, any other keys will be passed as @@ -44,17 +45,16 @@ abstract class BaseAuthenticate { * * @var array */ - public $settings = array( - 'fields' => array( + public $settings = [ + 'fields' => [ 'username' => 'username', 'password' => 'password' - ), - 'userModel' => 'User', - 'scope' => array(), - 'recursive' => 0, + ], + 'userModel' => 'Users', + 'scope' => [], 'contain' => null, 'passwordHasher' => 'Simple' - ); + ]; /** * A Component registry, used to get more components. @@ -82,17 +82,14 @@ public function __construct(ComponentRegistry $registry, $settings) { } /** - * Find a user record using the standard options. - * - * The $username parameter can be a (string)username or an array containing - * conditions for Model::find('first'). If the $password param is not provided - * the password field will be present in returned array. + * Find a user record using the username and password provided. * * Input passwords will be hashed even when a user doesn't exist. This * helps mitigate timing attacks that are attempting to find valid usernames. * - * @param string|array $username The username/identifier, or an array of find conditions. - * @param string $password The password, only used if $username param is string. + * @param string $username The username/identifier. + * @param string $password The password, if not provide password checking is skipped + * and result of find is returned. * @return boolean|array Either false on failure, or an array of user data. */ protected function _findUser($username, $password = null) { @@ -100,38 +97,33 @@ protected function _findUser($username, $password = null) { list(, $model) = pluginSplit($userModel); $fields = $this->settings['fields']; - if (is_array($username)) { - $conditions = $username; - } else { - $conditions = array( - $model . '.' . $fields['username'] => $username - ); - } + $conditions = [$model . '.' . $fields['username'] => $username]; if (!empty($this->settings['scope'])) { $conditions = array_merge($conditions, $this->settings['scope']); } - $result = ClassRegistry::init($userModel)->find('first', array( - 'conditions' => $conditions, - 'recursive' => $this->settings['recursive'], - 'contain' => $this->settings['contain'], - )); - if (empty($result[$model])) { - $this->passwordHasher()->hash($password); + $table = TableRegistry::get($userModel)->find('all'); + if ($this->settings['contain']) { + $table = $table->contain($this->settings['contain']); + } + $result = $table + ->where($conditions) + ->hydrate(false) + ->first(); + + if (empty($result)) { return false; } - $user = $result[$model]; - if ($password) { - if (!$this->passwordHasher()->check($password, $user[$fields['password']])) { + if ($password !== null) { + if (!$this->passwordHasher()->check($password, $result[$fields['password']])) { return false; } - unset($user[$fields['password']]); + unset($result[$fields['password']]); } - unset($result[$model]); - return array_merge($user, $result); + return $result; } /** @@ -154,15 +146,17 @@ public function passwordHasher() { $config = $this->settings['passwordHasher']; unset($config['className']); } + list($plugin, $class) = pluginSplit($class, true); $className = App::classname($class, 'Controller/Component/Auth', 'PasswordHasher'); if (!class_exists($className)) { throw new Error\Exception(__d('cake_dev', 'Password hasher class "%s" was not found.', $class)); } - if (!is_subclass_of($className, 'AbstractPasswordHasher')) { + + $this->_passwordHasher = new $className($config); + if (!($this->_passwordHasher instanceof AbstractPasswordHasher)) { throw new Error\Exception(__d('cake_dev', 'Password hasher must extend AbstractPasswordHasher class.')); } - $this->_passwordHasher = new $className($config); return $this->_passwordHasher; } diff --git a/Cake/Controller/Component/Auth/BaseAuthorize.php b/Cake/Controller/Component/Auth/BaseAuthorize.php index 28b0380f406..63afe835f0d 100644 --- a/Cake/Controller/Component/Auth/BaseAuthorize.php +++ b/Cake/Controller/Component/Auth/BaseAuthorize.php @@ -65,7 +65,7 @@ abstract class BaseAuthorize { 'delete' => 'delete', 'remove' => 'delete' ), - 'userModel' => 'User' + 'userModel' => 'Users' ); /** diff --git a/Cake/Controller/Component/Auth/BasicAuthenticate.php b/Cake/Controller/Component/Auth/BasicAuthenticate.php index b2b2c429cf5..5a326beb48f 100644 --- a/Cake/Controller/Component/Auth/BasicAuthenticate.php +++ b/Cake/Controller/Component/Auth/BasicAuthenticate.php @@ -84,7 +84,7 @@ public function getUser(Request $request) { */ public function unauthenticated(Request $request, Response $response) { $Exception = new Error\UnauthorizedException(); - $Exception->responseHeader(array($this->loginHeaders())); + $Exception->responseHeader(array($this->loginHeaders($request))); throw $Exception; } diff --git a/Cake/Controller/Component/Auth/DigestAuthenticate.php b/Cake/Controller/Component/Auth/DigestAuthenticate.php index 661ed18f1fb..f52074694b5 100644 --- a/Cake/Controller/Component/Auth/DigestAuthenticate.php +++ b/Cake/Controller/Component/Auth/DigestAuthenticate.php @@ -19,7 +19,6 @@ use Cake\Controller\Component\Auth\BasicAuthenticate; use Cake\Network\Request; use Cake\Network\Response; -use Cake\Utility\ClassRegistry; /** * Digest Authentication adapter for AuthComponent. @@ -107,9 +106,7 @@ public function getUser(Request $request) { } list(, $model) = pluginSplit($this->settings['userModel']); - $user = $this->_findUser(array( - $model . '.' . $this->settings['fields']['username'] => $digest['username'] - )); + $user = $this->_findUser($digest['username']); if (empty($user)) { return false; } @@ -207,7 +204,7 @@ public function loginHeaders(Request $request) { 'qop' => $this->settings['qop'], 'nonce' => $this->settings['nonce'] ?: uniqid(''), ); - $options['nonce'] = $this->settings['nonce'] ?: $options['realm']; + $options['opaque'] = $this->settings['opaque'] ?: md5($options['realm']); $opts = array(); foreach ($options as $k => $v) { $opts[] = sprintf('%s="%s"', $k, $v); diff --git a/Cake/Controller/Component/Auth/FormAuthenticate.php b/Cake/Controller/Component/Auth/FormAuthenticate.php index 2503cb82bc6..f0f01e8f5fe 100644 --- a/Cake/Controller/Component/Auth/FormAuthenticate.php +++ b/Cake/Controller/Component/Auth/FormAuthenticate.php @@ -26,7 +26,7 @@ * {{{ * $this->Auth->authenticate = array( * 'Form' => array( - * 'scope' => array('User.active' => 1) + * 'scope' => array('Users.active' => 1) * ) * ) * }}} diff --git a/Cake/Controller/Component/AuthComponent.php b/Cake/Controller/Component/AuthComponent.php index e3479161164..d0122a77ba9 100644 --- a/Cake/Controller/Component/AuthComponent.php +++ b/Cake/Controller/Component/AuthComponent.php @@ -21,9 +21,9 @@ use Cake\Core\Configure; use Cake\Error; use Cake\Event\Event; -use Cake\Model\Datasource\Session; use Cake\Network\Request; use Cake\Network\Response; +use Cake\Network\Session; use Cake\Routing\Router; use Cake\Utility\Debugger; use Cake\Utility\Hash; @@ -57,7 +57,7 @@ class AuthComponent extends Component { * {{{ * $this->Auth->authenticate = array( * 'Form' => array( - * 'userModel' => 'Users.User' + * 'userModel' => 'Users.Users' * ) * ); * }}} @@ -69,8 +69,8 @@ class AuthComponent extends Component { * {{{ * $this->Auth->authenticate = array( * 'all' => array( - * 'userModel' => 'Users.User', - * 'scope' => array('User.active' => 1) + * 'userModel' => 'Users.Users', + * 'scope' => ['Users.active' => 1] * ), * 'Form', * 'Basic' @@ -351,10 +351,11 @@ protected function _unauthenticated(Controller $controller) { } if ($this->_isLoginAction($controller)) { - if (empty($controller->request->data)) { - if (!$this->Session->check('Auth.redirect') && env('HTTP_REFERER')) { - $this->Session->write('Auth.redirect', $controller->referer(null, true)); - } + if (empty($controller->request->data) && + !$this->Session->check('Auth.redirect') && + $this->request->env('HTTP_REFERER') + ) { + $this->Session->write('Auth.redirect', $controller->referer(null, true)); } return true; } diff --git a/Cake/Test/TestApp/Controller/AjaxAuthController.php b/Cake/Test/TestApp/Controller/AjaxAuthController.php index 0b87c916610..3d7d43e3c7f 100644 --- a/Cake/Test/TestApp/Controller/AjaxAuthController.php +++ b/Cake/Test/TestApp/Controller/AjaxAuthController.php @@ -18,6 +18,7 @@ namespace TestApp\Controller; use Cake\Controller\Controller; +use Cake\Event\Event; /** * AjaxAuthController class @@ -58,7 +59,7 @@ class AjaxAuthController extends Controller { * * @return void */ - public function beforeFilter() { + public function beforeFilter(Event $event) { $this->TestAuth->ajaxLogin = 'test_element'; $this->TestAuth->userModel = 'AuthUser'; $this->TestAuth->RequestHandler->ajaxLayout = 'ajax2'; diff --git a/Cake/Test/TestApp/Controller/AuthTestController.php b/Cake/Test/TestApp/Controller/AuthTestController.php index 6de44688108..5c9ff66859f 100644 --- a/Cake/Test/TestApp/Controller/AuthTestController.php +++ b/Cake/Test/TestApp/Controller/AuthTestController.php @@ -38,7 +38,7 @@ class AuthTestController extends Controller { * * @var array */ - public $uses = array('AuthUser'); + public $uses = array('Users'); /** * components property diff --git a/Cake/Test/TestApp/Model/Repository/AuthUsersTable.php b/Cake/Test/TestApp/Model/Repository/AuthUsersTable.php new file mode 100644 index 00000000000..6f7205e3d22 --- /dev/null +++ b/Cake/Test/TestApp/Model/Repository/AuthUsersTable.php @@ -0,0 +1,22 @@ + + * Copyright 2005-2013, Cake Software Foundation, Inc. (http://cakefoundation.org) + * + * Licensed under The MIT License + * Redistributions of files must retain the above copyright notice + * + * @since CakePHP(tm) v 3.0 + * @license MIT License (http://www.opensource.org/licenses/mit-license.php) + */ +namespace TestApp\Model\Repository; + +use Cake\ORM\Table; + +/** + * AuthUser class + * + */ +class AuthUsersTable extends Table { + +} diff --git a/Cake/Test/TestCase/Controller/Component/Auth/ActionsAuthorizeTest.php b/Cake/Test/TestCase/Controller/Component/Auth/ActionsAuthorizeTest.php index 86df86aa218..925f5e943db 100644 --- a/Cake/Test/TestCase/Controller/Component/Auth/ActionsAuthorizeTest.php +++ b/Cake/Test/TestCase/Controller/Component/Auth/ActionsAuthorizeTest.php @@ -62,7 +62,7 @@ protected function _mockAcl() { */ public function testAuthorizeFailure() { $user = array( - 'User' => array( + 'Users' => array( 'id' => 1, 'user' => 'mariano' ) @@ -81,7 +81,7 @@ public function testAuthorizeFailure() { ->with($user, 'controllers/Posts/index') ->will($this->returnValue(false)); - $this->assertFalse($this->auth->authorize($user['User'], $request)); + $this->assertFalse($this->auth->authorize($user['Users'], $request)); } /** @@ -91,7 +91,7 @@ public function testAuthorizeFailure() { */ public function testAuthorizeSuccess() { $user = array( - 'User' => array( + 'Users' => array( 'id' => 1, 'user' => 'mariano' ) @@ -110,7 +110,7 @@ public function testAuthorizeSuccess() { ->with($user, 'controllers/Posts/index') ->will($this->returnValue(true)); - $this->assertTrue($this->auth->authorize($user['User'], $request)); + $this->assertTrue($this->auth->authorize($user['Users'], $request)); } /** @@ -128,13 +128,13 @@ public function testAuthorizeSettings() { $this->_mockAcl(); - $this->auth->settings['userModel'] = 'TestPlugin.TestPluginAuthUser'; + $this->auth->settings['userModel'] = 'TestPlugin.AuthUser'; $user = array( 'id' => 1, - 'user' => 'mariano' + 'username' => 'mariano' ); - $expected = array('TestPlugin.TestPluginAuthUser' => array('id' => 1, 'user' => 'mariano')); + $expected = array('TestPlugin.AuthUser' => array('id' => 1, 'username' => 'mariano')); $this->Acl->expects($this->once()) ->method('check') ->with($expected, 'controllers/Posts/index') diff --git a/Cake/Test/TestCase/Controller/Component/Auth/BasicAuthenticateTest.php b/Cake/Test/TestCase/Controller/Component/Auth/BasicAuthenticateTest.php index 017853cffb1..648c91bd0fa 100644 --- a/Cake/Test/TestCase/Controller/Component/Auth/BasicAuthenticateTest.php +++ b/Cake/Test/TestCase/Controller/Component/Auth/BasicAuthenticateTest.php @@ -21,12 +21,11 @@ use Cake\Controller\Component\Auth\BasicAuthenticate; use Cake\Error; use Cake\Network\Request; +use Cake\ORM\Entity; +use Cake\ORM\TableRegistry; use Cake\TestSuite\TestCase; -use Cake\Utility\ClassRegistry; use Cake\Utility\Security; -require_once CAKE . 'Test/TestCase/Model/models.php'; - /** * Test case for BasicAuthentication * @@ -47,19 +46,16 @@ class BasicAuthenticateTest extends TestCase { */ public function setUp() { parent::setUp(); - $this->markTestIncomplete('Need to revisit once models work again.'); $this->Collection = $this->getMock('Cake\Controller\ComponentRegistry'); $this->auth = new BasicAuthenticate($this->Collection, array( - 'fields' => array('username' => 'user', 'password' => 'password'), - 'userModel' => 'User', - 'realm' => 'localhost', - 'recursive' => 0 + 'userModel' => 'Users', + 'realm' => 'localhost' )); $password = Security::hash('password', null, true); - $User = ClassRegistry::init('User'); - $User->updateAll(array('password' => $User->getDataSource()->value($password))); + $User = TableRegistry::get('Users'); + $User->updateAll(['password' => $password], []); $this->response = $this->getMock('Cake\Network\Response'); } @@ -75,7 +71,6 @@ public function testConstructor() { )); $this->assertEquals('AuthUser', $object->settings['userModel']); $this->assertEquals(array('username' => 'user', 'password' => 'password'), $object->settings['fields']); - $this->assertEquals(env('SERVER_NAME'), $object->settings['realm']); } /** @@ -178,9 +173,9 @@ public function testAuthenticateSuccess() { $result = $this->auth->authenticate($request, $this->response); $expected = array( 'id' => 1, - 'user' => 'mariano', - 'created' => '2007-03-17 01:16:23', - 'updated' => '2007-03-17 01:18:31' + 'username' => 'mariano', + 'created' => new \DateTime('2007-03-17 01:16:23'), + 'updated' => new \DateTime('2007-03-17 01:18:31') ); $this->assertEquals($expected, $result); } @@ -193,7 +188,7 @@ public function testAuthenticateSuccess() { * @return void */ public function testAuthenticateFailReChallenge() { - $this->auth->settings['scope'] = array('user' => 'nate'); + $this->auth->settings['scope'] = array('username' => 'nate'); $request = new Request([ 'url' => 'posts/index', 'environment' => [ @@ -224,10 +219,10 @@ public function testAuthenticateWithBlowfish() { ]); $request->addParams(array('pass' => array())); - $User = ClassRegistry::init('User'); + $User = TableRegistry::get('Users'); $User->updateAll( - array('password' => $User->getDataSource()->value($hash)), - array('User.user' => 'mariano') + array('password' => $hash), + array('username' => 'mariano') ); $this->auth->settings['passwordHasher'] = 'Blowfish'; @@ -235,9 +230,9 @@ public function testAuthenticateWithBlowfish() { $result = $this->auth->authenticate($request, $this->response); $expected = array( 'id' => 1, - 'user' => 'mariano', - 'created' => '2007-03-17 01:16:23', - 'updated' => '2007-03-17 01:18:31' + 'username' => 'mariano', + 'created' => new \DateTime('2007-03-17 01:16:23'), + 'updated' => new \DateTime('2007-03-17 01:18:31') ); $this->assertEquals($expected, $result); } diff --git a/Cake/Test/TestCase/Controller/Component/Auth/CrudAuthorizeTest.php b/Cake/Test/TestCase/Controller/Component/Auth/CrudAuthorizeTest.php index 375980961be..48559a0a4c3 100644 --- a/Cake/Test/TestCase/Controller/Component/Auth/CrudAuthorizeTest.php +++ b/Cake/Test/TestCase/Controller/Component/Auth/CrudAuthorizeTest.php @@ -70,7 +70,7 @@ public function testAuthorizeNoMappedAction() { 'controller' => 'posts', 'action' => 'foobar' )); - $user = array('User' => array('user' => 'mark')); + $user = array('User' => array('username' => 'mark')); $this->auth->authorize($user, $request); } @@ -86,7 +86,7 @@ public function testAuthorizeCheckSuccess() { 'controller' => 'posts', 'action' => 'index' )); - $user = array('User' => array('user' => 'mark')); + $user = array('Users' => array('username' => 'mark')); $this->_mockAcl(); $this->Acl->expects($this->once()) @@ -94,7 +94,7 @@ public function testAuthorizeCheckSuccess() { ->with($user, 'Posts', 'read') ->will($this->returnValue(true)); - $this->assertTrue($this->auth->authorize($user['User'], $request)); + $this->assertTrue($this->auth->authorize($user['Users'], $request)); } /** @@ -108,7 +108,7 @@ public function testAuthorizeCheckFailure() { 'controller' => 'posts', 'action' => 'index' )); - $user = array('User' => array('user' => 'mark')); + $user = array('Users' => array('username' => 'mark')); $this->_mockAcl(); $this->Acl->expects($this->once()) @@ -116,7 +116,7 @@ public function testAuthorizeCheckFailure() { ->with($user, 'Posts', 'read') ->will($this->returnValue(false)); - $this->assertFalse($this->auth->authorize($user['User'], $request)); + $this->assertFalse($this->auth->authorize($user['Users'], $request)); } /** diff --git a/Cake/Test/TestCase/Controller/Component/Auth/DigestAuthenticateTest.php b/Cake/Test/TestCase/Controller/Component/Auth/DigestAuthenticateTest.php index bf466d55b69..2a6725bbbcc 100644 --- a/Cake/Test/TestCase/Controller/Component/Auth/DigestAuthenticateTest.php +++ b/Cake/Test/TestCase/Controller/Component/Auth/DigestAuthenticateTest.php @@ -21,10 +21,9 @@ use Cake\Controller\Component\Auth\DigestAuthenticate; use Cake\Error; use Cake\Network\Request; +use Cake\ORM\Entity; +use Cake\ORM\TableRegistry; use Cake\TestSuite\TestCase; -use Cake\Utility\ClassRegistry; - -require_once CAKE . 'Test/TestCase/Model/models.php'; /** * Test case for DigestAuthentication @@ -46,20 +45,19 @@ class DigestAuthenticateTest extends TestCase { */ public function setUp() { parent::setUp(); - $this->markTestIncomplete('Need to revisit once models work again.'); $this->Collection = $this->getMock('Cake\Controller\ComponentRegistry'); $this->auth = new DigestAuthenticate($this->Collection, array( - 'fields' => array('username' => 'user', 'password' => 'password'), - 'userModel' => 'User', + 'fields' => array('username' => 'username', 'password' => 'password'), + 'userModel' => 'Users', 'realm' => 'localhost', 'nonce' => 123, 'opaque' => '123abc' )); $password = DigestAuthenticate::password('mariano', 'cake', 'localhost'); - $User = ClassRegistry::init('User'); - $User->updateAll(array('password' => $User->getDataSource()->value($password))); + $User = TableRegistry::get('Users'); + $User->updateAll(['password' => $password], []); $this->response = $this->getMock('Cake\Network\Response'); } @@ -128,7 +126,10 @@ public function testAuthenticateWrongUsername() { * @return void */ public function testAuthenticateChallenge() { - $request = new Request('posts/index'); + $request = new Request([ + 'url' => 'posts/index', + 'environment' => ['REQUEST_METHOD' => 'GET'] + ]); $request->addParams(array('pass' => array())); try { @@ -148,7 +149,10 @@ public function testAuthenticateChallenge() { * @return void */ public function testAuthenticateSuccess() { - $request = new Request('posts/index'); + $request = new Request([ + 'url' => 'posts/index', + 'environment' => ['REQUEST_METHOD' => 'GET'] + ]); $request->addParams(array('pass' => array())); $digest = <<auth->authenticate($request, $this->response); $expected = array( 'id' => 1, - 'user' => 'mariano', - 'created' => '2007-03-17 01:16:23', - 'updated' => '2007-03-17 01:18:31' + 'username' => 'mariano', + 'created' => new \DateTime('2007-03-17 01:16:23'), + 'updated' => new \DateTime('2007-03-17 01:18:31') ); $this->assertEquals($expected, $result); } @@ -182,8 +186,11 @@ public function testAuthenticateSuccess() { * @return void */ public function testAuthenticateFailReChallenge() { - $this->auth->settings['scope'] = array('user' => 'nate'); - $request = new Request('posts/index'); + $this->auth->settings['scope'] = array('username' => 'nate'); + $request = new Request([ + 'url' => 'posts/index', + 'environment' => ['REQUEST_METHOD' => 'GET'] + ]); $request->addParams(array('pass' => array())); $digest = <<markTestIncomplete('Need to revisit once models work again.'); $this->Collection = $this->getMock('Cake\Controller\ComponentRegistry'); $this->auth = new FormAuthenticate($this->Collection, array( - 'fields' => array('username' => 'user', 'password' => 'password'), - 'userModel' => 'User' + 'userModel' => 'Users' )); $password = Security::hash('password', null, true); - $User = ClassRegistry::init('User'); - $User->updateAll(array('password' => $User->getDataSource()->value($password))); + $Users = TableRegistry::get('Users'); + $Users->updateAll(['password' => $password], []); $this->response = $this->getMock('Cake\Network\Response'); } @@ -69,10 +66,10 @@ public function setUp() { */ public function testConstructor() { $object = new FormAuthenticate($this->Collection, array( - 'userModel' => 'AuthUser', + 'userModel' => 'AuthUsers', 'fields' => array('username' => 'user', 'password' => 'password') )); - $this->assertEquals('AuthUser', $object->settings['userModel']); + $this->assertEquals('AuthUsers', $object->settings['userModel']); $this->assertEquals(array('username' => 'user', 'password' => 'password'), $object->settings['fields']); } @@ -94,7 +91,7 @@ public function testAuthenticateNoData() { */ public function testAuthenticateNoUsername() { $request = new Request('posts/index'); - $request->data = array('User' => array('password' => 'foobar')); + $request->data = array('Users' => array('password' => 'foobar')); $this->assertFalse($this->auth->authenticate($request, $this->response)); } @@ -105,7 +102,7 @@ public function testAuthenticateNoUsername() { */ public function testAuthenticateNoPassword() { $request = new Request('posts/index'); - $request->data = array('User' => array('user' => 'mariano')); + $request->data = array('Users' => array('username' => 'mariano')); $this->assertFalse($this->auth->authenticate($request, $this->response)); } @@ -117,8 +114,8 @@ public function testAuthenticateNoPassword() { public function testAuthenticatePasswordIsFalse() { $request = new Request('posts/index', false); $request->data = array( - 'User' => array( - 'user' => 'mariano', + 'Users' => array( + 'username' => 'mariano', 'password' => null )); $this->assertFalse($this->auth->authenticate($request, $this->response)); @@ -130,17 +127,17 @@ public function testAuthenticatePasswordIsFalse() { * @return void */ public function testAuthenticateFieldsAreNotString() { - $request = new CakeRequest('posts/index', false); + $request = new Request('posts/index', false); $request->data = array( - 'User' => array( - 'user' => array('mariano', 'phpnut'), + 'Users' => array( + 'username' => array('mariano', 'phpnut'), 'password' => 'my password' )); $this->assertFalse($this->auth->authenticate($request, $this->response)); $request->data = array( - 'User' => array( - 'user' => 'mariano', + 'Users' => array( + 'username' => 'mariano', 'password' => array('password1', 'password2') )); $this->assertFalse($this->auth->authenticate($request, $this->response)); @@ -154,8 +151,8 @@ public function testAuthenticateFieldsAreNotString() { public function testAuthenticateInjection() { $request = new Request('posts/index'); $request->data = array( - 'User' => array( - 'user' => '> 1', + 'Users' => array( + 'username' => '> 1', 'password' => "' OR 1 = 1" )); $this->assertFalse($this->auth->authenticate($request, $this->response)); @@ -168,16 +165,16 @@ public function testAuthenticateInjection() { */ public function testAuthenticateSuccess() { $request = new Request('posts/index'); - $request->data = array('User' => array( - 'user' => 'mariano', + $request->data = array('Users' => array( + 'username' => 'mariano', 'password' => 'password' )); $result = $this->auth->authenticate($request, $this->response); $expected = array( 'id' => 1, - 'user' => 'mariano', - 'created' => '2007-03-17 01:16:23', - 'updated' => '2007-03-17 01:18:31' + 'username' => 'mariano', + 'created' => new \DateTime('2007-03-17 01:16:23'), + 'updated' => new \DateTime('2007-03-17 01:18:31') ); $this->assertEquals($expected, $result); } @@ -188,10 +185,10 @@ public function testAuthenticateSuccess() { * @return void */ public function testAuthenticateScopeFail() { - $this->auth->settings['scope'] = array('user' => 'nate'); + $this->auth->settings['scope'] = array('Users.id' => 2); $request = new Request('posts/index'); - $request->data = array('User' => array( - 'user' => 'mariano', + $request->data = array('Users' => array( + 'username' => 'mariano', 'password' => 'password' )); @@ -207,17 +204,16 @@ public function testPluginModel() { Cache::delete('object_map', '_cake_core_'); Plugin::load('TestPlugin'); - $PluginModel = ClassRegistry::init('TestPlugin.TestPluginAuthUser'); + $PluginModel = TableRegistry::get('TestPlugin.AuthUsers'); $user['id'] = 1; $user['username'] = 'gwoo'; $user['password'] = Security::hash(Configure::read('Security.salt') . 'cake'); - $PluginModel->save($user, false); + $PluginModel->save(new Entity($user)); - $this->auth->settings['userModel'] = 'TestPlugin.TestPluginAuthUser'; - $this->auth->settings['fields']['username'] = 'username'; + $this->auth->settings['userModel'] = 'TestPlugin.AuthUsers'; $request = new Request('posts/index'); - $request->data = array('TestPluginAuthUser' => array( + $request->data = array('AuthUsers' => array( 'username' => 'gwoo', 'password' => 'cake' )); @@ -226,10 +222,9 @@ public function testPluginModel() { $expected = array( 'id' => 1, 'username' => 'gwoo', - 'created' => '2007-03-17 01:16:23' + 'created' => new \DateTime('2007-03-17 01:16:23'), + 'updated' => new \DateTime('2007-03-17 01:18:31') ); - $this->assertEquals(static::date(), $result['updated']); - unset($result['updated']); $this->assertEquals($expected, $result); Plugin::unload(); } @@ -250,30 +245,30 @@ public function testPasswordHasherSettings() { $this->assertEquals('md5', $result['hashType']); $hash = Security::hash('mypass', 'md5', true); - $User = ClassRegistry::init('User'); + $User = TableRegistry::get('Users'); $User->updateAll( - array('password' => $User->getDataSource()->value($hash)), - array('User.user' => 'mariano') + array('password' => $hash), + array('username' => 'mariano') ); $request = new Request('posts/index'); - $request->data = array('User' => array( - 'user' => 'mariano', + $request->data = array('Users' => array( + 'username' => 'mariano', 'password' => 'mypass' )); $result = $this->auth->authenticate($request, $this->response); $expected = array( 'id' => 1, - 'user' => 'mariano', - 'created' => '2007-03-17 01:16:23', - 'updated' => '2007-03-17 01:18:31' + 'username' => 'mariano', + 'created' => new \DateTime('2007-03-17 01:16:23'), + 'updated' => new \DateTime('2007-03-17 01:18:31') ); $this->assertEquals($expected, $result); $this->auth = new FormAuthenticate($this->Collection, array( - 'fields' => array('username' => 'user', 'password' => 'password'), - 'userModel' => 'User' + 'fields' => array('username' => 'username', 'password' => 'password'), + 'userModel' => 'Users' )); $this->auth->settings['passwordHasher'] = array( 'className' => 'Simple', diff --git a/Cake/Test/TestCase/Controller/Component/AuthComponentTest.php b/Cake/Test/TestCase/Controller/Component/AuthComponentTest.php index 5258137e11f..f771165ec5f 100644 --- a/Cake/Test/TestCase/Controller/Component/AuthComponentTest.php +++ b/Cake/Test/TestCase/Controller/Component/AuthComponentTest.php @@ -16,23 +16,23 @@ use Cake\Controller\ComponentRegistry; use Cake\Controller\Component\AuthComponent; +use Cake\Controller\Component\SessionComponent; use Cake\Controller\Controller; use Cake\Core\App; use Cake\Core\Configure; use Cake\Error; use Cake\Event\Event; -use Cake\Model\Datasource\Session; use Cake\Network\Request; use Cake\Network\Response; +use Cake\Network\Session; +use Cake\ORM\Entity; +use Cake\ORM\TableRegistry; use Cake\Routing\Dispatcher; use Cake\Routing\Router; -use Cake\TestSuite\Fixture\TestModel; use Cake\TestSuite\TestCase; -use Cake\Utility\ClassRegistry; use Cake\Utility\Security; use TestApp\Controller\AuthTestController; use TestApp\Controller\Component\TestAuthComponent; -use TestApp\Model\AuthUser; /** * AuthComponentTest class @@ -52,7 +52,7 @@ class AuthComponentTest extends TestCase { * * @var array */ - public $fixtures = array('core.auth_user'); + public $fixtures = ['core.user', 'core.auth_user']; /** * initialized property @@ -68,7 +68,6 @@ class AuthComponentTest extends TestCase { */ public function setUp() { parent::setUp(); - $this->markTestIncomplete('Need to revisit once models work again.'); Configure::write('Security.salt', 'YJfIxfs2guVoUubWDYhG93b0qyJfIxfs2guwvniR2G0FgaC9mi'); Configure::write('App.namespace', 'TestApp'); @@ -76,22 +75,19 @@ public function setUp() { $request = new Request(); $this->Controller = new AuthTestController($request, $this->getMock('Cake\Network\Response')); + $this->Controller->constructClasses(); - $collection = new ComponentRegistry(); - $collection->init($this->Controller); - $this->Auth = new TestAuthComponent($collection); + $this->Auth = new TestAuthComponent($this->Controller->Components); $this->Auth->request = $request; $this->Auth->response = $this->getMock('Cake\Network\Response'); AuthComponent::$sessionKey = 'Auth.User'; - $this->Controller->Components->init($this->Controller); - $this->initialized = true; Router::reload(); Router::connect('/:controller/:action/*'); - $User = ClassRegistry::init('AuthUser'); - $User->updateAll(array('password' => $User->getDataSource()->value(Security::hash('cake', null, true)))); + $Users = TableRegistry::get('AuthUsers'); + $Users->updateAll(['password' => Security::hash('cake', null, true)], []); } /** @@ -148,7 +144,7 @@ public function testLogin() { class_alias('AuthLoginFormAuthenticate', 'Cake\Controller\Component\Auth\AuthLoginFormAuthenticate'); $this->Auth->authenticate = array( 'AuthLoginForm' => array( - 'userModel' => 'AuthUser' + 'userModel' => 'AuthUsers' ) ); $this->Auth->Session = $this->getMock('Cake\Controller\Component\SessionComponent', array('renew'), array(), '', false); @@ -157,7 +153,7 @@ class_alias('AuthLoginFormAuthenticate', 'Cake\Controller\Component\Auth\AuthLog $this->mockObjects[] = $mocks[0]; $this->Auth->request->data = array( - 'AuthUser' => array( + 'AuthUsers' => array( 'username' => 'mark', 'password' => Security::hash('cake', null, true) ) @@ -195,6 +191,7 @@ public function testRedirectVarClearing() { $this->assertNull($this->Auth->Session->read('Auth.redirect')); $this->Auth->authenticate = array('Form'); + $event = new Event('Controller.startup', $this->Controller); $this->Auth->startup($event); $this->assertEquals('/auth_test/admin_add', $this->Auth->Session->read('Auth.redirect')); @@ -210,10 +207,10 @@ public function testRedirectVarClearing() { */ public function testAuthorizeFalse() { $event = new Event('Controller.startup', $this->Controller); - $this->AuthUser = new AuthUser(); - $user = $this->AuthUser->find(); - $this->Auth->Session->write('Auth.User', $user['AuthUser']); - $this->Controller->Auth->userModel = 'AuthUser'; + $Users = TableRegistry::get('Users'); + $user = $Users->find('all')->hydrate(false)->first(); + $this->Auth->Session->write('Auth.User', $user); + $this->Controller->Auth->userModel = 'Users'; $this->Controller->Auth->authorize = false; $this->Controller->request->addParams(Router::parse('auth_test/add')); $this->Controller->Auth->initialize($event); @@ -364,12 +361,12 @@ public function testLoadAuthenticateResets() { */ public function testAllConfigWithAuthenticate() { $this->Controller->Auth->authenticate = array( - AuthComponent::ALL => array('userModel' => 'AuthUser'), + AuthComponent::ALL => array('userModel' => 'AuthUsers'), 'Form' ); $objects = $this->Controller->Auth->constructAuthenticate(); $result = $objects[0]; - $this->assertEquals('AuthUser', $result->settings['userModel']); + $this->assertEquals('AuthUsers', $result->settings['userModel']); } /** @@ -468,7 +465,7 @@ public function testAllowedActionsWithCamelCaseMethods() { $this->Controller->request->query['url'] = Router::normalize($url); $this->Controller->Auth->initialize($event); $this->Controller->Auth->loginAction = array('controller' => 'AuthTest', 'action' => 'login'); - $this->Controller->Auth->userModel = 'AuthUser'; + $this->Controller->Auth->userModel = 'AuthUsers'; $this->Controller->Auth->allow(); $result = $this->Controller->Auth->startup($event); $this->assertTrue($result, 'startup() should return true, as action is allowed. %s'); @@ -478,7 +475,7 @@ public function testAllowedActionsWithCamelCaseMethods() { $this->Controller->request->query['url'] = Router::normalize($url); $this->Controller->Auth->initialize($event); $this->Controller->Auth->loginAction = array('controller' => 'AuthTest', 'action' => 'login'); - $this->Controller->Auth->userModel = 'AuthUser'; + $this->Controller->Auth->userModel = 'AuthUsers'; $this->Controller->Auth->allowedActions = array('delete', 'camelCase', 'add'); $result = $this->Controller->Auth->startup($event); $this->assertTrue($result, 'startup() should return true, as action is allowed. %s'); @@ -492,7 +489,7 @@ public function testAllowedActionsWithCamelCaseMethods() { $this->Controller->request->query['url'] = Router::normalize($url); $this->Controller->Auth->initialize($event); $this->Controller->Auth->loginAction = array('controller' => 'AuthTest', 'action' => 'login'); - $this->Controller->Auth->userModel = 'AuthUser'; + $this->Controller->Auth->userModel = 'AuthUsers'; $this->Controller->Auth->allow(array('delete', 'add')); $result = $this->Controller->Auth->startup($event); @@ -503,6 +500,7 @@ public function testAllowedActionsSetWithAllowMethod() { $url = '/auth_test/action_name'; $this->Controller->request->addParams(Router::parse($url)); $this->Controller->request->query['url'] = Router::normalize($url); + $event = new Event('Controller.initialize', $this->Controller); $this->Controller->Auth->initialize($event); $this->Controller->Auth->allow('action_name', 'anotherAction'); $this->assertEquals(array('action_name', 'anotherAction'), $this->Controller->Auth->allowedActions); @@ -514,62 +512,62 @@ public function testAllowedActionsSetWithAllowMethod() { * @return void */ public function testLoginRedirect() { - $event = new Event('Controller.startup', $this->Controller); $url = '/auth_test/camelCase'; - $_SERVER['HTTP_REFERER'] = false; - $_ENV['HTTP_REFERER'] = false; - putenv('HTTP_REFERER='); $this->Auth->Session->write('Auth', array( - 'AuthUser' => array('id' => '1', 'username' => 'nate') + 'AuthUsers' => array('id' => '1', 'username' => 'nate') )); $this->Auth->request->addParams(Router::parse('users/login')); $this->Auth->request->url = 'users/login'; + $this->Auth->request->env('HTTP_REFERER', false); + $event = new Event('Controller.initialize', $this->Controller); $this->Auth->initialize($event); $this->Auth->loginRedirect = array( 'controller' => 'pages', 'action' => 'display', 'welcome' ); + $event = new Event('Controller.startup', $this->Controller); $this->Auth->startup($event); $expected = Router::normalize($this->Auth->loginRedirect); $this->assertEquals($expected, $this->Auth->redirectUrl()); $this->Auth->Session->delete('Auth'); - //empty referer no session - $_SERVER['HTTP_REFERER'] = false; - $_ENV['HTTP_REFERER'] = false; - putenv('HTTP_REFERER='); $url = '/posts/view/1'; $this->Auth->Session->write('Auth', array( - 'AuthUser' => array('id' => '1', 'username' => 'nate')) + 'AuthUsers' => array('id' => '1', 'username' => 'nate')) ); $this->Controller->testUrl = null; $this->Auth->request->addParams(Router::parse($url)); + $this->Auth->request->env('HTTP_REFERER', false); array_push($this->Controller->methods, 'view', 'edit', 'index'); + $event = new Event('Controller.initialize', $this->Controller); $this->Auth->initialize($event); $this->Auth->authorize = 'controller'; $this->Auth->loginAction = array( 'controller' => 'AuthTest', 'action' => 'login' ); + $event = new Event('Controller.startup', $this->Controller); $this->Auth->startup($event); $expected = Router::normalize('/AuthTest/login'); $this->assertEquals($expected, $this->Controller->testUrl); $this->Auth->Session->delete('Auth'); - $_SERVER['HTTP_REFERER'] = $_ENV['HTTP_REFERER'] = Router::url('/admin', true); $this->Auth->Session->write('Auth', array( - 'AuthUser' => array('id' => '1', 'username' => 'nate') + 'AuthUsers' => array('id' => '1', 'username' => 'nate') )); $this->Auth->request->params['action'] = 'login'; $this->Auth->request->url = 'auth_test/login'; + $this->Controller->request->env('HTTP_REFERER', Router::url('/admin', true)); + $event = new Event('Controller.initialize', $this->Controller); $this->Auth->initialize($event); $this->Auth->loginAction = 'auth_test/login'; $this->Auth->loginRedirect = false; + $event = new Event('Controller.startup', $this->Controller); $this->Auth->startup($event); $expected = Router::normalize('/admin'); $this->assertEquals($expected, $this->Auth->redirectUrl()); @@ -579,26 +577,28 @@ public function testLoginRedirect() { $url = '/posts/view/1'; $this->Auth->request->addParams(Router::parse($url)); $this->Auth->request->url = $this->Auth->request->here = Router::normalize($url); + $event = new Event('Controller.initialize', $this->Controller); $this->Auth->initialize($event); $this->Auth->loginAction = array('controller' => 'AuthTest', 'action' => 'login'); + $event = new Event('Controller.startup', $this->Controller); $this->Auth->startup($event); $expected = Router::normalize('posts/view/1'); $this->assertEquals($expected, $this->Auth->Session->read('Auth.redirect')); // QueryString parameters - $_back = $_GET; - $_GET = array( - 'print' => 'true', - 'refer' => 'menu' - ); $this->Auth->Session->delete('Auth'); $url = '/posts/index/29'; $this->Auth->request->addParams(Router::parse($url)); $this->Auth->request->url = $this->Auth->request->here = Router::normalize($url); - $this->Auth->request->query = $_GET; + $this->Auth->request->query = array( + 'print' => 'true', + 'refer' => 'menu' + ); + $event = new Event('Controller.initialize', $this->Controller); $this->Auth->initialize($event); $this->Auth->loginAction = array('controller' => 'AuthTest', 'action' => 'login'); + $event = new Event('Controller.startup', $this->Controller); $this->Auth->startup($event); $expected = Router::normalize('posts/index/29?print=true&refer=menu'); $this->assertEquals($expected, $this->Auth->Session->read('Auth.redirect')); @@ -606,8 +606,6 @@ public function testLoginRedirect() { // Different base urls. $appConfig = Configure::read('App'); - $_GET = array(); - Configure::write('App', array( 'dir' => APP_DIR, 'webroot' => WEBROOT_DIR, @@ -618,45 +616,49 @@ public function testLoginRedirect() { $this->Auth->Session->delete('Auth'); $url = '/posts/add'; - $this->Auth->request = $this->Controller->request = new CakeRequest($url); + $this->Auth->request = $this->Controller->request = new Request($url); $this->Auth->request->addParams(Router::parse($url)); $this->Auth->request->url = Router::normalize($url); - $this->Auth->initialize($this->Controller); + $event = new Event('Controller.initialize', $this->Controller); + $this->Auth->initialize($event); $this->Auth->loginAction = array('controller' => 'users', 'action' => 'login'); - $this->Auth->startup($this->Controller); + $event = new Event('Controller.startup', $this->Controller); + $this->Auth->startup($event); $expected = Router::normalize('/posts/add'); $this->assertEquals($expected, $this->Auth->Session->read('Auth.redirect')); $this->Auth->Session->delete('Auth'); Configure::write('App', $appConfig); - $_GET = $_back; - // External Authed Action - $_SERVER['HTTP_REFERER'] = 'http://webmail.example.com/view/message'; $this->Auth->Session->delete('Auth'); $url = '/posts/edit/1'; $request = new Request($url); + $request->env('HTTP_REFERER', 'http://webmail.example.com/view/message'); $request->query = array(); $this->Auth->request = $this->Controller->request = $request; $this->Auth->request->addParams(Router::parse($url)); $this->Auth->request->url = $this->Auth->request->here = Router::normalize($url); + $event = new Event('Controller.initialize', $this->Controller); $this->Auth->initialize($event); $this->Auth->loginAction = array('controller' => 'AuthTest', 'action' => 'login'); + $event = new Event('Controller.startup', $this->Controller); $this->Auth->startup($event); $expected = Router::normalize('/posts/edit/1'); $this->assertEquals($expected, $this->Auth->Session->read('Auth.redirect')); // External Direct Login Link - $_SERVER['HTTP_REFERER'] = 'http://webmail.example.com/view/message'; $this->Auth->Session->delete('Auth'); $url = '/AuthTest/login'; $this->Auth->request = $this->Controller->request = new Request($url); + $this->Auth->request->env('HTTP_REFERER', 'http://webmail.example.com/view/message'); $this->Auth->request->addParams(Router::parse($url)); $this->Auth->request->url = Router::normalize($url); + $event = new Event('Controller.initialize', $this->Controller); $this->Auth->initialize($event); $this->Auth->loginAction = array('controller' => 'AuthTest', 'action' => 'login'); + $event = new Event('Controller.startup', $this->Controller); $this->Auth->startup($event); $expected = Router::normalize('/'); $this->assertEquals($expected, $this->Auth->Session->read('Auth.redirect')); @@ -681,7 +683,8 @@ public function testNoLoginRedirectForAuthenticatedUser() { $this->Auth->authorize = array('NoLoginRedirectMockAuthorize'); $this->Auth->loginAction = array('controller' => 'auth_test', 'action' => 'login'); - $return = $this->Auth->startup($this->Controller); + $event = new Event('Controller.startup', $this->Controller); + $return = $this->Auth->startup($event); $this->assertTrue($return); $this->assertNull($this->Controller->testUrl); } @@ -692,13 +695,9 @@ public function testNoLoginRedirectForAuthenticatedUser() { * @return void */ public function testDefaultToLoginRedirect() { - $event = new Event('Controller.startup', $this->Controller); - $_SERVER['HTTP_REFERER'] = false; - $_ENV['HTTP_REFERER'] = false; - putenv('HTTP_REFERER='); - $url = '/party/on'; $this->Auth->request = $Request = new Request($url); + $Request->env('HTTP_REFERER', false); $this->Auth->request->addParams(Router::parse($url)); $this->Auth->authorize = array('Controller'); $this->Auth->login(array('username' => 'mariano', 'password' => 'cake')); @@ -712,6 +711,7 @@ public function testDefaultToLoginRedirect() { array('on', 'redirect'), array($Request, $response) ); + $event = new Event('Controller.startup', $Controller); $expected = Router::url($this->Auth->loginRedirect, true); $Controller->expects($this->once()) @@ -731,9 +731,9 @@ public function testRedirectToUnauthorizedRedirect() { $this->Auth->request->addParams(Router::parse($url)); $this->Auth->authorize = array('Controller'); $this->Auth->login(array('username' => 'admad', 'password' => 'cake')); - $this->Auth->unauthorizedRedirect = array( - 'controller' => 'no_can_do', 'action' => 'jack' - ); + + $expected = ['controller' => 'no_can_do', 'action' => 'jack']; + $this->Auth->unauthorizedRedirect = $expected; $response = new Response(); $Controller = $this->getMock( @@ -742,19 +742,19 @@ public function testRedirectToUnauthorizedRedirect() { array($request, $response) ); $this->Auth->Session = $this->getMock( - 'SessionComponent', + 'Cake\Controller\Component\SessionComponent', array('setFlash'), array($Controller->Components) ); - $expected = array( - 'controller' => 'no_can_do', 'action' => 'jack' - ); $Controller->expects($this->once()) ->method('redirect') ->with($this->equalTo($expected)); + $this->Auth->Session->expects($this->once()) ->method('setFlash'); + + $event = new Event('Controller.startup', $Controller); $this->Auth->startup($event); } @@ -764,37 +764,35 @@ public function testRedirectToUnauthorizedRedirect() { * @return void */ public function testRedirectToUnauthorizedRedirectSuppressedAuthError() { - $event = new Event('Controller.startup', $this->Controller); $url = '/party/on'; - $this->Auth->request = $CakeRequest = new CakeRequest($url); + $this->Auth->request = $Request = new Request($url); $this->Auth->request->addParams(Router::parse($url)); $this->Auth->authorize = array('Controller'); $this->Auth->login(array('username' => 'admad', 'password' => 'cake')); - $this->Auth->unauthorizedRedirect = array( - 'controller' => 'no_can_do', 'action' => 'jack' - ); + $expected = ['controller' => 'no_can_do', 'action' => 'jack']; + $this->Auth->unauthorizedRedirect = $expected; $this->Auth->authError = false; - $CakeResponse = new CakeResponse(); + $Response = new Response(); $Controller = $this->getMock( - 'Controller', + 'Cake\Controller\Controller', array('on', 'redirect'), - array($CakeRequest, $CakeResponse) + array($Request, $Response) ); $this->Auth->Session = $this->getMock( - 'SessionComponent', + 'Cake\Controller\Component\SessionComponent', array('setFlash'), array($Controller->Components) ); - $expected = array( - 'controller' => 'no_can_do', 'action' => 'jack' - ); $Controller->expects($this->once()) ->method('redirect') ->with($this->equalTo($expected)); + $this->Auth->Session->expects($this->never()) ->method('setFlash'); + + $event = new Event('Controller.startup', $Controller); $this->Auth->startup($event); } @@ -804,12 +802,10 @@ public function testRedirectToUnauthorizedRedirectSuppressedAuthError() { * @return void */ public function testForbiddenException() { - $event = new Event('Controller.startup', $this->Controller); $url = '/party/on'; $this->Auth->request = $request = new Request($url); $this->Auth->request->addParams(Router::parse($url)); $this->Auth->authorize = array('Controller'); - $this->Auth->authorize = array('Controller'); $this->Auth->unauthorizedRedirect = false; $this->Auth->login(array('username' => 'baker', 'password' => 'cake')); @@ -820,6 +816,7 @@ public function testForbiddenException() { array($request, $response) ); + $event = new Event('Controller.startup', $Controller); $this->Auth->startup($event); } @@ -896,15 +893,16 @@ public function testAdminRoute() { * @return void */ public function testAjaxLogin() { - $_SERVER['HTTP_X_REQUESTED_WITH'] = 'XMLHttpRequest'; - ob_start(); + $request = new Request([ + 'url' => '/ajax_auth/add', + 'environment' => ['HTTP_X_REQUESTED_WITH' => 'XMLHttpRequest'] + ]); $Dispatcher = new Dispatcher(); - $Dispatcher->dispatch(new Request('/ajax_auth/add'), new Response(), array('return' => 1)); + $Dispatcher->dispatch($request, new Response(), array('return' => 1)); $result = ob_get_clean(); $this->assertEquals("Ajax!\nthis is the test element", str_replace("\r\n", "\n", $result)); - unset($_SERVER['HTTP_X_REQUESTED_WITH']); } /** @@ -953,13 +951,13 @@ public function testLoginActionRedirect() { */ public function testStatelessAuthWorksWithUser() { $event = new Event('Controller.startup', $this->Controller); - $_SERVER['PHP_AUTH_USER'] = 'mariano'; - $_SERVER['PHP_AUTH_PW'] = 'cake'; $url = '/auth_test/add'; $this->Auth->request->addParams(Router::parse($url)); + $this->Auth->request->env('PHP_AUTH_USER', 'mariano'); + $this->Auth->request->env('PHP_AUTH_PW', 'cake'); $this->Auth->authenticate = array( - 'Basic' => array('userModel' => 'AuthUser') + 'Basic' => array('userModel' => 'AuthUsers') ); $this->Auth->startup($event); @@ -1008,7 +1006,7 @@ public function testLogout() { $result = $this->Auth->logout(); $this->assertEquals('/', $result); - $this->assertNull($this->Auth->Session->read('Auth.AuthUser')); + $this->assertNull($this->Auth->Session->read('Auth.AuthUsers')); $this->assertNull($this->Auth->Session->read('Auth.redirect')); } @@ -1080,8 +1078,8 @@ public function testLoginWithUserData() { $user = array( 'username' => 'mariano', 'password' => '5f4dcc3b5aa765d61d8327deb882cf99', - 'created' => '2007-03-17 01:16:23', - 'updated' => '2007-03-17 01:18:31' + 'created' => new \DateTime('2007-03-17 01:16:23'), + 'updated' => new \DateTime('2007-03-17 01:18:31') ); $this->assertTrue($this->Auth->login($user)); $this->assertTrue($this->Auth->loggedIn()); @@ -1184,7 +1182,7 @@ public function testRedirectUrlWithBaseSet() { )); $url = '/users/login'; - $this->Auth->request = $this->Controller->request = new CakeRequest($url); + $this->Auth->request = $this->Controller->request = new Request($url); $this->Auth->request->addParams(Router::parse($url)); $this->Auth->request->url = Router::normalize($url); @@ -1272,17 +1270,16 @@ public function testStatelessAuthNoSessionStart() { Session::$id = null; } $event = new Event('Controller.startup', $this->Controller); - $_SESSION = null; - - $_SERVER['PHP_AUTH_USER'] = 'mariano'; - $_SERVER['PHP_AUTH_PW'] = 'cake'; AuthComponent::$sessionKey = false; $this->Auth->authenticate = array( - 'Basic' => array('userModel' => 'AuthUser') + 'Basic' => array('userModel' => 'AuthUsers') ); $this->Controller->request['action'] = 'admin_add'; + $this->Controller->request->env('PHP_AUTH_USER', 'mariano'); + $this->Controller->request->env('PHP_AUTH_PW', 'cake'); + $result = $this->Auth->startup($event); $this->assertTrue($result);