From 020ea9e10577217f17372cb6510d872f9a5c647c Mon Sep 17 00:00:00 2001 From: Christopher Smith Date: Wed, 31 Jul 2013 18:15:57 +0200 Subject: unit tests for self deleting of user accounts --- _test/tests/inc/auth_deleteprofile.test.php | 179 ++++++++++++++++++++++++++++ 1 file changed, 179 insertions(+) create mode 100644 _test/tests/inc/auth_deleteprofile.test.php (limited to '_test') diff --git a/_test/tests/inc/auth_deleteprofile.test.php b/_test/tests/inc/auth_deleteprofile.test.php new file mode 100644 index 000000000..dc38fcd16 --- /dev/null +++ b/_test/tests/inc/auth_deleteprofile.test.php @@ -0,0 +1,179 @@ +cando['delUser'] = $canDeleteUser; + } + + public function checkPass($user, $pass) { + return $pass == 'password'; + } + + public function deleteUsers($users) { + return in_array($_SERVER['REMOTE_USER'], $users); + } + + public function logoff() { + $this->loggedOff = true; + } + +} + +class auth_deleteprofile_test extends DokuWikiTest { + + /* + * Tests: + * + * 1. It works and the user is logged off + * 2. Password matches when config requires it + * 3,4. Auth plugin can prevent & wiki config can prevent + * 5. Any of invalid security token, missing/not set 'delete' flag, missing/unchecked 'confirm_delete' + * + */ + + function test_success() { + + global $ACT, $INPUT, $conf, $auth; + + $ACT = 'profile_delete'; + $conf['profileconfirm'] = false; + $_SERVER['REMOTE_USER'] = 'testuser'; + + $input = array( + 'do' => $ACT, + 'sectok' => getSecurityToken(), + 'delete' => '1', + 'confirm_delete' => '1', + ); + + $_POST = $input; + $_REQUEST = $input; + $INPUT = new Input(); + + $auth = new Mock_Auth_Plugin(); + + $this->assertTrue(auth_deleteprofile()); + $this->assertTrue($auth->loggedOff); + } + + function test_confirmation_required() { + + global $ACT, $INPUT, $conf, $auth; + + $ACT = 'profile_delete'; + $conf['profileconfirm'] = true; + $_SERVER['REMOTE_USER'] = 'testuser'; + + $input = array( + 'do' => $ACT, + 'sectok' => getSecurityToken(), + 'delete' => '1', + 'confirm_delete' => '1', + 'oldpass' => 'wrong', + ); + + $_POST = $input; + $_REQUEST = $input; + $INPUT = new Input(); + + $auth = new Mock_Auth_Plugin(); + + // password check required - it fails, so don't delete profile + $this->assertFalse(auth_deleteprofile()); + + // now it passes, we're good to go + $INPUT->set('oldpass','password'); + $INPUT->post->set('oldpass','password'); + $this->assertTrue(auth_deleteprofile()); + } + + function test_authconfig_prevents() { + + global $ACT, $INPUT, $conf, $auth; + + $ACT = 'profile_delete'; + $conf['profileconfirm'] = false; + $_SERVER['REMOTE_USER'] = 'testuser'; + + $input = array( + 'do' => $ACT, + 'sectok' => getSecurityToken(), + 'delete' => '1', + 'confirm_delete' => '1', + ); + + $_POST = $input; + $_REQUEST = $input; + $INPUT = new Input(); + + $auth = new Mock_Auth_Plugin(false); + $conf['disableactions'] = ''; + $this->assertFalse(auth_deleteprofile()); + } + + function test_wikiconfig_prevents() { + + global $ACT, $INPUT, $conf, $auth; + + $ACT = 'profile_delete'; + $conf['profileconfirm'] = false; + $_SERVER['REMOTE_USER'] = 'testuser'; + + $input = array( + 'do' => $ACT, + 'sectok' => getSecurityToken(), + 'delete' => '1', + 'confirm_delete' => '1', + ); + + $_POST = $input; + $_REQUEST = $input; + $INPUT = new Input(); + + $auth = new Mock_Auth_Plugin(); + $conf['disableactions'] = 'profile_delete'; + + $this->assertFalse(actionOK('profile_delete')); + $this->assertTrue($auth->canDo('delUser')); + + $this->assertFalse(auth_deleteprofile()); + } + + function test_basic_parameters() { + + global $ACT, $INPUT, $conf, $auth; + + $ACT = 'profile_delete'; + $conf['profileconfirm'] = true; + $_SERVER['REMOTE_USER'] = 'testuser'; + + $input = array( + 'do' => $ACT, + 'sectok' => getSecurityToken(), + 'delete' => '1', + 'confirm_delete' => '1', + 'oldpass' => 'password', + ); + + $_POST = $input; + $_REQUEST = $input; + $input_foundation = new Input(); + + $auth = new Mock_Auth_Plugin(); + + $INPUT = clone $input_foundation; + $INPUT->remove('delete'); + $this->assertFalse(auth_deleteprofile()); + + $INPUT = clone $input_foundation; + $INPUT->set('sectok','wrong'); + $this->assertFalse(auth_deleteprofile()); + + $INPUT = clone $input_foundation; + $INPUT->remove('confirm_delete'); + $this->assertFalse(auth_deleteprofile()); + } +} \ No newline at end of file -- cgit v1.2.3 From 20284fef7eb61e54db0fd854a9172295aa4f8baa Mon Sep 17 00:00:00 2001 From: Andreas Gohr Date: Fri, 2 Aug 2013 13:44:33 +0200 Subject: HTTPClient don't pull too much bytes when no content-length is given --- _test/tests/inc/httpclient_http.test.php | 5 +++++ 1 file changed, 5 insertions(+) (limited to '_test') diff --git a/_test/tests/inc/httpclient_http.test.php b/_test/tests/inc/httpclient_http.test.php index 522f0790c..43dd4478f 100644 --- a/_test/tests/inc/httpclient_http.test.php +++ b/_test/tests/inc/httpclient_http.test.php @@ -122,9 +122,14 @@ class httpclient_http_test extends DokuWikiTest { function test_maxbody(){ $http = new HTTPClient(); $http->max_bodysize = 250; + + // this should abort completely $data = $http->get($this->server.'/stream/30'); $this->assertTrue($data === false, 'HTTP response'); + + // this should read just the needed bytes $http->max_bodysize_abort = false; + $http->keep_alive = false; $data = $http->get($this->server.'/stream/30'); $this->assertFalse($data === false, 'HTTP response'); /* should read no more than max_bodysize+1 */ -- cgit v1.2.3