Changeset 49109 for trunk/tests/phpunit/tests/auth.php
- Timestamp:
- 10/08/2020 10:12:02 PM (5 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/tests/phpunit/tests/auth.php
r48937 r49109 7 7 class Tests_Auth extends WP_UnitTestCase { 8 8 protected $user; 9 10 /** 11 * @var WP_User 12 */ 9 13 protected static $_user; 10 14 protected static $user_id; … … 34 38 $this->user = clone self::$_user; 35 39 wp_set_current_user( self::$user_id ); 40 } 41 42 public function tearDown() { 43 parent::tearDown(); 44 45 // Cleanup all the global state. 46 unset( $_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW'], $GLOBALS['wp_rest_application_password_status'] ); 36 47 } 37 48 … … 415 426 } 416 427 428 /** 429 * HTTP Auth headers are used to determine the current user. 430 * 431 * @ticket 42790 432 * 433 * @covers ::wp_validate_application_password 434 */ 435 public function test_application_password_authentication() { 436 $user_id = $this->factory()->user->create( 437 array( 438 'user_login' => 'http_auth_login', 439 'user_pass' => 'http_auth_pass', // Shouldn't be allowed for API login. 440 ) 441 ); 442 443 // Create a new app-only password. 444 list( $user_app_password ) = WP_Application_Passwords::create_new_application_password( $user_id, array( 'name' => 'phpunit' ) ); 445 446 // Fake a REST API request. 447 add_filter( 'application_password_is_api_request', '__return_true' ); 448 add_filter( 'wp_is_application_passwords_available', '__return_true' ); 449 450 // Fake an HTTP Auth request with the regular account password first. 451 $_SERVER['PHP_AUTH_USER'] = 'http_auth_login'; 452 $_SERVER['PHP_AUTH_PW'] = 'http_auth_pass'; 453 454 $this->assertEquals( 455 0, 456 wp_validate_application_password( null ), 457 'Regular user account password should not be allowed for API authentication' 458 ); 459 460 // Not try with an App password instead. 461 $_SERVER['PHP_AUTH_PW'] = $user_app_password; 462 463 $this->assertEquals( 464 $user_id, 465 wp_validate_application_password( null ), 466 'Application passwords should be allowed for API authentication' 467 ); 468 } 469 470 /** 471 * @ticket 42790 472 */ 473 public function test_authenticate_application_password_respects_existing_user() { 474 $this->assertSame( self::$_user, wp_authenticate_application_password( self::$_user, self::$_user->user_login, 'password' ) ); 475 } 476 477 /** 478 * @ticket 42790 479 */ 480 public function test_authenticate_application_password_is_rejected_if_not_api_request() { 481 add_filter( 'application_password_is_api_request', '__return_false' ); 482 483 $this->assertNull( wp_authenticate_application_password( null, self::$_user->user_login, 'password' ) ); 484 } 485 486 /** 487 * @ticket 42790 488 */ 489 public function test_authenticate_application_password_invalid_username() { 490 add_filter( 'application_password_is_api_request', '__return_true' ); 491 492 $error = wp_authenticate_application_password( null, 'idonotexist', 'password' ); 493 $this->assertWPError( $error ); 494 $this->assertEquals( 'invalid_username', $error->get_error_code() ); 495 } 496 497 /** 498 * @ticket 42790 499 */ 500 public function test_authenticate_application_password_invalid_email() { 501 add_filter( 'application_password_is_api_request', '__return_true' ); 502 503 $error = wp_authenticate_application_password( null, 'idonotexist@example.org', 'password' ); 504 $this->assertWPError( $error ); 505 $this->assertEquals( 'invalid_email', $error->get_error_code() ); 506 } 507 508 /** 509 * @ticket 42790 510 */ 511 public function test_authenticate_application_password_not_allowed() { 512 add_filter( 'application_password_is_api_request', '__return_true' ); 513 add_filter( 'wp_is_application_passwords_available', '__return_false' ); 514 515 $error = wp_authenticate_application_password( null, self::$_user->user_login, 'password' ); 516 $this->assertWPError( $error ); 517 $this->assertEquals( 'application_passwords_disabled', $error->get_error_code() ); 518 } 519 520 /** 521 * @ticket 42790 522 */ 523 public function test_authenticate_application_password_not_allowed_for_user() { 524 add_filter( 'application_password_is_api_request', '__return_true' ); 525 add_filter( 'wp_is_application_passwords_available', '__return_true' ); 526 add_filter( 'wp_is_application_passwords_available_for_user', '__return_false' ); 527 528 $error = wp_authenticate_application_password( null, self::$_user->user_login, 'password' ); 529 $this->assertWPError( $error ); 530 $this->assertEquals( 'application_passwords_disabled', $error->get_error_code() ); 531 } 532 533 /** 534 * @ticket 42790 535 */ 536 public function test_authenticate_application_password_incorrect_password() { 537 add_filter( 'application_password_is_api_request', '__return_true' ); 538 add_filter( 'wp_is_application_passwords_available', '__return_true' ); 539 540 $error = wp_authenticate_application_password( null, self::$_user->user_login, 'password' ); 541 $this->assertWPError( $error ); 542 $this->assertEquals( 'incorrect_password', $error->get_error_code() ); 543 } 544 545 /** 546 * @ticket 42790 547 */ 548 public function test_authenticate_application_password_custom_errors() { 549 add_filter( 'application_password_is_api_request', '__return_true' ); 550 add_filter( 'wp_is_application_passwords_available', '__return_true' ); 551 552 add_action( 553 'wp_authenticate_application_password_errors', 554 static function ( WP_Error $error ) { 555 $error->add( 'my_code', 'My Error' ); 556 } 557 ); 558 559 list( $password ) = WP_Application_Passwords::create_new_application_password( self::$user_id, array( 'name' => 'phpunit' ) ); 560 561 $error = wp_authenticate_application_password( null, self::$_user->user_login, $password ); 562 $this->assertWPError( $error ); 563 $this->assertEquals( 'my_code', $error->get_error_code() ); 564 } 565 566 /** 567 * @ticket 42790 568 */ 569 public function test_authenticate_application_password_by_username() { 570 add_filter( 'application_password_is_api_request', '__return_true' ); 571 add_filter( 'wp_is_application_passwords_available', '__return_true' ); 572 573 list( $password ) = WP_Application_Passwords::create_new_application_password( self::$user_id, array( 'name' => 'phpunit' ) ); 574 575 $user = wp_authenticate_application_password( null, self::$_user->user_login, $password ); 576 $this->assertInstanceOf( WP_User::class, $user ); 577 $this->assertEquals( self::$user_id, $user->ID ); 578 } 579 580 /** 581 * @ticket 42790 582 */ 583 public function test_authenticate_application_password_by_email() { 584 add_filter( 'application_password_is_api_request', '__return_true' ); 585 add_filter( 'wp_is_application_passwords_available', '__return_true' ); 586 587 list( $password ) = WP_Application_Passwords::create_new_application_password( self::$user_id, array( 'name' => 'phpunit' ) ); 588 589 $user = wp_authenticate_application_password( null, self::$_user->user_email, $password ); 590 $this->assertInstanceOf( WP_User::class, $user ); 591 $this->assertEquals( self::$user_id, $user->ID ); 592 } 593 594 /** 595 * @ticket 42790 596 */ 597 public function test_authenticate_application_password_chunked() { 598 add_filter( 'application_password_is_api_request', '__return_true' ); 599 add_filter( 'wp_is_application_passwords_available', '__return_true' ); 600 601 list( $password ) = WP_Application_Passwords::create_new_application_password( self::$user_id, array( 'name' => 'phpunit' ) ); 602 603 $user = wp_authenticate_application_password( null, self::$_user->user_email, WP_Application_Passwords::chunk_password( $password ) ); 604 $this->assertInstanceOf( WP_User::class, $user ); 605 $this->assertEquals( self::$user_id, $user->ID ); 606 } 417 607 }
Note: See TracChangeset
for help on using the changeset viewer.