2019-12-29 05:37:39 +13:00
|
|
|
<?php
|
|
|
|
|
|
2022-08-01 22:22:04 +12:00
|
|
|
namespace Tests\Unit\Auth;
|
2019-12-29 05:37:39 +13:00
|
|
|
|
2020-03-25 06:56:32 +13:00
|
|
|
use Appwrite\Auth\Auth;
|
2022-07-13 01:32:39 +12:00
|
|
|
use Utopia\Database\DateTime;
|
2021-10-08 08:19:58 +13:00
|
|
|
use Utopia\Database\Document;
|
2022-08-14 22:33:36 +12:00
|
|
|
use Utopia\Database\ID;
|
2022-08-19 16:04:33 +12:00
|
|
|
use Utopia\Database\Role;
|
2021-10-08 08:27:23 +13:00
|
|
|
use Utopia\Database\Validator\Authorization;
|
2019-12-29 05:37:39 +13:00
|
|
|
use PHPUnit\Framework\TestCase;
|
2022-07-06 04:57:19 +12:00
|
|
|
use Utopia\Database\Database;
|
2019-12-29 05:37:39 +13:00
|
|
|
|
|
|
|
|
class AuthTest extends TestCase
|
|
|
|
|
{
|
2021-10-08 09:24:09 +13:00
|
|
|
/**
|
|
|
|
|
* Reset Roles
|
|
|
|
|
*/
|
2020-10-01 10:08:58 +13:00
|
|
|
public function tearDown(): void
|
2019-12-29 05:37:39 +13:00
|
|
|
{
|
2021-10-08 09:24:09 +13:00
|
|
|
Authorization::cleanRoles();
|
2022-08-19 16:04:33 +12:00
|
|
|
Authorization::setRole(Role::any()->toString());
|
2019-12-29 05:37:39 +13:00
|
|
|
}
|
|
|
|
|
|
2022-08-01 22:22:04 +12:00
|
|
|
public function testCookieName(): void
|
2019-12-29 05:37:39 +13:00
|
|
|
{
|
|
|
|
|
$name = 'cookie-name';
|
|
|
|
|
|
|
|
|
|
$this->assertEquals(Auth::setCookieName($name), $name);
|
|
|
|
|
$this->assertEquals(Auth::$cookieName, $name);
|
|
|
|
|
}
|
|
|
|
|
|
2022-08-01 22:22:04 +12:00
|
|
|
public function testEncodeDecodeSession(): void
|
2019-12-29 05:37:39 +13:00
|
|
|
{
|
|
|
|
|
$id = 'id';
|
|
|
|
|
$secret = 'secret';
|
|
|
|
|
$session = 'eyJpZCI6ImlkIiwic2VjcmV0Ijoic2VjcmV0In0=';
|
|
|
|
|
|
|
|
|
|
$this->assertEquals(Auth::encodeSession($id, $secret), $session);
|
|
|
|
|
$this->assertEquals(Auth::decodeSession($session), ['id' => $id, 'secret' => $secret]);
|
|
|
|
|
}
|
2022-05-24 02:54:50 +12:00
|
|
|
|
2022-08-01 22:22:04 +12:00
|
|
|
public function testHash(): void
|
2019-12-29 05:37:39 +13:00
|
|
|
{
|
|
|
|
|
$secret = 'secret';
|
|
|
|
|
$this->assertEquals(Auth::hash($secret), '2bb80d537b1da3e38bd30361aa855686bde0eacd7162fef6a25fe97bf527a25b');
|
|
|
|
|
}
|
2022-05-24 02:54:50 +12:00
|
|
|
|
2022-08-01 22:22:04 +12:00
|
|
|
public function testPassword(): void
|
2019-12-29 05:37:39 +13:00
|
|
|
{
|
2022-05-02 02:13:59 +12:00
|
|
|
/*
|
|
|
|
|
General tests, using pre-defined hashes generated by online tools
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
// Bcrypt - Version Y
|
|
|
|
|
$plain = 'secret';
|
|
|
|
|
$hash = '$2y$08$PDbMtV18J1KOBI9tIYabBuyUwBrtXPGhLxCy9pWP6xkldVOKLrLKy';
|
|
|
|
|
$generatedHash = Auth::passwordHash($plain, 'bcrypt');
|
|
|
|
|
$this->assertEquals(true, Auth::passwordVerify($plain, $generatedHash, 'bcrypt'));
|
|
|
|
|
$this->assertEquals(true, Auth::passwordVerify($plain, $hash, 'bcrypt'));
|
2022-06-22 01:59:52 +12:00
|
|
|
$this->assertEquals(false, Auth::passwordVerify('wrongPassword', $hash, 'bcrypt'));
|
2022-05-02 02:13:59 +12:00
|
|
|
|
|
|
|
|
// Bcrypt - Version A
|
|
|
|
|
$plain = 'test123';
|
|
|
|
|
$hash = '$2a$12$3f2ZaARQ1AmhtQWx2nmQpuXcWfTj1YV2/Hl54e8uKxIzJe3IfwLiu';
|
|
|
|
|
$generatedHash = Auth::passwordHash($plain, 'bcrypt');
|
|
|
|
|
$this->assertEquals(true, Auth::passwordVerify($plain, $generatedHash, 'bcrypt'));
|
|
|
|
|
$this->assertEquals(true, Auth::passwordVerify($plain, $hash, 'bcrypt'));
|
2022-06-22 01:59:52 +12:00
|
|
|
$this->assertEquals(false, Auth::passwordVerify('wrongPassword', $hash, 'bcrypt'));
|
2022-05-02 02:13:59 +12:00
|
|
|
|
|
|
|
|
// Bcrypt - Cost 5
|
|
|
|
|
$plain = 'hello-world';
|
|
|
|
|
$hash = '$2a$05$IjrtSz6SN7UJ6Sh3l.b5jODEvEG2LMJTPAHIaLWRvlWx7if3VMkFO';
|
|
|
|
|
$generatedHash = Auth::passwordHash($plain, 'bcrypt');
|
|
|
|
|
$this->assertEquals(true, Auth::passwordVerify($plain, $generatedHash, 'bcrypt'));
|
|
|
|
|
$this->assertEquals(true, Auth::passwordVerify($plain, $hash, 'bcrypt'));
|
2022-06-22 01:59:52 +12:00
|
|
|
$this->assertEquals(false, Auth::passwordVerify('wrongPassword', $hash, 'bcrypt'));
|
2022-05-02 02:13:59 +12:00
|
|
|
|
|
|
|
|
// Bcrypt - Cost 15
|
|
|
|
|
$plain = 'super-secret-password';
|
|
|
|
|
$hash = '$2a$15$DS0ZzbsFZYumH/E4Qj5oeOHnBcM3nCCsCA2m4Goigat/0iMVQC4Na';
|
|
|
|
|
$generatedHash = Auth::passwordHash($plain, 'bcrypt');
|
|
|
|
|
$this->assertEquals(true, Auth::passwordVerify($plain, $generatedHash, 'bcrypt'));
|
|
|
|
|
$this->assertEquals(true, Auth::passwordVerify($plain, $hash, 'bcrypt'));
|
2022-06-22 01:59:52 +12:00
|
|
|
$this->assertEquals(false, Auth::passwordVerify('wrongPassword', $hash, 'bcrypt'));
|
2022-05-02 02:13:59 +12:00
|
|
|
|
|
|
|
|
// MD5 - Short
|
|
|
|
|
$plain = 'appwrite';
|
|
|
|
|
$hash = '144fa7eaa4904e8ee120651997f70dcc';
|
|
|
|
|
$generatedHash = Auth::passwordHash($plain, 'md5');
|
|
|
|
|
$this->assertEquals(true, Auth::passwordVerify($plain, $generatedHash, 'md5'));
|
|
|
|
|
$this->assertEquals(true, Auth::passwordVerify($plain, $hash, 'md5'));
|
2022-06-22 01:59:52 +12:00
|
|
|
$this->assertEquals(false, Auth::passwordVerify('wrongPassword', $hash, 'md5'));
|
2022-05-02 02:13:59 +12:00
|
|
|
|
|
|
|
|
// MD5 - Long
|
|
|
|
|
$plain = 'AppwriteIsAwesomeBackendAsAServiceThatIsAlsoOpenSourced';
|
|
|
|
|
$hash = '8410e96cf7ac64e0b84c3f8517a82616';
|
|
|
|
|
$generatedHash = Auth::passwordHash($plain, 'md5');
|
|
|
|
|
$this->assertEquals(true, Auth::passwordVerify($plain, $generatedHash, 'md5'));
|
|
|
|
|
$this->assertEquals(true, Auth::passwordVerify($plain, $hash, 'md5'));
|
2022-06-22 01:59:52 +12:00
|
|
|
$this->assertEquals(false, Auth::passwordVerify('wrongPassword', $hash, 'md5'));
|
2022-05-02 02:13:59 +12:00
|
|
|
|
|
|
|
|
// PHPass
|
|
|
|
|
$plain = 'pass123';
|
|
|
|
|
$hash = '$P$BVKPmJBZuLch27D4oiMRTEykGLQ9tX0';
|
|
|
|
|
$generatedHash = Auth::passwordHash($plain, 'phpass');
|
|
|
|
|
$this->assertEquals(true, Auth::passwordVerify($plain, $generatedHash, 'phpass'));
|
|
|
|
|
$this->assertEquals(true, Auth::passwordVerify($plain, $hash, 'phpass'));
|
2022-06-22 01:59:52 +12:00
|
|
|
$this->assertEquals(false, Auth::passwordVerify('wrongPassword', $hash, 'phpass'));
|
2022-05-02 02:13:59 +12:00
|
|
|
|
2022-05-07 02:35:08 +12:00
|
|
|
// SHA
|
|
|
|
|
$plain = 'developersAreAwesome!';
|
|
|
|
|
$hash = '2455118438cb125354b89bb5888346e9bd23355462c40df393fab514bf2220b5a08e4e2d7b85d7327595a450d0ac965cc6661152a46a157c66d681bed20a4735';
|
|
|
|
|
$generatedHash = Auth::passwordHash($plain, 'sha');
|
|
|
|
|
$this->assertEquals(true, Auth::passwordVerify($plain, $generatedHash, 'sha'));
|
|
|
|
|
$this->assertEquals(true, Auth::passwordVerify($plain, $hash, 'sha'));
|
2022-06-22 01:59:52 +12:00
|
|
|
$this->assertEquals(false, Auth::passwordVerify('wrongPassword', $hash, 'sha'));
|
2022-05-07 02:35:08 +12:00
|
|
|
|
2022-05-05 02:37:37 +12:00
|
|
|
// Argon2
|
|
|
|
|
$plain = 'safe-argon-password';
|
|
|
|
|
$hash = '$argon2id$v=19$m=2048,t=3,p=4$MWc5NWRmc2QxZzU2$41mp7rSgBZ49YxLbbxIac7aRaxfp5/e1G45ckwnK0g8';
|
|
|
|
|
$generatedHash = Auth::passwordHash($plain, 'argon2');
|
|
|
|
|
$this->assertEquals(true, Auth::passwordVerify($plain, $generatedHash, 'argon2'));
|
|
|
|
|
$this->assertEquals(true, Auth::passwordVerify($plain, $hash, 'argon2'));
|
2022-06-22 01:59:52 +12:00
|
|
|
$this->assertEquals(false, Auth::passwordVerify('wrongPassword', $hash, 'argon2'));
|
2022-05-05 02:37:37 +12:00
|
|
|
|
2022-06-17 21:25:28 +12:00
|
|
|
// Scrypt
|
2022-06-14 21:05:46 +12:00
|
|
|
$plain = 'some-scrypt-password';
|
2022-06-25 02:10:28 +12:00
|
|
|
$hash = 'b448ad7ba88b653b5b56b8053a06806724932d0751988bc9cd0ef7ff059e8ba8a020e1913b7069a650d3f99a1559aba0221f2c277826919513a054e76e339028';
|
|
|
|
|
$generatedHash = Auth::passwordHash($plain, 'scrypt', [ 'salt' => 'some-salt', 'length' => 64, 'costCpu' => 16384, 'costMemory' => 12, 'costParallel' => 2]);
|
2022-07-26 00:43:17 +12:00
|
|
|
|
2022-06-25 02:10:28 +12:00
|
|
|
$this->assertEquals(true, Auth::passwordVerify($plain, $generatedHash, 'scrypt', [ 'salt' => 'some-salt', 'length' => 64, 'costCpu' => 16384, 'costMemory' => 12, 'costParallel' => 2]));
|
2022-06-25 00:30:39 +12:00
|
|
|
$this->assertEquals(true, Auth::passwordVerify($plain, $hash, 'scrypt', [ 'salt' => 'some-salt', 'length' => 64, 'costCpu' => 16384, 'costMemory' => 12, 'costParallel' => 2]));
|
2022-06-25 02:10:28 +12:00
|
|
|
$this->assertEquals(false, Auth::passwordVerify($plain, $hash, 'scrypt', [ 'salt' => 'some-wrong-salt', 'length' => 64, 'costCpu' => 16384, 'costMemory' => 12, 'costParallel' => 2]));
|
2022-06-25 00:30:39 +12:00
|
|
|
$this->assertEquals(false, Auth::passwordVerify($plain, $hash, 'scrypt', [ 'salt' => 'some-salt', 'length' => 64, 'costCpu' => 16384, 'costMemory' => 10, 'costParallel' => 2]));
|
2022-06-25 02:10:28 +12:00
|
|
|
$this->assertEquals(false, Auth::passwordVerify('wrongPassword', $hash, 'scrypt', [ 'salt' => 'some-salt', 'length' => 64, 'costCpu' => 16384, 'costMemory' => 12, 'costParallel' => 2]));
|
2022-05-24 02:54:50 +12:00
|
|
|
|
2022-06-17 21:25:28 +12:00
|
|
|
// ScryptModified tested are in provider-specific tests below
|
2022-05-03 03:00:17 +12:00
|
|
|
|
2022-05-02 02:13:59 +12:00
|
|
|
/*
|
|
|
|
|
Provider-specific tests, ensuring functionality of specific use-cases
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
// Provider #1 (Database)
|
|
|
|
|
$plain = 'example-password';
|
|
|
|
|
$hash = '$2a$10$3bIGRWUes86CICsuchGLj.e.BqdCdg2/1Ud9LvBhJr0j7Dze8PBdS';
|
|
|
|
|
$generatedHash = Auth::passwordHash($plain, 'bcrypt');
|
|
|
|
|
$this->assertEquals(true, Auth::passwordVerify($plain, $generatedHash, 'bcrypt'));
|
|
|
|
|
$this->assertEquals(true, Auth::passwordVerify($plain, $hash, 'bcrypt'));
|
2022-06-22 01:59:52 +12:00
|
|
|
$this->assertEquals(false, Auth::passwordVerify('wrongPassword', $hash, 'bcrypt'));
|
2022-05-02 02:13:59 +12:00
|
|
|
|
|
|
|
|
// Provider #2 (Blog)
|
|
|
|
|
$plain = 'your-password';
|
|
|
|
|
$hash = '$P$BkiNDJTpAWXtpaMhEUhUdrv7M0I1g6.';
|
|
|
|
|
$generatedHash = Auth::passwordHash($plain, 'phpass');
|
|
|
|
|
$this->assertEquals(true, Auth::passwordVerify($plain, $generatedHash, 'phpass'));
|
|
|
|
|
$this->assertEquals(true, Auth::passwordVerify($plain, $hash, 'phpass'));
|
2022-06-22 01:59:52 +12:00
|
|
|
$this->assertEquals(false, Auth::passwordVerify('wrongPassword', $hash, 'phpass'));
|
2022-02-05 04:25:54 +13:00
|
|
|
|
2022-05-02 02:13:59 +12:00
|
|
|
// Provider #2 (Google)
|
|
|
|
|
$plain = 'users-password';
|
|
|
|
|
$hash = 'EPKgfALpS9Tvgr/y1ki7ubY4AEGJeWL3teakrnmOacN4XGiyD00lkzEHgqCQ71wGxoi/zb7Y9a4orOtvMV3/Jw==';
|
2022-05-03 03:00:17 +12:00
|
|
|
$salt = '56dFqW+kswqktw==';
|
|
|
|
|
$saltSeparator = 'Bw==';
|
|
|
|
|
$signerKey = 'XyEKE9RcTDeLEsL/RjwPDBv/RqDl8fb3gpYEOQaPihbxf1ZAtSOHCjuAAa7Q3oHpCYhXSN9tizHgVOwn6krflQ==';
|
2022-06-14 23:08:54 +12:00
|
|
|
|
2022-06-16 21:21:35 +12:00
|
|
|
$options = [ 'salt' => $salt, 'saltSeparator' => $saltSeparator, 'signerKey' => $signerKey ];
|
|
|
|
|
$generatedHash = Auth::passwordHash($plain, 'scryptMod', $options);
|
|
|
|
|
$this->assertEquals(true, Auth::passwordVerify($plain, $generatedHash, 'scryptMod', $options));
|
|
|
|
|
$this->assertEquals(true, Auth::passwordVerify($plain, $hash, 'scryptMod', $options));
|
2022-06-22 01:59:52 +12:00
|
|
|
$this->assertEquals(false, Auth::passwordVerify('wrongPassword', $hash, 'scryptMod', $options));
|
2019-12-29 05:37:39 +13:00
|
|
|
}
|
2022-05-05 23:53:27 +12:00
|
|
|
|
2022-06-14 23:08:54 +12:00
|
|
|
public function testUnknownAlgo()
|
|
|
|
|
{
|
2022-05-05 23:53:27 +12:00
|
|
|
$this->expectExceptionMessage('Hashing algorithm \'md8\' is not supported.');
|
|
|
|
|
|
|
|
|
|
// Bcrypt - Cost 5
|
|
|
|
|
$plain = 'whatIsMd8?!?';
|
|
|
|
|
$generatedHash = Auth::passwordHash($plain, 'md8');
|
|
|
|
|
$this->assertEquals(true, Auth::passwordVerify($plain, $generatedHash, 'md8'));
|
2019-12-29 05:37:39 +13:00
|
|
|
}
|
2022-05-24 02:54:50 +12:00
|
|
|
|
2022-08-01 22:22:04 +12:00
|
|
|
public function testPasswordGenerator(): void
|
2019-12-29 05:37:39 +13:00
|
|
|
{
|
|
|
|
|
$this->assertEquals(\mb_strlen(Auth::passwordGenerator()), 40);
|
|
|
|
|
$this->assertEquals(\mb_strlen(Auth::passwordGenerator(5)), 10);
|
|
|
|
|
}
|
2022-05-24 02:54:50 +12:00
|
|
|
|
2022-08-01 22:22:04 +12:00
|
|
|
public function testTokenGenerator(): void
|
2019-12-29 05:37:39 +13:00
|
|
|
{
|
|
|
|
|
$this->assertEquals(\mb_strlen(Auth::tokenGenerator()), 256);
|
|
|
|
|
$this->assertEquals(\mb_strlen(Auth::tokenGenerator(5)), 10);
|
|
|
|
|
}
|
2022-05-24 02:54:50 +12:00
|
|
|
|
2022-08-15 04:53:55 +12:00
|
|
|
public function testCodeGenerator(): void
|
|
|
|
|
{
|
2022-08-15 05:22:01 +12:00
|
|
|
$this->assertEquals(6, \strlen(Auth::codeGenerator()));
|
2022-08-15 06:33:52 +12:00
|
|
|
$this->assertEquals(\mb_strlen(Auth::codeGenerator(256)), 256);
|
2022-08-15 06:57:23 +12:00
|
|
|
$this->assertEquals(\mb_strlen(Auth::codeGenerator(10)), 10);
|
2022-08-15 04:53:55 +12:00
|
|
|
$this->assertTrue(is_numeric(Auth::codeGenerator(5)));
|
|
|
|
|
}
|
|
|
|
|
|
2022-08-01 22:22:04 +12:00
|
|
|
public function testSessionVerify(): void
|
2021-02-20 01:12:47 +13:00
|
|
|
{
|
|
|
|
|
$secret = 'secret1';
|
|
|
|
|
$hash = Auth::hash($secret);
|
|
|
|
|
$tokens1 = [
|
|
|
|
|
new Document([
|
2022-08-14 22:33:36 +12:00
|
|
|
'$id' => ID::custom('token1'),
|
2022-08-16 07:18:37 +12:00
|
|
|
'expire' => DateTime::formatTz(DateTime::addSeconds(new \DateTime(), 60 * 60 * 24)),
|
2021-02-20 01:12:47 +13:00
|
|
|
'secret' => $hash,
|
|
|
|
|
'provider' => Auth::SESSION_PROVIDER_EMAIL,
|
|
|
|
|
'providerUid' => 'test@example.com',
|
|
|
|
|
]),
|
|
|
|
|
new Document([
|
2022-08-14 22:33:36 +12:00
|
|
|
'$id' => ID::custom('token2'),
|
2022-08-16 07:18:37 +12:00
|
|
|
'expire' => DateTime::formatTz(DateTime::addSeconds(new \DateTime(), -60 * 60 * 24)),
|
2021-02-20 01:12:47 +13:00
|
|
|
'secret' => 'secret2',
|
|
|
|
|
'provider' => Auth::SESSION_PROVIDER_EMAIL,
|
|
|
|
|
'providerUid' => 'test@example.com',
|
|
|
|
|
]),
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
$tokens2 = [
|
|
|
|
|
new Document([ // Correct secret and type time, wrong expire time
|
2022-08-14 22:33:36 +12:00
|
|
|
'$id' => ID::custom('token1'),
|
2022-08-16 07:18:37 +12:00
|
|
|
'expire' => DateTime::formatTz(DateTime::addSeconds(new \DateTime(), -60 * 60 * 24)),
|
2021-02-20 01:12:47 +13:00
|
|
|
'secret' => $hash,
|
|
|
|
|
'provider' => Auth::SESSION_PROVIDER_EMAIL,
|
|
|
|
|
'providerUid' => 'test@example.com',
|
|
|
|
|
]),
|
|
|
|
|
new Document([
|
2022-08-14 22:33:36 +12:00
|
|
|
'$id' => ID::custom('token2'),
|
2022-08-16 07:18:37 +12:00
|
|
|
'expire' => DateTime::formatTz(DateTime::addSeconds(new \DateTime(), -60 * 60 * 24)),
|
2021-02-20 01:12:47 +13:00
|
|
|
'secret' => 'secret2',
|
|
|
|
|
'provider' => Auth::SESSION_PROVIDER_EMAIL,
|
|
|
|
|
'providerUid' => 'test@example.com',
|
|
|
|
|
]),
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
$this->assertEquals(Auth::sessionVerify($tokens1, $secret), 'token1');
|
|
|
|
|
$this->assertEquals(Auth::sessionVerify($tokens1, 'false-secret'), false);
|
|
|
|
|
$this->assertEquals(Auth::sessionVerify($tokens2, $secret), false);
|
|
|
|
|
$this->assertEquals(Auth::sessionVerify($tokens2, 'false-secret'), false);
|
|
|
|
|
}
|
|
|
|
|
|
2022-08-01 22:22:04 +12:00
|
|
|
public function testTokenVerify(): void
|
2019-12-29 05:37:39 +13:00
|
|
|
{
|
|
|
|
|
$secret = 'secret1';
|
|
|
|
|
$hash = Auth::hash($secret);
|
|
|
|
|
$tokens1 = [
|
|
|
|
|
new Document([
|
2022-08-14 22:33:36 +12:00
|
|
|
'$id' => ID::custom('token1'),
|
2021-02-20 01:12:47 +13:00
|
|
|
'type' => Auth::TOKEN_TYPE_RECOVERY,
|
2022-08-16 07:18:37 +12:00
|
|
|
'expire' => DateTime::formatTz(DateTime::addSeconds(new \DateTime(), 60 * 60 * 24)),
|
2019-12-29 05:37:39 +13:00
|
|
|
'secret' => $hash,
|
|
|
|
|
]),
|
|
|
|
|
new Document([
|
2022-08-14 22:33:36 +12:00
|
|
|
'$id' => ID::custom('token2'),
|
2021-02-20 01:12:47 +13:00
|
|
|
'type' => Auth::TOKEN_TYPE_RECOVERY,
|
2022-08-16 07:18:37 +12:00
|
|
|
'expire' => DateTime::formatTz(DateTime::addSeconds(new \DateTime(), -60 * 60 * 24)),
|
2019-12-29 05:37:39 +13:00
|
|
|
'secret' => 'secret2',
|
|
|
|
|
]),
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
$tokens2 = [
|
|
|
|
|
new Document([ // Correct secret and type time, wrong expire time
|
2022-08-14 22:33:36 +12:00
|
|
|
'$id' => ID::custom('token1'),
|
2021-02-20 01:12:47 +13:00
|
|
|
'type' => Auth::TOKEN_TYPE_RECOVERY,
|
2022-08-16 07:18:37 +12:00
|
|
|
'expire' => DateTime::formatTz(DateTime::addSeconds(new \DateTime(), -60 * 60 * 24)),
|
2019-12-29 05:37:39 +13:00
|
|
|
'secret' => $hash,
|
|
|
|
|
]),
|
|
|
|
|
new Document([
|
2022-08-14 22:33:36 +12:00
|
|
|
'$id' => ID::custom('token2'),
|
2021-02-20 01:12:47 +13:00
|
|
|
'type' => Auth::TOKEN_TYPE_RECOVERY,
|
2022-08-16 07:18:37 +12:00
|
|
|
'expire' => DateTime::formatTz(DateTime::addSeconds(new \DateTime(), -60 * 60 * 24)),
|
2019-12-29 05:37:39 +13:00
|
|
|
'secret' => 'secret2',
|
|
|
|
|
]),
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
$tokens3 = [ // Correct secret and expire time, wrong type
|
|
|
|
|
new Document([
|
2022-08-14 22:33:36 +12:00
|
|
|
'$id' => ID::custom('token1'),
|
2021-02-20 01:12:47 +13:00
|
|
|
'type' => Auth::TOKEN_TYPE_INVITE,
|
2022-08-16 07:18:37 +12:00
|
|
|
'expire' => DateTime::formatTz(DateTime::addSeconds(new \DateTime(), 60 * 60 * 24)),
|
2019-12-29 05:37:39 +13:00
|
|
|
'secret' => $hash,
|
|
|
|
|
]),
|
|
|
|
|
new Document([
|
2022-08-14 22:33:36 +12:00
|
|
|
'$id' => ID::custom('token2'),
|
2021-02-20 01:12:47 +13:00
|
|
|
'type' => Auth::TOKEN_TYPE_RECOVERY,
|
2022-08-16 07:18:37 +12:00
|
|
|
'expire' => DateTime::formatTz(DateTime::addSeconds(new \DateTime(), -60 * 60 * 24)),
|
2019-12-29 05:37:39 +13:00
|
|
|
'secret' => 'secret2',
|
|
|
|
|
]),
|
|
|
|
|
];
|
|
|
|
|
|
2021-02-20 01:12:47 +13:00
|
|
|
$this->assertEquals(Auth::tokenVerify($tokens1, Auth::TOKEN_TYPE_RECOVERY, $secret), 'token1');
|
|
|
|
|
$this->assertEquals(Auth::tokenVerify($tokens1, Auth::TOKEN_TYPE_RECOVERY, 'false-secret'), false);
|
|
|
|
|
$this->assertEquals(Auth::tokenVerify($tokens2, Auth::TOKEN_TYPE_RECOVERY, $secret), false);
|
|
|
|
|
$this->assertEquals(Auth::tokenVerify($tokens2, Auth::TOKEN_TYPE_RECOVERY, 'false-secret'), false);
|
|
|
|
|
$this->assertEquals(Auth::tokenVerify($tokens3, Auth::TOKEN_TYPE_RECOVERY, $secret), false);
|
|
|
|
|
$this->assertEquals(Auth::tokenVerify($tokens3, Auth::TOKEN_TYPE_RECOVERY, 'false-secret'), false);
|
2019-12-29 05:37:39 +13:00
|
|
|
}
|
2020-11-20 19:48:25 +13:00
|
|
|
|
2022-08-01 22:22:04 +12:00
|
|
|
public function testIsPrivilegedUser(): void
|
2020-11-20 19:48:25 +13:00
|
|
|
{
|
2021-03-02 10:04:53 +13:00
|
|
|
$this->assertEquals(false, Auth::isPrivilegedUser([]));
|
2022-08-19 16:04:33 +12:00
|
|
|
$this->assertEquals(false, Auth::isPrivilegedUser([Role::guests()->toString()]));
|
|
|
|
|
$this->assertEquals(false, Auth::isPrivilegedUser([Role::users()->toString()]));
|
2022-08-03 21:52:34 +12:00
|
|
|
$this->assertEquals(true, Auth::isPrivilegedUser([Auth::USER_ROLE_ADMIN]));
|
|
|
|
|
$this->assertEquals(true, Auth::isPrivilegedUser([Auth::USER_ROLE_DEVELOPER]));
|
|
|
|
|
$this->assertEquals(true, Auth::isPrivilegedUser([Auth::USER_ROLE_OWNER]));
|
2022-08-15 19:20:10 +12:00
|
|
|
$this->assertEquals(false, Auth::isPrivilegedUser([Auth::USER_ROLE_APPS]));
|
2022-08-03 21:52:34 +12:00
|
|
|
$this->assertEquals(false, Auth::isPrivilegedUser([Auth::USER_ROLE_SYSTEM]));
|
|
|
|
|
|
2022-08-15 19:20:10 +12:00
|
|
|
$this->assertEquals(false, Auth::isPrivilegedUser([Auth::USER_ROLE_APPS, Auth::USER_ROLE_APPS]));
|
2022-08-19 16:04:33 +12:00
|
|
|
$this->assertEquals(false, Auth::isPrivilegedUser([Auth::USER_ROLE_APPS, Role::guests()->toString()]));
|
|
|
|
|
$this->assertEquals(true, Auth::isPrivilegedUser([Auth::USER_ROLE_OWNER, Role::guests()->toString()]));
|
2022-08-03 21:52:34 +12:00
|
|
|
$this->assertEquals(true, Auth::isPrivilegedUser([Auth::USER_ROLE_OWNER, Auth::USER_ROLE_ADMIN, Auth::USER_ROLE_DEVELOPER]));
|
2020-11-20 19:48:25 +13:00
|
|
|
}
|
2022-05-24 02:54:50 +12:00
|
|
|
|
2022-08-01 22:22:04 +12:00
|
|
|
public function testIsAppUser(): void
|
2020-11-20 19:48:25 +13:00
|
|
|
{
|
|
|
|
|
$this->assertEquals(false, Auth::isAppUser([]));
|
2022-08-19 16:04:33 +12:00
|
|
|
$this->assertEquals(false, Auth::isAppUser([Role::guests()->toString()]));
|
|
|
|
|
$this->assertEquals(false, Auth::isAppUser([Role::users()->toString()]));
|
2022-08-03 21:52:34 +12:00
|
|
|
$this->assertEquals(false, Auth::isAppUser([Auth::USER_ROLE_ADMIN]));
|
|
|
|
|
$this->assertEquals(false, Auth::isAppUser([Auth::USER_ROLE_DEVELOPER]));
|
|
|
|
|
$this->assertEquals(false, Auth::isAppUser([Auth::USER_ROLE_OWNER]));
|
2022-08-15 19:20:10 +12:00
|
|
|
$this->assertEquals(true, Auth::isAppUser([Auth::USER_ROLE_APPS]));
|
2022-08-03 21:52:34 +12:00
|
|
|
$this->assertEquals(false, Auth::isAppUser([Auth::USER_ROLE_SYSTEM]));
|
|
|
|
|
|
2022-08-15 19:20:10 +12:00
|
|
|
$this->assertEquals(true, Auth::isAppUser([Auth::USER_ROLE_APPS, Auth::USER_ROLE_APPS]));
|
2022-08-19 16:04:33 +12:00
|
|
|
$this->assertEquals(true, Auth::isAppUser([Auth::USER_ROLE_APPS, Role::guests()->toString()]));
|
|
|
|
|
$this->assertEquals(false, Auth::isAppUser([Auth::USER_ROLE_OWNER, Role::guests()->toString()]));
|
2022-08-03 21:52:34 +12:00
|
|
|
$this->assertEquals(false, Auth::isAppUser([Auth::USER_ROLE_OWNER, Auth::USER_ROLE_ADMIN, Auth::USER_ROLE_DEVELOPER]));
|
2020-11-20 19:48:25 +13:00
|
|
|
}
|
2021-06-30 01:11:14 +12:00
|
|
|
|
2022-08-01 22:22:04 +12:00
|
|
|
public function testGuestRoles(): void
|
2021-06-30 01:11:14 +12:00
|
|
|
{
|
|
|
|
|
$user = new Document([
|
|
|
|
|
'$id' => ''
|
|
|
|
|
]);
|
|
|
|
|
|
|
|
|
|
$roles = Auth::getRoles($user);
|
2021-07-01 02:04:32 +12:00
|
|
|
$this->assertCount(1, $roles);
|
2022-08-19 16:04:33 +12:00
|
|
|
$this->assertContains(Role::guests()->toString(), $roles);
|
2021-06-30 01:11:14 +12:00
|
|
|
}
|
|
|
|
|
|
2022-08-01 22:22:04 +12:00
|
|
|
public function testUserRoles(): void
|
2021-06-30 01:11:14 +12:00
|
|
|
{
|
|
|
|
|
$user = new Document([
|
2022-08-14 22:33:36 +12:00
|
|
|
'$id' => ID::custom('123'),
|
2022-09-14 00:45:57 +12:00
|
|
|
'emailVerification' => true,
|
|
|
|
|
'phoneVerification' => true,
|
2021-06-30 01:11:14 +12:00
|
|
|
'memberships' => [
|
|
|
|
|
[
|
2022-09-09 11:58:54 +12:00
|
|
|
'$id' => ID::custom('456'),
|
2022-08-14 22:33:36 +12:00
|
|
|
'teamId' => ID::custom('abc'),
|
2022-09-09 11:58:54 +12:00
|
|
|
'confirm' => true,
|
2021-06-30 01:11:14 +12:00
|
|
|
'roles' => [
|
|
|
|
|
'administrator',
|
|
|
|
|
'moderator'
|
|
|
|
|
]
|
|
|
|
|
],
|
|
|
|
|
[
|
2022-09-09 11:58:54 +12:00
|
|
|
'$id' => ID::custom('abc'),
|
2022-08-14 22:33:36 +12:00
|
|
|
'teamId' => ID::custom('def'),
|
2022-09-09 11:58:54 +12:00
|
|
|
'confirm' => true,
|
2021-06-30 01:11:14 +12:00
|
|
|
'roles' => [
|
|
|
|
|
'guest'
|
|
|
|
|
]
|
|
|
|
|
]
|
|
|
|
|
]
|
|
|
|
|
]);
|
|
|
|
|
|
|
|
|
|
$roles = Auth::getRoles($user);
|
|
|
|
|
|
2022-09-14 00:45:57 +12:00
|
|
|
$this->assertCount(11, $roles);
|
2022-08-27 15:16:37 +12:00
|
|
|
$this->assertContains(Role::users()->toString(), $roles);
|
2022-08-27 16:06:38 +12:00
|
|
|
$this->assertContains(Role::user(ID::custom('123'))->toString(), $roles);
|
2022-09-14 00:45:57 +12:00
|
|
|
$this->assertContains(Role::users(Database::DIMENSION_VERIFIED)->toString(), $roles);
|
|
|
|
|
$this->assertContains(Role::user(ID::custom('123'), Database::DIMENSION_VERIFIED)->toString(), $roles);
|
2022-08-27 16:06:38 +12:00
|
|
|
$this->assertContains(Role::team(ID::custom('abc'))->toString(), $roles);
|
|
|
|
|
$this->assertContains(Role::team(ID::custom('abc'), 'administrator')->toString(), $roles);
|
|
|
|
|
$this->assertContains(Role::team(ID::custom('abc'), 'moderator')->toString(), $roles);
|
|
|
|
|
$this->assertContains(Role::team(ID::custom('def'))->toString(), $roles);
|
|
|
|
|
$this->assertContains(Role::team(ID::custom('def'), 'guest')->toString(), $roles);
|
2022-09-09 11:58:54 +12:00
|
|
|
$this->assertContains(Role::member(ID::custom('456'))->toString(), $roles);
|
|
|
|
|
$this->assertContains(Role::member(ID::custom('abc'))->toString(), $roles);
|
2022-09-14 00:45:57 +12:00
|
|
|
|
|
|
|
|
// Disable all verification
|
|
|
|
|
$user['emailVerification'] = false;
|
|
|
|
|
$user['phoneVerification'] = false;
|
|
|
|
|
|
|
|
|
|
$roles = Auth::getRoles($user);
|
|
|
|
|
$this->assertContains(Role::users(Database::DIMENSION_UNVERIFIED)->toString(), $roles);
|
|
|
|
|
$this->assertContains(Role::user(ID::custom('123'), Database::DIMENSION_UNVERIFIED)->toString(), $roles);
|
|
|
|
|
|
|
|
|
|
// Enable single verification type
|
|
|
|
|
$user['emailVerification'] = true;
|
|
|
|
|
|
|
|
|
|
$roles = Auth::getRoles($user);
|
|
|
|
|
$this->assertContains(Role::users(Database::DIMENSION_VERIFIED)->toString(), $roles);
|
|
|
|
|
$this->assertContains(Role::user(ID::custom('123'), Database::DIMENSION_VERIFIED)->toString(), $roles);
|
2021-06-30 01:11:14 +12:00
|
|
|
}
|
2021-09-04 03:59:02 +12:00
|
|
|
|
2022-08-01 22:22:04 +12:00
|
|
|
public function testPrivilegedUserRoles(): void
|
2021-09-04 04:05:50 +12:00
|
|
|
{
|
2022-08-03 21:52:34 +12:00
|
|
|
Authorization::setRole(Auth::USER_ROLE_OWNER);
|
2021-09-04 04:05:50 +12:00
|
|
|
$user = new Document([
|
2022-08-14 22:33:36 +12:00
|
|
|
'$id' => ID::custom('123'),
|
2022-09-14 00:45:57 +12:00
|
|
|
'emailVerification' => true,
|
|
|
|
|
'phoneVerification' => true,
|
2021-09-04 04:05:50 +12:00
|
|
|
'memberships' => [
|
|
|
|
|
[
|
2022-09-09 11:58:54 +12:00
|
|
|
'$id' => ID::custom('def'),
|
2022-08-14 22:33:36 +12:00
|
|
|
'teamId' => ID::custom('abc'),
|
2022-09-09 11:58:54 +12:00
|
|
|
'confirm' => true,
|
2021-09-04 04:05:50 +12:00
|
|
|
'roles' => [
|
|
|
|
|
'administrator',
|
|
|
|
|
'moderator'
|
|
|
|
|
]
|
|
|
|
|
],
|
|
|
|
|
[
|
2022-09-09 11:58:54 +12:00
|
|
|
'$id' => ID::custom('abc'),
|
2022-08-14 22:33:36 +12:00
|
|
|
'teamId' => ID::custom('def'),
|
2022-09-09 11:58:54 +12:00
|
|
|
'confirm' => true,
|
2021-09-04 04:05:50 +12:00
|
|
|
'roles' => [
|
|
|
|
|
'guest'
|
|
|
|
|
]
|
|
|
|
|
]
|
|
|
|
|
]
|
|
|
|
|
]);
|
|
|
|
|
|
|
|
|
|
$roles = Auth::getRoles($user);
|
|
|
|
|
|
2022-09-09 11:58:54 +12:00
|
|
|
$this->assertCount(7, $roles);
|
2022-08-27 15:16:37 +12:00
|
|
|
$this->assertNotContains(Role::users()->toString(), $roles);
|
2022-08-27 16:06:38 +12:00
|
|
|
$this->assertNotContains(Role::user(ID::custom('123'))->toString(), $roles);
|
2022-09-14 00:45:57 +12:00
|
|
|
$this->assertNotContains(Role::users(Database::DIMENSION_VERIFIED)->toString(), $roles);
|
|
|
|
|
$this->assertNotContains(Role::user(ID::custom('123'), Database::DIMENSION_VERIFIED)->toString(), $roles);
|
2022-08-27 16:06:38 +12:00
|
|
|
$this->assertContains(Role::team(ID::custom('abc'))->toString(), $roles);
|
|
|
|
|
$this->assertContains(Role::team(ID::custom('abc'), 'administrator')->toString(), $roles);
|
|
|
|
|
$this->assertContains(Role::team(ID::custom('abc'), 'moderator')->toString(), $roles);
|
|
|
|
|
$this->assertContains(Role::team(ID::custom('def'))->toString(), $roles);
|
|
|
|
|
$this->assertContains(Role::team(ID::custom('def'), 'guest')->toString(), $roles);
|
2022-09-09 11:58:54 +12:00
|
|
|
$this->assertContains(Role::member(ID::custom('def'))->toString(), $roles);
|
|
|
|
|
$this->assertContains(Role::member(ID::custom('abc'))->toString(), $roles);
|
2021-09-04 04:05:50 +12:00
|
|
|
}
|
|
|
|
|
|
2022-08-01 22:22:04 +12:00
|
|
|
public function testAppUserRoles(): void
|
2021-09-04 03:59:02 +12:00
|
|
|
{
|
2022-08-15 19:20:10 +12:00
|
|
|
Authorization::setRole(Auth::USER_ROLE_APPS);
|
2021-09-04 03:59:02 +12:00
|
|
|
$user = new Document([
|
2022-08-14 22:33:36 +12:00
|
|
|
'$id' => ID::custom('123'),
|
2021-09-04 03:59:02 +12:00
|
|
|
'memberships' => [
|
|
|
|
|
[
|
2022-09-09 11:58:54 +12:00
|
|
|
'$id' => ID::custom('def'),
|
2022-08-14 22:33:36 +12:00
|
|
|
'teamId' => ID::custom('abc'),
|
2022-09-09 11:58:54 +12:00
|
|
|
'confirm' => true,
|
2021-09-04 03:59:02 +12:00
|
|
|
'roles' => [
|
|
|
|
|
'administrator',
|
|
|
|
|
'moderator'
|
|
|
|
|
]
|
|
|
|
|
],
|
|
|
|
|
[
|
2022-09-09 11:58:54 +12:00
|
|
|
'$id' => ID::custom('abc'),
|
2022-08-14 22:33:36 +12:00
|
|
|
'teamId' => ID::custom('def'),
|
2022-09-09 11:58:54 +12:00
|
|
|
'confirm' => true,
|
2021-09-04 03:59:02 +12:00
|
|
|
'roles' => [
|
|
|
|
|
'guest'
|
|
|
|
|
]
|
|
|
|
|
]
|
|
|
|
|
]
|
|
|
|
|
]);
|
|
|
|
|
|
|
|
|
|
$roles = Auth::getRoles($user);
|
|
|
|
|
|
2022-09-09 11:58:54 +12:00
|
|
|
$this->assertCount(7, $roles);
|
2022-08-27 15:16:37 +12:00
|
|
|
$this->assertNotContains(Role::users()->toString(), $roles);
|
2022-08-27 16:06:38 +12:00
|
|
|
$this->assertNotContains(Role::user(ID::custom('123'))->toString(), $roles);
|
|
|
|
|
$this->assertContains(Role::team(ID::custom('abc'))->toString(), $roles);
|
|
|
|
|
$this->assertContains(Role::team(ID::custom('abc'), 'administrator')->toString(), $roles);
|
|
|
|
|
$this->assertContains(Role::team(ID::custom('abc'), 'moderator')->toString(), $roles);
|
|
|
|
|
$this->assertContains(Role::team(ID::custom('def'))->toString(), $roles);
|
|
|
|
|
$this->assertContains(Role::team(ID::custom('def'), 'guest')->toString(), $roles);
|
2022-09-09 11:58:54 +12:00
|
|
|
$this->assertContains(Role::member(ID::custom('def'))->toString(), $roles);
|
|
|
|
|
$this->assertContains(Role::member(ID::custom('abc'))->toString(), $roles);
|
2021-09-04 03:59:02 +12:00
|
|
|
}
|
2020-10-01 10:08:58 +13:00
|
|
|
}
|
