[TASK] Add test for NULL fields when comparing SQL field definitions
[Packages/TYPO3.CMS.git] / typo3 / sysext / felogin / Tests / Unit / Controller / FrontendLoginControllerTest.php
1 <?php
2 namespace TYPO3\CMS\Felogin\Tests\Unit\Controller;
3
4 /**
5 * This file is part of the TYPO3 CMS project.
6 *
7 * It is free software; you can redistribute it and/or modify it under
8 * the terms of the GNU General Public License, either version 2
9 * of the License, or any later version.
10 *
11 * For the full copyright and license information, please read the
12 * LICENSE.txt file that was distributed with this source code.
13 *
14 * The TYPO3 project - inspiring people to share!
15 */
16
17 /**
18 * Testcase for URL validation in class FrontendLoginController
19 *
20 * @author Helmut Hummel <helmut@typo3.org>
21 */
22 class FrontendLoginTest extends \TYPO3\CMS\Core\Tests\UnitTestCase {
23
24 /**
25 * @var \TYPO3\CMS\Felogin\Controller\FrontendLoginController|\TYPO3\CMS\Core\Tests\AccessibleObjectInterface
26 */
27 protected $accessibleFixture;
28
29 /**
30 * @var string
31 */
32 protected $testHostName;
33
34 /**
35 * @var string
36 */
37 protected $testSitePath;
38
39 /**
40 * @var string
41 */
42 protected $testTableName;
43
44 /**
45 * Set up
46 */
47 public function setUp() {
48 $this->testTableName = 'sys_domain';
49 $this->testHostName = 'hostname.tld';
50 $this->testSitePath = '/';
51 $this->accessibleFixture = $this->getAccessibleMock('TYPO3\\CMS\\Felogin\\Controller\\FrontendLoginController', array('dummy'));
52 $this->accessibleFixture->cObj = $this->getMock('TYPO3\\CMS\\Frontend\\ContentObject\\ContentObjectRenderer');
53 $GLOBALS['TSFE'] = $this->getMock('TYPO3\\CMS\\Frontend\\Controller\\TypoScriptFrontendController', array(), array(), '', FALSE);
54 $this->setUpFakeSitePathAndHost();
55 }
56
57 /**
58 * Set up a fake site path and host
59 */
60 protected function setUpFakeSitePathAndHost() {
61 $_SERVER['ORIG_PATH_INFO'] = $_SERVER['PATH_INFO'] = $_SERVER['ORIG_SCRIPT_NAME'] = $_SERVER['SCRIPT_NAME'] = $this->testSitePath . TYPO3_mainDir;
62 $_SERVER['HTTP_HOST'] = $this->testHostName;
63 }
64
65 /**
66 * Mock database
67 */
68 protected function setUpDatabaseMock() {
69 $GLOBALS['TYPO3_DB'] = $this->getMock('TYPO3\\CMS\\Core\\Database\\DatabaseConnection', array('exec_SELECTgetRows'));
70 $GLOBALS['TYPO3_DB']
71 ->expects($this->any())
72 ->method('exec_SELECTgetRows')
73 ->will($this->returnCallback(array($this, 'getDomainRecordsCallback')));
74 }
75
76 /**
77 * Callback method for pageIdCanBeDetermined test cases.
78 * Simulates TYPO3_DB->exec_SELECTgetRows().
79 *
80 * @param string $fields
81 * @param string $table
82 * @param string $where
83 * @return mixed
84 * @see setUpDatabaseMock
85 */
86 public function getDomainRecordsCallback($fields, $table, $where) {
87 if ($table !== $this->testTableName) {
88 return FALSE;
89 }
90 return array(
91 array('domainName' => 'domainhostname.tld'),
92 array('domainName' => 'otherhostname.tld/path'),
93 array('domainName' => 'sub.domainhostname.tld/path/')
94 );
95 }
96
97 /**
98 * @test
99 */
100 public function typo3SitePathEqualsStubSitePath() {
101 $this->assertEquals(\TYPO3\CMS\Core\Utility\GeneralUtility::getIndpEnv('TYPO3_SITE_PATH'), $this->testSitePath);
102 }
103
104 /**
105 * @test
106 */
107 public function typo3SiteUrlEqualsStubSiteUrl() {
108 $this->assertEquals(\TYPO3\CMS\Core\Utility\GeneralUtility::getIndpEnv('TYPO3_SITE_URL'), ('http://' . $this->testHostName) . $this->testSitePath);
109 }
110
111 /**
112 * @test
113 */
114 public function typo3SitePathEqualsStubSitePathAfterChangingInTest() {
115 $this->testHostName = 'somenewhostname.com';
116 $this->testSitePath = '/somenewpath/';
117 $this->setUpFakeSitePathAndHost();
118 $this->assertEquals(\TYPO3\CMS\Core\Utility\GeneralUtility::getIndpEnv('TYPO3_SITE_PATH'), $this->testSitePath);
119 }
120
121 /**
122 * @test
123 */
124 public function typo3SiteUrlEqualsStubSiteUrlAfterChangingInTest() {
125 $this->testHostName = 'somenewhostname.com';
126 $this->testSitePath = '/somenewpath/';
127 $this->setUpFakeSitePathAndHost();
128 $this->assertEquals(\TYPO3\CMS\Core\Utility\GeneralUtility::getIndpEnv('TYPO3_SITE_URL'), ('http://' . $this->testHostName) . $this->testSitePath);
129 }
130
131 /**
132 * Data provider for validateRedirectUrlClearsUrl
133 *
134 * @return array
135 */
136 public function validateRedirectUrlClearsUrlDataProvider() {
137 return array(
138 'absolute URL, hostname not in sys_domain, trailing slash' => array('http://badhost.tld/'),
139 'absolute URL, hostname not in sys_domain, no trailing slash' => array('http://badhost.tld'),
140 'absolute URL, subdomain in sys_domain, but main domain not, trailing slash' => array('http://domainhostname.tld.badhost.tld/'),
141 'absolute URL, subdomain in sys_domain, but main domain not, no trailing slash' => array('http://domainhostname.tld.badhost.tld'),
142 'non http absolute URL 1' => array('its://domainhostname.tld/itunes/'),
143 'non http absolute URL 2' => array('ftp://domainhostname.tld/download/'),
144 'XSS attempt 1' => array('javascript:alert(123)'),
145 'XSS attempt 2' => array('" onmouseover="alert(123)"'),
146 'invalid URL, HTML break out attempt' => array('" >blabuubb'),
147 'invalid URL, UNC path' => array('\\\\foo\\bar\\'),
148 'invalid URL, backslashes in path' => array('http://domainhostname.tld\\bla\\blupp'),
149 'invalid URL, linefeed in path' => array('http://domainhostname.tld/bla/blupp' . LF),
150 'invalid URL, only one slash after scheme' => array('http:/domainhostname.tld/bla/blupp'),
151 'invalid URL, illegal chars' => array('http://(<>domainhostname).tld/bla/blupp'),
152 );
153 }
154
155 /**
156 * @test
157 * @dataProvider validateRedirectUrlClearsUrlDataProvider
158 * @param string $url Invalid Url
159 */
160 public function validateRedirectUrlClearsUrl($url) {
161 $this->setUpDatabaseMock();
162 $this->assertEquals('', $this->accessibleFixture->_call('validateRedirectUrl', $url));
163 }
164
165 /**
166 * Data provider for validateRedirectUrlKeepsCleanUrl
167 *
168 * @return array
169 */
170 public function validateRedirectUrlKeepsCleanUrlDataProvider() {
171 return array(
172 'sane absolute URL' => array('http://domainhostname.tld/'),
173 'sane absolute URL with script' => array('http://domainhostname.tld/index.php?id=1'),
174 'sane absolute URL with realurl' => array('http://domainhostname.tld/foo/bar/foo.html'),
175 'sane absolute URL with homedir' => array('http://domainhostname.tld/~user/'),
176 'sane absolute URL with some strange chars encoded' => array('http://domainhostname.tld/~user/a%cc%88o%cc%88%c3%9fa%cc%82/foo.html'),
177 'sane absolute URL (domain record with path)' => array('http://otherhostname.tld/path/'),
178 'sane absolute URL with script (domain record with path)' => array('http://otherhostname.tld/path/index.php?id=1'),
179 'sane absolute URL with realurl (domain record with path)' => array('http://otherhostname.tld/path/foo/bar/foo.html'),
180 'sane absolute URL (domain record with path and slash)' => array('http://sub.domainhostname.tld/path/'),
181 'sane absolute URL with script (domain record with path slash)' => array('http://sub.domainhostname.tld/path/index.php?id=1'),
182 'sane absolute URL with realurl (domain record with path slash)' => array('http://sub.domainhostname.tld/path/foo/bar/foo.html'),
183 'relative URL, no leading slash 1' => array('index.php?id=1'),
184 'relative URL, no leading slash 2' => array('foo/bar/index.php?id=2'),
185 'relative URL, leading slash, no realurl' => array('/index.php?id=1'),
186 'relative URL, leading slash, realurl' => array('/de/service/imprint.html'),
187 );
188 }
189
190 /**
191 * @test
192 * @dataProvider validateRedirectUrlKeepsCleanUrlDataProvider
193 * @param string $url Clean URL to test
194 */
195 public function validateRedirectUrlKeepsCleanUrl($url) {
196 $this->setUpDatabaseMock();
197 $this->assertEquals($url, $this->accessibleFixture->_call('validateRedirectUrl', $url));
198 }
199
200 /**
201 * Data provider for validateRedirectUrlClearsInvalidUrlInSubdirectory
202 *
203 * @return array
204 */
205 public function validateRedirectUrlClearsInvalidUrlInSubdirectoryDataProvider() {
206 return array(
207 'absolute URL, missing subdirectory' => array('http://hostname.tld/'),
208 'absolute URL, wrong subdirectory' => array('http://hostname.tld/hacker/index.php'),
209 'absolute URL, correct subdirectory, no trailing slash' => array('http://hostname.tld/subdir'),
210 'absolute URL, correct subdirectory of sys_domain record, no trailing slash' => array('http://otherhostname.tld/path'),
211 'absolute URL, correct subdirectory of sys_domain record, no trailing slash, subdomain' => array('http://sub.domainhostname.tld/path'),
212 'relative URL, leading slash, no path' => array('/index.php?id=1'),
213 'relative URL, leading slash, wrong path' => array('/de/sub/site.html'),
214 'relative URL, leading slash, slash only' => array('/'),
215 );
216 }
217
218 /**
219 * @test
220 * @dataProvider validateRedirectUrlClearsInvalidUrlInSubdirectoryDataProvider
221 * @param string $url Invalid Url
222 */
223 public function validateRedirectUrlClearsInvalidUrlInSubdirectory($url) {
224 $this->testSitePath = '/subdir/';
225 $this->setUpFakeSitePathAndHost();
226 $this->setUpDatabaseMock();
227 $this->assertEquals('', $this->accessibleFixture->_call('validateRedirectUrl', $url));
228 }
229
230 /**
231 * Data provider for validateRedirectUrlKeepsCleanUrlInSubdirectory
232 *
233 * @return array
234 */
235 public function validateRedirectUrlKeepsCleanUrlInSubdirectoryDataProvider() {
236 return array(
237 'absolute URL, correct subdirectory' => array('http://hostname.tld/subdir/'),
238 'absolute URL, correct subdirectory, realurl' => array('http://hostname.tld/subdir/de/imprint.html'),
239 'absolute URL, correct subdirectory, no realurl' => array('http://hostname.tld/subdir/index.php?id=10'),
240 'absolute URL, correct subdirectory of sys_domain record' => array('http://otherhostname.tld/path/'),
241 'absolute URL, correct subdirectory of sys_domain record, subdomain' => array('http://sub.domainhostname.tld/path/'),
242 'relative URL, no leading slash, realurl' => array('de/service/imprint.html'),
243 'relative URL, no leading slash, no realurl' => array('index.php?id=1'),
244 'relative nested URL, no leading slash, no realurl' => array('foo/bar/index.php?id=2')
245 );
246 }
247
248 /**
249 * @test
250 * @dataProvider validateRedirectUrlKeepsCleanUrlInSubdirectoryDataProvider
251 * @param string $url Invalid Url
252 */
253 public function validateRedirectUrlKeepsCleanUrlInSubdirectory($url) {
254 $this->testSitePath = '/subdir/';
255 $this->setUpFakeSitePathAndHost();
256 $this->setUpDatabaseMock();
257 $this->assertEquals($url, $this->accessibleFixture->_call('validateRedirectUrl', $url));
258 }
259
260
261 /*************************
262 * Test concerning getPreverveGetVars
263 *************************/
264
265 /**
266 * @return array
267 */
268 public function getPreserveGetVarsReturnsCorrectResultDataProvider() {
269 return array(
270 'special get var id is not preserved' => array(
271 array(
272 'id' => 42,
273 ),
274 '',
275 '',
276 ),
277 'simple additional parameter is not preserved if not specified in preservedGETvars' => array(
278 array(
279 'id' => 42,
280 'special' => 23,
281 ),
282 '',
283 '',
284 ),
285 'all params except ignored ones are preserved if preservedGETvars is set to "all"' => array(
286 array(
287 'id' => 42,
288 'special1' => 23,
289 'special2' => array(
290 'foo' => 'bar',
291 ),
292 'tx_felogin_pi1' => array(
293 'forgot' => 1,
294 ),
295 ),
296 'all',
297 '&special1=23&special2[foo]=bar',
298 ),
299 'preserve single parameter' => array(
300 array(
301 'L' => 42,
302 ),
303 'L',
304 '&L=42'
305 ),
306 'preserve whole parameter array' => array(
307 array(
308 'L' => 3,
309 'tx_someext' => array(
310 'foo' => 'simple',
311 'bar' => array(
312 'baz' => 'simple',
313 ),
314 ),
315 ),
316 'L,tx_someext',
317 '&L=3&tx_someext[foo]=simple&tx_someext[bar][baz]=simple',
318 ),
319 'preserve part of sub array' => array(
320 array(
321 'L' => 3,
322 'tx_someext' => array(
323 'foo' => 'simple',
324 'bar' => array(
325 'baz' => 'simple',
326 ),
327 ),
328 ),
329 'L,tx_someext[bar]',
330 '&L=3&tx_someext[bar][baz]=simple',
331 ),
332 'preserve keys on different levels' => array(
333 array(
334 'L' => 3,
335 'no-preserve' => 'whatever',
336 'tx_ext2' => array(
337 'foo' => 'simple',
338 ),
339 'tx_ext3' => array(
340 'bar' => array(
341 'baz' => 'simple',
342 ),
343 'go-away' => '',
344 ),
345 ),
346 'L,tx_ext2,tx_ext3[bar]',
347 '&L=3&tx_ext2[foo]=simple&tx_ext3[bar][baz]=simple',
348 ),
349 'preserved value that does not exist in get' => array(
350 array(),
351 'L,foo[bar]',
352 ''
353 ),
354 'url params are encoded' => array(
355 array('tx_ext1' => 'param with spaces and \\ %<>& /'),
356 'L,tx_ext1',
357 '&tx_ext1=param%20with%20spaces%20and%20%20%25%3C%3E%26%20%2F'
358 ),
359 );
360 }
361
362 /**
363 * @test
364 * @dataProvider getPreserveGetVarsReturnsCorrectResultDataProvider
365 * @param array $getArray
366 * @param string $preserveVars
367 * @param string $expected
368 * @return void
369 */
370 public function getPreserveGetVarsReturnsCorrectResult(array $getArray, $preserveVars, $expected) {
371 $_GET = $getArray;
372 $this->accessibleFixture->conf['preserveGETvars'] = $preserveVars;
373 $this->assertSame($expected, $this->accessibleFixture->_call('getPreserveGetVars'));
374 }
375 }