[TASK] Introduce runtime cache for getIndpEnv()
[Packages/TYPO3.CMS.git] / typo3 / sysext / felogin / Tests / Unit / Controller / FrontendLoginControllerTest.php
1 <?php
2 namespace TYPO3\CMS\Felogin\Tests\Unit\Controller;
3
4 /*
5 * This file is part of the TYPO3 CMS project.
6 *
7 * It is free software; you can redistribute it and/or modify it under
8 * the terms of the GNU General Public License, either version 2
9 * of the License, or any later version.
10 *
11 * For the full copyright and license information, please read the
12 * LICENSE.txt file that was distributed with this source code.
13 *
14 * The TYPO3 project - inspiring people to share!
15 */
16
17 use TYPO3\CMS\Core\Utility\GeneralUtility;
18 use TYPO3\CMS\Frontend\Controller\TypoScriptFrontendController;
19
20 /**
21 * Test case
22 */
23 class FrontendLoginControllerTest extends \TYPO3\CMS\Core\Tests\UnitTestCase {
24
25 /**
26 * @var \TYPO3\CMS\Felogin\Controller\FrontendLoginController|\TYPO3\CMS\Core\Tests\AccessibleObjectInterface
27 */
28 protected $accessibleFixture;
29
30 /**
31 * @var string
32 */
33 protected $testHostName;
34
35 /**
36 * @var string
37 */
38 protected $testSitePath;
39
40 /**
41 * @var string
42 */
43 protected $testTableName;
44
45 /**
46 * Set up
47 */
48 protected function setUp() {
49 $this->testTableName = 'sys_domain';
50 $this->testHostName = 'hostname.tld';
51 $this->testSitePath = '/';
52 $this->accessibleFixture = $this->getAccessibleMock(\TYPO3\CMS\Felogin\Controller\FrontendLoginController::class, array('dummy'));
53 $this->accessibleFixture->cObj = $this->getMock(\TYPO3\CMS\Frontend\ContentObject\ContentObjectRenderer::class);
54 $this->accessibleFixture->_set('frontendController', $this->getMock(\TYPO3\CMS\Frontend\Controller\TypoScriptFrontendController::class, array(), array(), '', FALSE));
55 $this->setUpFakeSitePathAndHost();
56 }
57
58 /**
59 * Set up a fake site path and host
60 */
61 protected function setUpFakeSitePathAndHost() {
62 GeneralUtility::flushInternalRuntimeCaches();
63 $_SERVER['ORIG_PATH_INFO'] = $_SERVER['PATH_INFO'] = $_SERVER['ORIG_SCRIPT_NAME'] = $_SERVER['SCRIPT_NAME'] = $this->testSitePath . TYPO3_mainDir;
64 $_SERVER['HTTP_HOST'] = $this->testHostName;
65 }
66
67 /**
68 * Mock database
69 */
70 protected function setUpDatabaseMock() {
71 $db = $this->getMock(\TYPO3\CMS\Core\Database\DatabaseConnection::class, array('exec_SELECTgetRows'));
72 $db
73 ->expects($this->any())
74 ->method('exec_SELECTgetRows')
75 ->will($this->returnCallback(array($this, 'getDomainRecordsCallback')));
76 $this->accessibleFixture->_set('databaseConnection', $db);
77 }
78
79 /**
80 * Callback method for pageIdCanBeDetermined test cases.
81 * Simulates TYPO3_DB->exec_SELECTgetRows().
82 *
83 * @param string $fields
84 * @param string $table
85 * @param string $where
86 * @return mixed
87 * @see setUpDatabaseMock
88 */
89 public function getDomainRecordsCallback($fields, $table, $where) {
90 if ($table !== $this->testTableName) {
91 return FALSE;
92 }
93 return array(
94 array('domainName' => 'domainhostname.tld'),
95 array('domainName' => 'otherhostname.tld/path'),
96 array('domainName' => 'sub.domainhostname.tld/path/')
97 );
98 }
99
100 /**
101 * @test
102 */
103 public function typo3SitePathEqualsStubSitePath() {
104 $this->assertEquals(\TYPO3\CMS\Core\Utility\GeneralUtility::getIndpEnv('TYPO3_SITE_PATH'), $this->testSitePath);
105 }
106
107 /**
108 * @test
109 */
110 public function typo3SiteUrlEqualsStubSiteUrl() {
111 $this->assertEquals(\TYPO3\CMS\Core\Utility\GeneralUtility::getIndpEnv('TYPO3_SITE_URL'), ('http://' . $this->testHostName) . $this->testSitePath);
112 }
113
114 /**
115 * @test
116 */
117 public function typo3SitePathEqualsStubSitePathAfterChangingInTest() {
118 $this->testHostName = 'somenewhostname.com';
119 $this->testSitePath = '/somenewpath/';
120 $this->setUpFakeSitePathAndHost();
121 $this->assertEquals(\TYPO3\CMS\Core\Utility\GeneralUtility::getIndpEnv('TYPO3_SITE_PATH'), $this->testSitePath);
122 }
123
124 /**
125 * @test
126 */
127 public function typo3SiteUrlEqualsStubSiteUrlAfterChangingInTest() {
128 $this->testHostName = 'somenewhostname.com';
129 $this->testSitePath = '/somenewpath/';
130 $this->setUpFakeSitePathAndHost();
131 $this->assertEquals(\TYPO3\CMS\Core\Utility\GeneralUtility::getIndpEnv('TYPO3_SITE_URL'), ('http://' . $this->testHostName) . $this->testSitePath);
132 }
133
134 /**
135 * Data provider for validateRedirectUrlClearsUrl
136 *
137 * @return array
138 */
139 public function validateRedirectUrlClearsUrlDataProvider() {
140 return array(
141 'absolute URL, hostname not in sys_domain, trailing slash' => array('http://badhost.tld/'),
142 'absolute URL, hostname not in sys_domain, no trailing slash' => array('http://badhost.tld'),
143 'absolute URL, subdomain in sys_domain, but main domain not, trailing slash' => array('http://domainhostname.tld.badhost.tld/'),
144 'absolute URL, subdomain in sys_domain, but main domain not, no trailing slash' => array('http://domainhostname.tld.badhost.tld'),
145 'non http absolute URL 1' => array('its://domainhostname.tld/itunes/'),
146 'non http absolute URL 2' => array('ftp://domainhostname.tld/download/'),
147 'XSS attempt 1' => array('javascript:alert(123)'),
148 'XSS attempt 2' => array('" onmouseover="alert(123)"'),
149 'invalid URL, HTML break out attempt' => array('" >blabuubb'),
150 'invalid URL, UNC path' => array('\\\\foo\\bar\\'),
151 'invalid URL, backslashes in path' => array('http://domainhostname.tld\\bla\\blupp'),
152 'invalid URL, linefeed in path' => array('http://domainhostname.tld/bla/blupp' . LF),
153 'invalid URL, only one slash after scheme' => array('http:/domainhostname.tld/bla/blupp'),
154 'invalid URL, illegal chars' => array('http://(<>domainhostname).tld/bla/blupp'),
155 );
156 }
157
158 /**
159 * @test
160 * @dataProvider validateRedirectUrlClearsUrlDataProvider
161 * @param string $url Invalid Url
162 */
163 public function validateRedirectUrlClearsUrl($url) {
164 $this->setUpDatabaseMock();
165 $this->assertEquals('', $this->accessibleFixture->_call('validateRedirectUrl', $url));
166 }
167
168 /**
169 * Data provider for validateRedirectUrlKeepsCleanUrl
170 *
171 * @return array
172 */
173 public function validateRedirectUrlKeepsCleanUrlDataProvider() {
174 return array(
175 'sane absolute URL' => array('http://domainhostname.tld/'),
176 'sane absolute URL with script' => array('http://domainhostname.tld/index.php?id=1'),
177 'sane absolute URL with realurl' => array('http://domainhostname.tld/foo/bar/foo.html'),
178 'sane absolute URL with homedir' => array('http://domainhostname.tld/~user/'),
179 'sane absolute URL with some strange chars encoded' => array('http://domainhostname.tld/~user/a%cc%88o%cc%88%c3%9fa%cc%82/foo.html'),
180 'sane absolute URL (domain record with path)' => array('http://otherhostname.tld/path/'),
181 'sane absolute URL with script (domain record with path)' => array('http://otherhostname.tld/path/index.php?id=1'),
182 'sane absolute URL with realurl (domain record with path)' => array('http://otherhostname.tld/path/foo/bar/foo.html'),
183 'sane absolute URL (domain record with path and slash)' => array('http://sub.domainhostname.tld/path/'),
184 'sane absolute URL with script (domain record with path slash)' => array('http://sub.domainhostname.tld/path/index.php?id=1'),
185 'sane absolute URL with realurl (domain record with path slash)' => array('http://sub.domainhostname.tld/path/foo/bar/foo.html'),
186 'relative URL, no leading slash 1' => array('index.php?id=1'),
187 'relative URL, no leading slash 2' => array('foo/bar/index.php?id=2'),
188 'relative URL, leading slash, no realurl' => array('/index.php?id=1'),
189 'relative URL, leading slash, realurl' => array('/de/service/imprint.html'),
190 );
191 }
192
193 /**
194 * @test
195 * @dataProvider validateRedirectUrlKeepsCleanUrlDataProvider
196 * @param string $url Clean URL to test
197 */
198 public function validateRedirectUrlKeepsCleanUrl($url) {
199 $this->setUpDatabaseMock();
200 $this->assertEquals($url, $this->accessibleFixture->_call('validateRedirectUrl', $url));
201 }
202
203 /**
204 * Data provider for validateRedirectUrlClearsInvalidUrlInSubdirectory
205 *
206 * @return array
207 */
208 public function validateRedirectUrlClearsInvalidUrlInSubdirectoryDataProvider() {
209 return array(
210 'absolute URL, missing subdirectory' => array('http://hostname.tld/'),
211 'absolute URL, wrong subdirectory' => array('http://hostname.tld/hacker/index.php'),
212 'absolute URL, correct subdirectory, no trailing slash' => array('http://hostname.tld/subdir'),
213 'absolute URL, correct subdirectory of sys_domain record, no trailing slash' => array('http://otherhostname.tld/path'),
214 'absolute URL, correct subdirectory of sys_domain record, no trailing slash, subdomain' => array('http://sub.domainhostname.tld/path'),
215 'relative URL, leading slash, no path' => array('/index.php?id=1'),
216 'relative URL, leading slash, wrong path' => array('/de/sub/site.html'),
217 'relative URL, leading slash, slash only' => array('/'),
218 );
219 }
220
221 /**
222 * @test
223 * @dataProvider validateRedirectUrlClearsInvalidUrlInSubdirectoryDataProvider
224 * @param string $url Invalid Url
225 */
226 public function validateRedirectUrlClearsInvalidUrlInSubdirectory($url) {
227 $this->testSitePath = '/subdir/';
228 $this->setUpFakeSitePathAndHost();
229 $this->setUpDatabaseMock();
230 $this->assertEquals('', $this->accessibleFixture->_call('validateRedirectUrl', $url));
231 }
232
233 /**
234 * Data provider for validateRedirectUrlKeepsCleanUrlInSubdirectory
235 *
236 * @return array
237 */
238 public function validateRedirectUrlKeepsCleanUrlInSubdirectoryDataProvider() {
239 return array(
240 'absolute URL, correct subdirectory' => array('http://hostname.tld/subdir/'),
241 'absolute URL, correct subdirectory, realurl' => array('http://hostname.tld/subdir/de/imprint.html'),
242 'absolute URL, correct subdirectory, no realurl' => array('http://hostname.tld/subdir/index.php?id=10'),
243 'absolute URL, correct subdirectory of sys_domain record' => array('http://otherhostname.tld/path/'),
244 'absolute URL, correct subdirectory of sys_domain record, subdomain' => array('http://sub.domainhostname.tld/path/'),
245 'relative URL, no leading slash, realurl' => array('de/service/imprint.html'),
246 'relative URL, no leading slash, no realurl' => array('index.php?id=1'),
247 'relative nested URL, no leading slash, no realurl' => array('foo/bar/index.php?id=2')
248 );
249 }
250
251 /**
252 * @test
253 * @dataProvider validateRedirectUrlKeepsCleanUrlInSubdirectoryDataProvider
254 * @param string $url Invalid Url
255 */
256 public function validateRedirectUrlKeepsCleanUrlInSubdirectory($url) {
257 $this->testSitePath = '/subdir/';
258 $this->setUpFakeSitePathAndHost();
259 $this->setUpDatabaseMock();
260 $this->assertEquals($url, $this->accessibleFixture->_call('validateRedirectUrl', $url));
261 }
262
263
264 /*************************
265 * Test concerning getPreverveGetVars
266 *************************/
267
268 /**
269 * @return array
270 */
271 public function getPreserveGetVarsReturnsCorrectResultDataProvider() {
272 return array(
273 'special get var id is not preserved' => array(
274 array(
275 'id' => 42,
276 ),
277 '',
278 '',
279 ),
280 'simple additional parameter is not preserved if not specified in preservedGETvars' => array(
281 array(
282 'id' => 42,
283 'special' => 23,
284 ),
285 '',
286 '',
287 ),
288 'all params except ignored ones are preserved if preservedGETvars is set to "all"' => array(
289 array(
290 'id' => 42,
291 'special1' => 23,
292 'special2' => array(
293 'foo' => 'bar',
294 ),
295 'tx_felogin_pi1' => array(
296 'forgot' => 1,
297 ),
298 ),
299 'all',
300 '&special1=23&special2[foo]=bar',
301 ),
302 'preserve single parameter' => array(
303 array(
304 'L' => 42,
305 ),
306 'L',
307 '&L=42'
308 ),
309 'preserve whole parameter array' => array(
310 array(
311 'L' => 3,
312 'tx_someext' => array(
313 'foo' => 'simple',
314 'bar' => array(
315 'baz' => 'simple',
316 ),
317 ),
318 ),
319 'L,tx_someext',
320 '&L=3&tx_someext[foo]=simple&tx_someext[bar][baz]=simple',
321 ),
322 'preserve part of sub array' => array(
323 array(
324 'L' => 3,
325 'tx_someext' => array(
326 'foo' => 'simple',
327 'bar' => array(
328 'baz' => 'simple',
329 ),
330 ),
331 ),
332 'L,tx_someext[bar]',
333 '&L=3&tx_someext[bar][baz]=simple',
334 ),
335 'preserve keys on different levels' => array(
336 array(
337 'L' => 3,
338 'no-preserve' => 'whatever',
339 'tx_ext2' => array(
340 'foo' => 'simple',
341 ),
342 'tx_ext3' => array(
343 'bar' => array(
344 'baz' => 'simple',
345 ),
346 'go-away' => '',
347 ),
348 ),
349 'L,tx_ext2,tx_ext3[bar]',
350 '&L=3&tx_ext2[foo]=simple&tx_ext3[bar][baz]=simple',
351 ),
352 'preserved value that does not exist in get' => array(
353 array(),
354 'L,foo[bar]',
355 ''
356 ),
357 'url params are encoded' => array(
358 array('tx_ext1' => 'param with spaces and \\ %<>& /'),
359 'L,tx_ext1',
360 '&tx_ext1=param%20with%20spaces%20and%20%5C%20%25%3C%3E%26%20%2F'
361 ),
362 );
363 }
364
365 /**
366 * @test
367 * @dataProvider getPreserveGetVarsReturnsCorrectResultDataProvider
368 * @param array $getArray
369 * @param string $preserveVars
370 * @param string $expected
371 * @return void
372 */
373 public function getPreserveGetVarsReturnsCorrectResult(array $getArray, $preserveVars, $expected) {
374 $_GET = $getArray;
375 $this->accessibleFixture->conf['preserveGETvars'] = $preserveVars;
376 $this->assertSame($expected, $this->accessibleFixture->_call('getPreserveGetVars'));
377 }
378
379
380 /**************************************************
381 * Tests concerning isInLocalDomain
382 **************************************************/
383
384 /**
385 * Dataprovider for isInCurrentDomainIgnoresScheme
386 *
387 * @return array
388 */
389 public function isInCurrentDomainIgnoresSchemeDataProvider() {
390 return array(
391 'url https, current host http' => array(
392 'example.com', // HTTP_HOST
393 '0', // HTTPS
394 'https://example.com/foo.html' // URL
395 ),
396 'url http, current host https' => array(
397 'example.com',
398 '1',
399 'http://example.com/foo.html'
400 ),
401 'url https, current host https' => array(
402 'example.com',
403 '1',
404 'https://example.com/foo.html'
405 ),
406 'url http, current host http' => array(
407 'example.com',
408 '0',
409 'http://example.com/foo.html'
410 )
411 );
412 }
413
414 /**
415 * @test
416 * @dataProvider isInCurrentDomainIgnoresSchemeDataProvider
417 * @param string $host $_SERVER['HTTP_HOST']
418 * @param string $https $_SERVER['HTTPS']
419 * @param string $url The url to test
420 */
421 public function isInCurrentDomainIgnoresScheme($host, $https, $url) {
422 $_SERVER['HTTP_HOST'] = $host;
423 $_SERVER['HTTPS'] = $https;
424 $this->assertTrue($this->accessibleFixture->_call('isInCurrentDomain', $url));
425 }
426
427 /**
428 * @return array
429 */
430 public function isInCurrentDomainReturnsFalseIfDomainsAreDifferentDataProvider() {
431 return array(
432 'simple difference' => array(
433 'example.com', // HTTP_HOST
434 'http://typo3.org/foo.html' // URL
435 ),
436 'subdomain different' => array(
437 'example.com',
438 'http://foo.example.com/bar.html'
439 )
440 );
441 }
442
443 /**
444 * @test
445 * @dataProvider isInCurrentDomainReturnsFalseIfDomainsAreDifferentDataProvider
446 * @param string $host $_SERVER['HTTP_HOST']
447 * @param string $url The url to test
448 */
449 public function isInCurrentDomainReturnsFalseIfDomainsAreDifferent($host, $url) {
450 $_SERVER['HTTP_HOST'] = $host;
451 $this->assertFalse($this->accessibleFixture->_call('isInCurrentDomain', $url));
452 }
453
454 /**
455 * @test
456 */
457 public function processRedirectReferrerDomainsMatchesDomains() {
458 $conf = array(
459 'redirectMode' => 'refererDomains',
460 'domains' => 'example.com'
461 );
462
463 $this->accessibleFixture->_set('conf', $conf);
464 $this->accessibleFixture->_set('logintype', 'login');
465 $this->accessibleFixture->_set('referer', 'http://www.example.com/snafu');
466 /** @var TypoScriptFrontendController $tsfe */
467 $tsfe = $this->accessibleFixture->_get('frontendController');
468 $tsfe->loginUser = TRUE;
469 $this->assertSame(array('http://www.example.com/snafu'), $this->accessibleFixture->_call('processRedirect'));
470 }
471
472 }