[TASK] Removes extra empty lines
[Packages/TYPO3.CMS.git] / typo3 / sysext / felogin / Tests / Unit / Controller / FrontendLoginControllerTest.php
1 <?php
2 namespace TYPO3\CMS\Felogin\Tests\Unit\Controller;
3
4 /*
5 * This file is part of the TYPO3 CMS project.
6 *
7 * It is free software; you can redistribute it and/or modify it under
8 * the terms of the GNU General Public License, either version 2
9 * of the License, or any later version.
10 *
11 * For the full copyright and license information, please read the
12 * LICENSE.txt file that was distributed with this source code.
13 *
14 * The TYPO3 project - inspiring people to share!
15 */
16
17 use TYPO3\CMS\Core\Utility\GeneralUtility;
18 use TYPO3\CMS\Frontend\Controller\TypoScriptFrontendController;
19
20 /**
21 * Test case
22 */
23 class FrontendLoginControllerTest extends \TYPO3\CMS\Core\Tests\UnitTestCase
24 {
25 /**
26 * @var \TYPO3\CMS\Felogin\Controller\FrontendLoginController|\TYPO3\CMS\Core\Tests\AccessibleObjectInterface
27 */
28 protected $accessibleFixture;
29
30 /**
31 * @var string
32 */
33 protected $testHostName;
34
35 /**
36 * @var string
37 */
38 protected $testSitePath;
39
40 /**
41 * @var string
42 */
43 protected $testTableName;
44
45 /**
46 * Set up
47 */
48 protected function setUp()
49 {
50 $this->testTableName = 'sys_domain';
51 $this->testHostName = 'hostname.tld';
52 $this->testSitePath = '/';
53 $this->accessibleFixture = $this->getAccessibleMock(\TYPO3\CMS\Felogin\Controller\FrontendLoginController::class, array('dummy'));
54 $this->accessibleFixture->cObj = $this->getMock(\TYPO3\CMS\Frontend\ContentObject\ContentObjectRenderer::class);
55 $this->accessibleFixture->_set('frontendController', $this->getMock(\TYPO3\CMS\Frontend\Controller\TypoScriptFrontendController::class, array(), array(), '', false));
56 $this->setUpFakeSitePathAndHost();
57 }
58
59 /**
60 * Set up a fake site path and host
61 */
62 protected function setUpFakeSitePathAndHost()
63 {
64 GeneralUtility::flushInternalRuntimeCaches();
65 $_SERVER['ORIG_PATH_INFO'] = $_SERVER['PATH_INFO'] = $_SERVER['ORIG_SCRIPT_NAME'] = $_SERVER['SCRIPT_NAME'] = $this->testSitePath . TYPO3_mainDir;
66 $_SERVER['HTTP_HOST'] = $this->testHostName;
67 }
68
69 /**
70 * Mock database
71 */
72 protected function setUpDatabaseMock()
73 {
74 $db = $this->getMock(\TYPO3\CMS\Core\Database\DatabaseConnection::class, array('exec_SELECTgetRows'));
75 $db
76 ->expects($this->any())
77 ->method('exec_SELECTgetRows')
78 ->will($this->returnCallback(array($this, 'getDomainRecordsCallback')));
79 $this->accessibleFixture->_set('databaseConnection', $db);
80 }
81
82 /**
83 * Callback method for pageIdCanBeDetermined test cases.
84 * Simulates TYPO3_DB->exec_SELECTgetRows().
85 *
86 * @param string $fields
87 * @param string $table
88 * @param string $where
89 * @return mixed
90 * @see setUpDatabaseMock
91 */
92 public function getDomainRecordsCallback($fields, $table, $where)
93 {
94 if ($table !== $this->testTableName) {
95 return false;
96 }
97 return array(
98 array('domainName' => 'domainhostname.tld'),
99 array('domainName' => 'otherhostname.tld/path'),
100 array('domainName' => 'sub.domainhostname.tld/path/')
101 );
102 }
103
104 /**
105 * @test
106 */
107 public function typo3SitePathEqualsStubSitePath()
108 {
109 $this->assertEquals(\TYPO3\CMS\Core\Utility\GeneralUtility::getIndpEnv('TYPO3_SITE_PATH'), $this->testSitePath);
110 }
111
112 /**
113 * @test
114 */
115 public function typo3SiteUrlEqualsStubSiteUrl()
116 {
117 $this->assertEquals(\TYPO3\CMS\Core\Utility\GeneralUtility::getIndpEnv('TYPO3_SITE_URL'), ('http://' . $this->testHostName) . $this->testSitePath);
118 }
119
120 /**
121 * @test
122 */
123 public function typo3SitePathEqualsStubSitePathAfterChangingInTest()
124 {
125 $this->testHostName = 'somenewhostname.com';
126 $this->testSitePath = '/somenewpath/';
127 $this->setUpFakeSitePathAndHost();
128 $this->assertEquals(\TYPO3\CMS\Core\Utility\GeneralUtility::getIndpEnv('TYPO3_SITE_PATH'), $this->testSitePath);
129 }
130
131 /**
132 * @test
133 */
134 public function typo3SiteUrlEqualsStubSiteUrlAfterChangingInTest()
135 {
136 $this->testHostName = 'somenewhostname.com';
137 $this->testSitePath = '/somenewpath/';
138 $this->setUpFakeSitePathAndHost();
139 $this->assertEquals(\TYPO3\CMS\Core\Utility\GeneralUtility::getIndpEnv('TYPO3_SITE_URL'), ('http://' . $this->testHostName) . $this->testSitePath);
140 }
141
142 /**
143 * Data provider for validateRedirectUrlClearsUrl
144 *
145 * @return array
146 */
147 public function validateRedirectUrlClearsUrlDataProvider()
148 {
149 return array(
150 'absolute URL, hostname not in sys_domain, trailing slash' => array('http://badhost.tld/'),
151 'absolute URL, hostname not in sys_domain, no trailing slash' => array('http://badhost.tld'),
152 'absolute URL, subdomain in sys_domain, but main domain not, trailing slash' => array('http://domainhostname.tld.badhost.tld/'),
153 'absolute URL, subdomain in sys_domain, but main domain not, no trailing slash' => array('http://domainhostname.tld.badhost.tld'),
154 'non http absolute URL 1' => array('its://domainhostname.tld/itunes/'),
155 'non http absolute URL 2' => array('ftp://domainhostname.tld/download/'),
156 'XSS attempt 1' => array('javascript:alert(123)'),
157 'XSS attempt 2' => array('" onmouseover="alert(123)"'),
158 'invalid URL, HTML break out attempt' => array('" >blabuubb'),
159 'invalid URL, UNC path' => array('\\\\foo\\bar\\'),
160 'invalid URL, backslashes in path' => array('http://domainhostname.tld\\bla\\blupp'),
161 'invalid URL, linefeed in path' => array('http://domainhostname.tld/bla/blupp' . LF),
162 'invalid URL, only one slash after scheme' => array('http:/domainhostname.tld/bla/blupp'),
163 'invalid URL, illegal chars' => array('http://(<>domainhostname).tld/bla/blupp'),
164 );
165 }
166
167 /**
168 * @test
169 * @dataProvider validateRedirectUrlClearsUrlDataProvider
170 * @param string $url Invalid Url
171 */
172 public function validateRedirectUrlClearsUrl($url)
173 {
174 $this->setUpDatabaseMock();
175 $this->assertEquals('', $this->accessibleFixture->_call('validateRedirectUrl', $url));
176 }
177
178 /**
179 * Data provider for validateRedirectUrlKeepsCleanUrl
180 *
181 * @return array
182 */
183 public function validateRedirectUrlKeepsCleanUrlDataProvider()
184 {
185 return array(
186 'sane absolute URL' => array('http://domainhostname.tld/'),
187 'sane absolute URL with script' => array('http://domainhostname.tld/index.php?id=1'),
188 'sane absolute URL with realurl' => array('http://domainhostname.tld/foo/bar/foo.html'),
189 'sane absolute URL with homedir' => array('http://domainhostname.tld/~user/'),
190 'sane absolute URL with some strange chars encoded' => array('http://domainhostname.tld/~user/a%cc%88o%cc%88%c3%9fa%cc%82/foo.html'),
191 'sane absolute URL (domain record with path)' => array('http://otherhostname.tld/path/'),
192 'sane absolute URL with script (domain record with path)' => array('http://otherhostname.tld/path/index.php?id=1'),
193 'sane absolute URL with realurl (domain record with path)' => array('http://otherhostname.tld/path/foo/bar/foo.html'),
194 'sane absolute URL (domain record with path and slash)' => array('http://sub.domainhostname.tld/path/'),
195 'sane absolute URL with script (domain record with path slash)' => array('http://sub.domainhostname.tld/path/index.php?id=1'),
196 'sane absolute URL with realurl (domain record with path slash)' => array('http://sub.domainhostname.tld/path/foo/bar/foo.html'),
197 'relative URL, no leading slash 1' => array('index.php?id=1'),
198 'relative URL, no leading slash 2' => array('foo/bar/index.php?id=2'),
199 'relative URL, leading slash, no realurl' => array('/index.php?id=1'),
200 'relative URL, leading slash, realurl' => array('/de/service/imprint.html'),
201 );
202 }
203
204 /**
205 * @test
206 * @dataProvider validateRedirectUrlKeepsCleanUrlDataProvider
207 * @param string $url Clean URL to test
208 */
209 public function validateRedirectUrlKeepsCleanUrl($url)
210 {
211 $this->setUpDatabaseMock();
212 $this->assertEquals($url, $this->accessibleFixture->_call('validateRedirectUrl', $url));
213 }
214
215 /**
216 * Data provider for validateRedirectUrlClearsInvalidUrlInSubdirectory
217 *
218 * @return array
219 */
220 public function validateRedirectUrlClearsInvalidUrlInSubdirectoryDataProvider()
221 {
222 return array(
223 'absolute URL, missing subdirectory' => array('http://hostname.tld/'),
224 'absolute URL, wrong subdirectory' => array('http://hostname.tld/hacker/index.php'),
225 'absolute URL, correct subdirectory, no trailing slash' => array('http://hostname.tld/subdir'),
226 'absolute URL, correct subdirectory of sys_domain record, no trailing slash' => array('http://otherhostname.tld/path'),
227 'absolute URL, correct subdirectory of sys_domain record, no trailing slash, subdomain' => array('http://sub.domainhostname.tld/path'),
228 'relative URL, leading slash, no path' => array('/index.php?id=1'),
229 'relative URL, leading slash, wrong path' => array('/de/sub/site.html'),
230 'relative URL, leading slash, slash only' => array('/'),
231 );
232 }
233
234 /**
235 * @test
236 * @dataProvider validateRedirectUrlClearsInvalidUrlInSubdirectoryDataProvider
237 * @param string $url Invalid Url
238 */
239 public function validateRedirectUrlClearsInvalidUrlInSubdirectory($url)
240 {
241 $this->testSitePath = '/subdir/';
242 $this->setUpFakeSitePathAndHost();
243 $this->setUpDatabaseMock();
244 $this->assertEquals('', $this->accessibleFixture->_call('validateRedirectUrl', $url));
245 }
246
247 /**
248 * Data provider for validateRedirectUrlKeepsCleanUrlInSubdirectory
249 *
250 * @return array
251 */
252 public function validateRedirectUrlKeepsCleanUrlInSubdirectoryDataProvider()
253 {
254 return array(
255 'absolute URL, correct subdirectory' => array('http://hostname.tld/subdir/'),
256 'absolute URL, correct subdirectory, realurl' => array('http://hostname.tld/subdir/de/imprint.html'),
257 'absolute URL, correct subdirectory, no realurl' => array('http://hostname.tld/subdir/index.php?id=10'),
258 'absolute URL, correct subdirectory of sys_domain record' => array('http://otherhostname.tld/path/'),
259 'absolute URL, correct subdirectory of sys_domain record, subdomain' => array('http://sub.domainhostname.tld/path/'),
260 'relative URL, no leading slash, realurl' => array('de/service/imprint.html'),
261 'relative URL, no leading slash, no realurl' => array('index.php?id=1'),
262 'relative nested URL, no leading slash, no realurl' => array('foo/bar/index.php?id=2')
263 );
264 }
265
266 /**
267 * @test
268 * @dataProvider validateRedirectUrlKeepsCleanUrlInSubdirectoryDataProvider
269 * @param string $url Invalid Url
270 */
271 public function validateRedirectUrlKeepsCleanUrlInSubdirectory($url)
272 {
273 $this->testSitePath = '/subdir/';
274 $this->setUpFakeSitePathAndHost();
275 $this->setUpDatabaseMock();
276 $this->assertEquals($url, $this->accessibleFixture->_call('validateRedirectUrl', $url));
277 }
278
279 /*************************
280 * Test concerning getPreverveGetVars
281 *************************/
282
283 /**
284 * @return array
285 */
286 public function getPreserveGetVarsReturnsCorrectResultDataProvider()
287 {
288 return array(
289 'special get var id is not preserved' => array(
290 array(
291 'id' => 42,
292 ),
293 '',
294 '',
295 ),
296 'simple additional parameter is not preserved if not specified in preservedGETvars' => array(
297 array(
298 'id' => 42,
299 'special' => 23,
300 ),
301 '',
302 '',
303 ),
304 'all params except ignored ones are preserved if preservedGETvars is set to "all"' => array(
305 array(
306 'id' => 42,
307 'special1' => 23,
308 'special2' => array(
309 'foo' => 'bar',
310 ),
311 'tx_felogin_pi1' => array(
312 'forgot' => 1,
313 ),
314 ),
315 'all',
316 '&special1=23&special2[foo]=bar',
317 ),
318 'preserve single parameter' => array(
319 array(
320 'L' => 42,
321 ),
322 'L',
323 '&L=42'
324 ),
325 'preserve whole parameter array' => array(
326 array(
327 'L' => 3,
328 'tx_someext' => array(
329 'foo' => 'simple',
330 'bar' => array(
331 'baz' => 'simple',
332 ),
333 ),
334 ),
335 'L,tx_someext',
336 '&L=3&tx_someext[foo]=simple&tx_someext[bar][baz]=simple',
337 ),
338 'preserve part of sub array' => array(
339 array(
340 'L' => 3,
341 'tx_someext' => array(
342 'foo' => 'simple',
343 'bar' => array(
344 'baz' => 'simple',
345 ),
346 ),
347 ),
348 'L,tx_someext[bar]',
349 '&L=3&tx_someext[bar][baz]=simple',
350 ),
351 'preserve keys on different levels' => array(
352 array(
353 'L' => 3,
354 'no-preserve' => 'whatever',
355 'tx_ext2' => array(
356 'foo' => 'simple',
357 ),
358 'tx_ext3' => array(
359 'bar' => array(
360 'baz' => 'simple',
361 ),
362 'go-away' => '',
363 ),
364 ),
365 'L,tx_ext2,tx_ext3[bar]',
366 '&L=3&tx_ext2[foo]=simple&tx_ext3[bar][baz]=simple',
367 ),
368 'preserved value that does not exist in get' => array(
369 array(),
370 'L,foo[bar]',
371 ''
372 ),
373 'url params are encoded' => array(
374 array('tx_ext1' => 'param with spaces and \\ %<>& /'),
375 'L,tx_ext1',
376 '&tx_ext1=param%20with%20spaces%20and%20%5C%20%25%3C%3E%26%20%2F'
377 ),
378 );
379 }
380
381 /**
382 * @test
383 * @dataProvider getPreserveGetVarsReturnsCorrectResultDataProvider
384 * @param array $getArray
385 * @param string $preserveVars
386 * @param string $expected
387 * @return void
388 */
389 public function getPreserveGetVarsReturnsCorrectResult(array $getArray, $preserveVars, $expected)
390 {
391 $_GET = $getArray;
392 $this->accessibleFixture->conf['preserveGETvars'] = $preserveVars;
393 $this->assertSame($expected, $this->accessibleFixture->_call('getPreserveGetVars'));
394 }
395
396 /**************************************************
397 * Tests concerning isInLocalDomain
398 **************************************************/
399
400 /**
401 * Dataprovider for isInCurrentDomainIgnoresScheme
402 *
403 * @return array
404 */
405 public function isInCurrentDomainIgnoresSchemeDataProvider()
406 {
407 return array(
408 'url https, current host http' => array(
409 'example.com', // HTTP_HOST
410 '0', // HTTPS
411 'https://example.com/foo.html' // URL
412 ),
413 'url http, current host https' => array(
414 'example.com',
415 '1',
416 'http://example.com/foo.html'
417 ),
418 'url https, current host https' => array(
419 'example.com',
420 '1',
421 'https://example.com/foo.html'
422 ),
423 'url http, current host http' => array(
424 'example.com',
425 '0',
426 'http://example.com/foo.html'
427 )
428 );
429 }
430
431 /**
432 * @test
433 * @dataProvider isInCurrentDomainIgnoresSchemeDataProvider
434 * @param string $host $_SERVER['HTTP_HOST']
435 * @param string $https $_SERVER['HTTPS']
436 * @param string $url The url to test
437 */
438 public function isInCurrentDomainIgnoresScheme($host, $https, $url)
439 {
440 $_SERVER['HTTP_HOST'] = $host;
441 $_SERVER['HTTPS'] = $https;
442 $this->assertTrue($this->accessibleFixture->_call('isInCurrentDomain', $url));
443 }
444
445 /**
446 * @return array
447 */
448 public function isInCurrentDomainReturnsFalseIfDomainsAreDifferentDataProvider()
449 {
450 return array(
451 'simple difference' => array(
452 'example.com', // HTTP_HOST
453 'http://typo3.org/foo.html' // URL
454 ),
455 'subdomain different' => array(
456 'example.com',
457 'http://foo.example.com/bar.html'
458 )
459 );
460 }
461
462 /**
463 * @test
464 * @dataProvider isInCurrentDomainReturnsFalseIfDomainsAreDifferentDataProvider
465 * @param string $host $_SERVER['HTTP_HOST']
466 * @param string $url The url to test
467 */
468 public function isInCurrentDomainReturnsFalseIfDomainsAreDifferent($host, $url)
469 {
470 $_SERVER['HTTP_HOST'] = $host;
471 $this->assertFalse($this->accessibleFixture->_call('isInCurrentDomain', $url));
472 }
473
474 /**
475 * @test
476 */
477 public function processRedirectReferrerDomainsMatchesDomains()
478 {
479 $conf = array(
480 'redirectMode' => 'refererDomains',
481 'domains' => 'example.com'
482 );
483
484 $this->accessibleFixture->_set('conf', $conf);
485 $this->accessibleFixture->_set('logintype', 'login');
486 $this->accessibleFixture->_set('referer', 'http://www.example.com/snafu');
487 /** @var TypoScriptFrontendController $tsfe */
488 $tsfe = $this->accessibleFixture->_get('frontendController');
489 $tsfe->loginUser = true;
490 $this->assertSame(array('http://www.example.com/snafu'), $this->accessibleFixture->_call('processRedirect'));
491 }
492 }