BackendUserAuthenticationTest.php 29.9 KB
Newer Older
1
<?php
2

3
declare(strict_types=1);
4

5
/*
6
 * This file is part of the TYPO3 CMS project.
7
 *
8
9
10
 * It is free software; you can redistribute it and/or modify it under
 * the terms of the GNU General Public License, either version 2
 * of the License, or any later version.
11
 *
12
13
 * For the full copyright and license information, please read the
 * LICENSE.txt file that was distributed with this source code.
14
 *
15
16
 * The TYPO3 project - inspiring people to share!
 */
17

18
19
namespace TYPO3\CMS\Core\Tests\Unit\Authentication;

20
use PHPUnit\Framework\MockObject\MockObject;
21
22
use Prophecy\Argument;
use Prophecy\Prophecy\ObjectProphecy;
23
use Psr\Log\NullLogger;
24
use TYPO3\CMS\Core\Authentication\BackendUserAuthentication;
25
use TYPO3\CMS\Core\Authentication\IpLocker;
26
27
use TYPO3\CMS\Core\Database\Connection;
use TYPO3\CMS\Core\Database\ConnectionPool;
28
29
use TYPO3\CMS\Core\Database\Query\Expression\ExpressionBuilder;
use TYPO3\CMS\Core\Database\Query\QueryBuilder;
30
use TYPO3\CMS\Core\FormProtection\BackendFormProtection;
31
32
use TYPO3\CMS\Core\FormProtection\FormProtectionFactory;
use TYPO3\CMS\Core\Resource\ResourceStorage;
33
34
use TYPO3\CMS\Core\Session\Backend\SessionBackendInterface;
use TYPO3\CMS\Core\Session\UserSessionManager;
35
use TYPO3\CMS\Core\Tests\Unit\Database\Mocks\MockPlatform;
36
use TYPO3\CMS\Core\Type\Bitmask\JsConfirmation;
37
use TYPO3\CMS\Core\Utility\GeneralUtility;
38
use TYPO3\TestingFramework\Core\Unit\UnitTestCase;
39

40
/**
41
 * Test case
42
 */
43
class BackendUserAuthenticationTest extends UnitTestCase
44
45
46
47
{
    /**
     * @var array
     */
48
    protected $defaultFilePermissions = [
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
        // File permissions
        'addFile' => false,
        'readFile' => false,
        'writeFile' => false,
        'copyFile' => false,
        'moveFile' => false,
        'renameFile' => false,
        'deleteFile' => false,
        // Folder permissions
        'addFolder' => false,
        'readFolder' => false,
        'writeFolder' => false,
        'copyFolder' => false,
        'moveFolder' => false,
        'renameFolder' => false,
        'deleteFolder' => false,
        'recursivedeleteFolder' => false
66
    ];
67

68
69
70
    /**
     * Tear down
     */
71
    protected function tearDown(): void
72
    {
73
        FormProtectionFactory::purgeInstances();
74
75
76
77
78
79
80
81
82
        parent::tearDown();
    }

    /////////////////////////////////////////
    // Tests concerning the form protection
    /////////////////////////////////////////
    /**
     * @test
     */
83
    public function logoffCleansFormProtectionIfBackendUserIsLoggedIn(): void
84
    {
85
86
        /** @var ObjectProphecy|Connection $connection */
        $connection = $this->prophesize(Connection::class);
87
88
89
90
91
92
93
        $connection->delete('sys_lockedrecords', Argument::cetera())->willReturn(1);

        /** @var ObjectProphecy|ConnectionPool $connectionPool */
        $connectionPool = $this->prophesize(ConnectionPool::class);
        $connectionPool->getConnectionForTable(Argument::cetera())->willReturn($connection->reveal());

        GeneralUtility::addInstance(ConnectionPool::class, $connectionPool->reveal());
94
95

        /** @var ObjectProphecy|\TYPO3\CMS\Core\FormProtection\AbstractFormProtection $formProtection */
96
        $formProtection = $this->prophesize(BackendFormProtection::class);
97
        $formProtection->clean()->shouldBeCalled();
98

99
        FormProtectionFactory::set(
100
            'default',
101
            $formProtection->reveal()
102
103
        );

104
105
106
107
108
109
110
111
        $sessionBackend = $this->prophesize(SessionBackendInterface::class);
        $sessionBackend->remove(Argument::cetera())->willReturn(true);
        $userSessionManager = new UserSessionManager(
            $sessionBackend->reveal(),
            86400,
            new IpLocker(0, 0)
        );

112
        $GLOBALS['BE_USER'] = $this->getMockBuilder(BackendUserAuthentication::class)->getMock();
113
        $GLOBALS['BE_USER']->user = [
114
            'uid' => 4711,
115
        ];
116
        $GLOBALS['BE_USER']->setLogger(new NullLogger());
117
        $GLOBALS['BE_USER']->initializeUserSessionManager($userSessionManager);
118

119
        /** @var BackendUserAuthentication|\PHPUnit\Framework\MockObject\MockObject $subject */
120
        $subject = $this->getMockBuilder(BackendUserAuthentication::class)
121
            ->setMethods(['dummy'])
122
123
            ->disableOriginalConstructor()
            ->getMock();
124

125
        $subject->setLogger(new NullLogger());
126
        $subject->initializeUserSessionManager($userSessionManager);
127
128
129
130
131
132
        $subject->logoff();
    }

    /**
     * @return array
     */
133
    public function getFilePermissionsTakesUserDefaultAndStoragePermissionsIntoAccountIfUserIsNotAdminDataProvider(): array
134
    {
135
136
137
        return [
            'Only read permissions' => [
                [
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
                    'addFile' => 0,
                    'readFile' => 1,
                    'writeFile' => 0,
                    'copyFile' => 0,
                    'moveFile' => 0,
                    'renameFile' => 0,
                    'deleteFile' => 0,
                    'addFolder' => 0,
                    'readFolder' => 1,
                    'copyFolder' => 0,
                    'moveFolder' => 0,
                    'renameFolder' => 0,
                    'writeFolder' => 0,
                    'deleteFolder' => 0,
                    'recursivedeleteFolder' => 0,
153
154
155
156
                ]
            ],
            'Uploading allowed' => [
                [
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
                    'addFile' => 1,
                    'readFile' => 1,
                    'writeFile' => 1,
                    'copyFile' => 1,
                    'moveFile' => 1,
                    'renameFile' => 1,
                    'deleteFile' => 1,
                    'addFolder' => 0,
                    'readFolder' => 1,
                    'copyFolder' => 0,
                    'moveFolder' => 0,
                    'renameFolder' => 0,
                    'writeFolder' => 0,
                    'deleteFolder' => 0,
                    'recursivedeleteFolder' => 0
172
173
174
175
                ]
            ],
            'One value is enough' => [
                [
176
                    'addFile' => 1,
177
178
179
                ]
            ],
        ];
180
181
182
183
184
185
186
    }

    /**
     * @param array $userTsConfiguration
     * @test
     * @dataProvider getFilePermissionsTakesUserDefaultAndStoragePermissionsIntoAccountIfUserIsNotAdminDataProvider
     */
187
    public function getFilePermissionsTakesUserDefaultPermissionsFromTsConfigIntoAccountIfUserIsNotAdmin(array $userTsConfiguration): void
188
    {
189
        /** @var BackendUserAuthentication|\PHPUnit\Framework\MockObject\MockObject $subject */
190
        $subject = $this->getMockBuilder(BackendUserAuthentication::class)
191
            ->setMethods(['isAdmin', 'getTSConfig'])
192
            ->getMock();
193
194

        $subject
195
            ->expects(self::any())
196
            ->method('isAdmin')
197
            ->willReturn(false);
198

199
        $subject->setLogger(new NullLogger());
200
        $subject
201
            ->expects(self::any())
202
            ->method('getTSConfig')
203
            ->willReturn([
204
205
206
207
208
                'permissions.' => [
                    'file.' => [
                        'default.' => $userTsConfiguration
                    ],
                ]
209
            ]);
210
211
212
213
214
215
216
217
218

        $expectedPermissions = array_merge($this->defaultFilePermissions, $userTsConfiguration);
        array_walk(
            $expectedPermissions,
            function (&$value) {
                $value = (bool)$value;
            }
        );

219
        self::assertEquals($expectedPermissions, $subject->getFilePermissions());
220
221
222
223
224
    }

    /**
     * @return array
     */
225
    public function getFilePermissionsFromStorageDataProvider(): array
226
    {
227
        $defaultPermissions = [
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
            'addFile' => true,
            'readFile' => true,
            'writeFile' => true,
            'copyFile' => true,
            'moveFile' => true,
            'renameFile' => true,
            'deleteFile' => true,
            'addFolder' => true,
            'readFolder' => true,
            'copyFolder' => true,
            'moveFolder' => true,
            'renameFolder' => true,
            'writeFolder' => true,
            'deleteFolder' => true,
            'recursivedeleteFolder' => true
243
        ];
244

245
246
        return [
            'Overwrites given storage permissions with default permissions' => [
247
248
                $defaultPermissions,
                1,
249
                [
250
251
                    'addFile' => 0,
                    'recursivedeleteFolder' =>0
252
253
                ],
                [
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
                    'addFile' => 0,
                    'readFile' => 1,
                    'writeFile' => 1,
                    'copyFile' => 1,
                    'moveFile' => 1,
                    'renameFile' => 1,
                    'deleteFile' => 1,
                    'addFolder' => 1,
                    'readFolder' => 1,
                    'copyFolder' => 1,
                    'moveFolder' => 1,
                    'renameFolder' => 1,
                    'writeFolder' => 1,
                    'deleteFolder' => 1,
                    'recursivedeleteFolder' => 0
269
270
271
                ]
            ],
            'Overwrites given storage 0 permissions with default permissions' => [
272
273
                $defaultPermissions,
                0,
274
                [
275
276
                    'addFile' => 0,
                    'recursivedeleteFolder' =>0
277
278
                ],
                [
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
                    'addFile' => false,
                    'readFile' => true,
                    'writeFile' => true,
                    'copyFile' => true,
                    'moveFile' => true,
                    'renameFile' => true,
                    'deleteFile' => true,
                    'addFolder' => true,
                    'readFolder' => true,
                    'copyFolder' => true,
                    'moveFolder' => true,
                    'renameFolder' => true,
                    'writeFolder' => true,
                    'deleteFolder' => true,
                    'recursivedeleteFolder' => false
294
295
296
                ]
            ],
            'Returns default permissions if no storage permissions are found' => [
297
298
                $defaultPermissions,
                1,
299
300
                [],
                [
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
                    'addFile' => true,
                    'readFile' => true,
                    'writeFile' => true,
                    'copyFile' => true,
                    'moveFile' => true,
                    'renameFile' => true,
                    'deleteFile' => true,
                    'addFolder' => true,
                    'readFolder' => true,
                    'copyFolder' => true,
                    'moveFolder' => true,
                    'renameFolder' => true,
                    'writeFolder' => true,
                    'deleteFolder' => true,
                    'recursivedeleteFolder' => true
316
317
318
                ]
            ],
        ];
319
320
321
322
323
324
325
326
327
328
    }

    /**
     * @param array $defaultPermissions
     * @param int $storageUid
     * @param array $storagePermissions
     * @param array $expectedPermissions
     * @test
     * @dataProvider getFilePermissionsFromStorageDataProvider
     */
329
    public function getFilePermissionsFromStorageOverwritesDefaultPermissions(array $defaultPermissions, $storageUid, array $storagePermissions, array $expectedPermissions): void
330
    {
331
        /** @var BackendUserAuthentication|\PHPUnit\Framework\MockObject\MockObject $subject */
332
        $subject = $this->getMockBuilder(BackendUserAuthentication::class)
333
            ->setMethods(['isAdmin', 'getFilePermissions', 'getTSConfig'])
334
            ->getMock();
335
        $storageMock = $this->createMock(ResourceStorage::class);
336
        $storageMock->expects(self::any())->method('getUid')->willReturn($storageUid);
337
338

        $subject
339
            ->expects(self::any())
340
            ->method('isAdmin')
341
            ->willReturn(false);
342
343

        $subject
344
            ->expects(self::any())
345
            ->method('getFilePermissions')
346
            ->willReturn($defaultPermissions);
347

348
        $subject
349
            ->expects(self::any())
350
            ->method('getTSConfig')
351
            ->willReturn([
352
353
354
355
356
                'permissions.' => [
                    'file.' => [
                        'storage.' => [
                            $storageUid . '.' => $storagePermissions
                        ],
357
                    ],
358
                ]
359
            ]);
360

361
        self::assertEquals($expectedPermissions, $subject->getFilePermissionsForStorage($storageMock));
362
363
364
365
366
367
368
369
370
    }

    /**
     * @param array $defaultPermissions
     * @param $storageUid
     * @param array $storagePermissions
     * @test
     * @dataProvider getFilePermissionsFromStorageDataProvider
     */
371
    public function getFilePermissionsFromStorageAlwaysReturnsDefaultPermissionsForAdmins(array $defaultPermissions, $storageUid, array $storagePermissions): void
372
    {
373
        /** @var BackendUserAuthentication|\PHPUnit\Framework\MockObject\MockObject $subject */
374
        $subject = $this->getMockBuilder(BackendUserAuthentication::class)
375
            ->setMethods(['isAdmin', 'getFilePermissions', 'getTSConfig'])
376
            ->getMock();
377
        $storageMock = $this->createMock(ResourceStorage::class);
378
        $storageMock->expects(self::any())->method('getUid')->willReturn($storageUid);
379
380

        $subject
381
            ->expects(self::any())
382
            ->method('isAdmin')
383
            ->willReturn(true);
384
385

        $subject
386
            ->expects(self::any())
387
            ->method('getFilePermissions')
388
            ->willReturn($defaultPermissions);
389

390
        $subject
391
            ->expects(self::any())
392
            ->method('getTSConfig')
393
            ->willReturn([
394
395
396
397
398
                'permissions.' => [
                    'file.' => [
                        'storage.' => [
                            $storageUid . '.' => $storagePermissions
                        ],
399
                    ],
400
                ]
401
            ]);
402

403
        self::assertEquals($defaultPermissions, $subject->getFilePermissionsForStorage($storageMock));
404
405
406
407
408
    }

    /**
     * @return array
     */
409
    public function getFilePermissionsTakesUserDefaultPermissionsFromRecordIntoAccountIfUserIsNotAdminDataProvider(): array
410
    {
411
412
        return [
            'No permission' => [
413
                '',
414
                [
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
                    'addFile' => false,
                    'readFile' => false,
                    'writeFile' => false,
                    'copyFile' => false,
                    'moveFile' => false,
                    'renameFile' => false,
                    'deleteFile' => false,
                    'addFolder' => false,
                    'readFolder' => false,
                    'copyFolder' => false,
                    'moveFolder' => false,
                    'renameFolder' => false,
                    'writeFolder' => false,
                    'deleteFolder' => false,
                    'recursivedeleteFolder' => false
430
431
432
                ]
            ],
            'Standard file permissions' => [
433
                'addFile,readFile,writeFile,copyFile,moveFile,renameFile,deleteFile',
434
                [
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
                    'addFile' => true,
                    'readFile' => true,
                    'writeFile' => true,
                    'copyFile' => true,
                    'moveFile' => true,
                    'renameFile' => true,
                    'deleteFile' => true,
                    'addFolder' => false,
                    'readFolder' => false,
                    'copyFolder' => false,
                    'moveFolder' => false,
                    'renameFolder' => false,
                    'writeFolder' => false,
                    'deleteFolder' => false,
                    'recursivedeleteFolder' => false
450
451
452
                ]
            ],
            'Standard folder permissions' => [
453
                'addFolder,readFolder,moveFolder,renameFolder,writeFolder,deleteFolder',
454
                [
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
                    'addFile' => false,
                    'readFile' => false,
                    'writeFile' => false,
                    'copyFile' => false,
                    'moveFile' => false,
                    'renameFile' => false,
                    'deleteFile' => false,
                    'addFolder' => true,
                    'readFolder' => true,
                    'writeFolder' => true,
                    'copyFolder' => false,
                    'moveFolder' => true,
                    'renameFolder' => true,
                    'deleteFolder' => true,
                    'recursivedeleteFolder' => false
470
471
472
                ]
            ],
            'Copy folder allowed' => [
473
                'readFolder,copyFolder',
474
                [
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
                    'addFile' => false,
                    'readFile' => false,
                    'writeFile' => false,
                    'copyFile' => false,
                    'moveFile' => false,
                    'renameFile' => false,
                    'deleteFile' => false,
                    'addFolder' => false,
                    'readFolder' => true,
                    'writeFolder' => false,
                    'copyFolder' => true,
                    'moveFolder' => false,
                    'renameFolder' => false,
                    'deleteFolder' => false,
                    'recursivedeleteFolder' => false
490
491
492
                ]
            ],
            'Copy folder and remove subfolders allowed' => [
493
                'readFolder,copyFolder,recursivedeleteFolder',
494
                [
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
                    'addFile' => false,
                    'readFile' => false,
                    'writeFile' => false,
                    'copyFile' => false,
                    'moveFile' => false,
                    'renameFile' => false,
                    'deleteFile' => false,
                    'addFolder' => false,
                    'readFolder' => true,
                    'writeFolder' => false,
                    'copyFolder' => true,
                    'moveFolder' => false,
                    'renameFolder' => false,
                    'deleteFolder' => false,
                    'recursivedeleteFolder' => true
510
511
512
                ]
            ],
        ];
513
514
515
516
    }

    /**
     * @test
517
518
519
520
     *
     * @param string $permissionValue
     * @param array $expectedPermissions
     *
521
522
     * @dataProvider getFilePermissionsTakesUserDefaultPermissionsFromRecordIntoAccountIfUserIsNotAdminDataProvider
     */
523
    public function getFilePermissionsTakesUserDefaultPermissionsFromRecordIntoAccountIfUserIsNotAdmin(string $permissionValue, array $expectedPermissions): void
524
    {
525
        /** @var BackendUserAuthentication|\PHPUnit\Framework\MockObject\MockObject $subject */
526
        $subject = $this->getMockBuilder(BackendUserAuthentication::class)
527
            ->setMethods(['isAdmin', 'getTSConfig'])
528
            ->getMock();
529
530

        $subject
531
            ->expects(self::any())
532
            ->method('isAdmin')
533
            ->willReturn(false);
534

535
        $subject
536
            ->expects(self::any())
537
            ->method('getTSConfig')
538
            ->willReturn([]);
539
        $subject->groupData['file_permissions'] = $permissionValue;
540
        self::assertEquals($expectedPermissions, $subject->getFilePermissions());
541
542
543
544
545
    }

    /**
     * @test
     */
546
    public function getFilePermissionsGrantsAllPermissionsToAdminUsers(): void
547
    {
548
        /** @var BackendUserAuthentication|\PHPUnit\Framework\MockObject\MockObject $subject */
549
        $subject = $this->getMockBuilder(BackendUserAuthentication::class)
550
            ->setMethods(['isAdmin'])
551
            ->getMock();
552
553

        $subject
554
            ->expects(self::any())
555
            ->method('isAdmin')
556
            ->willReturn(true);
557

558
        $expectedPermissions = [
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
            'addFile' => true,
            'readFile' => true,
            'writeFile' => true,
            'copyFile' => true,
            'moveFile' => true,
            'renameFile' => true,
            'deleteFile' => true,
            'addFolder' => true,
            'readFolder' => true,
            'writeFolder' => true,
            'copyFolder' => true,
            'moveFolder' => true,
            'renameFolder' => true,
            'deleteFolder' => true,
            'recursivedeleteFolder' => true
574
        ];
575

576
        self::assertEquals($expectedPermissions, $subject->getFilePermissions());
577
    }
578
579
580
581

    /**
     * @test
     */
582
    public function jsConfirmationReturnsTrueIfPassedValueEqualsConfiguration(): void
583
    {
584
        /** @var BackendUserAuthentication|\PHPUnit\Framework\MockObject\MockObject $subject */
585
586
587
        $subject = $this->getMockBuilder(BackendUserAuthentication::class)
            ->setMethods(['getTSConfig'])
            ->getMock();
588
589
590
591
592
        $subject->method('getTSConfig')->with()->willReturn([
            'options.' => [
                'alertPopups' => 1
            ],
        ]);
593
594
        self::assertTrue($subject->jsConfirmation(JsConfirmation::TYPE_CHANGE));
        self::assertFalse($subject->jsConfirmation(JsConfirmation::COPY_MOVE_PASTE));
595
596
597
598
599
    }

    /**
     * @test
     */
600
    public function jsConfirmationAllowsSettingMultipleBitsInValue(): void
601
    {
602
        /** @var BackendUserAuthentication|\PHPUnit\Framework\MockObject\MockObject $subject */
603
604
605
        $subject = $this->getMockBuilder(BackendUserAuthentication::class)
            ->setMethods(['getTSConfig'])
            ->getMock();
606
607
608
609
610
        $subject->method('getTSConfig')->with()->willReturn([
            'options.' => [
                'alertPopups' => 3
            ],
        ]);
611
612
        self::assertTrue($subject->jsConfirmation(JsConfirmation::TYPE_CHANGE));
        self::assertTrue($subject->jsConfirmation(JsConfirmation::COPY_MOVE_PASTE));
613
614
    }

615
616
617
618
619
620
621
622
623
624
625
    /**
     * @test
     * @dataProvider jsConfirmationsWithUnsetBits
     *
     * @param int $jsConfirmation
     * @param int $typeChangeAllowed
     * @param int $copyMovePasteAllowed
     * @param int $deleteAllowed
     * @param int $feEditAllowed
     * @param int $otherAllowed
     */
626
    public function jsConfirmationAllowsUnsettingBitsInValue($jsConfirmation, $typeChangeAllowed, $copyMovePasteAllowed, $deleteAllowed, $feEditAllowed, $otherAllowed): void
627
628
629
630
    {
        $subject = $this->getMockBuilder(BackendUserAuthentication::class)
            ->setMethods(['getTSConfig'])
            ->getMock();
631
632
633
634
635
        $subject->method('getTSConfig')->with()->willReturn([
            'options.' => [
                'alertPopups' => $jsConfirmation
            ],
        ]);
636
637
638
639
640
        self::assertEquals($typeChangeAllowed, $subject->jsConfirmation(JsConfirmation::TYPE_CHANGE));
        self::assertEquals($copyMovePasteAllowed, $subject->jsConfirmation(JsConfirmation::COPY_MOVE_PASTE));
        self::assertEquals($deleteAllowed, $subject->jsConfirmation(JsConfirmation::DELETE));
        self::assertEquals($feEditAllowed, $subject->jsConfirmation(JsConfirmation::FE_EDIT));
        self::assertEquals($otherAllowed, $subject->jsConfirmation(JsConfirmation::OTHER));
641
642
643
644
645
    }

    /**
     * @return array
     */
646
    public function jsConfirmationsWithUnsetBits(): array
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
    {
        return [
            'All except "type change" and "copy/move/paste"' => [
                252,
                false,
                false,
                true,
                true,
                true,
            ],
            'All except "other"' => [
                127,
                true,
                true,
                true,
                true,
                false,
            ],
        ];
    }

668
669
670
    /**
     * @test
     */
671
    public function jsConfirmationAlwaysReturnsFalseIfNoConfirmationIsSet(): void
672
    {
673
        /** @var BackendUserAuthentication|\PHPUnit\Framework\MockObject\MockObject $subject */
674
675
676
        $subject = $this->getMockBuilder(BackendUserAuthentication::class)
            ->setMethods(['getTSConfig'])
            ->getMock();
677
678
679
680
681
        $subject->method('getTSConfig')->with()->willReturn([
            'options.' => [
                'alertPopups' => 0
            ],
        ]);
682
683
        self::assertFalse($subject->jsConfirmation(JsConfirmation::TYPE_CHANGE));
        self::assertFalse($subject->jsConfirmation(JsConfirmation::COPY_MOVE_PASTE));
684
685
686
687
688
    }

    /**
     * @test
     */
689
    public function jsConfirmationReturnsTrueIfConfigurationIsMissing(): void
690
    {
691
        /** @var BackendUserAuthentication|\PHPUnit\Framework\MockObject\MockObject $subject */
692
693
694
        $subject = $this->getMockBuilder(BackendUserAuthentication::class)
            ->setMethods(['getTSConfig'])
            ->getMock();
695

696
        self::assertTrue($subject->jsConfirmation(JsConfirmation::TYPE_CHANGE));
697
    }
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714

    /**
     * Data provider to test page permissions constraints
     * returns an array of test conditions:
     *  - permission bit(s) as integer
     *  - admin flag
     *  - groups for user
     *  - expected SQL fragment
     *
     * @return array
     */
    public function getPagePermissionsClauseWithValidUserDataProvider(): array
    {
        return [
            'for admin' => [
                1,
                true,
715
                [],
716
717
718
719
720
                ' 1=1'
            ],
            'for admin with groups' => [
                11,
                true,
721
                [1, 2],
722
723
724
725
726
                ' 1=1'
            ],
            'for user' => [
                2,
                false,
727
                [],
728
729
730
731
732
733
                ' ((`pages`.`perms_everybody` & 2 = 2) OR' .
                ' ((`pages`.`perms_userid` = 123) AND (`pages`.`perms_user` & 2 = 2)))'
            ],
            'for user with groups' => [
                8,
                false,
734
                [1, 2],
735
736
737
738
739
740
741
742
743
744
745
746
                ' ((`pages`.`perms_everybody` & 8 = 8) OR' .
                ' ((`pages`.`perms_userid` = 123) AND (`pages`.`perms_user` & 8 = 8))' .
                ' OR ((`pages`.`perms_groupid` IN (1, 2)) AND (`pages`.`perms_group` & 8 = 8)))'
            ],
        ];
    }

    /**
     * @test
     * @dataProvider getPagePermissionsClauseWithValidUserDataProvider
     * @param int $perms
     * @param bool $admin
747
     * @param array $groups
748
749
     * @param string $expected
     */
750
    public function getPagePermissionsClauseWithValidUser(int $perms, bool $admin, array $groups, string $expected): void
751
752
753
754
755
756
    {
        // We only need to setup the mocking for the non-admin cases
        // If this setup is done for admin cases the FIFO behavior
        // of GeneralUtility::addInstance will influence other tests
        // as the ConnectionPool is never used!
        if (!$admin) {
757
758
759
760
            /** @var Connection|ObjectProphecy $connectionProphecy */
            $connectionProphecy = $this->prophesize(Connection::class);
            $connectionProphecy->getDatabasePlatform()->willReturn(new MockPlatform());
            $connectionProphecy->quoteIdentifier(Argument::cetera())->will(function ($args) {
761
762
763
                return '`' . str_replace('.', '`.`', $args[0]) . '`';
            });

764
765
766
767
            /** @var QueryBuilder|ObjectProphecy $queryBuilderProphecy */
            $queryBuilderProphecy = $this->prophesize(QueryBuilder::class);
            $queryBuilderProphecy->expr()->willReturn(
                new ExpressionBuilder($connectionProphecy->reveal())
768
769
            );

770
771
772
773
774
775
            /** @var ConnectionPool|ObjectProphecy $databaseProphecy */
            $databaseProphecy = $this->prophesize(ConnectionPool::class);
            $databaseProphecy->getQueryBuilderForTable('pages')->willReturn($queryBuilderProphecy->reveal());
            // Shift previously added instance
            GeneralUtility::makeInstance(ConnectionPool::class);
            GeneralUtility::addInstance(ConnectionPool::class, $databaseProphecy->reveal());
776
777
        }

778
        /** @var BackendUserAuthentication|\PHPUnit\Framework\MockObject\MockObject $subject */
779
780
781
        $subject = $this->getMockBuilder(BackendUserAuthentication::class)
            ->setMethods(['isAdmin'])
            ->getMock();
782
        $subject->setLogger(new NullLogger());
783
        $subject->expects(self::any())
784
            ->method('isAdmin')
785
            ->willReturn($admin);
786
787

        $subject->user = ['uid' => 123];
788
        $subject->userGroupsUID = $groups;
789

790
        self::assertEquals($expected, $subject->getPagePermsClause($perms));
791
    }
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865

    /**
     * @test
     * @dataProvider checkAuthModeReturnsExpectedValueDataProvider
     * @param string $theValue
     * @param string $authMode
     * @param bool $expectedResult
     */
    public function checkAuthModeReturnsExpectedValue(string $theValue, string $authMode, bool $expectedResult)
    {
        /** @var BackendUserAuthentication|MockObject $subject */
        $subject = $this->getMockBuilder(BackendUserAuthentication::class)
            ->disableOriginalConstructor()
            ->onlyMethods(['isAdmin'])
            ->getMock();

        $subject
            ->expects(self::any())
            ->method('isAdmin')
            ->willReturn(false);

        $subject->groupData['explicit_allowdeny'] =
            'dummytable:dummyfield:explicitly_allowed_value:ALLOW,'
            . 'dummytable:dummyfield:explicitly_denied_value:DENY';

        $result = $subject->checkAuthMode('dummytable', 'dummyfield', $theValue, $authMode);
        self::assertEquals($expectedResult, $result);
    }

    public function checkAuthModeReturnsExpectedValueDataProvider(): array
    {
        return [
            'explicit allow, not allowed value' => [
                'non_allowed_field',
                'explicitAllow',
                false,
            ],
            'explicit allow, allowed value' => [
                'explicitly_allowed_value',
                'explicitAllow',
                true,
            ],
            'explicit deny, not denied value' => [
                'non_denied_field',
                'explicitDeny',
                true,
            ],
            'explicit deny, denied value' => [
                'explicitly_denied_value',
                'explicitDeny',
                false,
            ],
            'invalid value colon' => [
                'containing:invalid:chars',
                'does not matter',
                false,
            ],
            'invalid value comma' => [
                'containing,invalid,chars',
                'does not matter',
                false,
            ],
            'blank value' => [
                '',
                'does not matter',
                true,
            ],
            'divider' => [
                '--div--',
                'explicitAllow',
                true,
            ],
        ];
    }
866
}