public function GALoginTotpValidationPluginTest::testTotpLogin in Google Authenticator login 8
Test that a user can login with GALoginTotpValidation.
File
- tests/
src/ Functional/ GALoginTotpValidationPluginTest.php, line 106
Class
- GALoginTotpValidationPluginTest
- Class GALoginTotpValidationPluginTest.
Namespace
Drupal\Tests\ga_login\FunctionalCode
public function testTotpLogin() {
$assert = $this
->assertSession();
$edit = [
'name' => $this->userAccount
->getAccountName(),
'pass' => $this->userAccount->passRaw,
];
$this
->drupalPostForm('user/login', $edit, 'Log in');
$assert
->statusCodeEquals(200);
$assert
->pageTextContains('Verification code is application generated and 6 digits long.');
// Try invalid code.
$edit = [
'code' => 112233,
];
$this
->drupalPostForm(NULL, $edit, 'Verify');
$assert
->statusCodeEquals(200);
$assert
->pageTextContains('Invalid application code. Please try again.');
// Try a code that is 30 minutes old.
$this->validationPlugin->auth->otp
->setTotpOffset(-1800);
$old_code = $this->validationPlugin->auth->otp
->totp(Encoding::base32DecodeUpper($this->seed));
$edit = [
'code' => $old_code,
];
$this
->drupalPostForm(NULL, $edit, 'Verify');
$assert
->statusCodeEquals(200);
$assert
->pageTextContains('Invalid application code. Please try again.');
// Try valid code. We need to offset the timing on Totp so that we don't
// generate the same code we used during setup.
$this->validationPlugin->auth->otp
->setTotpOffset($this->validationPlugin
->getTimeSkew() * 30);
$valid_code = $this->validationPlugin->auth->otp
->totp(Encoding::base32DecodeUpper($this->seed));
$edit = [
'code' => $valid_code,
];
$this
->drupalPostForm(NULL, $edit, 'Verify');
$assert
->statusCodeEquals(200);
$assert
->pageTextContains($this->userAccount
->getDisplayName());
// Check for replay attack.
$this
->drupalLogout();
$edit = [
'name' => $this->userAccount
->getAccountName(),
'pass' => $this->userAccount->passRaw,
];
$this
->drupalPostForm('user/login', $edit, 'Log in');
$assert
->statusCodeEquals(200);
$assert
->pageTextContains('Verification code is application generated and 6 digits long.');
$edit = [
'code' => $valid_code,
];
$this
->drupalPostForm(NULL, $edit, 'Verify');
$assert
->statusCodeEquals(200);
$assert
->pageTextContains('Invalid code, it was recently used for a login. Please try a new code.');
}