View source
<?php
namespace Drupal\Tests\tfa\Functional;
use Drupal\tfa\TfaDataTrait;
use Drupal\tfa\TfaLoginTrait;
class TfaRecoveryCodePluginTest extends TfaTestBase {
use TfaDataTrait;
use TfaLoginTrait;
protected $validationPluginId = 'tfa_recovery_code';
public $userAccount;
public $tfaSetupManager;
public $tfaValidationManager;
public $setupPlugin;
public $validationPlugin;
public function setUp() : void {
parent::setUp();
$config = $this
->config('tfa.settings');
$config
->set('enabled', TRUE)
->set('default_validation_plugin', $this->validationPluginId)
->set('allowed_validation_plugins', [
$this->validationPluginId => $this->validationPluginId,
])
->set('encryption', $this->encryptionProfile
->id())
->set('required_roles', [
'authenticated' => 'authenticated',
])
->set('validation_plugin_settings', [
$this->validationPluginId => [
'recovery_codes_amount' => 10,
],
])
->save();
$permissions = [
'setup own tfa',
'disable own tfa',
];
$this->userAccount = $this
->createUser($permissions);
$this->tfaSetupManager = \Drupal::service('plugin.manager.tfa.setup');
$this->setupPlugin = $this->tfaSetupManager
->createInstance($this->validationPluginId . '_setup', [
'uid' => $this->userAccount
->id(),
]);
$this->tfaValidationManager = \Drupal::service('plugin.manager.tfa.validation');
$this->validationPlugin = $this->tfaValidationManager
->createInstance($this->validationPluginId, [
'uid' => $this->userAccount
->id(),
]);
}
public function testEnableValidationPlugin() {
$this
->canEnableValidationPlugin($this->validationPluginId);
}
public function testRecoveryCodeOverviewExists() {
$this
->drupalLogin($this->userAccount);
$this
->drupalGet('user/' . $this->userAccount
->id() . '/security/tfa');
$assert = $this
->assertSession();
$assert
->statusCodeEquals(200);
$assert
->pageTextContains('Recovery Codes');
}
public function testRecoveryCodeSetup() {
$this
->drupalLogin($this->userAccount);
$this
->drupalGet('user/' . $this->userAccount
->id() . '/security/tfa/' . $this->validationPluginId . '/1');
$assert = $this
->assertSession();
$assert
->statusCodeEquals(200);
$assert
->responseContains('Enter your current password');
$edit = [
'current_pass' => $this->userAccount->passRaw,
];
$this
->submitForm($edit, 'Confirm');
$assert
->responseContains('Save codes to account');
$this
->submitForm([], 'Save codes to account');
$assert
->pageTextContains('TFA setup complete.');
$codes = $this->validationPlugin
->getCodes();
$assert
->assert(!empty($codes), 'No codes saved to the account data.');
$assert
->linkExists('Show codes');
$this
->drupalGet('user/' . $this->userAccount
->id() . '/security/tfa/' . $this->validationPluginId);
$edit = [
'current_pass' => $this->userAccount->passRaw,
];
$this
->submitForm($edit, 'Confirm');
$assert
->statusCodeEquals(200);
$assert
->responseNotContains('Save codes to account');
}
public function testRecoveryCodeValidation() {
$this
->drupalLogin($this->userAccount);
$assert = $this
->assertSession();
$codes = $this->validationPlugin
->generateCodes();
$this->validationPlugin
->storeCodes($codes);
$this
->drupalLogout();
$edit = [
'name' => $this->userAccount
->getAccountName(),
'pass' => $this->userAccount->passRaw,
];
$this
->drupalPostForm('user/login', $edit, 'Log in');
$assert
->statusCodeEquals(200);
$assert
->pageTextContains('Enter one of your recovery codes');
$edit = [
'code' => 'definitely not real',
];
$this
->submitForm($edit, 'Verify');
$assert
->statusCodeEquals(200);
$assert
->pageTextContains('Invalid recovery code.');
$edit['code'] = $codes[0];
$this
->submitForm($edit, 'Verify');
$assert
->statusCodeEquals(200);
$assert
->pageTextContains($this->userAccount
->getDisplayName());
$assert
->assert($this->userAccount
->isAuthenticated(), 'User is logged in.');
$this
->drupalLogout();
$edit = [
'name' => $this->userAccount
->getAccountName(),
'pass' => $this->userAccount->passRaw,
];
$this
->drupalPostForm('user/login', $edit, 'Log in');
$assert
->statusCodeEquals(200);
$assert
->pageTextContains('Enter one of your recovery codes');
$edit = [
'code' => $codes[0],
];
$this
->submitForm($edit, 'Verify');
$assert
->statusCodeEquals(200);
$assert
->pageTextContains('Invalid recovery code.');
}
}