Create tests for MFA pages

Signed-off-by: Tim Goudriaan <tim@codedmonkey.com>

Author: codedmonkey

tests/FunctionalTests/Controller/Dashboard/DashboardAccountControllerTest.php

@@ -0,0 +1,181 @@
+<?php
+
+namespace CodedMonkey\Dirigent\Tests\FunctionalTests\Controller\Dashboard;
+
+use CodedMonkey\Dirigent\Controller\Dashboard\DashboardAccountController;
+use CodedMonkey\Dirigent\Doctrine\Entity\User;
+use CodedMonkey\Dirigent\Tests\Helper\MockEntityFactoryTrait;
+use CodedMonkey\Dirigent\Tests\Helper\WebTestCaseTrait;
+use Doctrine\ORM\EntityManagerInterface;
+use PHPUnit\Framework\Attributes\CoversClass;
+use Scheb\TwoFactorBundle\Security\TwoFactor\Provider\Totp\TotpFactory;
+use Symfony\Bundle\FrameworkBundle\Test\WebTestCase;
+use Symfony\Component\HttpFoundation\Response;
+
+#[CoversClass(DashboardAccountController::class)]
+class DashboardAccountControllerTest extends WebTestCase
+{
+    use MockEntityFactoryTrait;
+    use WebTestCaseTrait;
+
+    public function testMfaUnauthenticated(): void
+    {
+        $client = static::createClient();
+
+        $client->request('GET', '/account/mfa');
+
+        $this->assertResponseRedirects('/login', Response::HTTP_FOUND);
+    }
+
+    public function testMfaSetup(): void
+    {
+        $client = static::createClient();
+        $totpFactory = $this->getService(TotpFactory::class, 'scheb_two_factor.security.totp_factory');
+
+        $user = $this->createMockUser();
+        $this->persistEntities($user);
+
+        $client->loginUser($user);
+
+        $client->request('GET', '/account/mfa');
+
+        $client->submitForm('Enable MFA authentication', [
+            'mfa_setup_form[currentPassword]' => 'PlainPassword99',
+            'mfa_setup_form[totpCode]' => $totpFactory->createTotpForUser($user)->now(),
+        ]);
+
+        $this->assertResponseRedirects('/account', Response::HTTP_FOUND);
+
+        $this->clearEntities();
+        $user = $this->getService(EntityManagerInterface::class)->find(User::class, $user->getId());
+
+        $this->assertNotNull($user->getTotpSecret());
+    }
+
+    public function testMfaSetupWrongPassword(): void
+    {
+        $client = static::createClient();
+        $totpFactory = $this->getService(TotpFactory::class, 'scheb_two_factor.security.totp_factory');
+
+        $user = $this->createMockUser();
+        $this->persistEntities($user);
+
+        $client->loginUser($user);
+
+        $client->request('GET', '/account/mfa');
+
+        $client->submitForm('Enable MFA authentication', [
+            'mfa_setup_form[currentPassword]' => 'OddPassword11',
+            'mfa_setup_form[totpCode]' => $totpFactory->createTotpForUser($user)->now(),
+        ]);
+
+        $this->assertResponseStatusCodeSame(Response::HTTP_UNPROCESSABLE_ENTITY);
+
+        $this->clearEntities();
+        $user = $this->getService(EntityManagerInterface::class)->find(User::class, $user->getId());
+
+        $this->assertNull($user->getTotpSecret());
+    }
+
+    public function testMfaSetupWrongTotpCode(): void
+    {
+        $client = static::createClient();
+
+        $user = $this->createMockUser();
+        $this->persistEntities($user);
+
+        $client->loginUser($user);
+
+        $client->request('GET', '/account/mfa');
+
+        $client->submitForm('Enable MFA authentication', [
+            'mfa_setup_form[currentPassword]' => 'PlainPassword99',
+            'mfa_setup_form[totpCode]' => 'abcdef',
+        ]);
+
+        $this->assertResponseStatusCodeSame(Response::HTTP_UNPROCESSABLE_ENTITY);
+
+        $this->clearEntities();
+        $user = $this->getService(EntityManagerInterface::class)->find(User::class, $user->getId());
+
+        $this->assertNull($user->getTotpSecret());
+    }
+
+    public function testMfaClear(): void
+    {
+        $client = static::createClient();
+
+        $user = $this->createMockUser(mfaEnabled: true);
+        $this->persistEntities($user);
+
+        $client->loginUser($user);
+
+        $client->request('GET', '/account/mfa');
+
+        $client->submitForm('Disable MFA authentication', [
+            'mfa_clear_form[currentPassword]' => 'PlainPassword99',
+        ]);
+
+        $this->assertResponseRedirects('/account', Response::HTTP_FOUND);
+
+        $this->clearEntities();
+        $user = $this->getService(EntityManagerInterface::class)->find(User::class, $user->getId());
+
+        $this->assertNull($user->getTotpSecret());
+    }
+
+    public function testMfaClearWrongPassword(): void
+    {
+        $client = static::createClient();
+
+        $user = $this->createMockUser(mfaEnabled: true);
+        $this->persistEntities($user);
+
+        $client->loginUser($user);
+
+        $client->request('GET', '/account/mfa');
+
+        $client->submitForm('Disable MFA authentication', [
+            'mfa_clear_form[currentPassword]' => 'OddPassword11',
+        ]);
+
+        $this->assertResponseStatusCodeSame(Response::HTTP_UNPROCESSABLE_ENTITY);
+
+        $this->clearEntities();
+        $user = $this->getService(EntityManagerInterface::class)->find(User::class, $user->getId());
+
+        $this->assertNotNull($user->getTotpSecret());
+    }
+
+    public function testMfaQrCode(): void
+    {
+        $client = static::createClient();
+        $this->loginUser();
+
+        // Set TOTP secret to session
+        $client->request('GET', '/account/mfa');
+
+        $client->request('GET', '/account/mfa/qr-code');
+
+        $this->assertResponseStatusCodeSame(Response::HTTP_OK);
+    }
+
+    public function testMfaQrCodeUnauthenticated(): void
+    {
+        $client = static::createClient();
+
+        $client->request('GET', '/account/mfa/qr-code');
+
+        $this->assertResponseRedirects('/login', Response::HTTP_FOUND);
+    }
+
+    public function testMfaQrCodeNoSetup(): void
+    {
+        $client = static::createClient();
+        $this->loginUser();
+
+        $client->request('GET', '/account/mfa/qr-code');
+
+        $this->assertResponseStatusCodeSame(Response::HTTP_FORBIDDEN);
+    }
+}

tests/FunctionalTests/Controller/Dashboard/DashboardSecurityControllerTest.php

@@ -18,10 +18,6 @@ public function testLoginRedirect(): void
         $client = static::createClient();
         $client->request('GET', '/');
 
-        $this->assertResponseStatusCodeSame(Response::HTTP_FOUND);
-
-        $client->followRedirect();
-
-        self::assertSame('/login', $client->getRequest()->getRequestUri());
+        $this->assertResponseRedirects('/login', Response::HTTP_FOUND);
     }
 }

tests/Helper/MockEntityFactoryTrait.php

@@ -3,9 +3,11 @@
 namespace CodedMonkey\Dirigent\Tests\Helper;
 
 use CodedMonkey\Dirigent\Doctrine\Entity\Package;
+use CodedMonkey\Dirigent\Doctrine\Entity\User;
 use CodedMonkey\Dirigent\Doctrine\Entity\Version;
 use Composer\Semver\VersionParser;
 use Doctrine\ORM\EntityManagerInterface;
+use Scheb\TwoFactorBundle\Security\TwoFactor\Provider\Totp\TotpAuthenticator;
 
 trait MockEntityFactoryTrait
 {
@@ -17,6 +19,22 @@ protected function createMockPackage(): Package
         return $package;
     }
 
+    protected function createMockUser(bool $mfaEnabled = false): User
+    {
+        $user = new User();
+
+        $user->setUsername(uniqid());
+        $user->setPlainPassword('PlainPassword99');
+
+        if ($mfaEnabled) {
+            $totpAuthenticator = $this->getService(TotpAuthenticator::class);
+
+            $user->setTotpSecret($totpAuthenticator->generateSecret());
+        }
+
+        return $user;
+    }
+
     protected function createMockVersion(Package $package, string $versionName = '1.0.0'): Version
     {
         $version = new Version();
@@ -46,4 +64,11 @@ protected function persistEntities(...$entities): void
 
         $entityManager->flush();
     }
+
+    protected function clearEntities(): void
+    {
+        $entityManager = $this->getService(EntityManagerInterface::class);
+
+        $entityManager->clear();
+    }
 }