Added validation to AuthController
This commit is contained in:
Igor Scheller
parent
7414f9b23d
commit
6d5ada2522
Binary file not shown.
|
|
@ -2,7 +2,7 @@ msgid ""
|
|||
msgstr ""
|
||||
"Project-Id-Version: Engelsystem\n"
|
||||
"POT-Creation-Date: 2019-04-28 15:23+0200\n"
|
||||
"PO-Revision-Date: 2019-06-12 16:07+0200\n"
|
||||
"PO-Revision-Date: 2019-06-13 11:54+0200\n"
|
||||
"Last-Translator: msquare <msquare@notrademark.de>\n"
|
||||
"Language-Team: \n"
|
||||
"Language: de_DE\n"
|
||||
|
|
@ -1529,9 +1529,8 @@ msgstr "Nachname"
|
|||
msgid "Entry required!"
|
||||
msgstr "Pflichtfeld!"
|
||||
|
||||
#: includes/pages/guest_login.php:414
|
||||
msgid "auth.no-password"
|
||||
msgstr "Gib bitte ein Passwort ein."
|
||||
#~ msgid "auth.no-password"
|
||||
#~ msgstr "Gib bitte ein Passwort ein."
|
||||
|
||||
#: includes/pages/guest_login.php:418
|
||||
msgid "auth.not-found"
|
||||
|
|
@ -1539,9 +1538,8 @@ msgstr ""
|
|||
"Es wurde kein Engel gefunden. Probiere es bitte noch einmal. Wenn das Problem "
|
||||
"weiterhin besteht, melde dich im Himmel."
|
||||
|
||||
#: includes/pages/guest_login.php:451 includes/view/User_view.php:130
|
||||
msgid "auth.no-nickname"
|
||||
msgstr "Gib bitte einen Nick an."
|
||||
#~ msgid "auth.no-nickname"
|
||||
#~ msgstr "Gib bitte einen Nick an."
|
||||
|
||||
#: includes/pages/guest_login.php:481
|
||||
#: includes/view/User_view.php:122
|
||||
|
|
@ -2765,3 +2763,9 @@ msgid ""
|
|||
msgstr ""
|
||||
"Diese Seite existiert nicht oder Du hast keinen Zugriff. Melde Dich an um "
|
||||
"Zugriff zu erhalten!"
|
||||
|
||||
msgid "validation.password.required"
|
||||
msgstr "Bitte gib ein Passwort an."
|
||||
|
||||
msgid "validation.login.required"
|
||||
msgstr "Bitte gib einen Loginnamen an."
|
||||
|
|
|
|||
Binary file not shown.
|
|
@ -2,7 +2,7 @@ msgid ""
|
|||
msgstr ""
|
||||
"Project-Id-Version: Engelsystem 2.0\n"
|
||||
"POT-Creation-Date: 2017-12-29 19:01+0100\n"
|
||||
"PO-Revision-Date: 2018-11-27 00:28+0100\n"
|
||||
"PO-Revision-Date: 2019-06-04 23:41+0200\n"
|
||||
"Language-Team: \n"
|
||||
"MIME-Version: 1.0\n"
|
||||
"Content-Type: text/plain; charset=UTF-8\n"
|
||||
|
|
@ -16,11 +16,17 @@ msgstr ""
|
|||
"Language: en_US\n"
|
||||
"X-Poedit-SearchPath-0: .\n"
|
||||
|
||||
msgid "auth.no-nickname"
|
||||
msgstr "Please enter a nickname."
|
||||
#~ msgid "auth.no-nickname"
|
||||
#~ msgstr "Please enter a nickname."
|
||||
|
||||
msgid "auth.no-password"
|
||||
msgstr "Please enter a password."
|
||||
#~ msgid "auth.no-password"
|
||||
#~ msgstr "Please enter a password."
|
||||
|
||||
msgid "auth.not-found"
|
||||
msgstr "No user was found. Please try again. If you are still having problems, ask Heaven."
|
||||
|
||||
msgid "validation.password.required"
|
||||
msgstr "The password is required."
|
||||
|
||||
msgid "validation.login.required"
|
||||
msgstr "The login name is required."
|
||||
|
|
|
|||
|
|
@ -8,6 +8,8 @@ use Engelsystem\Http\Request;
|
|||
use Engelsystem\Http\Response;
|
||||
use Engelsystem\Http\UrlGeneratorInterface;
|
||||
use Engelsystem\Models\User\User;
|
||||
use Illuminate\Support\Arr;
|
||||
use Illuminate\Support\Collection;
|
||||
use Symfony\Component\HttpFoundation\Session\SessionInterface;
|
||||
|
||||
class AuthController extends BaseController
|
||||
|
|
@ -53,7 +55,22 @@ class AuthController extends BaseController
|
|||
*/
|
||||
public function login()
|
||||
{
|
||||
return $this->response->withView('pages/login');
|
||||
return $this->showLogin();
|
||||
}
|
||||
|
||||
/**
|
||||
* @param bool $showRecovery
|
||||
* @return Response
|
||||
*/
|
||||
protected function showLogin($showRecovery = false)
|
||||
{
|
||||
$errors = Collection::make(Arr::flatten($this->session->get('errors', [])));
|
||||
$this->session->remove('errors');
|
||||
|
||||
return $this->response->withView(
|
||||
'pages/login',
|
||||
['errors' => $errors, 'show_password_recovery' => $showRecovery]
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -64,15 +81,18 @@ class AuthController extends BaseController
|
|||
*/
|
||||
public function postLogin(Request $request): Response
|
||||
{
|
||||
$return = $this->authenticateUser($request->get('login', ''), $request->get('password', ''));
|
||||
if (!$return instanceof User) {
|
||||
return $this->response->withView(
|
||||
'pages/login',
|
||||
['errors' => [$return], 'show_password_recovery' => true]
|
||||
);
|
||||
}
|
||||
$data = $this->validate($request, [
|
||||
'login' => 'required',
|
||||
'password' => 'required',
|
||||
]);
|
||||
|
||||
$user = $return;
|
||||
$user = $this->auth->authenticate($data['login'], $data['password']);
|
||||
|
||||
if (!$user instanceof User) {
|
||||
$this->session->set('errors', $this->session->get('errors', []) + ['auth.not-found']);
|
||||
|
||||
return $this->showLogin(true);
|
||||
}
|
||||
|
||||
$this->session->invalidate();
|
||||
$this->session->set('user_id', $user->id);
|
||||
|
|
@ -93,28 +113,4 @@ class AuthController extends BaseController
|
|||
|
||||
return $this->response->redirectTo($this->url->to('/'));
|
||||
}
|
||||
|
||||
/**
|
||||
* Verify the user and password
|
||||
*
|
||||
* @param $login
|
||||
* @param $password
|
||||
* @return User|string
|
||||
*/
|
||||
protected function authenticateUser(string $login, string $password)
|
||||
{
|
||||
if (!$login) {
|
||||
return 'auth.no-nickname';
|
||||
}
|
||||
|
||||
if (!$password) {
|
||||
return 'auth.no-password';
|
||||
}
|
||||
|
||||
if (!$user = $this->auth->authenticate($login, $password)) {
|
||||
return 'auth.not-found';
|
||||
}
|
||||
|
||||
return $user;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -4,15 +4,21 @@ namespace Engelsystem\Test\Unit\Controllers;
|
|||
|
||||
use Engelsystem\Controllers\AuthController;
|
||||
use Engelsystem\Helpers\Authenticator;
|
||||
use Engelsystem\Http\Exceptions\ValidationException;
|
||||
use Engelsystem\Http\Request;
|
||||
use Engelsystem\Http\Response;
|
||||
use Engelsystem\Http\UrlGeneratorInterface;
|
||||
use Engelsystem\Http\Validation\Validates;
|
||||
use Engelsystem\Http\Validation\Validator;
|
||||
use Engelsystem\Models\User\Settings;
|
||||
use Engelsystem\Models\User\User;
|
||||
use Engelsystem\Test\Unit\HasDatabase;
|
||||
use Illuminate\Support\Collection;
|
||||
use PHPUnit\Framework\MockObject\MockObject;
|
||||
use PHPUnit\Framework\TestCase;
|
||||
use Symfony\Component\HttpFoundation\Session\Session;
|
||||
use Symfony\Component\HttpFoundation\Session\SessionInterface;
|
||||
use Symfony\Component\HttpFoundation\Session\Storage\MockArraySessionStorage;
|
||||
|
||||
class AuthControllerTest extends TestCase
|
||||
{
|
||||
|
|
@ -21,6 +27,7 @@ class AuthControllerTest extends TestCase
|
|||
/**
|
||||
* @covers \Engelsystem\Controllers\AuthController::__construct
|
||||
* @covers \Engelsystem\Controllers\AuthController::login
|
||||
* @covers \Engelsystem\Controllers\AuthController::showLogin
|
||||
*/
|
||||
public function testLogin()
|
||||
{
|
||||
|
|
@ -31,6 +38,10 @@ class AuthControllerTest extends TestCase
|
|||
/** @var Authenticator|MockObject $auth */
|
||||
list(, $session, $url, $auth) = $this->getMocks();
|
||||
|
||||
$session->expects($this->once())
|
||||
->method('get')
|
||||
->with('errors', [])
|
||||
->willReturn(['foo' => 'bar']);
|
||||
$response->expects($this->once())
|
||||
->method('withView')
|
||||
->with('pages/login')
|
||||
|
|
@ -42,7 +53,6 @@ class AuthControllerTest extends TestCase
|
|||
|
||||
/**
|
||||
* @covers \Engelsystem\Controllers\AuthController::postLogin
|
||||
* @covers \Engelsystem\Controllers\AuthController::authenticateUser
|
||||
*/
|
||||
public function testPostLogin()
|
||||
{
|
||||
|
|
@ -51,10 +61,12 @@ class AuthControllerTest extends TestCase
|
|||
$request = new Request();
|
||||
/** @var Response|MockObject $response */
|
||||
$response = $this->createMock(Response::class);
|
||||
/** @var SessionInterface|MockObject $session */
|
||||
/** @var UrlGeneratorInterface|MockObject $url */
|
||||
/** @var Authenticator|MockObject $auth */
|
||||
list(, $session, $url, $auth) = $this->getMocks();
|
||||
list(, , $url, $auth) = $this->getMocks();
|
||||
$session = new Session(new MockArraySessionStorage());
|
||||
/** @var Validator|MockObject $validator */
|
||||
$validator = new Validator(new Validates());
|
||||
|
||||
$user = new User([
|
||||
'name' => 'foo',
|
||||
|
|
@ -63,7 +75,7 @@ class AuthControllerTest extends TestCase
|
|||
'api_key' => '',
|
||||
'last_login_at' => null,
|
||||
]);
|
||||
$user->forceFill(['id' => 42,]);
|
||||
$user->forceFill(['id' => 42]);
|
||||
$user->save();
|
||||
|
||||
$settings = new Settings(['language' => 'de_DE', 'theme' => '']);
|
||||
|
|
@ -76,41 +88,42 @@ class AuthControllerTest extends TestCase
|
|||
->with('foo', 'bar')
|
||||
->willReturnOnConsecutiveCalls(null, $user);
|
||||
|
||||
$response->expects($this->exactly(3))
|
||||
$response->expects($this->once())
|
||||
->method('withView')
|
||||
->withConsecutive(
|
||||
['pages/login', ['errors' => ['auth.no-nickname'], 'show_password_recovery' => true]],
|
||||
['pages/login', ['errors' => ['auth.no-password'], 'show_password_recovery' => true]],
|
||||
['pages/login', ['errors' => ['auth.not-found'], 'show_password_recovery' => true]])
|
||||
->with('pages/login', ['errors' => Collection::make(['auth.not-found']), 'show_password_recovery' => true])
|
||||
->willReturn($response);
|
||||
$response->expects($this->once())
|
||||
->method('redirectTo')
|
||||
->with('news')
|
||||
->willReturn($response);
|
||||
|
||||
$session->expects($this->once())
|
||||
->method('invalidate');
|
||||
|
||||
$session->expects($this->exactly(2))
|
||||
->method('set')
|
||||
->withConsecutive(
|
||||
['user_id', 42],
|
||||
['locale', 'de_DE']
|
||||
);
|
||||
|
||||
// No credentials
|
||||
$controller = new AuthController($response, $session, $url, $auth);
|
||||
$controller->postLogin($request);
|
||||
$controller->setValidator($validator);
|
||||
try {
|
||||
$controller->postLogin($request);
|
||||
$this->fail('Login without credentials possible');
|
||||
} catch (ValidationException $e) {
|
||||
}
|
||||
|
||||
$request = new Request(['login' => 'foo']);
|
||||
$controller->postLogin($request);
|
||||
// Missing password
|
||||
$request = new Request([], ['login' => 'foo']);
|
||||
try {
|
||||
$controller->postLogin($request);
|
||||
$this->fail('Login without password possible');
|
||||
} catch (ValidationException $e) {
|
||||
}
|
||||
|
||||
$request = new Request(['login' => 'foo', 'password' => 'bar']);
|
||||
// No user found
|
||||
$request = new Request([], ['login' => 'foo', 'password' => 'bar']);
|
||||
$controller->postLogin($request);
|
||||
$this->assertEquals([], $session->all());
|
||||
|
||||
// Authenticated user
|
||||
$controller->postLogin($request);
|
||||
|
||||
$this->assertNotNull($user->last_login_at);
|
||||
$this->assertEquals(['user_id' => 42, 'locale' => 'de_DE'], $session->all());
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
|||
Loading…
Reference in New Issue