-
Notifications
You must be signed in to change notification settings - Fork 9
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
6 changed files
with
344 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
default: | ||
autoload: | ||
- %paths.base%/../features/bootstrap | ||
|
||
suites: | ||
cliTwoFactorTOTP: | ||
paths: | ||
- %paths.base%/../features/cliTwoFactorTOTP | ||
contexts: | ||
- TwoFactorTOTPContext: | ||
- FeatureContext: &common_feature_context_params | ||
baseUrl: http://localhost:8080 | ||
adminUsername: admin | ||
adminPassword: admin | ||
regularUserPassword: 123456 | ||
ocPath: apps/testing/api/v1/occ | ||
- OccContext: | ||
- WebUIGeneralContext: | ||
- WebUIPersonalSecuritySettingsContext: | ||
- WebUILoginContext: | ||
|
||
extensions: | ||
jarnaiz\JUnitFormatter\JUnitFormatterExtension: | ||
filename: report.xml | ||
outputDir: %paths.base%/../output/ |
58 changes: 58 additions & 0 deletions
58
tests/acceptance/features/bootstrap/TwoFactorTOTPContext.php
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,58 @@ | ||
<?php | ||
/** | ||
* ownCloud | ||
* | ||
* @author Saugat Pachhai <saugat@jankaritech.com> | ||
* @copyright Copyright (c) 2019 Saugat Pachhai saugat@jankaritech.com | ||
* | ||
* This library is free software; you can redistribute it and/or | ||
* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE | ||
* License as published by the Free Software Foundation; either | ||
* version 3 of the License, or any later version. | ||
* | ||
* This library is distributed in the hope that it will be useful, | ||
* but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
* GNU AFFERO GENERAL PUBLIC LICENSE for more details. | ||
* | ||
* You should have received a copy of the GNU Affero General Public | ||
* License along with this library. If not, see <http://www.gnu.org/licenses/>. | ||
* | ||
*/ | ||
|
||
use Behat\Behat\Context\Context; | ||
use Behat\MinkExtension\Context\RawMinkContext; | ||
use Page\PersonalSecuritySettingsPageWithTOTPEnabled; | ||
|
||
require_once 'bootstrap.php'; | ||
|
||
/** | ||
* Context for two factor totp app | ||
*/ | ||
class TwoFactorTOTPContext implements Context { | ||
/** | ||
* @var PersonalSecuritySettingsPageWithTOTPEnabled | ||
*/ | ||
private $personalSecuritySettingsPage; | ||
|
||
/** | ||
* WebUIPersonalSecuritySettingsTOTPEnabledContext constructor. | ||
* | ||
* @param PersonalSecuritySettingsPageWithTOTPEnabled $personalSecuritySettingsPage | ||
*/ | ||
public function __construct( | ||
PersonalSecuritySettingsPageWithTOTPEnabled $personalSecuritySettingsPage | ||
) { | ||
// $personalSecuritySettingsPage is private, therefore needs to be overridden | ||
$this->personalSecuritySettingsPage = $personalSecuritySettingsPage; | ||
} | ||
|
||
/** | ||
* @Given /^the user has activated TOTP Second\-factor auth but not verified$/ | ||
* | ||
* @return void | ||
*/ | ||
public function theUserHasActivatedTOTPSecondFactorAuthButNotVerified() { | ||
$this->personalSecuritySettingsPage->activateTOTP(); | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,32 @@ | ||
<?php | ||
/** | ||
* ownCloud | ||
* | ||
* @author Saugat Pachhai <saugat@jankaritech.com> | ||
* @copyright Copyright (c) 2019 Saugat Pachhai saugat@jankaritech.com | ||
* | ||
* This library is free software; you can redistribute it and/or | ||
* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE | ||
* License as published by the Free Software Foundation; either | ||
* version 3 of the License, or any later version. | ||
* | ||
* This library is distributed in the hope that it will be useful, | ||
* but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
* GNU AFFERO GENERAL PUBLIC LICENSE for more details. | ||
* | ||
* You should have received a copy of the GNU Affero General Public | ||
* License along with this library. If not, see <http://www.gnu.org/licenses/>. | ||
* | ||
*/ | ||
require_once __DIR__ . '/../../../../../../tests/acceptance/features/bootstrap/bootstrap.php'; | ||
|
||
$classLoader = new \Composer\Autoload\ClassLoader(); | ||
$classLoader->addPsr4("Page\\", __DIR__ . "/../lib", true); | ||
$classLoader->addPsr4( | ||
"", __DIR__ . "/../../../../../../tests/acceptance/features/bootstrap", true | ||
); | ||
$classLoader->addPsr4( | ||
"Page\\", __DIR__ . "/../../../../../../tests/acceptance/features/lib", true | ||
); | ||
$classLoader->register(); |
132 changes: 132 additions & 0 deletions
132
tests/acceptance/features/cliTwoFactorTOTP/steps.feature
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,132 @@ | ||
@webUI | ||
Feature: Testing Two factor TOTP | ||
As a admin | ||
I want to be able to verify secrets | ||
So that the users can use TOTP without verification with TOTP code | ||
|
||
Background: | ||
Given these users have been created with default attributes: | ||
| username | | ||
| user8 | | ||
| new-user | | ||
And using OCS API version "2" | ||
And the administrator has invoked occ command "twofactor_totp:set-secret-verification-status -u user8 false" | ||
And the administrator has invoked occ command "twofactorauth:disable user8" | ||
And the administrator has invoked occ command "twofactorauth:enable user8" | ||
|
||
Scenario: Verifying secret for the user having no secret should fail | ||
When the administrator invokes occ command "twofactor_totp:set-secret-verification-status -u new-user true" | ||
Then the command should have failed with exit code 1 | ||
And the command output should contain the text "User has no secret: new-user" | ||
And user "new-user" should be able to access a skeleton file | ||
|
||
Scenario: Unverifying secret for the user having no secret should fail | ||
When the administrator invokes occ command "twofactor_totp:set-secret-verification-status -u new-user false" | ||
Then the command should have failed with exit code 1 | ||
And the command output should contain the text "User has no secret: new-user" | ||
And user "new-user" should be able to access a skeleton file | ||
|
||
@issue-91 | ||
Scenario: Verifying secret to not existing user should fail | ||
When the administrator invokes occ command "twofactor_totp:set-secret-verification-status -u NEUser true" | ||
Then the command should have been successful | ||
# Then the command should have failed with exit code 1 | ||
And the command output should contain the text "User NEUser does not exist" | ||
|
||
Scenario: Verifying secret from occ command should work | ||
Given user "user8" has logged in using the webUI | ||
And the user has browsed to the personal security settings page | ||
And the user has activated TOTP Second-factor auth but not verified | ||
When the administrator invokes occ command "twofactor_totp:set-secret-verification-status -u user8 true" | ||
Then the command should have been successful | ||
And the command output should contain the text "The secret of user8 is verified" | ||
And user "user8" using password "%regularuser%" should not be able to download file "textfile0.txt" | ||
|
||
Scenario: Unverifying secret from occ command should work | ||
Given user "user8" has logged in using the webUI | ||
And the user has browsed to the personal security settings page | ||
And the user has activated TOTP Second-factor auth but not verified | ||
And the administrator has invoked occ command "twofactor_totp:set-secret-verification-status -u user8 true" | ||
When the administrator invokes occ command "twofactor_totp:set-secret-verification-status -u user8 false" | ||
Then the command should have been successful | ||
And the command output should contain the text "The secret of user8 is unverified" | ||
And user "user8" should be able to access a skeleton file | ||
|
||
@issue-91 | ||
Scenario: Verifying multiple users containing one not existing user should work for other users, but fail | ||
Given user "user8" has logged in using the webUI | ||
And the user has browsed to the personal security settings page | ||
And the user has activated TOTP Second-factor auth but not verified | ||
When the administrator invokes occ command "twofactor_totp:set-secret-verification-status -u user8 -u NEUser true" | ||
Then the command should have been successful | ||
# Then the command should have failed with exit code 1 | ||
And the command output should contain the text "The secret of user8 is verified" | ||
And the command output should contain the text "User NEUser does not exist" | ||
And user "user8" using password "%regularuser%" should not be able to download file "textfile0.txt" | ||
|
||
Scenario: Verifying multiple users containing one having no secret set should work for other users, but fail | ||
Given user "user8" has logged in using the webUI | ||
And the user has browsed to the personal security settings page | ||
And the user has activated TOTP Second-factor auth but not verified | ||
When the administrator invokes occ command "twofactor_totp:set-secret-verification-status -u user8 -u new-user true" | ||
Then the command should have failed with exit code 1 | ||
And the command output should contain the text "The secret of user8 is verified" | ||
And the command output should contain the text "User has no secret: new-user" | ||
And user "user8" using password "%regularuser%" should not be able to download file "textfile0.txt" | ||
And user "new-user" should be able to access a skeleton file | ||
|
||
@issue-91 | ||
Scenario: Unverifying multiple users containing one not existing user should work for other users, but fail | ||
Given user "user8" has logged in using the webUI | ||
And the user has browsed to the personal security settings page | ||
And the user has activated TOTP Second-factor auth but not verified | ||
And the administrator has invoked occ command "twofactor_totp:set-secret-verification-status -u user8 true" | ||
When the administrator invokes occ command "twofactor_totp:set-secret-verification-status -u user8 -u NEUser false" | ||
Then the command should have been successful | ||
# Then the command should have failed with exit code 1 | ||
And the command output should contain the text "The secret of user8 is unverified" | ||
And the command output should contain the text "User NEUser does not exist" | ||
And user "user8" should be able to access a skeleton file | ||
|
||
Scenario: Unverifying multiple users containing one having no secret set should work for other users, but fail | ||
Given user "user8" has logged in using the webUI | ||
And the user has browsed to the personal security settings page | ||
And the user has activated TOTP Second-factor auth but not verified | ||
And the administrator has invoked occ command "twofactor_totp:set-secret-verification-status -u user8 true" | ||
When the administrator invokes occ command "twofactor_totp:set-secret-verification-status -u user8 -u new-user false" | ||
Then the command should have failed with exit code 1 | ||
And the command output should contain the text "The secret of user8 is unverified" | ||
And the command output should contain the text "User has no secret: new-user" | ||
And user "user8" should be able to access a skeleton file | ||
And user "new-user" should be able to access a skeleton file | ||
|
||
Scenario: Verifying all users that use TOTP should work | ||
Given user "user8" has logged in using the webUI | ||
And the user has browsed to the personal security settings page | ||
And the user has activated TOTP Second-factor auth but not verified | ||
When the administrator invokes occ command "twofactor_totp:set-secret-verification-status --all true" | ||
Then the command should have been successful | ||
And the command output should contain the text "The status of all TOTP secrets has been set to verified" | ||
And user "user8" using password "%regularuser%" should not be able to download file "textfile0.txt" | ||
And user "new-user" should be able to access a skeleton file | ||
|
||
Scenario: Unverifying all users that use TOTP should work | ||
Given user "user8" has logged in using the webUI | ||
And the user has browsed to the personal security settings page | ||
And the user has activated TOTP Second-factor auth but not verified | ||
And the administrator has invoked occ command "twofactor_totp:set-secret-verification-status --all true" | ||
When the administrator invokes occ command "twofactor_totp:set-secret-verification-status --all false" | ||
Then the command should have been successful | ||
And the command output should contain the text "The status of all TOTP secrets has been set to unverified" | ||
And user "user8" should be able to access a skeleton file | ||
And user "new-user" should be able to access a skeleton file | ||
|
||
@skip @issue-89 | ||
Scenario: Deleted user having TOTP enabled recreated should not ask for password | ||
Given user "user8" has logged in using the webUI | ||
And the user has browsed to the personal security settings page | ||
And the user has activated TOTP Second-factor auth but not verified | ||
And the administrator has invoked occ command "twofactor_totp:set-secret-verification-status --all true" | ||
When the administrator deletes user "user8" using the provisioning API | ||
And the administrator creates user "user8" using the provisioning API | ||
Then user "user8" should be able to access a skeleton file |
49 changes: 49 additions & 0 deletions
49
tests/acceptance/features/lib/PersonalSecuritySettingsPageWithTOTPEnabled.php
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,49 @@ | ||
<?php | ||
/** | ||
* ownCloud | ||
* | ||
* @author Saugat Pachhai <saugat@jankaritech.com> | ||
* @copyright Copyright (c) 2019 Saugat Pachhai saugat@jankaritech.com | ||
* | ||
* This code is free software: you can redistribute it and/or modify | ||
* it under the terms of the GNU Affero General Public License, | ||
* as published by the Free Software Foundation; | ||
* either version 3 of the License, or any later version. | ||
* | ||
* This program is distributed in the hope that it will be useful, | ||
* but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
* GNU Affero General Public License for more details. | ||
* | ||
* You should have received a copy of the GNU Affero General Public License | ||
* along with this program. If not, see <http://www.gnu.org/licenses/> | ||
* | ||
*/ | ||
|
||
namespace Page; | ||
|
||
/** | ||
* Class PersonalSecuritySettingsPageWithTOTPEnabled | ||
* | ||
* @package Page | ||
*/ | ||
class PersonalSecuritySettingsPageWithTOTPEnabled extends PersonalSecuritySettingsPage { | ||
private $activateTOTPLabelXpath = '//label[@for="totp-enabled"]'; | ||
private $qrCodeImageXpath = '//div[@id="twofactor-totp-settings"]//img'; | ||
|
||
/** | ||
* Activate TOTP for the user | ||
* | ||
* @return void | ||
*/ | ||
public function activateTOTP() { | ||
$label = $this->waitTillElementIsNotNull($this->activateTOTPLabelXpath); | ||
$this->assertElementNotNull( | ||
$label, | ||
__METHOD__ . " Label not found to activate TOTP" | ||
); | ||
$label->click(); | ||
|
||
$this->waitTillElementIsNotNull($this->qrCodeImageXpath); | ||
} | ||
} |