Rewrite of the authentication and authorization system

tests/units/Core/User/GroupSyncTest.php

@@ -0,0 +1,30 @@
+<?php
+
+require_once __DIR__.'/../../Base.php';
+
+use Kanboard\Core\User\GroupSync;
+use Kanboard\Model\Group;
+use Kanboard\Model\GroupMember;
+
+class GroupSyncTest extends Base
+{
+    public function testSynchronize()
+    {
+        $group = new Group($this->container);
+        $groupMember = new GroupMember($this->container);
+        $groupSync = new GroupSync($this->container);
+
+        $this->assertEquals(1, $group->create('My Group 1', 'externalId1'));
+        $this->assertEquals(2, $group->create('My Group 2', 'externalId2'));
+
+        $this->assertTrue($groupMember->addUser(1, 1));
+
+        $this->assertTrue($groupMember->isMember(1, 1));
+        $this->assertFalse($groupMember->isMember(2, 1));
+
+        $groupSync->synchronize(1, array('externalId1', 'externalId2', 'externalId3'));
+
+        $this->assertTrue($groupMember->isMember(1, 1));
+        $this->assertTrue($groupMember->isMember(2, 1));
+    }
+}

tests/units/Core/User/UserProfileTest.php

@@ -0,0 +1,63 @@
+<?php
+
+require_once __DIR__.'/../../Base.php';
+
+use Kanboard\Core\Security\Role;
+use Kanboard\Core\User\UserProfile;
+use Kanboard\User\LdapUserProvider;
+use Kanboard\User\DatabaseUserProvider;
+
+class UserProfileTest extends Base
+{
+    public function testInitializeLocalUser()
+    {
+        $userProfile = new UserProfile($this->container);
+        $user = new DatabaseUserProvider(array('id' => 1));
+
+        $this->assertTrue($userProfile->initialize($user));
+        $this->assertNotEmpty($this->container['sessionStorage']->user);
+        $this->assertEquals('admin', $this->container['sessionStorage']->user['username']);
+    }
+
+    public function testInitializeLocalUserNotFound()
+    {
+        $userProfile = new UserProfile($this->container);
+        $user = new DatabaseUserProvider(array('id' => 2));
+
+        $this->assertFalse($userProfile->initialize($user));
+        $this->assertFalse(isset($this->container['sessionStorage']->user));
+    }
+
+    public function testInitializeRemoteUser()
+    {
+        $userProfile = new UserProfile($this->container);
+        $user = new LdapUserProvider('ldapId', 'bob', 'Bob', '', Role::APP_MANAGER, array());
+
+        $this->assertTrue($userProfile->initialize($user));
+        $this->assertNotEmpty($this->container['sessionStorage']->user);
+        $this->assertEquals(2, $this->container['sessionStorage']->user['id']);
+        $this->assertEquals('bob', $this->container['sessionStorage']->user['username']);
+        $this->assertEquals(Role::APP_MANAGER, $this->container['sessionStorage']->user['role']);
+
+        $user = new LdapUserProvider('ldapId', 'bob', 'Bob', '', Role::APP_MANAGER, array());
+
+        $this->assertTrue($userProfile->initialize($user));
+        $this->assertNotEmpty($this->container['sessionStorage']->user);
+        $this->assertEquals(2, $this->container['sessionStorage']->user['id']);
+        $this->assertEquals('bob', $this->container['sessionStorage']->user['username']);
+    }
+
+    public function testAssignRemoteUser()
+    {
+        $userProfile = new UserProfile($this->container);
+        $user = new LdapUserProvider('ldapId', 'bob', 'Bob', '', Role::APP_MANAGER, array());
+
+        $this->assertTrue($userProfile->assign(1, $user));
+        $this->assertNotEmpty($this->container['sessionStorage']->user);
+        $this->assertEquals(1, $this->container['sessionStorage']->user['id']);
+        $this->assertEquals('admin', $this->container['sessionStorage']->user['username']);
+        $this->assertEquals('Bob', $this->container['sessionStorage']->user['name']);
+        $this->assertEquals('', $this->container['sessionStorage']->user['email']);
+        $this->assertEquals(Role::APP_ADMIN, $this->container['sessionStorage']->user['role']);
+    }
+}

tests/units/Core/User/UserPropertyTest.php

@@ -0,0 +1,60 @@
+<?php
+
+require_once __DIR__.'/../../Base.php';
+
+use Kanboard\Core\Security\Role;
+use Kanboard\Core\User\UserProperty;
+use Kanboard\User\LdapUserProvider;
+
+class UserPropertyTest extends Base
+{
+    public function testGetProperties()
+    {
+        $user = new LdapUserProvider('ldapId', 'bob', 'Bob', '', Role::APP_USER, array());
+
+        $expected = array(
+            'username' => 'bob',
+            'name' => 'Bob',
+            'role' => Role::APP_USER,
+            'is_ldap_user' => 1,
+        );
+
+        $this->assertEquals($expected, UserProperty::getProperties($user));
+
+        $user = new LdapUserProvider('ldapId', 'bob', '', '', '', array());
+
+        $expected = array(
+            'username' => 'bob',
+            'is_ldap_user' => 1,
+        );
+
+        $this->assertEquals($expected, UserProperty::getProperties($user));
+    }
+
+    public function testFilterProperties()
+    {
+        $profile = array(
+            'id' => 123,
+            'username' => 'bob',
+            'name' => null,
+            'email' => '',
+            'other_column' => 'myvalue',
+            'role' => Role::APP_ADMIN,
+        );
+
+        $properties = array(
+            'external_id' => '456',
+            'username' => 'bobby',
+            'name' => 'Bobby',
+            'email' => 'admin@localhost',
+            'role' => '',
+        );
+
+        $expected = array(
+            'name' => 'Bobby',
+            'email' => 'admin@localhost',
+        );
+
+        $this->assertEquals($expected, UserProperty::filterProperties($profile, $properties));
+    }
+}

tests/units/Core/User/UserSessionTest.php

@@ -0,0 +1,144 @@
+<?php
+
+require_once __DIR__.'/../../Base.php';
+
+use Kanboard\Core\User\UserSession;
+use Kanboard\Core\Security\Role;
+
+class UserSessionTest extends Base
+{
+    public function testInitialize()
+    {
+        $us = new UserSession($this->container);
+
+        $user = array(
+            'id' => '123',
+            'username' => 'john',
+            'password' => 'something',
+            'twofactor_secret' => 'something else',
+            'is_admin' => '1',
+            'is_project_admin' => '0',
+            'is_ldap_user' => '0',
+            'twofactor_activated' => '0',
+            'role' => Role::APP_MANAGER,
+        );
+
+        $us->initialize($user);
+
+        $session = $this->container['sessionStorage']->getAll();
+
+        $this->assertNotEmpty($session);
+        $this->assertEquals(123, $session['user']['id']);
+        $this->assertEquals('john', $session['user']['username']);
+        $this->assertEquals(Role::APP_MANAGER, $session['user']['role']);
+        $this->assertFalse($session['user']['is_ldap_user']);
+        $this->assertFalse($session['user']['twofactor_activated']);
+        $this->assertArrayNotHasKey('password', $session['user']);
+        $this->assertArrayNotHasKey('twofactor_secret', $session['user']);
+        $this->assertArrayNotHasKey('is_admin', $session['user']);
+        $this->assertArrayNotHasKey('is_project_admin', $session['user']);
+
+        $this->assertEquals('john', $us->getUsername());
+    }
+
+    public function testGetId()
+    {
+        $us = new UserSession($this->container);
+
+        $this->assertEquals(0, $us->getId());
+
+        $this->container['sessionStorage']->user = array('id' => 2);
+        $this->assertEquals(2, $us->getId());
+
+        $this->container['sessionStorage']->user = array('id' => '2');
+        $this->assertEquals(2, $us->getId());
+    }
+
+    public function testIsLogged()
+    {
+        $us = new UserSession($this->container);
+
+        $this->assertFalse($us->isLogged());
+
+        $this->container['sessionStorage']->user = array();
+        $this->assertFalse($us->isLogged());
+
+        $this->container['sessionStorage']->user = array('id' => 1);
+        $this->assertTrue($us->isLogged());
+    }
+
+    public function testIsAdmin()
+    {
+        $us = new UserSession($this->container);
+
+        $this->assertFalse($us->isAdmin());
+
+        $this->container['sessionStorage']->user = array('role' => Role::APP_ADMIN);
+        $this->assertTrue($us->isAdmin());
+
+        $this->container['sessionStorage']->user = array('role' => Role::APP_USER);
+        $this->assertFalse($us->isAdmin());
+
+        $this->container['sessionStorage']->user = array('role' => '');
+        $this->assertFalse($us->isAdmin());
+    }
+
+    public function testCommentSorting()
+    {
+        $us = new UserSession($this->container);
+        $this->assertEquals('ASC', $us->getCommentSorting());
+
+        $us->setCommentSorting('DESC');
+        $this->assertEquals('DESC', $us->getCommentSorting());
+    }
+
+    public function testBoardCollapseMode()
+    {
+        $us = new UserSession($this->container);
+        $this->assertFalse($us->isBoardCollapsed(2));
+
+        $us->setBoardDisplayMode(3, false);
+        $this->assertFalse($us->isBoardCollapsed(3));
+
+        $us->setBoardDisplayMode(3, true);
+        $this->assertTrue($us->isBoardCollapsed(3));
+    }
+
+    public function testFilters()
+    {
+        $us = new UserSession($this->container);
+        $this->assertEquals('status:open', $us->getFilters(1));
+
+        $us->setFilters(1, 'assignee:me');
+        $this->assertEquals('assignee:me', $us->getFilters(1));
+
+        $this->assertEquals('status:open', $us->getFilters(2));
+
+        $us->setFilters(2, 'assignee:bob');
+        $this->assertEquals('assignee:bob', $us->getFilters(2));
+    }
+
+    public function testPostAuthentication()
+    {
+        $us = new UserSession($this->container);
+        $this->assertFalse($us->isPostAuthenticationValidated());
+
+        $this->container['sessionStorage']->postAuthenticationValidated = false;
+        $this->assertFalse($us->isPostAuthenticationValidated());
+
+        $us->validatePostAuthentication();
+        $this->assertTrue($us->isPostAuthenticationValidated());
+
+        $this->container['sessionStorage']->user = array();
+        $this->assertFalse($us->hasPostAuthentication());
+
+        $this->container['sessionStorage']->user = array('twofactor_activated' => false);
+        $this->assertFalse($us->hasPostAuthentication());
+
+        $this->container['sessionStorage']->user = array('twofactor_activated' => true);
+        $this->assertTrue($us->hasPostAuthentication());
+
+        $us->disablePostAuthentication();
+        $this->assertFalse($us->hasPostAuthentication());
+    }
+}

tests/units/Core/User/UserSyncTest.php

@@ -0,0 +1,55 @@
+<?php
+
+require_once __DIR__.'/../../Base.php';
+
+use Kanboard\Core\Security\Role;
+use Kanboard\Core\User\UserSync;
+use Kanboard\User\LdapUserProvider;
+
+class UserSyncTest extends Base
+{
+    public function testSynchronizeNewUser()
+    {
+        $user = new LdapUserProvider('ldapId', 'bob', 'Bob', '', Role::APP_MANAGER, array());
+        $userSync = new UserSync($this->container);
+
+        $profile = array(
+            'id' => 2,
+            'username' => 'bob',
+            'name' => 'Bob',
+            'email' => '',
+            'role' => Role::APP_MANAGER,
+            'is_ldap_user' => 1,
+        );
+
+        $this->assertArraySubset($profile, $userSync->synchronize($user));
+    }
+
+    public function testSynchronizeExistingUser()
+    {
+        $userSync = new UserSync($this->container);
+        $user = new LdapUserProvider('ldapId', 'admin', 'Admin', 'email@localhost', Role::APP_MANAGER, array());
+
+        $profile = array(
+            'id' => 1,
+            'username' => 'admin',
+            'name' => 'Admin',
+            'email' => 'email@localhost',
+            'role' => Role::APP_MANAGER,
+        );
+
+        $this->assertArraySubset($profile, $userSync->synchronize($user));
+
+        $user = new LdapUserProvider('ldapId', 'admin', '', '', Role::APP_ADMIN, array());
+
+        $profile = array(
+            'id' => 1,
+            'username' => 'admin',
+            'name' => 'Admin',
+            'email' => 'email@localhost',
+            'role' => Role::APP_ADMIN,
+        );
+
+        $this->assertArraySubset($profile, $userSync->synchronize($user));
+    }
+}