logauth
/
SMMP
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

[kahlan:api/core/AuthSystemDefault] tests + fixed AuthSystemDefault (format check + error propagation + 'admin' not included in 'sats')

This commit is contained in:
xdrm-brackets 2017-09-21 01:55:53 +02:00
parent 4eb873a182
commit 4de473ce77
2 changed files with 359 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
build/api/core/AuthSystemDefault.php
View File

@ -179,7 +179,11 @@
/* [1] Check format -> if not array of array(s) -> ERROR
=========================================================*/
/* (1) If not array of array(s) -> ERROR*/
/* (1) If not array -> ERROR */
if( !is_array($expected) )
return new Error(Err::FormatError);
/* (2) If not array of array(s) -> ERROR */
foreach($expected as $permissions)
if( !is_array($permissions) )
return new Error(Err::FormatError);
@ -191,6 +195,7 @@
/* If granted -> don't go further */
$error_propag[]= self::check_permission_group($module, $permission_group);
if( $error_propag[count($error_propag)-1] == Err::Success )
return new Error(Err::Success);
@ -232,7 +237,7 @@
/* (2) Si admin requis, mais manquant
---------------------------------------------------------*/
if( in_array('admin', $expected) && self::auth() < 2 )
if( in_array('admin', $expected) && self::auth() != 2 )
return Err::PermissionError;
/* (3) Si SATS requis, mais manquant
@ -252,6 +257,7 @@
/* [2] Gestion des permissions
=========================================================*/
/* (1) Vérification de toutes les permissions requises */
foreach($expected as $permission)
// Si il manque au minimum une permission, on retourne FALSE

351
spec/build/api/core/AuthSystemDefaultSpec.php Normal file
View File

@ -0,0 +1,351 @@
<?php
use Kahlan\Plugin\Stub;
use Kahlan\Plugin\Monkey;
use api\core\AuthSystemDefault;
use error\core\Err;
describe('api', function(){
describe('core', function(){
describe('AuthSystemDefault', function(){
context('Permission combination (AND, OR)', function(){
it('pass when single permission granted', function(){
$perm = [['A']];
$asd = new AuthSystemDefault();
$_SESSION['PERM'] = ['A'];
$err = $asd::permission('moduleDefault', $perm);
expect($err)->toBeAnInstanceOf('error\\core\\Error');
expect($err->get())->toBe(Err::Success);
});
it('fail when \'unknown permission\' not granted', function(){
$perm = [['unknown_permission']];
$asd = new AuthSystemDefault();
$err = $asd::permission('moduleA', $perm);
expect($err)->toBeAnInstanceOf('error\\core\\Error');
expect($err->get())->toBe(Err::PermissionError);
});
it('pass if (A or B) and either A or B', function(){
$_SESSION = [ 'WAREHOUSE' => [ 'modules' => ['moduleA'] ] ];
// available permission
$perm = [['A'], ['B']];
$asd = new AuthSystemDefault();
/* (1) Permission A */
$_SESSION['PERM'] = ['A', 'C'];
$err = $asd::permission('moduleDefault', $perm);
expect($err)->toBeAnInstanceOf('error\\core\\Error');
expect($err->get())->toBe(Err::Success);
/* (2) Permission B */
$_SESSION['PERM'] = ['B', 'C'];
$err = $asd::permission('moduleDefault', $perm);
expect($err)->toBeAnInstanceOf('error\\core\\Error');
expect($err->get())->toBe(Err::Success);
});
it('fail if (A or B) and neither A nor B', function(){
$_SESSION = [ 'WAREHOUSE' => [ 'modules' => ['moduleA'] ] ];
// available permission
$perm = [['A'], ['B']];
$asd = new AuthSystemDefault();
$_SESSION['PERM'] = ['X', 'C'];
$err = $asd::permission('moduleDefault', $perm);
expect($err)->toBeAnInstanceOf('error\\core\\Error');
expect($err->get())->toBe(Err::PermissionError);
});
it('pass if (A and B) and A and B', function(){
$_SESSION = [ 'WAREHOUSE' => [ 'modules' => ['moduleA'] ] ];
// available permission
$perm = [['A', 'B']];
$asd = new AuthSystemDefault();
/* (1) Permission A */
$_SESSION['PERM'] = ['A', 'B', 'C'];
$err = $asd::permission('moduleDefault', $perm);
expect($err)->toBeAnInstanceOf('error\\core\\Error');
expect($err->get())->toBe(Err::Success);
});
it('fail if (A and B) and only A or B', function(){
$_SESSION = [ 'WAREHOUSE' => [ 'modules' => ['moduleA'] ] ];
// available permission
$perm = [['A', 'B']];
$asd = new AuthSystemDefault();
/* (1) Permission A */
$_SESSION['PERM'] = ['A', 'C'];
$err = $asd::permission('moduleDefault', $perm);
expect($err)->toBeAnInstanceOf('error\\core\\Error');
expect($err->get())->toBe(Err::PermissionError);
/* (2) Permission B */
$_SESSION['PERM'] = ['B', 'C'];
$err = $asd::permission('moduleDefault', $perm);
expect($err)->toBeAnInstanceOf('error\\core\\Error');
expect($err->get())->toBe(Err::PermissionError);
});
it('pass if ((A and B) OR (C and D)) and (A and B) or (C and D)', function(){
$_SESSION = [ 'WAREHOUSE' => [ 'modules' => ['moduleA'] ] ];
// available permission
$perm = [['A', 'B'], ['C', 'D']];
$asd = new AuthSystemDefault();
/* (1) Permission A+B */
$_SESSION['PERM'] = ['A', 'B'];
$err = $asd::permission('moduleDefault', $perm);
expect($err)->toBeAnInstanceOf('error\\core\\Error');
expect($err->get())->toBe(Err::Success);
/* (2) Permission C+D */
$_SESSION['PERM'] = ['C', 'D'];
$err = $asd::permission('moduleDefault', $perm);
expect($err)->toBeAnInstanceOf('error\\core\\Error');
expect($err->get())->toBe(Err::Success);
});
it('fail if ((A and B) OR (C and D)) and (A and C) or (A and D)', function(){
$_SESSION = [ 'WAREHOUSE' => [ 'modules' => ['moduleA'] ] ];
// available permission
$perm = [['A', 'B'], ['C', 'D']];
$asd = new AuthSystemDefault();
/* (1) Permission A+C */
$_SESSION['PERM'] = ['A', 'C'];
$err = $asd::permission('moduleDefault', $perm);
expect($err)->toBeAnInstanceOf('error\\core\\Error');
expect($err->get())->toBe(Err::PermissionError);
/* (2) Permission A+D */
$_SESSION['PERM'] = ['A', 'D'];
$err = $asd::permission('moduleDefault', $perm);
expect($err)->toBeAnInstanceOf('error\\core\\Error');
expect($err->get())->toBe(Err::PermissionError);
});
});
context('LogAuth permissions', function(){
context('module availability', function(){
it('fail if disabled module', function(){
$perm = [['warehouse']];
$asd = new AuthSystemDefault();
$_SESSION['AUTH'] = [1];
$err = $asd::permission('unknown_module', $perm);
expect($err)->toBeAnInstanceOf('error\\core\\Error');
expect($err->get())->toBe(Err::DisabledModule);
});
it('pass if enabled module', function(){
$perm = [['warehouse']];
$asd = new AuthSystemDefault();
$_SESSION['AUTH'] = [1];
$_SESSION['WAREHOUSE'] = [
'modules' => ['known_module']
];
$err = $asd::permission('known_module', $perm);
expect($err)->toBeAnInstanceOf('error\\core\\Error');
expect($err->get())->toBe(Err::Success);
});
it('pass if default module', function(){
$perm = [['warehouse']];
$asd = new AuthSystemDefault();
$_SESSION['AUTH'] = [1];
$err = $asd::permission('modulenameDefault', $perm);
expect($err)->toBeAnInstanceOf('error\\core\\Error');
expect($err->get())->toBe(Err::Success);
});
});
context('permission format', function(){
it('fail if incorrect format (not array)', function(){
$perm = 'a';
$asd = new AuthSystemDefault();
$err = $asd::permission('moduleA', $perm);
expect($err)->toBeAnInstanceOf('error\\core\\Error');
expect($err->get())->toBe(Err::FormatError);
});
it('fail if incorrect format (1-depth array)', function(){
$perm = ['a'];
$asd = new AuthSystemDefault();
$err = $asd::permission('moduleA', $perm);
expect($err)->toBeAnInstanceOf('error\\core\\Error');
expect($err->get())->toBe(Err::FormatError);
});
});
context('single special permissions', function(){
it('fail when not \'warehouse\' granted', function(){
$perm = [['warehouse']];
$asd = new AuthSystemDefault();
$err = $asd::permission('moduleA', $perm);
expect($err)->toBeAnInstanceOf('error\\core\\Error');
expect($err->get())->toBe(Err::PermissionError);
});
it('fail when not \'admin\' granted', function(){
$perm = [['admin']];
$asd = new AuthSystemDefault();
$err = $asd::permission('moduleA', $perm);
expect($err)->toBeAnInstanceOf('error\\core\\Error');
expect($err->get())->toBe(Err::PermissionError);
});
it('fail when not \'sats\' granted', function(){
$perm = [['sats']];
$asd = new AuthSystemDefault();
$err = $asd::permission('moduleA', $perm);
expect($err)->toBeAnInstanceOf('error\\core\\Error');
expect($err->get())->toBe(Err::TokenError);
});
it('pass when \'warehouse\' granted', function(){
$perm = [['warehouse']];
$asd = new AuthSystemDefault();
$_SESSION['AUTH'] = [1];
$err = $asd::permission('moduleDefault', $perm);
expect($err)->toBeAnInstanceOf('error\\core\\Error');
expect($err->get())->toBe(Err::Success);
});
it('pass when \'admin\' granted', function(){
$perm = [['admin']];
$asd = new AuthSystemDefault();
$_SESSION['AUTH'] = [1, 2];
$err = $asd::permission('moduleDefault', $perm);
expect($err)->toBeAnInstanceOf('error\\core\\Error');
expect($err->get())->toBe(Err::Success);
});
it('pass when \'sats\' granted', function(){
$perm = [['sats']];
$asd = new AuthSystemDefault();
$_SESSION['AUTH'] = [1, 2, 3];
$err = $asd::permission('moduleDefault', $perm);
expect($err)->toBeAnInstanceOf('error\\core\\Error');
expect($err->get())->toBe(Err::Success);
});
});
context('special permissions inclusions (admin/sats in warehouse)', function(){
it('pass when \'warehouse\' required and have \'admin\'', function(){
$perm = [['warehouse']];
$asd = new AuthSystemDefault();
$_SESSION['AUTH'] = [1, 2]; // 2 = admin
$err = $asd::permission('moduleDefault', $perm);
expect($err)->toBeAnInstanceOf('error\\core\\Error');
expect($err->get())->toBe(Err::Success);
});
it('pass when \'warehouse\' required and have \'sats\'', function(){
$perm = [['warehouse']];
$asd = new AuthSystemDefault();
$_SESSION['AUTH'] = [1, 2, 3]; // 2 = sats
$err = $asd::permission('moduleDefault', $perm);
expect($err)->toBeAnInstanceOf('error\\core\\Error');
expect($err->get())->toBe(Err::Success);
});
it('fail when \'admin\' required and have \'sats\'', function(){
$perm = [['admin']];
$asd = new AuthSystemDefault();
$_SESSION['AUTH'] = [1, 2, 3]; // 2 = sats
$err = $asd::permission('moduleDefault', $perm);
expect($err)->toBeAnInstanceOf('error\\core\\Error');
expect($err->get())->not->toBe(Err::Success);
});
});
});
});
});
});