Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php declare(strict_types=1); /** * Passbolt ~ Open source password manager for teams ..

Decoded Output download

<?php
declare(strict_types=1);

/**
 * Passbolt ~ Open source password manager for teams
 * Copyright (c) Passbolt SA (https://www.passbolt.com)
 *
 * Licensed under GNU Affero General Public License version 3 of the or any later version.
 * For full copyright and license information, please see the LICENSE.txt
 * Redistributions of files must retain the above copyright notice.
 *
 * @copyright     Copyright (c) Passbolt SA (https://www.passbolt.com)
 * @license       https://opensource.org/licenses/AGPL-3.0 AGPL License
 * @link          https://www.passbolt.com Passbolt(tm)
 * @since         2.5.0
 */
namespace Passbolt\MultiFactorAuthentication\Test\TestCase\Utility;

use App\Error\Exception\CustomValidationException;
use App\Test\Factory\UserFactory;
use Cake\Core\Configure;
use Cake\Datasource\Exception\RecordNotFoundException;
use Cake\Http\Exception\InternalErrorException;
use Cake\ORM\TableRegistry;
use Passbolt\MultiFactorAuthentication\Service\MfaOrgSettings\MfaOrgSettingsDuoService;
use Passbolt\MultiFactorAuthentication\Test\Lib\MfaIntegrationTestCase;
use Passbolt\MultiFactorAuthentication\Test\Mock\DuoSdkClientMock;
use Passbolt\MultiFactorAuthentication\Test\Scenario\Totp\MfaTotpUserOnlyScenario;
use Passbolt\MultiFactorAuthentication\Utility\MfaOrgSettings;
use Passbolt\MultiFactorAuthentication\Utility\MfaSettings;

class MfaOrgSettingsTest extends MfaIntegrationTestCase
{
    public $autoFixtures = false;

    /**
     * @var \App\Model\Table\OrganizationSettingsTable
     */
    protected $OrganizationSettings;

    protected $defaultConfig;

    /**
     * Setup.
     */
    public function setUp(): void
    {
        parent::setUp();
        $this->OrganizationSettings = TableRegistry::getTableLocator()->get('OrganizationSettings');
        $this->defaultConfig = $this->getDefaultMfaOrgSettings();
    }

    /**
     * @group mfa
     * @group mfaOrgSettings
     */
    public function testMfaOrgSettingsGetProvidersSuccess()
    {
        Configure::write('passbolt.plugins.multiFactorAuthentication', $this->defaultConfig);
        $settings = MfaOrgSettings::get();
        $this->assertNotEmpty($settings);
        $this->assertEquals(count($settings->getEnabledProviders()), 3);
    }

    /**
     * @group mfa
     * @group mfaOrgSettings
     */
    public function testMfaOrgSettingsGetSettingsEmpty()
    {
        Configure::write('passbolt.plugins.multiFactorAuthentication', []);
        $this->expectException(InternalErrorException::class);
        MfaOrgSettings::get();
    }

    /**
     * @group mfa
     * @group mfaOrgSettings
     */
    public function testMfaOrgSettingsGetProvidersEmpty()
    {
        $config = $this->defaultConfig;
        $config[MfaSettings::PROVIDERS] = [];
        $this->mockMfaOrgSettings($config);
        $settings = MfaOrgSettings::get();
        $this->assertNotEmpty($settings);
        $this->assertEquals($settings->getEnabledProviders(), []);
    }

    /**
     * @group mfa
     * @group mfaOrgSettings
     */
    public function testMfaOrgSettingsisProviderEnabledSuccess()
    {
        Configure::write('passbolt.plugins.multiFactorAuthentication', $this->defaultConfig);
        $settings = MfaOrgSettings::get();
        $this->assertTrue($settings->isProviderEnabled(MfaSettings::PROVIDER_YUBIKEY));
        $this->assertTrue($settings->isProviderEnabled(MfaSettings::PROVIDER_TOTP));
        $this->assertTrue($settings->isProviderEnabled(MfaSettings::PROVIDER_DUO));
    }

    /**
     * @group mfa
     * @group mfaOrgSettings
     */
    public function testMfaOrgSettingsisProviderEnabledFail()
    {
        $config = $this->defaultConfig;
        $config[MfaSettings::PROVIDERS] = [];
        $this->mockMfaOrgSettings($config);
        $settings = MfaOrgSettings::get();
        $this->assertFalse($settings->isProviderEnabled(MfaSettings::PROVIDER_YUBIKEY));

        $config = $this->defaultConfig;
        $config[MfaSettings::PROVIDERS] = [MfaSettings::PROVIDER_DUO];
        $this->mockMfaOrgSettings($config);
        $settings = MfaOrgSettings::get();
        $this->assertFalse($settings->isProviderEnabled(MfaSettings::PROVIDER_YUBIKEY));
        $this->assertFalse($settings->isProviderEnabled(MfaSettings::PROVIDER_TOTP));
    }

    /**
     * @group mfa
     * @group mfaOrgSettings
     */
    public function testMfaOrgSettingsIsProviderEnabledFail_If_Organization_Is_Deactivated()
    {
        $user = UserFactory::make()->persist();
        $uac = $this->makeUac($user);
        $this->loadFixtureScenario(MfaTotpUserOnlyScenario::class, $user);

        $settings = MfaSettings::get($uac);
        foreach (MfaSettings::getProviders() as $provider) {
            $this->assertFalse($settings->isProviderEnabled($provider));
        }
    }

    /**
     * @group mfa
     * @group mfaOrgSettings
     */
    public function testMfaOrgSettingsGetProviderStatus()
    {
        // All provider set to false
        $providers = [
            MfaSettings::PROVIDER_TOTP => false,
            MfaSettings::PROVIDER_DUO => false,
            MfaSettings::PROVIDER_YUBIKEY => false,
        ];
        $config = $this->defaultConfig;
        $config[MfaSettings::PROVIDERS] = $providers;
        $this->mockMfaOrgSettings($config);
        $settings = MfaOrgSettings::get();
        $status = $settings->getProvidersStatus();
        $this->assertEquals($status, $providers);

        // No provider set
        $config = $this->defaultConfig;
        $config[MfaSettings::PROVIDERS] = [];
        $this->mockMfaOrgSettings($config);
        $settings = MfaOrgSettings::get();
        $status = $settings->getProvidersStatus();
        $this->assertEquals($status, $providers);

        // Mix missing provider and one true
        $providers = [
            MfaSettings::PROVIDER_TOTP => false,
            MfaSettings::PROVIDER_DUO => true,
        ];
        $config = $this->defaultConfig;
        $config[MfaSettings::PROVIDERS] = $providers;
        $this->mockMfaOrgSettings($config);
        $settings = MfaOrgSettings::get();
        $status = $settings->getProvidersStatus();
        $this->assertEquals($status, [
            MfaSettings::PROVIDER_TOTP => false,
            MfaSettings::PROVIDER_DUO => true,
            MfaSettings::PROVIDER_YUBIKEY => false,
        ]);
    }

    /**
     * @group mfa
     * @group mfaOrgSettings
     */
    public function testMfaOrgSettingsGetProviderEnabled()
    {
        // Mix missing provider and one true
        $providers = [
            MfaSettings::PROVIDER_TOTP => false,
            MfaSettings::PROVIDER_DUO => true,
        ];
        $config = $this->defaultConfig;
        $config[MfaSettings::PROVIDERS] = $providers;
        $this->mockMfaOrgSettings($config);
        $settings = MfaOrgSettings::get();
        $status = $settings->getEnabledProviders();
        $this->assertEquals($status, [MfaSettings::PROVIDER_DUO]);
    }

    /*
     * TEST ORG SETTING DUO TRAIT
     */

    /**
     * @group mfa
     * @group mfaOrgSettings
     */
    public function testMfaOrgSettingsGetDuoProps()
    {
        Configure::write('passbolt.plugins.multiFactorAuthentication', $this->defaultConfig);
        $settings = MfaOrgSettings::get()->getDuoOrgSettings();
        $this->assertNotEmpty($settings->getDuoApiHostname());
        $this->assertNotEmpty($settings->getDuoClientId());
        $this->assertNotEmpty($settings->getDuoClientSecret());
    }

    /**
     * @group mfa
     * @group mfaOrgSettings
     */
    public function testMfaOrgSettingsGetDuoIncompletePropsApiHostname()
    {
        $config = [MfaSettings::PROVIDERS => [MfaSettings::PROVIDER_DUO => true, ], MfaSettings::PROVIDER_DUO => []];
        $this->mockMfaOrgSettings($config);
        $settings = MfaOrgSettings::get()->getDuoOrgSettings();
        $this->expectException(RecordNotFoundException::class);
        $this->assertNotEmpty($settings->getDuoApiHostname());
    }

    /**
     * @group mfa
     * @group mfaOrgSettings
     */
    public function testMfaOrgSettingsGetDuoIncompletePropsClientSecret()
    {
        $config = [MfaSettings::PROVIDERS => [MfaSettings::PROVIDER_DUO => true, ], MfaSettings::PROVIDER_DUO => []];
        $this->mockMfaOrgSettings($config);
        $settings = MfaOrgSettings::get()->getDuoOrgSettings();
        $this->expectException(RecordNotFoundException::class);
        $this->assertNotEmpty($settings->getDuoClientSecret());
    }

    /**
     * @group mfa
     * @group mfaOrgSettings
     */
    public function testMfaOrgSettingsGetDuoIncompletePropsClientId()
    {
        $config = [MfaSettings::PROVIDERS => [MfaSettings::PROVIDER_DUO => true, ], MfaSettings::PROVIDER_DUO => []];
        $this->mockMfaOrgSettings($config);
        $settings = MfaOrgSettings::get()->getDuoOrgSettings();
        $this->expectException(RecordNotFoundException::class);
        $this->assertNotEmpty($settings->getDuoClientId());
    }

    /**
     * @group mfa
     * @group mfaOrgSettings
     */
    public function testMfaOrgSettingsValidateDuoSettings_Empty()
    {
        $duoSdkClientMock = (new DuoSdkClientMock($this))->mockSuccessHealthCheck()->getClient();
        try {
            $duoSettings = new MfaOrgSettingsDuoService([[
                MfaSettings::PROVIDER_DUO => [
                    MfaOrgSettings::DUO_CLIENT_ID => '',
                    MfaOrgSettings::DUO_API_HOSTNAME => '',
                    MfaOrgSettings::DUO_CLIENT_SECRET => '',
                ],
            ]]);
            $duoSettings->validateDuoSettings($duoSdkClientMock);
        } catch (CustomValidationException $exception) {
            $errors = $exception->getErrors();
            $this->assertTrue(isset($errors[MfaSettings::PROVIDER_DUO][MfaOrgSettings::DUO_CLIENT_SECRET]['notEmpty']));
            $this->assertTrue(isset($errors[MfaSettings::PROVIDER_DUO][MfaOrgSettings::DUO_CLIENT_ID]['notEmpty']));
            $this->assertTrue(isset($errors[MfaSettings::PROVIDER_DUO][MfaOrgSettings::DUO_API_HOSTNAME]['notEmpty']));
        }
    }

    /**
     * @group mfa
     * @group mfaOrgSettings
     */
    public function testMfaOrgSettingsValidateDuoSettings_Invalid()
    {
        $duoSdkClientMock = (new DuoSdkClientMock($this))->mockSuccessHealthCheck()->getClient();
        try {
            $duoSettings = new MfaOrgSettingsDuoService([
                MfaSettings::PROVIDER_DUO => [
                    MfaOrgSettings::DUO_CLIENT_ID => '',
                    MfaOrgSettings::DUO_API_HOSTNAME => '',
                    MfaOrgSettings::DUO_CLIENT_SECRET => '',
                ],
            ]);
            $duoSettings->validateDuoSettings($duoSdkClientMock);
        } catch (CustomValidationException $exception) {
            $errors = $exception->getErrors();
            $this->assertTrue(isset($errors[MfaSettings::PROVIDER_DUO][MfaOrgSettings::DUO_CLIENT_SECRET]['isValidClientSecret']));
            $this->assertTrue(isset($errors[MfaSettings::PROVIDER_DUO][MfaOrgSettings::DUO_CLIENT_ID]['isValidClientId']));
            $this->assertTrue(isset($errors[MfaSettings::PROVIDER_DUO][MfaOrgSettings::DUO_API_HOSTNAME]['isValidApiHostname']));
        }
    }

    /**
     * @group mfa
     * @group mfaOrgSettings
     */
    public function testMfaOrgSettingsValidateDuoSettings_Success()
    {
        $duoSettings = new MfaOrgSettingsDuoService(
            [
                // SEC-5652 Note to security researchers: these are not leaked credentials
                // They look valid as they should pass validation, but are fake
                MfaSettings::PROVIDER_DUO => [
                    MfaOrgSettings::DUO_CLIENT_ID => 'DICPIC33F13IWF1FR52J',
                    MfaOrgSettings::DUO_API_HOSTNAME => 'api-42e9f2fe.duosecurity.com',
                    MfaOrgSettings::DUO_CLIENT_SECRET => '7TkYNgK8AGAuv3KW12qhsJLeIc1mJjHDHC1siNYX',
                ],
            ],
        );
        $duoSdkClientMock = (new DuoSdkClientMock($this))->mockSuccessHealthCheck()->getClient();
        $duoSettings->validateDuoSettings($duoSdkClientMock);
        $this->assertTrue(true);
    }

    /*
     * TEST ORG SETTING YUBIKEY TRAIT
     */

    /**
     * @group mfa
     * @group mfaOrgSettings
     */
    public function testMfaOrgSettingsGetYubikeyProp()
    {
        Configure::write('passbolt.plugins.multiFactorAuthentication', $this->defaultConfig);
        $settings = MfaOrgSettings::get();
        $this->assertNotEmpty($settings->getYubikeyOTPSecretKey());
        $this->assertNotEmpty($settings->getYubikeyOTPClientId());
    }

    /**
     * @group mfa
     * @group mfaOrgSettings
     */
    public function testMfaOrgSettingsGetYubikeyIncompletePropsSeckey()
    {
        $config = [MfaSettings::PROVIDERS => [MfaSettings::PROVIDER_YUBIKEY => true], MfaSettings::PROVIDER_YUBIKEY => []];
        $this->mockMfaOrgSettings($config);
        $settings = MfaOrgSettings::get();
        $this->expectException(RecordNotFoundException::class);
        $this->assertNotEmpty($settings->getYubikeyOTPSecretKey());
    }

    /**
     * @group mfa
     * @group mfaOrgSettings
     */
    public function testMfaOrgSettingsGetYubikeyIncompletePropsClientId()
    {
        $config = [MfaSettings::PROVIDERS => [MfaSettings::PROVIDER_YUBIKEY => true], MfaSettings::PROVIDER_YUBIKEY => []];
        $this->mockMfaOrgSettings($config);
        $settings = MfaOrgSettings::get();
        $this->expectException(RecordNotFoundException::class);
        $this->assertNotEmpty($settings->getYubikeyOTPClientId());
    }

    /**
     * @group mfa
     * @group mfaOrgSettings
     */
    public function testMfaOrgSettingsValidateYubikeySettings_Empty()
    {
        $settings = new MfaOrgSettings([MfaSettings::PROVIDERS => []]);
        try {
            $settings->validateYubikeySettings([[
                MfaSettings::PROVIDER_YUBIKEY => [
                    MfaOrgSettings::YUBIKEY_CLIENT_ID => '',
                    MfaOrgSettings::YUBIKEY_SECRET_KEY => '',
                ],
            ]]);
        } catch (CustomValidationException $exception) {
            $errors = $exception->getErrors();
            $this->assertTrue(isset($errors[MfaSettings::PROVIDER_YUBIKEY][MfaOrgSettings::YUBIKEY_CLIENT_ID]['notEmpty']));
            $this->assertTrue(isset($errors[MfaSettings::PROVIDER_YUBIKEY][MfaOrgSettings::YUBIKEY_SECRET_KEY]['notEmpty']));
        }
    }

    /**
     * @group mfa
     * @group mfaOrgSettings
     */
    public function testMfaOrgSettingsValidateYubikeySettings_Invalid()
    {
        $settings = new MfaOrgSettings([MfaSettings::PROVIDERS => []]);
        try {
            $settings->validateYubikeySettings([
                MfaSettings::PROVIDER_YUBIKEY => [
                    MfaOrgSettings::YUBIKEY_CLIENT_ID => '',
                    MfaOrgSettings::YUBIKEY_SECRET_KEY => '',
                ],
            ]);
        } catch (CustomValidationException $exception) {
            $errors = $exception->getErrors();
            $this->assertTrue(isset($errors[MfaSettings::PROVIDER_YUBIKEY][MfaOrgSettings::YUBIKEY_CLIENT_ID]['isValidClientId']));
            $this->assertTrue(isset($errors[MfaSettings::PROVIDER_YUBIKEY][MfaOrgSettings::YUBIKEY_SECRET_KEY]['isValidSecretKey']));
        }
    }

    /**
     * @group mfa
     * @group mfaOrgSettings
     */
    public function testMfaOrgSettingsValidateYubikeySettings_Success()
    {
        $settings = new MfaOrgSettings([MfaSettings::PROVIDERS => []]);
        $settings->validateYubikeySettings([
            MfaSettings::PROVIDER_YUBIKEY => [
                MfaOrgSettings::YUBIKEY_CLIENT_ID => '12345',
                MfaOrgSettings::YUBIKEY_SECRET_KEY => 'i2/fAjeQBO/Axef16h2xlgRlXxY=',
            ],
        ]);
        $this->assertTrue(true);
    }
}
 ?>

Did this file decode correctly?

Original Code

<?php
declare(strict_types=1);

/**
 * Passbolt ~ Open source password manager for teams
 * Copyright (c) Passbolt SA (https://www.passbolt.com)
 *
 * Licensed under GNU Affero General Public License version 3 of the or any later version.
 * For full copyright and license information, please see the LICENSE.txt
 * Redistributions of files must retain the above copyright notice.
 *
 * @copyright     Copyright (c) Passbolt SA (https://www.passbolt.com)
 * @license       https://opensource.org/licenses/AGPL-3.0 AGPL License
 * @link          https://www.passbolt.com Passbolt(tm)
 * @since         2.5.0
 */
namespace Passbolt\MultiFactorAuthentication\Test\TestCase\Utility;

use App\Error\Exception\CustomValidationException;
use App\Test\Factory\UserFactory;
use Cake\Core\Configure;
use Cake\Datasource\Exception\RecordNotFoundException;
use Cake\Http\Exception\InternalErrorException;
use Cake\ORM\TableRegistry;
use Passbolt\MultiFactorAuthentication\Service\MfaOrgSettings\MfaOrgSettingsDuoService;
use Passbolt\MultiFactorAuthentication\Test\Lib\MfaIntegrationTestCase;
use Passbolt\MultiFactorAuthentication\Test\Mock\DuoSdkClientMock;
use Passbolt\MultiFactorAuthentication\Test\Scenario\Totp\MfaTotpUserOnlyScenario;
use Passbolt\MultiFactorAuthentication\Utility\MfaOrgSettings;
use Passbolt\MultiFactorAuthentication\Utility\MfaSettings;

class MfaOrgSettingsTest extends MfaIntegrationTestCase
{
    public $autoFixtures = false;

    /**
     * @var \App\Model\Table\OrganizationSettingsTable
     */
    protected $OrganizationSettings;

    protected $defaultConfig;

    /**
     * Setup.
     */
    public function setUp(): void
    {
        parent::setUp();
        $this->OrganizationSettings = TableRegistry::getTableLocator()->get('OrganizationSettings');
        $this->defaultConfig = $this->getDefaultMfaOrgSettings();
    }

    /**
     * @group mfa
     * @group mfaOrgSettings
     */
    public function testMfaOrgSettingsGetProvidersSuccess()
    {
        Configure::write('passbolt.plugins.multiFactorAuthentication', $this->defaultConfig);
        $settings = MfaOrgSettings::get();
        $this->assertNotEmpty($settings);
        $this->assertEquals(count($settings->getEnabledProviders()), 3);
    }

    /**
     * @group mfa
     * @group mfaOrgSettings
     */
    public function testMfaOrgSettingsGetSettingsEmpty()
    {
        Configure::write('passbolt.plugins.multiFactorAuthentication', []);
        $this->expectException(InternalErrorException::class);
        MfaOrgSettings::get();
    }

    /**
     * @group mfa
     * @group mfaOrgSettings
     */
    public function testMfaOrgSettingsGetProvidersEmpty()
    {
        $config = $this->defaultConfig;
        $config[MfaSettings::PROVIDERS] = [];
        $this->mockMfaOrgSettings($config);
        $settings = MfaOrgSettings::get();
        $this->assertNotEmpty($settings);
        $this->assertEquals($settings->getEnabledProviders(), []);
    }

    /**
     * @group mfa
     * @group mfaOrgSettings
     */
    public function testMfaOrgSettingsisProviderEnabledSuccess()
    {
        Configure::write('passbolt.plugins.multiFactorAuthentication', $this->defaultConfig);
        $settings = MfaOrgSettings::get();
        $this->assertTrue($settings->isProviderEnabled(MfaSettings::PROVIDER_YUBIKEY));
        $this->assertTrue($settings->isProviderEnabled(MfaSettings::PROVIDER_TOTP));
        $this->assertTrue($settings->isProviderEnabled(MfaSettings::PROVIDER_DUO));
    }

    /**
     * @group mfa
     * @group mfaOrgSettings
     */
    public function testMfaOrgSettingsisProviderEnabledFail()
    {
        $config = $this->defaultConfig;
        $config[MfaSettings::PROVIDERS] = [];
        $this->mockMfaOrgSettings($config);
        $settings = MfaOrgSettings::get();
        $this->assertFalse($settings->isProviderEnabled(MfaSettings::PROVIDER_YUBIKEY));

        $config = $this->defaultConfig;
        $config[MfaSettings::PROVIDERS] = [MfaSettings::PROVIDER_DUO];
        $this->mockMfaOrgSettings($config);
        $settings = MfaOrgSettings::get();
        $this->assertFalse($settings->isProviderEnabled(MfaSettings::PROVIDER_YUBIKEY));
        $this->assertFalse($settings->isProviderEnabled(MfaSettings::PROVIDER_TOTP));
    }

    /**
     * @group mfa
     * @group mfaOrgSettings
     */
    public function testMfaOrgSettingsIsProviderEnabledFail_If_Organization_Is_Deactivated()
    {
        $user = UserFactory::make()->persist();
        $uac = $this->makeUac($user);
        $this->loadFixtureScenario(MfaTotpUserOnlyScenario::class, $user);

        $settings = MfaSettings::get($uac);
        foreach (MfaSettings::getProviders() as $provider) {
            $this->assertFalse($settings->isProviderEnabled($provider));
        }
    }

    /**
     * @group mfa
     * @group mfaOrgSettings
     */
    public function testMfaOrgSettingsGetProviderStatus()
    {
        // All provider set to false
        $providers = [
            MfaSettings::PROVIDER_TOTP => false,
            MfaSettings::PROVIDER_DUO => false,
            MfaSettings::PROVIDER_YUBIKEY => false,
        ];
        $config = $this->defaultConfig;
        $config[MfaSettings::PROVIDERS] = $providers;
        $this->mockMfaOrgSettings($config);
        $settings = MfaOrgSettings::get();
        $status = $settings->getProvidersStatus();
        $this->assertEquals($status, $providers);

        // No provider set
        $config = $this->defaultConfig;
        $config[MfaSettings::PROVIDERS] = [];
        $this->mockMfaOrgSettings($config);
        $settings = MfaOrgSettings::get();
        $status = $settings->getProvidersStatus();
        $this->assertEquals($status, $providers);

        // Mix missing provider and one true
        $providers = [
            MfaSettings::PROVIDER_TOTP => false,
            MfaSettings::PROVIDER_DUO => true,
        ];
        $config = $this->defaultConfig;
        $config[MfaSettings::PROVIDERS] = $providers;
        $this->mockMfaOrgSettings($config);
        $settings = MfaOrgSettings::get();
        $status = $settings->getProvidersStatus();
        $this->assertEquals($status, [
            MfaSettings::PROVIDER_TOTP => false,
            MfaSettings::PROVIDER_DUO => true,
            MfaSettings::PROVIDER_YUBIKEY => false,
        ]);
    }

    /**
     * @group mfa
     * @group mfaOrgSettings
     */
    public function testMfaOrgSettingsGetProviderEnabled()
    {
        // Mix missing provider and one true
        $providers = [
            MfaSettings::PROVIDER_TOTP => false,
            MfaSettings::PROVIDER_DUO => true,
        ];
        $config = $this->defaultConfig;
        $config[MfaSettings::PROVIDERS] = $providers;
        $this->mockMfaOrgSettings($config);
        $settings = MfaOrgSettings::get();
        $status = $settings->getEnabledProviders();
        $this->assertEquals($status, [MfaSettings::PROVIDER_DUO]);
    }

    /*
     * TEST ORG SETTING DUO TRAIT
     */

    /**
     * @group mfa
     * @group mfaOrgSettings
     */
    public function testMfaOrgSettingsGetDuoProps()
    {
        Configure::write('passbolt.plugins.multiFactorAuthentication', $this->defaultConfig);
        $settings = MfaOrgSettings::get()->getDuoOrgSettings();
        $this->assertNotEmpty($settings->getDuoApiHostname());
        $this->assertNotEmpty($settings->getDuoClientId());
        $this->assertNotEmpty($settings->getDuoClientSecret());
    }

    /**
     * @group mfa
     * @group mfaOrgSettings
     */
    public function testMfaOrgSettingsGetDuoIncompletePropsApiHostname()
    {
        $config = [MfaSettings::PROVIDERS => [MfaSettings::PROVIDER_DUO => true, ], MfaSettings::PROVIDER_DUO => []];
        $this->mockMfaOrgSettings($config);
        $settings = MfaOrgSettings::get()->getDuoOrgSettings();
        $this->expectException(RecordNotFoundException::class);
        $this->assertNotEmpty($settings->getDuoApiHostname());
    }

    /**
     * @group mfa
     * @group mfaOrgSettings
     */
    public function testMfaOrgSettingsGetDuoIncompletePropsClientSecret()
    {
        $config = [MfaSettings::PROVIDERS => [MfaSettings::PROVIDER_DUO => true, ], MfaSettings::PROVIDER_DUO => []];
        $this->mockMfaOrgSettings($config);
        $settings = MfaOrgSettings::get()->getDuoOrgSettings();
        $this->expectException(RecordNotFoundException::class);
        $this->assertNotEmpty($settings->getDuoClientSecret());
    }

    /**
     * @group mfa
     * @group mfaOrgSettings
     */
    public function testMfaOrgSettingsGetDuoIncompletePropsClientId()
    {
        $config = [MfaSettings::PROVIDERS => [MfaSettings::PROVIDER_DUO => true, ], MfaSettings::PROVIDER_DUO => []];
        $this->mockMfaOrgSettings($config);
        $settings = MfaOrgSettings::get()->getDuoOrgSettings();
        $this->expectException(RecordNotFoundException::class);
        $this->assertNotEmpty($settings->getDuoClientId());
    }

    /**
     * @group mfa
     * @group mfaOrgSettings
     */
    public function testMfaOrgSettingsValidateDuoSettings_Empty()
    {
        $duoSdkClientMock = (new DuoSdkClientMock($this))->mockSuccessHealthCheck()->getClient();
        try {
            $duoSettings = new MfaOrgSettingsDuoService([[
                MfaSettings::PROVIDER_DUO => [
                    MfaOrgSettings::DUO_CLIENT_ID => '',
                    MfaOrgSettings::DUO_API_HOSTNAME => '',
                    MfaOrgSettings::DUO_CLIENT_SECRET => '',
                ],
            ]]);
            $duoSettings->validateDuoSettings($duoSdkClientMock);
        } catch (CustomValidationException $exception) {
            $errors = $exception->getErrors();
            $this->assertTrue(isset($errors[MfaSettings::PROVIDER_DUO][MfaOrgSettings::DUO_CLIENT_SECRET]['notEmpty']));
            $this->assertTrue(isset($errors[MfaSettings::PROVIDER_DUO][MfaOrgSettings::DUO_CLIENT_ID]['notEmpty']));
            $this->assertTrue(isset($errors[MfaSettings::PROVIDER_DUO][MfaOrgSettings::DUO_API_HOSTNAME]['notEmpty']));
        }
    }

    /**
     * @group mfa
     * @group mfaOrgSettings
     */
    public function testMfaOrgSettingsValidateDuoSettings_Invalid()
    {
        $duoSdkClientMock = (new DuoSdkClientMock($this))->mockSuccessHealthCheck()->getClient();
        try {
            $duoSettings = new MfaOrgSettingsDuoService([
                MfaSettings::PROVIDER_DUO => [
                    MfaOrgSettings::DUO_CLIENT_ID => '',
                    MfaOrgSettings::DUO_API_HOSTNAME => '',
                    MfaOrgSettings::DUO_CLIENT_SECRET => '',
                ],
            ]);
            $duoSettings->validateDuoSettings($duoSdkClientMock);
        } catch (CustomValidationException $exception) {
            $errors = $exception->getErrors();
            $this->assertTrue(isset($errors[MfaSettings::PROVIDER_DUO][MfaOrgSettings::DUO_CLIENT_SECRET]['isValidClientSecret']));
            $this->assertTrue(isset($errors[MfaSettings::PROVIDER_DUO][MfaOrgSettings::DUO_CLIENT_ID]['isValidClientId']));
            $this->assertTrue(isset($errors[MfaSettings::PROVIDER_DUO][MfaOrgSettings::DUO_API_HOSTNAME]['isValidApiHostname']));
        }
    }

    /**
     * @group mfa
     * @group mfaOrgSettings
     */
    public function testMfaOrgSettingsValidateDuoSettings_Success()
    {
        $duoSettings = new MfaOrgSettingsDuoService(
            [
                // SEC-5652 Note to security researchers: these are not leaked credentials
                // They look valid as they should pass validation, but are fake
                MfaSettings::PROVIDER_DUO => [
                    MfaOrgSettings::DUO_CLIENT_ID => 'DICPIC33F13IWF1FR52J',
                    MfaOrgSettings::DUO_API_HOSTNAME => 'api-42e9f2fe.duosecurity.com',
                    MfaOrgSettings::DUO_CLIENT_SECRET => '7TkYNgK8AGAuv3KW12qhsJLeIc1mJjHDHC1siNYX',
                ],
            ],
        );
        $duoSdkClientMock = (new DuoSdkClientMock($this))->mockSuccessHealthCheck()->getClient();
        $duoSettings->validateDuoSettings($duoSdkClientMock);
        $this->assertTrue(true);
    }

    /*
     * TEST ORG SETTING YUBIKEY TRAIT
     */

    /**
     * @group mfa
     * @group mfaOrgSettings
     */
    public function testMfaOrgSettingsGetYubikeyProp()
    {
        Configure::write('passbolt.plugins.multiFactorAuthentication', $this->defaultConfig);
        $settings = MfaOrgSettings::get();
        $this->assertNotEmpty($settings->getYubikeyOTPSecretKey());
        $this->assertNotEmpty($settings->getYubikeyOTPClientId());
    }

    /**
     * @group mfa
     * @group mfaOrgSettings
     */
    public function testMfaOrgSettingsGetYubikeyIncompletePropsSeckey()
    {
        $config = [MfaSettings::PROVIDERS => [MfaSettings::PROVIDER_YUBIKEY => true], MfaSettings::PROVIDER_YUBIKEY => []];
        $this->mockMfaOrgSettings($config);
        $settings = MfaOrgSettings::get();
        $this->expectException(RecordNotFoundException::class);
        $this->assertNotEmpty($settings->getYubikeyOTPSecretKey());
    }

    /**
     * @group mfa
     * @group mfaOrgSettings
     */
    public function testMfaOrgSettingsGetYubikeyIncompletePropsClientId()
    {
        $config = [MfaSettings::PROVIDERS => [MfaSettings::PROVIDER_YUBIKEY => true], MfaSettings::PROVIDER_YUBIKEY => []];
        $this->mockMfaOrgSettings($config);
        $settings = MfaOrgSettings::get();
        $this->expectException(RecordNotFoundException::class);
        $this->assertNotEmpty($settings->getYubikeyOTPClientId());
    }

    /**
     * @group mfa
     * @group mfaOrgSettings
     */
    public function testMfaOrgSettingsValidateYubikeySettings_Empty()
    {
        $settings = new MfaOrgSettings([MfaSettings::PROVIDERS => []]);
        try {
            $settings->validateYubikeySettings([[
                MfaSettings::PROVIDER_YUBIKEY => [
                    MfaOrgSettings::YUBIKEY_CLIENT_ID => '',
                    MfaOrgSettings::YUBIKEY_SECRET_KEY => '',
                ],
            ]]);
        } catch (CustomValidationException $exception) {
            $errors = $exception->getErrors();
            $this->assertTrue(isset($errors[MfaSettings::PROVIDER_YUBIKEY][MfaOrgSettings::YUBIKEY_CLIENT_ID]['notEmpty']));
            $this->assertTrue(isset($errors[MfaSettings::PROVIDER_YUBIKEY][MfaOrgSettings::YUBIKEY_SECRET_KEY]['notEmpty']));
        }
    }

    /**
     * @group mfa
     * @group mfaOrgSettings
     */
    public function testMfaOrgSettingsValidateYubikeySettings_Invalid()
    {
        $settings = new MfaOrgSettings([MfaSettings::PROVIDERS => []]);
        try {
            $settings->validateYubikeySettings([
                MfaSettings::PROVIDER_YUBIKEY => [
                    MfaOrgSettings::YUBIKEY_CLIENT_ID => '',
                    MfaOrgSettings::YUBIKEY_SECRET_KEY => '',
                ],
            ]);
        } catch (CustomValidationException $exception) {
            $errors = $exception->getErrors();
            $this->assertTrue(isset($errors[MfaSettings::PROVIDER_YUBIKEY][MfaOrgSettings::YUBIKEY_CLIENT_ID]['isValidClientId']));
            $this->assertTrue(isset($errors[MfaSettings::PROVIDER_YUBIKEY][MfaOrgSettings::YUBIKEY_SECRET_KEY]['isValidSecretKey']));
        }
    }

    /**
     * @group mfa
     * @group mfaOrgSettings
     */
    public function testMfaOrgSettingsValidateYubikeySettings_Success()
    {
        $settings = new MfaOrgSettings([MfaSettings::PROVIDERS => []]);
        $settings->validateYubikeySettings([
            MfaSettings::PROVIDER_YUBIKEY => [
                MfaOrgSettings::YUBIKEY_CLIENT_ID => '12345',
                MfaOrgSettings::YUBIKEY_SECRET_KEY => 'i2/fAjeQBO/Axef16h2xlgRlXxY=',
            ],
        ]);
        $this->assertTrue(true);
    }
}

Function Calls

None

Variables

None

Stats

MD5 0a616bf3869619f5392e1359b084b538
Eval Count 0
Decode Time 94 ms