Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php declare(strict_types=1); /** * Passbolt ~ Open source password manager for teams ..
Decoded Output download
<?php
declare(strict_types=1);
/**
* Passbolt ~ Open source password manager for teams
* Copyright (c) Passbolt SA (https://www.passbolt.com)
*
* Licensed under GNU Affero General Public License version 3 of the or any later version.
* For full copyright and license information, please see the LICENSE.txt
* Redistributions of files must retain the above copyright notice.
*
* @copyright Copyright (c) Passbolt SA (https://www.passbolt.com)
* @license https://opensource.org/licenses/AGPL-3.0 AGPL License
* @link https://www.passbolt.com Passbolt(tm)
* @since 4.1.0
*/
namespace Passbolt\MultiFactorAuthentication\Test\TestCase\Service;
use App\Test\Factory\UserFactory;
use App\Test\Lib\AppTestCase;
use Cake\Core\Configure;
use Cake\I18n\FrozenTime;
use Passbolt\Log\Test\Factory\ActionLogFactory;
use Passbolt\MultiFactorAuthentication\MultiFactorAuthenticationPlugin;
use Passbolt\MultiFactorAuthentication\Service\MfaRateLimiterService;
/**
* @covers \Passbolt\MultiFactorAuthentication\Service\MfaRateLimiterService
*/
class MfaRateLimiterServiceTest extends AppTestCase
{
/**
* @var \Passbolt\MultiFactorAuthentication\Service\MfaRateLimiterService
*/
private $service;
/**
* @inheritDoc
*/
public function setUp(): void
{
parent::setUp();
$this->enableFeaturePlugin(MultiFactorAuthenticationPlugin::class);
$this->service = new MfaRateLimiterService();
}
/**
* @inheritDoc
*/
public function tearDown(): void
{
unset($this->service);
parent::tearDown();
}
public function testMfaRateLimiterService_SessionAuthWithDefaultConfigValue_FailedAttemptsExceeded()
{
$user = UserFactory::make()->user()->persist();
// login action
ActionLogFactory::make(['created' => FrozenTime::now()->subMinutes(2)])
->userId($user->id)
->loginAction()
->persist();
// 5 failed attempts
ActionLogFactory::make(['created' => FrozenTime::now()], 5)
->setActionId('TotpVerifyPost.post')
->userId($user->id)
->persist();
$result = $this->service->isFailedAttemptsExceeded($user->id, false);
$this->assertTrue($result);
}
public function testMfaRateLimiterService_SessionAuthWithDefaultConfigValue_FailedAttemptsNotExceeded()
{
$user = UserFactory::make()->user()->persist();
// login action
ActionLogFactory::make(['created' => FrozenTime::now()->subMinutes(2)])
->userId($user->id)
->loginAction()
->persist();
// 3 failed attempts
ActionLogFactory::make(['created' => FrozenTime::now()], 3)
->setActionId('TotpVerifyPost.post')
->userId($user->id)
->persist();
$result = $this->service->isFailedAttemptsExceeded($user->id, false);
$this->assertFalse($result);
}
public function testMfaRateLimiterService_SessionAuthWithDefaultConfigValue_OldEntriesDoesnotCountAsFailedAttempts()
{
$user = UserFactory::make()->user()->persist();
// Old actions
ActionLogFactory::make(['created' => FrozenTime::now()->subMinutes(2)])
->userId($user->id)
->loginAction()
->persist();
ActionLogFactory::make(['created' => FrozenTime::now()], 3)
->setActionId('TotpVerifyPost.post')
->userId($user->id)
->persist();
// login action again
ActionLogFactory::make(['created' => FrozenTime::now()])
->userId($user->id)
->loginAction()
->persist();
ActionLogFactory::make(['created' => FrozenTime::now()], 2)
->setActionId('TotpVerifyPost.post')
->userId($user->id)
->persist();
$result = $this->service->isFailedAttemptsExceeded($user->id, false);
$this->assertFalse($result);
}
public function testMfaRateLimiterService_SessionAuthWithSpecifiedValue_FailedAttemptsExceeded()
{
$user = UserFactory::make()->user()->persist();
// Set max attempts to 1
Configure::write('passbolt.security.mfa.maxAttempts', 1);
// login action
ActionLogFactory::make(['created' => FrozenTime::now()->subMinutes(2)])
->userId($user->id)
->loginAction()
->persist();
// 2 failed attempts
ActionLogFactory::make(['created' => FrozenTime::now()], 2)
->setActionId('TotpVerifyPost.post')
->userId($user->id)
->persist();
$result = $this->service->isFailedAttemptsExceeded($user->id, false);
$this->assertTrue($result);
}
public function testMfaRateLimiterService_SessionAuthWithZeroInfiniteMaxAttempts()
{
$user = UserFactory::make()->user()->persist();
// Set max attempts to 0 (that means no limit for failed attempts), GO CRAZY!
Configure::write('passbolt.security.mfa.maxAttempts', 0);
// login action
ActionLogFactory::make(['created' => FrozenTime::now()->subMinutes(2)])
->userId($user->id)
->loginAction()
->persist();
// any number of failed attempts
ActionLogFactory::make(['created' => FrozenTime::now()], 100)
->setActionId('TotpVerifyPost.post')
->userId($user->id)
->persist();
$result = $this->service->isFailedAttemptsExceeded($user->id, false, false);
$this->assertFalse($result);
}
public function testMfaRateLimiterService_JwtAuthWithDefaultConfigValue_FailedAttemptsExceeded()
{
$user = UserFactory::make()->user()->persist();
// login action
ActionLogFactory::make(['created' => FrozenTime::now()->subMinutes(2)])
->setActionId('JwtLogin.loginPost')
->userId($user->id)
->persist();
// 5 failed attempts
ActionLogFactory::make(['created' => FrozenTime::now(), 'status' => 0], 5)
->setActionId('TotpVerifyPost.post')
->userId($user->id)
->persist();
$result = $this->service->isFailedAttemptsExceeded($user->id, true, true);
$this->assertTrue($result);
}
public function testMfaRateLimiterService_JwtAuthWithDefaultConfigValue_FailedAttemptsNotExceeded()
{
$user = UserFactory::make()->user()->persist();
// login action
ActionLogFactory::make(['created' => FrozenTime::now()->subMinutes(2)])
->setActionId('JwtLogin.loginPost')
->userId($user->id)
->persist();
// 3 failed attempts
ActionLogFactory::make(['created' => FrozenTime::now()], 3)
->setActionId('TotpVerifyPost.post')
->userId($user->id)
->persist();
$result = $this->service->isFailedAttemptsExceeded($user->id, true, true);
$this->assertFalse($result);
}
public function withSpecifiedValueFailedAttemptsNotExceededProvider(): array
{
return [
// session auth
[true, false, true], // With incremented. Same number of failed entries will be incremented.
[false, false, false],
// JWT auth
[true, true, true], // With incremented. Same number of failed entries will be incremented.
[false, true, false],
];
}
/**
* @dataProvider withSpecifiedValueFailedAttemptsNotExceededProvider
*/
public function testMfaRateLimiterService_WithSpecifiedValue_FailedAttemptsNotExceeded(
$shouldIncrement,
$isJwtAuth,
$expected
) {
$user = UserFactory::make()->user()->persist();
// Set max attempts to 2
Configure::write('passbolt.security.mfa.maxAttempts', 2);
// login action
$actionId = $isJwtAuth ? 'JwtLogin.loginPost' : 'AuthLogin.loginPost';
ActionLogFactory::make(['created' => FrozenTime::now()->subMinutes(2)])
->userId($user->id)
->setActionId($actionId)
->persist();
// 2 failed attempts
$status = $isJwtAuth ? 0 : 1;
ActionLogFactory::make(['created' => FrozenTime::now(), 'status' => $status], 2)
->setActionId('TotpVerifyPost.post')
->userId($user->id)
->persist();
$result = $this->service->isFailedAttemptsExceeded($user->id, $isJwtAuth, $shouldIncrement);
$this->assertSame($expected, $result);
}
}
?>
Did this file decode correctly?
Original Code
<?php
declare(strict_types=1);
/**
* Passbolt ~ Open source password manager for teams
* Copyright (c) Passbolt SA (https://www.passbolt.com)
*
* Licensed under GNU Affero General Public License version 3 of the or any later version.
* For full copyright and license information, please see the LICENSE.txt
* Redistributions of files must retain the above copyright notice.
*
* @copyright Copyright (c) Passbolt SA (https://www.passbolt.com)
* @license https://opensource.org/licenses/AGPL-3.0 AGPL License
* @link https://www.passbolt.com Passbolt(tm)
* @since 4.1.0
*/
namespace Passbolt\MultiFactorAuthentication\Test\TestCase\Service;
use App\Test\Factory\UserFactory;
use App\Test\Lib\AppTestCase;
use Cake\Core\Configure;
use Cake\I18n\FrozenTime;
use Passbolt\Log\Test\Factory\ActionLogFactory;
use Passbolt\MultiFactorAuthentication\MultiFactorAuthenticationPlugin;
use Passbolt\MultiFactorAuthentication\Service\MfaRateLimiterService;
/**
* @covers \Passbolt\MultiFactorAuthentication\Service\MfaRateLimiterService
*/
class MfaRateLimiterServiceTest extends AppTestCase
{
/**
* @var \Passbolt\MultiFactorAuthentication\Service\MfaRateLimiterService
*/
private $service;
/**
* @inheritDoc
*/
public function setUp(): void
{
parent::setUp();
$this->enableFeaturePlugin(MultiFactorAuthenticationPlugin::class);
$this->service = new MfaRateLimiterService();
}
/**
* @inheritDoc
*/
public function tearDown(): void
{
unset($this->service);
parent::tearDown();
}
public function testMfaRateLimiterService_SessionAuthWithDefaultConfigValue_FailedAttemptsExceeded()
{
$user = UserFactory::make()->user()->persist();
// login action
ActionLogFactory::make(['created' => FrozenTime::now()->subMinutes(2)])
->userId($user->id)
->loginAction()
->persist();
// 5 failed attempts
ActionLogFactory::make(['created' => FrozenTime::now()], 5)
->setActionId('TotpVerifyPost.post')
->userId($user->id)
->persist();
$result = $this->service->isFailedAttemptsExceeded($user->id, false);
$this->assertTrue($result);
}
public function testMfaRateLimiterService_SessionAuthWithDefaultConfigValue_FailedAttemptsNotExceeded()
{
$user = UserFactory::make()->user()->persist();
// login action
ActionLogFactory::make(['created' => FrozenTime::now()->subMinutes(2)])
->userId($user->id)
->loginAction()
->persist();
// 3 failed attempts
ActionLogFactory::make(['created' => FrozenTime::now()], 3)
->setActionId('TotpVerifyPost.post')
->userId($user->id)
->persist();
$result = $this->service->isFailedAttemptsExceeded($user->id, false);
$this->assertFalse($result);
}
public function testMfaRateLimiterService_SessionAuthWithDefaultConfigValue_OldEntriesDoesnotCountAsFailedAttempts()
{
$user = UserFactory::make()->user()->persist();
// Old actions
ActionLogFactory::make(['created' => FrozenTime::now()->subMinutes(2)])
->userId($user->id)
->loginAction()
->persist();
ActionLogFactory::make(['created' => FrozenTime::now()], 3)
->setActionId('TotpVerifyPost.post')
->userId($user->id)
->persist();
// login action again
ActionLogFactory::make(['created' => FrozenTime::now()])
->userId($user->id)
->loginAction()
->persist();
ActionLogFactory::make(['created' => FrozenTime::now()], 2)
->setActionId('TotpVerifyPost.post')
->userId($user->id)
->persist();
$result = $this->service->isFailedAttemptsExceeded($user->id, false);
$this->assertFalse($result);
}
public function testMfaRateLimiterService_SessionAuthWithSpecifiedValue_FailedAttemptsExceeded()
{
$user = UserFactory::make()->user()->persist();
// Set max attempts to 1
Configure::write('passbolt.security.mfa.maxAttempts', 1);
// login action
ActionLogFactory::make(['created' => FrozenTime::now()->subMinutes(2)])
->userId($user->id)
->loginAction()
->persist();
// 2 failed attempts
ActionLogFactory::make(['created' => FrozenTime::now()], 2)
->setActionId('TotpVerifyPost.post')
->userId($user->id)
->persist();
$result = $this->service->isFailedAttemptsExceeded($user->id, false);
$this->assertTrue($result);
}
public function testMfaRateLimiterService_SessionAuthWithZeroInfiniteMaxAttempts()
{
$user = UserFactory::make()->user()->persist();
// Set max attempts to 0 (that means no limit for failed attempts), GO CRAZY!
Configure::write('passbolt.security.mfa.maxAttempts', 0);
// login action
ActionLogFactory::make(['created' => FrozenTime::now()->subMinutes(2)])
->userId($user->id)
->loginAction()
->persist();
// any number of failed attempts
ActionLogFactory::make(['created' => FrozenTime::now()], 100)
->setActionId('TotpVerifyPost.post')
->userId($user->id)
->persist();
$result = $this->service->isFailedAttemptsExceeded($user->id, false, false);
$this->assertFalse($result);
}
public function testMfaRateLimiterService_JwtAuthWithDefaultConfigValue_FailedAttemptsExceeded()
{
$user = UserFactory::make()->user()->persist();
// login action
ActionLogFactory::make(['created' => FrozenTime::now()->subMinutes(2)])
->setActionId('JwtLogin.loginPost')
->userId($user->id)
->persist();
// 5 failed attempts
ActionLogFactory::make(['created' => FrozenTime::now(), 'status' => 0], 5)
->setActionId('TotpVerifyPost.post')
->userId($user->id)
->persist();
$result = $this->service->isFailedAttemptsExceeded($user->id, true, true);
$this->assertTrue($result);
}
public function testMfaRateLimiterService_JwtAuthWithDefaultConfigValue_FailedAttemptsNotExceeded()
{
$user = UserFactory::make()->user()->persist();
// login action
ActionLogFactory::make(['created' => FrozenTime::now()->subMinutes(2)])
->setActionId('JwtLogin.loginPost')
->userId($user->id)
->persist();
// 3 failed attempts
ActionLogFactory::make(['created' => FrozenTime::now()], 3)
->setActionId('TotpVerifyPost.post')
->userId($user->id)
->persist();
$result = $this->service->isFailedAttemptsExceeded($user->id, true, true);
$this->assertFalse($result);
}
public function withSpecifiedValueFailedAttemptsNotExceededProvider(): array
{
return [
// session auth
[true, false, true], // With incremented. Same number of failed entries will be incremented.
[false, false, false],
// JWT auth
[true, true, true], // With incremented. Same number of failed entries will be incremented.
[false, true, false],
];
}
/**
* @dataProvider withSpecifiedValueFailedAttemptsNotExceededProvider
*/
public function testMfaRateLimiterService_WithSpecifiedValue_FailedAttemptsNotExceeded(
$shouldIncrement,
$isJwtAuth,
$expected
) {
$user = UserFactory::make()->user()->persist();
// Set max attempts to 2
Configure::write('passbolt.security.mfa.maxAttempts', 2);
// login action
$actionId = $isJwtAuth ? 'JwtLogin.loginPost' : 'AuthLogin.loginPost';
ActionLogFactory::make(['created' => FrozenTime::now()->subMinutes(2)])
->userId($user->id)
->setActionId($actionId)
->persist();
// 2 failed attempts
$status = $isJwtAuth ? 0 : 1;
ActionLogFactory::make(['created' => FrozenTime::now(), 'status' => $status], 2)
->setActionId('TotpVerifyPost.post')
->userId($user->id)
->persist();
$result = $this->service->isFailedAttemptsExceeded($user->id, $isJwtAuth, $shouldIncrement);
$this->assertSame($expected, $result);
}
}
Function Calls
None |
Stats
MD5 | 48cc3c243abe9262df179bae6cd731b8 |
Eval Count | 0 |
Decode Time | 88 ms |