[UT] testing web access for IXP graphs

inex · May 15, 2018 · d6a4a57 · d6a4a57
1 parent a0cd33d
commit d6a4a57
Show file tree

Hide file tree

Showing 5 changed files with 206 additions and 2 deletions.
diff --git a/phpunit.xml b/phpunit.xml
@@ -26,5 +26,8 @@
         <env name="IXP_PHPUNIT_RUNNING" value="1"/>
         <const name="IXP_PHPUNIT_API_URL" value="http://localhost:8000/apiv1" />
         <const name="IXP_PHPUNIT_API_KEY" value="Syy4R8uXTquJNkSav4mmbk5eZWOgoc6FKUJPqOoGHhBjhsC9" />
+        <const name="APPLICATION_VERSION" value="999.9.9" />
+        <const name="APPLICATION_VERDATE" value="9999999999" />
+        <const name="APPLICATION_STARTTIME" value="0" />
     </php>
 </phpunit>
diff --git a/routes/web.php b/routes/web.php
@@ -26,8 +26,7 @@
         \Auth::logout();
     }
 }
-
-if( Auth::check() && Auth::user()->isSuperUser() ) {
+if( ( Auth::check() && Auth::user()->isSuperUser() ) || env( 'IXP_PHPUNIT_RUNNING', false ) ) {
     // get an array of customer id => names
     if( !( $customers = Cache::get( 'admin_home_customers' ) ) ) {
         $customers = d2r( 'Customer' )->getNames( true );

diff --git a/tests/Services/Grapher/Graph/Access.php b/tests/Services/Grapher/Graph/Access.php
@@ -0,0 +1,16 @@
+<?php
+
+namespace Tests\Services\Grapher\Graph;
+
+use Tests\TestCase;
+use Illuminate\Foundation\Testing\RefreshDatabase;
+use Illuminate\Foundation\Testing\WithoutMiddleware;
+
+use Config, D2EM;
+
+use Entities\User as UserEntity;
+
+abstract class Access extends TestCase
+{
+
+}
diff --git a/tests/Services/Grapher/Graph/IXPAccessTest.php b/tests/Services/Grapher/Graph/IXPAccessTest.php
@@ -0,0 +1,146 @@
+<?php
+
+namespace Tests\Services\Grapher\Graph;
+
+/*
+ * Copyright (C) 2009-2018 Internet Neutral Exchange Association Company Limited By Guarantee.
+ * All Rights Reserved.
+ *
+ * This file is part of IXP Manager.
+ *
+ * IXP Manager is free software: you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the Free
+ * Software Foundation, version v2.0 of the License.
+ *
+ * IXP Manager is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License v2.0
+ * along with IXP Manager.  If not, see:
+ *
+ * http://www.gnu.org/licenses/gpl-2.0.html
+ */
+
+
+use Illuminate\Foundation\Testing\RefreshDatabase;
+use Illuminate\Foundation\Testing\WithoutMiddleware;
+
+use Config, D2EM;
+
+use Entities\User as UserEntity;
+
+
+/**
+ * Test access restrictions for IXP graphs
+ *
+ * Class IXPAccessTest
+ * @package Tests\Services\Grapher\Graph
+ */
+class IXPAccessTest extends Access
+{
+    /**
+     * Test access restrictions for public web access
+     * @return void
+     */
+    public function testWebPublicAccess()
+    {
+        // this should be the default
+        $response = $this->get('/statistics/ixp');
+        $response->assertStatus(200);
+
+        // force the default
+        Config::set( 'grapher.access.ixp', '0' );
+        $response = $this->get('/statistics/ixp');
+        $response->assertStatus(200);
+    }
+
+    /**
+     * Test access restrictions for verious non-public access settings
+     * @return void
+     */
+    public function testWebNonPublicAccess()
+    {
+        Config::set( 'grapher.access.ixp', '1' );
+        $response = $this->get('/statistics/ixp');
+        $response->assertStatus(403);
+
+        Config::set( 'grapher.access.ixp', '2' );
+        $response = $this->get('/statistics/ixp');
+        $response->assertStatus(403);
+
+        Config::set( 'grapher.access.ixp', '3' );
+        $response = $this->get('/statistics/ixp');
+        $response->assertStatus(403);
+
+        Config::set( 'grapher.access.ixp', 'blah' );
+        $response = $this->get('/statistics/ixp');
+        $response->assertStatus(403);
+
+        Config::set( 'grapher.access.ixp', null );
+        $response = $this->get('/statistics/ixp');
+        $response->assertStatus(403);
+    }
+
+    /**
+     * Test access restrictions requiring minimum logged in user of CustUser (privs=1) for web access
+     * @return void
+     */
+    public function testWebCustUserAccess()
+    {
+        Config::set( 'grapher.access.ixp', '1' );
+        $response = $this->get('/statistics/ixp');
+        $response->assertStatus(403);
+
+        $response = $this->actingAs( $this->getCustUser() )->get('/statistics/ixp');
+        $response->assertStatus(200);
+
+        $response = $this->actingAs( $this->getCustAdminUser() )->get('/statistics/ixp');
+        $response->assertStatus(200);
+
+        $response = $this->actingAs( $this->getSuperUser() )->get('/statistics/ixp');
+        $response->assertStatus(200);
+    }
+
+    /**
+     * Test access restrictions requiring minimum logged in user of CustAdmin (privs=2) for web access
+     * @return void
+     */
+    public function testWebCustAdminAccess()
+    {
+        Config::set( 'grapher.access.ixp', '2' );
+        $response = $this->get('/statistics/ixp');
+        $response->assertStatus(403);
+
+        $response = $this->actingAs( $this->getCustUser() )->get('/statistics/ixp');
+        $response->assertStatus(403);
+
+        $response = $this->actingAs( $this->getCustAdminUser() )->get('/statistics/ixp');
+        $response->assertStatus(200);
+
+        $response = $this->actingAs( $this->getSuperUser() )->get('/statistics/ixp');
+        $response->assertStatus(200);
+    }
+
+    /**
+     * Test access restrictions requiring logged in superuser (privs=3) for web access
+     * @return void
+     */
+    public function testWebSuperuserAccess()
+    {
+        Config::set( 'grapher.access.ixp', '3' );
+        $response = $this->get('/statistics/ixp');
+        $response->assertStatus(403);
+
+        $response = $this->actingAs( $this->getCustUser() )->get('/statistics/ixp');
+        $response->assertStatus(403);
+
+        $response = $this->actingAs( $this->getCustAdminUser() )->get('/statistics/ixp');
+        $response->assertStatus(403);
+
+        $response = $this->actingAs( $this->getSuperUser() )->get('/statistics/ixp');
+        $response->assertStatus(200);
+    }
+
+}
diff --git a/tests/TestCase.php b/tests/TestCase.php
@@ -4,7 +4,47 @@
 
 use Illuminate\Foundation\Testing\TestCase as BaseTestCase;
 
+use Entities\User as UserEntity;
+
+use D2EM;
+
 abstract class TestCase extends BaseTestCase
 {
     use CreatesApplication;
+
+
+    /**
+     * Utility function to get a customer user
+     * @param string $username
+     * @return UserEntity
+     */
+    public function getCustUser( string $username = 'imcustuser' ): UserEntity {
+        /** @var UserEntity $u */
+        $u = D2EM::getRepository( UserEntity::class )->findOneBy( [ 'username' => $username ] );
+        return $u;
+    }
+
+    /**
+     * Utility function to get a customer admin user
+     * @param string $username
+     * @return UserEntity
+     */
+    public function getCustAdminUser( string $username = 'imcustadmin' ): UserEntity {
+        /** @var UserEntity $u */
+        $u = D2EM::getRepository( UserEntity::class )->findOneBy( [ 'username' => $username ] );
+        return $u;
+    }
+
+    /**
+     * Utility function to get a superuser
+     * @param string $username
+     * @return UserEntity
+     */
+    public function getSuperUser( string $username = 'travis' ): UserEntity {
+        /** @var UserEntity $u */
+        $u = D2EM::getRepository( UserEntity::class )->findOneBy( [ 'username' => $username ] );
+        return $u;
+    }
+
+
 }