fixing login based issue (#968)

bmlt-enabled · Mar 16, 2024 · 07b51a5 · 07b51a5
1 parent 888e604
commit 07b51a5
Show file tree

Hide file tree

Showing 7 changed files with 54 additions and 20 deletions.
diff --git a/app/Http/Controllers/AdminController.php b/app/Http/Controllers/AdminController.php
@@ -90,7 +90,10 @@ public function installer(Request $request)
 
     public function login(Request $request): RedirectResponse
     {
-        $auth = $this->authn->authenticate();
+        $username = $_POST['username'] ?? $request->post('username');
+        $password = $_POST['password'] ?? $request->post('password');
+
+        $auth = $this->authn->authenticate($username, $password);
         if ($auth) {
             return redirect("admin/home");
         } else {

diff --git a/app/Services/AuthenticationService.php b/app/Services/AuthenticationService.php
@@ -21,11 +21,11 @@ public function __construct(AuthenticationRepository $authenticationRepository,
         $this->session = $session;
     }
 
-    public function authenticate() : bool
+    public function authenticate($username, $password) : bool
     {
-        $auth_v2_result = $this->authenticationRepository->authV2($_POST['username'], $_POST['password']);
+        $auth_v2_result = $this->authenticationRepository->authV2($username, $password);
         if (count($auth_v2_result) == 1) {
-            $_SESSION['username'] = $_POST['username'];
+            $_SESSION['username'] = $username;
             $_SESSION['auth_mechanism'] = AuthMechanism::V2;
             $_SESSION['auth_user_name_string'] = $auth_v2_result[0]->name;
             $_SESSION['auth_is_admin'] = $auth_v2_result[0]->is_admin;
@@ -36,12 +36,17 @@ public function authenticate() : bool
             $this->session->setConfigForService($_SESSION['auth_service_bodies_rights'][0]);
 
             return true;
-        } elseif ($this->settings->get("bmlt_auth") && $this->authenticationRepository->authV1($_POST['username'], $_POST['password'])) {
-            $_SESSION['username'] = $_POST['username'];
+        } elseif ($this->settings->get("bmlt_auth") && $this->authenticationRepository->authV1($username, $password)) {
+            $_SESSION['username'] = $username;
             $_SESSION['auth_mechanism'] = AuthMechanism::V1;
-            $_SESSION['auth_service_bodies_rights'] = $this->rootServer->getServiceBodiesRightsIds();
-            $this->session->setConfigForService($_SESSION['auth_service_bodies_rights'][0]);
-            return true;
+            $rights = $this->rootServer->getServiceBodiesRightsIds();
+            if (count($rights)) {
+                $_SESSION['auth_service_bodies_rights'] = $rights;
+                $this->session->setConfigForService($rights[0]);
+                return true;
+            } else {
+                return false;
+            }
         } else {
             return false;
         }

diff --git a/app/Services/RootServerService.php b/app/Services/RootServerService.php
@@ -95,7 +95,7 @@ public function getServiceBodiesRights()
                 $service_bodies_for_user = json_decode($this->http->getWithAuth($url));
 
                 if ($service_bodies_for_user == null) {
-                    return null;
+                    return array();
                 }
 
                 if (!is_array($service_bodies_for_user->service_body)) {

diff --git a/tests/Feature/AdminAuthenticateTest.php b/tests/Feature/AdminAuthenticateTest.php
@@ -0,0 +1,36 @@
+<?php
+
+beforeAll(function () {
+    putenv("ENVIRONMENT=test");
+});
+
+beforeEach(function () {
+    @session_start();
+    $_SERVER['REQUEST_URI'] = "/";
+    $_REQUEST = null;
+    $_SESSION = null;
+});
+
+test('login to authenticate with a BMLT user and a user with no rights', function () {
+    $response = $this->post(
+        '/admin/login',
+        ["username"=>"yap","password"=>"CoreysGoryStory"]
+    );
+
+    $response
+        ->assertStatus(302)
+        ->assertHeader("Location", 'http://localhost/admin/auth/invalid')
+        ->assertHeader("Content-Type", "text/html; charset=UTF-8");
+});
+
+test('login to authenticate with a BMLT user and a user with rights', function () {
+    $response = $this->post(
+        '/admin/login',
+        ["username"=>"gnyr_admin","password"=>"CoreysGoryStory"]
+    );
+
+    $response
+        ->assertStatus(302)
+        ->assertHeader("Location", 'http://localhost/admin/home')
+        ->assertHeader("Content-Type", "text/html; charset=UTF-8");
+});
diff --git a/tests/Feature/HelplineDialerTest.php b/tests/Feature/HelplineDialerTest.php
@@ -62,8 +62,6 @@
     $this->twilioClient->shouldReceive('calls')->with($this->callSid)->andReturn($callContextMock);
     $this->twilioClient->calls = $callContextMock;
 
-    $this->withoutExceptionHandling();
-
     $response = $this->call($method, '/helpline-dialer.php', [
         'noop' => "1",
         'SearchType' => "1",
@@ -315,8 +313,6 @@
         ->withArgs([$this->conferenceName, $this->conferenceName, $this->callSid, CallRole::CALLER])
         ->once();
     app()->instance(ReportsRepository::class, $reportsRepository);
-
-    $this->withoutExceptionHandling();
     $response = $this->call($method, '/helpline-dialer.php', [
         'CallSid'=>$this->callSid,
         'SearchType' => "1",
@@ -483,8 +479,6 @@
         ->andReturn([])
         ->times(10);
     $this->twilioClient->conferences = $conferenceListMock;
-
-    $this->withoutExceptionHandling();
     $response = $this->call($method, '/helpline-dialer.php', [
         'CallSid'=>$callsid,
         'SearchType' => "1",
@@ -514,8 +508,6 @@
         ->andReturn([])
         ->times(10);
     $this->twilioClient->conferences = $conferenceListMock;
-
-    $this->withoutExceptionHandling();
     $response = $this->call($method, '/helpline-dialer.php', [
         'CallSid'=>$callsid,
         'SearchType' => "1",

diff --git a/tests/Feature/HelplineSearchTest.php b/tests/Feature/HelplineSearchTest.php
@@ -428,7 +428,6 @@
     $_SESSION['override_fallback_number'] = $fallback_number;
     $rootServer = new RootServerMocks(true);
     app()->instance(RootServerService::class, $rootServer->getService());
-    $this->withoutExceptionHandling();
     $response = $this->call($method, '/helpline-search.php', [
         'Digits' => "Brooklyn, NY",
         'SearchType' => "1",

diff --git a/tests/Feature/MeetingSearchTest.php b/tests/Feature/MeetingSearchTest.php
@@ -854,7 +854,6 @@
         ->once();
 
     $this->twilioClient->messages = $messageListMock;
-    $this->withoutExceptionHandling();
     $response = $this->call($method, '/meeting-search.php', [
         'Latitude' => $this->latitude,
         'Longitude' => $this->longitude,