From 07b51a52a7dd35f352782af08d6aa30c5bf30d8c Mon Sep 17 00:00:00 2001 From: Danny Gershman Date: Sat, 16 Mar 2024 10:23:32 -0400 Subject: [PATCH] fixing login based issue (#968) --- app/Http/Controllers/AdminController.php | 5 +++- app/Services/AuthenticationService.php | 21 ++++++++------ app/Services/RootServerService.php | 2 +- tests/Feature/AdminAuthenticateTest.php | 36 ++++++++++++++++++++++++ tests/Feature/HelplineDialerTest.php | 8 ------ tests/Feature/HelplineSearchTest.php | 1 - tests/Feature/MeetingSearchTest.php | 1 - 7 files changed, 54 insertions(+), 20 deletions(-) create mode 100644 tests/Feature/AdminAuthenticateTest.php diff --git a/app/Http/Controllers/AdminController.php b/app/Http/Controllers/AdminController.php index 2e7376485..27681dbe4 100644 --- a/app/Http/Controllers/AdminController.php +++ b/app/Http/Controllers/AdminController.php @@ -90,7 +90,10 @@ public function installer(Request $request) public function login(Request $request): RedirectResponse { - $auth = $this->authn->authenticate(); + $username = $_POST['username'] ?? $request->post('username'); + $password = $_POST['password'] ?? $request->post('password'); + + $auth = $this->authn->authenticate($username, $password); if ($auth) { return redirect("admin/home"); } else { diff --git a/app/Services/AuthenticationService.php b/app/Services/AuthenticationService.php index aa76c73ec..6877de227 100644 --- a/app/Services/AuthenticationService.php +++ b/app/Services/AuthenticationService.php @@ -21,11 +21,11 @@ public function __construct(AuthenticationRepository $authenticationRepository, $this->session = $session; } - public function authenticate() : bool + public function authenticate($username, $password) : bool { - $auth_v2_result = $this->authenticationRepository->authV2($_POST['username'], $_POST['password']); + $auth_v2_result = $this->authenticationRepository->authV2($username, $password); if (count($auth_v2_result) == 1) { - $_SESSION['username'] = $_POST['username']; + $_SESSION['username'] = $username; $_SESSION['auth_mechanism'] = AuthMechanism::V2; $_SESSION['auth_user_name_string'] = $auth_v2_result[0]->name; $_SESSION['auth_is_admin'] = $auth_v2_result[0]->is_admin; @@ -36,12 +36,17 @@ public function authenticate() : bool $this->session->setConfigForService($_SESSION['auth_service_bodies_rights'][0]); return true; - } elseif ($this->settings->get("bmlt_auth") && $this->authenticationRepository->authV1($_POST['username'], $_POST['password'])) { - $_SESSION['username'] = $_POST['username']; + } elseif ($this->settings->get("bmlt_auth") && $this->authenticationRepository->authV1($username, $password)) { + $_SESSION['username'] = $username; $_SESSION['auth_mechanism'] = AuthMechanism::V1; - $_SESSION['auth_service_bodies_rights'] = $this->rootServer->getServiceBodiesRightsIds(); - $this->session->setConfigForService($_SESSION['auth_service_bodies_rights'][0]); - return true; + $rights = $this->rootServer->getServiceBodiesRightsIds(); + if (count($rights)) { + $_SESSION['auth_service_bodies_rights'] = $rights; + $this->session->setConfigForService($rights[0]); + return true; + } else { + return false; + } } else { return false; } diff --git a/app/Services/RootServerService.php b/app/Services/RootServerService.php index 72a68710e..c54728835 100644 --- a/app/Services/RootServerService.php +++ b/app/Services/RootServerService.php @@ -95,7 +95,7 @@ public function getServiceBodiesRights() $service_bodies_for_user = json_decode($this->http->getWithAuth($url)); if ($service_bodies_for_user == null) { - return null; + return array(); } if (!is_array($service_bodies_for_user->service_body)) { diff --git a/tests/Feature/AdminAuthenticateTest.php b/tests/Feature/AdminAuthenticateTest.php new file mode 100644 index 000000000..4fc8b326f --- /dev/null +++ b/tests/Feature/AdminAuthenticateTest.php @@ -0,0 +1,36 @@ +post( + '/admin/login', + ["username"=>"yap","password"=>"CoreysGoryStory"] + ); + + $response + ->assertStatus(302) + ->assertHeader("Location", 'http://localhost/admin/auth/invalid') + ->assertHeader("Content-Type", "text/html; charset=UTF-8"); +}); + +test('login to authenticate with a BMLT user and a user with rights', function () { + $response = $this->post( + '/admin/login', + ["username"=>"gnyr_admin","password"=>"CoreysGoryStory"] + ); + + $response + ->assertStatus(302) + ->assertHeader("Location", 'http://localhost/admin/home') + ->assertHeader("Content-Type", "text/html; charset=UTF-8"); +}); diff --git a/tests/Feature/HelplineDialerTest.php b/tests/Feature/HelplineDialerTest.php index 4ecbf6646..4c191f10e 100644 --- a/tests/Feature/HelplineDialerTest.php +++ b/tests/Feature/HelplineDialerTest.php @@ -62,8 +62,6 @@ $this->twilioClient->shouldReceive('calls')->with($this->callSid)->andReturn($callContextMock); $this->twilioClient->calls = $callContextMock; - $this->withoutExceptionHandling(); - $response = $this->call($method, '/helpline-dialer.php', [ 'noop' => "1", 'SearchType' => "1", @@ -315,8 +313,6 @@ ->withArgs([$this->conferenceName, $this->conferenceName, $this->callSid, CallRole::CALLER]) ->once(); app()->instance(ReportsRepository::class, $reportsRepository); - - $this->withoutExceptionHandling(); $response = $this->call($method, '/helpline-dialer.php', [ 'CallSid'=>$this->callSid, 'SearchType' => "1", @@ -483,8 +479,6 @@ ->andReturn([]) ->times(10); $this->twilioClient->conferences = $conferenceListMock; - - $this->withoutExceptionHandling(); $response = $this->call($method, '/helpline-dialer.php', [ 'CallSid'=>$callsid, 'SearchType' => "1", @@ -514,8 +508,6 @@ ->andReturn([]) ->times(10); $this->twilioClient->conferences = $conferenceListMock; - - $this->withoutExceptionHandling(); $response = $this->call($method, '/helpline-dialer.php', [ 'CallSid'=>$callsid, 'SearchType' => "1", diff --git a/tests/Feature/HelplineSearchTest.php b/tests/Feature/HelplineSearchTest.php index e3fea4287..e6a5cc27b 100644 --- a/tests/Feature/HelplineSearchTest.php +++ b/tests/Feature/HelplineSearchTest.php @@ -428,7 +428,6 @@ $_SESSION['override_fallback_number'] = $fallback_number; $rootServer = new RootServerMocks(true); app()->instance(RootServerService::class, $rootServer->getService()); - $this->withoutExceptionHandling(); $response = $this->call($method, '/helpline-search.php', [ 'Digits' => "Brooklyn, NY", 'SearchType' => "1", diff --git a/tests/Feature/MeetingSearchTest.php b/tests/Feature/MeetingSearchTest.php index 68a782009..54f048835 100644 --- a/tests/Feature/MeetingSearchTest.php +++ b/tests/Feature/MeetingSearchTest.php @@ -854,7 +854,6 @@ ->once(); $this->twilioClient->messages = $messageListMock; - $this->withoutExceptionHandling(); $response = $this->call($method, '/meeting-search.php', [ 'Latitude' => $this->latitude, 'Longitude' => $this->longitude,