tests: add test for magic login code

Author: datamweb

tests/Controllers/MagicLinkTest.php

@@ -18,12 +18,15 @@
 use CodeIgniter\I18n\Time;
 use CodeIgniter\Shield\Authentication\Actions\EmailActivator;
 use CodeIgniter\Shield\Authentication\Authenticators\Session;
+use CodeIgniter\Shield\Controllers\MagicLinkController;
 use CodeIgniter\Shield\Entities\User;
+use CodeIgniter\Shield\Exceptions\InvalidArgumentException;
 use CodeIgniter\Shield\Models\UserIdentityModel;
 use CodeIgniter\Shield\Models\UserModel;
 use CodeIgniter\Test\DatabaseTestTrait;
 use CodeIgniter\Test\FeatureTestTrait;
 use Config\Services;
+use ReflectionMethod;
 use Tests\Support\FakeUser;
 use Tests\Support\TestCase;
 
@@ -210,4 +213,229 @@ public function testMagicLinkVerifyReturns404ForRobotUserAgent(): void
 
         $this->get(route_to('verify-magic-link') . '?token=validtoken123');
     }
+
+    public function testMagicCodeShowLoginForm(): void
+    {
+        $config                 = config('Auth');
+        $config->magicLoginMode = '6-numeric';
+        Factories::injectMock('config', 'Auth', $config);
+
+        $this->user->createEmailIdentity([
+            'email'    => 'foo@example.com',
+            'password' => 'secret123',
+        ]);
+
+        $result = $this->post('/login/magic-link', [
+            'email' => 'foo@example.com',
+        ]);
+
+        // must contain a code input form
+        $result->seeElement('#magicCode');
+        $result->assertStatus(200);
+    }
+
+    public function testMagicCodeShowsOneOFLoginForm(): void
+    {
+        $config                 = config('Auth');
+        $config->magicLoginMode = '15-oneof';
+        Factories::injectMock('config', 'Auth', $config);
+
+        $this->user->createEmailIdentity([
+            'email'    => 'foo@example.com',
+            'password' => 'secret123',
+        ]);
+
+        $result = $this->post('/login/magic-link', [
+            'email' => 'foo@example.com',
+        ]);
+
+        $result->assertSee('15-character code');
+        // must contain a code input form
+        $result->seeElement('#magicCode');
+        $result->assertStatus(200);
+    }
+
+    public function testMagicCodeEmailContainsSixDigitCode(): void
+    {
+        $config                 = config('Auth');
+        $config->magicLoginMode = '6-numeric';
+        Factories::injectMock('config', 'Auth', $config);
+
+        $this->user->createEmailIdentity([
+            'email'    => 'foo@example.com',
+            'password' => 'secret123',
+        ]);
+
+        $this->post('/login/magic-link', [
+            'email' => 'foo@example.com',
+        ]);
+
+        $email = service('email')->archive['body'];
+
+        // Should have sent an email with the link....
+        $this->assertStringContainsString(
+            lang('Auth.email2FAMailBody'),
+            $email,
+        );
+
+        $this->assertMatchesRegularExpression(
+            '!<h1>[0-9]{6}</h1>!',
+            $email,
+        );
+    }
+
+    public function testValidMagicCodeLogsUserIn(): void
+    {
+        $config                 = config('Auth');
+        $config->magicLoginMode = '6-numeric';
+        Factories::injectMock('config', 'Auth', $config);
+
+        $this->user->createEmailIdentity([
+            'email'    => 'foo@example.com',
+            'password' => 'secret123',
+        ]);
+
+        $this->post('/login/magic-link', [
+            'email' => 'foo@example.com',
+        ]);
+
+        // Extract sent email body & OTP code
+        $email = service('email')->archive['body'];
+        preg_match('/[0-9]{6}/', $email, $match);
+        $code   = $match[0];
+        $result = $this->post('/login/verify-magic-link', [
+            'magicCode' => $code,
+        ]);
+
+        $result->assertStatus(302);
+        $result->assertRedirectTo(config('Auth')->loginRedirect());
+        $this->assertTrue(auth()->loggedIn());
+    }
+
+    public function testInvalidMagicCodeShowsError(): void
+    {
+        $config                 = config('Auth');
+        $config->magicLoginMode = '6-numeric';
+        Factories::injectMock('config', 'Auth', $config);
+
+        $this->user->createEmailIdentity([
+            'email'    => 'foo@example.com',
+            'password' => 'secret123',
+        ]);
+
+        $this->post('/login/magic-link', [
+            'email' => 'foo@example.com',
+        ]);
+
+        $result = $this->post('/login/verify-magic-link', [
+            'magicCode' => '000000', // surely invalid
+        ]);
+
+        $result->assertStatus(302);
+        $result->assertRedirectTo('/login/magic-link');
+        $result->assertSessionHas('error', lang('Auth.magicTokenNotFound'));
+
+        $this->assertFalse(auth()->loggedIn());
+    }
+
+    public function testClickableMode(): void
+    {
+        $result = $this->callPrivateMethod('clickable');
+
+        $this->assertSame('magic-link-message', $result['displayMessageView']);
+        $this->assertSame('magic-link-email', $result['emailView']);
+        $this->assertSame(lang('Auth.magicLinkSubject'), $result['emailSubject']);
+        $this->assertSame(20, strlen($result['token']));
+    }
+
+    public function testNumericMode(): void
+    {
+        $config                 = config('Auth');
+        $config->magicLoginMode = '6-numeric';
+        Factories::injectMock('config', 'Auth', $config);
+
+        $result = $this->callPrivateMethod();
+
+        $this->assertSame('magic-link-code', $result['displayMessageView']);
+        $this->assertSame('magic-link-email-code', $result['emailView']);
+        $this->assertSame(6, strlen($result['token']));
+        $this->assertMatchesRegularExpression('/^[0-9]{6}$/', $result['token']);
+    }
+
+    public function testAlnumMode(): void
+    {
+        $config                 = config('Auth');
+        $config->magicLoginMode = '8-alnum';
+        Factories::injectMock('config', 'Auth', $config);
+
+        $result = $this->callPrivateMethod();
+
+        $this->assertSame(8, strlen($result['token']));
+        $this->assertMatchesRegularExpression('/^[A-Za-z0-9]{8}$/', $result['token']);
+    }
+
+    public function testOneofMode(): void
+    {
+        $result = $this->callPrivateMethod('4-oneof');
+
+        $this->assertSame('magic-link-code', $result['displayMessageView']);
+        $this->assertSame('magic-link-email-code', $result['emailView']);
+        $this->assertSame(lang('Auth.magicCodeSubject'), $result['emailSubject']);
+
+        $token = $result['token'];
+
+        $this->assertSame(4, strlen($token));
+
+        $tokens      = [];
+        $uniqueCount = 0;
+
+        for ($i = 0; $i < 10; $i++) {
+            $newToken = $this->callPrivateMethod('4-oneof')['token'];
+            $tokens[] = $newToken;
+
+            if ($newToken !== $token) {
+                $uniqueCount++;
+            }
+        }
+
+        $this->assertGreaterThan(
+            0,
+            $uniqueCount,
+            'Tokens generated in loop should not all be identical.',
+        );
+    }
+
+    public function testInvalidFormatThrowsException(): void
+    {
+        $this->expectException(InvalidArgumentException::class);
+        $this->callPrivateMethod('INVALID_FORMAT');
+    }
+
+    public function testInvalidLengthThrowsException(): void
+    {
+        $this->expectException(InvalidArgumentException::class);
+        $this->callPrivateMethod('x-numeric');
+    }
+
+    public function testZeroLengthThrowsException(): void
+    {
+        $this->expectException(InvalidArgumentException::class);
+        $this->callPrivateMethod('0-numeric');
+    }
+
+    public function testInvalidTypeThrowsException(): void
+    {
+        $this->expectException(InvalidArgumentException::class);
+        $this->callPrivateMethod('5-invalid');
+    }
+
+    private function callPrivateMethod(?string $mode = null): array
+    {
+        $controller = new MagicLinkController();
+
+        $method = new ReflectionMethod($controller, 'resolveMode');
+        $method->setAccessible(true);
+
+        return $method->invoke($controller, $mode);
+    }
 }