[Security] Run functional tests also for the authenticator system

Author: wouterj

src/Symfony/Bundle/SecurityBundle/Tests/Functional/AbstractWebTestCase.php

@@ -33,6 +33,12 @@ public static function tearDownAfterClass(): void
         static::deleteTmpDir();
     }
 
+    public function provideSecuritySystems()
+    {
+        yield [['enable_authenticator_manager' => true]];
+        yield [['enable_authenticator_manager' => false]];
+    }
+
     protected static function deleteTmpDir()
     {
         if (!file_exists($dir = sys_get_temp_dir().'/'.static::getVarDir())) {
@@ -61,9 +67,10 @@ protected static function createKernel(array $options = []): KernelInterface
         return new $class(
             static::getVarDir(),
             $options['test_case'],
-            isset($options['root_config']) ? $options['root_config'] : 'config.yml',
-            isset($options['environment']) ? $options['environment'] : strtolower(static::getVarDir().$options['test_case']),
-            isset($options['debug']) ? $options['debug'] : false
+            $options['root_config'] ?? 'config.yml',
+            $options['environment'] ?? strtolower(static::getVarDir().$options['test_case']),
+            $options['debug'] ?? false,
+            $options['enable_authenticator_manager'] ?? false
         );
     }
 

src/Symfony/Bundle/SecurityBundle/Tests/Functional/AuthenticationCommencingTest.php

@@ -13,11 +13,20 @@
 
 class AuthenticationCommencingTest extends AbstractWebTestCase
 {
-    public function testAuthenticationIsCommencingIfAccessDeniedExceptionIsWrapped()
+    /**
+     * @dataProvider provideClientOptions
+     */
+    public function testAuthenticationIsCommencingIfAccessDeniedExceptionIsWrapped(array $options)
     {
-        $client = $this->createClient(['test_case' => 'StandardFormLogin', 'root_config' => 'config.yml']);
+        $client = $this->createClient($options);
 
         $client->request('GET', '/secure-but-not-covered-by-access-control');
         $this->assertRedirect($client->getResponse(), '/login');
     }
+
+    public function provideClientOptions()
+    {
+        yield [['test_case' => 'StandardFormLogin', 'root_config' => 'config.yml', 'enable_authenticator_manager' => true]];
+        yield [['test_case' => 'StandardFormLogin', 'root_config' => 'legacy_config.yml', 'enable_authenticator_manager' => false]];
+    }
 }

src/Symfony/Bundle/SecurityBundle/Tests/Functional/ClearRememberMeTest.php

@@ -19,9 +19,12 @@
 
 class ClearRememberMeTest extends AbstractWebTestCase
 {
-    public function testUserChangeClearsCookie()
+    /**
+     * @dataProvider provideClientOptions
+     */
+    public function testUserChangeClearsCookie(array $options)
     {
-        $client = $this->createClient(['test_case' => 'ClearRememberMe', 'root_config' => 'config.yml']);
+        $client = $this->createClient($options);
 
         $client->request('POST', '/login', [
             '_username' => 'johannes',
@@ -36,6 +39,12 @@ public function testUserChangeClearsCookie()
         $this->assertRedirect($client->getResponse(), '/login');
         $this->assertNull($cookieJar->get('REMEMBERME'));
     }
+
+    public function provideClientOptions()
+    {
+        yield [['test_case' => 'ClearRememberMe', 'root_config' => 'config.yml', 'enable_authenticator_manager' => true]];
+        yield [['test_case' => 'ClearRememberMe', 'root_config' => 'legacy_config.yml', 'enable_authenticator_manager' => false]];
+    }
 }
 
 class RememberMeFooController

src/Symfony/Bundle/SecurityBundle/Tests/Functional/CsrfFormLoginTest.php

@@ -14,11 +14,11 @@
 class CsrfFormLoginTest extends AbstractWebTestCase
 {
     /**
-     * @dataProvider getConfigs
+     * @dataProvider provideClientOptions
      */
-    public function testFormLoginAndLogoutWithCsrfTokens($config)
+    public function testFormLoginAndLogoutWithCsrfTokens($options)
     {
-        $client = $this->createClient(['test_case' => 'CsrfFormLogin', 'root_config' => $config]);
+        $client = $this->createClient($options);
 
         $form = $client->request('GET', '/login')->selectButton('login')->form();
         $form['user_login[username]'] = 'johannes';
@@ -44,13 +44,17 @@ public function testFormLoginAndLogoutWithCsrfTokens($config)
     }
 
     /**
-     * @dataProvider getConfigs
+     * @dataProvider provideClientOptions
      */
-    public function testFormLoginWithInvalidCsrfToken($config)
+    public function testFormLoginWithInvalidCsrfToken($options)
     {
-        $client = $this->createClient(['test_case' => 'CsrfFormLogin', 'root_config' => $config]);
+        $client = $this->createClient($options);
 
         $form = $client->request('GET', '/login')->selectButton('login')->form();
+        if ($options['enable_authenticator_manager'] ?? false) {
+            $form['user_login[username]'] = 'johannes';
+            $form['user_login[password]'] = 'test';
+        }
         $form['user_login[_token]'] = '';
         $client->submit($form);
 
@@ -61,11 +65,11 @@ public function testFormLoginWithInvalidCsrfToken($config)
     }
 
     /**
-     * @dataProvider getConfigs
+     * @dataProvider provideClientOptions
      */
-    public function testFormLoginWithCustomTargetPath($config)
+    public function testFormLoginWithCustomTargetPath($options)
     {
-        $client = $this->createClient(['test_case' => 'CsrfFormLogin', 'root_config' => $config]);
+        $client = $this->createClient($options);
 
         $form = $client->request('GET', '/login')->selectButton('login')->form();
         $form['user_login[username]'] = 'johannes';
@@ -81,11 +85,11 @@ public function testFormLoginWithCustomTargetPath($config)
     }
 
     /**
-     * @dataProvider getConfigs
+     * @dataProvider provideClientOptions
      */
-    public function testFormLoginRedirectsToProtectedResourceAfterLogin($config)
+    public function testFormLoginRedirectsToProtectedResourceAfterLogin($options)
     {
-        $client = $this->createClient(['test_case' => 'CsrfFormLogin', 'root_config' => $config]);
+        $client = $this->createClient($options);
 
         $client->request('GET', '/protected-resource');
         $this->assertRedirect($client->getResponse(), '/login');
@@ -101,11 +105,11 @@ public function testFormLoginRedirectsToProtectedResourceAfterLogin($config)
         $this->assertStringContainsString('You\'re browsing to path "/protected-resource".', $text);
     }
 
-    public function getConfigs()
+    public function provideClientOptions()
     {
-        return [
-            ['config.yml'],
-            ['routes_as_path.yml'],
-        ];
+        yield [['test_case' => 'CsrfFormLogin', 'root_config' => 'config.yml', 'enable_authenticator_manager' => true]];
+        yield [['test_case' => 'CsrfFormLogin', 'root_config' => 'legacy_config.yml', 'enable_authenticator_manager' => false]];
+        yield [['test_case' => 'CsrfFormLogin', 'root_config' => 'routes_as_path.yml', 'enable_authenticator_manager' => true]];
+        yield [['test_case' => 'CsrfFormLogin', 'root_config' => 'legacy_routes_as_path.yml', 'enable_authenticator_manager' => false]];
     }
 }

src/Symfony/Bundle/SecurityBundle/Tests/Functional/FirewallEntryPointTest.php

@@ -31,9 +31,12 @@ public function testItUsesTheConfiguredEntryPointWhenUsingUnknownCredentials()
         );
     }
 
-    public function testItUsesTheConfiguredEntryPointFromTheExceptionListenerWithFormLoginAndNoCredentials()
+    /**
+     * @dataProvider provideSecuritySystems
+     */
+    public function testItUsesTheConfiguredEntryPointFromTheExceptionListenerWithFormLoginAndNoCredentials(array $options)
     {
-        $client = $this->createClient(['test_case' => 'FirewallEntryPoint', 'root_config' => 'config_form_login.yml']);
+        $client = $this->createClient($options + ['test_case' => 'FirewallEntryPoint', 'root_config' => 'config_form_login.yml']);
 
         $client->request('GET', '/secure/resource');
 

src/Symfony/Bundle/SecurityBundle/Tests/Functional/FormLoginTest.php

@@ -14,11 +14,11 @@
 class FormLoginTest extends AbstractWebTestCase
 {
     /**
-     * @dataProvider getConfigs
+     * @dataProvider provideClientOptions
      */
-    public function testFormLogin($config)
+    public function testFormLogin(array $options)
     {
-        $client = $this->createClient(['test_case' => 'StandardFormLogin', 'root_config' => $config]);
+        $client = $this->createClient($options);
 
         $form = $client->request('GET', '/login')->selectButton('login')->form();
         $form['_username'] = 'johannes';
@@ -33,11 +33,11 @@ public function testFormLogin($config)
     }
 
     /**
-     * @dataProvider getConfigs
+     * @dataProvider provideClientOptions
      */
-    public function testFormLogout($config)
+    public function testFormLogout(array $options)
     {
-        $client = $this->createClient(['test_case' => 'StandardFormLogin', 'root_config' => $config]);
+        $client = $this->createClient($options);
 
         $form = $client->request('GET', '/login')->selectButton('login')->form();
         $form['_username'] = 'johannes';
@@ -66,11 +66,11 @@ public function testFormLogout($config)
     }
 
     /**
-     * @dataProvider getConfigs
+     * @dataProvider provideClientOptions
      */
-    public function testFormLoginWithCustomTargetPath($config)
+    public function testFormLoginWithCustomTargetPath(array $options)
     {
-        $client = $this->createClient(['test_case' => 'StandardFormLogin', 'root_config' => $config]);
+        $client = $this->createClient($options);
 
         $form = $client->request('GET', '/login')->selectButton('login')->form();
         $form['_username'] = 'johannes';
@@ -86,11 +86,11 @@ public function testFormLoginWithCustomTargetPath($config)
     }
 
     /**
-     * @dataProvider getConfigs
+     * @dataProvider provideClientOptions
      */
-    public function testFormLoginRedirectsToProtectedResourceAfterLogin($config)
+    public function testFormLoginRedirectsToProtectedResourceAfterLogin(array $options)
     {
-        $client = $this->createClient(['test_case' => 'StandardFormLogin', 'root_config' => $config]);
+        $client = $this->createClient($options);
 
         $client->request('GET', '/protected_resource');
         $this->assertRedirect($client->getResponse(), '/login');
@@ -106,11 +106,11 @@ public function testFormLoginRedirectsToProtectedResourceAfterLogin($config)
         $this->assertStringContainsString('You\'re browsing to path "/protected_resource".', $text);
     }
 
-    public function getConfigs()
+    public function provideClientOptions()
     {
-        return [
-            ['config.yml'],
-            ['routes_as_path.yml'],
-        ];
+        yield [['test_case' => 'StandardFormLogin', 'root_config' => 'config.yml', 'enable_authenticator_manager' => true]];
+        yield [['test_case' => 'StandardFormLogin', 'root_config' => 'legacy_config.yml', 'enable_authenticator_manager' => false]];
+        yield [['test_case' => 'StandardFormLogin', 'root_config' => 'routes_as_path.yml', 'enable_authenticator_manager' => true]];
+        yield [['test_case' => 'StandardFormLogin', 'root_config' => 'legacy_routes_as_path.yml', 'enable_authenticator_manager' => false]];
     }
 }

src/Symfony/Bundle/SecurityBundle/Tests/Functional/JsonLoginTest.php

@@ -18,9 +18,12 @@
  */
 class JsonLoginTest extends AbstractWebTestCase
 {
-    public function testDefaultJsonLoginSuccess()
+    /**
+     * @dataProvider provideSecuritySystems
+     */
+    public function testDefaultJsonLoginSuccess(array $options)
     {
-        $client = $this->createClient(['test_case' => 'JsonLogin', 'root_config' => 'config.yml']);
+        $client = $this->createClient($options + ['test_case' => 'JsonLogin', 'root_config' => 'config.yml']);
         $client->request('POST', '/chk', [], [], ['CONTENT_TYPE' => 'application/json'], '{"user": {"login": "dunglas", "password": "foo"}}');
         $response = $client->getResponse();
 
@@ -29,9 +32,12 @@ public function testDefaultJsonLoginSuccess()
         $this->assertSame(['message' => 'Welcome @dunglas!'], json_decode($response->getContent(), true));
     }
 
-    public function testDefaultJsonLoginFailure()
+    /**
+     * @dataProvider provideSecuritySystems
+     */
+    public function testDefaultJsonLoginFailure(array $options)
     {
-        $client = $this->createClient(['test_case' => 'JsonLogin', 'root_config' => 'config.yml']);
+        $client = $this->createClient($options + ['test_case' => 'JsonLogin', 'root_config' => 'config.yml']);
         $client->request('POST', '/chk', [], [], ['CONTENT_TYPE' => 'application/json'], '{"user": {"login": "dunglas", "password": "bad"}}');
         $response = $client->getResponse();
 
@@ -40,9 +46,12 @@ public function testDefaultJsonLoginFailure()
         $this->assertSame(['error' => 'Invalid credentials.'], json_decode($response->getContent(), true));
     }
 
-    public function testCustomJsonLoginSuccess()
+    /**
+     * @dataProvider provideSecuritySystems
+     */
+    public function testCustomJsonLoginSuccess(array $options)
     {
-        $client = $this->createClient(['test_case' => 'JsonLogin', 'root_config' => 'custom_handlers.yml']);
+        $client = $this->createClient($options + ['test_case' => 'JsonLogin', 'root_config' => 'custom_handlers.yml']);
         $client->request('POST', '/chk', [], [], ['CONTENT_TYPE' => 'application/json'], '{"user": {"login": "dunglas", "password": "foo"}}');
         $response = $client->getResponse();
 
@@ -51,9 +60,12 @@ public function testCustomJsonLoginSuccess()
         $this->assertSame(['message' => 'Good game @dunglas!'], json_decode($response->getContent(), true));
     }
 
-    public function testCustomJsonLoginFailure()
+    /**
+     * @dataProvider provideSecuritySystems
+     */
+    public function testCustomJsonLoginFailure(array $options)
     {
-        $client = $this->createClient(['test_case' => 'JsonLogin', 'root_config' => 'custom_handlers.yml']);
+        $client = $this->createClient($options + ['test_case' => 'JsonLogin', 'root_config' => 'custom_handlers.yml']);
         $client->request('POST', '/chk', [], [], ['CONTENT_TYPE' => 'application/json'], '{"user": {"login": "dunglas", "password": "bad"}}');
         $response = $client->getResponse();
 
@@ -62,9 +74,12 @@ public function testCustomJsonLoginFailure()
         $this->assertSame(['message' => 'Something went wrong'], json_decode($response->getContent(), true));
     }
 
-    public function testDefaultJsonLoginBadRequest()
+    /**
+     * @dataProvider provideSecuritySystems
+     */
+    public function testDefaultJsonLoginBadRequest(array $options)
     {
-        $client = $this->createClient(['test_case' => 'JsonLogin', 'root_config' => 'config.yml']);
+        $client = $this->createClient($options + ['test_case' => 'JsonLogin', 'root_config' => 'config.yml']);
         $client->request('POST', '/chk', [], [], ['CONTENT_TYPE' => 'application/json'], 'Not a json content');
         $response = $client->getResponse();
 

src/Symfony/Bundle/SecurityBundle/Tests/Functional/LocalizedRoutesAsPathTest.php

@@ -14,11 +14,11 @@
 class LocalizedRoutesAsPathTest extends AbstractWebTestCase
 {
     /**
-     * @dataProvider getLocales
+     * @dataProvider getLocalesAndClientConfig
      */
-    public function testLoginLogoutProcedure($locale)
+    public function testLoginLogoutProcedure($locale, array $options)
     {
-        $client = $this->createClient(['test_case' => 'StandardFormLogin', 'root_config' => 'localized_routes.yml']);
+        $client = $this->createClient(['test_case' => 'StandardFormLogin'] + $options);
 
         $crawler = $client->request('GET', '/'.$locale.'/login');
         $form = $crawler->selectButton('login')->form();
@@ -36,11 +36,11 @@ public function testLoginLogoutProcedure($locale)
 
     /**
      * @group issue-32995
-     * @dataProvider getLocales
+     * @dataProvider getLocalesAndClientConfig
      */
-    public function testLoginFailureWithLocalizedFailurePath($locale)
+    public function testLoginFailureWithLocalizedFailurePath($locale, array $options)
     {
-        $client = $this->createClient(['test_case' => 'StandardFormLogin', 'root_config' => 'localized_form_failure_handler.yml']);
+        $client = $this->createClient(['test_case' => 'StandardFormLogin', 'root_config' => ($options['enable_authenticator_manager'] ? '' : 'legacy_').'localized_form_failure_handler.yml'] + $options);
 
         $crawler = $client->request('GET', '/'.$locale.'/login');
         $form = $crawler->selectButton('login')->form();
@@ -52,29 +52,32 @@ public function testLoginFailureWithLocalizedFailurePath($locale)
     }
 
     /**
-     * @dataProvider getLocales
+     * @dataProvider getLocalesAndClientConfig
      */
-    public function testAccessRestrictedResource($locale)
+    public function testAccessRestrictedResource($locale, array $options)
     {
-        $client = $this->createClient(['test_case' => 'StandardFormLogin', 'root_config' => 'localized_routes.yml']);
+        $client = $this->createClient(['test_case' => 'StandardFormLogin'] + $options);
 
         $client->request('GET', '/'.$locale.'/secure/');
         $this->assertRedirect($client->getResponse(), '/'.$locale.'/login');
     }
 
     /**
-     * @dataProvider getLocales
+     * @dataProvider getLocalesAndClientConfig
      */
-    public function testAccessRestrictedResourceWithForward($locale)
+    public function testAccessRestrictedResourceWithForward($locale, array $options)
     {
-        $client = $this->createClient(['test_case' => 'StandardFormLogin', 'root_config' => 'localized_routes_with_forward.yml']);
+        $client = $this->createClient(['test_case' => 'StandardFormLogin', 'root_config' => 'localized_routes_with_forward.yml'] + $options);
 
         $crawler = $client->request('GET', '/'.$locale.'/secure/');
         $this->assertCount(1, $crawler->selectButton('login'), (string) $client->getResponse());
     }
 
-    public function getLocales()
+    public function getLocalesAndClientConfig()
     {
-        return [['en'], ['de']];
+        yield ['en', ['enable_authenticator_manager' => true, 'root_config' => 'localized_routes.yml']];
+        yield ['en', ['enable_authenticator_manager' => false, 'root_config' => 'legacy_localized_routes.yml']];
+        yield ['de', ['enable_authenticator_manager' => true, 'root_config' => 'localized_routes.yml']];
+        yield ['de', ['enable_authenticator_manager' => false, 'root_config' => 'legacy_localized_routes.yml']];
     }
 }