WIP

2026-04-24 02:58:43 +02:00 · 2026-03-04 16:13:00 +01:00
parent 2067940a37
commit 38d725cc5a
4 changed files with 64 additions and 2 deletions
--- a/tests/php-unit-tests/integration-tests/login-tests/LoginWebPageTest.php
+++ b/tests/php-unit-tests/integration-tests/login-tests/LoginWebPageTest.php
@@ -95,10 +95,64 @@ class LoginWebPageTest extends ItopDataTestCase
 	public function testNotInExecutionPolicyFileWithoutForceLoginConf()
 	{
 		$sPageContent = $this->CallItopUri(
-			"pages/exec.php?exec_module=extension-with-execution-policy&exec_page=src/Controller/AnotherFile.php",
+			"pages/exec.php?exec_module=extension-without-execution-policy&exec_page=src/Controller/AnotherFile.php",
+			[],
+			[],
+			true
 		);

 		$this->assertStringNotContainsString('<title>iTop login</title>', $sPageContent); // by default (until N°9343) if no execution policy is defined, login is not forced
 	}

+	public function testNotInExecutionPolicyFileWithoutForceLoginConfButWithExecutionPolicy()
+	{
+		$sPageContent = $this->CallItopUri(
+			"pages/exec.php?exec_module=extension-with-execution-policy&exec_page=src/Controller/AnotherFile.php",
+			[],
+			[],
+			true
+		);
+
+		$this->assertStringContainsString('<title>iTop login</title>', $sPageContent); // Since an execution policy is defined and AnotherFile.php isn't in it, login should be proposed
+	}
+
+	/**
+	 * @dataProvider InExecutionPolicyFileWithAdminRequiredProvider
+	 *
+	 * @throws \Exception
+	 */
+	public function testInExecutionPolicyFileWithAdminRequired($iProfileId, $ForbiddenPageShouldBeDisplayed)
+	{
+		// generate random login
+		$sUserLogin = 'user-'.date('YmdHis');
+		$this->CreateUser($sUserLogin, $iProfileId, self::PASSWORD);
+		$this->GivenConfigFileAllowedLoginTypes(explode('|', 'form'));
+
+		$sPageContent = $this->CallItopUri(
+			"pages/exec.php?exec_module=extension-with-execution-policy&exec_page=src/Controller/CheckAnythingButAdminRequired.php",
+			[
+				'auth_user' => $sUserLogin,
+				'auth_pwd' => self::PASSWORD,
+			],
+			[],
+			true
+		);
+		$ForbiddenPageShouldBeDisplayed ?
+			$this->assertStringContainsString('Yo !', $sPageContent) :
+			$this->assertStringNotContainsString('<title>Access restricted to people having administrator privileges</title>', $sPageContent); // in execution policy file (in the module), login should not be proposed, file handle its own policy
+	}
+
+	public function InExecutionPolicyFileWithAdminRequiredProvider()
+	{
+		return [
+			'Administrator profile' => [
+				self::$aURP_Profiles['Administrator'],
+				true,
+			],
+			'ReadOnly profile' => [
+				self::$aURP_Profiles['Service Desk Agent'],
+				false,
+			],
+		];
+	}
 }
--- a/tests/php-unit-tests/integration-tests/login-tests/extension-with-execution-policy/module.extension-with-execution-policy.php
+++ b/tests/php-unit-tests/integration-tests/login-tests/extension-with-execution-policy/module.extension-with-execution-policy.php
@@ -19,6 +19,7 @@ SetupWebPage::AddModule(
 		// Security
 		'execution_policy' => [
 			'src/Controller/CheckAnything.php',
+			'src/Controller/CheckAnythingButAdminRequired.php',
 		],

 		// Components
--- a/tests/php-unit-tests/integration-tests/login-tests/extension-with-execution-policy/src/Controller/CheckAnythingButAdminRequired.php
+++ b/tests/php-unit-tests/integration-tests/login-tests/extension-with-execution-policy/src/Controller/CheckAnythingButAdminRequired.php
@@ -0,0 +1,5 @@
+<?php
+
+LoginWebPage::DoLogin(true);
+
+echo 'Yo !';