composer/iTop
6
0
Fork 0
mirror of https://github.com/Combodo/iTop.git synced 2026-04-21 17:48:43 +02:00
Code Issues Packages Projects Releases Wiki Activity

N°4289 Security hardening

Browse Source
This commit is contained in:
Pierre Goiffon
2021-10-21 11:55:21 +02:00
parent a353317746
commit 7757f1f2d2
3 changed files with 111 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
test/application/privUITransactionFileTest.php Normal file
View File

@@ -0,0 +1,27 @@
<?php
class privUITransactionFileTest extends \Combodo\iTop\Test\UnitTest\ItopDataTestCase
{
const USER_TEST_LOGIN = 'support_test_privUITransaction';
public function testIsTransactionValid() {
$this->CreateUser(static::USER_TEST_LOGIN, 5); // profile:5 is "Support agent"
// create token in the support user context
UserRights::Login(self::USER_TEST_LOGIN);
$sTransactionIdUserSupport = privUITransactionFile::GetNewTransactionId();
$bResult = privUITransactionFile::IsTransactionValid($sTransactionIdUserSupport, false);
$this->assertTrue($bResult, 'Token created by support user must be valid in the support user context');
// test token in the admin user context
UserRights::Login('admin');
$bResult = privUITransactionFile::IsTransactionValid($sTransactionIdUserSupport, false);
$this->assertFalse($bResult, 'Token created by support user must be invalid in the admin user context');
$bResult = privUITransactionFile::RemoveTransaction($sTransactionIdUserSupport);
$this->assertFalse($bResult, 'Token created by support user cannot be removed in the admin user context');
// test other methods in the support user context
UserRights::Login(self::USER_TEST_LOGIN);
$bResult = privUITransactionFile::RemoveTransaction($sTransactionIdUserSupport);
$this->assertTrue($bResult, 'Token created by support user must be removed in the support user context');
}
}