OXDEV-9243 Add tests for honeypot and image captcha

Author: TitaKoleva

tests/Codeception/Acceptance/HoneyPotCaptchaCest.php

@@ -11,6 +11,8 @@
 
 use Codeception\Util\Fixtures;
 use OxidEsales\Codeception\Module\Translation\Translator;
+use OxidEsales\Codeception\Page\Account\UserLogin;
+use OxidEsales\Codeception\Page\Account\UserPasswordReminder;
 use OxidEsales\Codeception\Page\DataObject\ContactData;
 use OxidEsales\SecurityModule\Tests\Codeception\Support\AcceptanceTester;
 
@@ -20,7 +22,13 @@
  */
 class HoneyPotCaptchaCest extends BaseCest
 {
-    private string $honeyPotInput = "lastname_confirm";
+    private string $honeyPotInput = 'lastname_confirm';
+    private string $loginForm = 'main.content form[name="login"]';
+    private string $loginBoxForm = 'header form[name="login"]';
+    private string $newsletterForm = 'main.content form.needs-validation';
+    private string $contactForm = 'main.content form.needs-validation';
+    private string $registerForm = 'main.content form[name="order"]';
+    private string $forgotPwdForm = 'main.content form[name="forgotpwd"]';
 
     public function _before(AcceptanceTester $I): void
     {
@@ -34,7 +42,9 @@ public function testHoneyPotCaptchaOnRegistrationPage(AcceptanceTester $I): void
         $registrationPage = $homePage->openUserRegistrationPage();
         $userData = $this->getNewUserData();
         $this->fillRegistrationForm($I, $userData);
-        $I->executeJS("document.querySelector('input[name=\"$this->honeyPotInput\"]').value = 'some value';");
+        $I->executeJS(
+            "document.querySelector('$this->registerForm input[name=\"$this->honeyPotInput\"]').value = 'some value';"
+        );
         $I->retryClick($registrationPage->saveFormButton);
 
         $I->see(Translator::translate('FORM_VALIDATION_FAILED'));
@@ -49,7 +59,9 @@ public function testHoneyPotCaptchaOnContactPage(AcceptanceTester $I): void
         $contactData = new ContactData();
         $contactData->setEmail($userData['userLoginName']);
         $contactPage->fillInContactData($contactData);
-        $I->executeJS("document.querySelector('input[name=\"$this->honeyPotInput\"]').value = 'some value';");
+        $I->executeJS(
+            "document.querySelector('$this->contactForm input[name=\"$this->honeyPotInput\"]').value = 'some value';"
+        );
         $contactPage->sendContactData();
 
         $I->see(Translator::translate('FORM_VALIDATION_FAILED'));
@@ -62,12 +74,65 @@ public function testHoneyPotCaptchaOnNewsletterPage(AcceptanceTester $I): void
 
         $homePage = $I->openShop();
         $newsletterPage = $homePage->subscribeForNewsletter($userData['userLoginName']);
-        $I->executeJS("document.querySelector('input[name=\"$this->honeyPotInput\"]').value = 'some value';");
+        $I->executeJS(
+            "document.querySelector('$this->newsletterForm input[name=\"$this->honeyPotInput\"]').value = 'some value';"
+        );
         $newsletterPage->subscribe();
 
         $I->see(Translator::translate('FORM_VALIDATION_FAILED'));
     }
 
+    public function testHoneyPotCaptchaOnLoginPage(AcceptanceTester $I): void
+    {
+        $userData = Fixtures::get('existingUser');
+
+        $userLoginPage = new UserLogin($I);
+        $I->amOnPage($userLoginPage->URL);
+        $I->see(Translator::translate('LOGIN'));
+
+        $I->executeJS(
+            "document.querySelector('$this->loginForm input[name=\"$this->honeyPotInput\"]').value = 'some value';"
+        );
+        $userLoginPage->loginWithError($userData['userLoginName'], $userData['userPassword']);
+
+        $I->see(Translator::translate('FORM_VALIDATION_FAILED'));
+    }
+
+    public function testHoneyPotCaptchaOnLoginBox(AcceptanceTester $I): void
+    {
+
+        $userData = Fixtures::get('existingUser');
+
+        $homePage = $I->openShop();
+        $accountMenu = $homePage->openAccountMenu();
+        $I->waitForText(Translator::translate('FORGOT_PASSWORD'));
+        $I->retryFillField($accountMenu->userLoginName, $userData['userLoginName']);
+        $I->retryFillField($accountMenu->userLoginPassword, $userData['userPassword']);
+        $I->executeJS(
+            "document.querySelector('$this->loginBoxForm input[name=\"$this->honeyPotInput\"]').value = 'some value';"
+        );
+        $I->retryClick($accountMenu->userLoginButton);
+        $I->waitForPageLoad();
+
+        $I->see(Translator::translate('FORM_VALIDATION_FAILED'));
+    }
+
+    public function testHoneyPotCaptchaOnForgotPasswordPage(AcceptanceTester $I): void
+    {
+
+        $userData = Fixtures::get('existingUser');
+
+        $forgotPwdPage = new UserPasswordReminder($I);
+        $I->amOnPage($forgotPwdPage->URL);
+
+        $I->executeJS(
+            "document.querySelector('$this->forgotPwdForm input[name=\"$this->honeyPotInput\"]').value = 'some value';"
+        );
+        $forgotPwdPage->resetPassword($userData['userLoginName']);
+
+        $I->see(Translator::translate('FORM_VALIDATION_FAILED'));
+    }
+
     private function fillRegistrationForm(AcceptanceTester $I, array $userData)
     {
         foreach ($userData['inputFields'] as $key => $value) {

tests/Codeception/Acceptance/ImageCaptchaVisibilityCest.php

@@ -13,6 +13,7 @@
 use Codeception\Util\Fixtures;
 use OxidEsales\Codeception\Module\Translation\Translator;
 use OxidEsales\Codeception\Page\Account\UserLogin;
+use OxidEsales\Codeception\Page\Account\UserPasswordReminder;
 use OxidEsales\SecurityModule\Tests\Codeception\Support\AcceptanceTester;
 
 /**
@@ -92,6 +93,19 @@ public function testCaptchaImageOnLoginBox(AcceptanceTester $I, Example $example
         $this->checkVisibility($I, $example['visibility']);
     }
 
+    /**
+     * @dataProvider captchaDataProvider
+     */
+    public function testCaptchaImageOnForgotPasswordPage(AcceptanceTester $I, Example $example): void
+    {
+        $this->setCaptchaState($example['enabled']);
+
+        $forgotPwdPage = new UserPasswordReminder($I);
+        $I->amOnPage($forgotPwdPage->URL);
+
+        $this->checkVisibility($I, $example['visibility']);
+    }
+
     private function checkVisibility(AcceptanceTester $I, bool $visible)
     {
         if ($visible) {

tests/Integration/Captcha/Shop/ForgotPasswordControllerTest.php

@@ -0,0 +1,124 @@
+<?php
+
+/**
+ * Copyright © OXID eSales AG. All rights reserved.
+ * See LICENSE file for license details.
+ */
+
+declare(strict_types=1);
+
+namespace OxidEsales\SecurityModule\Tests\Integration\Captcha\Shop;
+
+use OxidEsales\Eshop\Application\Controller\ForgotPasswordController;
+use OxidEsales\Eshop\Core\Registry;
+use OxidEsales\Eshop\Core\Request;
+use OxidEsales\Eshop\Core\UtilsView;
+use OxidEsales\EshopCommunity\Core\Di\ContainerFacade;
+use OxidEsales\EshopCommunity\Tests\Integration\IntegrationTestCase;
+use OxidEsales\SecurityModule\Captcha\Service\ModuleSettingsServiceInterface;
+
+class ForgotPasswordControllerTest extends IntegrationTestCase
+{
+    protected UtilsView $utilsViewMock;
+    protected Request $requestMock;
+
+    public function setUp(): void
+    {
+        parent::setUp();
+
+        $moduleSettings = ContainerFacade::get(ModuleSettingsServiceInterface::class);
+        $moduleSettings->saveIsCaptchaEnabled(true);
+
+        $this->utilsViewMock = $this->getMockBuilder(UtilsView::class)
+            ->disableOriginalConstructor()
+            ->onlyMethods(['addErrorToDisplay'])
+            ->getMock();
+
+        $this->requestMock = $this->getMockBuilder(Request::class)
+            ->disableOriginalConstructor()
+            ->onlyMethods(['getRequestParameter'])
+            ->getMock();
+
+        Registry::set(UtilsView::class, $this->utilsViewMock);
+        Registry::set(Request::class, $this->requestMock);
+        Registry::getSession()->setVariable('captcha', 'valid_captcha');
+        Registry::getSession()->setVariable('captcha_expiration', time() + 60);
+    }
+
+    public function testForgotPasswordWithValidCaptcha()
+    {
+        $this->requestMock
+            ->method('getRequestParameter')
+            ->willReturnCallback(function ($param) {
+                if ($param === 'captcha') {
+                    return 'valid_captcha';
+                }
+                return '';
+            });
+
+        $this->utilsViewMock
+            ->expects($this->any())
+            ->method('addErrorToDisplay')
+            ->willReturnCallback(function ($message) {
+                $this->assertNotEquals('ERROR_INVALID_CAPTCHA', $message);
+            });
+
+        $subject = oxNew(ForgotPasswordController::class);
+        $subject->forgotPassword();
+    }
+
+    public function testForgotPasswordWithInvalidCaptcha()
+    {
+        $this->requestMock
+            ->method('getRequestParameter')
+            ->with('captcha')
+            ->willReturn('invalid_captcha');
+
+        $this->utilsViewMock
+            ->expects($this->once())
+            ->method('addErrorToDisplay')
+            ->with('ERROR_INVALID_CAPTCHA');
+
+        $subject = oxNew(ForgotPasswordController::class);
+        $subject->forgotPassword();
+    }
+
+    public function testForgotPasswordWithInvalidHoneyPotCaptcha()
+    {
+        $this->requestMock
+            ->method('getRequestParameter')
+            ->willReturnCallback(function ($param) {
+                if ($param === 'captcha') {
+                    return 'valid_captcha';
+                }
+                if ($param === 'lastname_confirm') {
+                    return 'some-text';
+                }
+                return '';
+            });
+
+        $this->utilsViewMock
+            ->expects($this->once())
+            ->method('addErrorToDisplay')
+            ->with('FORM_VALIDATION_FAILED');
+
+        $subject = oxNew(ForgotPasswordController::class);
+        $subject->forgotPassword();
+    }
+
+    public function testForgotPasswordWithEmptyCaptcha()
+    {
+        $this->requestMock
+            ->method('getRequestParameter')
+            ->with('captcha')
+            ->willReturn('');
+
+        $this->utilsViewMock
+            ->expects($this->once())
+            ->method('addErrorToDisplay')
+            ->with('ERROR_EMPTY_CAPTCHA');
+
+        $subject = oxNew(ForgotPasswordController::class);
+        $subject->forgotPassword();
+    }
+}

tests/Integration/Captcha/Shop/NewsletterControllerTest.php

@@ -101,4 +101,27 @@ public function testSendWithEmptyCaptcha()
         $subject = oxNew(NewsletterController::class);
         $subject->send();
     }
+
+    public function testSendWithInvalidHoneyPotCaptcha()
+    {
+        $this->requestMock
+            ->method('getRequestParameter')
+            ->willReturnCallback(function ($param) {
+                if ($param === 'captcha') {
+                    return 'valid_captcha';
+                }
+                if ($param === 'lastname_confirm') {
+                    return 'some-text';
+                }
+                return '';
+            });
+
+        $this->utilsViewMock
+            ->expects($this->once())
+            ->method('addErrorToDisplay')
+            ->with('FORM_VALIDATION_FAILED');
+
+        $subject = oxNew(NewsletterController::class);
+        $subject->send();
+    }
 }

tests/PhpStan/phpstan-bootstrap.php

@@ -26,3 +26,8 @@ class_alias(
     \OxidEsales\Eshop\Application\Controller\NewsletterController::class,
     \OxidEsales\SecurityModule\Captcha\Shop\NewsletterController_parent::class
 );
+
+class_alias(
+    \OxidEsales\Eshop\Application\Controller\ForgotPasswordController::class,
+    \OxidEsales\SecurityModule\Captcha\Shop\ForgotPasswordController_parent::class
+);