Skip to content

Commit

Permalink
f
Browse files Browse the repository at this point in the history
  • Loading branch information
@johanib
johanib committed Dec 11, 2024
1 parent e11170e commit ab56274
Show file tree
Hide file tree
Showing 3 changed files with 64 additions and 11 deletions.
9 changes: 0 additions & 9 deletions src/Features/mfaFatigueMitigation.feature
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,6 @@ Feature: When an user needs to authenticate
Then it should fail with "no-trusted-device"
Then the logs should say: no trusted cookie for address "0000000000111111111122222222223333333333"


Scenario: When a user tries to authenticates with a trusted cookie, a notification should be sent
Given I am on "/demo/sp"
And I fill in "NameID" with my identifier
Expand All @@ -52,11 +51,3 @@ Feature: When an user needs to authenticate
When push notification is sent with a trusted-device cookie with address "0000000000111111111122222222223333333333" and cookie userId "abc-1234"
Then the logs should mention a signature mismatch for address "0000000000111111111122222222223333333333"
And it should fail with "no-trusted-device"


# @TODO Add a test somewhere, maybe not here, that tests the cookie get overwritten properly (or appended) if a new scan occurs?
# Scenario: Handles multiple devices / userids
# Given the user with ID X scans qr code
# Then A cookie is set for the stored device id
# When the user with ID Y scans a qr code in the same browser
# Then A cookie is appended or new cookie is created for the new device id
2 changes: 0 additions & 2 deletions src/Service/TrustedCookie/TrustedCookieService.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,8 +54,6 @@ public function isTrustedDevice(
string $userId,
string $notificationAddress,
): bool {

// Perform validation on the cookie and its contents
if (!$this->isCookieValid($cookie, $userId, $notificationAddress)) {
return false;
}
Expand Down
64 changes: 64 additions & 0 deletions tests/Unit/Service/TrustedCookie/TrustedCookieServiceTest.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -218,4 +218,68 @@ public function test_does_not_read_tampered_cookie(): void
$readCookie = $this->service->read($request, $userId, $notificationAddress);
$this->assertNull($readCookie);
}

/**
* This test is to make sure multiple users and users with multiple devices can use the same browser without issues
*/
public function test_it_handles_all_valid_cookies_from_browser(): void
{
$this->buildService(
new Configuration(
'qki_',
3600,
'0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f',
CookieSameSite::SAMESITE_NONE->value,
)
);
$response = new Response('<html><body><h1>hi</h1></body></html>', 200);

$store = [
[
'userId' => 'userId#1',
'notificationAddress' => '1',
],
[
'userId' => 'userId#1',
'notificationAddress' => '2',
],
[
'userId' => 'userId#2',
'notificationAddress' => '1',
],
[
'userId' => 'userId#3',
'notificationAddress' => '1',
],
[
'userId' => 'userId#1',
'notificationAddress' => '3',
],
[
'userId' => 'userId#1',
'notificationAddress' => '1',
],
];

foreach ($store as $storedDevice) {
$this->service->registerTrustedAuthentication($response, $storedDevice['userId'], $storedDevice['notificationAddress']);
}

$cookieJar = $response->headers->getCookies();
self::assertCount(5, $cookieJar);

$request = new Request();
foreach ($cookieJar as $cookie) {
$request->cookies->set($cookie->getName(), $cookie->getValue());
}

shuffle($store);

foreach ($store as $storedDevice){
$readCookie = $this->service->read($request, $storedDevice['userId'], $storedDevice['notificationAddress']);
$this->assertTrue($this->service->isTrustedDevice($readCookie, $storedDevice['userId'], $storedDevice['notificationAddress']));
}
}


}

0 comments on commit ab56274

Please sign in to comment.