Add integration tests for validator constraints

Author: scheb

app/composer.json

@@ -12,13 +12,15 @@
         "lcobucci/jwt": "^5.0",
         "spomky-labs/otphp": "^11.0",
         "symfony/dotenv": "^6.4 || ^7.0",
+        "symfony/form": "^6.4 || ^7.0",
         "symfony/mailer": "^6.4 || ^7.0",
         "symfony/monolog-bundle": "^3.1",
         "symfony/rate-limiter": "^6.4 || ^7.0",
         "symfony/runtime": "^6.4 || ^7.0",
         "symfony/security-bundle": "^6.4 || ^7.0",
         "symfony/translation": "^6.4 || ^7.0",
         "symfony/twig-bundle": "^6.4 || ^7.0",
+        "symfony/validator": "^6.4 || ^7.0",
         "symfony/web-profiler-bundle": "^6.4 || ^7.0",
         "symfony/yaml": "^6.4 || ^7.0"
     },

app/config/reference.php

@@ -146,7 +146,7 @@
  *         cookie_name?: scalar|null, // The name of the cookie to use when using stateless protection. // Default: "csrf-token"
  *     },
  *     form?: bool|array{ // Form configuration
- *         enabled?: bool, // Default: false
+ *         enabled?: bool, // Default: true
  *         csrf_protection?: array{
  *             enabled?: scalar|null, // Default: null
  *             token_id?: scalar|null, // Default: null
@@ -328,7 +328,7 @@
  *         }>,
  *     },
  *     validation?: bool|array{ // Validation configuration
- *         enabled?: bool, // Default: false
+ *         enabled?: bool, // Default: true
  *         cache?: scalar|null, // Deprecated: Setting the "framework.validation.cache.cache" configuration option is deprecated. It will be removed in version 8.0.
  *         enable_attributes?: bool, // Default: true
  *         static_method?: list<scalar|null>,
@@ -474,7 +474,7 @@
  *         max_host_connections?: int, // The maximum number of connections to a single host.
  *         default_options?: array{
  *             headers?: array<string, mixed>,
- *             vars?: list<mixed>,
+ *             vars?: array<string, mixed>,
  *             max_redirects?: int, // The maximum number of redirects to follow.
  *             http_version?: scalar|null, // The default HTTP version, typically 1.1 or 2.0, leave to null for the best version.
  *             resolve?: array<string, scalar|null>,
@@ -497,7 +497,7 @@
  *                 md5?: mixed,
  *             },
  *             crypto_method?: scalar|null, // The minimum version of TLS to accept; must be one of STREAM_CRYPTO_METHOD_TLSv*_CLIENT constants.
- *             extra?: list<mixed>,
+ *             extra?: array<string, mixed>,
  *             rate_limiter?: scalar|null, // Rate limiter name to use for throttling requests. // Default: null
  *             caching?: bool|array{ // Caching configuration.
  *                 enabled?: bool, // Default: false
@@ -550,7 +550,7 @@
  *                 md5?: mixed,
  *             },
  *             crypto_method?: scalar|null, // The minimum version of TLS to accept; must be one of STREAM_CRYPTO_METHOD_TLSv*_CLIENT constants.
- *             extra?: list<mixed>,
+ *             extra?: array<string, mixed>,
  *             rate_limiter?: scalar|null, // Rate limiter name to use for throttling requests. // Default: null
  *             caching?: bool|array{ // Caching configuration.
  *                 enabled?: bool, // Default: false
@@ -1125,9 +1125,11 @@
  *     handlers?: array<string, array{ // Default: []
  *         type: scalar|null,
  *         id?: scalar|null,
+ *         enabled?: bool, // Default: true
  *         priority?: scalar|null, // Default: 0
  *         level?: scalar|null, // Default: "DEBUG"
  *         bubble?: bool, // Default: true
+ *         interactive_only?: bool, // Default: false
  *         app_name?: scalar|null, // Default: null
  *         fill_extra_context?: bool, // Default: false
  *         include_stacktraces?: bool, // Default: false
@@ -1173,6 +1175,7 @@
  *         include_extra?: scalar|null, // Default: false
  *         icon_emoji?: scalar|null, // Default: null
  *         webhook_url?: scalar|null,
+ *         exclude_fields?: list<scalar|null>,
  *         team?: scalar|null,
  *         notify?: scalar|null, // Default: false
  *         nickname?: scalar|null, // Default: "Monolog"
@@ -1205,6 +1208,7 @@
  *         disable_notification?: bool|null, // Default: null
  *         split_long_messages?: bool, // Default: false
  *         delay_between_messages?: bool, // Default: false
+ *         topic?: int, // Default: null
  *         factor?: int, // Default: 1
  *         tags?: list<scalar|null>,
  *         console_formater_options?: mixed, // Deprecated: "monolog.handlers..console_formater_options.console_formater_options" is deprecated, use "monolog.handlers..console_formater_options.console_formatter_options" instead.
@@ -1216,6 +1220,7 @@
  *             hostname?: scalar|null,
  *             port?: scalar|null, // Default: 12201
  *             chunk_size?: scalar|null, // Default: 1420
+ *             encoder?: "json"|"compressed_json",
  *         },
  *         mongo?: string|array{
  *             id?: scalar|null,
@@ -1226,8 +1231,17 @@
  *             database?: scalar|null, // Default: "monolog"
  *             collection?: scalar|null, // Default: "logs"
  *         },
+ *         mongodb?: string|array{
+ *             id?: scalar|null, // ID of a MongoDB\Client service
+ *             uri?: scalar|null,
+ *             username?: scalar|null,
+ *             password?: scalar|null,
+ *             database?: scalar|null, // Default: "monolog"
+ *             collection?: scalar|null, // Default: "logs"
+ *         },
  *         elasticsearch?: string|array{
  *             id?: scalar|null,
+ *             hosts?: list<scalar|null>,
  *             host?: scalar|null,
  *             port?: scalar|null, // Default: 9200
  *             transport?: scalar|null, // Default: "Http"

app/src/Controller/MembersController.php

@@ -4,9 +4,11 @@
 
 namespace App\Controller;
 
+use App\Form\TwoFactorFormData;
 use Scheb\TwoFactorBundle\Model\Google\TwoFactorInterface as GoogleAuthenticatorTwoFactorInterface;
 use Scheb\TwoFactorBundle\Model\Totp\TwoFactorInterface as TotpTwoFactorInterface;
 use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
+use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\Routing\Attribute\Route;
 use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
@@ -23,4 +25,25 @@ public function membersArea(TokenStorageInterface $tokenStorage): Response
             'displayQrCodeTotp' => $user instanceof TotpTwoFactorInterface && $user->isTotpAuthenticationEnabled(),
         ]);
     }
+
+    #[Route('/members/validators', name: 'validators_form')]
+    public function validators(Request $request): Response
+    {
+        $formData = new TwoFactorFormData();
+        $form = $this->createFormBuilder($formData)
+            ->add('googleTotpCode')
+            ->add('totpCode')
+            ->getForm();
+
+        $isValid = null;
+        $form->handleRequest($request);
+        if ($form->isSubmitted()) {
+            $isValid = $form->isValid();
+        }
+
+        return $this->render('members/validators.html.twig', [
+            'form' => $form,
+            'isValid' => $isValid,
+        ]);
+    }
 }

app/src/Form/TwoFactorFormData.php

@@ -0,0 +1,17 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Form;
+
+use Scheb\TwoFactorBundle\Security\TwoFactor\Validator\Constraints\UserGoogleTotpCode;
+use Scheb\TwoFactorBundle\Security\TwoFactor\Validator\Constraints\UserTotpCode;
+
+class TwoFactorFormData
+{
+    #[UserGoogleTotpCode]
+    public string $googleTotpCode;
+
+    #[UserTotpCode]
+    public string $totpCode;
+}

app/templates/members/validators.html.twig

@@ -0,0 +1,12 @@
+{% extends "base.html.twig" %}
+
+{% block body %}
+    <h2>Form Validators</h2>
+    {% if isValid %}
+        <p class="notice">All codes valid!</p>
+    {% endif %}
+    {{ form_start(form) }}
+        {{ form_widget(form) }}
+        <p><button type="submit" name="submit-button">Check Codes</button></p>
+    {{ form_end(form) }}
+{% endblock %}

app/tests/TestCase.php

@@ -31,7 +31,7 @@ abstract class TestCase extends WebTestCase
     private const TRUSTED_DEVICE_COOKIE_NAME = 'trusted_device';
     private const REMEMBER_ME_COOKIE_NAME = 'REMEMBERME';
 
-    private KernelBrowser $client;
+    protected KernelBrowser $client;
 
     // //////////////////// CONFIGURATION
 
@@ -224,6 +224,11 @@ protected function navigateTo2faForm(): Crawler
         return $this->client->request('GET', '/2fa');
     }
 
+    protected function navigateToValidatorsForm(): Crawler
+    {
+        return $this->client->request('GET', '/members/validators');
+    }
+
     // //////////////////// ASSERTS
 
     protected function assertLoggerHasInfo(string $message): void
@@ -337,7 +342,7 @@ protected function assertHasTrustedDeviceCookieSet(): void
         $this->assertNotNull($this->client->getCookieJar()->get(self::TRUSTED_DEVICE_COOKIE_NAME), 'Trusted device cookie must be set');
     }
 
-    private function assertResponseStatusCode(int $code): void
+    protected function assertResponseStatusCode(int $code): void
     {
         $this->assertEquals(
             $code,

app/tests/ValidatorConstraintsTest.php

@@ -0,0 +1,62 @@
+<?php
+
+declare(strict_types=1);
+
+use App\Tests\TestCase;
+use Symfony\Component\DomCrawler\Crawler;
+
+class ValidatorConstraintsTest extends TestCase
+{
+    public function testValidatorConstraintsWithWrongCodes(): void
+    {
+        // Login
+        $this->setAll2faProvidersEnabled(false);
+        $this->performLogin();
+
+        $submittedPage = $this->submitValidatorForm('wrongCode', 'wrongCode');
+
+        $this->assertValidatedWrongCodes($submittedPage);
+    }
+
+    public function testValidatorConstraintsWithCorrectCodes(): void
+    {
+        // Login
+        $this->setAll2faProvidersEnabled(false);
+        $this->performLogin();
+
+        $submittedPage = $this->submitValidatorForm($this->getGoogleAuthenticatorCode(), $this->getTotpCode());
+
+        $this->assertValidatedCorrectCodes($submittedPage);
+    }
+
+    private function submitValidatorForm(string $googleTotpCode, string $totpCode): Crawler
+    {
+        $formPage = $this->navigateToValidatorsForm();
+
+        $form = $formPage->selectButton('submit-button')->form();
+        $form['form[googleTotpCode]'] = $googleTotpCode;
+        $form['form[totpCode]'] = $totpCode;
+
+        return $this->client->submit($form);
+    }
+
+    private function assertValidatedWrongCodes(Crawler $submitPage): void
+    {
+        $this->assertResponseStatusCode(422);  // Unprocessable Entity
+        $this->assertStringContainsString(
+            'The verification code is not valid',
+            $submitPage->html(),
+            'The page must show an error message'
+        );
+    }
+
+    private function assertValidatedCorrectCodes(Crawler $submitPage): void
+    {
+        $this->assertResponseStatusCode(200);  // Unprocessable Entity
+        $this->assertStringContainsString(
+            'All codes valid!',
+            $submitPage->html(),
+            'The page must show the success message'
+        );
+    }
+}