Skip to content

Commit

Permalink
Controller is not protected from anonymous users
Browse files Browse the repository at this point in the history
Closes #1
  • Loading branch information
adamlundrigan committed Jun 27, 2014
1 parent f52ea9d commit 5b04224
Show file tree
Hide file tree
Showing 2 changed files with 26 additions and 1 deletion.
4 changes: 4 additions & 0 deletions src/LdcUserProfile/Controller/ProfileController.php
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,10 @@ class ProfileController extends AbstractActionController

public function indexAction()
{
if (!$this->zfcUserAuthentication()->hasIdentity()) {
return $this->redirect()->toRoute('zfcuser/login', array(), array('query' => array('redirect' => 'ldc-user-profile')));
}

$form = $this->getService()->constructFormForUser($this->zfcUserAuthentication()->getIdentity());

$vm = new ViewModel(array(
Expand Down
23 changes: 22 additions & 1 deletion tests/LdcUserProfileTest/Controller/ProfileControllerTest.php
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,7 @@ public function setUp()
$this->mockModuleOptions = new \LdcUserProfile\Options\ModuleOptions();

$sl = new ServiceManager();
$sl->setAllowOverride(true);
$sl->setService('zfcuser_user_service', $this->mockUserService);
$sl->setService('ldc-user-profile_service', $this->mockProfileService);
$sl->setService('ldc-user-profile_module_options', $this->mockModuleOptions);
Expand All @@ -59,8 +60,9 @@ public function setUp()
$this->controller->setServiceLocator($sl);
$this->controller->setEvent($this->event);

$this->mockUserPlugin = \Mockery::mock('ZfcUser\Controller\Plugin\ZfcUserAuthentication[getIdentity]');
$this->mockUserPlugin = \Mockery::mock('ZfcUser\Controller\Plugin\ZfcUserAuthentication[getIdentity,hasIdentity]');
$this->mockUserPlugin->shouldReceive('getIdentity')->andReturn($this->mockUserEntity);
$this->mockUserPlugin->shouldReceive('hasIdentity')->andReturn(true);

$this->mockUrlPlugin = \Mockery::mock('Zend\Mvc\Controller\Plugin\Url[fromRoute]');
$this->mockUrlPlugin->shouldReceive('fromRoute')->andReturn('/');
Expand Down Expand Up @@ -188,4 +190,23 @@ public function testGetModuleOptionsPullsFromServiceLocatorWhenNotDefined()
$this->controller->setServiceLocator($serviceLocator);
$this->assertSame($this->mockOptions, $this->controller->getModuleOptions());
}

public function testControllerIsProtectedFromUnauthorizedUsers()
{
$this->mockUserPlugin = \Mockery::mock('ZfcUser\Controller\Plugin\ZfcUserAuthentication[getIdentity,hasIdentity]');
$this->mockUserPlugin->shouldReceive('getIdentity')->andReturn(null);
$this->mockUserPlugin->shouldReceive('hasIdentity')->andReturn(false);
$this->controller->getPluginManager()->setService('zfcUserAuthentication', $this->mockUserPlugin);

$this->event->setResponse($this->controller->getResponse());

$this->mockProfileService = \Mockery::mock('LdcUserProfile\Service\ProfileService');
$this->mockProfileService->shouldReceive('constructFormForUser')->never();
$this->controller->getServiceLocator()->setService('ldc-user-profile_service', $this->mockProfileService);

$result = $this->controller->indexAction();

$this->assertInstanceOf('Zend\Http\Response', $result);
$this->assertTrue($result->isRedirect());
}
}

0 comments on commit 5b04224

Please sign in to comment.