Skip to content

Commit b71014c

Browse files
Oleksii KorshenkoSergey Nosov
Oleksii Korshenko
authored and
Sergey Nosov
committed
MAGETWO-50608: [Github][Security] Able to brute force API token access
- fixed integration tests
1 parent 7ede287 commit b71014c

File tree

4 files changed

+29
-5
lines changed

4 files changed

+29
-5
lines changed

dev/tests/api-functional/testsuite/Magento/Integration/Model/AdminTokenServiceTest.php

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -58,7 +58,7 @@ public function setUp()
5858
}
5959

6060
/**
61-
* @magentoApiDataFixture Magento/User/_files/user_with_role.php
61+
* @magentoApiDataFixture Magento/Webapi/_files/webapi_user.php
6262
*/
6363
public function testCreateAdminAccessToken()
6464
{
@@ -139,7 +139,7 @@ public function validationDataProvider()
139139
}
140140

141141
/**
142-
* @magentoApiDataFixture Magento/User/_files/user_with_role.php
142+
* @magentoApiDataFixture Magento/Webapi/_files/webapi_user.php
143143
*/
144144
public function testThrottlingMaxAttempts()
145145
{

dev/tests/integration/testsuite/Magento/Integration/Model/CustomerTokenServiceTest.php

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -70,8 +70,8 @@ public function testCreateCustomerAccessTokenEmptyOrNullCredentials($username, $
7070
}
7171

7272
/**
73-
* @expectedException \Magento\Framework\Exception\InvalidEmailOrPasswordException
74-
* @expectedExceptionMessage Invalid login or password.
73+
* @expectedException \Magento\Framework\Exception\AuthenticationException
74+
* @expectedExceptionMessage You did not sign in correctly or your account is temporarily disabled.
7575
*/
7676
public function testCreateCustomerAccessTokenInvalidCustomer()
7777
{

dev/tests/integration/testsuite/Magento/Webapi/_files/webapi_user.php

Lines changed: 24 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,24 @@
1+
<?php
2+
/**
3+
* Copyright © 2016 Magento. All rights reserved.
4+
* See COPYING.txt for license details.
5+
*/
6+
7+
/**
8+
* Create an admin user with an assigned role
9+
*/
10+
11+
/** @var $model \Magento\User\Model\User */
12+
$model = \Magento\TestFramework\Helper\Bootstrap::getObjectManager()->create('Magento\User\Model\User');
13+
$model->setFirstname("Web")
14+
->setLastname("Api")
15+
->setUsername('webapi_user')
16+
->setPassword(\Magento\TestFramework\Bootstrap::ADMIN_PASSWORD)
17+
->setEmail('webapi_user@example.com')
18+
->setRoleType('G')
19+
->setResourceId('Magento_Backend::all')
20+
->setPrivileges("")
21+
->setAssertId(0)
22+
->setRoleId(1)
23+
->setPermission('allow');
24+
$model->save();

dev/tests/integration/testsuite/Magento/User/_files/user_with_role_rollback.php renamed to dev/tests/integration/testsuite/Magento/Webapi/_files/webapi_user_rollback.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@
88

99
/** @var $model \Magento\User\Model\User */
1010
$model = \Magento\TestFramework\Helper\Bootstrap::getObjectManager()->create('Magento\User\Model\User');
11-
$userName = 'adminUser';
11+
$userName = 'webapi_user';
1212
$model->load($userName, 'username');
1313
$model->delete();
1414

0 commit comments

Comments
 (0)