jetpack/projects/packages/connection/tests/php/sso/SSO_Broker_Test.php at af4ad3fb6f3081a2c5c077d7c8e0247a4523a178 · Automattic/jetpack · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
<?php
/**
 * Tests for SSO broker URL functionality.
 *
 * @package automattic/jetpack-connection
 */

namespace Automattic\Jetpack\Connection;

use Automattic\Jetpack\Connection\SSO\Helpers;
use Automattic\Jetpack\Constants;
use WorDBless\BaseTestCase;

/**
 * Tests for SSO broker URL support (CIAB stores).
 */
class SSO_Broker_Test extends BaseTestCase {

	/**
	 * Clean up after each test.
	 */
	public function tear_down() {
		delete_transient( SSO::BROKER_URL_TRANSIENT );
		Constants::clear_constants();
		parent::tear_down();
	}

	/**
	 * Test get_broker_url returns false when no transient is set.
	 */
	public function test_get_broker_url_returns_false_when_no_transient() {
		$this->assertFalse( SSO::get_broker_url() );
	}

	/**
	 * Test get_broker_url returns the URL when a valid HTTPS transient is set.
	 */
	public function test_get_broker_url_returns_url_when_valid_https_transient() {
		set_transient( SSO::BROKER_URL_TRANSIENT, 'https://my.woo.ai/sso', 600 );
		$this->assertSame( 'https://my.woo.ai/sso', SSO::get_broker_url() );
	}

	/**
	 * Test get_broker_url rejects and deletes a non-HTTPS transient.
	 */
	public function test_get_broker_url_rejects_http_url() {
		set_transient( SSO::BROKER_URL_TRANSIENT, 'http://my.woo.ai/sso', 600 );
		$this->assertFalse( SSO::get_broker_url() );
		$this->assertFalse( get_transient( SSO::BROKER_URL_TRANSIENT ) );
	}

	/**
	 * Test get_broker_url rejects and deletes a malformed URL.
	 */
	public function test_get_broker_url_rejects_malformed_url() {
		set_transient( SSO::BROKER_URL_TRANSIENT, 'not-a-url', 600 );
		$this->assertFalse( SSO::get_broker_url() );
		$this->assertFalse( get_transient( SSO::BROKER_URL_TRANSIENT ) );
	}

	/**
	 * Test get_sso_base_url returns wordpress.com when no broker is set.
	 */
	public function test_get_sso_base_url_defaults_to_wpcom() {
		$this->assertSame( 'https://wordpress.com/wp-login.php', SSO::get_sso_base_url() );
	}

	/**
	 * Test get_sso_base_url returns broker URL when set.
	 */
	public function test_get_sso_base_url_returns_broker_when_set() {
		set_transient( SSO::BROKER_URL_TRANSIENT, 'https://my.woo.ai/sso', 600 );
		$this->assertSame( 'https://my.woo.ai/sso', SSO::get_sso_base_url() );
	}

	/**
	 * Test get_sso_base_url falls back to wordpress.com when broker URL is invalid.
	 */
	public function test_get_sso_base_url_falls_back_for_invalid_broker() {
		set_transient( SSO::BROKER_URL_TRANSIENT, 'http://insecure.example.com', 600 );
		$this->assertSame( 'https://wordpress.com/wp-login.php', SSO::get_sso_base_url() );
	}

	/**
	 * Test allowed_redirect_hosts includes broker host when broker URL is set.
	 */
	public function test_allowed_redirect_hosts_includes_broker_host() {
		set_transient( SSO::BROKER_URL_TRANSIENT, 'https://my.woo.ai/sso', 600 );
		Constants::set_constant( 'JETPACK__API_BASE', 'https://jetpack.wordpress.com/jetpack.' );

		$hosts = Helpers::allowed_redirect_hosts( array() );
		$this->assertContains( 'my.woo.ai', $hosts );
	}

	/**
	 * Test allowed_redirect_hosts does not add broker host when no broker is set.
	 */
	public function test_allowed_redirect_hosts_excludes_broker_when_not_set() {
		Constants::set_constant( 'JETPACK__API_BASE', 'https://jetpack.wordpress.com/jetpack.' );

		$hosts = Helpers::allowed_redirect_hosts( array() );
		$this->assertNotContains( 'my.woo.ai', $hosts );
	}

	/**
	 * Test allowed_redirect_hosts does not add broker host when URL is not HTTPS.
	 */
	public function test_allowed_redirect_hosts_excludes_insecure_broker() {
		set_transient( SSO::BROKER_URL_TRANSIENT, 'http://insecure.example.com', 600 );
		Constants::set_constant( 'JETPACK__API_BASE', 'https://jetpack.wordpress.com/jetpack.' );

		$hosts = Helpers::allowed_redirect_hosts( array() );
		$this->assertNotContains( 'insecure.example.com', $hosts );
	}

	/**
	 * Test allowed_redirect_hosts still includes default hosts when broker is set.
	 */
	public function test_allowed_redirect_hosts_preserves_defaults_with_broker() {
		set_transient( SSO::BROKER_URL_TRANSIENT, 'https://my.woo.ai/sso', 600 );
		Constants::set_constant( 'JETPACK__API_BASE', 'https://jetpack.wordpress.com/jetpack.' );

		$hosts = Helpers::allowed_redirect_hosts( array( 'test.com' ) );
		$this->assertContains( 'test.com', $hosts );
		$this->assertContains( 'wordpress.com', $hosts );
		$this->assertContains( 'jetpack.wordpress.com', $hosts );
		$this->assertContains( 'my.woo.ai', $hosts );
	}

	/**
	 * Test disconnect clears the broker URL transient.
	 */
	public function test_disconnect_clears_broker_transient() {
		set_transient( SSO::BROKER_URL_TRANSIENT, 'https://my.woo.ai/sso', 600 );
		$this->assertNotFalse( get_transient( SSO::BROKER_URL_TRANSIENT ) );

		SSO::disconnect();
		$this->assertFalse( get_transient( SSO::BROKER_URL_TRANSIENT ) );
	}

	/**
	 * Test the BROKER_URL_TRANSIENT constant value is stable.
	 */
	public function test_broker_url_transient_constant_value() {
		$this->assertSame( 'jetpack_sso_broker_url', SSO::BROKER_URL_TRANSIENT );
	}
}