diff --git a/tests/class-two-factor-core.php b/tests/class-two-factor-core.php index 4fd11d96..5c02c689 100644 --- a/tests/class-two-factor-core.php +++ b/tests/class-two-factor-core.php @@ -388,6 +388,53 @@ public function test_is_api_request() { * * @covers Two_Factor_Core::filter_authenticate */ + public function test_filter_authenticate() { + $user_default = new WP_User( self::factory()->user->create() ); + $user_2fa_enabled = $this->get_dummy_user(); // User with a dummy two-factor method enabled. + + $this->assertFalse( Two_Factor_Core::is_api_request(), 'Is not an API request by default' ); + + $this->assertInstanceOf( + 'WP_User', + Two_Factor_Core::filter_authenticate( $user_default, '', '' ), + 'Existing non-2FA user session should not trigger 2FA' + ); + + $this->assertInstanceOf( + 'WP_User', + Two_Factor_Core::filter_authenticate( $user_default, 'username', '' ), + 'Existing non-2FA user login attempts should not trigger 2FA' + ); + + $this->assertInstanceOf( + 'WP_User', + Two_Factor_Core::filter_authenticate( $user_2fa_enabled, '', '' ), + 'Existing 2FA user sessions should not trigger 2FA' + ); + + $this->assertFalse( + has_action( 'wp_login', array( 'Two_Factor_Core', 'wp_login' ) ), + 'Requests with existing user sessions should not trigger the two-factor flow' + ); + + $this->assertInstanceOf( + 'WP_User', + Two_Factor_Core::filter_authenticate( $user_2fa_enabled, 'user-name', 'password' ), + 'Existing 2FA user session with username present should forward the user' + ); + + $this->assertNotFalse( + has_action( 'wp_login', array( 'Two_Factor_Core', 'wp_login' ) ), + 'Existing 2FA user session with username present should trigger two-factor flow' + ); + } + + /** + * Verify authentication filters. + * + * @covers Two_Factor_Core::filter_authenticate + * @covers Two_Factor_Core::is_api_request + */ public function test_filter_authenticate_api() { $user_default = new WP_User( self::factory()->user->create() ); $user_2fa_enabled = $this->get_dummy_user(); // User with a dummy two-factor method enabled.