$this->api->activateNavigationEntry();
// security checks
- if(!$annotationReader->hasAnnotation('IsLoggedInExemption')) {
+ $isPublicPage = $annotationReader->hasAnnotation('PublicPage');
+ if(!$isPublicPage) {
if(!$this->api->isLoggedIn()) {
throw new SecurityException('Current user is not logged in', Http::STATUS_UNAUTHORIZED);
}
- }
-
- if(!$annotationReader->hasAnnotation('IsAdminExemption')) {
- if(!$this->api->isAdminUser($this->api->getUserId())) {
- throw new SecurityException('Logged in user must be an admin', Http::STATUS_FORBIDDEN);
- }
- }
- if(!$annotationReader->hasAnnotation('IsSubAdminExemption')) {
- if(!$this->api->isSubAdminUser($this->api->getUserId())) {
- throw new SecurityException('Logged in user must be a subadmin', Http::STATUS_FORBIDDEN);
+ if(!$annotationReader->hasAnnotation('NoAdminRequired')) {
+ if(!$this->api->isAdminUser($this->api->getUserId())) {
+ throw new SecurityException('Logged in user must be an admin', Http::STATUS_FORBIDDEN);
+ }
}
}
- if(!$annotationReader->hasAnnotation('CSRFExemption')) {
+ if(!$annotationReader->hasAnnotation('NoCSRFRequired')) {
if(!$this->api->passesCSRFCheck()) {
throw new SecurityException('CSRF check failed', Http::STATUS_PRECONDITION_FAILED);
}
/**
- * @IsLoggedInExemption
- * @CSRFExemption
- * @IsAdminExemption
- * @IsSubAdminExemption
+ * @PublicPage
+ * @NoCSRFRequired
*/
public function testSetNavigationEntry(){
$this->checkNavEntry('testSetNavigationEntry', true);
}
- private function ajaxExceptionCheck($method, $shouldBeAjax=false){
- $api = $this->getAPI();
- $api->expects($this->any())
- ->method('passesCSRFCheck')
- ->will($this->returnValue(false));
-
- $sec = new SecurityMiddleware($api, $this->request);
-
- try {
- $sec->beforeController('\OC\AppFramework\Middleware\Security\SecurityMiddlewareTest',
- $method);
- } catch (SecurityException $ex){
- if($shouldBeAjax){
- $this->assertTrue($ex->isAjax());
- } else {
- $this->assertFalse($ex->isAjax());
- }
-
- }
- }
-
-
- /**
- * @Ajax
- * @IsLoggedInExemption
- * @CSRFExemption
- * @IsAdminExemption
- * @IsSubAdminExemption
- */
- public function testAjaxException(){
- $this->ajaxExceptionCheck('testAjaxException');
- }
-
-
- /**
- * @IsLoggedInExemption
- * @CSRFExemption
- * @IsAdminExemption
- * @IsSubAdminExemption
- */
- public function testNoAjaxException(){
- $this->ajaxExceptionCheck('testNoAjaxException');
- }
-
-
private function ajaxExceptionStatus($method, $test, $status) {
$api = $this->getAPI();
$api->expects($this->any())
->method($test)
->will($this->returnValue(false));
+ // isAdminUser requires isLoggedIn call to return true
+ if ($test === 'isAdminUser') {
+ $api->expects($this->any())
+ ->method('isLoggedIn')
+ ->will($this->returnValue(true));
+ }
+
$sec = new SecurityMiddleware($api, $this->request);
try {
}
}
- /**
- * @Ajax
- */
public function testAjaxStatusLoggedInCheck() {
$this->ajaxExceptionStatus(
'testAjaxStatusLoggedInCheck',
}
/**
- * @Ajax
- * @IsLoggedInExemption
+ * @NoCSRFRequired
+ * @NoAdminRequired
*/
public function testAjaxNotAdminCheck() {
$this->ajaxExceptionStatus(
}
/**
- * @Ajax
- * @IsLoggedInExemption
- * @IsAdminExemption
- */
- public function testAjaxNotSubAdminCheck() {
- $this->ajaxExceptionStatus(
- 'testAjaxNotSubAdminCheck',
- 'isSubAdminUser',
- Http::STATUS_FORBIDDEN
- );
- }
-
- /**
- * @Ajax
- * @IsLoggedInExemption
- * @IsAdminExemption
- * @IsSubAdminExemption
+ * @PublicPage
*/
public function testAjaxStatusCSRFCheck() {
$this->ajaxExceptionStatus(
}
/**
- * @Ajax
- * @CSRFExemption
- * @IsLoggedInExemption
- * @IsAdminExemption
- * @IsSubAdminExemption
+ * @PublicPage
+ * @NoCSRFRequired
*/
public function testAjaxStatusAllGood() {
$this->ajaxExceptionStatus(
);
}
+
/**
- * @IsLoggedInExemption
- * @CSRFExemption
- * @IsAdminExemption
- * @IsSubAdminExemption
+ * @PublicPage
+ * @NoCSRFRequired
*/
public function testNoChecks(){
$api = $this->getAPI();
$api->expects($this->never())
->method('isAdminUser')
->will($this->returnValue(true));
- $api->expects($this->never())
- ->method('isSubAdminUser')
- ->will($this->returnValue(true));
$api->expects($this->never())
->method('isLoggedIn')
->will($this->returnValue(true));
->method($expects)
->will($this->returnValue(!$shouldFail));
+ // admin check requires login
+ if ($expects === 'isAdminUser') {
+ $api->expects($this->once())
+ ->method('isLoggedIn')
+ ->will($this->returnValue(true));
+ }
+
$sec = new SecurityMiddleware($api, $this->request);
if($shouldFail){
$this->setExpectedException('\OC\AppFramework\Middleware\Security\SecurityException');
+ } else {
+ $this->setExpectedException(null);
}
$sec->beforeController('\OC\AppFramework\Middleware\Security\SecurityMiddlewareTest', $method);
/**
- * @IsLoggedInExemption
- * @IsAdminExemption
- * @IsSubAdminExemption
+ * @PublicPage
*/
public function testCsrfCheck(){
$this->securityCheck('testCsrfCheck', 'passesCSRFCheck');
/**
- * @IsLoggedInExemption
- * @IsAdminExemption
- * @IsSubAdminExemption
+ * @PublicPage
*/
public function testFailCsrfCheck(){
$this->securityCheck('testFailCsrfCheck', 'passesCSRFCheck', true);
/**
- * @CSRFExemption
- * @IsAdminExemption
- * @IsSubAdminExemption
+ * @NoCSRFRequired
+ * @NoAdminRequired
*/
public function testLoggedInCheck(){
$this->securityCheck('testLoggedInCheck', 'isLoggedIn');
/**
- * @CSRFExemption
- * @IsAdminExemption
- * @IsSubAdminExemption
+ * @NoCSRFRequired
+ * @NoAdminRequired
*/
public function testFailLoggedInCheck(){
$this->securityCheck('testFailLoggedInCheck', 'isLoggedIn', true);
/**
- * @IsLoggedInExemption
- * @CSRFExemption
- * @IsSubAdminExemption
+ * @NoCSRFRequired
*/
public function testIsAdminCheck(){
$this->securityCheck('testIsAdminCheck', 'isAdminUser');
/**
- * @IsLoggedInExemption
- * @CSRFExemption
- * @IsSubAdminExemption
+ * @NoCSRFRequired
*/
public function testFailIsAdminCheck(){
$this->securityCheck('testFailIsAdminCheck', 'isAdminUser', true);
}
- /**
- * @IsLoggedInExemption
- * @CSRFExemption
- * @IsAdminExemption
- */
- public function testIsSubAdminCheck(){
- $this->securityCheck('testIsSubAdminCheck', 'isSubAdminUser');
- }
-
-
- /**
- * @IsLoggedInExemption
- * @CSRFExemption
- * @IsAdminExemption
- */
- public function testFailIsSubAdminCheck(){
- $this->securityCheck('testFailIsSubAdminCheck', 'isSubAdminUser', true);
- }
-
-
-
public function testAfterExceptionNotCaughtThrowsItAgain(){
$ex = new \Exception();
$this->setExpectedException('\Exception');
projects / nextcloud-server.git / commitdiff