use OC\Security\CSRF\CsrfTokenManager;
use OCP\AppFramework\Controller;
+use OCP\AppFramework\Http;
use OCP\AppFramework\Http\JSONResponse;
use OCP\IRequest;
* @return JSONResponse
*/
public function index(): JSONResponse {
+ if (!$this->request->passesStrictCookieCheck()) {
+ return new JSONResponse([], Http::STATUS_FORBIDDEN);
+ }
+
$requestToken = $this->tokenManager->getToken();
return new JSONResponse([
$this->tokenManager);
}
- public function testGetToken() {
+ public function testGetToken(): void {
+ $this->request->method('passesStrictCookieCheck')->willReturn(true);
+
$token = $this->createMock(CsrfToken::class);
$this->tokenManager->method('getToken')->willReturn($token);
$token->method('getEncryptedValue')->willReturn('toktok123');
], $response->getData());
}
+ public function testGetTokenNoStrictSameSiteCookie(): void {
+ $this->request->method('passesStrictCookieCheck')->willReturn(false);
+
+ $response = $this->controller->index();
+
+ $this->assertInstanceOf(JSONResponse::class, $response);
+ $this->assertSame(Http::STATUS_FORBIDDEN, $response->getStatus());
+ }
+
}
projects / nextcloud-server.git / commitdiff