Browse Source
Fix updating and deleting authtokens (#17397)
Fix updating and deleting authtokenstags/v18.0.0beta1
John Molakvoæ
4 years ago
2 changed files with 51 additions and 2 deletions
+ 6
- 2
apps/settings/lib/Controller/AuthSettingsController.php
View File
| use BadMethodCallException; | use BadMethodCallException; | ||||
| use OC\Authentication\Exceptions\InvalidTokenException; | use OC\Authentication\Exceptions\InvalidTokenException; | ||||
| use OC\Authentication\Exceptions\ExpiredTokenException; | |||||
| use OC\Authentication\Exceptions\PasswordlessTokenException; | use OC\Authentication\Exceptions\PasswordlessTokenException; | ||||
| use OC\Authentication\Exceptions\WipeTokenException; | use OC\Authentication\Exceptions\WipeTokenException; | ||||
| use OC\Authentication\Token\INamedToken; | use OC\Authentication\Token\INamedToken; | ||||
| * @param int $id | * @param int $id | ||||
| * @return IToken | * @return IToken | ||||
| * @throws InvalidTokenException | * @throws InvalidTokenException | ||||
| * @throws \OC\Authentication\Exceptions\ExpiredTokenException | |||||
| */ | */ | ||||
| private function findTokenByIdAndUser(int $id): IToken { | private function findTokenByIdAndUser(int $id): IToken { | ||||
| $token = $this->tokenProvider->getTokenById($id); | |||||
| try { | |||||
| $token = $this->tokenProvider->getTokenById($id); | |||||
| } catch (ExpiredTokenException $e) { | |||||
| $token = $e->getToken(); | |||||
| } | |||||
| if ($token->getUID() !== $this->uid) { | if ($token->getUID() !== $this->uid) { | ||||
| throw new InvalidTokenException('This token does not belong to you!'); | throw new InvalidTokenException('This token does not belong to you!'); | ||||
| } | } |
+ 45
- 0
apps/settings/tests/Controller/AuthSettingsControllerTest.php
View File
| use OC\AppFramework\Http; | use OC\AppFramework\Http; | ||||
| use OC\Authentication\Exceptions\InvalidTokenException; | use OC\Authentication\Exceptions\InvalidTokenException; | ||||
| use OC\Authentication\Exceptions\ExpiredTokenException; | |||||
| use OC\Authentication\Token\DefaultToken; | use OC\Authentication\Token\DefaultToken; | ||||
| use OC\Authentication\Token\IProvider; | use OC\Authentication\Token\IProvider; | ||||
| use OC\Authentication\Token\IToken; | use OC\Authentication\Token\IToken; | ||||
| $this->assertEquals([], $this->controller->destroy($tokenId)); | $this->assertEquals([], $this->controller->destroy($tokenId)); | ||||
| } | } | ||||
| public function testDestroyExpired() { | |||||
| $tokenId = 124; | |||||
| $token = $this->createMock(DefaultToken::class); | |||||
| $token->expects($this->exactly(2)) | |||||
| ->method('getId') | |||||
| ->willReturn($tokenId); | |||||
| $token->expects($this->once()) | |||||
| ->method('getUID') | |||||
| ->willReturn($this->uid); | |||||
| $this->tokenProvider->expects($this->once()) | |||||
| ->method('getTokenById') | |||||
| ->with($this->equalTo($tokenId)) | |||||
| ->willThrowException(new ExpiredTokenException($token)); | |||||
| $this->tokenProvider->expects($this->once()) | |||||
| ->method('invalidateTokenById') | |||||
| ->with($this->uid, $tokenId); | |||||
| $this->assertSame([], $this->controller->destroy($tokenId)); | |||||
| } | |||||
| public function testDestroyWrongUser() { | public function testDestroyWrongUser() { | ||||
| $tokenId = 124; | $tokenId = 124; | ||||
| $token = $this->createMock(DefaultToken::class); | $token = $this->createMock(DefaultToken::class); | ||||
| $this->assertSame([], $this->controller->update($tokenId, ['filesystem' => true], 'App password')); | $this->assertSame([], $this->controller->update($tokenId, ['filesystem' => true], 'App password')); | ||||
| } | } | ||||
| public function testUpdateExpired() { | |||||
| $tokenId = 42; | |||||
| $token = $this->createMock(DefaultToken::class); | |||||
| $token->expects($this->once()) | |||||
| ->method('getUID') | |||||
| ->willReturn($this->uid); | |||||
| $this->tokenProvider->expects($this->once()) | |||||
| ->method('getTokenById') | |||||
| ->with($this->equalTo($tokenId)) | |||||
| ->willThrowException(new ExpiredTokenException($token)); | |||||
| $this->tokenProvider->expects($this->once()) | |||||
| ->method('updateToken') | |||||
| ->with($this->equalTo($token)); | |||||
| $this->assertSame([], $this->controller->update($tokenId, ['filesystem' => true], 'App password')); | |||||
| } | |||||
| public function testUpdateTokenWrongUser() { | public function testUpdateTokenWrongUser() { | ||||
| $tokenId = 42; | $tokenId = 42; | ||||
| $token = $this->createMock(DefaultToken::class); | $token = $this->createMock(DefaultToken::class); |
Loading…