|
|
@@ -10,6 +10,7 @@ |
|
|
|
|
|
|
|
namespace OC\AppFramework\Http; |
|
|
|
|
|
|
|
use OC\Security\Crypto; |
|
|
|
use OCP\Security\ISecureRandom; |
|
|
|
use OCP\IConfig; |
|
|
|
|
|
|
@@ -53,6 +54,7 @@ class RequestTest extends \Test\TestCase { |
|
|
|
$request = new Request( |
|
|
|
$vars, |
|
|
|
$this->secureRandom, |
|
|
|
$this->getMock('\OCP\Security\ICrypto'), |
|
|
|
$this->config, |
|
|
|
$this->stream |
|
|
|
); |
|
|
@@ -85,6 +87,7 @@ class RequestTest extends \Test\TestCase { |
|
|
|
$request = new Request( |
|
|
|
$vars, |
|
|
|
$this->secureRandom, |
|
|
|
$this->getMock('\OCP\Security\ICrypto'), |
|
|
|
$this->config, |
|
|
|
$this->stream |
|
|
|
); |
|
|
@@ -96,8 +99,8 @@ class RequestTest extends \Test\TestCase { |
|
|
|
|
|
|
|
|
|
|
|
/** |
|
|
|
* @expectedException \RuntimeException |
|
|
|
*/ |
|
|
|
* @expectedException \RuntimeException |
|
|
|
*/ |
|
|
|
public function testImmutableArrayAccess() { |
|
|
|
$vars = array( |
|
|
|
'get' => array('name' => 'John Q. Public', 'nickname' => 'Joey'), |
|
|
@@ -107,6 +110,7 @@ class RequestTest extends \Test\TestCase { |
|
|
|
$request = new Request( |
|
|
|
$vars, |
|
|
|
$this->secureRandom, |
|
|
|
$this->getMock('\OCP\Security\ICrypto'), |
|
|
|
$this->config, |
|
|
|
$this->stream |
|
|
|
); |
|
|
@@ -115,8 +119,8 @@ class RequestTest extends \Test\TestCase { |
|
|
|
} |
|
|
|
|
|
|
|
/** |
|
|
|
* @expectedException \RuntimeException |
|
|
|
*/ |
|
|
|
* @expectedException \RuntimeException |
|
|
|
*/ |
|
|
|
public function testImmutableMagicAccess() { |
|
|
|
$vars = array( |
|
|
|
'get' => array('name' => 'John Q. Public', 'nickname' => 'Joey'), |
|
|
@@ -126,6 +130,7 @@ class RequestTest extends \Test\TestCase { |
|
|
|
$request = new Request( |
|
|
|
$vars, |
|
|
|
$this->secureRandom, |
|
|
|
$this->getMock('\OCP\Security\ICrypto'), |
|
|
|
$this->config, |
|
|
|
$this->stream |
|
|
|
); |
|
|
@@ -134,8 +139,8 @@ class RequestTest extends \Test\TestCase { |
|
|
|
} |
|
|
|
|
|
|
|
/** |
|
|
|
* @expectedException \LogicException |
|
|
|
*/ |
|
|
|
* @expectedException \LogicException |
|
|
|
*/ |
|
|
|
public function testGetTheMethodRight() { |
|
|
|
$vars = array( |
|
|
|
'get' => array('name' => 'John Q. Public', 'nickname' => 'Joey'), |
|
|
@@ -145,6 +150,7 @@ class RequestTest extends \Test\TestCase { |
|
|
|
$request = new Request( |
|
|
|
$vars, |
|
|
|
$this->secureRandom, |
|
|
|
$this->getMock('\OCP\Security\ICrypto'), |
|
|
|
$this->config, |
|
|
|
$this->stream |
|
|
|
); |
|
|
@@ -161,6 +167,7 @@ class RequestTest extends \Test\TestCase { |
|
|
|
$request = new Request( |
|
|
|
$vars, |
|
|
|
$this->secureRandom, |
|
|
|
$this->getMock('\OCP\Security\ICrypto'), |
|
|
|
$this->config, |
|
|
|
$this->stream |
|
|
|
); |
|
|
@@ -182,6 +189,7 @@ class RequestTest extends \Test\TestCase { |
|
|
|
$request = new Request( |
|
|
|
$vars, |
|
|
|
$this->secureRandom, |
|
|
|
$this->getMock('\OCP\Security\ICrypto'), |
|
|
|
$this->config, |
|
|
|
$this->stream |
|
|
|
); |
|
|
@@ -206,6 +214,7 @@ class RequestTest extends \Test\TestCase { |
|
|
|
$request = new Request( |
|
|
|
$vars, |
|
|
|
$this->secureRandom, |
|
|
|
$this->getMock('\OCP\Security\ICrypto'), |
|
|
|
$this->config, |
|
|
|
$this->stream |
|
|
|
); |
|
|
@@ -230,6 +239,7 @@ class RequestTest extends \Test\TestCase { |
|
|
|
$request = new Request( |
|
|
|
$vars, |
|
|
|
$this->secureRandom, |
|
|
|
$this->getMock('\OCP\Security\ICrypto'), |
|
|
|
$this->config, |
|
|
|
$this->stream |
|
|
|
); |
|
|
@@ -250,6 +260,7 @@ class RequestTest extends \Test\TestCase { |
|
|
|
$request = new Request( |
|
|
|
$vars, |
|
|
|
$this->secureRandom, |
|
|
|
$this->getMock('\OCP\Security\ICrypto'), |
|
|
|
$this->config, |
|
|
|
$this->stream |
|
|
|
); |
|
|
@@ -274,6 +285,7 @@ class RequestTest extends \Test\TestCase { |
|
|
|
$request = new Request( |
|
|
|
$vars, |
|
|
|
$this->secureRandom, |
|
|
|
$this->getMock('\OCP\Security\ICrypto'), |
|
|
|
$this->config, |
|
|
|
$this->stream |
|
|
|
); |
|
|
@@ -303,6 +315,7 @@ class RequestTest extends \Test\TestCase { |
|
|
|
$request = new Request( |
|
|
|
$vars, |
|
|
|
$this->secureRandom, |
|
|
|
$this->getMock('\OCP\Security\ICrypto'), |
|
|
|
$this->config, |
|
|
|
$this->stream |
|
|
|
); |
|
|
@@ -324,6 +337,7 @@ class RequestTest extends \Test\TestCase { |
|
|
|
$request = new Request( |
|
|
|
$vars, |
|
|
|
$this->secureRandom, |
|
|
|
$this->getMock('\OCP\Security\ICrypto'), |
|
|
|
$this->config, |
|
|
|
$this->stream |
|
|
|
); |
|
|
@@ -347,6 +361,7 @@ class RequestTest extends \Test\TestCase { |
|
|
|
$request = new Request( |
|
|
|
[], |
|
|
|
$this->secureRandom, |
|
|
|
$this->getMock('\OCP\Security\ICrypto'), |
|
|
|
$this->config, |
|
|
|
$this->stream |
|
|
|
); |
|
|
@@ -358,6 +373,7 @@ class RequestTest extends \Test\TestCase { |
|
|
|
$request = new Request( |
|
|
|
[], |
|
|
|
\OC::$server->getSecureRandom(), |
|
|
|
$this->getMock('\OCP\Security\ICrypto'), |
|
|
|
$this->config, |
|
|
|
$this->stream |
|
|
|
); |
|
|
@@ -382,6 +398,7 @@ class RequestTest extends \Test\TestCase { |
|
|
|
], |
|
|
|
], |
|
|
|
$this->secureRandom, |
|
|
|
$this->getMock('\OCP\Security\ICrypto'), |
|
|
|
$this->config, |
|
|
|
$this->stream |
|
|
|
); |
|
|
@@ -410,6 +427,7 @@ class RequestTest extends \Test\TestCase { |
|
|
|
], |
|
|
|
], |
|
|
|
$this->secureRandom, |
|
|
|
$this->getMock('\OCP\Security\ICrypto'), |
|
|
|
$this->config, |
|
|
|
$this->stream |
|
|
|
); |
|
|
@@ -438,6 +456,7 @@ class RequestTest extends \Test\TestCase { |
|
|
|
], |
|
|
|
], |
|
|
|
$this->secureRandom, |
|
|
|
$this->getMock('\OCP\Security\ICrypto'), |
|
|
|
$this->config, |
|
|
|
$this->stream |
|
|
|
); |
|
|
@@ -470,6 +489,7 @@ class RequestTest extends \Test\TestCase { |
|
|
|
], |
|
|
|
], |
|
|
|
$this->secureRandom, |
|
|
|
$this->getMock('\OCP\Security\ICrypto'), |
|
|
|
$this->config, |
|
|
|
$this->stream |
|
|
|
); |
|
|
@@ -497,6 +517,7 @@ class RequestTest extends \Test\TestCase { |
|
|
|
$request = new Request( |
|
|
|
[], |
|
|
|
$this->secureRandom, |
|
|
|
$this->getMock('\OCP\Security\ICrypto'), |
|
|
|
$this->config, |
|
|
|
$this->stream |
|
|
|
); |
|
|
@@ -506,10 +527,10 @@ class RequestTest extends \Test\TestCase { |
|
|
|
|
|
|
|
public function testGetServerProtocolWithProtoValid() { |
|
|
|
$this->config |
|
|
|
->expects($this->exactly(2)) |
|
|
|
->method('getSystemValue') |
|
|
|
->with('overwriteprotocol') |
|
|
|
->will($this->returnValue('')); |
|
|
|
->expects($this->exactly(2)) |
|
|
|
->method('getSystemValue') |
|
|
|
->with('overwriteprotocol') |
|
|
|
->will($this->returnValue('')); |
|
|
|
|
|
|
|
$requestHttps = new Request( |
|
|
|
[ |
|
|
@@ -518,6 +539,7 @@ class RequestTest extends \Test\TestCase { |
|
|
|
], |
|
|
|
], |
|
|
|
$this->secureRandom, |
|
|
|
$this->getMock('\OCP\Security\ICrypto'), |
|
|
|
$this->config, |
|
|
|
$this->stream |
|
|
|
); |
|
|
@@ -528,6 +550,7 @@ class RequestTest extends \Test\TestCase { |
|
|
|
], |
|
|
|
], |
|
|
|
$this->secureRandom, |
|
|
|
$this->getMock('\OCP\Security\ICrypto'), |
|
|
|
$this->config, |
|
|
|
$this->stream |
|
|
|
); |
|
|
@@ -551,6 +574,7 @@ class RequestTest extends \Test\TestCase { |
|
|
|
], |
|
|
|
], |
|
|
|
$this->secureRandom, |
|
|
|
$this->getMock('\OCP\Security\ICrypto'), |
|
|
|
$this->config, |
|
|
|
$this->stream |
|
|
|
); |
|
|
@@ -571,6 +595,7 @@ class RequestTest extends \Test\TestCase { |
|
|
|
], |
|
|
|
], |
|
|
|
$this->secureRandom, |
|
|
|
$this->getMock('\OCP\Security\ICrypto'), |
|
|
|
$this->config, |
|
|
|
$this->stream |
|
|
|
); |
|
|
@@ -587,6 +612,7 @@ class RequestTest extends \Test\TestCase { |
|
|
|
$request = new Request( |
|
|
|
[], |
|
|
|
$this->secureRandom, |
|
|
|
$this->getMock('\OCP\Security\ICrypto'), |
|
|
|
$this->config, |
|
|
|
$this->stream |
|
|
|
); |
|
|
@@ -607,6 +633,7 @@ class RequestTest extends \Test\TestCase { |
|
|
|
], |
|
|
|
], |
|
|
|
$this->secureRandom, |
|
|
|
$this->getMock('\OCP\Security\ICrypto'), |
|
|
|
$this->config, |
|
|
|
$this->stream |
|
|
|
); |
|
|
@@ -628,6 +655,7 @@ class RequestTest extends \Test\TestCase { |
|
|
|
] |
|
|
|
], |
|
|
|
$this->secureRandom, |
|
|
|
$this->getMock('\OCP\Security\ICrypto'), |
|
|
|
$this->config, |
|
|
|
$this->stream |
|
|
|
); |
|
|
@@ -716,6 +744,7 @@ class RequestTest extends \Test\TestCase { |
|
|
|
] |
|
|
|
], |
|
|
|
$this->secureRandom, |
|
|
|
$this->getMock('\OCP\Security\ICrypto'), |
|
|
|
$this->config, |
|
|
|
$this->stream |
|
|
|
); |
|
|
@@ -732,6 +761,7 @@ class RequestTest extends \Test\TestCase { |
|
|
|
] |
|
|
|
], |
|
|
|
$this->secureRandom, |
|
|
|
$this->getMock('\OCP\Security\ICrypto'), |
|
|
|
$this->config, |
|
|
|
$this->stream |
|
|
|
); |
|
|
@@ -749,6 +779,7 @@ class RequestTest extends \Test\TestCase { |
|
|
|
] |
|
|
|
], |
|
|
|
$this->secureRandom, |
|
|
|
$this->getMock('\OCP\Security\ICrypto'), |
|
|
|
$this->config, |
|
|
|
$this->stream |
|
|
|
); |
|
|
@@ -766,6 +797,7 @@ class RequestTest extends \Test\TestCase { |
|
|
|
] |
|
|
|
], |
|
|
|
$this->secureRandom, |
|
|
|
$this->getMock('\OCP\Security\ICrypto'), |
|
|
|
$this->config, |
|
|
|
$this->stream |
|
|
|
); |
|
|
@@ -793,6 +825,7 @@ class RequestTest extends \Test\TestCase { |
|
|
|
$request = new Request( |
|
|
|
[], |
|
|
|
$this->secureRandom, |
|
|
|
$this->getMock('\OCP\Security\ICrypto'), |
|
|
|
$this->config, |
|
|
|
$this->stream |
|
|
|
); |
|
|
@@ -814,6 +847,7 @@ class RequestTest extends \Test\TestCase { |
|
|
|
], |
|
|
|
], |
|
|
|
$this->secureRandom, |
|
|
|
$this->getMock('\OCP\Security\ICrypto'), |
|
|
|
$this->config, |
|
|
|
$this->stream |
|
|
|
); |
|
|
@@ -840,6 +874,7 @@ class RequestTest extends \Test\TestCase { |
|
|
|
], |
|
|
|
], |
|
|
|
$this->secureRandom, |
|
|
|
$this->getMock('\OCP\Security\ICrypto'), |
|
|
|
$this->config, |
|
|
|
$this->stream |
|
|
|
); |
|
|
@@ -866,6 +901,7 @@ class RequestTest extends \Test\TestCase { |
|
|
|
], |
|
|
|
], |
|
|
|
$this->secureRandom, |
|
|
|
$this->getMock('\OCP\Security\ICrypto'), |
|
|
|
$this->config, |
|
|
|
$this->stream |
|
|
|
); |
|
|
@@ -882,6 +918,7 @@ class RequestTest extends \Test\TestCase { |
|
|
|
$request = new Request( |
|
|
|
[], |
|
|
|
$this->secureRandom, |
|
|
|
$this->getMock('\OCP\Security\ICrypto'), |
|
|
|
$this->config, |
|
|
|
$this->stream |
|
|
|
); |
|
|
@@ -909,6 +946,7 @@ class RequestTest extends \Test\TestCase { |
|
|
|
$request = new Request( |
|
|
|
[], |
|
|
|
$this->secureRandom, |
|
|
|
$this->getMock('\OCP\Security\ICrypto'), |
|
|
|
$this->config, |
|
|
|
$this->stream |
|
|
|
); |
|
|
@@ -924,6 +962,7 @@ class RequestTest extends \Test\TestCase { |
|
|
|
] |
|
|
|
], |
|
|
|
$this->secureRandom, |
|
|
|
$this->getMock('\OCP\Security\ICrypto'), |
|
|
|
$this->config, |
|
|
|
$this->stream |
|
|
|
); |
|
|
@@ -944,6 +983,7 @@ class RequestTest extends \Test\TestCase { |
|
|
|
] |
|
|
|
], |
|
|
|
$this->secureRandom, |
|
|
|
$this->getMock('\OCP\Security\ICrypto'), |
|
|
|
$this->config, |
|
|
|
$this->stream |
|
|
|
); |
|
|
@@ -964,6 +1004,7 @@ class RequestTest extends \Test\TestCase { |
|
|
|
] |
|
|
|
], |
|
|
|
$this->secureRandom, |
|
|
|
$this->getMock('\OCP\Security\ICrypto'), |
|
|
|
$this->config, |
|
|
|
$this->stream |
|
|
|
); |
|
|
@@ -986,6 +1027,7 @@ class RequestTest extends \Test\TestCase { |
|
|
|
] |
|
|
|
], |
|
|
|
$this->secureRandom, |
|
|
|
$this->getMock('\OCP\Security\ICrypto'), |
|
|
|
$this->config, |
|
|
|
$this->stream |
|
|
|
); |
|
|
@@ -1008,6 +1050,7 @@ class RequestTest extends \Test\TestCase { |
|
|
|
] |
|
|
|
], |
|
|
|
$this->secureRandom, |
|
|
|
$this->getMock('\OCP\Security\ICrypto'), |
|
|
|
$this->config, |
|
|
|
$this->stream |
|
|
|
); |
|
|
@@ -1030,6 +1073,7 @@ class RequestTest extends \Test\TestCase { |
|
|
|
] |
|
|
|
], |
|
|
|
$this->secureRandom, |
|
|
|
$this->getMock('\OCP\Security\ICrypto'), |
|
|
|
$this->config, |
|
|
|
$this->stream |
|
|
|
); |
|
|
@@ -1052,6 +1096,7 @@ class RequestTest extends \Test\TestCase { |
|
|
|
] |
|
|
|
], |
|
|
|
$this->secureRandom, |
|
|
|
$this->getMock('\OCP\Security\ICrypto'), |
|
|
|
$this->config, |
|
|
|
$this->stream |
|
|
|
); |
|
|
@@ -1105,6 +1150,7 @@ class RequestTest extends \Test\TestCase { |
|
|
|
] |
|
|
|
], |
|
|
|
$this->secureRandom, |
|
|
|
$this->getMock('\OCP\Security\ICrypto'), |
|
|
|
$this->config, |
|
|
|
$this->stream |
|
|
|
); |
|
|
@@ -1144,6 +1190,7 @@ class RequestTest extends \Test\TestCase { |
|
|
|
] |
|
|
|
], |
|
|
|
$this->secureRandom, |
|
|
|
$this->getMock('\OCP\Security\ICrypto'), |
|
|
|
$this->config, |
|
|
|
$this->stream |
|
|
|
]) |
|
|
@@ -1157,17 +1204,25 @@ class RequestTest extends \Test\TestCase { |
|
|
|
} |
|
|
|
|
|
|
|
public function testPassesCSRFCheckWithGet() { |
|
|
|
$crypto = $this->getMock('\OCP\Security\ICrypto'); |
|
|
|
$crypto |
|
|
|
->expects($this->once()) |
|
|
|
->method('decrypt') |
|
|
|
->with('1c637c4147e40a8a8f09428ec2059cebea3480c27b402b4e793c69710a731513|wlXxNUaFqHuQnZr5|e6ab49c9e0e20c8d3607e02f1d8e6ec17ad6020ae10b7d64ab4b0a6318c0875940943a6aa303dc090fea0b4cd5b9fb8bcbecac4308a2bd15d9f369cdc22121a4', 'secret') |
|
|
|
->will($this->returnValue('MyStoredRequestToken')); |
|
|
|
|
|
|
|
/** @var Request $request */ |
|
|
|
$request = $this->getMockBuilder('\OC\AppFramework\Http\Request') |
|
|
|
->setMethods(['getScriptName']) |
|
|
|
->setConstructorArgs([ |
|
|
|
[ |
|
|
|
'get' => [ |
|
|
|
'requesttoken' => 'MyStoredRequestToken', |
|
|
|
'requesttoken' => '1c637c4147e40a8a8f09428ec2059cebea3480c27b402b4e793c69710a731513|wlXxNUaFqHuQnZr5|e6ab49c9e0e20c8d3607e02f1d8e6ec17ad6020ae10b7d64ab4b0a6318c0875940943a6aa303dc090fea0b4cd5b9fb8bcbecac4308a2bd15d9f369cdc22121a4:secret', |
|
|
|
], |
|
|
|
'requesttoken' => 'MyStoredRequestToken', |
|
|
|
], |
|
|
|
$this->secureRandom, |
|
|
|
$crypto, |
|
|
|
$this->config, |
|
|
|
$this->stream |
|
|
|
]) |
|
|
@@ -1177,17 +1232,25 @@ class RequestTest extends \Test\TestCase { |
|
|
|
} |
|
|
|
|
|
|
|
public function testPassesCSRFCheckWithPost() { |
|
|
|
$crypto = $this->getMock('\OCP\Security\ICrypto'); |
|
|
|
$crypto |
|
|
|
->expects($this->once()) |
|
|
|
->method('decrypt') |
|
|
|
->with('1c637c4147e40a8a8f09428ec2059cebea3480c27b402b4e793c69710a731513|wlXxNUaFqHuQnZr5|e6ab49c9e0e20c8d3607e02f1d8e6ec17ad6020ae10b7d64ab4b0a6318c0875940943a6aa303dc090fea0b4cd5b9fb8bcbecac4308a2bd15d9f369cdc22121a4', 'secret') |
|
|
|
->will($this->returnValue('MyStoredRequestToken')); |
|
|
|
|
|
|
|
/** @var Request $request */ |
|
|
|
$request = $this->getMockBuilder('\OC\AppFramework\Http\Request') |
|
|
|
->setMethods(['getScriptName']) |
|
|
|
->setConstructorArgs([ |
|
|
|
[ |
|
|
|
'post' => [ |
|
|
|
'requesttoken' => 'MyStoredRequestToken', |
|
|
|
'requesttoken' => '1c637c4147e40a8a8f09428ec2059cebea3480c27b402b4e793c69710a731513|wlXxNUaFqHuQnZr5|e6ab49c9e0e20c8d3607e02f1d8e6ec17ad6020ae10b7d64ab4b0a6318c0875940943a6aa303dc090fea0b4cd5b9fb8bcbecac4308a2bd15d9f369cdc22121a4:secret', |
|
|
|
], |
|
|
|
'requesttoken' => 'MyStoredRequestToken', |
|
|
|
], |
|
|
|
$this->secureRandom, |
|
|
|
$crypto, |
|
|
|
$this->config, |
|
|
|
$this->stream |
|
|
|
]) |
|
|
@@ -1197,17 +1260,24 @@ class RequestTest extends \Test\TestCase { |
|
|
|
} |
|
|
|
|
|
|
|
public function testPassesCSRFCheckWithHeader() { |
|
|
|
$crypto = $this->getMock('\OCP\Security\ICrypto'); |
|
|
|
$crypto |
|
|
|
->expects($this->once()) |
|
|
|
->method('decrypt') |
|
|
|
->with('1c637c4147e40a8a8f09428ec2059cebea3480c27b402b4e793c69710a731513|wlXxNUaFqHuQnZr5|e6ab49c9e0e20c8d3607e02f1d8e6ec17ad6020ae10b7d64ab4b0a6318c0875940943a6aa303dc090fea0b4cd5b9fb8bcbecac4308a2bd15d9f369cdc22121a4', 'secret') |
|
|
|
->will($this->returnValue('MyStoredRequestToken')); |
|
|
|
/** @var Request $request */ |
|
|
|
$request = $this->getMockBuilder('\OC\AppFramework\Http\Request') |
|
|
|
->setMethods(['getScriptName']) |
|
|
|
->setConstructorArgs([ |
|
|
|
[ |
|
|
|
'server' => [ |
|
|
|
'HTTP_REQUESTTOKEN' => 'MyStoredRequestToken', |
|
|
|
'HTTP_REQUESTTOKEN' => '1c637c4147e40a8a8f09428ec2059cebea3480c27b402b4e793c69710a731513|wlXxNUaFqHuQnZr5|e6ab49c9e0e20c8d3607e02f1d8e6ec17ad6020ae10b7d64ab4b0a6318c0875940943a6aa303dc090fea0b4cd5b9fb8bcbecac4308a2bd15d9f369cdc22121a4:secret', |
|
|
|
], |
|
|
|
'requesttoken' => 'MyStoredRequestToken', |
|
|
|
], |
|
|
|
$this->secureRandom, |
|
|
|
$crypto, |
|
|
|
$this->config, |
|
|
|
$this->stream |
|
|
|
]) |
|
|
@@ -1216,18 +1286,34 @@ class RequestTest extends \Test\TestCase { |
|
|
|
$this->assertTrue($request->passesCSRFCheck()); |
|
|
|
} |
|
|
|
|
|
|
|
public function testPassesCSRFCheckWithInvalidToken() { |
|
|
|
public function invalidTokenDataProvider() { |
|
|
|
return [ |
|
|
|
['InvalidSentToken'], |
|
|
|
['InvalidSentToken:InvalidSecret'], |
|
|
|
[null], |
|
|
|
[''], |
|
|
|
]; |
|
|
|
} |
|
|
|
|
|
|
|
/** |
|
|
|
* @dataProvider invalidTokenDataProvider |
|
|
|
* @param string $invalidToken |
|
|
|
*/ |
|
|
|
public function testPassesCSRFCheckWithInvalidToken($invalidToken) { |
|
|
|
$crypto = new Crypto($this->config, $this->secureRandom); |
|
|
|
|
|
|
|
/** @var Request $request */ |
|
|
|
$request = $this->getMockBuilder('\OC\AppFramework\Http\Request') |
|
|
|
->setMethods(['getScriptName']) |
|
|
|
->setConstructorArgs([ |
|
|
|
[ |
|
|
|
'server' => [ |
|
|
|
'HTTP_REQUESTTOKEN' => 'MyInvalidSentToken', |
|
|
|
'HTTP_REQUESTTOKEN' => $invalidToken, |
|
|
|
], |
|
|
|
'requesttoken' => 'MyStoredRequestToken', |
|
|
|
], |
|
|
|
$this->secureRandom, |
|
|
|
$crypto, |
|
|
|
$this->config, |
|
|
|
$this->stream |
|
|
|
]) |
|
|
@@ -1243,6 +1329,7 @@ class RequestTest extends \Test\TestCase { |
|
|
|
->setConstructorArgs([ |
|
|
|
[], |
|
|
|
$this->secureRandom, |
|
|
|
$this->getMock('\OCP\Security\ICrypto'), |
|
|
|
$this->config, |
|
|
|
$this->stream |
|
|
|
]) |