mirrors
/
nextcloud
mirror of https://github.com/nextcloud/server.git


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332
							<?php
/**
 * Copyright (c) 2013 Thomas Müller <thomas.mueller@tmit.eu>
 * This file is licensed under the Affero General Public License version 3 or
 * later.
 * See the COPYING-README file.
 */

class Test_Request extends \Test\TestCase {

	protected function setUp() {
		parent::setUp();

		OC::$server->getConfig()->setSystemValue('overwritewebroot', '/domain.tld/ownCloud');

		OC::$server->getConfig()->setSystemValue('trusted_proxies', array());
		OC::$server->getConfig()->setSystemValue('forwarded_for_headers', array());
	}

	protected function tearDown() {
		OC::$server->getConfig()->setSystemValue('overwritewebroot', '');
		OC::$server->getConfig()->setSystemValue('trusted_proxies', array());
		OC::$server->getConfig()->setSystemValue('forwarded_for_headers', array());

		parent::tearDown();
	}

	public function testScriptNameOverWrite() {
		$_SERVER['REMOTE_ADDR'] = '10.0.0.1';
		$_SERVER['SCRIPT_FILENAME'] = __FILE__;

		$scriptName = OC_Request::scriptName();
		$this->assertEquals('/domain.tld/ownCloud/tests/lib/request.php', $scriptName);
	}

	public function testGetRemoteAddress() {
		$_SERVER['REMOTE_ADDR'] = '10.0.0.2';
		$_SERVER['HTTP_X_FORWARDED'] = '10.4.0.5, 10.4.0.4';
		$_SERVER['HTTP_X_FORWARDED_FOR'] = '192.168.0.233';

		// Without having specified a trusted remote address
		$this->assertEquals('10.0.0.2', OC_Request::getRemoteAddress());

		// With specifying a trusted remote address but no trusted header
		OC::$server->getConfig()->setSystemValue('trusted_proxies', array('10.0.0.2'));
		$this->assertEquals('10.0.0.2', OC_Request::getRemoteAddress());

		// With specifying a trusted remote address and trusted headers
		OC::$server->getConfig()->setSystemValue('trusted_proxies', array('10.0.0.2'));
		OC::$server->getConfig()->setSystemValue('forwarded_for_headers', array('HTTP_X_FORWARDED'));
		$this->assertEquals('10.4.0.5', OC_Request::getRemoteAddress());
		OC::$server->getConfig()->setSystemValue('forwarded_for_headers', array('HTTP_CLIENT_IP', 'HTTP_X_FORWARDED_FOR', 'HTTP_X_FORWARDED'));
		$this->assertEquals('192.168.0.233', OC_Request::getRemoteAddress());

		// With specifying multiple trusted remote addresses and trusted headers
		OC::$server->getConfig()->setSystemValue('trusted_proxies', array('10.3.4.2', '10.0.0.2', '127.0.3.3'));
		OC::$server->getConfig()->setSystemValue('forwarded_for_headers', array('HTTP_X_FORWARDED'));
		$this->assertEquals('10.4.0.5', OC_Request::getRemoteAddress());
		OC::$server->getConfig()->setSystemValue('forwarded_for_headers', array('HTTP_CLIENT_IP', 'HTTP_X_FORWARDED_FOR', 'HTTP_X_FORWARDED'));
		$this->assertEquals('192.168.0.233', OC_Request::getRemoteAddress());
	}

	/**
	 * @dataProvider rawPathInfoProvider
	 * @param $expected
	 * @param $requestUri
	 * @param $scriptName
	 */
	public function testRawPathInfo($expected, $requestUri, $scriptName) {
		$_SERVER['REQUEST_URI'] = $requestUri;
		$_SERVER['SCRIPT_NAME'] = $scriptName;
		$rawPathInfo = OC_Request::getRawPathInfo();
		$this->assertEquals($expected, $rawPathInfo);
	}

	function rawPathInfoProvider() {
		return array(
			array('/core/ajax/translations.php', 'index.php/core/ajax/translations.php', 'index.php'),
			array('/core/ajax/translations.php', '/index.php/core/ajax/translations.php', '/index.php'),
			array('/core/ajax/translations.php', '//index.php/core/ajax/translations.php', '/index.php'),
			array('', '/oc/core', '/oc/core/index.php'),
			array('', '/oc/core/', '/oc/core/index.php'),
			array('', '/oc/core/index.php', '/oc/core/index.php'),
			array('/core/ajax/translations.php', '/core/ajax/translations.php', 'index.php'),
			array('/core/ajax/translations.php', '//core/ajax/translations.php', '/index.php'),
			array('/core/ajax/translations.php', '/oc/core/ajax/translations.php', '/oc/index.php'),
			array('/1', '/oc/core/1', '/oc/core/index.php'),
		);
	}

	/**
	 * @dataProvider rawPathInfoThrowsExceptionProvider
	 * @expectedException Exception
	 *
	 * @param $requestUri
	 * @param $scriptName
	 */
	public function testRawPathInfoThrowsException($requestUri, $scriptName) {
		$_SERVER['REQUEST_URI'] = $requestUri;
		$_SERVER['SCRIPT_NAME'] = $scriptName;
		OC_Request::getRawPathInfo();
	}

	function rawPathInfoThrowsExceptionProvider() {
		return array(
			array('/oc/core1', '/oc/core/index.php'),
		);
	}

	/**
	 * @dataProvider userAgentProvider
	 */
	public function testUserAgent($testAgent, $userAgent, $matches) {
		$_SERVER['HTTP_USER_AGENT'] = $testAgent;
		$this->assertEquals($matches, OC_Request::isUserAgent($userAgent));
	}

	function userAgentProvider() {
		return array(
			array(
				'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)',
				OC_Request::USER_AGENT_IE,
				true
			),
			array(
				'Mozilla/5.0 (X11; Linux i686; rv:24.0) Gecko/20100101 Firefox/24.0',
				OC_Request::USER_AGENT_IE,
				false
			),
			array(
				'Mozilla/5.0 (Linux; Android 4.4; Nexus 4 Build/KRT16S) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.59 Mobile Safari/537.36',
				OC_Request::USER_AGENT_ANDROID_MOBILE_CHROME,
				true
			),
			array(
				'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)',
				OC_Request::USER_AGENT_ANDROID_MOBILE_CHROME,
				false
			),
			// test two values
			array(
				'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)',
				array(
					OC_Request::USER_AGENT_IE,
					OC_Request::USER_AGENT_ANDROID_MOBILE_CHROME,
				),
				true
			),
			array(
				'Mozilla/5.0 (Linux; Android 4.4; Nexus 4 Build/KRT16S) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.59 Mobile Safari/537.36',
				array(
					OC_Request::USER_AGENT_IE,
					OC_Request::USER_AGENT_ANDROID_MOBILE_CHROME,
				),
				true
			),
			array(
				'Mozilla/5.0 (X11; Linux i686; rv:24.0) Gecko/20100101 Firefox/24.0',
				OC_Request::USER_AGENT_FREEBOX,
				false
			),
			array(
				'Mozilla/5.0',
				OC_Request::USER_AGENT_FREEBOX,
				true
			),
			array(
				'Fake Mozilla/5.0',
				OC_Request::USER_AGENT_FREEBOX,
				false
			),
		);
	}

	public function testInsecureServerHost() {
		unset($_SERVER['HTTP_X_FORWARDED_HOST']);
		unset($_SERVER['HTTP_HOST']);
		unset($_SERVER['SERVER_NAME']);
		$_SERVER['SERVER_NAME'] = 'from.server.name:8080';
		$host = OC_Request::insecureServerHost();
		$this->assertEquals('from.server.name:8080', $host);

		$_SERVER['HTTP_HOST'] = 'from.host.header:8080';
		$host = OC_Request::insecureServerHost();
		$this->assertEquals('from.host.header:8080', $host);

		$_SERVER['HTTP_X_FORWARDED_HOST'] = 'from.forwarded.host:8080';
		$host = OC_Request::insecureServerHost();
		$this->assertEquals('from.forwarded.host:8080', $host);

		$_SERVER['HTTP_X_FORWARDED_HOST'] = 'from.forwarded.host2:8080,another.one:9000';
		$host = OC_Request::insecureServerHost();
		$this->assertEquals('from.forwarded.host2:8080', $host);

		// clean up
		unset($_SERVER['HTTP_X_FORWARDED_HOST']);
		unset($_SERVER['HTTP_HOST']);
		unset($_SERVER['SERVER_NAME']);
	}

	public function testGetOverwriteHost() {
		unset($_SERVER['REMOTE_ADDR']);
		OC_Config::deleteKey('overwritecondaddr');
		OC_Config::deleteKey('overwritehost');
		$host = OC_Request::getOverwriteHost();
		$this->assertNull($host);

		OC_Config::setValue('overwritehost', '');
		$host = OC_Request::getOverwriteHost();
		$this->assertNull($host);

		OC_Config::setValue('overwritehost', 'host.one.test:8080');
		$host = OC_Request::getOverwriteHost();
		$this->assertEquals('host.one.test:8080', $host);

		$_SERVER['REMOTE_ADDR'] = 'somehost.test:8080';
		OC_Config::setValue('overwritecondaddr', '^somehost\..*$');
		$host = OC_Request::getOverwriteHost();
		$this->assertEquals('host.one.test:8080', $host);

		OC_Config::setValue('overwritecondaddr', '^somethingelse.*$');
		$host = OC_Request::getOverwriteHost();
		$this->assertNull($host);

		// clean up
		unset($_SERVER['REMOTE_ADDR']);
		OC_Config::deleteKey('overwritecondaddr');
		OC_Config::deleteKey('overwritehost');
	}

	public function hostWithPortProvider() {
		return array(
			array('localhost:500', 'localhost'),
			array('foo.com', 'foo.com'),
			array('[1fff:0:a88:85a3::ac1f]:801', '[1fff:0:a88:85a3::ac1f]'),
			array('[1fff:0:a88:85a3::ac1f]', '[1fff:0:a88:85a3::ac1f]')
		);
	}

	/**
	 * @dataProvider hostWithPortProvider
	 */
	public function testGetDomainWithoutPort($hostWithPort, $host) {
		$this->assertEquals($host, OC_Request::getDomainWithoutPort($hostWithPort));

	}

	/**
	 * @dataProvider trustedDomainDataProvider
	 */
	public function testIsTrustedDomain($trustedDomains, $testDomain, $result) {
		OC_Config::deleteKey('trusted_domains');
		if ($trustedDomains !== null) {
			OC_Config::setValue('trusted_domains', $trustedDomains);
		}

		$this->assertEquals($result, OC_Request::isTrustedDomain($testDomain));

		// clean up
		OC_Config::deleteKey('trusted_domains');
	}

	public function trustedDomainDataProvider() {
		$trustedHostTestList = array('host.one.test', 'host.two.test', '[1fff:0:a88:85a3::ac1f]');
		return array(
			// empty defaults to true
			array(null, 'host.one.test:8080', true),
			array('', 'host.one.test:8080', true),
			array(array(), 'host.one.test:8080', true),

			// trust list when defined
			array($trustedHostTestList, 'host.two.test:8080', true),
			array($trustedHostTestList, 'host.two.test:9999', true),
			array($trustedHostTestList, 'host.three.test:8080', false),
			array($trustedHostTestList, 'host.two.test:8080:aa:222', false),
			array($trustedHostTestList, '[1fff:0:a88:85a3::ac1f]', true),
			array($trustedHostTestList, '[1fff:0:a88:85a3::ac1f]:801', true),
			array($trustedHostTestList, '[1fff:0:a88:85a3::ac1f]:801:34', false),

			// trust localhost regardless of trust list
			array($trustedHostTestList, 'localhost', true),
			array($trustedHostTestList, 'localhost:8080', true),
			array($trustedHostTestList, '127.0.0.1', true),
			array($trustedHostTestList, '127.0.0.1:8080', true),

			// do not trust invalid localhosts
			array($trustedHostTestList, 'localhost:1:2', false),
			array($trustedHostTestList, 'localhost: evil.host', false),
		);
	}

	public function testServerHost() {
		OC_Config::deleteKey('overwritecondaddr');
		OC_Config::setValue('overwritehost', 'overwritten.host:8080');
		OC_Config::setValue(
			'trusted_domains',
			array(
				'trusted.host:8080',
				'second.trusted.host:8080'
			)
		);
		$_SERVER['HTTP_HOST'] = 'trusted.host:8080';

		// CLI always gives localhost
		$oldCLI = OC::$CLI;
		OC::$CLI = true;
		$host = OC_Request::serverHost();
		$this->assertEquals('localhost', $host);
		OC::$CLI = false;

		// overwritehost overrides trusted domain
		$host = OC_Request::serverHost();
		$this->assertEquals('overwritten.host:8080', $host);

		// trusted domain returned when used
		OC_Config::deleteKey('overwritehost');
		$host = OC_Request::serverHost();
		$this->assertEquals('trusted.host:8080', $host);

		// trusted domain returned when untrusted one in header
		$_SERVER['HTTP_HOST'] = 'untrusted.host:8080';
		OC_Config::deleteKey('overwritehost');
		$host = OC_Request::serverHost();
		$this->assertEquals('trusted.host:8080', $host);

		// clean up
		OC_Config::deleteKey('overwritecondaddr');
		OC_Config::deleteKey('overwritehost');
		unset($_SERVER['HTTP_HOST']);
		OC::$CLI = $oldCLI;
	}
}