mirrors
/
nextcloud
mirror of https://github.com/nextcloud/server.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 994 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
33000 Commits
371 Branches
Tree: 6670d37658
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '6670d37658'
${ noResults }
nextcloud/tests/lib/User/SessionTest.php

SessionTest.php 30KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917 
  1. <?php

  2. 

  3. /**

  4.  * Copyright (c) 2013 Robin Appelman <icewind@owncloud.com>

  5.  * This file is licensed under the Affero General Public License version 3 or

  6.  * later.

  7.  * See the COPYING-README file.

  8.  */

  9. 

  10. namespace Test\User;

  11. 

  12. use OC\Session\Memory;

  13. use OC\User\User;

  14. 

  15. /**

  16.  * @group DB

  17.  * @package Test\User

  18.  */

  19. class SessionTest extends \Test\TestCase {

  20. 

  21. 	/** @var \OCP\AppFramework\Utility\ITimeFactory */

  22. 	private $timeFactory;

  23. 

  24. 	/** @var \OC\Authentication\Token\DefaultTokenProvider */

  25. 	protected $tokenProvider;

  26. 

  27. 	/** @var \OCP\IConfig */

  28. 	private $config;

  29. 

  30. 	protected function setUp() {

  31. 		parent::setUp();

  32. 

  33. 		$this->timeFactory = $this->getMock('\OCP\AppFramework\Utility\ITimeFactory');

  34. 		$this->timeFactory->expects($this->any())

  35. 			->method('getTime')

  36. 			->will($this->returnValue(10000));

  37. 		$this->tokenProvider = $this->getMock('\OC\Authentication\Token\IProvider');

  38. 		$this->config = $this->getMock('\OCP\IConfig');

  39. 	}

  40. 

  41. 	public function testGetUser() {

  42. 		$token = new \OC\Authentication\Token\DefaultToken();

  43. 		$token->setLoginName('User123');

  44. 		$token->setLastCheck(200);

  45. 

  46. 		$expectedUser = $this->getMock('\OCP\IUser');

  47. 		$expectedUser->expects($this->any())

  48. 			->method('getUID')

  49. 			->will($this->returnValue('user123'));

  50. 		$session = $this->getMock('\OC\Session\Memory', array(), array(''));

  51. 		$session->expects($this->at(0))

  52. 			->method('get')

  53. 			->with('user_id')

  54. 			->will($this->returnValue($expectedUser->getUID()));

  55. 		$sessionId = 'abcdef12345';

  56. 

  57. 		$manager = $this->getMockBuilder('\OC\User\Manager')

  58. 			->disableOriginalConstructor()

  59. 			->getMock();

  60. 		$session->expects($this->at(1))

  61. 			->method('get')

  62. 			->with('app_password')

  63. 			->will($this->returnValue(null)); // No password set -> browser session

  64. 		$session->expects($this->once())

  65. 			->method('getId')

  66. 			->will($this->returnValue($sessionId));

  67. 		$this->tokenProvider->expects($this->once())

  68. 			->method('getToken')

  69. 			->with($sessionId)

  70. 			->will($this->returnValue($token));

  71. 		$this->tokenProvider->expects($this->once())

  72. 			->method('getPassword')

  73. 			->with($token, $sessionId)

  74. 			->will($this->returnValue('passme'));

  75. 		$manager->expects($this->once())

  76. 			->method('checkPassword')

  77. 			->with('User123', 'passme')

  78. 			->will($this->returnValue(true));

  79. 		$expectedUser->expects($this->once())

  80. 			->method('isEnabled')

  81. 			->will($this->returnValue(true));

  82. 

  83. 		$this->tokenProvider->expects($this->once())

  84. 			->method('updateTokenActivity')

  85. 			->with($token);

  86. 

  87. 		$manager->expects($this->any())

  88. 			->method('get')

  89. 			->with($expectedUser->getUID())

  90. 			->will($this->returnValue($expectedUser));

  91. 

  92. 		$userSession = new \OC\User\Session($manager, $session, $this->timeFactory, $this->tokenProvider, $this->config);

  93. 		$user = $userSession->getUser();

  94. 		$this->assertSame($expectedUser, $user);

  95. 		$this->assertSame(10000, $token->getLastCheck());

  96. 	}

  97. 

  98. 	public function isLoggedInData() {

  99. 		return [

  100. 			[true],

  101. 			[false],

  102. 		];

  103. 	}

  104. 

  105. 	/**

  106. 	 * @dataProvider isLoggedInData

  107. 	 */

  108. 	public function testIsLoggedIn($isLoggedIn) {

  109. 		$session = $this->getMock('\OC\Session\Memory', array(), array(''));

  110. 

  111. 		$manager = $this->getMockBuilder('\OC\User\Manager')

  112. 			->disableOriginalConstructor()

  113. 			->getMock();

  114. 

  115. 		$userSession = $this->getMockBuilder('\OC\User\Session')

  116. 			->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config])

  117. 			->setMethods([

  118. 				'getUser'

  119. 			])

  120. 			->getMock();

  121. 		$user = new User('sepp', null);

  122. 		$userSession->expects($this->once())

  123. 			->method('getUser')

  124. 			->will($this->returnValue($isLoggedIn ? $user : null));

  125. 		$this->assertEquals($isLoggedIn, $userSession->isLoggedIn());

  126. 	}

  127. 

  128. 	public function testSetUser() {

  129. 		$session = $this->getMock('\OC\Session\Memory', array(), array(''));

  130. 		$session->expects($this->once())

  131. 			->method('set')

  132. 			->with('user_id', 'foo');

  133. 

  134. 		$manager = $this->getMock('\OC\User\Manager');

  135. 

  136. 		$backend = $this->getMock('\Test\Util\User\Dummy');

  137. 

  138. 		$user = $this->getMock('\OC\User\User', array(), array('foo', $backend));

  139. 		$user->expects($this->once())

  140. 			->method('getUID')

  141. 			->will($this->returnValue('foo'));

  142. 

  143. 		$userSession = new \OC\User\Session($manager, $session, $this->timeFactory, $this->tokenProvider, $this->config);

  144. 		$userSession->setUser($user);

  145. 	}

  146. 

  147. 	public function testLoginValidPasswordEnabled() {

  148. 		$session = $this->getMock('\OC\Session\Memory', array(), array(''));

  149. 		$session->expects($this->once())

  150. 			->method('regenerateId');

  151. 		$this->tokenProvider->expects($this->once())

  152. 			->method('getToken')

  153. 			->with('bar')

  154. 			->will($this->throwException(new \OC\Authentication\Exceptions\InvalidTokenException()));

  155. 		$session->expects($this->exactly(2))

  156. 			->method('set')

  157. 			->with($this->callback(function ($key) {

  158. 					switch ($key) {

  159. 						case 'user_id':

  160. 						case 'loginname':

  161. 							return true;

  162. 							break;

  163. 						default:

  164. 							return false;

  165. 							break;

  166. 					}

  167. 				}, 'foo'));

  168. 

  169. 		$managerMethods = get_class_methods('\OC\User\Manager');

  170. 		//keep following methods intact in order to ensure hooks are

  171. 		//working

  172. 		$doNotMock = array('__construct', 'emit', 'listen');

  173. 		foreach ($doNotMock as $methodName) {

  174. 			$i = array_search($methodName, $managerMethods, true);

  175. 			if ($i !== false) {

  176. 				unset($managerMethods[$i]);

  177. 			}

  178. 		}

  179. 		$manager = $this->getMock('\OC\User\Manager', $managerMethods, array());

  180. 

  181. 		$backend = $this->getMock('\Test\Util\User\Dummy');

  182. 

  183. 		$user = $this->getMock('\OC\User\User', array(), array('foo', $backend));

  184. 		$user->expects($this->any())

  185. 			->method('isEnabled')

  186. 			->will($this->returnValue(true));

  187. 		$user->expects($this->any())

  188. 			->method('getUID')

  189. 			->will($this->returnValue('foo'));

  190. 		$user->expects($this->once())

  191. 			->method('updateLastLoginTimestamp');

  192. 

  193. 		$manager->expects($this->once())

  194. 			->method('checkPassword')

  195. 			->with('foo', 'bar')

  196. 			->will($this->returnValue($user));

  197. 

  198. 		$userSession = $this->getMockBuilder('\OC\User\Session')

  199. 			->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config])

  200. 			->setMethods([

  201. 				'prepareUserLogin'

  202. 			])

  203. 			->getMock();

  204. 		$userSession->expects($this->once())

  205. 			->method('prepareUserLogin');

  206. 		$userSession->login('foo', 'bar');

  207. 		$this->assertEquals($user, $userSession->getUser());

  208. 	}

  209. 

  210. 	/**

  211. 	 * @expectedException \OC\User\LoginException

  212. 	 */

  213. 	public function testLoginValidPasswordDisabled() {

  214. 		$session = $this->getMock('\OC\Session\Memory', array(), array(''));

  215. 		$session->expects($this->never())

  216. 			->method('set');

  217. 		$session->expects($this->once())

  218. 			->method('regenerateId');

  219. 		$this->tokenProvider->expects($this->once())

  220. 			->method('getToken')

  221. 			->with('bar')

  222. 			->will($this->throwException(new \OC\Authentication\Exceptions\InvalidTokenException()));

  223. 

  224. 		$managerMethods = get_class_methods('\OC\User\Manager');

  225. 		//keep following methods intact in order to ensure hooks are

  226. 		//working

  227. 		$doNotMock = array('__construct', 'emit', 'listen');

  228. 		foreach ($doNotMock as $methodName) {

  229. 			$i = array_search($methodName, $managerMethods, true);

  230. 			if ($i !== false) {

  231. 				unset($managerMethods[$i]);

  232. 			}

  233. 		}

  234. 		$manager = $this->getMock('\OC\User\Manager', $managerMethods, array());

  235. 

  236. 		$backend = $this->getMock('\Test\Util\User\Dummy');

  237. 

  238. 		$user = $this->getMock('\OC\User\User', array(), array('foo', $backend));

  239. 		$user->expects($this->any())

  240. 			->method('isEnabled')

  241. 			->will($this->returnValue(false));

  242. 		$user->expects($this->never())

  243. 			->method('updateLastLoginTimestamp');

  244. 

  245. 		$manager->expects($this->once())

  246. 			->method('checkPassword')

  247. 			->with('foo', 'bar')

  248. 			->will($this->returnValue($user));

  249. 

  250. 		$userSession = new \OC\User\Session($manager, $session, $this->timeFactory, $this->tokenProvider, $this->config);

  251. 		$userSession->login('foo', 'bar');

  252. 	}

  253. 

  254. 	public function testLoginInvalidPassword() {

  255. 		$session = $this->getMock('\OC\Session\Memory', array(), array(''));

  256. 		$managerMethods = get_class_methods('\OC\User\Manager');

  257. 		//keep following methods intact in order to ensure hooks are

  258. 		//working

  259. 		$doNotMock = array('__construct', 'emit', 'listen');

  260. 		foreach ($doNotMock as $methodName) {

  261. 			$i = array_search($methodName, $managerMethods, true);

  262. 			if ($i !== false) {

  263. 				unset($managerMethods[$i]);

  264. 			}

  265. 		}

  266. 		$manager = $this->getMock('\OC\User\Manager', $managerMethods, array());

  267. 		$backend = $this->getMock('\Test\Util\User\Dummy');

  268. 		$userSession = new \OC\User\Session($manager, $session, $this->timeFactory, $this->tokenProvider, $this->config);

  269. 

  270. 		$user = $this->getMock('\OC\User\User', array(), array('foo', $backend));

  271. 

  272. 		$session->expects($this->never())

  273. 			->method('set');

  274. 		$session->expects($this->once())

  275. 			->method('regenerateId');

  276. 		$this->tokenProvider->expects($this->once())

  277. 			->method('getToken')

  278. 			->with('bar')

  279. 			->will($this->throwException(new \OC\Authentication\Exceptions\InvalidTokenException()));

  280. 

  281. 		$user->expects($this->never())

  282. 			->method('isEnabled');

  283. 		$user->expects($this->never())

  284. 			->method('updateLastLoginTimestamp');

  285. 

  286. 		$manager->expects($this->once())

  287. 			->method('checkPassword')

  288. 			->with('foo', 'bar')

  289. 			->will($this->returnValue(false));

  290. 

  291. 		$userSession->login('foo', 'bar');

  292. 	}

  293. 

  294. 	public function testLoginNonExisting() {

  295. 		$session = $this->getMock('\OC\Session\Memory', array(), array(''));

  296. 		$manager = $this->getMock('\OC\User\Manager');

  297. 		$backend = $this->getMock('\Test\Util\User\Dummy');

  298. 		$userSession = new \OC\User\Session($manager, $session, $this->timeFactory, $this->tokenProvider, $this->config);

  299. 

  300. 		$session->expects($this->never())

  301. 			->method('set');

  302. 		$session->expects($this->once())

  303. 			->method('regenerateId');

  304. 		$this->tokenProvider->expects($this->once())

  305. 			->method('getToken')

  306. 			->with('bar')

  307. 			->will($this->throwException(new \OC\Authentication\Exceptions\InvalidTokenException()));

  308. 

  309. 		$manager->expects($this->once())

  310. 			->method('checkPassword')

  311. 			->with('foo', 'bar')

  312. 			->will($this->returnValue(false));

  313. 

  314. 		$userSession->login('foo', 'bar');

  315. 	}

  316. 

  317. 	/**

  318. 	 * When using a device token, the loginname must match the one that was used

  319. 	 * when generating the token on the browser.

  320. 	 */

  321. 	public function testLoginWithDifferentTokenLoginName() {

  322. 		$session = $this->getMock('\OC\Session\Memory', array(), array(''));

  323. 		$manager = $this->getMock('\OC\User\Manager');

  324. 		$backend = $this->getMock('\Test\Util\User\Dummy');

  325. 		$userSession = new \OC\User\Session($manager, $session, $this->timeFactory, $this->tokenProvider, $this->config);

  326. 		$username = 'user123';

  327. 		$token = new \OC\Authentication\Token\DefaultToken();

  328. 		$token->setLoginName($username);

  329. 

  330. 		$session->expects($this->never())

  331. 			->method('set');

  332. 		$session->expects($this->once())

  333. 			->method('regenerateId');

  334. 		$this->tokenProvider->expects($this->once())

  335. 			->method('getToken')

  336. 			->with('bar')

  337. 			->will($this->returnValue($token));

  338. 

  339. 		$manager->expects($this->once())

  340. 			->method('checkPassword')

  341. 			->with('foo', 'bar')

  342. 			->will($this->returnValue(false));

  343. 

  344. 		$userSession->login('foo', 'bar');

  345. 	}

  346. 

  347. 	/**

  348. 	 * @expectedException \OC\Authentication\Exceptions\PasswordLoginForbiddenException

  349. 	 */

  350. 	public function testLogClientInNoTokenPasswordWith2fa() {

  351. 		$manager = $this->getMockBuilder('\OC\User\Manager')

  352. 			->disableOriginalConstructor()

  353. 			->getMock();

  354. 		$session = $this->getMock('\OCP\ISession');

  355. 		$request = $this->getMock('\OCP\IRequest');

  356. 		$user = $this->getMock('\OCP\IUser');

  357. 

  358. 		/** @var \OC\User\Session $userSession */

  359. 		$userSession = $this->getMockBuilder('\OC\User\Session')

  360. 			->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config])

  361. 			->setMethods(['login', 'supportsCookies', 'createSessionToken', 'getUser'])

  362. 			->getMock();

  363. 

  364. 		$this->tokenProvider->expects($this->once())

  365. 			->method('getToken')

  366. 			->with('doe')

  367. 			->will($this->throwException(new \OC\Authentication\Exceptions\InvalidTokenException()));

  368. 		$this->config->expects($this->once())

  369. 			->method('getSystemValue')

  370. 			->with('token_auth_enforced', false)

  371. 			->will($this->returnValue(true));

  372. 

  373. 		$userSession->logClientIn('john', 'doe', $request);

  374. 	}

  375. 

  376. 	public function testLogClientInWithTokenPassword() {

  377. 		$manager = $this->getMockBuilder('\OC\User\Manager')

  378. 			->disableOriginalConstructor()

  379. 			->getMock();

  380. 		$session = $this->getMock('\OCP\ISession');

  381. 		$request = $this->getMock('\OCP\IRequest');

  382. 		$user = $this->getMock('\OCP\IUser');

  383. 

  384. 		/** @var \OC\User\Session $userSession */

  385. 		$userSession = $this->getMockBuilder('\OC\User\Session')

  386. 			->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config])

  387. 			->setMethods(['isTokenPassword', 'login', 'supportsCookies', 'createSessionToken', 'getUser'])

  388. 			->getMock();

  389. 

  390. 		$userSession->expects($this->once())

  391. 			->method('isTokenPassword')

  392. 			->will($this->returnValue(true));

  393. 		$userSession->expects($this->once())

  394. 			->method('login')

  395. 			->with('john', 'I-AM-AN-APP-PASSWORD')

  396. 			->will($this->returnValue(true));

  397. 

  398. 		$session->expects($this->once())

  399. 			->method('set')

  400. 			->with('app_password', 'I-AM-AN-APP-PASSWORD');

  401. 

  402. 		$this->assertTrue($userSession->logClientIn('john', 'I-AM-AN-APP-PASSWORD', $request));

  403. 	}

  404. 

  405. 	/**

  406. 	 * @expectedException \OC\Authentication\Exceptions\PasswordLoginForbiddenException

  407. 	 */

  408. 	public function testLogClientInNoTokenPasswordNo2fa() {

  409. 		$manager = $this->getMockBuilder('\OC\User\Manager')

  410. 			->disableOriginalConstructor()

  411. 			->getMock();

  412. 		$session = $this->getMock('\OCP\ISession');

  413. 		$user = $this->getMock('\OCP\IUser');

  414. 		$request = $this->getMock('\OCP\IRequest');

  415. 

  416. 		/** @var \OC\User\Session $userSession */

  417. 		$userSession = $this->getMockBuilder('\OC\User\Session')

  418. 			->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config])

  419. 			->setMethods(['login', 'isTwoFactorEnforced'])

  420. 			->getMock();

  421. 

  422. 		$this->tokenProvider->expects($this->once())

  423. 			->method('getToken')

  424. 			->with('doe')

  425. 			->will($this->throwException(new \OC\Authentication\Exceptions\InvalidTokenException()));

  426. 		$this->config->expects($this->once())

  427. 			->method('getSystemValue')

  428. 			->with('token_auth_enforced', false)

  429. 			->will($this->returnValue(false));

  430. 

  431. 		$userSession->expects($this->once())

  432. 			->method('isTwoFactorEnforced')

  433. 			->with('john')

  434. 			->will($this->returnValue(true));

  435. 

  436. 		$userSession->logClientIn('john', 'doe', $request);

  437. 	}

  438. 

  439. 	public function testRememberLoginValidToken() {

  440. 		$session = $this->getMock('\OC\Session\Memory', array(), array(''));

  441. 		$session->expects($this->exactly(1))

  442. 			->method('set')

  443. 			->with($this->callback(function ($key) {

  444. 					switch ($key) {

  445. 						case 'user_id':

  446. 							return true;

  447. 						default:

  448. 							return false;

  449. 					}

  450. 				}, 'foo'));

  451. 		$session->expects($this->once())

  452. 			->method('regenerateId');

  453. 

  454. 		$managerMethods = get_class_methods('\OC\User\Manager');

  455. 		//keep following methods intact in order to ensure hooks are

  456. 		//working

  457. 		$doNotMock = array('__construct', 'emit', 'listen');

  458. 		foreach ($doNotMock as $methodName) {

  459. 			$i = array_search($methodName, $managerMethods, true);

  460. 			if ($i !== false) {

  461. 				unset($managerMethods[$i]);

  462. 			}

  463. 		}

  464. 		$manager = $this->getMock('\OC\User\Manager', $managerMethods, array());

  465. 

  466. 		$backend = $this->getMock('\Test\Util\User\Dummy');

  467. 

  468. 		$user = $this->getMock('\OC\User\User', array(), array('foo', $backend));

  469. 

  470. 		$user->expects($this->any())

  471. 			->method('getUID')

  472. 			->will($this->returnValue('foo'));

  473. 		$user->expects($this->once())

  474. 			->method('updateLastLoginTimestamp');

  475. 

  476. 		$manager->expects($this->once())

  477. 			->method('get')

  478. 			->with('foo')

  479. 			->will($this->returnValue($user));

  480. 

  481. 		//prepare login token

  482. 		$token = 'goodToken';

  483. 		\OC::$server->getConfig()->setUserValue('foo', 'login_token', $token, time());

  484. 

  485. 		$userSession = $this->getMock(

  486. 			'\OC\User\Session',

  487. 			//override, otherwise tests will fail because of setcookie()

  488. 			array('setMagicInCookie'),

  489. 			//there  are passed as parameters to the constructor

  490. 			array($manager, $session, $this->timeFactory, $this->tokenProvider, $this->config));

  491. 

  492. 		$granted = $userSession->loginWithCookie('foo', $token);

  493. 

  494. 		$this->assertSame($granted, true);

  495. 	}

  496. 

  497. 	public function testRememberLoginInvalidToken() {

  498. 		$session = $this->getMock('\OC\Session\Memory', array(), array(''));

  499. 		$session->expects($this->never())

  500. 			->method('set');

  501. 		$session->expects($this->once())

  502. 			->method('regenerateId');

  503. 

  504. 		$managerMethods = get_class_methods('\OC\User\Manager');

  505. 		//keep following methods intact in order to ensure hooks are

  506. 		//working

  507. 		$doNotMock = array('__construct', 'emit', 'listen');

  508. 		foreach ($doNotMock as $methodName) {

  509. 			$i = array_search($methodName, $managerMethods, true);

  510. 			if ($i !== false) {

  511. 				unset($managerMethods[$i]);

  512. 			}

  513. 		}

  514. 		$manager = $this->getMock('\OC\User\Manager', $managerMethods, array());

  515. 

  516. 		$backend = $this->getMock('\Test\Util\User\Dummy');

  517. 

  518. 		$user = $this->getMock('\OC\User\User', array(), array('foo', $backend));

  519. 

  520. 		$user->expects($this->any())

  521. 			->method('getUID')

  522. 			->will($this->returnValue('foo'));

  523. 		$user->expects($this->never())

  524. 			->method('updateLastLoginTimestamp');

  525. 

  526. 		$manager->expects($this->once())

  527. 			->method('get')

  528. 			->with('foo')

  529. 			->will($this->returnValue($user));

  530. 

  531. 		//prepare login token

  532. 		$token = 'goodToken';

  533. 		\OC::$server->getConfig()->setUserValue('foo', 'login_token', $token, time());

  534. 

  535. 		$userSession = new \OC\User\Session($manager, $session, $this->timeFactory, $this->tokenProvider, $this->config);

  536. 		$granted = $userSession->loginWithCookie('foo', 'badToken');

  537. 

  538. 		$this->assertSame($granted, false);

  539. 	}

  540. 

  541. 	public function testRememberLoginInvalidUser() {

  542. 		$session = $this->getMock('\OC\Session\Memory', array(), array(''));

  543. 		$session->expects($this->never())

  544. 			->method('set');

  545. 		$session->expects($this->once())

  546. 			->method('regenerateId');

  547. 

  548. 		$managerMethods = get_class_methods('\OC\User\Manager');

  549. 		//keep following methods intact in order to ensure hooks are

  550. 		//working

  551. 		$doNotMock = array('__construct', 'emit', 'listen');

  552. 		foreach ($doNotMock as $methodName) {

  553. 			$i = array_search($methodName, $managerMethods, true);

  554. 			if ($i !== false) {

  555. 				unset($managerMethods[$i]);

  556. 			}

  557. 		}

  558. 		$manager = $this->getMock('\OC\User\Manager', $managerMethods, array());

  559. 

  560. 		$backend = $this->getMock('\Test\Util\User\Dummy');

  561. 

  562. 		$user = $this->getMock('\OC\User\User', array(), array('foo', $backend));

  563. 

  564. 		$user->expects($this->never())

  565. 			->method('getUID');

  566. 		$user->expects($this->never())

  567. 			->method('updateLastLoginTimestamp');

  568. 

  569. 		$manager->expects($this->once())

  570. 			->method('get')

  571. 			->with('foo')

  572. 			->will($this->returnValue(null));

  573. 

  574. 		//prepare login token

  575. 		$token = 'goodToken';

  576. 		\OC::$server->getConfig()->setUserValue('foo', 'login_token', $token, time());

  577. 

  578. 		$userSession = new \OC\User\Session($manager, $session, $this->timeFactory, $this->tokenProvider, $this->config);

  579. 		$granted = $userSession->loginWithCookie('foo', $token);

  580. 

  581. 		$this->assertSame($granted, false);

  582. 	}

  583. 

  584. 	public function testActiveUserAfterSetSession() {

  585. 		$users = array(

  586. 			'foo' => new User('foo', null),

  587. 			'bar' => new User('bar', null)

  588. 		);

  589. 

  590. 		$manager = $this->getMockBuilder('\OC\User\Manager')

  591. 			->disableOriginalConstructor()

  592. 			->getMock();

  593. 

  594. 		$manager->expects($this->any())

  595. 			->method('get')

  596. 			->will($this->returnCallback(function ($uid) use ($users) {

  597. 					return $users[$uid];

  598. 				}));

  599. 

  600. 		$session = new Memory('');

  601. 		$session->set('user_id', 'foo');

  602. 		$userSession = $this->getMockBuilder('\OC\User\Session')

  603. 			->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config])

  604. 			->setMethods([

  605. 				'validateSession'

  606. 			])

  607. 			->getMock();

  608. 		$userSession->expects($this->any())

  609. 			->method('validateSession');

  610. 

  611. 		$this->assertEquals($users['foo'], $userSession->getUser());

  612. 

  613. 		$session2 = new Memory('');

  614. 		$session2->set('user_id', 'bar');

  615. 		$userSession->setSession($session2);

  616. 		$this->assertEquals($users['bar'], $userSession->getUser());

  617. 	}

  618. 

  619. 	public function testCreateSessionToken() {

  620. 		$manager = $this->getMockBuilder('\OC\User\Manager')

  621. 			->disableOriginalConstructor()

  622. 			->getMock();

  623. 		$session = $this->getMock('\OCP\ISession');

  624. 		$token = $this->getMock('\OC\Authentication\Token\IToken');

  625. 		$user = $this->getMock('\OCP\IUser');

  626. 		$userSession = new \OC\User\Session($manager, $session, $this->timeFactory, $this->tokenProvider, $this->config);

  627. 

  628. 		$random = $this->getMock('\OCP\Security\ISecureRandom');

  629. 		$config = $this->getMock('\OCP\IConfig');

  630. 		$csrf = $this->getMockBuilder('\OC\Security\CSRF\CsrfTokenManager')

  631. 			->disableOriginalConstructor()

  632. 			->getMock();

  633. 		$request = new \OC\AppFramework\Http\Request([

  634. 			'server' => [

  635. 				'HTTP_USER_AGENT' => 'Firefox',

  636. 			]

  637. 		], $random, $config, $csrf);

  638. 

  639. 		$uid = 'user123';

  640. 		$loginName = 'User123';

  641. 		$password = 'passme';

  642. 		$sessionId = 'abcxyz';

  643. 

  644. 		$manager->expects($this->once())

  645. 			->method('get')

  646. 			->with($uid)

  647. 			->will($this->returnValue($user));

  648. 		$session->expects($this->once())

  649. 			->method('getId')

  650. 			->will($this->returnValue($sessionId));

  651. 		$this->tokenProvider->expects($this->once())

  652. 			->method('getToken')

  653. 			->with($password)

  654. 			->will($this->throwException(new \OC\Authentication\Exceptions\InvalidTokenException()));

  655. 		

  656. 		$this->tokenProvider->expects($this->once())

  657. 			->method('generateToken')

  658. 			->with($sessionId, $uid, $loginName, $password, 'Firefox');

  659. 

  660. 		$this->assertTrue($userSession->createSessionToken($request, $uid, $loginName, $password));

  661. 	}

  662. 

  663. 	public function testCreateSessionTokenWithTokenPassword() {

  664. 		$manager = $this->getMockBuilder('\OC\User\Manager')

  665. 			->disableOriginalConstructor()

  666. 			->getMock();

  667. 		$session = $this->getMock('\OCP\ISession');

  668. 		$token = $this->getMock('\OC\Authentication\Token\IToken');

  669. 		$user = $this->getMock('\OCP\IUser');

  670. 		$userSession = new \OC\User\Session($manager, $session, $this->timeFactory, $this->tokenProvider, $this->config);

  671. 

  672. 		$random = $this->getMock('\OCP\Security\ISecureRandom');

  673. 		$config = $this->getMock('\OCP\IConfig');

  674. 		$csrf = $this->getMockBuilder('\OC\Security\CSRF\CsrfTokenManager')

  675. 			->disableOriginalConstructor()

  676. 			->getMock();

  677. 		$request = new \OC\AppFramework\Http\Request([

  678. 			'server' => [

  679. 				'HTTP_USER_AGENT' => 'Firefox',

  680. 			]

  681. 		], $random, $config, $csrf);

  682. 

  683. 		$uid = 'user123';

  684. 		$loginName = 'User123';

  685. 		$password = 'iamatoken';

  686. 		$realPassword = 'passme';

  687. 		$sessionId = 'abcxyz';

  688. 

  689. 		$manager->expects($this->once())

  690. 			->method('get')

  691. 			->with($uid)

  692. 			->will($this->returnValue($user));

  693. 		$session->expects($this->once())

  694. 			->method('getId')

  695. 			->will($this->returnValue($sessionId));

  696. 		$this->tokenProvider->expects($this->once())

  697. 			->method('getToken')

  698. 			->with($password)

  699. 			->will($this->returnValue($token));

  700. 		$this->tokenProvider->expects($this->once())

  701. 			->method('getPassword')

  702. 			->with($token, $password)

  703. 			->will($this->returnValue($realPassword));

  704. 		

  705. 		$this->tokenProvider->expects($this->once())

  706. 			->method('generateToken')

  707. 			->with($sessionId, $uid, $loginName, $realPassword, 'Firefox');

  708. 

  709. 		$this->assertTrue($userSession->createSessionToken($request, $uid, $loginName, $password));

  710. 	}

  711. 

  712. 	public function testCreateSessionTokenWithNonExistentUser() {

  713. 		$manager = $this->getMockBuilder('\OC\User\Manager')

  714. 			->disableOriginalConstructor()

  715. 			->getMock();

  716. 		$session = $this->getMock('\OCP\ISession');

  717. 		$userSession = new \OC\User\Session($manager, $session, $this->timeFactory, $this->tokenProvider, $this->config);

  718. 		$request = $this->getMock('\OCP\IRequest');

  719. 

  720. 		$uid = 'user123';

  721. 		$loginName = 'User123';

  722. 		$password = 'passme';

  723. 

  724. 		$manager->expects($this->once())

  725. 			->method('get')

  726. 			->with($uid)

  727. 			->will($this->returnValue(null));

  728. 		

  729. 		$this->assertFalse($userSession->createSessionToken($request, $uid, $loginName, $password));

  730. 	}

  731. 

  732. 	public function testTryTokenLoginWithDisabledUser() {

  733. 		$manager = $this->getMockBuilder('\OC\User\Manager')

  734. 			->disableOriginalConstructor()

  735. 			->getMock();

  736. 		$session = new Memory('');

  737. 		$token = new \OC\Authentication\Token\DefaultToken();

  738. 		$token->setLoginName('fritz');

  739. 		$token->setUid('fritz0');

  740. 		$token->setLastCheck(100); // Needs check

  741. 		$user = $this->getMock('\OCP\IUser');

  742. 		$userSession = $this->getMockBuilder('\OC\User\Session')

  743. 			->setMethods(['logout'])

  744. 			->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config])

  745. 			->getMock();

  746. 		$request = $this->getMock('\OCP\IRequest');

  747. 

  748. 		$request->expects($this->once())

  749. 			->method('getHeader')

  750. 			->with('Authorization')

  751. 			->will($this->returnValue('token xxxxx'));

  752. 		$this->tokenProvider->expects($this->once())

  753. 			->method('getToken')

  754. 			->with('xxxxx')

  755. 			->will($this->returnValue($token));

  756. 		$manager->expects($this->once())

  757. 			->method('get')

  758. 			->with('fritz0')

  759. 			->will($this->returnValue($user));

  760. 		$user->expects($this->once())

  761. 			->method('isEnabled')

  762. 			->will($this->returnValue(false));

  763. 

  764. 		$this->assertFalse($userSession->tryTokenLogin($request));

  765. 	}

  766. 

  767. 	public function testValidateSessionDisabledUser() {

  768. 		$userManager = $this->getMock('\OCP\IUserManager');

  769. 		$session = $this->getMock('\OCP\ISession');

  770. 		$timeFactory = $this->getMock('\OCP\AppFramework\Utility\ITimeFactory');

  771. 		$tokenProvider = $this->getMock('\OC\Authentication\Token\IProvider');

  772. 		$userSession = $this->getMockBuilder('\OC\User\Session')

  773. 			->setConstructorArgs([$userManager, $session, $timeFactory, $tokenProvider, $this->config])

  774. 			->setMethods(['logout'])

  775. 			->getMock();

  776. 

  777. 		$user = $this->getMock('\OCP\IUser');

  778. 		$token = new \OC\Authentication\Token\DefaultToken();

  779. 		$token->setLoginName('susan');

  780. 		$token->setLastCheck(20);

  781. 

  782. 		$session->expects($this->once())

  783. 			->method('get')

  784. 			->with('app_password')

  785. 			->will($this->returnValue('APP-PASSWORD'));

  786. 		$tokenProvider->expects($this->once())

  787. 			->method('getToken')

  788. 			->with('APP-PASSWORD')

  789. 			->will($this->returnValue($token));

  790. 		$timeFactory->expects($this->once())

  791. 			->method('getTime')

  792. 			->will($this->returnValue(1000)); // more than 5min since last check

  793. 		$tokenProvider->expects($this->once())

  794. 			->method('getPassword')

  795. 			->with($token, 'APP-PASSWORD')

  796. 			->will($this->returnValue('123456'));

  797. 		$userManager->expects($this->once())

  798. 			->method('checkPassword')

  799. 			->with('susan', '123456')

  800. 			->will($this->returnValue(true));

  801. 		$user->expects($this->once())

  802. 			->method('isEnabled')

  803. 			->will($this->returnValue(false));

  804. 		$tokenProvider->expects($this->once())

  805. 			->method('invalidateToken')

  806. 			->with('APP-PASSWORD');

  807. 		$userSession->expects($this->once())

  808. 			->method('logout');

  809. 

  810. 		$userSession->setUser($user);

  811. 		$this->invokePrivate($userSession, 'validateSession');

  812. 	}

  813. 

  814. 	public function testValidateSessionNoPassword() {

  815. 		$userManager = $this->getMock('\OCP\IUserManager');

  816. 		$session = $this->getMock('\OCP\ISession');

  817. 		$timeFactory = $this->getMock('\OCP\AppFramework\Utility\ITimeFactory');

  818. 		$tokenProvider = $this->getMock('\OC\Authentication\Token\IProvider');

  819. 		$userSession = $this->getMockBuilder('\OC\User\Session')

  820. 			->setConstructorArgs([$userManager, $session, $timeFactory, $tokenProvider, $this->config])

  821. 			->setMethods(['logout'])

  822. 			->getMock();

  823. 

  824. 		$user = $this->getMock('\OCP\IUser');

  825. 		$token = new \OC\Authentication\Token\DefaultToken();

  826. 		$token->setLastCheck(20);

  827. 

  828. 		$session->expects($this->once())

  829. 			->method('get')

  830. 			->with('app_password')

  831. 			->will($this->returnValue('APP-PASSWORD'));

  832. 		$tokenProvider->expects($this->once())

  833. 			->method('getToken')

  834. 			->with('APP-PASSWORD')

  835. 			->will($this->returnValue($token));

  836. 		$timeFactory->expects($this->once())

  837. 			->method('getTime')

  838. 			->will($this->returnValue(1000)); // more than 5min since last check

  839. 		$tokenProvider->expects($this->once())

  840. 			->method('getPassword')

  841. 			->with($token, 'APP-PASSWORD')

  842. 			->will($this->throwException(new \OC\Authentication\Exceptions\PasswordlessTokenException()));

  843. 		$tokenProvider->expects($this->once())

  844. 			->method('updateToken')

  845. 			->with($token);

  846. 

  847. 		$this->invokePrivate($userSession, 'validateSession', [$user]);

  848. 

  849. 		$this->assertEquals(1000, $token->getLastCheck());

  850. 	}

  851. 

  852. 	public function testUpdateSessionTokenPassword() {

  853. 		$userManager = $this->getMock('\OCP\IUserManager');

  854. 		$session = $this->getMock('\OCP\ISession');

  855. 		$timeFactory = $this->getMock('\OCP\AppFramework\Utility\ITimeFactory');

  856. 		$tokenProvider = $this->getMock('\OC\Authentication\Token\IProvider');

  857. 		$userSession = new \OC\User\Session($userManager, $session, $timeFactory, $tokenProvider, $this->config);

  858. 

  859. 		$password = '123456';

  860. 		$sessionId ='session1234';

  861. 		$token = new \OC\Authentication\Token\DefaultToken();

  862. 

  863. 		$session->expects($this->once())

  864. 			->method('getId')

  865. 			->will($this->returnValue($sessionId));

  866. 		$tokenProvider->expects($this->once())

  867. 			->method('getToken')

  868. 			->with($sessionId)

  869. 			->will($this->returnValue($token));

  870. 		$tokenProvider->expects($this->once())

  871. 			->method('setPassword')

  872. 			->with($token, $sessionId, $password);

  873. 

  874. 		$userSession->updateSessionTokenPassword($password);

  875. 	}

  876. 

  877. 	public function testUpdateSessionTokenPasswordNoSessionAvailable() {

  878. 		$userManager = $this->getMock('\OCP\IUserManager');

  879. 		$session = $this->getMock('\OCP\ISession');

  880. 		$timeFactory = $this->getMock('\OCP\AppFramework\Utility\ITimeFactory');

  881. 		$tokenProvider = $this->getMock('\OC\Authentication\Token\IProvider');

  882. 		$userSession = new \OC\User\Session($userManager, $session, $timeFactory, $tokenProvider, $this->config);

  883. 

  884. 		$session->expects($this->once())

  885. 			->method('getId')

  886. 			->will($this->throwException(new \OCP\Session\Exceptions\SessionNotAvailableException()));

  887. 

  888. 		$userSession->updateSessionTokenPassword('1234');

  889. 	}

  890. 

  891. 	public function testUpdateSessionTokenPasswordInvalidTokenException() {

  892. 		$userManager = $this->getMock('\OCP\IUserManager');

  893. 		$session = $this->getMock('\OCP\ISession');

  894. 		$timeFactory = $this->getMock('\OCP\AppFramework\Utility\ITimeFactory');

  895. 		$tokenProvider = $this->getMock('\OC\Authentication\Token\IProvider');

  896. 		$userSession = new \OC\User\Session($userManager, $session, $timeFactory, $tokenProvider, $this->config);

  897. 

  898. 		$password = '123456';

  899. 		$sessionId ='session1234';

  900. 		$token = new \OC\Authentication\Token\DefaultToken();

  901. 

  902. 		$session->expects($this->once())

  903. 			->method('getId')

  904. 			->will($this->returnValue($sessionId));

  905. 		$tokenProvider->expects($this->once())

  906. 			->method('getToken')

  907. 			->with($sessionId)

  908. 			->will($this->returnValue($token));

  909. 		$tokenProvider->expects($this->once())

  910. 			->method('setPassword')

  911. 			->with($token, $sessionId, $password)

  912. 			->will($this->throwException(new \OC\Authentication\Exceptions\InvalidTokenException()));

  913. 

  914. 		$userSession->updateSessionTokenPassword($password);

  915. 	}

  916. 

  917. }