mirrors
/
nextcloud
mirror of https://github.com/nextcloud/server.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 993 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
50321 Commits
415 Branches
Tree: 6d20876eb2
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '6d20876eb2'
${ noResults }
nextcloud/tests/Core/Controller/TwoFactorChallengeControlle...

TwoFactorChallengeControllerTest.php 14KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447 
  1. <?php

  2. 

  3. /**

  4.  * @author Christoph Wurst <christoph@owncloud.com>

  5.  *

  6.  * @copyright Copyright (c) 2016, ownCloud, Inc.

  7.  * @license AGPL-3.0

  8.  *

  9.  * This code is free software: you can redistribute it and/or modify

  10.  * it under the terms of the GNU Affero General Public License, version 3,

  11.  * as published by the Free Software Foundation.

  12.  *

  13.  * This program is distributed in the hope that it will be useful,

  14.  * but WITHOUT ANY WARRANTY; without even the implied warranty of

  15.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

  16.  * GNU Affero General Public License for more details.

  17.  *

  18.  * You should have received a copy of the GNU Affero General Public License, version 3,

  19.  * along with this program.  If not, see <http://www.gnu.org/licenses/>

  20.  *

  21.  */

  22. 

  23. namespace Test\Core\Controller;

  24. 

  25. use OC\Authentication\TwoFactorAuth\Manager;

  26. use OC\Authentication\TwoFactorAuth\ProviderSet;

  27. use OC\Core\Controller\TwoFactorChallengeController;

  28. use OC_Util;

  29. use OCP\AppFramework\Http\RedirectResponse;

  30. use OCP\AppFramework\Http\StandaloneTemplateResponse;

  31. use OCP\Authentication\TwoFactorAuth\IActivatableAtLogin;

  32. use OCP\Authentication\TwoFactorAuth\ILoginSetupProvider;

  33. use OCP\Authentication\TwoFactorAuth\IProvider;

  34. use OCP\Authentication\TwoFactorAuth\TwoFactorException;

  35. use OCP\IRequest;

  36. use OCP\ISession;

  37. use OCP\IURLGenerator;

  38. use OCP\IUser;

  39. use OCP\IUserSession;

  40. use OCP\Template;

  41. use PHPUnit_Framework_MockObject_MockObject;

  42. use Test\TestCase;

  43. 

  44. class TwoFactorChallengeControllerTest extends TestCase {

  45. 

  46. 	/** @var IRequest|PHPUnit_Framework_MockObject_MockObject */

  47. 	private $request;

  48. 

  49. 	/** @var Manager|PHPUnit_Framework_MockObject_MockObject */

  50. 	private $twoFactorManager;

  51. 

  52. 	/** @var IUserSession|PHPUnit_Framework_MockObject_MockObject */

  53. 	private $userSession;

  54. 

  55. 	/** @var ISession|PHPUnit_Framework_MockObject_MockObject */

  56. 	private $session;

  57. 

  58. 	/** @var IURLGenerator|PHPUnit_Framework_MockObject_MockObject */

  59. 	private $urlGenerator;

  60. 

  61. 	/** @var TwoFactorChallengeController|PHPUnit_Framework_MockObject_MockObject */

  62. 	private $controller;

  63. 

  64. 	protected function setUp() {

  65. 		parent::setUp();

  66. 

  67. 		$this->request = $this->createMock(IRequest::class);

  68. 		$this->twoFactorManager = $this->createMock(Manager::class);

  69. 		$this->userSession = $this->createMock(IUserSession::class);

  70. 		$this->session = $this->createMock(ISession::class);

  71. 		$this->urlGenerator = $this->createMock(IURLGenerator::class);

  72. 

  73. 		$this->controller = $this->getMockBuilder(TwoFactorChallengeController::class)

  74. 			->setConstructorArgs([

  75. 				'core',

  76. 				$this->request,

  77. 				$this->twoFactorManager,

  78. 				$this->userSession,

  79. 				$this->session,

  80. 				$this->urlGenerator,

  81. 			])

  82. 			->setMethods(['getLogoutUrl'])

  83. 			->getMock();

  84. 		$this->controller->expects($this->any())

  85. 			->method('getLogoutUrl')

  86. 			->willReturn('logoutAttribute');

  87. 	}

  88. 

  89. 	public function testSelectChallenge() {

  90. 		$user = $this->getMockBuilder(IUser::class)->getMock();

  91. 		$p1 = $this->createMock(IActivatableAtLogin::class);

  92. 		$p1->method('getId')->willReturn('p1');

  93. 		$backupProvider = $this->createMock(IProvider::class);

  94. 		$backupProvider->method('getId')->willReturn('backup_codes');

  95. 		$providerSet = new ProviderSet([$p1, $backupProvider], true);

  96. 		$this->twoFactorManager->expects($this->once())

  97. 			->method('getLoginSetupProviders')

  98. 			->with($user)

  99. 			->willReturn([$p1]);

  100. 

  101. 		$this->userSession->expects($this->once())

  102. 			->method('getUser')

  103. 			->will($this->returnValue($user));

  104. 		$this->twoFactorManager->expects($this->once())

  105. 			->method('getProviderSet')

  106. 			->with($user)

  107. 			->will($this->returnValue($providerSet));

  108. 

  109. 		$expected = new StandaloneTemplateResponse('core', 'twofactorselectchallenge', [

  110. 			'providers' => [

  111. 				$p1,

  112. 			],

  113. 			'providerMissing' => true,

  114. 			'backupProvider' => $backupProvider,

  115. 			'redirect_url' => '/some/url',

  116. 			'logout_url' => 'logoutAttribute',

  117. 			'hasSetupProviders' => true,

  118. 		], 'guest');

  119. 

  120. 		$this->assertEquals($expected, $this->controller->selectChallenge('/some/url'));

  121. 	}

  122. 

  123. 	public function testShowChallenge() {

  124. 		$user = $this->createMock(IUser::class);

  125. 		$provider = $this->createMock(IProvider::class);

  126. 		$provider->method('getId')->willReturn('myprovider');

  127. 		$backupProvider = $this->createMock(IProvider::class);

  128. 		$backupProvider->method('getId')->willReturn('backup_codes');

  129. 		$tmpl = $this->createMock(Template::class);

  130. 		$providerSet = new ProviderSet([$provider, $backupProvider], true);

  131. 

  132. 		$this->userSession->expects($this->once())

  133. 			->method('getUser')

  134. 			->will($this->returnValue($user));

  135. 		$this->twoFactorManager->expects($this->once())

  136. 			->method('getProviderSet')

  137. 			->with($user)

  138. 			->will($this->returnValue($providerSet));

  139. 		$provider->expects($this->once())

  140. 			->method('getId')

  141. 			->will($this->returnValue('u2f'));

  142. 		$backupProvider->expects($this->once())

  143. 			->method('getId')

  144. 			->will($this->returnValue('backup_codes'));

  145. 

  146. 		$this->session->expects($this->once())

  147. 			->method('exists')

  148. 			->with('two_factor_auth_error')

  149. 			->will($this->returnValue(true));

  150. 		$this->session->expects($this->exactly(2))

  151. 			->method('remove')

  152. 			->with($this->logicalOr($this->equalTo('two_factor_auth_error'), $this->equalTo('two_factor_auth_error_message')));

  153. 		$provider->expects($this->once())

  154. 			->method('getTemplate')

  155. 			->with($user)

  156. 			->will($this->returnValue($tmpl));

  157. 		$tmpl->expects($this->once())

  158. 			->method('fetchPage')

  159. 			->will($this->returnValue('<html/>'));

  160. 

  161. 		$expected = new StandaloneTemplateResponse('core', 'twofactorshowchallenge', [

  162. 			'error' => true,

  163. 			'provider' => $provider,

  164. 			'backupProvider' => $backupProvider,

  165. 			'logout_url' => 'logoutAttribute',

  166. 			'template' => '<html/>',

  167. 			'redirect_url' => '/re/dir/ect/url',

  168. 			'error_message' => null,

  169. 		], 'guest');

  170. 

  171. 		$this->assertEquals($expected, $this->controller->showChallenge('myprovider', '/re/dir/ect/url'));

  172. 	}

  173. 

  174. 	public function testShowInvalidChallenge() {

  175. 		$user = $this->createMock(IUser::class);

  176. 		$providerSet = new ProviderSet([], false);

  177. 

  178. 		$this->userSession->expects($this->once())

  179. 			->method('getUser')

  180. 			->will($this->returnValue($user));

  181. 		$this->twoFactorManager->expects($this->once())

  182. 			->method('getProviderSet')

  183. 			->with($user)

  184. 			->will($this->returnValue($providerSet));

  185. 		$this->urlGenerator->expects($this->once())

  186. 			->method('linkToRoute')

  187. 			->with('core.TwoFactorChallenge.selectChallenge')

  188. 			->will($this->returnValue('select/challenge/url'));

  189. 

  190. 		$expected = new RedirectResponse('select/challenge/url');

  191. 

  192. 		$this->assertEquals($expected, $this->controller->showChallenge('myprovider', 'redirect/url'));

  193. 	}

  194. 

  195. 	public function testSolveChallenge() {

  196. 		$user = $this->createMock(IUser::class);

  197. 		$provider = $this->createMock(IProvider::class);

  198. 

  199. 		$this->userSession->expects($this->once())

  200. 			->method('getUser')

  201. 			->will($this->returnValue($user));

  202. 		$this->twoFactorManager->expects($this->once())

  203. 			->method('getProvider')

  204. 			->with($user, 'myprovider')

  205. 			->will($this->returnValue($provider));

  206. 

  207. 		$this->twoFactorManager->expects($this->once())

  208. 			->method('verifyChallenge')

  209. 			->with('myprovider', $user, 'token')

  210. 			->will($this->returnValue(true));

  211. 

  212. 		$expected = new RedirectResponse(OC_Util::getDefaultPageUrl());

  213. 		$this->assertEquals($expected, $this->controller->solveChallenge('myprovider', 'token'));

  214. 	}

  215. 

  216. 	public function testSolveValidChallengeAndRedirect() {

  217. 		$user = $this->createMock(IUser::class);

  218. 		$provider = $this->createMock(IProvider::class);

  219. 

  220. 		$this->userSession->expects($this->once())

  221. 			->method('getUser')

  222. 			->will($this->returnValue($user));

  223. 		$this->twoFactorManager->expects($this->once())

  224. 			->method('getProvider')

  225. 			->with($user, 'myprovider')

  226. 			->will($this->returnValue($provider));

  227. 

  228. 		$this->twoFactorManager->expects($this->once())

  229. 			->method('verifyChallenge')

  230. 			->with('myprovider', $user, 'token')

  231. 			->willReturn(true);

  232. 		$this->urlGenerator->expects($this->once())

  233. 			->method('getAbsoluteURL')

  234. 			->with('redirect url')

  235. 			->willReturn('redirect/url');

  236. 

  237. 		$expected = new RedirectResponse('redirect/url');

  238. 		$this->assertEquals($expected, $this->controller->solveChallenge('myprovider', 'token', 'redirect%20url'));

  239. 	}

  240. 

  241. 	public function testSolveChallengeInvalidProvider() {

  242. 		$user = $this->getMockBuilder(IUser::class)->getMock();

  243. 

  244. 		$this->userSession->expects($this->once())

  245. 			->method('getUser')

  246. 			->will($this->returnValue($user));

  247. 		$this->twoFactorManager->expects($this->once())

  248. 			->method('getProvider')

  249. 			->with($user, 'myprovider')

  250. 			->will($this->returnValue(null));

  251. 		$this->urlGenerator->expects($this->once())

  252. 			->method('linkToRoute')

  253. 			->with('core.TwoFactorChallenge.selectChallenge')

  254. 			->will($this->returnValue('select/challenge/url'));

  255. 

  256. 		$expected = new RedirectResponse('select/challenge/url');

  257. 

  258. 		$this->assertEquals($expected, $this->controller->solveChallenge('myprovider', 'token'));

  259. 	}

  260. 

  261. 	public function testSolveInvalidChallenge() {

  262. 		$user = $this->createMock(IUser::class);

  263. 		$provider = $this->createMock(IProvider::class);

  264. 

  265. 		$this->userSession->expects($this->once())

  266. 			->method('getUser')

  267. 			->will($this->returnValue($user));

  268. 		$this->twoFactorManager->expects($this->once())

  269. 			->method('getProvider')

  270. 			->with($user, 'myprovider')

  271. 			->will($this->returnValue($provider));

  272. 

  273. 		$this->twoFactorManager->expects($this->once())

  274. 			->method('verifyChallenge')

  275. 			->with('myprovider', $user, 'token')

  276. 			->will($this->returnValue(false));

  277. 		$this->session->expects($this->once())

  278. 			->method('set')

  279. 			->with('two_factor_auth_error', true);

  280. 		$this->urlGenerator->expects($this->once())

  281. 			->method('linkToRoute')

  282. 			->with('core.TwoFactorChallenge.showChallenge', [

  283. 				'challengeProviderId' => 'myprovider',

  284. 				'redirect_url' => '/url',

  285. 			])

  286. 			->will($this->returnValue('files/index/url'));

  287. 		$provider->expects($this->once())

  288. 			->method('getId')

  289. 			->will($this->returnValue('myprovider'));

  290. 

  291. 		$expected = new RedirectResponse('files/index/url');

  292. 		$this->assertEquals($expected, $this->controller->solveChallenge('myprovider', 'token', '/url'));

  293. 	}

  294. 

  295. 	public function testSolveChallengeTwoFactorException() {

  296. 		$user = $this->createMock(IUser::class);

  297. 		$provider = $this->createMock(IProvider::class);

  298. 		$exception = new TwoFactorException("2FA failed");

  299. 

  300. 		$this->userSession->expects($this->once())

  301. 			->method('getUser')

  302. 			->will($this->returnValue($user));

  303. 		$this->twoFactorManager->expects($this->once())

  304. 			->method('getProvider')

  305. 			->with($user, 'myprovider')

  306. 			->will($this->returnValue($provider));

  307. 

  308. 		$this->twoFactorManager->expects($this->once())

  309. 			->method('verifyChallenge')

  310. 			->with('myprovider', $user, 'token')

  311. 			->will($this->throwException($exception));

  312. 		$this->session->expects($this->at(0))

  313. 			->method('set')

  314. 			->with('two_factor_auth_error_message', "2FA failed");

  315. 		$this->session->expects($this->at(1))

  316. 			->method('set')

  317. 			->with('two_factor_auth_error', true);

  318. 		$this->urlGenerator->expects($this->once())

  319. 			->method('linkToRoute')

  320. 			->with('core.TwoFactorChallenge.showChallenge', [

  321. 				'challengeProviderId' => 'myprovider',

  322. 				'redirect_url' => '/url',

  323. 			])

  324. 			->will($this->returnValue('files/index/url'));

  325. 		$provider->expects($this->once())

  326. 			->method('getId')

  327. 			->will($this->returnValue('myprovider'));

  328. 

  329. 		$expected = new RedirectResponse('files/index/url');

  330. 		$this->assertEquals($expected, $this->controller->solveChallenge('myprovider', 'token', '/url'));

  331. 	}

  332. 

  333. 	public function testSetUpProviders() {

  334. 		$user = $this->createMock(IUser::class);

  335. 		$this->userSession->expects($this->once())

  336. 			->method('getUser')

  337. 			->will($this->returnValue($user));

  338. 		$provider = $this->createMock(IActivatableAtLogin::class);

  339. 		$this->twoFactorManager->expects($this->once())

  340. 			->method('getLoginSetupProviders')

  341. 			->with($user)

  342. 			->willReturn([

  343. 				$provider,

  344. 			]);

  345. 		$expected = new StandaloneTemplateResponse(

  346. 			'core',

  347. 			'twofactorsetupselection',

  348. 			[

  349. 				'providers' => [

  350. 					$provider,

  351. 				],

  352. 				'logout_url' => 'logoutAttribute',

  353. 			],

  354. 			'guest'

  355. 		);

  356. 

  357. 		$response = $this->controller->setupProviders();

  358. 

  359. 		$this->assertEquals($expected, $response);

  360. 	}

  361. 

  362. 	public function testSetUpInvalidProvider() {

  363. 		$user = $this->createMock(IUser::class);

  364. 		$this->userSession->expects($this->once())

  365. 			->method('getUser')

  366. 			->will($this->returnValue($user));

  367. 		$provider = $this->createMock(IActivatableAtLogin::class);

  368. 		$provider->expects($this->any())

  369. 			->method('getId')

  370. 			->willReturn('prov1');

  371. 		$this->twoFactorManager->expects($this->once())

  372. 			->method('getLoginSetupProviders')

  373. 			->with($user)

  374. 			->willReturn([

  375. 				$provider,

  376. 			]);

  377. 		$this->urlGenerator->expects($this->once())

  378. 			->method('linkToRoute')

  379. 			->with('core.TwoFactorChallenge.selectChallenge')

  380. 			->willReturn('2fa/select/page');

  381. 		$expected = new RedirectResponse('2fa/select/page');

  382. 

  383. 		$response = $this->controller->setupProvider('prov2');

  384. 

  385. 		$this->assertEquals($expected, $response);

  386. 	}

  387. 

  388. 	public function testSetUpProvider() {

  389. 		$user = $this->createMock(IUser::class);

  390. 		$this->userSession->expects($this->once())

  391. 			->method('getUser')

  392. 			->will($this->returnValue($user));

  393. 		$provider = $this->createMock(IActivatableAtLogin::class);

  394. 		$provider->expects($this->any())

  395. 			->method('getId')

  396. 			->willReturn('prov1');

  397. 		$this->twoFactorManager->expects($this->once())

  398. 			->method('getLoginSetupProviders')

  399. 			->with($user)

  400. 			->willReturn([

  401. 				$provider,

  402. 			]);

  403. 		$loginSetup = $this->createMock(ILoginSetupProvider::class);

  404. 		$provider->expects($this->any())

  405. 			->method('getLoginSetup')

  406. 			->with($user)

  407. 			->willReturn($loginSetup);

  408. 		$tmpl = $this->createMock(Template::class);

  409. 		$loginSetup->expects($this->once())

  410. 			->method('getBody')

  411. 			->willReturn($tmpl);

  412. 		$tmpl->expects($this->once())

  413. 			->method('fetchPage')

  414. 			->willReturn('tmpl');

  415. 		$expected = new StandaloneTemplateResponse(

  416. 			'core',

  417. 			'twofactorsetupchallenge',

  418. 			[

  419. 				'provider' => $provider,

  420. 				'logout_url' => 'logoutAttribute',

  421. 				'template' => 'tmpl',

  422. 			],

  423. 			'guest'

  424. 		);

  425. 

  426. 		$response = $this->controller->setupProvider('prov1');

  427. 

  428. 		$this->assertEquals($expected, $response);

  429. 	}

  430. 

  431. 	public function testConfirmProviderSetup() {

  432. 		$this->urlGenerator->expects($this->once())

  433. 			->method('linkToRoute')

  434. 			->with(

  435. 				'core.TwoFactorChallenge.showChallenge',

  436. 				[

  437. 					'challengeProviderId' => 'totp',

  438. 				])

  439. 			->willReturn('2fa/select/page');

  440. 		$expected = new RedirectResponse('2fa/select/page');

  441. 

  442. 		$response = $this->controller->confirmProviderSetup('totp');

  443. 

  444. 		$this->assertEquals($expected, $response);

  445. 	}

  446. 

  447. }