diff options
| author | Daniel <mail@danielkesselberg.de> | 2024-06-12 19:31:50 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-06-12 19:31:50 +0200 |
| commit | a41941692d116b85f386c22004840f5deee2b90e (patch) | |
| tree | fbb79bd28e33d0a4794cea45c1907feb7cfa9c07 | |
| parent | 3a17ec6db7c765aed45efac6a5f15d3bbb59b75f (diff) | |
| parent | 73703eb2768adf592c8895ae0d519337a44b1491 (diff) | |
| download | nextcloud-server-a41941692d116b85f386c22004840f5deee2b90e.tar.gz nextcloud-server-a41941692d116b85f386c22004840f5deee2b90e.zip | |
Merge pull request #45821 from nextcloud/backport/45811/stable29
[stable29] test: add tests for ProfilePageController
| -rw-r--r-- | core/Controller/ProfilePageController.php | 13 | ||||
| -rw-r--r-- | tests/Core/Controller/ProfilePageControllerTest.php | 78 |
2 files changed, 89 insertions, 2 deletions
diff --git a/core/Controller/ProfilePageController.php b/core/Controller/ProfilePageController.php index c3a33d6bbda..4ff2a661fb0 100644 --- a/core/Controller/ProfilePageController.php +++ b/core/Controller/ProfilePageController.php @@ -29,14 +29,16 @@ namespace OC\Core\Controller; use OC\Profile\ProfileManager; use OCP\AppFramework\Controller; +use OCP\AppFramework\Http\Attribute\AnonRateLimit; +use OCP\AppFramework\Http\Attribute\BruteForceProtection; use OCP\AppFramework\Http\Attribute\FrontpageRoute; use OCP\AppFramework\Http\Attribute\OpenAPI; +use OCP\AppFramework\Http\Attribute\UserRateLimit; use OCP\AppFramework\Http\TemplateResponse; use OCP\AppFramework\Services\IInitialState; use OCP\EventDispatcher\IEventDispatcher; use OCP\INavigationManager; use OCP\IRequest; -use OCP\IUser; use OCP\IUserManager; use OCP\IUserSession; use OCP\Profile\BeforeTemplateRenderedEvent; @@ -67,6 +69,9 @@ class ProfilePageController extends Controller { * @NoSubAdminRequired */ #[FrontpageRoute(verb: 'GET', url: '/u/{targetUserId}')] + #[BruteForceProtection(action: 'user')] + #[UserRateLimit(limit: 30, period: 120)] + #[AnonRateLimit(limit: 30, period: 120)] public function index(string $targetUserId): TemplateResponse { $profileNotFoundTemplate = new TemplateResponse( 'core', @@ -76,7 +81,11 @@ class ProfilePageController extends Controller { ); $targetUser = $this->userManager->get($targetUserId); - if (!($targetUser instanceof IUser) || !$targetUser->isEnabled()) { + if ($targetUser === null) { + $profileNotFoundTemplate->throttle(); + return $profileNotFoundTemplate; + } + if (!$targetUser->isEnabled()) { return $profileNotFoundTemplate; } $visitingUser = $this->userSession->getUser(); diff --git a/tests/Core/Controller/ProfilePageControllerTest.php b/tests/Core/Controller/ProfilePageControllerTest.php new file mode 100644 index 00000000000..361f93ff409 --- /dev/null +++ b/tests/Core/Controller/ProfilePageControllerTest.php @@ -0,0 +1,78 @@ +<?php + +declare(strict_types=1); + +/** + * SPDX-FileCopyrightText: 2024 Nextcloud GmbH and Nextcloud contributors + * SPDX-License-Identifier: AGPL-3.0-or-later + */ + +namespace Core\Controller; + +use OC\Core\Controller\ProfilePageController; +use OC\Profile\ProfileManager; +use OC\UserStatus\Manager; +use OCP\AppFramework\Services\IInitialState; +use OCP\EventDispatcher\IEventDispatcher; +use OCP\INavigationManager; +use OCP\IRequest; +use OCP\IUser; +use OCP\IUserManager; +use OCP\IUserSession; +use OCP\Share\IManager; +use Test\TestCase; + +class ProfilePageControllerTest extends TestCase { + + private IUserManager $userManager; + private ProfilePageController $controller; + + protected function setUp(): void { + parent::setUp(); + + $request = $this->createMock(IRequest::class); + $initialStateService = $this->createMock(IInitialState::class); + $profileManager = $this->createMock(ProfileManager::class); + $shareManager = $this->createMock(IManager::class); + $this->userManager = $this->createMock(IUserManager::class); + $userSession = $this->createMock(IUserSession::class); + $userStatusManager = $this->createMock(Manager::class); + $navigationManager = $this->createMock(INavigationManager::class); + $eventDispatcher = $this->createMock(IEventDispatcher::class); + + $this->controller = new ProfilePageController( + 'core', + $request, + $initialStateService, + $profileManager, + $shareManager, + $this->userManager, + $userSession, + $userStatusManager, + $navigationManager, + $eventDispatcher, + ); + } + + public function testUserNotFound(): void { + $this->userManager->method('get') + ->willReturn(null); + + $response = $this->controller->index('bob'); + + $this->assertTrue($response->isThrottled()); + } + + public function testUserDisabled(): void { + $user = $this->createMock(IUser::class); + $user->method('isEnabled') + ->willReturn(false); + + $this->userManager->method('get') + ->willReturn($user); + + $response = $this->controller->index('bob'); + + $this->assertFalse($response->isThrottled()); + } +} |