diff options
| author | Morris Jobke <hey@morrisjobke.de> | 2018-01-09 11:41:08 +0100 |
|---|---|---|
| committer | Morris Jobke <hey@morrisjobke.de> | 2018-01-24 13:56:12 +0100 |
| commit | abd33bb619113968f442998b2dc1572456c215f9 (patch) | |
| tree | c6207de1c0e45adfc3e4467ba482ceb166dee4b6 | |
| parent | 5520ba3d15b088e9151ffef89f7cd389c470563b (diff) | |
| download | nextcloud-server-abd33bb619113968f442998b2dc1572456c215f9.tar.gz nextcloud-server-abd33bb619113968f442998b2dc1572456c215f9.zip | |
Properly catch InvalidTokenException for better error response
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
| -rw-r--r-- | settings/Controller/AuthSettingsController.php | 12 | ||||
| -rw-r--r-- | tests/Settings/Controller/AuthSettingsControllerTest.php | 40 |
2 files changed, 50 insertions, 2 deletions
diff --git a/settings/Controller/AuthSettingsController.php b/settings/Controller/AuthSettingsController.php index 2f3d78b4d83..6eaa64cfac2 100644 --- a/settings/Controller/AuthSettingsController.php +++ b/settings/Controller/AuthSettingsController.php @@ -197,10 +197,18 @@ class AuthSettingsController extends Controller { * * @param int $id * @param array $scope - * @return array + * @return array|JSONResponse */ public function update($id, array $scope) { - $token = $this->tokenProvider->getTokenById((string)$id); + try { + $token = $this->tokenProvider->getTokenById((string)$id); + if ($token->getUID() !== $this->uid) { + throw new InvalidTokenException('User mismatch'); + } + } catch (InvalidTokenException $e) { + return new JSONResponse([], Http::STATUS_NOT_FOUND); + } + $token->setScope([ 'filesystem' => $scope['filesystem'] ]); diff --git a/tests/Settings/Controller/AuthSettingsControllerTest.php b/tests/Settings/Controller/AuthSettingsControllerTest.php index 5c1280ff4b0..461b32b7a48 100644 --- a/tests/Settings/Controller/AuthSettingsControllerTest.php +++ b/tests/Settings/Controller/AuthSettingsControllerTest.php @@ -212,6 +212,10 @@ class AuthSettingsControllerTest extends TestCase { ->willReturn($token); $token->expects($this->once()) + ->method('getUID') + ->willReturn('jane'); + + $token->expects($this->once()) ->method('setScope') ->with($this->equalTo([ 'filesystem' => true @@ -224,4 +228,40 @@ class AuthSettingsControllerTest extends TestCase { $this->assertSame([], $this->controller->update(42, ['filesystem' => true])); } + public function testUpdateTokenWrongUser() { + $token = $this->createMock(DefaultToken::class); + + $this->tokenProvider->expects($this->once()) + ->method('getTokenById') + ->with($this->equalTo(42)) + ->willReturn($token); + + $token->expects($this->once()) + ->method('getUID') + ->willReturn('foobar'); + + $token->expects($this->never()) + ->method('setScope'); + $this->tokenProvider->expects($this->never()) + ->method('updateToken'); + + $response = $this->controller->update(42, ['filesystem' => true]); + $this->assertSame([], $response->getData()); + $this->assertSame(\OCP\AppFramework\Http::STATUS_NOT_FOUND, $response->getStatus()); + } + + public function testUpdateTokenNonExisting() { + $this->tokenProvider->expects($this->once()) + ->method('getTokenById') + ->with($this->equalTo(42)) + ->willThrowException(new InvalidTokenException('Token does not exist')); + + $this->tokenProvider->expects($this->never()) + ->method('updateToken'); + + $response = $this->controller->update(42, ['filesystem' => true]); + $this->assertSame([], $response->getData()); + $this->assertSame(\OCP\AppFramework\Http::STATUS_NOT_FOUND, $response->getStatus()); + } + } |