Merge pull request #45824 from nextcloud/backport/45811/stable27

[stable27] test: add tests for ProfilePageController

2 files changed, 85 insertions, 2 deletions

diff --git a/core/Controller/ProfilePageController.php b/core/Controller/ProfilePageController.php
index 4b710911482..d9be8a104d9 100644
--- a/core/Controller/ProfilePageController.php
+++ b/core/Controller/ProfilePageController.php
@@ -29,10 +29,12 @@ namespace OC\Core\Controller;
 use OC\Profile\ProfileManager;
 use OCP\Profile\BeforeTemplateRenderedEvent;
 use OCP\AppFramework\Controller;
+use OCP\AppFramework\Http\Attribute\AnonRateLimit;
+use OCP\AppFramework\Http\Attribute\BruteForceProtection;
+use OCP\AppFramework\Http\Attribute\UserRateLimit;
 use OCP\AppFramework\Http\TemplateResponse;
 use OCP\AppFramework\Services\IInitialState;
 use OCP\IRequest;
-use OCP\IUser;
 use OCP\IUserManager;
 use OCP\IUserSession;
 use OCP\Share\IManager as IShareManager;
@@ -75,6 +77,9 @@ class ProfilePageController extends Controller {
 	 * @NoAdminRequired
 	 * @NoSubAdminRequired
 	 */
+	#[BruteForceProtection(action: 'user')]
+	#[UserRateLimit(limit: 30, period: 120)]
+	#[AnonRateLimit(limit: 30, period: 120)]
 	public function index(string $targetUserId): TemplateResponse {
 		$profileNotFoundTemplate = new TemplateResponse(
 			'core',
@@ -84,7 +89,11 @@ class ProfilePageController extends Controller {
 		);
 
 		$targetUser = $this->userManager->get($targetUserId);
-		if (!($targetUser instanceof IUser) || !$targetUser->isEnabled()) {
+		if ($targetUser === null) {
+			$profileNotFoundTemplate->throttle();
+			return $profileNotFoundTemplate;
+		}
+		if (!$targetUser->isEnabled()) {
 			return $profileNotFoundTemplate;
 		}
 		$visitingUser = $this->userSession->getUser();
diff --git a/tests/Core/Controller/ProfilePageControllerTest.php b/tests/Core/Controller/ProfilePageControllerTest.php
new file mode 100644
index 00000000000..55c839958c6
--- /dev/null
+++ b/tests/Core/Controller/ProfilePageControllerTest.php
@@ -0,0 +1,74 @@
+<?php
+
+declare(strict_types=1);
+
+/**
+ * SPDX-FileCopyrightText: 2024 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-License-Identifier: AGPL-3.0-or-later
+ */
+
+namespace Core\Controller;
+
+use OC\Core\Controller\ProfilePageController;
+use OC\Profile\ProfileManager;
+use OC\UserStatus\Manager;
+use OCP\AppFramework\Services\IInitialState;
+use OCP\EventDispatcher\IEventDispatcher;
+use OCP\IRequest;
+use OCP\IUser;
+use OCP\IUserManager;
+use OCP\IUserSession;
+use OCP\Share\IManager;
+use Test\TestCase;
+
+class ProfilePageControllerTest extends TestCase {
+	private IUserManager $userManager;
+	private ProfilePageController $controller;
+
+	protected function setUp(): void {
+		parent::setUp();
+
+		$request = $this->createMock(IRequest::class);
+		$initialStateService = $this->createMock(IInitialState::class);
+		$profileManager = $this->createMock(ProfileManager::class);
+		$shareManager = $this->createMock(IManager::class);
+		$this->userManager = $this->createMock(IUserManager::class);
+		$userSession = $this->createMock(IUserSession::class);
+		$userStatusManager = $this->createMock(Manager::class);
+		$eventDispatcher = $this->createMock(IEventDispatcher::class);
+
+		$this->controller = new ProfilePageController(
+			'core',
+			$request,
+			$initialStateService,
+			$profileManager,
+			$shareManager,
+			$this->userManager,
+			$userSession,
+			$userStatusManager,
+			$eventDispatcher,
+		);
+	}
+
+	public function testUserNotFound(): void {
+		$this->userManager->method('get')
+			->willReturn(null);
+
+		$response = $this->controller->index('bob');
+
+		$this->assertTrue($response->isThrottled());
+	}
+
+	public function testUserDisabled(): void {
+		$user = $this->createMock(IUser::class);
+		$user->method('isEnabled')
+			->willReturn(false);
+
+		$this->userManager->method('get')
+			->willReturn($user);
+
+		$response = $this->controller->index('bob');
+
+		$this->assertFalse($response->isThrottled());
+	}
+}