aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDaniel Kesselberg <mail@danielkesselberg.de>2024-06-12 11:46:12 +0200
committerDaniel Kesselberg <mail@danielkesselberg.de>2024-06-12 11:46:12 +0200
commit98eb190e048ee9ea0bd27f36589bda3e34c12d0a (patch)
tree5cde23fa5517a9e3a09e0ae4fad7126e550fdc5a
parentf626476b11c25ab002e95d2c8ae54fc802bdf185 (diff)
downloadnextcloud-server-98eb190e048ee9ea0bd27f36589bda3e34c12d0a.tar.gz
nextcloud-server-98eb190e048ee9ea0bd27f36589bda3e34c12d0a.zip
test: add tests for ProfilePageController
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
-rw-r--r--core/Controller/ProfilePageController.php13
-rw-r--r--tests/Core/Controller/ProfilePageControllerTest.php78
2 files changed, 89 insertions, 2 deletions
diff --git a/core/Controller/ProfilePageController.php b/core/Controller/ProfilePageController.php
index 8638da1f4af..73a6be5f65c 100644
--- a/core/Controller/ProfilePageController.php
+++ b/core/Controller/ProfilePageController.php
@@ -11,14 +11,16 @@ namespace OC\Core\Controller;
use OC\Profile\ProfileManager;
use OCP\AppFramework\Controller;
+use OCP\AppFramework\Http\Attribute\AnonRateLimit;
+use OCP\AppFramework\Http\Attribute\BruteForceProtection;
use OCP\AppFramework\Http\Attribute\FrontpageRoute;
use OCP\AppFramework\Http\Attribute\OpenAPI;
+use OCP\AppFramework\Http\Attribute\UserRateLimit;
use OCP\AppFramework\Http\TemplateResponse;
use OCP\AppFramework\Services\IInitialState;
use OCP\EventDispatcher\IEventDispatcher;
use OCP\INavigationManager;
use OCP\IRequest;
-use OCP\IUser;
use OCP\IUserManager;
use OCP\IUserSession;
use OCP\Profile\BeforeTemplateRenderedEvent;
@@ -49,6 +51,9 @@ class ProfilePageController extends Controller {
* @NoSubAdminRequired
*/
#[FrontpageRoute(verb: 'GET', url: '/u/{targetUserId}')]
+ #[BruteForceProtection(action: 'user')]
+ #[UserRateLimit(limit: 30, period: 120)]
+ #[AnonRateLimit(limit: 30, period: 120)]
public function index(string $targetUserId): TemplateResponse {
$profileNotFoundTemplate = new TemplateResponse(
'core',
@@ -58,7 +63,11 @@ class ProfilePageController extends Controller {
);
$targetUser = $this->userManager->get($targetUserId);
- if (!($targetUser instanceof IUser) || !$targetUser->isEnabled()) {
+ if ($targetUser === null) {
+ $profileNotFoundTemplate->throttle();
+ return $profileNotFoundTemplate;
+ }
+ if (!$targetUser->isEnabled()) {
return $profileNotFoundTemplate;
}
$visitingUser = $this->userSession->getUser();
diff --git a/tests/Core/Controller/ProfilePageControllerTest.php b/tests/Core/Controller/ProfilePageControllerTest.php
new file mode 100644
index 00000000000..361f93ff409
--- /dev/null
+++ b/tests/Core/Controller/ProfilePageControllerTest.php
@@ -0,0 +1,78 @@
+<?php
+
+declare(strict_types=1);
+
+/**
+ * SPDX-FileCopyrightText: 2024 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-License-Identifier: AGPL-3.0-or-later
+ */
+
+namespace Core\Controller;
+
+use OC\Core\Controller\ProfilePageController;
+use OC\Profile\ProfileManager;
+use OC\UserStatus\Manager;
+use OCP\AppFramework\Services\IInitialState;
+use OCP\EventDispatcher\IEventDispatcher;
+use OCP\INavigationManager;
+use OCP\IRequest;
+use OCP\IUser;
+use OCP\IUserManager;
+use OCP\IUserSession;
+use OCP\Share\IManager;
+use Test\TestCase;
+
+class ProfilePageControllerTest extends TestCase {
+
+ private IUserManager $userManager;
+ private ProfilePageController $controller;
+
+ protected function setUp(): void {
+ parent::setUp();
+
+ $request = $this->createMock(IRequest::class);
+ $initialStateService = $this->createMock(IInitialState::class);
+ $profileManager = $this->createMock(ProfileManager::class);
+ $shareManager = $this->createMock(IManager::class);
+ $this->userManager = $this->createMock(IUserManager::class);
+ $userSession = $this->createMock(IUserSession::class);
+ $userStatusManager = $this->createMock(Manager::class);
+ $navigationManager = $this->createMock(INavigationManager::class);
+ $eventDispatcher = $this->createMock(IEventDispatcher::class);
+
+ $this->controller = new ProfilePageController(
+ 'core',
+ $request,
+ $initialStateService,
+ $profileManager,
+ $shareManager,
+ $this->userManager,
+ $userSession,
+ $userStatusManager,
+ $navigationManager,
+ $eventDispatcher,
+ );
+ }
+
+ public function testUserNotFound(): void {
+ $this->userManager->method('get')
+ ->willReturn(null);
+
+ $response = $this->controller->index('bob');
+
+ $this->assertTrue($response->isThrottled());
+ }
+
+ public function testUserDisabled(): void {
+ $user = $this->createMock(IUser::class);
+ $user->method('isEnabled')
+ ->willReturn(false);
+
+ $this->userManager->method('get')
+ ->willReturn($user);
+
+ $response = $this->controller->index('bob');
+
+ $this->assertFalse($response->isThrottled());
+ }
+}