diff options
| author | Joas Schilling <nickvergessen@owncloud.com> | 2016-05-25 16:04:15 +0200 |
|---|---|---|
| committer | Joas Schilling <nickvergessen@owncloud.com> | 2016-05-25 16:09:18 +0200 |
| commit | 5882e21b3bff0afe2152eb3971d674bdb91e45a2 (patch) | |
| tree | 39dee4b6791c25405b31f2df13b430e7d37c4767 /apps/dav/tests/unit/connector/sabre/auth.php | |
| parent | 42ba61db044f1d08e22089fbc3badafbc35d5ea4 (diff) | |
| download | nextcloud-server-5882e21b3bff0afe2152eb3971d674bdb91e45a2.tar.gz nextcloud-server-5882e21b3bff0afe2152eb3971d674bdb91e45a2.zip | |
Update DAV unit tests to PSR-4
Diffstat (limited to 'apps/dav/tests/unit/connector/sabre/auth.php')
| -rw-r--r-- | apps/dav/tests/unit/connector/sabre/auth.php | 611 |
1 files changed, 0 insertions, 611 deletions
diff --git a/apps/dav/tests/unit/connector/sabre/auth.php b/apps/dav/tests/unit/connector/sabre/auth.php deleted file mode 100644 index d3f697ba8e6..00000000000 --- a/apps/dav/tests/unit/connector/sabre/auth.php +++ /dev/null @@ -1,611 +0,0 @@ -<?php -/** - * @author Lukas Reschke <lukas@owncloud.com> - * @author Roeland Jago Douma <rullzer@owncloud.com> - * @author Thomas Müller <thomas.mueller@tmit.eu> - * @author Vincent Petry <pvince81@owncloud.com> - * - * @copyright Copyright (c) 2016, ownCloud, Inc. - * @license AGPL-3.0 - * - * This code is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License, version 3, - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License, version 3, - * along with this program. If not, see <http://www.gnu.org/licenses/> - * - */ - -namespace OCA\DAV\Tests\Unit\Connector\Sabre; - -use OCP\IRequest; -use OCP\IUser; -use Test\TestCase; -use OCP\ISession; -use OC\User\Session; - -/** - * Class Auth - * - * @package OCA\DAV\Connector\Sabre - * @group DB - */ -class Auth extends TestCase { - /** @var ISession */ - private $session; - /** @var \OCA\DAV\Connector\Sabre\Auth */ - private $auth; - /** @var Session */ - private $userSession; - /** @var IRequest */ - private $request; - - public function setUp() { - parent::setUp(); - $this->session = $this->getMockBuilder('\OCP\ISession') - ->disableOriginalConstructor()->getMock(); - $this->userSession = $this->getMockBuilder('\OC\User\Session') - ->disableOriginalConstructor()->getMock(); - $this->request = $this->getMockBuilder('\OCP\IRequest') - ->disableOriginalConstructor()->getMock(); - $this->auth = new \OCA\DAV\Connector\Sabre\Auth( - $this->session, - $this->userSession, - $this->request - ); - } - - public function testIsDavAuthenticatedWithoutDavSession() { - $this->session - ->expects($this->once()) - ->method('get') - ->with('AUTHENTICATED_TO_DAV_BACKEND') - ->will($this->returnValue(null)); - - $this->assertFalse($this->invokePrivate($this->auth, 'isDavAuthenticated', ['MyTestUser'])); - } - - public function testIsDavAuthenticatedWithWrongDavSession() { - $this->session - ->expects($this->exactly(2)) - ->method('get') - ->with('AUTHENTICATED_TO_DAV_BACKEND') - ->will($this->returnValue('AnotherUser')); - - $this->assertFalse($this->invokePrivate($this->auth, 'isDavAuthenticated', ['MyTestUser'])); - } - - public function testIsDavAuthenticatedWithCorrectDavSession() { - $this->session - ->expects($this->exactly(2)) - ->method('get') - ->with('AUTHENTICATED_TO_DAV_BACKEND') - ->will($this->returnValue('MyTestUser')); - - $this->assertTrue($this->invokePrivate($this->auth, 'isDavAuthenticated', ['MyTestUser'])); - } - - public function testValidateUserPassOfAlreadyDAVAuthenticatedUser() { - $user = $this->getMockBuilder('\OCP\IUser') - ->disableOriginalConstructor() - ->getMock(); - $user->expects($this->exactly(2)) - ->method('getUID') - ->will($this->returnValue('MyTestUser')); - $this->userSession - ->expects($this->once()) - ->method('isLoggedIn') - ->will($this->returnValue(true)); - $this->userSession - ->expects($this->exactly(2)) - ->method('getUser') - ->will($this->returnValue($user)); - $this->session - ->expects($this->exactly(2)) - ->method('get') - ->with('AUTHENTICATED_TO_DAV_BACKEND') - ->will($this->returnValue('MyTestUser')); - $this->session - ->expects($this->once()) - ->method('close'); - - $this->assertTrue($this->invokePrivate($this->auth, 'validateUserPass', ['MyTestUser', 'MyTestPassword'])); - } - - public function testValidateUserPassOfInvalidDAVAuthenticatedUser() { - $user = $this->getMockBuilder('\OCP\IUser') - ->disableOriginalConstructor() - ->getMock(); - $user->expects($this->once()) - ->method('getUID') - ->will($this->returnValue('MyTestUser')); - $this->userSession - ->expects($this->once()) - ->method('isLoggedIn') - ->will($this->returnValue(true)); - $this->userSession - ->expects($this->once()) - ->method('getUser') - ->will($this->returnValue($user)); - $this->session - ->expects($this->exactly(2)) - ->method('get') - ->with('AUTHENTICATED_TO_DAV_BACKEND') - ->will($this->returnValue('AnotherUser')); - $this->session - ->expects($this->once()) - ->method('close'); - - $this->assertFalse($this->invokePrivate($this->auth, 'validateUserPass', ['MyTestUser', 'MyTestPassword'])); - } - - public function testValidateUserPassOfInvalidDAVAuthenticatedUserWithValidPassword() { - $user = $this->getMockBuilder('\OCP\IUser') - ->disableOriginalConstructor() - ->getMock(); - $user->expects($this->exactly(4)) - ->method('getUID') - ->will($this->returnValue('MyTestUser')); - $this->userSession - ->expects($this->once()) - ->method('isLoggedIn') - ->will($this->returnValue(true)); - $this->userSession - ->expects($this->exactly(4)) - ->method('getUser') - ->will($this->returnValue($user)); - $this->session - ->expects($this->exactly(2)) - ->method('get') - ->with('AUTHENTICATED_TO_DAV_BACKEND') - ->will($this->returnValue('AnotherUser')); - $this->userSession - ->expects($this->once()) - ->method('logClientIn') - ->with('MyTestUser', 'MyTestPassword') - ->will($this->returnValue(true)); - $this->userSession - ->expects($this->once()) - ->method('createSessionToken') - ->with($this->request, 'MyTestUser', 'MyTestUser', 'MyTestPassword'); - $this->session - ->expects($this->once()) - ->method('set') - ->with('AUTHENTICATED_TO_DAV_BACKEND', 'MyTestUser'); - $this->session - ->expects($this->once()) - ->method('close'); - - $this->assertTrue($this->invokePrivate($this->auth, 'validateUserPass', ['MyTestUser', 'MyTestPassword'])); - } - - public function testValidateUserPassWithInvalidPassword() { - $this->userSession - ->expects($this->once()) - ->method('isLoggedIn') - ->will($this->returnValue(false)); - $this->userSession - ->expects($this->once()) - ->method('logClientIn') - ->with('MyTestUser', 'MyTestPassword') - ->will($this->returnValue(false)); - $this->session - ->expects($this->once()) - ->method('close'); - - $this->assertFalse($this->invokePrivate($this->auth, 'validateUserPass', ['MyTestUser', 'MyTestPassword'])); - } - - - public function testAuthenticateAlreadyLoggedInWithoutCsrfTokenForNonGet() { - $request = $this->getMockBuilder('Sabre\HTTP\RequestInterface') - ->disableOriginalConstructor() - ->getMock(); - $response = $this->getMockBuilder('Sabre\HTTP\ResponseInterface') - ->disableOriginalConstructor() - ->getMock(); - $this->userSession - ->expects($this->any()) - ->method('isLoggedIn') - ->will($this->returnValue(true)); - $this->request - ->expects($this->any()) - ->method('getMethod') - ->willReturn('POST'); - $this->session - ->expects($this->any()) - ->method('get') - ->with('AUTHENTICATED_TO_DAV_BACKEND') - ->will($this->returnValue(null)); - $user = $this->getMockBuilder('\OCP\IUser') - ->disableOriginalConstructor() - ->getMock(); - $user->expects($this->any()) - ->method('getUID') - ->will($this->returnValue('MyWrongDavUser')); - $this->userSession - ->expects($this->any()) - ->method('getUser') - ->will($this->returnValue($user)); - $this->request - ->expects($this->once()) - ->method('passesCSRFCheck') - ->willReturn(false); - - $expectedResponse = [ - false, - "No 'Authorization: Basic' header found. Either the client didn't send one, or the server is mis-configured", - ]; - $response = $this->auth->check($request, $response); - $this->assertSame($expectedResponse, $response); - } - - public function testAuthenticateAlreadyLoggedInWithoutCsrfTokenAndCorrectlyDavAuthenticated() { - $request = $this->getMockBuilder('Sabre\HTTP\RequestInterface') - ->disableOriginalConstructor() - ->getMock(); - $response = $this->getMockBuilder('Sabre\HTTP\ResponseInterface') - ->disableOriginalConstructor() - ->getMock(); - $this->userSession - ->expects($this->any()) - ->method('isLoggedIn') - ->willReturn(true); - $this->request - ->expects($this->any()) - ->method('getMethod') - ->willReturn('PROPFIND'); - $this->request - ->expects($this->any()) - ->method('isUserAgent') - ->with([ - '/^Mozilla\/5\.0 \([A-Za-z ]+\) (mirall|csyncoC)\/.*$/', - '/^Mozilla\/5\.0 \(Android\) ownCloud\-android.*$/', - '/^Mozilla\/5\.0 \(iOS\) ownCloud\-iOS.*$/', - ]) - ->willReturn(false); - $this->session - ->expects($this->any()) - ->method('get') - ->with('AUTHENTICATED_TO_DAV_BACKEND') - ->will($this->returnValue('LoggedInUser')); - $user = $this->getMockBuilder('\OCP\IUser') - ->disableOriginalConstructor() - ->getMock(); - $user->expects($this->any()) - ->method('getUID') - ->will($this->returnValue('LoggedInUser')); - $this->userSession - ->expects($this->any()) - ->method('getUser') - ->will($this->returnValue($user)); - $this->request - ->expects($this->once()) - ->method('passesCSRFCheck') - ->willReturn(false); - $this->auth->check($request, $response); - } - - /** - * @expectedException \Sabre\DAV\Exception\NotAuthenticated - * @expectedExceptionMessage CSRF check not passed. - */ - public function testAuthenticateAlreadyLoggedInWithoutCsrfTokenAndIncorrectlyDavAuthenticated() { - $request = $this->getMockBuilder('Sabre\HTTP\RequestInterface') - ->disableOriginalConstructor() - ->getMock(); - $response = $this->getMockBuilder('Sabre\HTTP\ResponseInterface') - ->disableOriginalConstructor() - ->getMock(); - $this->userSession - ->expects($this->any()) - ->method('isLoggedIn') - ->willReturn(true); - $this->request - ->expects($this->any()) - ->method('getMethod') - ->willReturn('PROPFIND'); - $this->request - ->expects($this->any()) - ->method('isUserAgent') - ->with([ - '/^Mozilla\/5\.0 \([A-Za-z ]+\) (mirall|csyncoC)\/.*$/', - '/^Mozilla\/5\.0 \(Android\) ownCloud\-android.*$/', - '/^Mozilla\/5\.0 \(iOS\) ownCloud\-iOS.*$/', - ]) - ->willReturn(false); - $this->session - ->expects($this->any()) - ->method('get') - ->with('AUTHENTICATED_TO_DAV_BACKEND') - ->will($this->returnValue('AnotherUser')); - $user = $this->getMockBuilder('\OCP\IUser') - ->disableOriginalConstructor() - ->getMock(); - $user->expects($this->any()) - ->method('getUID') - ->will($this->returnValue('LoggedInUser')); - $this->userSession - ->expects($this->any()) - ->method('getUser') - ->will($this->returnValue($user)); - $this->request - ->expects($this->once()) - ->method('passesCSRFCheck') - ->willReturn(false); - $this->auth->check($request, $response); - } - - public function testAuthenticateAlreadyLoggedInWithoutCsrfTokenForNonGetAndDesktopClient() { - $request = $this->getMockBuilder('Sabre\HTTP\RequestInterface') - ->disableOriginalConstructor() - ->getMock(); - $response = $this->getMockBuilder('Sabre\HTTP\ResponseInterface') - ->disableOriginalConstructor() - ->getMock(); - $this->userSession - ->expects($this->any()) - ->method('isLoggedIn') - ->will($this->returnValue(true)); - $this->request - ->expects($this->any()) - ->method('getMethod') - ->willReturn('POST'); - $this->request - ->expects($this->any()) - ->method('isUserAgent') - ->with([ - '/^Mozilla\/5\.0 \([A-Za-z ]+\) (mirall|csyncoC)\/.*$/', - '/^Mozilla\/5\.0 \(Android\) ownCloud\-android.*$/', - '/^Mozilla\/5\.0 \(iOS\) ownCloud\-iOS.*$/', - ]) - ->willReturn(true); - $this->session - ->expects($this->any()) - ->method('get') - ->with('AUTHENTICATED_TO_DAV_BACKEND') - ->will($this->returnValue(null)); - $user = $this->getMockBuilder('\OCP\IUser') - ->disableOriginalConstructor() - ->getMock(); - $user->expects($this->any()) - ->method('getUID') - ->will($this->returnValue('MyWrongDavUser')); - $this->userSession - ->expects($this->any()) - ->method('getUser') - ->will($this->returnValue($user)); - $this->request - ->expects($this->once()) - ->method('passesCSRFCheck') - ->willReturn(false); - - $this->auth->check($request, $response); - } - - public function testAuthenticateAlreadyLoggedInWithoutCsrfTokenForGet() { - $request = $this->getMockBuilder('Sabre\HTTP\RequestInterface') - ->disableOriginalConstructor() - ->getMock(); - $response = $this->getMockBuilder('Sabre\HTTP\ResponseInterface') - ->disableOriginalConstructor() - ->getMock(); - $this->userSession - ->expects($this->any()) - ->method('isLoggedIn') - ->will($this->returnValue(true)); - $this->session - ->expects($this->any()) - ->method('get') - ->with('AUTHENTICATED_TO_DAV_BACKEND') - ->will($this->returnValue(null)); - $user = $this->getMockBuilder('\OCP\IUser') - ->disableOriginalConstructor() - ->getMock(); - $user->expects($this->any()) - ->method('getUID') - ->will($this->returnValue('MyWrongDavUser')); - $this->userSession - ->expects($this->any()) - ->method('getUser') - ->will($this->returnValue($user)); - $this->request - ->expects($this->any()) - ->method('getMethod') - ->willReturn('GET'); - - $response = $this->auth->check($request, $response); - $this->assertEquals([true, 'principals/users/MyWrongDavUser'], $response); - } - - public function testAuthenticateAlreadyLoggedInWithCsrfTokenForGet() { - $request = $this->getMockBuilder('Sabre\HTTP\RequestInterface') - ->disableOriginalConstructor() - ->getMock(); - $response = $this->getMockBuilder('Sabre\HTTP\ResponseInterface') - ->disableOriginalConstructor() - ->getMock(); - $this->userSession - ->expects($this->any()) - ->method('isLoggedIn') - ->will($this->returnValue(true)); - $this->session - ->expects($this->any()) - ->method('get') - ->with('AUTHENTICATED_TO_DAV_BACKEND') - ->will($this->returnValue(null)); - $user = $this->getMockBuilder('\OCP\IUser') - ->disableOriginalConstructor() - ->getMock(); - $user->expects($this->any()) - ->method('getUID') - ->will($this->returnValue('MyWrongDavUser')); - $this->userSession - ->expects($this->any()) - ->method('getUser') - ->will($this->returnValue($user)); - $this->request - ->expects($this->once()) - ->method('passesCSRFCheck') - ->willReturn(true); - - $response = $this->auth->check($request, $response); - $this->assertEquals([true, 'principals/users/MyWrongDavUser'], $response); - } - - public function testAuthenticateNoBasicAuthenticateHeadersProvided() { - $server = $this->getMockBuilder('\Sabre\DAV\Server') - ->disableOriginalConstructor() - ->getMock(); - $server->httpRequest = $this->getMockBuilder('\Sabre\HTTP\RequestInterface') - ->disableOriginalConstructor() - ->getMock(); - $server->httpResponse = $this->getMockBuilder('\Sabre\HTTP\ResponseInterface') - ->disableOriginalConstructor() - ->getMock(); - $response = $this->auth->check($server->httpRequest, $server->httpResponse); - $this->assertEquals([false, 'No \'Authorization: Basic\' header found. Either the client didn\'t send one, or the server is mis-configured'], $response); - } - - /** - * @expectedException \Sabre\DAV\Exception\NotAuthenticated - * @expectedExceptionMessage Cannot authenticate over ajax calls - */ - public function testAuthenticateNoBasicAuthenticateHeadersProvidedWithAjax() { - /** @var \Sabre\HTTP\RequestInterface $httpRequest */ - $httpRequest = $this->getMockBuilder('\Sabre\HTTP\RequestInterface') - ->disableOriginalConstructor() - ->getMock(); - /** @var \Sabre\HTTP\ResponseInterface $httpResponse */ - $httpResponse = $this->getMockBuilder('\Sabre\HTTP\ResponseInterface') - ->disableOriginalConstructor() - ->getMock(); - $this->userSession - ->expects($this->any()) - ->method('isLoggedIn') - ->will($this->returnValue(false)); - $httpRequest - ->expects($this->once()) - ->method('getHeader') - ->with('X-Requested-With') - ->will($this->returnValue('XMLHttpRequest')); - $this->auth->check($httpRequest, $httpResponse); - } - - public function testAuthenticateNoBasicAuthenticateHeadersProvidedWithAjaxButUserIsStillLoggedIn() { - /** @var \Sabre\HTTP\RequestInterface $httpRequest */ - $httpRequest = $this->getMockBuilder('\Sabre\HTTP\RequestInterface') - ->disableOriginalConstructor() - ->getMock(); - /** @var \Sabre\HTTP\ResponseInterface $httpResponse */ - $httpResponse = $this->getMockBuilder('\Sabre\HTTP\ResponseInterface') - ->disableOriginalConstructor() - ->getMock(); - /** @var IUser */ - $user = $this->getMock('OCP\IUser'); - $user->method('getUID')->willReturn('MyTestUser'); - $this->userSession - ->expects($this->any()) - ->method('isLoggedIn') - ->will($this->returnValue(true)); - $this->userSession - ->expects($this->any()) - ->method('getUser') - ->willReturn($user); - $this->session - ->expects($this->atLeastOnce()) - ->method('get') - ->with('AUTHENTICATED_TO_DAV_BACKEND') - ->will($this->returnValue('MyTestUser')); - $this->request - ->expects($this->once()) - ->method('getMethod') - ->willReturn('GET'); - $httpRequest - ->expects($this->atLeastOnce()) - ->method('getHeader') - ->with('Authorization') - ->will($this->returnValue(null)); - $this->assertEquals( - [true, 'principals/users/MyTestUser'], - $this->auth->check($httpRequest, $httpResponse) - ); - } - - public function testAuthenticateValidCredentials() { - $server = $this->getMockBuilder('\Sabre\DAV\Server') - ->disableOriginalConstructor() - ->getMock(); - $server->httpRequest = $this->getMockBuilder('\Sabre\HTTP\RequestInterface') - ->disableOriginalConstructor() - ->getMock(); - $server->httpRequest - ->expects($this->at(0)) - ->method('getHeader') - ->with('X-Requested-With') - ->will($this->returnValue(null)); - $server->httpRequest - ->expects($this->at(1)) - ->method('getHeader') - ->with('Authorization') - ->will($this->returnValue('basic dXNlcm5hbWU6cGFzc3dvcmQ=')); - $server->httpResponse = $this->getMockBuilder('\Sabre\HTTP\ResponseInterface') - ->disableOriginalConstructor() - ->getMock(); - $this->userSession - ->expects($this->once()) - ->method('logClientIn') - ->with('username', 'password') - ->will($this->returnValue(true)); - $this->userSession - ->expects($this->once()) - ->method('createSessionToken'); - $user = $this->getMockBuilder('\OCP\IUser') - ->disableOriginalConstructor() - ->getMock(); - $user->expects($this->exactly(4)) - ->method('getUID') - ->will($this->returnValue('MyTestUser')); - $this->userSession - ->expects($this->exactly(4)) - ->method('getUser') - ->will($this->returnValue($user)); - $response = $this->auth->check($server->httpRequest, $server->httpResponse); - $this->assertEquals([true, 'principals/users/MyTestUser'], $response); - } - - public function testAuthenticateInvalidCredentials() { - $server = $this->getMockBuilder('\Sabre\DAV\Server') - ->disableOriginalConstructor() - ->getMock(); - $server->httpRequest = $this->getMockBuilder('\Sabre\HTTP\RequestInterface') - ->disableOriginalConstructor() - ->getMock(); - $server->httpRequest - ->expects($this->at(0)) - ->method('getHeader') - ->with('X-Requested-With') - ->will($this->returnValue(null)); - $server->httpRequest - ->expects($this->at(1)) - ->method('getHeader') - ->with('Authorization') - ->will($this->returnValue('basic dXNlcm5hbWU6cGFzc3dvcmQ=')); - $server->httpResponse = $this->getMockBuilder('\Sabre\HTTP\ResponseInterface') - ->disableOriginalConstructor() - ->getMock(); - $this->userSession - ->expects($this->once()) - ->method('logClientIn') - ->with('username', 'password') - ->will($this->returnValue(false)); - $response = $this->auth->check($server->httpRequest, $server->httpResponse); - $this->assertEquals([false, 'Username or password was incorrect'], $response); - } -} |