diff options
author | Hamza Mahjoubi <hamzamahjoubi221@gmail.com> | 2024-04-05 00:00:49 +0200 |
---|---|---|
committer | skjnldsv <skjnldsv@protonmail.com> | 2024-06-07 12:14:42 +0200 |
commit | aafab6987b00408af2d8e97597f14564a220a5a9 (patch) | |
tree | 5785bffca0dcfff9d4305bbb13b994d10a122a71 /apps/dav/tests | |
parent | aeb17e825fb4f76f062309cb6ba40b7e2769290b (diff) | |
download | nextcloud-server-aafab6987b00408af2d8e97597f14564a220a5a9.tar.gz nextcloud-server-aafab6987b00408af2d8e97597f14564a220a5a9.zip |
fix(dav): Rate limit address book creation
Signed-off-by: Hamza Mahjoubi <hamzamahjoubi221@gmail.com>
Diffstat (limited to 'apps/dav/tests')
-rw-r--r-- | apps/dav/tests/unit/CardDAV/Security/CardDavRateLimitingPluginTest.php | 146 |
1 files changed, 146 insertions, 0 deletions
diff --git a/apps/dav/tests/unit/CardDAV/Security/CardDavRateLimitingPluginTest.php b/apps/dav/tests/unit/CardDAV/Security/CardDavRateLimitingPluginTest.php new file mode 100644 index 00000000000..f2c592e6744 --- /dev/null +++ b/apps/dav/tests/unit/CardDAV/Security/CardDavRateLimitingPluginTest.php @@ -0,0 +1,146 @@ +<?php + +declare(strict_types=1); + +/* + * SPDX-FileCopyrightText: 2016 Nextcloud GmbH and Nextcloud contributors + * SPDX-License-Identifier: AGPL-3.0-or-later + */ + +namespace OCA\DAV\Tests\unit\CardDAV\Security; + +use OC\Security\RateLimiting\Exception\RateLimitExceededException; +use OC\Security\RateLimiting\Limiter; +use OCA\DAV\CardDAV\CardDavBackend; +use OCA\DAV\CardDAV\Security\CardDavRateLimitingPlugin; +use OCA\DAV\Connector\Sabre\Exception\TooManyRequests; +use OCP\IConfig; +use OCP\IUser; +use OCP\IUserManager; +use PHPUnit\Framework\MockObject\MockObject; +use Psr\Log\LoggerInterface; +use Sabre\DAV\Exception\Forbidden; +use Test\TestCase; + +class CardDavRateLimitingPluginTest extends TestCase { + + private Limiter|MockObject $limiter; + private CardDavBackend|MockObject $cardDavBackend; + private IUserManager|MockObject $userManager; + private LoggerInterface|MockObject $logger; + private IConfig|MockObject $config; + private string $userId = 'user123'; + private CardDavRateLimitingPlugin $plugin; + + protected function setUp(): void { + parent::setUp(); + + $this->limiter = $this->createMock(Limiter::class); + $this->userManager = $this->createMock(IUserManager::class); + $this->cardDavBackend = $this->createMock(CardDavBackend::class); + $this->logger = $this->createMock(LoggerInterface::class); + $this->config = $this->createMock(IConfig::class); + $this->plugin = new CardDavRateLimitingPlugin( + $this->limiter, + $this->userManager, + $this->cardDavBackend, + $this->logger, + $this->config, + $this->userId, + ); + } + + public function testNoUserObject(): void { + $this->limiter->expects(self::never()) + ->method('registerUserRequest'); + + $this->plugin->beforeBind('addressbooks/users/foo/addressbookname'); + } + + public function testUnrelated(): void { + $user = $this->createMock(IUser::class); + $this->userManager->expects(self::once()) + ->method('get') + ->with($this->userId) + ->willReturn($user); + $this->limiter->expects(self::never()) + ->method('registerUserRequest'); + + $this->plugin->beforeBind('foo/bar'); + } + + public function testRegisterAddressBookrCreation(): void { + $user = $this->createMock(IUser::class); + $this->userManager->expects(self::once()) + ->method('get') + ->with($this->userId) + ->willReturn($user); + $this->config + ->method('getAppValue') + ->with('dav') + ->willReturnArgument(2); + $this->limiter->expects(self::once()) + ->method('registerUserRequest') + ->with( + 'carddav-create-address-book', + 10, + 3600, + $user, + ); + + $this->plugin->beforeBind('addressbooks/users/foo/addressbookname'); + } + + public function testAddressBookCreationRateLimitExceeded(): void { + $user = $this->createMock(IUser::class); + $this->userManager->expects(self::once()) + ->method('get') + ->with($this->userId) + ->willReturn($user); + $this->config + ->method('getAppValue') + ->with('dav') + ->willReturnArgument(2); + $this->limiter->expects(self::once()) + ->method('registerUserRequest') + ->with( + 'carddav-create-address-book', + 10, + 3600, + $user, + ) + ->willThrowException(new RateLimitExceededException()); + $this->expectException(TooManyRequests::class); + + $this->plugin->beforeBind('addressbooks/users/foo/addressbookname'); + } + + public function testAddressBookLimitReached(): void { + $user = $this->createMock(IUser::class); + $this->userManager->expects(self::once()) + ->method('get') + ->with($this->userId) + ->willReturn($user); + $user->method('getUID')->willReturn('user123'); + $this->config + ->method('getAppValue') + ->with('dav') + ->willReturnArgument(2); + $this->limiter->expects(self::once()) + ->method('registerUserRequest') + ->with( + 'carddav-create-address-book', + 10, + 3600, + $user, + ); + $this->cardDavBackend->expects(self::once()) + ->method('getAddressBooksForUserCount') + ->with('principals/users/user123') + ->willReturn(11); + $this->expectException(Forbidden::class); + + $this->plugin->beforeBind('addressbooks/users/foo/addressbookname'); + } + +} |