diff options
| author | Julien Veyssier <julien-nc@posteo.net> | 2023-06-19 13:46:18 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-06-19 13:46:18 +0200 |
| commit | 247c874b5122be6a8c2bb679d2b9d495bb59d761 (patch) | |
| tree | 4f701394d2ffa8df8a041931843cf6600880570d /apps/oauth2/tests/Controller/OauthApiControllerTest.php | |
| parent | ceee417d2c48153d25460405c55594f8fdbb6b80 (diff) | |
| parent | 629adc318ffd1c96b89083b492a4b31815c88438 (diff) | |
| download | nextcloud-server-247c874b5122be6a8c2bb679d2b9d495bb59d761.tar.gz nextcloud-server-247c874b5122be6a8c2bb679d2b9d495bb59d761.zip | |
Merge pull request #38773 from nextcloud/fix/noid/protect-oauth2-api-controller
Add bruteforce protection in OauthApiController
Diffstat (limited to 'apps/oauth2/tests/Controller/OauthApiControllerTest.php')
| -rw-r--r-- | apps/oauth2/tests/Controller/OauthApiControllerTest.php | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/apps/oauth2/tests/Controller/OauthApiControllerTest.php b/apps/oauth2/tests/Controller/OauthApiControllerTest.php index eb9311dbbc7..c65302532a9 100644 --- a/apps/oauth2/tests/Controller/OauthApiControllerTest.php +++ b/apps/oauth2/tests/Controller/OauthApiControllerTest.php @@ -104,6 +104,7 @@ class OauthApiControllerTest extends TestCase { $expected = new JSONResponse([ 'error' => 'invalid_grant', ], Http::STATUS_BAD_REQUEST); + $expected->throttle(['invalid_grant' => 'foo']); $this->assertEquals($expected, $this->oauthApiController->getToken('foo', null, null, null, null)); } @@ -112,6 +113,7 @@ class OauthApiControllerTest extends TestCase { $expected = new JSONResponse([ 'error' => 'invalid_request', ], Http::STATUS_BAD_REQUEST); + $expected->throttle(['invalid_request' => 'token not found', 'code' => 'invalidcode']); $this->accessTokenMapper->method('getByCode') ->with('invalidcode') @@ -124,6 +126,7 @@ class OauthApiControllerTest extends TestCase { $expected = new JSONResponse([ 'error' => 'invalid_request', ], Http::STATUS_BAD_REQUEST); + $expected->throttle(['invalid_request' => 'token not found', 'code' => 'invalidrefresh']); $this->accessTokenMapper->method('getByCode') ->with('invalidrefresh') @@ -136,6 +139,7 @@ class OauthApiControllerTest extends TestCase { $expected = new JSONResponse([ 'error' => 'invalid_request', ], Http::STATUS_BAD_REQUEST); + $expected->throttle(['invalid_request' => 'client not found', 'client_id' => 42]); $accessToken = new AccessToken(); $accessToken->setClientId(42); @@ -169,6 +173,7 @@ class OauthApiControllerTest extends TestCase { $expected = new JSONResponse([ 'error' => 'invalid_client', ], Http::STATUS_BAD_REQUEST); + $expected->throttle(['invalid_client' => 'client ID or secret does not match']); $accessToken = new AccessToken(); $accessToken->setClientId(42); @@ -191,6 +196,7 @@ class OauthApiControllerTest extends TestCase { $expected = new JSONResponse([ 'error' => 'invalid_request', ], Http::STATUS_BAD_REQUEST); + $expected->throttle(['invalid_request' => 'token is invalid']); $accessToken = new AccessToken(); $accessToken->setClientId(42); |