diff options
author | Côme Chilliet <come.chilliet@nextcloud.com> | 2023-11-13 17:25:21 +0100 |
---|---|---|
committer | Côme Chilliet <91878298+come-nc@users.noreply.github.com> | 2023-11-20 11:36:42 +0100 |
commit | 0ebd44abb666e50f551b030dca3fbd6af03c5d1f (patch) | |
tree | 4373920ed4e17c2f64389accf6014694ffe00806 /apps/settings/tests | |
parent | 0107c7ea24a28779dad09117d8dc5a4a49b95dc5 (diff) | |
download | nextcloud-server-0ebd44abb666e50f551b030dca3fbd6af03c5d1f.tar.gz nextcloud-server-0ebd44abb666e50f551b030dca3fbd6af03c5d1f.zip |
Migrate tests of forwarded for headers check
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
Diffstat (limited to 'apps/settings/tests')
-rw-r--r-- | apps/settings/tests/Controller/CheckSetupControllerTest.php | 90 | ||||
-rw-r--r-- | apps/settings/tests/SetupChecks/ForwardedForHeadersTest.php | 140 |
2 files changed, 142 insertions, 88 deletions
diff --git a/apps/settings/tests/Controller/CheckSetupControllerTest.php b/apps/settings/tests/Controller/CheckSetupControllerTest.php index 2df86a7b49c..fb2aa1a975d 100644 --- a/apps/settings/tests/Controller/CheckSetupControllerTest.php +++ b/apps/settings/tests/Controller/CheckSetupControllerTest.php @@ -204,87 +204,6 @@ class CheckSetupControllerTest extends TestCase { $this->dirsToRemove = []; } - /** - * @dataProvider dataForwardedForHeadersWorking - * - * @param array $trustedProxies - * @param string $remoteAddrNotForwarded - * @param string $remoteAddr - * @param bool $result - */ - public function testForwardedForHeadersWorking(array $trustedProxies, string $remoteAddrNotForwarded, string $remoteAddr, bool $result): void { - $this->config->expects($this->once()) - ->method('getSystemValue') - ->with('trusted_proxies', []) - ->willReturn($trustedProxies); - $this->request->expects($this->atLeastOnce()) - ->method('getHeader') - ->willReturnMap([ - ['REMOTE_ADDR', $remoteAddrNotForwarded], - ['X-Forwarded-Host', ''] - ]); - $this->request->expects($this->any()) - ->method('getRemoteAddress') - ->willReturn($remoteAddr); - - $this->assertEquals( - $result, - self::invokePrivate($this->checkSetupController, 'forwardedForHeadersWorking') - ); - } - - public function dataForwardedForHeadersWorking(): array { - return [ - // description => trusted proxies, getHeader('REMOTE_ADDR'), getRemoteAddr, expected result - 'no trusted proxies' => [[], '2.2.2.2', '2.2.2.2', true], - 'trusted proxy, remote addr not trusted proxy' => [['1.1.1.1'], '2.2.2.2', '2.2.2.2', true], - 'trusted proxy, remote addr is trusted proxy, x-forwarded-for working' => [['1.1.1.1'], '1.1.1.1', '2.2.2.2', true], - 'trusted proxy, remote addr is trusted proxy, x-forwarded-for not set' => [['1.1.1.1'], '1.1.1.1', '1.1.1.1', false], - ]; - } - - public function testForwardedHostPresentButTrustedProxiesNotAnArray(): void { - $this->config->expects($this->once()) - ->method('getSystemValue') - ->with('trusted_proxies', []) - ->willReturn('1.1.1.1'); - $this->request->expects($this->atLeastOnce()) - ->method('getHeader') - ->willReturnMap([ - ['REMOTE_ADDR', '1.1.1.1'], - ['X-Forwarded-Host', 'nextcloud.test'] - ]); - $this->request->expects($this->any()) - ->method('getRemoteAddress') - ->willReturn('1.1.1.1'); - - $this->assertEquals( - false, - self::invokePrivate($this->checkSetupController, 'forwardedForHeadersWorking') - ); - } - - public function testForwardedHostPresentButTrustedProxiesEmpty(): void { - $this->config->expects($this->once()) - ->method('getSystemValue') - ->with('trusted_proxies', []) - ->willReturn([]); - $this->request->expects($this->atLeastOnce()) - ->method('getHeader') - ->willReturnMap([ - ['REMOTE_ADDR', '1.1.1.1'], - ['X-Forwarded-Host', 'nextcloud.test'] - ]); - $this->request->expects($this->any()) - ->method('getRemoteAddress') - ->willReturn('1.1.1.1'); - - $this->assertEquals( - false, - self::invokePrivate($this->checkSetupController, 'forwardedForHeadersWorking') - ); - } - public function testCheck() { $this->config->expects($this->any()) ->method('getAppValue') @@ -302,13 +221,8 @@ class CheckSetupControllerTest extends TestCase { ['appstoreenabled', true, false], ]); - $this->request->expects($this->atLeastOnce()) - ->method('getHeader') - ->willReturnMap([ - ['REMOTE_ADDR', '4.3.2.1'], - ['X-Forwarded-Host', ''] - ]); - + $this->request->expects($this->never()) + ->method('getHeader'); $this->clientService->expects($this->never()) ->method('newClient'); $this->checkSetupController diff --git a/apps/settings/tests/SetupChecks/ForwardedForHeadersTest.php b/apps/settings/tests/SetupChecks/ForwardedForHeadersTest.php new file mode 100644 index 00000000000..9da2bccda79 --- /dev/null +++ b/apps/settings/tests/SetupChecks/ForwardedForHeadersTest.php @@ -0,0 +1,140 @@ +<?php + +declare(strict_types=1); + +/** + * @copyright Copyright (c) 2021 Morris Jobke <hey@morrisjobke.de> + * + * @author Morris Jobke <hey@morrisjobke.de> + * @author Côme Chilliet <come.chilliet@nextcloud.com> + * + * @license GNU AGPL version 3 or any later version + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + */ +namespace OCA\Settings\Tests; + +use OCA\Settings\SetupChecks\ForwardedForHeaders; +use OCP\IConfig; +use OCP\IL10N; +use OCP\IRequest; +use OCP\IURLGenerator; +use OCP\SetupCheck\SetupResult; +use Test\TestCase; + +class ForwardedForHeadersTest extends TestCase { + private IL10N $l10n; + private IConfig $config; + private IURLGenerator $urlGenerator; + private IRequest $request; + private ForwardedForHeaders $check; + + protected function setUp(): void { + parent::setUp(); + + $this->l10n = $this->getMockBuilder(IL10N::class) + ->disableOriginalConstructor()->getMock(); + $this->l10n->expects($this->any()) + ->method('t') + ->willReturnCallback(function ($message, array $replace) { + return vsprintf($message, $replace); + }); + $this->config = $this->getMockBuilder(IConfig::class)->getMock(); + $this->urlGenerator = $this->getMockBuilder(IURLGenerator::class)->getMock(); + $this->request = $this->getMockBuilder(IRequest::class)->getMock(); + $this->check = new ForwardedForHeaders( + $this->l10n, + $this->config, + $this->urlGenerator, + $this->request, + ); + } + + /** + * @dataProvider dataForwardedForHeadersWorking + */ + public function testForwardedForHeadersWorking(array $trustedProxies, string $remoteAddrNotForwarded, string $remoteAddr, string $result): void { + $this->config->expects($this->once()) + ->method('getSystemValue') + ->with('trusted_proxies', []) + ->willReturn($trustedProxies); + $this->request->expects($this->atLeastOnce()) + ->method('getHeader') + ->willReturnMap([ + ['REMOTE_ADDR', $remoteAddrNotForwarded], + ['X-Forwarded-Host', ''] + ]); + $this->request->expects($this->any()) + ->method('getRemoteAddress') + ->willReturn($remoteAddr); + + $this->assertEquals( + $result, + $this->check->run()->getSeverity() + ); + } + + public function dataForwardedForHeadersWorking(): array { + return [ + // description => trusted proxies, getHeader('REMOTE_ADDR'), getRemoteAddr, expected result + 'no trusted proxies' => [[], '2.2.2.2', '2.2.2.2', SetupResult::SUCCESS], + 'trusted proxy, remote addr not trusted proxy' => [['1.1.1.1'], '2.2.2.2', '2.2.2.2', SetupResult::SUCCESS], + 'trusted proxy, remote addr is trusted proxy, x-forwarded-for working' => [['1.1.1.1'], '1.1.1.1', '2.2.2.2', SetupResult::SUCCESS], + 'trusted proxy, remote addr is trusted proxy, x-forwarded-for not set' => [['1.1.1.1'], '1.1.1.1', '1.1.1.1', SetupResult::WARNING], + ]; + } + + public function testForwardedHostPresentButTrustedProxiesNotAnArray(): void { + $this->config->expects($this->once()) + ->method('getSystemValue') + ->with('trusted_proxies', []) + ->willReturn('1.1.1.1'); + $this->request->expects($this->atLeastOnce()) + ->method('getHeader') + ->willReturnMap([ + ['REMOTE_ADDR', '1.1.1.1'], + ['X-Forwarded-Host', 'nextcloud.test'] + ]); + $this->request->expects($this->any()) + ->method('getRemoteAddress') + ->willReturn('1.1.1.1'); + + $this->assertEquals( + SetupResult::ERROR, + $this->check->run()->getSeverity() + ); + } + + public function testForwardedHostPresentButTrustedProxiesEmpty(): void { + $this->config->expects($this->once()) + ->method('getSystemValue') + ->with('trusted_proxies', []) + ->willReturn([]); + $this->request->expects($this->atLeastOnce()) + ->method('getHeader') + ->willReturnMap([ + ['REMOTE_ADDR', '1.1.1.1'], + ['X-Forwarded-Host', 'nextcloud.test'] + ]); + $this->request->expects($this->any()) + ->method('getRemoteAddress') + ->willReturn('1.1.1.1'); + + $this->assertEquals( + SetupResult::WARNING, + $this->check->run()->getSeverity() + ); + } +} |