diff options
| author | Joas Schilling <coding@schilljs.com> | 2020-03-16 08:52:46 +0100 |
|---|---|---|
| committer | Joas Schilling <coding@schilljs.com> | 2020-03-16 09:29:28 +0100 |
| commit | 9935c71ec310b45a7cfcf0bad286eace4192ebb4 (patch) | |
| tree | b40257e93a8d559053c096378515c1594ffe5632 /apps/settings | |
| parent | f85747f74c54c0bc973e0cd6338239dccf32a3f5 (diff) | |
| download | nextcloud-server-9935c71ec310b45a7cfcf0bad286eace4192ebb4.tar.gz nextcloud-server-9935c71ec310b45a7cfcf0bad286eace4192ebb4.zip | |
Check the user on remote wipe
Signed-off-by: Joas Schilling <coding@schilljs.com>
Diffstat (limited to 'apps/settings')
| -rw-r--r-- | apps/settings/lib/Controller/AuthSettingsController.php | 8 | ||||
| -rw-r--r-- | apps/settings/tests/Controller/AuthSettingsControllerTest.php | 33 |
2 files changed, 38 insertions, 3 deletions
diff --git a/apps/settings/lib/Controller/AuthSettingsController.php b/apps/settings/lib/Controller/AuthSettingsController.php index 7248127fd6b..7f6d74e5fc7 100644 --- a/apps/settings/lib/Controller/AuthSettingsController.php +++ b/apps/settings/lib/Controller/AuthSettingsController.php @@ -289,7 +289,13 @@ class AuthSettingsController extends Controller { * @throws \OC\Authentication\Exceptions\ExpiredTokenException */ public function wipe(int $id): JSONResponse { - if (!$this->remoteWipe->markTokenForWipe($id)) { + try { + $token = $this->findTokenByIdAndUser($id); + } catch (InvalidTokenException $e) { + return new JSONResponse([], Http::STATUS_NOT_FOUND); + } + + if (!$this->remoteWipe->markTokenForWipe($token)) { return new JSONResponse([], Http::STATUS_BAD_REQUEST); } diff --git a/apps/settings/tests/Controller/AuthSettingsControllerTest.php b/apps/settings/tests/Controller/AuthSettingsControllerTest.php index 923a63d706c..1d24a90794f 100644 --- a/apps/settings/tests/Controller/AuthSettingsControllerTest.php +++ b/apps/settings/tests/Controller/AuthSettingsControllerTest.php @@ -36,6 +36,7 @@ use OC\Authentication\Exceptions\InvalidTokenException; use OC\Authentication\Token\DefaultToken; use OC\Authentication\Token\IProvider; use OC\Authentication\Token\IToken; +use OC\Authentication\Token\IWipeableToken; use OC\Authentication\Token\RemoteWipe; use OCA\Settings\Controller\AuthSettingsController; use OCP\Activity\IEvent; @@ -428,9 +429,15 @@ class AuthSettingsControllerTest extends TestCase { } public function testRemoteWipeNotSuccessful(): void { + $token = $this->createMock(IToken::class); + $token->expects($this->once()) + ->method('getUID') + ->willReturn($this->uid); + $this->mockGetTokenById(123, $token); + $this->remoteWipe->expects($this->once()) ->method('markTokenForWipe') - ->with(123) + ->with($token) ->willReturn(false); $response = $this->controller->wipe(123); @@ -439,10 +446,32 @@ class AuthSettingsControllerTest extends TestCase { $this->assertEquals($expected, $response); } + public function testRemoteWipeWrongUser(): void { + $token = $this->createMock(IToken::class); + $token->expects($this->once()) + ->method('getUID') + ->willReturn('definetly-not-' . $this->uid); + $this->mockGetTokenById(123, $token); + + $this->remoteWipe->expects($this->never()) + ->method('markTokenForWipe'); + + $response = $this->controller->wipe(123); + + $expected = new JSONResponse([], Http::STATUS_NOT_FOUND); + $this->assertEquals($expected, $response); + } + public function testRemoteWipeSuccessful(): void { + $token = $this->createMock(IWipeableToken::class); + $token->expects($this->once()) + ->method('getUID') + ->willReturn($this->uid); + $this->mockGetTokenById(123, $token); + $this->remoteWipe->expects($this->once()) ->method('markTokenForWipe') - ->with(123) + ->with($token) ->willReturn(true); $response = $this->controller->wipe(123); |