diff options
| author | Arthur Schiwon <blizzz@arthur-schiwon.de> | 2023-06-14 22:53:17 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-06-14 22:53:17 +0200 |
| commit | a330459eaa6b8d69ba169c31075a3599eb683319 (patch) | |
| tree | c1257f3732e34726689f4f625180205c25bf87d8 /apps | |
| parent | 98cbcc010920d0ce6fb7f052951ae0417300ca1d (diff) | |
| parent | 7f7f824cbf5fd66f100545163939ff3fdfd150ce (diff) | |
| download | nextcloud-server-a330459eaa6b8d69ba169c31075a3599eb683319.tar.gz nextcloud-server-a330459eaa6b8d69ba169c31075a3599eb683319.zip | |
Merge pull request #38709 from nextcloud/backport/38398/stable25
[stable25] Store encrypted OAuth2 client secrets
Diffstat (limited to 'apps')
| -rw-r--r-- | apps/oauth2/appinfo/info.xml | 2 | ||||
| -rw-r--r-- | apps/oauth2/composer/composer/LICENSE | 2 | ||||
| -rw-r--r-- | apps/oauth2/composer/composer/autoload_classmap.php | 1 | ||||
| -rw-r--r-- | apps/oauth2/composer/composer/autoload_static.php | 1 | ||||
| -rw-r--r-- | apps/oauth2/lib/Controller/OauthApiController.php | 15 | ||||
| -rw-r--r-- | apps/oauth2/lib/Controller/SettingsController.php | 13 | ||||
| -rw-r--r-- | apps/oauth2/lib/Migration/Version011601Date20230522143227.php | 83 | ||||
| -rw-r--r-- | apps/oauth2/lib/Settings/Admin.php | 29 | ||||
| -rw-r--r-- | apps/oauth2/tests/Controller/OauthApiControllerTest.php | 73 | ||||
| -rw-r--r-- | apps/oauth2/tests/Controller/SettingsControllerTest.php | 14 | ||||
| -rw-r--r-- | apps/oauth2/tests/Db/ClientMapperTest.php | 10 | ||||
| -rw-r--r-- | apps/oauth2/tests/Settings/AdminTest.php | 12 |
12 files changed, 212 insertions, 43 deletions
diff --git a/apps/oauth2/appinfo/info.xml b/apps/oauth2/appinfo/info.xml index 6eed9b9d18e..2dfce30e494 100644 --- a/apps/oauth2/appinfo/info.xml +++ b/apps/oauth2/appinfo/info.xml @@ -5,7 +5,7 @@ <name>OAuth 2.0</name> <summary>Allows OAuth2 compatible authentication from other web applications.</summary> <description>The OAuth2 app allows administrators to configure the built-in authentication workflow to also allow OAuth2 compatible authentication from other web applications.</description> - <version>1.13.0</version> + <version>1.13.1</version> <licence>agpl</licence> <author>Lukas Reschke</author> <namespace>OAuth2</namespace> diff --git a/apps/oauth2/composer/composer/LICENSE b/apps/oauth2/composer/composer/LICENSE index f27399a042d..62ecfd8d004 100644 --- a/apps/oauth2/composer/composer/LICENSE +++ b/apps/oauth2/composer/composer/LICENSE @@ -1,4 +1,3 @@ - Copyright (c) Nils Adermann, Jordi Boggiano Permission is hereby granted, free of charge, to any person obtaining a copy @@ -18,4 +17,3 @@ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. - diff --git a/apps/oauth2/composer/composer/autoload_classmap.php b/apps/oauth2/composer/composer/autoload_classmap.php index d760d7cd579..09cacb20335 100644 --- a/apps/oauth2/composer/composer/autoload_classmap.php +++ b/apps/oauth2/composer/composer/autoload_classmap.php @@ -19,5 +19,6 @@ return array( 'OCA\\OAuth2\\Migration\\SetTokenExpiration' => $baseDir . '/../lib/Migration/SetTokenExpiration.php', 'OCA\\OAuth2\\Migration\\Version010401Date20181207190718' => $baseDir . '/../lib/Migration/Version010401Date20181207190718.php', 'OCA\\OAuth2\\Migration\\Version010402Date20190107124745' => $baseDir . '/../lib/Migration/Version010402Date20190107124745.php', + 'OCA\\OAuth2\\Migration\\Version011601Date20230522143227' => $baseDir . '/../lib/Migration/Version011601Date20230522143227.php', 'OCA\\OAuth2\\Settings\\Admin' => $baseDir . '/../lib/Settings/Admin.php', ); diff --git a/apps/oauth2/composer/composer/autoload_static.php b/apps/oauth2/composer/composer/autoload_static.php index c8f3a388c78..1442093e32f 100644 --- a/apps/oauth2/composer/composer/autoload_static.php +++ b/apps/oauth2/composer/composer/autoload_static.php @@ -34,6 +34,7 @@ class ComposerStaticInitOAuth2 'OCA\\OAuth2\\Migration\\SetTokenExpiration' => __DIR__ . '/..' . '/../lib/Migration/SetTokenExpiration.php', 'OCA\\OAuth2\\Migration\\Version010401Date20181207190718' => __DIR__ . '/..' . '/../lib/Migration/Version010401Date20181207190718.php', 'OCA\\OAuth2\\Migration\\Version010402Date20190107124745' => __DIR__ . '/..' . '/../lib/Migration/Version010402Date20190107124745.php', + 'OCA\\OAuth2\\Migration\\Version011601Date20230522143227' => __DIR__ . '/..' . '/../lib/Migration/Version011601Date20230522143227.php', 'OCA\\OAuth2\\Settings\\Admin' => __DIR__ . '/..' . '/../lib/Settings/Admin.php', ); diff --git a/apps/oauth2/lib/Controller/OauthApiController.php b/apps/oauth2/lib/Controller/OauthApiController.php index 910fdc99432..0dcc2a2cf71 100644 --- a/apps/oauth2/lib/Controller/OauthApiController.php +++ b/apps/oauth2/lib/Controller/OauthApiController.php @@ -42,6 +42,7 @@ use OCP\AppFramework\Utility\ITimeFactory; use OCP\IRequest; use OCP\Security\ICrypto; use OCP\Security\ISecureRandom; +use Psr\Log\LoggerInterface; class OauthApiController extends Controller { /** @var AccessTokenMapper */ @@ -58,6 +59,8 @@ class OauthApiController extends Controller { private $time; /** @var Throttler */ private $throttler; + /** @var LoggerInterface */ + private $logger; public function __construct(string $appName, IRequest $request, @@ -67,6 +70,7 @@ class OauthApiController extends Controller { TokenProvider $tokenProvider, ISecureRandom $secureRandom, ITimeFactory $time, + LoggerInterface $logger, Throttler $throttler) { parent::__construct($appName, $request); $this->crypto = $crypto; @@ -76,6 +80,7 @@ class OauthApiController extends Controller { $this->secureRandom = $secureRandom; $this->time = $time; $this->throttler = $throttler; + $this->logger = $logger; } /** @@ -124,8 +129,16 @@ class OauthApiController extends Controller { $client_secret = $this->request->server['PHP_AUTH_PW']; } + try { + $storedClientSecret = $this->crypto->decrypt($client->getSecret()); + } catch (\Exception $e) { + $this->logger->error('OAuth client secret decryption error', ['exception' => $e]); + return new JSONResponse([ + 'error' => 'invalid_client', + ], Http::STATUS_BAD_REQUEST); + } // The client id and secret must match. Else we don't provide an access token! - if ($client->getClientIdentifier() !== $client_id || $client->getSecret() !== $client_secret) { + if ($client->getClientIdentifier() !== $client_id || $storedClientSecret !== $client_secret) { return new JSONResponse([ 'error' => 'invalid_client', ], Http::STATUS_BAD_REQUEST); diff --git a/apps/oauth2/lib/Controller/SettingsController.php b/apps/oauth2/lib/Controller/SettingsController.php index 046e6d77041..d3c9239ba56 100644 --- a/apps/oauth2/lib/Controller/SettingsController.php +++ b/apps/oauth2/lib/Controller/SettingsController.php @@ -39,6 +39,7 @@ use OCP\AppFramework\Http\JSONResponse; use OCP\IL10N; use OCP\IRequest; use OCP\Security\ISecureRandom; +use OCP\Security\ICrypto; class SettingsController extends Controller { /** @var ClientMapper */ @@ -49,6 +50,8 @@ class SettingsController extends Controller { private $accessTokenMapper; /** @var IL10N */ private $l; + /** @var ICrypto */ + private $crypto; public const validChars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789'; @@ -57,13 +60,15 @@ class SettingsController extends Controller { ClientMapper $clientMapper, ISecureRandom $secureRandom, AccessTokenMapper $accessTokenMapper, - IL10N $l + IL10N $l, + ICrypto $crypto ) { parent::__construct($appName, $request); $this->secureRandom = $secureRandom; $this->clientMapper = $clientMapper; $this->accessTokenMapper = $accessTokenMapper; $this->l = $l; + $this->crypto = $crypto; } public function addClient(string $name, @@ -75,7 +80,9 @@ class SettingsController extends Controller { $client = new Client(); $client->setName($name); $client->setRedirectUri($redirectUri); - $client->setSecret($this->secureRandom->generate(64, self::validChars)); + $secret = $this->secureRandom->generate(64, self::validChars); + $encryptedSecret = $this->crypto->encrypt($secret); + $client->setSecret($encryptedSecret); $client->setClientIdentifier($this->secureRandom->generate(64, self::validChars)); $client = $this->clientMapper->insert($client); @@ -84,7 +91,7 @@ class SettingsController extends Controller { 'name' => $client->getName(), 'redirectUri' => $client->getRedirectUri(), 'clientId' => $client->getClientIdentifier(), - 'clientSecret' => $client->getSecret(), + 'clientSecret' => $secret, ]; return new JSONResponse($result); diff --git a/apps/oauth2/lib/Migration/Version011601Date20230522143227.php b/apps/oauth2/lib/Migration/Version011601Date20230522143227.php new file mode 100644 index 00000000000..04de857fd47 --- /dev/null +++ b/apps/oauth2/lib/Migration/Version011601Date20230522143227.php @@ -0,0 +1,83 @@ +<?php + +declare(strict_types=1); + +/** + * @copyright Copyright 2023, Julien Veyssier <julien-nc@posteo.net> + * + * @author Julien Veyssier <julien-nc@posteo.net> + * + * @license GNU AGPL version 3 or any later version + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + */ +namespace OCA\OAuth2\Migration; + +use Closure; +use OCP\DB\ISchemaWrapper; +use OCP\DB\QueryBuilder\IQueryBuilder; +use OCP\IDBConnection; +use OCP\Migration\IOutput; +use OCP\Migration\SimpleMigrationStep; +use OCP\Security\ICrypto; + +class Version011601Date20230522143227 extends SimpleMigrationStep { + private IDBConnection $connection; + private ICrypto $crypto; + + public function __construct(IDBConnection $connection, ICrypto $crypto) { + $this->connection = $connection; + $this->crypto = $crypto; + } + + public function changeSchema(IOutput $output, Closure $schemaClosure, array $options) { + /** @var ISchemaWrapper $schema */ + $schema = $schemaClosure(); + + if ($schema->hasTable('oauth2_clients')) { + $table = $schema->getTable('oauth2_clients'); + if ($table->hasColumn('secret')) { + $column = $table->getColumn('secret'); + $column->setLength(512); + return $schema; + } + } + + return null; + } + + public function postSchemaChange(IOutput $output, Closure $schemaClosure, array $options) { + $qbUpdate = $this->connection->getQueryBuilder(); + $qbUpdate->update('oauth2_clients') + ->set('secret', $qbUpdate->createParameter('updateSecret')) + ->where( + $qbUpdate->expr()->eq('id', $qbUpdate->createParameter('updateId')) + ); + + $qbSelect = $this->connection->getQueryBuilder(); + $qbSelect->select('id', 'secret') + ->from('oauth2_clients'); + $req = $qbSelect->executeQuery(); + while ($row = $req->fetch()) { + $id = $row['id']; + $secret = $row['secret']; + $encryptedSecret = $this->crypto->encrypt($secret); + $qbUpdate->setParameter('updateSecret', $encryptedSecret, IQueryBuilder::PARAM_STR); + $qbUpdate->setParameter('updateId', $id, IQueryBuilder::PARAM_INT); + $qbUpdate->executeStatement(); + } + $req->closeCursor(); + } +} diff --git a/apps/oauth2/lib/Settings/Admin.php b/apps/oauth2/lib/Settings/Admin.php index aa2bd6db012..eb809f27d6f 100644 --- a/apps/oauth2/lib/Settings/Admin.php +++ b/apps/oauth2/lib/Settings/Admin.php @@ -29,22 +29,30 @@ namespace OCA\OAuth2\Settings; use OCA\OAuth2\Db\ClientMapper; use OCP\AppFramework\Http\TemplateResponse; use OCP\AppFramework\Services\IInitialState; +use OCP\Security\ICrypto; use OCP\Settings\ISettings; use OCP\IURLGenerator; +use Psr\Log\LoggerInterface; class Admin implements ISettings { private IInitialState $initialState; private ClientMapper $clientMapper; private IURLGenerator $urlGenerator; + private ICrypto $crypto; + private LoggerInterface $logger; public function __construct( IInitialState $initialState, ClientMapper $clientMapper, - IURLGenerator $urlGenerator + IURLGenerator $urlGenerator, + ICrypto $crypto, + LoggerInterface $logger ) { $this->initialState = $initialState; $this->clientMapper = $clientMapper; $this->urlGenerator = $urlGenerator; + $this->crypto = $crypto; + $this->logger = $logger; } public function getForm(): TemplateResponse { @@ -52,13 +60,18 @@ class Admin implements ISettings { $result = []; foreach ($clients as $client) { - $result[] = [ - 'id' => $client->getId(), - 'name' => $client->getName(), - 'redirectUri' => $client->getRedirectUri(), - 'clientId' => $client->getClientIdentifier(), - 'clientSecret' => $client->getSecret(), - ]; + try { + $secret = $this->crypto->decrypt($client->getSecret()); + $result[] = [ + 'id' => $client->getId(), + 'name' => $client->getName(), + 'redirectUri' => $client->getRedirectUri(), + 'clientId' => $client->getClientIdentifier(), + 'clientSecret' => $secret, + ]; + } catch (\Exception $e) { + $this->logger->error('[Settings] OAuth client secret decryption error', ['exception' => $e]); + } } $this->initialState->provideInitialState('clients', $result); $this->initialState->provideInitialState('oauth2-doc-link', $this->urlGenerator->linkToDocs('admin-oauth2')); diff --git a/apps/oauth2/tests/Controller/OauthApiControllerTest.php b/apps/oauth2/tests/Controller/OauthApiControllerTest.php index 24385e785e5..afaffac336f 100644 --- a/apps/oauth2/tests/Controller/OauthApiControllerTest.php +++ b/apps/oauth2/tests/Controller/OauthApiControllerTest.php @@ -43,6 +43,7 @@ use OCP\AppFramework\Utility\ITimeFactory; use OCP\IRequest; use OCP\Security\ICrypto; use OCP\Security\ISecureRandom; +use Psr\Log\LoggerInterface; use Test\TestCase; class OauthApiControllerTest extends TestCase { @@ -62,6 +63,8 @@ class OauthApiControllerTest extends TestCase { private $time; /** @var Throttler|\PHPUnit\Framework\MockObject\MockObject */ private $throttler; + /** @var LoggerInterface|\PHPUnit\Framework\MockObject\MockObject */ + private $logger; /** @var OauthApiController */ private $oauthApiController; @@ -76,6 +79,7 @@ class OauthApiControllerTest extends TestCase { $this->secureRandom = $this->createMock(ISecureRandom::class); $this->time = $this->createMock(ITimeFactory::class); $this->throttler = $this->createMock(Throttler::class); + $this->logger = $this->createMock(LoggerInterface::class); $this->oauthApiController = new OauthApiController( 'oauth2', @@ -86,6 +90,7 @@ class OauthApiControllerTest extends TestCase { $this->tokenProvider, $this->secureRandom, $this->time, + $this->logger, $this->throttler ); } @@ -193,16 +198,21 @@ class OauthApiControllerTest extends TestCase { $client = new Client(); $client->setClientIdentifier('clientId'); - $client->setSecret('clientSecret'); + $client->setSecret('encryptedClientSecret'); $this->clientMapper->method('getByUid') ->with(42) ->willReturn($client); - $this->crypto->method('decrypt') - ->with( - 'encryptedToken', - 'validrefresh' - )->willReturn('decryptedToken'); + $this->crypto + ->method('decrypt') + ->with($this->callback(function (string $text) { + return $text === 'encryptedClientSecret' || $text === 'encryptedToken'; + })) + ->willReturnCallback(function (string $text) { + return $text === 'encryptedClientSecret' + ? 'clientSecret' + : ($text === 'encryptedToken' ? 'decryptedToken' : ''); + }); $this->tokenProvider->method('getTokenById') ->with(1337) @@ -227,16 +237,21 @@ class OauthApiControllerTest extends TestCase { $client = new Client(); $client->setClientIdentifier('clientId'); - $client->setSecret('clientSecret'); + $client->setSecret('encryptedClientSecret'); $this->clientMapper->method('getByUid') ->with(42) ->willReturn($client); - $this->crypto->method('decrypt') - ->with( - 'encryptedToken', - 'validrefresh' - )->willReturn('decryptedToken'); + $this->crypto + ->method('decrypt') + ->with($this->callback(function (string $text) { + return $text === 'encryptedClientSecret' || $text === 'encryptedToken'; + })) + ->willReturnCallback(function (string $text) { + return $text === 'encryptedClientSecret' + ? 'clientSecret' + : ($text === 'encryptedToken' ? 'decryptedToken' : ''); + }); $appToken = new PublicKeyToken(); $appToken->setUid('userId'); @@ -319,16 +334,21 @@ class OauthApiControllerTest extends TestCase { $client = new Client(); $client->setClientIdentifier('clientId'); - $client->setSecret('clientSecret'); + $client->setSecret('encryptedClientSecret'); $this->clientMapper->method('getByUid') ->with(42) ->willReturn($client); - $this->crypto->method('decrypt') - ->with( - 'encryptedToken', - 'validrefresh' - )->willReturn('decryptedToken'); + $this->crypto + ->method('decrypt') + ->with($this->callback(function (string $text) { + return $text === 'encryptedClientSecret' || $text === 'encryptedToken'; + })) + ->willReturnCallback(function (string $text) { + return $text === 'encryptedClientSecret' + ? 'clientSecret' + : ($text === 'encryptedToken' ? 'decryptedToken' : ''); + }); $appToken = new PublicKeyToken(); $appToken->setUid('userId'); @@ -414,16 +434,21 @@ class OauthApiControllerTest extends TestCase { $client = new Client(); $client->setClientIdentifier('clientId'); - $client->setSecret('clientSecret'); + $client->setSecret('encryptedClientSecret'); $this->clientMapper->method('getByUid') ->with(42) ->willReturn($client); - $this->crypto->method('decrypt') - ->with( - 'encryptedToken', - 'validrefresh' - )->willReturn('decryptedToken'); + $this->crypto + ->method('decrypt') + ->with($this->callback(function (string $text) { + return $text === 'encryptedClientSecret' || $text === 'encryptedToken'; + })) + ->willReturnCallback(function (string $text) { + return $text === 'encryptedClientSecret' + ? 'clientSecret' + : ($text === 'encryptedToken' ? 'decryptedToken' : ''); + }); $appToken = new PublicKeyToken(); $appToken->setUid('userId'); diff --git a/apps/oauth2/tests/Controller/SettingsControllerTest.php b/apps/oauth2/tests/Controller/SettingsControllerTest.php index 216655190ae..3c7083747fc 100644 --- a/apps/oauth2/tests/Controller/SettingsControllerTest.php +++ b/apps/oauth2/tests/Controller/SettingsControllerTest.php @@ -34,6 +34,7 @@ use OCP\AppFramework\Http; use OCP\AppFramework\Http\JSONResponse; use OCP\IL10N; use OCP\IRequest; +use OCP\Security\ICrypto; use OCP\Security\ISecureRandom; use Test\TestCase; @@ -48,6 +49,8 @@ class SettingsControllerTest extends TestCase { private $accessTokenMapper; /** @var SettingsController */ private $settingsController; + /** @var ICrypto|\PHPUnit\Framework\MockObject\MockObject */ + private $crypto; protected function setUp(): void { parent::setUp(); @@ -59,6 +62,7 @@ class SettingsControllerTest extends TestCase { $l = $this->createMock(IL10N::class); $l->method('t') ->willReturnArgument(0); + $this->crypto = $this->createMock(ICrypto::class); $this->settingsController = new SettingsController( 'oauth2', @@ -66,7 +70,8 @@ class SettingsControllerTest extends TestCase { $this->clientMapper, $this->secureRandom, $this->accessTokenMapper, - $l + $l, + $this->crypto ); } @@ -79,6 +84,11 @@ class SettingsControllerTest extends TestCase { 'MySecret', 'MyClientIdentifier'); + $this->crypto + ->expects($this->once()) + ->method('encrypt') + ->willReturn('MyEncryptedSecret'); + $client = new Client(); $client->setName('My Client Name'); $client->setRedirectUri('https://example.com/'); @@ -91,7 +101,7 @@ class SettingsControllerTest extends TestCase { ->with($this->callback(function (Client $c) { return $c->getName() === 'My Client Name' && $c->getRedirectUri() === 'https://example.com/' && - $c->getSecret() === 'MySecret' && + $c->getSecret() === 'MyEncryptedSecret' && $c->getClientIdentifier() === 'MyClientIdentifier'; }))->willReturnCallback(function (Client $c) { $c->setId(42); diff --git a/apps/oauth2/tests/Db/ClientMapperTest.php b/apps/oauth2/tests/Db/ClientMapperTest.php index fdc458fa301..5da048d4b47 100644 --- a/apps/oauth2/tests/Db/ClientMapperTest.php +++ b/apps/oauth2/tests/Db/ClientMapperTest.php @@ -84,4 +84,14 @@ class ClientMapperTest extends TestCase { public function testGetClients() { $this->assertSame('array', gettype($this->clientMapper->getClients())); } + + public function testInsertLongEncryptedSecret(): void { + $client = new Client(); + $client->setClientIdentifier('MyNewClient'); + $client->setName('Client Name'); + $client->setRedirectUri('https://example.com/'); + $client->setSecret('b81dc8e2dc178817bf28ca7b37265aa96559ca02e6dcdeb74b42221d096ed5ef63681e836ae0ba1077b5fb5e6c2fa7748c78463f66fe0110c8dcb8dd7eb0305b16d0cd993e2ae275879994a2abf88c68|e466d9befa6b0102341458e45ecd551a|013af9e277374483123437f180a3b0371a411ad4f34c451547909769181a7d7cc191f0f5c2de78376d124dd7751b8c9660aabdd913f5e071fc6b819ba2e3d919|3'); + $this->clientMapper->insert($client); + $this->assertTrue(true); + } } diff --git a/apps/oauth2/tests/Settings/AdminTest.php b/apps/oauth2/tests/Settings/AdminTest.php index fc5ebbb8365..afbed91b078 100644 --- a/apps/oauth2/tests/Settings/AdminTest.php +++ b/apps/oauth2/tests/Settings/AdminTest.php @@ -28,7 +28,9 @@ use OCA\OAuth2\Settings\Admin; use OCP\AppFramework\Http\TemplateResponse; use OCP\AppFramework\Services\IInitialState; use OCP\IURLGenerator; +use OCP\Security\ICrypto; use PHPUnit\Framework\MockObject\MockObject; +use Psr\Log\LoggerInterface; use Test\TestCase; class AdminTest extends TestCase { @@ -36,7 +38,7 @@ class AdminTest extends TestCase { /** @var Admin|MockObject */ private $admin; - /** @var IInitialStateService|MockObject */ + /** @var IInitialState|MockObject */ private $initialState; /** @var ClientMapper|MockObject */ @@ -48,7 +50,13 @@ class AdminTest extends TestCase { $this->initialState = $this->createMock(IInitialState::class); $this->clientMapper = $this->createMock(ClientMapper::class); - $this->admin = new Admin($this->initialState, $this->clientMapper, $this->createMock(IURLGenerator::class)); + $this->admin = new Admin( + $this->initialState, + $this->clientMapper, + $this->createMock(IURLGenerator::class), + $this->createMock(ICrypto::class), + $this->createMock(LoggerInterface::class) + ); } public function testGetForm() { |