diff options
author | Louis <6653109+artonge@users.noreply.github.com> | 2023-04-24 11:30:43 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-04-24 11:30:43 +0200 |
commit | c0076d9cc0933ff545a9e759d136536b907027d5 (patch) | |
tree | 1eb4a0cd8bd3a8dcec46acfa5e6361fc84c610f7 /apps | |
parent | dcde970bd59e8f42b9d82ed4e66153f368b0a8e3 (diff) | |
parent | d5e7682b6b4897412a970f745da4859ead28896e (diff) | |
download | nextcloud-server-c0076d9cc0933ff545a9e759d136536b907027d5.tar.gz nextcloud-server-c0076d9cc0933ff545a9e759d136536b907027d5.zip |
Merge pull request #37717 from nextcloud/artonge/fix/dont_override_stored_credentials_with_saml
Do not override stored credentials when login in with SAML
Diffstat (limited to 'apps')
-rw-r--r-- | apps/files_external/lib/Listener/StorePasswordListener.php | 4 | ||||
-rw-r--r-- | apps/files_external/tests/Listener/StorePasswordListenerTest.php | 175 |
2 files changed, 177 insertions, 2 deletions
diff --git a/apps/files_external/lib/Listener/StorePasswordListener.php b/apps/files_external/lib/Listener/StorePasswordListener.php index 66232a78a93..f5820eff52c 100644 --- a/apps/files_external/lib/Listener/StorePasswordListener.php +++ b/apps/files_external/lib/Listener/StorePasswordListener.php @@ -59,12 +59,12 @@ class StorePasswordListener implements IEventListener { $newCredentials = $storedCredentials; $shouldUpdate = false; - if (isset($storedCredentials['password']) && $storedCredentials['password'] !== $event->getPassword()) { + if (($storedCredentials['password'] ?? null) !== $event->getPassword() && $event->getPassword() !== null) { $shouldUpdate = true; $newCredentials['password'] = $event->getPassword(); } - if (isset($storedCredentials['user']) && $event instanceof UserLoggedInEvent && $storedCredentials['user'] !== $event->getLoginName()) { + if ($event instanceof UserLoggedInEvent && ($storedCredentials['user'] ?? null) !== $event->getLoginName()) { $shouldUpdate = true; $newCredentials['user'] = $event->getLoginName(); } diff --git a/apps/files_external/tests/Listener/StorePasswordListenerTest.php b/apps/files_external/tests/Listener/StorePasswordListenerTest.php new file mode 100644 index 00000000000..fd7e147aebf --- /dev/null +++ b/apps/files_external/tests/Listener/StorePasswordListenerTest.php @@ -0,0 +1,175 @@ +<?php + +declare(strict_types=1); + +/** + * @copyright Copyright (c) 2023, Louis Chmn <louis@chmn.me> + * + * @author Louis Chmn <louis@chmn.me> + * + * @license GNU AGPL version 3 or any later version + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + */ + +namespace OCA\Files_External\Tests\Listener; + +use OCA\Files_External\Lib\Auth\Password\LoginCredentials; +use OCA\Files_External\Listener\StorePasswordListener; +use OCP\IUser; +use OCP\Security\ICredentialsManager; +use OCP\User\Events\PasswordUpdatedEvent; +use OCP\User\Events\UserLoggedInEvent; +use Test\TestCase; +use PHPUnit\Framework\MockObject\MockObject; + +/** + * @group DB + */ +class StorePasswordListenerTest extends TestCase { + /** @var MockObject|IUser */ + protected $mockedUser; + + protected function setUp(): void { + parent::setUp(); + $this->mockedUser = $this->createMock(IUser::class); + $this->mockedUser + ->expects($this->any()) + ->method('getUID') + ->willReturn('test'); + } + + /** + * @param array|false|null $initialCredentials + * @param UserLoggedInEvent|PasswordUpdatedEvent $event + * @param array|null $expectedCredentials + */ + public function getMockedCredentialManager($initialCredentials, $event, $expectedCredentials) { + $mockedCredentialsManager = $this->createMock(ICredentialsManager::class); + + if ($initialCredentials !== null) { + $mockedCredentialsManager + ->expects($this->once()) + ->method('retrieve') + ->with( + $this->equalTo('test'), + $this->equalTo(LoginCredentials::CREDENTIALS_IDENTIFIER), + ) + ->willReturn($initialCredentials); + } else { + $mockedCredentialsManager + ->expects($this->never()) + ->method('retrieve'); + } + + if ($expectedCredentials !== null) { + $mockedCredentialsManager + ->expects($this->once()) + ->method('store') + ->with( + $this->equalTo('test'), + $this->equalTo(LoginCredentials::CREDENTIALS_IDENTIFIER), + $this->equalTo($expectedCredentials), + ); + } else { + $mockedCredentialsManager + ->expects($this->never()) + ->method('store'); + } + + $storePasswordListener = new StorePasswordListener($mockedCredentialsManager); + $storePasswordListener->handle($event); + } + + public function testClassicLoginSameCredentials() { + $this->getMockedCredentialManager( + [ + 'user' => 'test', + 'password' => 'password', + ], + new UserLoggedInEvent($this->mockedUser, 'test', 'password', false), + null, + ); + } + + public function testClassicLoginNewPassword() { + $this->getMockedCredentialManager( + [ + 'user' => 'test', + 'password' => 'password', + ], + new UserLoggedInEvent($this->mockedUser, 'test', 'password2', false), + [ + 'user' => 'test', + 'password' => 'password2', + ], + ); + } + + public function testClassicLoginNewUser() { + $this->getMockedCredentialManager( + [ + 'user' => 'test', + 'password' => 'password', + ], + new UserLoggedInEvent($this->mockedUser, 'test2', 'password', false), + [ + 'user' => 'test2', + 'password' => 'password', + ], + ); + } + + public function testSSOLogin() { + $this->getMockedCredentialManager( + [ + 'user' => 'test', + 'password' => 'password', + ], + new UserLoggedInEvent($this->mockedUser, 'test', null, false), + null, + ); + } + + public function testPasswordUpdated() { + $this->getMockedCredentialManager( + [ + 'user' => 'test', + 'password' => 'password', + ], + new PasswordUpdatedEvent($this->mockedUser, 'password2'), + [ + 'user' => 'test', + 'password' => 'password2', + ], + ); + } + + public function testUserLoginWithToken() { + $this->getMockedCredentialManager( + null, + new UserLoggedInEvent($this->mockedUser, 'test', 'password', true), + null, + ); + } + + public function testNoInitialCredentials() { + $this->getMockedCredentialManager( + false, + new PasswordUpdatedEvent($this->mockedUser, 'test', 'password'), + null, + ); + } +} |