diff options
| author | Lukas Reschke <lukas@statuscode.ch> | 2017-04-18 17:55:51 +0200 |
|---|---|---|
| committer | Lukas Reschke <lukas@statuscode.ch> | 2017-04-18 17:55:51 +0200 |
| commit | 805419bb952b937ae980c198162f8f7dd30ff6d2 (patch) | |
| tree | 90e4b587e1ee0547ddc6ada57c799b4c91a57c31 /tests/Core | |
| parent | b072d2c49d6f61c2b55abf12e04bdf2166dbd4f4 (diff) | |
| download | nextcloud-server-805419bb952b937ae980c198162f8f7dd30ff6d2.tar.gz nextcloud-server-805419bb952b937ae980c198162f8f7dd30ff6d2.zip | |
Add bruteforce protection to changePersonalPassword
While the risk is actually quite low because one would already have the user session and could potentially do other havoc it makes sense to throttle here in case of invalid previous password attempts.
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
Diffstat (limited to 'tests/Core')
| -rw-r--r-- | tests/Core/Controller/ChangePasswordControllerTest.php | 70 |
1 files changed, 31 insertions, 39 deletions
diff --git a/tests/Core/Controller/ChangePasswordControllerTest.php b/tests/Core/Controller/ChangePasswordControllerTest.php index 869ef98b514..c426bae9974 100644 --- a/tests/Core/Controller/ChangePasswordControllerTest.php +++ b/tests/Core/Controller/ChangePasswordControllerTest.php @@ -25,45 +25,40 @@ use OC\HintException; use OC\Settings\Controller\ChangePasswordController; use OC\User\Session; use OCP\App\IAppManager; +use OCP\AppFramework\Http\JSONResponse; use OCP\IGroupManager; use OCP\IL10N; +use OCP\IRequest; use OCP\IUserManager; class ChangePasswordControllerTest extends \Test\TestCase { - /** @var string */ private $userId = 'currentUser'; - - /** @var IUserManager */ + /** @var IUserManager|\PHPUnit_Framework_MockObject_MockObject */ private $userManager; - - /** @var Session */ + /** @var Session|\PHPUnit_Framework_MockObject_MockObject */ private $userSession; - - /** @var IGroupManager */ + /** @var IGroupManager|\PHPUnit_Framework_MockObject_MockObject */ private $groupManager; - - /** @var IAppManager */ + /** @var IAppManager|\PHPUnit_Framework_MockObject_MockObject */ private $appManager; - - /** @var IL10N */ + /** @var IL10N|\PHPUnit_Framework_MockObject_MockObject */ private $l; - /** @var ChangePasswordController */ private $controller; public function setUp() { parent::setUp(); - $this->userManager = $this->getMockBuilder('OCP\IUserManager')->getMock(); - $this->userSession = $this->getMockBuilder('OC\User\Session')->disableOriginalConstructor()->getMock(); - $this->groupManager = $this->getMockBuilder('OCP\IGroupManager')->getMock(); - $this->appManager = $this->getMockBuilder('OCP\App\IAppManager')->getMock(); - $this->l = $this->getMockBuilder('OCP\IL10N')->getMock(); - + $this->userManager = $this->createMock(IUserManager::class); + $this->userSession = $this->createMock(Session::class); + $this->groupManager = $this->createMock(IGroupManager::class); + $this->appManager = $this->createMock(IAppManager::class); + $this->l = $this->createMock(IL10N::class); $this->l->method('t')->will($this->returnArgument(0)); - $request = $this->getMockBuilder('OCP\IRequest')->getMock(); + /** @var IRequest|\PHPUnit_Framework_MockObject_MockObject $request */ + $request = $this->createMock(IRequest::class); $this->controller = new ChangePasswordController( 'core', @@ -83,16 +78,16 @@ class ChangePasswordControllerTest extends \Test\TestCase { ->with($this->userId, 'old') ->willReturn(false); - $expects = [ + $expects = new JSONResponse([ 'status' => 'error', 'data' => [ 'message' => 'Wrong password', ], - ]; - - $res = $this->controller->changePersonalPassword('old', 'new'); + ]); + $expects->throttle(); - $this->assertEquals($expects, $res->getData()); + $actual = $this->controller->changePersonalPassword('old', 'new'); + $this->assertEquals($expects, $actual); } public function testChangePersonalPasswordCommonPassword() { @@ -107,16 +102,15 @@ class ChangePasswordControllerTest extends \Test\TestCase { ->with('new') ->will($this->throwException(new HintException('Common password'))); - $expects = [ + $expects = new JSONResponse([ 'status' => 'error', 'data' => [ 'message' => 'Common password', ], - ]; - - $res = $this->controller->changePersonalPassword('old', 'new'); + ]); - $this->assertEquals($expects, $res->getData()); + $actual = $this->controller->changePersonalPassword('old', 'new'); + $this->assertEquals($expects, $actual); } public function testChangePersonalPasswordNoNewPassword() { @@ -147,13 +141,12 @@ class ChangePasswordControllerTest extends \Test\TestCase { ->with('new') ->willReturn(false); - $expects = [ + $expects = new JSONResponse([ 'status' => 'error', - ]; + ]); - $res = $this->controller->changePersonalPassword('old', 'new'); - - $this->assertEquals($expects, $res->getData()); + $actual = $this->controller->changePersonalPassword('old', 'new'); + $this->assertEquals($expects, $actual); } public function testChangePersonalPassword() { @@ -172,15 +165,14 @@ class ChangePasswordControllerTest extends \Test\TestCase { ->method('updateSessionTokenPassword') ->with('new'); - $expects = [ + $expects = new JSONResponse([ 'status' => 'success', 'data' => [ 'message' => 'Saved', ], - ]; - - $res = $this->controller->changePersonalPassword('old', 'new'); + ]); - $this->assertEquals($expects, $res->getData()); + $actual = $this->controller->changePersonalPassword('old', 'new'); + $this->assertEquals($expects, $actual); } } |