diff options
| author | Lukas Reschke <lukas@owncloud.com> | 2015-08-22 20:42:45 +0200 |
|---|---|---|
| committer | Lukas Reschke <lukas@owncloud.com> | 2015-08-22 20:42:45 +0200 |
| commit | db4cb1dd4d1266c3284052fcbbfc0acc042485a2 (patch) | |
| tree | 1043ff59bd7785f0ec0bf5777dac327f34cdc3df /tests/core | |
| parent | 510010e774c4019b7fc616c90085649abb7afac3 (diff) | |
| download | nextcloud-server-db4cb1dd4d1266c3284052fcbbfc0acc042485a2.tar.gz nextcloud-server-db4cb1dd4d1266c3284052fcbbfc0acc042485a2.zip | |
Expire token after 12h and if user logged-in again
As an hardening measure we should expire password reset tokens after 12h and if the user has logged-in again successfully after the token was requested.
Diffstat (limited to 'tests/core')
| -rw-r--r-- | tests/core/lostpassword/controller/lostcontrollertest.php | 123 |
1 files changed, 116 insertions, 7 deletions
diff --git a/tests/core/lostpassword/controller/lostcontrollertest.php b/tests/core/lostpassword/controller/lostcontrollertest.php index f82fc1ba3ff..0f8cb4fc5c8 100644 --- a/tests/core/lostpassword/controller/lostcontrollertest.php +++ b/tests/core/lostpassword/controller/lostcontrollertest.php @@ -1,9 +1,22 @@ <?php /** - * Copyright (c) 2014-2015 Lukas Reschke <lukas@owncloud.com> - * This file is licensed under the Affero General Public License version 3 or - * later. - * See the COPYING-README file. + * @author Lukas Reschke <lukas@owncloud.com> + * + * @copyright Copyright (c) 2015, ownCloud, Inc. + * @license AGPL-3.0 + * + * This code is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License, version 3, + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License, version 3, + * along with this program. If not, see <http://www.gnu.org/licenses/> + * */ namespace OC\Core\LostPassword\Controller; @@ -47,6 +60,8 @@ class LostControllerTest extends \PHPUnit_Framework_TestCase { ->disableOriginalConstructor()->getMock(); $this->container['SecureRandom'] = $this->getMockBuilder('\OCP\Security\ISecureRandom') ->disableOriginalConstructor()->getMock(); + $this->container['TimeFactory'] = $this->getMockBuilder('\OCP\AppFramework\Utility\ITimeFactory') + ->disableOriginalConstructor()->getMock(); $this->container['IsEncryptionEnabled'] = true; $this->lostController = $this->container['LostController']; } @@ -116,6 +131,10 @@ class LostControllerTest extends \PHPUnit_Framework_TestCase { ->method('userExists') ->with('ExistingUser') ->will($this->returnValue(true)); + $this->container['TimeFactory'] + ->expects($this->once()) + ->method('getTime') + ->will($this->returnValue(12348)); $this->container['Config'] ->expects($this->once()) ->method('getUserValue') @@ -128,7 +147,7 @@ class LostControllerTest extends \PHPUnit_Framework_TestCase { $this->container['Config'] ->expects($this->once()) ->method('setUserValue') - ->with('ExistingUser', 'owncloud', 'lostpassword', 'ThisIsMaybeANotSoSecretToken!'); + ->with('ExistingUser', 'owncloud', 'lostpassword', '12348:ThisIsMaybeANotSoSecretToken!'); $this->container['URLGenerator'] ->expects($this->once()) ->method('linkToRouteAbsolute') @@ -190,7 +209,11 @@ class LostControllerTest extends \PHPUnit_Framework_TestCase { $this->container['Config'] ->expects($this->once()) ->method('setUserValue') - ->with('ExistingUser', 'owncloud', 'lostpassword', 'ThisIsMaybeANotSoSecretToken!'); + ->with('ExistingUser', 'owncloud', 'lostpassword', '12348:ThisIsMaybeANotSoSecretToken!'); + $this->container['TimeFactory'] + ->expects($this->once()) + ->method('getTime') + ->will($this->returnValue(12348)); $this->container['URLGenerator'] ->expects($this->once()) ->method('linkToRouteAbsolute') @@ -256,9 +279,13 @@ class LostControllerTest extends \PHPUnit_Framework_TestCase { ->expects($this->once()) ->method('getUserValue') ->with('ValidTokenUser', 'owncloud', 'lostpassword', null) - ->will($this->returnValue('TheOnlyAndOnlyOneTokenToResetThePassword')); + ->will($this->returnValue('12345:TheOnlyAndOnlyOneTokenToResetThePassword')); $user = $this->getMockBuilder('\OCP\IUser') ->disableOriginalConstructor()->getMock(); + $user + ->expects($this->once()) + ->method('getLastLogin') + ->will($this->returnValue(12344)); $user->expects($this->once()) ->method('setPassword') ->with('NewPassword') @@ -272,12 +299,94 @@ class LostControllerTest extends \PHPUnit_Framework_TestCase { ->expects($this->once()) ->method('deleteUserValue') ->with('ValidTokenUser', 'owncloud', 'lostpassword'); + $this->container['TimeFactory'] + ->expects($this->once()) + ->method('getTime') + ->will($this->returnValue(12348)); $response = $this->lostController->setPassword('TheOnlyAndOnlyOneTokenToResetThePassword', 'ValidTokenUser', 'NewPassword', true); $expectedResponse = array('status' => 'success'); $this->assertSame($expectedResponse, $response); } + public function testSetPasswordExpiredToken() { + $this->container['Config'] + ->expects($this->once()) + ->method('getUserValue') + ->with('ValidTokenUser', 'owncloud', 'lostpassword', null) + ->will($this->returnValue('12345:TheOnlyAndOnlyOneTokenToResetThePassword')); + $user = $this->getMockBuilder('\OCP\IUser') + ->disableOriginalConstructor()->getMock(); + $this->container['UserManager'] + ->expects($this->once()) + ->method('get') + ->with('ValidTokenUser') + ->will($this->returnValue($user)); + $this->container['TimeFactory'] + ->expects($this->once()) + ->method('getTime') + ->will($this->returnValue(55546)); + + $response = $this->lostController->setPassword('TheOnlyAndOnlyOneTokenToResetThePassword', 'ValidTokenUser', 'NewPassword', true); + $expectedResponse = [ + 'status' => 'error', + 'msg' => 'Couldn\'t reset password because the token is expired', + ]; + $this->assertSame($expectedResponse, $response); + } + + public function testSetPasswordInvalidDataInDb() { + $this->container['Config'] + ->expects($this->once()) + ->method('getUserValue') + ->with('ValidTokenUser', 'owncloud', 'lostpassword', null) + ->will($this->returnValue('TheOnlyAndOnlyOneTokenToResetThePassword')); + $user = $this->getMockBuilder('\OCP\IUser') + ->disableOriginalConstructor()->getMock(); + $this->container['UserManager'] + ->expects($this->once()) + ->method('get') + ->with('ValidTokenUser') + ->will($this->returnValue($user)); + + $response = $this->lostController->setPassword('TheOnlyAndOnlyOneTokenToResetThePassword', 'ValidTokenUser', 'NewPassword', true); + $expectedResponse = [ + 'status' => 'error', + 'msg' => 'Couldn\'t reset password because the token is invalid', + ]; + $this->assertSame($expectedResponse, $response); + } + + public function testSetPasswordExpiredTokenDueToLogin() { + $this->container['Config'] + ->expects($this->once()) + ->method('getUserValue') + ->with('ValidTokenUser', 'owncloud', 'lostpassword', null) + ->will($this->returnValue('12345:TheOnlyAndOnlyOneTokenToResetThePassword')); + $user = $this->getMockBuilder('\OCP\IUser') + ->disableOriginalConstructor()->getMock(); + $user + ->expects($this->once()) + ->method('getLastLogin') + ->will($this->returnValue(12346)); + $this->container['UserManager'] + ->expects($this->once()) + ->method('get') + ->with('ValidTokenUser') + ->will($this->returnValue($user)); + $this->container['TimeFactory'] + ->expects($this->once()) + ->method('getTime') + ->will($this->returnValue(12345)); + + $response = $this->lostController->setPassword('TheOnlyAndOnlyOneTokenToResetThePassword', 'ValidTokenUser', 'NewPassword', true); + $expectedResponse = [ + 'status' => 'error', + 'msg' => 'Couldn\'t reset password because the token is expired', + ]; + $this->assertSame($expectedResponse, $response); + } + public function testIsSetPasswordWithoutTokenFailing() { $this->container['Config'] ->expects($this->once()) |