diff options
| author | Lukas Reschke <lukas@statuscode.ch> | 2017-04-12 20:32:48 +0200 |
|---|---|---|
| committer | Lukas Reschke <lukas@statuscode.ch> | 2017-04-13 12:00:16 +0200 |
| commit | 66835476b59b8be7593d4cfa03a51c4f265d7e26 (patch) | |
| tree | 91770c8fe403da25af50e6336727ab55fe57cd27 /tests/lib/AppFramework | |
| parent | 5505faa3d7b6f5a95f18fe5027355d700d69f396 (diff) | |
| download | nextcloud-server-66835476b59b8be7593d4cfa03a51c4f265d7e26.tar.gz nextcloud-server-66835476b59b8be7593d4cfa03a51c4f265d7e26.zip | |
Add support for ratelimiting via annotations
This allows adding rate limiting via annotations to controllers, as one example:
```
@UserRateThrottle(limit=5, period=100)
@AnonRateThrottle(limit=1, period=100)
```
Would mean that logged-in users can access the page 5 times within 100 seconds, and anonymous users 1 time within 100 seconds. If only an AnonRateThrottle is specified that one will also be applied to logged-in users.
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
Diffstat (limited to 'tests/lib/AppFramework')
| -rw-r--r-- | tests/lib/AppFramework/Middleware/Security/SecurityMiddlewareTest.php | 44 |
1 files changed, 40 insertions, 4 deletions
diff --git a/tests/lib/AppFramework/Middleware/Security/SecurityMiddlewareTest.php b/tests/lib/AppFramework/Middleware/Security/SecurityMiddlewareTest.php index 164ea48de70..2b99c3347f5 100644 --- a/tests/lib/AppFramework/Middleware/Security/SecurityMiddlewareTest.php +++ b/tests/lib/AppFramework/Middleware/Security/SecurityMiddlewareTest.php @@ -40,6 +40,7 @@ use OC\Security\CSP\ContentSecurityPolicyManager; use OC\Security\CSP\ContentSecurityPolicyNonceManager; use OC\Security\CSRF\CsrfToken; use OC\Security\CSRF\CsrfTokenManager; +use OC\Security\RateLimiting\Limiter; use OCP\AppFramework\Controller; use OCP\AppFramework\Http\EmptyContentSecurityPolicy; use OCP\AppFramework\Http\RedirectResponse; @@ -52,6 +53,7 @@ use OCP\INavigationManager; use OCP\IRequest; use OCP\ISession; use OCP\IURLGenerator; +use OCP\IUserSession; use OCP\Security\ISecureRandom; @@ -83,6 +85,10 @@ class SecurityMiddlewareTest extends \Test\TestCase { private $csrfTokenManager; /** @var ContentSecurityPolicyNonceManager|\PHPUnit_Framework_MockObject_MockObject */ private $cspNonceManager; + /** @var IUserSession|\PHPUnit_Framework_MockObject_MockObject */ + private $userSession; + /** @var Limiter|\PHPUnit_Framework_MockObject_MockObject */ + private $limiter; /** @var Throttler|\PHPUnit_Framework_MockObject_MockObject */ private $bruteForceThrottler; @@ -93,6 +99,8 @@ class SecurityMiddlewareTest extends \Test\TestCase { $this->reader = new ControllerMethodReflector(); $this->logger = $this->createMock(ILogger::class); $this->navigationManager = $this->createMock(INavigationManager::class); + $this->userSession = $this->createMock(IUserSession::class); + $this->limiter = $this->createMock(Limiter::class); $this->urlGenerator = $this->createMock(IURLGenerator::class); $this->session = $this->createMock(ISession::class); $this->request = $this->createMock(IRequest::class); @@ -111,6 +119,11 @@ class SecurityMiddlewareTest extends \Test\TestCase { * @return SecurityMiddleware */ private function getMiddleware($isLoggedIn, $isAdminUser) { + $this->userSession + ->expects($this->any()) + ->method('isLoggedIn') + ->willReturn($isLoggedIn); + return new SecurityMiddleware( $this->request, $this->reader, @@ -119,12 +132,13 @@ class SecurityMiddlewareTest extends \Test\TestCase { $this->logger, $this->session, 'files', - $isLoggedIn, + $this->userSession, $isAdminUser, $this->contentSecurityPolicyManager, $this->csrfTokenManager, $this->cspNonceManager, - $this->bruteForceThrottler + $this->bruteForceThrottler, + $this->limiter ); } @@ -673,14 +687,36 @@ class SecurityMiddlewareTest extends \Test\TestCase { $this->logger, $this->session, 'files', - false, + $this->userSession, false, $this->contentSecurityPolicyManager, $this->csrfTokenManager, $this->cspNonceManager, - $this->bruteForceThrottler + $this->bruteForceThrottler, + $this->limiter ); + $reader + ->expects($this->at(0)) + ->method('getAnnotationParameter') + ->with('AnonRateThrottle', 'limit') + ->willReturn(''); + $reader + ->expects($this->at(1)) + ->method('getAnnotationParameter') + ->with('AnonRateThrottle', 'period') + ->willReturn(''); + $reader + ->expects($this->at(2)) + ->method('getAnnotationParameter') + ->with('UserRateThrottle', 'limit') + ->willReturn(''); + $reader + ->expects($this->at(3)) + ->method('getAnnotationParameter') + ->with('UserRateThrottle', 'period') + ->willReturn(''); + $reader->expects($this->any())->method('hasAnnotation') ->willReturnCallback( function($annotation) use ($bruteForceProtectionEnabled) { |