summaryrefslogtreecommitdiffstats
path: root/tests/lib/Security
diff options
context:
space:
mode:
authorLeon Klingele <git@leonklingele.de>2016-10-31 18:22:42 +0100
committerLeon Klingele <git@leonklingele.de>2016-11-02 10:38:05 +0100
commite5d78a35231d1412aa7427f061aacdf73d92a796 (patch)
treec47ba59f46e3332426d3262150ac4290fc5fd920 /tests/lib/Security
parent42b0a0d2afe95b974545436e112a1d97edaeeb1a (diff)
downloadnextcloud-server-e5d78a35231d1412aa7427f061aacdf73d92a796.tar.gz
nextcloud-server-e5d78a35231d1412aa7427f061aacdf73d92a796.zip
Fix CSRF token generation / validation
Operate on raw bytes instead of base64-encoded strings. Issue was introduced in a977465 Signed-off-by: Leon Klingele <git@leonklingele.de>
Diffstat (limited to 'tests/lib/Security')
-rw-r--r--tests/lib/Security/CSRF/CsrfTokenManagerTest.php8
-rw-r--r--tests/lib/Security/CSRF/CsrfTokenTest.php8
2 files changed, 12 insertions, 4 deletions
diff --git a/tests/lib/Security/CSRF/CsrfTokenManagerTest.php b/tests/lib/Security/CSRF/CsrfTokenManagerTest.php
index 6f7842fdfd9..f9dd8127e5a 100644
--- a/tests/lib/Security/CSRF/CsrfTokenManagerTest.php
+++ b/tests/lib/Security/CSRF/CsrfTokenManagerTest.php
@@ -137,15 +137,19 @@ class CsrfTokenManagerTest extends \Test\TestCase {
}
public function testIsTokenValidWithValidToken() {
+ $a = 'abc';
+ $b = 'def';
+ $xorB64 = 'BQcF';
+ $tokenVal = sprintf('%s:%s', $xorB64, base64_encode($a));
$this->storageInterface
->expects($this->once())
->method('hasToken')
->willReturn(true);
- $token = new \OC\Security\CSRF\CsrfToken('XlQhHjgWCgBXAEI0Khl+IQEiCXN2LUcDHAQTQAc1HQs=:qgkUlg8l3m8WnkOG4XM9Az33pAt1vSVMx4hcJFsxdqc=');
+ $token = new \OC\Security\CSRF\CsrfToken($tokenVal);
$this->storageInterface
->expects($this->once())
->method('getToken')
- ->willReturn('/3JKTq2ldmzcDr1f5zDJ7Wt0lEgqqfKF');
+ ->willReturn($b);
$this->assertSame(true, $this->csrfTokenManager->isTokenValid($token));
}
diff --git a/tests/lib/Security/CSRF/CsrfTokenTest.php b/tests/lib/Security/CSRF/CsrfTokenTest.php
index d19d1de916c..fbb92cd315a 100644
--- a/tests/lib/Security/CSRF/CsrfTokenTest.php
+++ b/tests/lib/Security/CSRF/CsrfTokenTest.php
@@ -36,7 +36,11 @@ class CsrfTokenTest extends \Test\TestCase {
}
public function testGetDecryptedValue() {
- $csrfToken = new \OC\Security\CSRF\CsrfToken('XlQhHjgWCgBXAEI0Khl+IQEiCXN2LUcDHAQTQAc1HQs=:qgkUlg8l3m8WnkOG4XM9Az33pAt1vSVMx4hcJFsxdqc=');
- $this->assertSame('/3JKTq2ldmzcDr1f5zDJ7Wt0lEgqqfKF', $csrfToken->getDecryptedValue());
+ $a = 'abc';
+ $b = 'def';
+ $xorB64 = 'BQcF';
+ $tokenVal = sprintf('%s:%s', $xorB64, base64_encode($a));
+ $csrfToken = new \OC\Security\CSRF\CsrfToken($tokenVal);
+ $this->assertSame($b, $csrfToken->getDecryptedValue());
}
}
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-06 12:31:09 +0000