aboutsummaryrefslogtreecommitdiffstats
path: root/tests/lib/Share20
diff options
context:
space:
mode:
authorDaniel Calviño Sánchez <danxuliu@gmail.com>2020-05-28 20:40:33 +0200
committerDaniel Calviño Sánchez <danxuliu@gmail.com>2020-05-29 02:46:12 +0200
commit45de42a6b8b34d439becfaa9bf5ccfe6cb768203 (patch)
treeaa2e05bf0577b9d7219634745652144293f3e724 /tests/lib/Share20
parenta426f84dbe20c02f81cfec70a5a5bd73950a70b3 (diff)
downloadnextcloud-server-45de42a6b8b34d439becfaa9bf5ccfe6cb768203.tar.gz
nextcloud-server-45de42a6b8b34d439becfaa9bf5ccfe6cb768203.zip
Fix disabling send password by Talk without new password in mail shares
When "send password by Talk" was disabled in a mail share it was possible to keep the same password as before, as it does not pose any security issue (unlike keeping it when "send password by Talk" is enabled, as in that case the password was already disclosed by mail). However, if a mail share is updated but the password is not set again only the hashed password will be available. In that case it would not make sense to send the password by mail, so now the password must be changed when disabling "send password by Talk". Note that, even if explicitly setting the same password again along with the "send password by Talk" property would work, this was also prevented for simplicity. Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
Diffstat (limited to 'tests/lib/Share20')
-rw-r--r--tests/lib/Share20/ManagerTest.php84
1 files changed, 79 insertions, 5 deletions
diff --git a/tests/lib/Share20/ManagerTest.php b/tests/lib/Share20/ManagerTest.php
index 49fa392dc02..54feedf15ce 100644
--- a/tests/lib/Share20/ManagerTest.php
+++ b/tests/lib/Share20/ManagerTest.php
@@ -3339,6 +3339,9 @@ class ManagerTest extends \Test\TestCase {
}
public function testUpdateShareMailDisableSendPasswordByTalkWithPreviousPassword() {
+ $this->expectException(\InvalidArgumentException::class);
+ $this->expectExceptionMessage('Can’t disable sending the password by Talk without setting a new password');
+
$manager = $this->createManagerMock()
->setMethods([
'canShare',
@@ -3380,8 +3383,8 @@ class ManagerTest extends \Test\TestCase {
$manager->expects($this->once())->method('canShare')->willReturn(true);
$manager->expects($this->once())->method('getShareById')->with('foo:42')->willReturn($originalShare);
$manager->expects($this->once())->method('generalCreateChecks')->with($share);
- $manager->expects($this->once())->method('pathCreateChecks')->with($file);
$manager->expects($this->never())->method('verifyPassword');
+ $manager->expects($this->never())->method('pathCreateChecks');
$manager->expects($this->never())->method('linkCreateChecks');
$manager->expects($this->never())->method('validateExpirationDate');
@@ -3393,10 +3396,8 @@ class ManagerTest extends \Test\TestCase {
$this->hasher->expects($this->never())
->method('hash');
- $this->defaultProvider->expects($this->once())
- ->method('update')
- ->with($share, 'password')
- ->willReturn($share);
+ $this->defaultProvider->expects($this->never())
+ ->method('update');
$hookListner = $this->getMockBuilder('Dummy')->setMethods(['post'])->getMock();
\OCP\Util::connectHook('OCP\Share', 'post_set_expiration_date', $hookListner, 'post');
@@ -3413,6 +3414,79 @@ class ManagerTest extends \Test\TestCase {
$manager->updateShare($share);
}
+ public function testUpdateShareMailDisableSendPasswordByTalkWithoutChangingPassword() {
+ $this->expectException(\InvalidArgumentException::class);
+ $this->expectExceptionMessage('Can’t disable sending the password by Talk without setting a new password');
+
+ $manager = $this->createManagerMock()
+ ->setMethods([
+ 'canShare',
+ 'getShareById',
+ 'generalCreateChecks',
+ 'verifyPassword',
+ 'pathCreateChecks',
+ 'linkCreateChecks',
+ 'validateExpirationDate',
+ ])
+ ->getMock();
+
+ $originalShare = $this->manager->newShare();
+ $originalShare->setShareType(\OCP\Share::SHARE_TYPE_EMAIL)
+ ->setPermissions(\OCP\Constants::PERMISSION_ALL)
+ ->setPassword('passwordHash')
+ ->setSendPasswordByTalk(true);
+
+ $tomorrow = new \DateTime();
+ $tomorrow->setTime(0,0,0);
+ $tomorrow->add(new \DateInterval('P1D'));
+
+ $file = $this->createMock(File::class);
+ $file->method('getId')->willReturn(100);
+
+ $share = $this->manager->newShare();
+ $share->setProviderId('foo')
+ ->setId('42')
+ ->setShareType(\OCP\Share::SHARE_TYPE_EMAIL)
+ ->setToken('token')
+ ->setSharedBy('owner')
+ ->setShareOwner('owner')
+ ->setPassword('passwordHash')
+ ->setSendPasswordByTalk(false)
+ ->setExpirationDate($tomorrow)
+ ->setNode($file)
+ ->setPermissions(\OCP\Constants::PERMISSION_ALL);
+
+ $manager->expects($this->once())->method('canShare')->willReturn(true);
+ $manager->expects($this->once())->method('getShareById')->with('foo:42')->willReturn($originalShare);
+ $manager->expects($this->once())->method('generalCreateChecks')->with($share);
+ $manager->expects($this->never())->method('verifyPassword');
+ $manager->expects($this->never())->method('pathCreateChecks');
+ $manager->expects($this->never())->method('linkCreateChecks');
+ $manager->expects($this->never())->method('validateExpirationDate');
+
+ $this->hasher->expects($this->never())
+ ->method('verify');
+
+ $this->hasher->expects($this->never())
+ ->method('hash');
+
+ $this->defaultProvider->expects($this->never())
+ ->method('update');
+
+ $hookListner = $this->getMockBuilder('Dummy')->setMethods(['post'])->getMock();
+ \OCP\Util::connectHook('OCP\Share', 'post_set_expiration_date', $hookListner, 'post');
+ $hookListner->expects($this->never())->method('post');
+
+ $hookListner2 = $this->getMockBuilder('Dummy')->setMethods(['post'])->getMock();
+ \OCP\Util::connectHook('OCP\Share', 'post_update_password', $hookListner2, 'post');
+ $hookListner2->expects($this->never())->method('post');
+
+ $hookListner3 = $this->getMockBuilder('Dummy')->setMethods(['post'])->getMock();
+ \OCP\Util::connectHook('OCP\Share', 'post_update_permissions', $hookListner3, 'post');
+ $hookListner3->expects($this->never())->method('post');
+
+ $manager->updateShare($share);
+ }
public function testMoveShareLink() {
$this->expectException(\InvalidArgumentException::class);