summaryrefslogtreecommitdiffstats
path: root/tests/lib/User
diff options
context:
space:
mode:
authorVincent Petry <pvince81@owncloud.com>2016-10-07 16:49:57 +0200
committerRoeland Jago Douma <roeland@famdouma.nl>2016-10-25 09:34:27 +0200
commit6d1e858aa4cf5c35e0396f23144caea68797f42d (patch)
tree66550255751580b69e51aff32c10c38cf3e3d5d3 /tests/lib/User
parent1ff328ae659de1d222030d04797442aa7a343a1d (diff)
downloadnextcloud-server-6d1e858aa4cf5c35e0396f23144caea68797f42d.tar.gz
nextcloud-server-6d1e858aa4cf5c35e0396f23144caea68797f42d.zip
Fix logClientIn for non-existing users (#26292)
The check for two factor enforcement would return true for non-existing users. This fix makes it return false in order to be able to perform the regular login which will then fail and return false. This prevents throwing PasswordLoginForbidden for non-existing users.
Diffstat (limited to 'tests/lib/User')
-rw-r--r--tests/lib/User/SessionTest.php26
1 files changed, 26 insertions, 0 deletions
diff --git a/tests/lib/User/SessionTest.php b/tests/lib/User/SessionTest.php
index 21ac1b655b9..614ed3d015a 100644
--- a/tests/lib/User/SessionTest.php
+++ b/tests/lib/User/SessionTest.php
@@ -401,6 +401,32 @@ class SessionTest extends \Test\TestCase {
$userSession->logClientIn('john', 'doe', $request, $this->throttler);
}
+ public function testLogClientInUnexist() {
+ $manager = $this->getMockBuilder('\OC\User\Manager')
+ ->disableOriginalConstructor()
+ ->getMock();
+ $session = $this->createMock('\OCP\ISession');
+ $request = $this->createMock('\OCP\IRequest');
+ $user = $this->createMock('\OCP\IUser');
+
+ /** @var \OC\User\Session $userSession */
+ $userSession = $this->getMockBuilder('\OC\User\Session')
+ ->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config])
+ ->setMethods(['login', 'supportsCookies', 'createSessionToken', 'getUser'])
+ ->getMock();
+
+ $this->tokenProvider->expects($this->once())
+ ->method('getToken')
+ ->with('doe')
+ ->will($this->throwException(new \OC\Authentication\Exceptions\InvalidTokenException()));
+ $this->config->expects($this->once())
+ ->method('getSystemValue')
+ ->with('token_auth_enforced', false)
+ ->will($this->returnValue(false));
+
+ $this->assertFalse($userSession->logClientIn('unexist', 'doe', $request));
+ }
+
public function testLogClientInWithTokenPassword() {
$manager = $this->getMockBuilder('\OC\User\Manager')
->disableOriginalConstructor()