diff options
| author | Bernhard Posselt <dev@bernhard-posselt.com> | 2015-05-22 13:17:27 +0200 |
|---|---|---|
| committer | Bernhard Posselt <dev@bernhard-posselt.com> | 2015-05-22 14:06:26 +0200 |
| commit | c8e3599cad9c5174260fc1dbe340efac65f1d646 (patch) | |
| tree | 59fba6db45b3c84f2a4d4c7b4ee68529e5424d37 /tests/lib | |
| parent | b82d902e184960877110bc45124ed2399f779cac (diff) | |
| download | nextcloud-server-c8e3599cad9c5174260fc1dbe340efac65f1d646.tar.gz nextcloud-server-c8e3599cad9c5174260fc1dbe340efac65f1d646.zip | |
disallow cookie auth for cors requests
testing ...
fixes
fix test
add php doc
fix small mistake
add another phpdoc
remove not working cors annotations from files app
Diffstat (limited to 'tests/lib')
| -rw-r--r-- | tests/lib/appframework/middleware/security/CORSMiddlewareTest.php | 75 |
1 files changed, 71 insertions, 4 deletions
diff --git a/tests/lib/appframework/middleware/security/CORSMiddlewareTest.php b/tests/lib/appframework/middleware/security/CORSMiddlewareTest.php index a4f3137cb11..92ea5450ab9 100644 --- a/tests/lib/appframework/middleware/security/CORSMiddlewareTest.php +++ b/tests/lib/appframework/middleware/security/CORSMiddlewareTest.php @@ -21,10 +21,12 @@ use OCP\AppFramework\Http\Response; class CORSMiddlewareTest extends \Test\TestCase { private $reflector; + private $session; protected function setUp() { parent::setUp(); $this->reflector = new ControllerMethodReflector(); + $this->session = $this->getMock('\OCP\IUserSession'); } /** @@ -41,7 +43,7 @@ class CORSMiddlewareTest extends \Test\TestCase { $this->getMock('\OCP\IConfig') ); $this->reflector->reflect($this, __FUNCTION__); - $middleware = new CORSMiddleware($request, $this->reflector); + $middleware = new CORSMiddleware($request, $this->reflector, $this->session); $response = $middleware->afterController($this, __FUNCTION__, new Response()); $headers = $response->getHeaders(); @@ -59,7 +61,7 @@ class CORSMiddlewareTest extends \Test\TestCase { $this->getMock('\OCP\Security\ISecureRandom'), $this->getMock('\OCP\IConfig') ); - $middleware = new CORSMiddleware($request, $this->reflector); + $middleware = new CORSMiddleware($request, $this->reflector, $this->session); $response = $middleware->afterController($this, __FUNCTION__, new Response()); $headers = $response->getHeaders(); @@ -77,7 +79,7 @@ class CORSMiddlewareTest extends \Test\TestCase { $this->getMock('\OCP\IConfig') ); $this->reflector->reflect($this, __FUNCTION__); - $middleware = new CORSMiddleware($request, $this->reflector); + $middleware = new CORSMiddleware($request, $this->reflector, $this->session); $response = $middleware->afterController($this, __FUNCTION__, new Response()); $headers = $response->getHeaders(); @@ -100,11 +102,76 @@ class CORSMiddlewareTest extends \Test\TestCase { $this->getMock('\OCP\IConfig') ); $this->reflector->reflect($this, __FUNCTION__); - $middleware = new CORSMiddleware($request, $this->reflector); + $middleware = new CORSMiddleware($request, $this->reflector, $this->session); $response = new Response(); $response->addHeader('AcCess-control-Allow-Credentials ', 'TRUE'); $middleware->afterController($this, __FUNCTION__, $response); } + /** + * @CORS + * @PublicPage + */ + public function testNoCORSShouldAllowCookieAuth() { + $request = new Request( + [], + $this->getMock('\OCP\Security\ISecureRandom'), + $this->getMock('\OCP\IConfig') + ); + $this->reflector->reflect($this, __FUNCTION__); + $middleware = new CORSMiddleware($request, $this->reflector, $this->session); + + $middleware->beforeController($this, __FUNCTION__, new Response()); + } + + /** + * @CORS + */ + public function testCORSShouldRelogin() { + $request = new Request( + ['server' => [ + 'PHP_AUTH_USER' => 'user', + 'PHP_AUTH_PW' => 'pass' + ]], + $this->getMock('\OCP\Security\ISecureRandom'), + $this->getMock('\OCP\IConfig') + ); + $this->session->expects($this->once()) + ->method('logout'); + $this->session->expects($this->once()) + ->method('login') + ->with($this->equalTo('user'), $this->equalTo('pass')) + ->will($this->returnValue(true)); + $this->reflector->reflect($this, __FUNCTION__); + $middleware = new CORSMiddleware($request, $this->reflector, $this->session); + + $middleware->beforeController($this, __FUNCTION__, new Response()); + } + + /** + * @CORS + * @expectedException \OC\AppFramework\Middleware\Security\SecurityException + */ + public function testCORSShouldNotAllowCookieAuth() { + $request = new Request( + ['server' => [ + 'PHP_AUTH_USER' => 'user', + 'PHP_AUTH_PW' => 'pass' + ]], + $this->getMock('\OCP\Security\ISecureRandom'), + $this->getMock('\OCP\IConfig') + ); + $this->session->expects($this->once()) + ->method('logout'); + $this->session->expects($this->once()) + ->method('login') + ->with($this->equalTo('user'), $this->equalTo('pass')) + ->will($this->returnValue(false)); + $this->reflector->reflect($this, __FUNCTION__); + $middleware = new CORSMiddleware($request, $this->reflector, $this->session); + + $middleware->beforeController($this, __FUNCTION__, new Response()); + } + } |