diff options
author | Arthur Schiwon <blizzz@arthur-schiwon.de> | 2024-06-07 11:25:36 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2024-06-07 11:25:36 +0200 |
commit | 98b5cdc43dfd62e1ceaca6b28ab607d66c1c168e (patch) | |
tree | d3ddc97b31be6814be82fc5150d6d0c983246475 /tests | |
parent | ef01dc72c1c92bdde6145954fe2a029e90c61e60 (diff) | |
parent | f6d6efef3a26fc5524988cdfba780dce035cd61b (diff) | |
download | nextcloud-server-98b5cdc43dfd62e1ceaca6b28ab607d66c1c168e.tar.gz nextcloud-server-98b5cdc43dfd62e1ceaca6b28ab607d66c1c168e.zip |
Merge pull request #43942 from nextcloud/fix/43612/avoid-pwd-confirm-sso
fix(Session): avoid password confirmation on SSO
Diffstat (limited to 'tests')
5 files changed, 72 insertions, 7 deletions
diff --git a/tests/lib/AppFramework/Middleware/Security/Mock/PasswordConfirmationMiddlewareController.php b/tests/lib/AppFramework/Middleware/Security/Mock/PasswordConfirmationMiddlewareController.php index 82d6cf8f251..02159661ff6 100644 --- a/tests/lib/AppFramework/Middleware/Security/Mock/PasswordConfirmationMiddlewareController.php +++ b/tests/lib/AppFramework/Middleware/Security/Mock/PasswordConfirmationMiddlewareController.php @@ -30,4 +30,8 @@ class PasswordConfirmationMiddlewareController extends \OCP\AppFramework\Control #[PasswordConfirmationRequired] public function testAttribute() { } + + #[PasswordConfirmationRequired] + public function testSSO() { + } } diff --git a/tests/lib/AppFramework/Middleware/Security/PasswordConfirmationMiddlewareTest.php b/tests/lib/AppFramework/Middleware/Security/PasswordConfirmationMiddlewareTest.php index 3613ca624a3..beee7151264 100644 --- a/tests/lib/AppFramework/Middleware/Security/PasswordConfirmationMiddlewareTest.php +++ b/tests/lib/AppFramework/Middleware/Security/PasswordConfirmationMiddlewareTest.php @@ -9,7 +9,9 @@ namespace Test\AppFramework\Middleware\Security; use OC\AppFramework\Middleware\Security\Exceptions\NotConfirmedException; use OC\AppFramework\Middleware\Security\PasswordConfirmationMiddleware; use OC\AppFramework\Utility\ControllerMethodReflector; +use OC\Authentication\Token\IProvider; use OCP\AppFramework\Utility\ITimeFactory; +use OCP\Authentication\Token\IToken; use OCP\IRequest; use OCP\ISession; use OCP\IUser; @@ -32,6 +34,7 @@ class PasswordConfirmationMiddlewareTest extends TestCase { private $controller; /** @var ITimeFactory|\PHPUnit\Framework\MockObject\MockObject */ private $timeFactory; + private IProvider|\PHPUnit\Framework\MockObject\MockObject $tokenProvider; protected function setUp(): void { $this->reflector = new ControllerMethodReflector(); @@ -39,6 +42,7 @@ class PasswordConfirmationMiddlewareTest extends TestCase { $this->userSession = $this->createMock(IUserSession::class); $this->user = $this->createMock(IUser::class); $this->timeFactory = $this->createMock(ITimeFactory::class); + $this->tokenProvider = $this->createMock(IProvider::class); $this->controller = new PasswordConfirmationMiddlewareController( 'test', $this->createMock(IRequest::class) @@ -48,7 +52,8 @@ class PasswordConfirmationMiddlewareTest extends TestCase { $this->reflector, $this->session, $this->userSession, - $this->timeFactory + $this->timeFactory, + $this->tokenProvider, ); } @@ -90,6 +95,13 @@ class PasswordConfirmationMiddlewareTest extends TestCase { $this->timeFactory->method('getTime') ->willReturn($currentTime); + $token = $this->createMock(IToken::class); + $token->method('getScopeAsArray') + ->willReturn([]); + $this->tokenProvider->expects($this->once()) + ->method('getToken') + ->willReturn($token); + $thrown = false; try { $this->middleware->beforeController($this->controller, __FUNCTION__); @@ -118,6 +130,13 @@ class PasswordConfirmationMiddlewareTest extends TestCase { $this->timeFactory->method('getTime') ->willReturn($currentTime); + $token = $this->createMock(IToken::class); + $token->method('getScopeAsArray') + ->willReturn([]); + $this->tokenProvider->expects($this->once()) + ->method('getToken') + ->willReturn($token); + $thrown = false; try { $this->middleware->beforeController($this->controller, __FUNCTION__); @@ -128,6 +147,8 @@ class PasswordConfirmationMiddlewareTest extends TestCase { $this->assertSame($exception, $thrown); } + + public function dataProvider() { return [ ['foo', 2000, 4000, true], @@ -138,4 +159,41 @@ class PasswordConfirmationMiddlewareTest extends TestCase { ['foo', 2000, 3816, true], ]; } + + public function testSSO() { + static $sessionId = 'mySession1d'; + + $this->reflector->reflect($this->controller, __FUNCTION__); + + $this->user->method('getBackendClassName') + ->willReturn('fictional_backend'); + $this->userSession->method('getUser') + ->willReturn($this->user); + + $this->session->method('get') + ->with('last-password-confirm') + ->willReturn(0); + $this->session->method('getId') + ->willReturn($sessionId); + + $this->timeFactory->method('getTime') + ->willReturn(9876); + + $token = $this->createMock(IToken::class); + $token->method('getScopeAsArray') + ->willReturn([IToken::SCOPE_SKIP_PASSWORD_VALIDATION => true]); + $this->tokenProvider->expects($this->once()) + ->method('getToken') + ->with($sessionId) + ->willReturn($token); + + $thrown = false; + try { + $this->middleware->beforeController($this->controller, __FUNCTION__); + } catch (NotConfirmedException) { + $thrown = true; + } + + $this->assertSame(false, $thrown); + } } diff --git a/tests/lib/Authentication/Token/PublicKeyTokenTest.php b/tests/lib/Authentication/Token/PublicKeyTokenTest.php index acbddebea35..cc8890002e9 100644 --- a/tests/lib/Authentication/Token/PublicKeyTokenTest.php +++ b/tests/lib/Authentication/Token/PublicKeyTokenTest.php @@ -9,11 +9,12 @@ declare(strict_types=1); namespace Test\Authentication\Token; use OC\Authentication\Token\PublicKeyToken; +use OCP\Authentication\Token\IToken; use Test\TestCase; class PublicKeyTokenTest extends TestCase { public function testSetScopeAsArray() { - $scope = ['filesystem' => false]; + $scope = [IToken::SCOPE_FILESYSTEM => false]; $token = new PublicKeyToken(); $token->setScope($scope); $this->assertEquals(json_encode($scope), $token->getScope()); @@ -21,7 +22,7 @@ class PublicKeyTokenTest extends TestCase { } public function testDefaultScope() { - $scope = ['filesystem' => true]; + $scope = [IToken::SCOPE_FILESYSTEM => true]; $token = new PublicKeyToken(); $this->assertEquals($scope, $token->getScopeAsArray()); } diff --git a/tests/lib/Lockdown/Filesystem/NoFSTest.php b/tests/lib/Lockdown/Filesystem/NoFSTest.php index 08429228647..7a636fbaaaa 100644 --- a/tests/lib/Lockdown/Filesystem/NoFSTest.php +++ b/tests/lib/Lockdown/Filesystem/NoFSTest.php @@ -9,6 +9,7 @@ namespace Test\Lockdown\Filesystem; use OC\Authentication\Token\PublicKeyToken; use OC\Files\Filesystem; use OC\Lockdown\Filesystem\NullStorage; +use OCP\Authentication\Token\IToken; use Test\Traits\UserTrait; /** @@ -20,7 +21,7 @@ class NoFSTest extends \Test\TestCase { protected function tearDown(): void { $token = new PublicKeyToken(); $token->setScope([ - 'filesystem' => true + IToken::SCOPE_FILESYSTEM => true ]); \OC::$server->get('LockdownManager')->setToken($token); parent::tearDown(); @@ -30,7 +31,7 @@ class NoFSTest extends \Test\TestCase { parent::setUp(); $token = new PublicKeyToken(); $token->setScope([ - 'filesystem' => false + IToken::SCOPE_FILESYSTEM => false ]); \OC::$server->get('LockdownManager')->setToken($token); diff --git a/tests/lib/Lockdown/LockdownManagerTest.php b/tests/lib/Lockdown/LockdownManagerTest.php index 5ff5a84e800..bb71a6e63de 100644 --- a/tests/lib/Lockdown/LockdownManagerTest.php +++ b/tests/lib/Lockdown/LockdownManagerTest.php @@ -8,6 +8,7 @@ namespace Test\Lockdown; use OC\Authentication\Token\PublicKeyToken; use OC\Lockdown\LockdownManager; +use OCP\Authentication\Token\IToken; use OCP\ISession; use Test\TestCase; @@ -29,7 +30,7 @@ class LockdownManagerTest extends TestCase { public function testCanAccessFilesystemAllowed() { $token = new PublicKeyToken(); - $token->setScope(['filesystem' => true]); + $token->setScope([IToken::SCOPE_FILESYSTEM => true]); $manager = new LockdownManager($this->sessionCallback); $manager->setToken($token); $this->assertTrue($manager->canAccessFilesystem()); @@ -37,7 +38,7 @@ class LockdownManagerTest extends TestCase { public function testCanAccessFilesystemNotAllowed() { $token = new PublicKeyToken(); - $token->setScope(['filesystem' => false]); + $token->setScope([IToken::SCOPE_FILESYSTEM => false]); $manager = new LockdownManager($this->sessionCallback); $manager->setToken($token); $this->assertFalse($manager->canAccessFilesystem()); |