aboutsummaryrefslogtreecommitdiffstats
path: root/tests
diff options
context:
space:
mode:
authorArthur Schiwon <blizzz@arthur-schiwon.de>2024-06-07 11:25:36 +0200
committerGitHub <noreply@github.com>2024-06-07 11:25:36 +0200
commit98b5cdc43dfd62e1ceaca6b28ab607d66c1c168e (patch)
treed3ddc97b31be6814be82fc5150d6d0c983246475 /tests
parentef01dc72c1c92bdde6145954fe2a029e90c61e60 (diff)
parentf6d6efef3a26fc5524988cdfba780dce035cd61b (diff)
downloadnextcloud-server-98b5cdc43dfd62e1ceaca6b28ab607d66c1c168e.tar.gz
nextcloud-server-98b5cdc43dfd62e1ceaca6b28ab607d66c1c168e.zip
Merge pull request #43942 from nextcloud/fix/43612/avoid-pwd-confirm-sso
fix(Session): avoid password confirmation on SSO
Diffstat (limited to 'tests')
-rw-r--r--tests/lib/AppFramework/Middleware/Security/Mock/PasswordConfirmationMiddlewareController.php4
-rw-r--r--tests/lib/AppFramework/Middleware/Security/PasswordConfirmationMiddlewareTest.php60
-rw-r--r--tests/lib/Authentication/Token/PublicKeyTokenTest.php5
-rw-r--r--tests/lib/Lockdown/Filesystem/NoFSTest.php5
-rw-r--r--tests/lib/Lockdown/LockdownManagerTest.php5
5 files changed, 72 insertions, 7 deletions
diff --git a/tests/lib/AppFramework/Middleware/Security/Mock/PasswordConfirmationMiddlewareController.php b/tests/lib/AppFramework/Middleware/Security/Mock/PasswordConfirmationMiddlewareController.php
index 82d6cf8f251..02159661ff6 100644
--- a/tests/lib/AppFramework/Middleware/Security/Mock/PasswordConfirmationMiddlewareController.php
+++ b/tests/lib/AppFramework/Middleware/Security/Mock/PasswordConfirmationMiddlewareController.php
@@ -30,4 +30,8 @@ class PasswordConfirmationMiddlewareController extends \OCP\AppFramework\Control
#[PasswordConfirmationRequired]
public function testAttribute() {
}
+
+ #[PasswordConfirmationRequired]
+ public function testSSO() {
+ }
}
diff --git a/tests/lib/AppFramework/Middleware/Security/PasswordConfirmationMiddlewareTest.php b/tests/lib/AppFramework/Middleware/Security/PasswordConfirmationMiddlewareTest.php
index 3613ca624a3..beee7151264 100644
--- a/tests/lib/AppFramework/Middleware/Security/PasswordConfirmationMiddlewareTest.php
+++ b/tests/lib/AppFramework/Middleware/Security/PasswordConfirmationMiddlewareTest.php
@@ -9,7 +9,9 @@ namespace Test\AppFramework\Middleware\Security;
use OC\AppFramework\Middleware\Security\Exceptions\NotConfirmedException;
use OC\AppFramework\Middleware\Security\PasswordConfirmationMiddleware;
use OC\AppFramework\Utility\ControllerMethodReflector;
+use OC\Authentication\Token\IProvider;
use OCP\AppFramework\Utility\ITimeFactory;
+use OCP\Authentication\Token\IToken;
use OCP\IRequest;
use OCP\ISession;
use OCP\IUser;
@@ -32,6 +34,7 @@ class PasswordConfirmationMiddlewareTest extends TestCase {
private $controller;
/** @var ITimeFactory|\PHPUnit\Framework\MockObject\MockObject */
private $timeFactory;
+ private IProvider|\PHPUnit\Framework\MockObject\MockObject $tokenProvider;
protected function setUp(): void {
$this->reflector = new ControllerMethodReflector();
@@ -39,6 +42,7 @@ class PasswordConfirmationMiddlewareTest extends TestCase {
$this->userSession = $this->createMock(IUserSession::class);
$this->user = $this->createMock(IUser::class);
$this->timeFactory = $this->createMock(ITimeFactory::class);
+ $this->tokenProvider = $this->createMock(IProvider::class);
$this->controller = new PasswordConfirmationMiddlewareController(
'test',
$this->createMock(IRequest::class)
@@ -48,7 +52,8 @@ class PasswordConfirmationMiddlewareTest extends TestCase {
$this->reflector,
$this->session,
$this->userSession,
- $this->timeFactory
+ $this->timeFactory,
+ $this->tokenProvider,
);
}
@@ -90,6 +95,13 @@ class PasswordConfirmationMiddlewareTest extends TestCase {
$this->timeFactory->method('getTime')
->willReturn($currentTime);
+ $token = $this->createMock(IToken::class);
+ $token->method('getScopeAsArray')
+ ->willReturn([]);
+ $this->tokenProvider->expects($this->once())
+ ->method('getToken')
+ ->willReturn($token);
+
$thrown = false;
try {
$this->middleware->beforeController($this->controller, __FUNCTION__);
@@ -118,6 +130,13 @@ class PasswordConfirmationMiddlewareTest extends TestCase {
$this->timeFactory->method('getTime')
->willReturn($currentTime);
+ $token = $this->createMock(IToken::class);
+ $token->method('getScopeAsArray')
+ ->willReturn([]);
+ $this->tokenProvider->expects($this->once())
+ ->method('getToken')
+ ->willReturn($token);
+
$thrown = false;
try {
$this->middleware->beforeController($this->controller, __FUNCTION__);
@@ -128,6 +147,8 @@ class PasswordConfirmationMiddlewareTest extends TestCase {
$this->assertSame($exception, $thrown);
}
+
+
public function dataProvider() {
return [
['foo', 2000, 4000, true],
@@ -138,4 +159,41 @@ class PasswordConfirmationMiddlewareTest extends TestCase {
['foo', 2000, 3816, true],
];
}
+
+ public function testSSO() {
+ static $sessionId = 'mySession1d';
+
+ $this->reflector->reflect($this->controller, __FUNCTION__);
+
+ $this->user->method('getBackendClassName')
+ ->willReturn('fictional_backend');
+ $this->userSession->method('getUser')
+ ->willReturn($this->user);
+
+ $this->session->method('get')
+ ->with('last-password-confirm')
+ ->willReturn(0);
+ $this->session->method('getId')
+ ->willReturn($sessionId);
+
+ $this->timeFactory->method('getTime')
+ ->willReturn(9876);
+
+ $token = $this->createMock(IToken::class);
+ $token->method('getScopeAsArray')
+ ->willReturn([IToken::SCOPE_SKIP_PASSWORD_VALIDATION => true]);
+ $this->tokenProvider->expects($this->once())
+ ->method('getToken')
+ ->with($sessionId)
+ ->willReturn($token);
+
+ $thrown = false;
+ try {
+ $this->middleware->beforeController($this->controller, __FUNCTION__);
+ } catch (NotConfirmedException) {
+ $thrown = true;
+ }
+
+ $this->assertSame(false, $thrown);
+ }
}
diff --git a/tests/lib/Authentication/Token/PublicKeyTokenTest.php b/tests/lib/Authentication/Token/PublicKeyTokenTest.php
index acbddebea35..cc8890002e9 100644
--- a/tests/lib/Authentication/Token/PublicKeyTokenTest.php
+++ b/tests/lib/Authentication/Token/PublicKeyTokenTest.php
@@ -9,11 +9,12 @@ declare(strict_types=1);
namespace Test\Authentication\Token;
use OC\Authentication\Token\PublicKeyToken;
+use OCP\Authentication\Token\IToken;
use Test\TestCase;
class PublicKeyTokenTest extends TestCase {
public function testSetScopeAsArray() {
- $scope = ['filesystem' => false];
+ $scope = [IToken::SCOPE_FILESYSTEM => false];
$token = new PublicKeyToken();
$token->setScope($scope);
$this->assertEquals(json_encode($scope), $token->getScope());
@@ -21,7 +22,7 @@ class PublicKeyTokenTest extends TestCase {
}
public function testDefaultScope() {
- $scope = ['filesystem' => true];
+ $scope = [IToken::SCOPE_FILESYSTEM => true];
$token = new PublicKeyToken();
$this->assertEquals($scope, $token->getScopeAsArray());
}
diff --git a/tests/lib/Lockdown/Filesystem/NoFSTest.php b/tests/lib/Lockdown/Filesystem/NoFSTest.php
index 08429228647..7a636fbaaaa 100644
--- a/tests/lib/Lockdown/Filesystem/NoFSTest.php
+++ b/tests/lib/Lockdown/Filesystem/NoFSTest.php
@@ -9,6 +9,7 @@ namespace Test\Lockdown\Filesystem;
use OC\Authentication\Token\PublicKeyToken;
use OC\Files\Filesystem;
use OC\Lockdown\Filesystem\NullStorage;
+use OCP\Authentication\Token\IToken;
use Test\Traits\UserTrait;
/**
@@ -20,7 +21,7 @@ class NoFSTest extends \Test\TestCase {
protected function tearDown(): void {
$token = new PublicKeyToken();
$token->setScope([
- 'filesystem' => true
+ IToken::SCOPE_FILESYSTEM => true
]);
\OC::$server->get('LockdownManager')->setToken($token);
parent::tearDown();
@@ -30,7 +31,7 @@ class NoFSTest extends \Test\TestCase {
parent::setUp();
$token = new PublicKeyToken();
$token->setScope([
- 'filesystem' => false
+ IToken::SCOPE_FILESYSTEM => false
]);
\OC::$server->get('LockdownManager')->setToken($token);
diff --git a/tests/lib/Lockdown/LockdownManagerTest.php b/tests/lib/Lockdown/LockdownManagerTest.php
index 5ff5a84e800..bb71a6e63de 100644
--- a/tests/lib/Lockdown/LockdownManagerTest.php
+++ b/tests/lib/Lockdown/LockdownManagerTest.php
@@ -8,6 +8,7 @@ namespace Test\Lockdown;
use OC\Authentication\Token\PublicKeyToken;
use OC\Lockdown\LockdownManager;
+use OCP\Authentication\Token\IToken;
use OCP\ISession;
use Test\TestCase;
@@ -29,7 +30,7 @@ class LockdownManagerTest extends TestCase {
public function testCanAccessFilesystemAllowed() {
$token = new PublicKeyToken();
- $token->setScope(['filesystem' => true]);
+ $token->setScope([IToken::SCOPE_FILESYSTEM => true]);
$manager = new LockdownManager($this->sessionCallback);
$manager->setToken($token);
$this->assertTrue($manager->canAccessFilesystem());
@@ -37,7 +38,7 @@ class LockdownManagerTest extends TestCase {
public function testCanAccessFilesystemNotAllowed() {
$token = new PublicKeyToken();
- $token->setScope(['filesystem' => false]);
+ $token->setScope([IToken::SCOPE_FILESYSTEM => false]);
$manager = new LockdownManager($this->sessionCallback);
$manager->setToken($token);
$this->assertFalse($manager->canAccessFilesystem());