aboutsummaryrefslogtreecommitdiffstats
path: root/tests
diff options
context:
space:
mode:
authorThomas Müller <thomas.mueller@tmit.eu>2016-01-26 11:36:56 +0100
committerThomas Müller <thomas.mueller@tmit.eu>2016-01-26 11:36:56 +0100
commit2bafb1c6493d67360f9ac6f4997a56664f3f2751 (patch)
tree7ccba69806bebf24d2adc790adc363cb184b5e2b /tests
parentecf2d178b1c3db3000f4d9c9d65f08ec3890488e (diff)
parent12b22c275974ef544adff2029a542d97210c8087 (diff)
downloadnextcloud-server-2bafb1c6493d67360f9ac6f4997a56664f3f2751.tar.gz
nextcloud-server-2bafb1c6493d67360f9ac6f4997a56664f3f2751.zip
Merge pull request #21894 from owncloud/refactor-csrf
Add new CSRF manager for unit testing purposes
Diffstat (limited to 'tests')
-rw-r--r--tests/lib/appframework/http/RequestTest.php90
-rw-r--r--tests/lib/security/csrf/CsrfTokenGeneratorTest.php54
-rw-r--r--tests/lib/security/csrf/CsrfTokenManagerTest.php134
-rw-r--r--tests/lib/security/csrf/CsrfTokenTest.php33
-rw-r--r--tests/lib/security/csrf/tokenstorage/SessionStorageTest.php107
-rw-r--r--tests/lib/util.php5
6 files changed, 414 insertions, 9 deletions
diff --git a/tests/lib/appframework/http/RequestTest.php b/tests/lib/appframework/http/RequestTest.php
index ab79eb498fa..3f1d09c2a93 100644
--- a/tests/lib/appframework/http/RequestTest.php
+++ b/tests/lib/appframework/http/RequestTest.php
@@ -10,6 +10,8 @@
namespace OC\AppFramework\Http;
+use OC\Security\CSRF\CsrfToken;
+use OC\Security\CSRF\CsrfTokenManager;
use OCP\Security\ISecureRandom;
use OCP\IConfig;
@@ -25,6 +27,8 @@ class RequestTest extends \Test\TestCase {
protected $secureRandom;
/** @var IConfig */
protected $config;
+ /** @var CsrfTokenManager */
+ protected $csrfTokenManager;
protected function setUp() {
parent::setUp();
@@ -37,6 +41,8 @@ class RequestTest extends \Test\TestCase {
$this->secureRandom = $this->getMockBuilder('\OCP\Security\ISecureRandom')->getMock();
$this->config = $this->getMockBuilder('\OCP\IConfig')->getMock();
+ $this->csrfTokenManager = $this->getMockBuilder('\OC\Security\CSRF\CsrfTokenManager')
+ ->disableOriginalConstructor()->getMock();
}
protected function tearDown() {
@@ -54,6 +60,7 @@ class RequestTest extends \Test\TestCase {
$vars,
$this->secureRandom,
$this->config,
+ $this->csrfTokenManager,
$this->stream
);
@@ -86,6 +93,7 @@ class RequestTest extends \Test\TestCase {
$vars,
$this->secureRandom,
$this->config,
+ $this->csrfTokenManager,
$this->stream
);
@@ -108,6 +116,7 @@ class RequestTest extends \Test\TestCase {
$vars,
$this->secureRandom,
$this->config,
+ $this->csrfTokenManager,
$this->stream
);
@@ -127,6 +136,7 @@ class RequestTest extends \Test\TestCase {
$vars,
$this->secureRandom,
$this->config,
+ $this->csrfTokenManager,
$this->stream
);
@@ -146,6 +156,7 @@ class RequestTest extends \Test\TestCase {
$vars,
$this->secureRandom,
$this->config,
+ $this->csrfTokenManager,
$this->stream
);
@@ -162,6 +173,7 @@ class RequestTest extends \Test\TestCase {
$vars,
$this->secureRandom,
$this->config,
+ $this->csrfTokenManager,
$this->stream
);
@@ -183,6 +195,7 @@ class RequestTest extends \Test\TestCase {
$vars,
$this->secureRandom,
$this->config,
+ $this->csrfTokenManager,
$this->stream
);
@@ -206,6 +219,7 @@ class RequestTest extends \Test\TestCase {
$vars,
$this->secureRandom,
$this->config,
+ $this->csrfTokenManager,
$this->stream
);
@@ -227,6 +241,7 @@ class RequestTest extends \Test\TestCase {
$vars,
$this->secureRandom,
$this->config,
+ $this->csrfTokenManager,
$this->stream
);
@@ -251,6 +266,7 @@ class RequestTest extends \Test\TestCase {
$vars,
$this->secureRandom,
$this->config,
+ $this->csrfTokenManager,
$this->stream
);
@@ -271,6 +287,7 @@ class RequestTest extends \Test\TestCase {
$vars,
$this->secureRandom,
$this->config,
+ $this->csrfTokenManager,
$this->stream
);
@@ -295,6 +312,7 @@ class RequestTest extends \Test\TestCase {
$vars,
$this->secureRandom,
$this->config,
+ $this->csrfTokenManager,
$this->stream
);
@@ -324,6 +342,7 @@ class RequestTest extends \Test\TestCase {
$vars,
$this->secureRandom,
$this->config,
+ $this->csrfTokenManager,
$this->stream
);
@@ -345,6 +364,7 @@ class RequestTest extends \Test\TestCase {
$vars,
$this->secureRandom,
$this->config,
+ $this->csrfTokenManager,
$this->stream
);
@@ -361,6 +381,7 @@ class RequestTest extends \Test\TestCase {
[],
$this->secureRandom,
$this->config,
+ $this->csrfTokenManager,
$this->stream
);
@@ -372,6 +393,7 @@ class RequestTest extends \Test\TestCase {
[],
\OC::$server->getSecureRandom(),
$this->config,
+ $this->csrfTokenManager,
$this->stream
);
$firstId = $request->getId();
@@ -396,6 +418,7 @@ class RequestTest extends \Test\TestCase {
],
$this->secureRandom,
$this->config,
+ $this->csrfTokenManager,
$this->stream
);
@@ -424,6 +447,7 @@ class RequestTest extends \Test\TestCase {
],
$this->secureRandom,
$this->config,
+ $this->csrfTokenManager,
$this->stream
);
@@ -452,6 +476,7 @@ class RequestTest extends \Test\TestCase {
],
$this->secureRandom,
$this->config,
+ $this->csrfTokenManager,
$this->stream
);
@@ -484,6 +509,7 @@ class RequestTest extends \Test\TestCase {
],
$this->secureRandom,
$this->config,
+ $this->csrfTokenManager,
$this->stream
);
@@ -534,6 +560,7 @@ class RequestTest extends \Test\TestCase {
],
$this->secureRandom,
$this->config,
+ $this->csrfTokenManager,
$this->stream
);
@@ -561,6 +588,7 @@ class RequestTest extends \Test\TestCase {
[],
$this->secureRandom,
$this->config,
+ $this->csrfTokenManager,
$this->stream
);
@@ -582,6 +610,7 @@ class RequestTest extends \Test\TestCase {
],
$this->secureRandom,
$this->config,
+ $this->csrfTokenManager,
$this->stream
);
$requestHttp = new Request(
@@ -592,6 +621,7 @@ class RequestTest extends \Test\TestCase {
],
$this->secureRandom,
$this->config,
+ $this->csrfTokenManager,
$this->stream
);
@@ -615,6 +645,7 @@ class RequestTest extends \Test\TestCase {
],
$this->secureRandom,
$this->config,
+ $this->csrfTokenManager,
$this->stream
);
$this->assertSame('https', $request->getServerProtocol());
@@ -635,6 +666,7 @@ class RequestTest extends \Test\TestCase {
],
$this->secureRandom,
$this->config,
+ $this->csrfTokenManager,
$this->stream
);
$this->assertSame('http', $request->getServerProtocol());
@@ -655,6 +687,7 @@ class RequestTest extends \Test\TestCase {
],
$this->secureRandom,
$this->config,
+ $this->csrfTokenManager,
$this->stream
);
$this->assertSame('http', $request->getServerProtocol());
@@ -671,6 +704,7 @@ class RequestTest extends \Test\TestCase {
[],
$this->secureRandom,
$this->config,
+ $this->csrfTokenManager,
$this->stream
);
$this->assertSame('http', $request->getServerProtocol());
@@ -691,6 +725,7 @@ class RequestTest extends \Test\TestCase {
],
$this->secureRandom,
$this->config,
+ $this->csrfTokenManager,
$this->stream
);
@@ -712,6 +747,7 @@ class RequestTest extends \Test\TestCase {
],
$this->secureRandom,
$this->config,
+ $this->csrfTokenManager,
$this->stream
);
@@ -729,6 +765,7 @@ class RequestTest extends \Test\TestCase {
[],
$this->secureRandom,
$this->config,
+ $this->csrfTokenManager,
$this->stream
);
@@ -817,6 +854,7 @@ class RequestTest extends \Test\TestCase {
],
$this->secureRandom,
$this->config,
+ $this->csrfTokenManager,
$this->stream
);
@@ -833,6 +871,7 @@ class RequestTest extends \Test\TestCase {
],
$this->secureRandom,
$this->config,
+ $this->csrfTokenManager,
$this->stream
);
@@ -850,6 +889,7 @@ class RequestTest extends \Test\TestCase {
],
$this->secureRandom,
$this->config,
+ $this->csrfTokenManager,
$this->stream
);
@@ -867,6 +907,7 @@ class RequestTest extends \Test\TestCase {
],
$this->secureRandom,
$this->config,
+ $this->csrfTokenManager,
$this->stream
);
@@ -894,6 +935,7 @@ class RequestTest extends \Test\TestCase {
[],
$this->secureRandom,
$this->config,
+ $this->csrfTokenManager,
$this->stream
);
@@ -915,6 +957,7 @@ class RequestTest extends \Test\TestCase {
],
$this->secureRandom,
$this->config,
+ $this->csrfTokenManager,
$this->stream
);
@@ -941,6 +984,7 @@ class RequestTest extends \Test\TestCase {
],
$this->secureRandom,
$this->config,
+ $this->csrfTokenManager,
$this->stream
);
@@ -967,6 +1011,7 @@ class RequestTest extends \Test\TestCase {
],
$this->secureRandom,
$this->config,
+ $this->csrfTokenManager,
$this->stream
);
@@ -983,6 +1028,7 @@ class RequestTest extends \Test\TestCase {
[],
$this->secureRandom,
$this->config,
+ $this->csrfTokenManager,
$this->stream
);
@@ -1010,6 +1056,7 @@ class RequestTest extends \Test\TestCase {
[],
$this->secureRandom,
$this->config,
+ $this->csrfTokenManager,
$this->stream
);
@@ -1025,6 +1072,7 @@ class RequestTest extends \Test\TestCase {
],
$this->secureRandom,
$this->config,
+ $this->csrfTokenManager,
$this->stream
);
@@ -1045,6 +1093,7 @@ class RequestTest extends \Test\TestCase {
],
$this->secureRandom,
$this->config,
+ $this->csrfTokenManager,
$this->stream
);
@@ -1065,6 +1114,7 @@ class RequestTest extends \Test\TestCase {
],
$this->secureRandom,
$this->config,
+ $this->csrfTokenManager,
$this->stream
);
@@ -1087,6 +1137,7 @@ class RequestTest extends \Test\TestCase {
],
$this->secureRandom,
$this->config,
+ $this->csrfTokenManager,
$this->stream
);
@@ -1109,6 +1160,7 @@ class RequestTest extends \Test\TestCase {
],
$this->secureRandom,
$this->config,
+ $this->csrfTokenManager,
$this->stream
);
@@ -1131,6 +1183,7 @@ class RequestTest extends \Test\TestCase {
],
$this->secureRandom,
$this->config,
+ $this->csrfTokenManager,
$this->stream
);
@@ -1153,6 +1206,7 @@ class RequestTest extends \Test\TestCase {
],
$this->secureRandom,
$this->config,
+ $this->csrfTokenManager,
$this->stream
);
@@ -1207,6 +1261,7 @@ class RequestTest extends \Test\TestCase {
],
$this->secureRandom,
$this->config,
+ $this->csrfTokenManager,
$this->stream
);
@@ -1246,6 +1301,7 @@ class RequestTest extends \Test\TestCase {
],
$this->secureRandom,
$this->config,
+ $this->csrfTokenManager,
$this->stream
])
->getMock();
@@ -1266,13 +1322,19 @@ class RequestTest extends \Test\TestCase {
'get' => [
'requesttoken' => 'AAAHGxsTCTc3BgMQESAcNR0OAR0=:MyTotalSecretShareds',
],
- 'requesttoken' => 'MyStoredRequestToken',
],
$this->secureRandom,
$this->config,
+ $this->csrfTokenManager,
$this->stream
])
->getMock();
+ $token = new CsrfToken('AAAHGxsTCTc3BgMQESAcNR0OAR0=:MyTotalSecretShareds');
+ $this->csrfTokenManager
+ ->expects($this->once())
+ ->method('isTokenValid')
+ ->with($token)
+ ->willReturn(true);
$this->assertTrue($request->passesCSRFCheck());
}
@@ -1286,13 +1348,19 @@ class RequestTest extends \Test\TestCase {
'post' => [
'requesttoken' => 'AAAHGxsTCTc3BgMQESAcNR0OAR0=:MyTotalSecretShareds',
],
- 'requesttoken' => 'MyStoredRequestToken',
],
$this->secureRandom,
$this->config,
+ $this->csrfTokenManager,
$this->stream
])
->getMock();
+ $token = new CsrfToken('AAAHGxsTCTc3BgMQESAcNR0OAR0=:MyTotalSecretShareds');
+ $this->csrfTokenManager
+ ->expects($this->once())
+ ->method('isTokenValid')
+ ->with($token)
+ ->willReturn(true);
$this->assertTrue($request->passesCSRFCheck());
}
@@ -1306,13 +1374,19 @@ class RequestTest extends \Test\TestCase {
'server' => [
'HTTP_REQUESTTOKEN' => 'AAAHGxsTCTc3BgMQESAcNR0OAR0=:MyTotalSecretShareds',
],
- 'requesttoken' => 'MyStoredRequestToken',
],
$this->secureRandom,
$this->config,
+ $this->csrfTokenManager,
$this->stream
])
->getMock();
+ $token = new CsrfToken('AAAHGxsTCTc3BgMQESAcNR0OAR0=:MyTotalSecretShareds');
+ $this->csrfTokenManager
+ ->expects($this->once())
+ ->method('isTokenValid')
+ ->with($token)
+ ->willReturn(true);
$this->assertTrue($request->passesCSRFCheck());
}
@@ -1342,14 +1416,21 @@ class RequestTest extends \Test\TestCase {
'server' => [
'HTTP_REQUESTTOKEN' => $invalidToken,
],
- 'requesttoken' => 'MyStoredRequestToken',
],
$this->secureRandom,
$this->config,
+ $this->csrfTokenManager,
$this->stream
])
->getMock();
+ $token = new CsrfToken($invalidToken);
+ $this->csrfTokenManager
+ ->expects($this->any())
+ ->method('isTokenValid')
+ ->with($token)
+ ->willReturn(false);
+
$this->assertFalse($request->passesCSRFCheck());
}
@@ -1361,6 +1442,7 @@ class RequestTest extends \Test\TestCase {
[],
$this->secureRandom,
$this->config,
+ $this->csrfTokenManager,
$this->stream
])
->getMock();
diff --git a/tests/lib/security/csrf/CsrfTokenGeneratorTest.php b/tests/lib/security/csrf/CsrfTokenGeneratorTest.php
new file mode 100644
index 00000000000..be7434f514f
--- /dev/null
+++ b/tests/lib/security/csrf/CsrfTokenGeneratorTest.php
@@ -0,0 +1,54 @@
+<?php
+/**
+ * @author Lukas Reschke <lukas@owncloud.com>
+ *
+ * @copyright Copyright (c) 2016, ownCloud, Inc.
+ * @license AGPL-3.0
+ *
+ * This code is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License, version 3,
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License, version 3,
+ * along with this program. If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+
+class CsrfTokenGeneratorTest extends \Test\TestCase {
+ /** @var \OCP\Security\ISecureRandom */
+ private $random;
+ /** @var \OC\Security\CSRF\CsrfTokenGenerator */
+ private $csrfTokenGenerator;
+
+ public function setUp() {
+ parent::setUp();
+ $this->random = $this->getMockBuilder('\OCP\Security\ISecureRandom')
+ ->disableOriginalConstructor()->getMock();
+ $this->csrfTokenGenerator = new \OC\Security\CSRF\CsrfTokenGenerator($this->random);
+
+ }
+
+ public function testGenerateTokenWithCustomNumber() {
+ $this->random
+ ->expects($this->once())
+ ->method('generate')
+ ->with(3)
+ ->willReturn('abc');
+ $this->assertSame('abc', $this->csrfTokenGenerator->generateToken(3));
+ }
+
+ public function testGenerateTokenWithDefault() {
+ $this->random
+ ->expects($this->once())
+ ->method('generate')
+ ->with(32)
+ ->willReturn('12345678901234567890123456789012');
+ $this->assertSame('12345678901234567890123456789012', $this->csrfTokenGenerator->generateToken(32));
+ }
+}
+
diff --git a/tests/lib/security/csrf/CsrfTokenManagerTest.php b/tests/lib/security/csrf/CsrfTokenManagerTest.php
new file mode 100644
index 00000000000..145fc03c51e
--- /dev/null
+++ b/tests/lib/security/csrf/CsrfTokenManagerTest.php
@@ -0,0 +1,134 @@
+<?php
+/**
+ * @author Lukas Reschke <lukas@owncloud.com>
+ *
+ * @copyright Copyright (c) 2016, ownCloud, Inc.
+ * @license AGPL-3.0
+ *
+ * This code is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License, version 3,
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License, version 3,
+ * along with this program. If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+
+class CsrfTokenManagerTest extends \Test\TestCase {
+ /** @var \OC\Security\CSRF\CsrfTokenManager */
+ private $csrfTokenManager;
+ /** @var \OC\Security\CSRF\CsrfTokenGenerator */
+ private $tokenGenerator;
+ /** @var \OC\Security\CSRF\TokenStorage\SessionStorage */
+ private $storageInterface;
+
+ public function setUp() {
+ parent::setUp();
+ $this->tokenGenerator = $this->getMockBuilder('\OC\Security\CSRF\CsrfTokenGenerator')
+ ->disableOriginalConstructor()->getMock();
+ $this->storageInterface = $this->getMockBuilder('\OC\Security\CSRF\TokenStorage\SessionStorage')
+ ->disableOriginalConstructor()->getMock();
+
+ $this->csrfTokenManager = new \OC\Security\CSRF\CsrfTokenManager(
+ $this->tokenGenerator,
+ $this->storageInterface
+ );
+ }
+
+ public function testGetTokenWithExistingToken() {
+ $this->storageInterface
+ ->expects($this->once())
+ ->method('hasToken')
+ ->willReturn(true);
+ $this->storageInterface
+ ->expects($this->once())
+ ->method('getToken')
+ ->willReturn('MyExistingToken');
+
+ $expected = new \OC\Security\CSRF\CsrfToken('MyExistingToken');
+ $this->assertEquals($expected, $this->csrfTokenManager->getToken());
+ }
+
+ public function testGetTokenWithoutExistingToken() {
+ $this->storageInterface
+ ->expects($this->once())
+ ->method('hasToken')
+ ->willReturn(false);
+ $this->tokenGenerator
+ ->expects($this->once())
+ ->method('generateToken')
+ ->willReturn('MyNewToken');
+ $this->storageInterface
+ ->expects($this->once())
+ ->method('setToken')
+ ->with('MyNewToken');
+
+ $expected = new \OC\Security\CSRF\CsrfToken('MyNewToken');
+ $this->assertEquals($expected, $this->csrfTokenManager->getToken());
+ }
+
+ public function testRefreshToken() {
+ $this->tokenGenerator
+ ->expects($this->once())
+ ->method('generateToken')
+ ->willReturn('MyNewToken');
+ $this->storageInterface
+ ->expects($this->once())
+ ->method('setToken')
+ ->with('MyNewToken');
+
+ $expected = new \OC\Security\CSRF\CsrfToken('MyNewToken');
+ $this->assertEquals($expected, $this->csrfTokenManager->refreshToken());
+ }
+
+ public function testRemoveToken() {
+ $this->storageInterface
+ ->expects($this->once())
+ ->method('removeToken');
+
+ $this->csrfTokenManager->removeToken();
+ }
+
+ public function testIsTokenValidWithoutToken() {
+ $this->storageInterface
+ ->expects($this->once())
+ ->method('hasToken')
+ ->willReturn(false);
+ $token = new \OC\Security\CSRF\CsrfToken('Token');
+
+ $this->assertSame(false, $this->csrfTokenManager->isTokenValid($token));
+ }
+
+ public function testIsTokenValidWithWrongToken() {
+ $this->storageInterface
+ ->expects($this->once())
+ ->method('hasToken')
+ ->willReturn(true);
+ $token = new \OC\Security\CSRF\CsrfToken('Token');
+ $this->storageInterface
+ ->expects($this->once())
+ ->method('getToken')
+ ->willReturn('MyToken');
+
+ $this->assertSame(false, $this->csrfTokenManager->isTokenValid($token));
+ }
+
+ public function testIsTokenValidWithValidToken() {
+ $this->storageInterface
+ ->expects($this->once())
+ ->method('hasToken')
+ ->willReturn(true);
+ $token = new \OC\Security\CSRF\CsrfToken('XlQhHjgWCgBXAEI0Khl+IQEiCXN2LUcDHAQTQAc1HQs=:qgkUlg8l3m8WnkOG4XM9Az33pAt1vSVMx4hcJFsxdqc=');
+ $this->storageInterface
+ ->expects($this->once())
+ ->method('getToken')
+ ->willReturn('/3JKTq2ldmzcDr1f5zDJ7Wt0lEgqqfKF');
+
+ $this->assertSame(true, $this->csrfTokenManager->isTokenValid($token));
+ }
+}
diff --git a/tests/lib/security/csrf/CsrfTokenTest.php b/tests/lib/security/csrf/CsrfTokenTest.php
new file mode 100644
index 00000000000..62e6ad112e7
--- /dev/null
+++ b/tests/lib/security/csrf/CsrfTokenTest.php
@@ -0,0 +1,33 @@
+<?php
+/**
+ * @author Lukas Reschke <lukas@owncloud.com>
+ *
+ * @copyright Copyright (c) 2016, ownCloud, Inc.
+ * @license AGPL-3.0
+ *
+ * This code is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License, version 3,
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License, version 3,
+ * along with this program. If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+
+class CsrfTokenTest extends \Test\TestCase {
+ public function testGetEncryptedValue() {
+ $csrfToken = new \OC\Security\CSRF\CsrfToken('MyCsrfToken');
+ $this->assertSame(33, strlen($csrfToken->getEncryptedValue()));
+ $this->assertSame(':', $csrfToken->getEncryptedValue()[16]);
+ }
+
+ public function testGetDecryptedValue() {
+ $csrfToken = new \OC\Security\CSRF\CsrfToken('XlQhHjgWCgBXAEI0Khl+IQEiCXN2LUcDHAQTQAc1HQs=:qgkUlg8l3m8WnkOG4XM9Az33pAt1vSVMx4hcJFsxdqc=');
+ $this->assertSame('/3JKTq2ldmzcDr1f5zDJ7Wt0lEgqqfKF', $csrfToken->getDecryptedValue());
+ }
+}
diff --git a/tests/lib/security/csrf/tokenstorage/SessionStorageTest.php b/tests/lib/security/csrf/tokenstorage/SessionStorageTest.php
new file mode 100644
index 00000000000..3a83f6a8c00
--- /dev/null
+++ b/tests/lib/security/csrf/tokenstorage/SessionStorageTest.php
@@ -0,0 +1,107 @@
+<?php
+/**
+ * @author Lukas Reschke <lukas@owncloud.com>
+ *
+ * @copyright Copyright (c) 2016, ownCloud, Inc.
+ * @license AGPL-3.0
+ *
+ * This code is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License, version 3,
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License, version 3,
+ * along with this program. If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+
+class SessionStorageTest extends \Test\TestCase {
+ /** @var \OCP\ISession */
+ private $session;
+ /** @var \OC\Security\CSRF\TokenStorage\SessionStorage */
+ private $sessionStorage;
+
+ public function setUp() {
+ parent::setUp();
+ $this->session = $this->getMockBuilder('\OCP\ISession')
+ ->disableOriginalConstructor()->getMock();
+ $this->sessionStorage = new \OC\Security\CSRF\TokenStorage\SessionStorage($this->session);
+ }
+
+ /**
+ * @return array
+ */
+ public function getTokenDataProvider() {
+ return [
+ [
+ '',
+ ],
+ [
+ null,
+ ],
+ ];
+ }
+
+ /**
+ * @param string $token
+ * @dataProvider getTokenDataProvider
+ *
+ * @expectedException \Exception
+ * @expectedExceptionMessage Session does not contain a requesttoken
+ */
+ public function testGetTokenWithEmptyToken($token) {
+ $this->session
+ ->expects($this->once())
+ ->method('get')
+ ->with('requesttoken')
+ ->willReturn($token);
+ $this->sessionStorage->getToken();
+ }
+
+ public function testGetTokenWithValidToken() {
+ $this->session
+ ->expects($this->once())
+ ->method('get')
+ ->with('requesttoken')
+ ->willReturn('MyFancyCsrfToken');
+ $this->assertSame('MyFancyCsrfToken', $this->sessionStorage->getToken());
+ }
+
+ public function testSetToken() {
+ $this->session
+ ->expects($this->once())
+ ->method('set')
+ ->with('requesttoken', 'TokenToSet');
+ $this->sessionStorage->setToken('TokenToSet');
+ }
+
+ public function testRemoveToken() {
+ $this->session
+ ->expects($this->once())
+ ->method('remove')
+ ->with('requesttoken');
+ $this->sessionStorage->removeToken();
+ }
+
+ public function testHasTokenWithExistingToken() {
+ $this->session
+ ->expects($this->once())
+ ->method('exists')
+ ->with('requesttoken')
+ ->willReturn(true);
+ $this->assertSame(true, $this->sessionStorage->hasToken());
+ }
+
+ public function testHasTokenWithoutExistingToken() {
+ $this->session
+ ->expects($this->once())
+ ->method('exists')
+ ->with('requesttoken')
+ ->willReturn(false);
+ $this->assertSame(false, $this->sessionStorage->hasToken());
+ }
+}
diff --git a/tests/lib/util.php b/tests/lib/util.php
index f05a33766b7..7880d56f63b 100644
--- a/tests/lib/util.php
+++ b/tests/lib/util.php
@@ -89,11 +89,6 @@ class Test_Util extends \Test\TestCase {
});
}
- function testCallRegister() {
- $result = strlen(OC_Util::callRegister());
- $this->assertEquals(71, $result);
- }
-
function testSanitizeHTML() {
$badArray = [
'While it is unusual to pass an array',