diff options
| author | blizzz <blizzz@arthur-schiwon.de> | 2018-01-03 11:48:45 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2018-01-03 11:48:45 +0100 |
| commit | 02b092f35830b916c4fc61413600f5ca86d1630a (patch) | |
| tree | a5cfd5abfc70236ff0d1cfe68ba23b401d47e21c /tests | |
| parent | 86d33cf50ffff86a6641ab113bce6801802f19cb (diff) | |
| parent | 57050146f686d724a9c7ac2c099a6e8b8d591b76 (diff) | |
| download | nextcloud-server-02b092f35830b916c4fc61413600f5ca86d1630a.tar.gz nextcloud-server-02b092f35830b916c4fc61413600f5ca86d1630a.zip | |
Merge pull request #7487 from nextcloud/no-password-confirm-with-sso
disable password confirmation with SSO
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/lib/AppFramework/Middleware/Security/PasswordConfirmationMiddlewareTest.php | 129 | ||||
| -rw-r--r-- | tests/lib/AppFramework/Middleware/Security/SecurityMiddlewareTest.php | 8 |
2 files changed, 133 insertions, 4 deletions
diff --git a/tests/lib/AppFramework/Middleware/Security/PasswordConfirmationMiddlewareTest.php b/tests/lib/AppFramework/Middleware/Security/PasswordConfirmationMiddlewareTest.php new file mode 100644 index 00000000000..2c610736f4a --- /dev/null +++ b/tests/lib/AppFramework/Middleware/Security/PasswordConfirmationMiddlewareTest.php @@ -0,0 +1,129 @@ +<?php +/** + * @copyright 2018, Roeland Jago Douma <roeland@famdouma.nl> + * + * @author Roeland Jago Douma <roeland@famdouma.nl> + * + * @license GNU AGPL version 3 or any later version + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + */ +namespace Test\AppFramework\Middleware\Security; + +use OC\AppFramework\Middleware\Security\Exceptions\NotConfirmedException; +use OC\AppFramework\Middleware\Security\PasswordConfirmationMiddleware; +use OC\AppFramework\Utility\ControllerMethodReflector; +use OCP\AppFramework\Controller; +use OCP\AppFramework\Utility\ITimeFactory; +use OCP\ISession; +use OCP\IUser; +use OCP\IUserSession; +use Test\TestCase; + +class PasswordConfirmationMiddlewareTest extends TestCase { + /** @var ControllerMethodReflector */ + private $reflector; + /** @var ISession|\PHPUnit_Framework_MockObject_MockObject */ + private $session; + /** @var IUserSession|\PHPUnit_Framework_MockObject_MockObject */ + private $userSession; + /** @var IUser|\PHPUnit_Framework_MockObject_MockObject */ + private $user; + /** @var PasswordConfirmationMiddleware */ + private $middleware; + /** @var Controller */ + private $contoller; + /** @var ITimeFactory|\PHPUnit_Framework_MockObject_MockObject */ + private $timeFactory; + + protected function setUp() { + $this->reflector = new ControllerMethodReflector(); + $this->session = $this->createMock(ISession::class); + $this->userSession = $this->createMock(IUserSession::class); + $this->user = $this->createMock(IUser::class); + $this->contoller = $this->createMock(Controller::class); + $this->timeFactory = $this->createMock(ITimeFactory::class); + + $this->middleware = new PasswordConfirmationMiddleware( + $this->reflector, + $this->session, + $this->userSession, + $this->timeFactory + ); + } + + public function testNoAnnotation() { + $this->reflector->reflect(__CLASS__, __FUNCTION__); + $this->session->expects($this->never()) + ->method($this->anything()); + $this->userSession->expects($this->never()) + ->method($this->anything()); + + $this->middleware->beforeController($this->contoller, __FUNCTION__); + } + + /** + * @TestAnnotation + */ + public function testDifferentAnnotation() { + $this->reflector->reflect(__CLASS__, __FUNCTION__); + $this->session->expects($this->never()) + ->method($this->anything()); + $this->userSession->expects($this->never()) + ->method($this->anything()); + + $this->middleware->beforeController($this->contoller, __FUNCTION__); + } + + /** + * @PasswordConfirmationRequired + * @dataProvider testProvider + */ + public function testAnnotation($backend, $lastConfirm, $currentTime, $exception) { + $this->reflector->reflect(__CLASS__, __FUNCTION__); + + $this->user->method('getBackendClassName') + ->willReturn($backend); + $this->userSession->method('getUser') + ->willReturn($this->user); + + $this->session->method('get') + ->with('last-password-confirm') + ->willReturn($lastConfirm); + + $this->timeFactory->method('getTime') + ->willReturn($currentTime); + + $thrown = false; + try { + $this->middleware->beforeController($this->contoller, __FUNCTION__); + } catch (NotConfirmedException $e) { + $thrown = true; + } + + $this->assertSame($exception, $thrown); + } + + public function testProvider() { + return [ + ['foo', 2000, 4000, true], + ['foo', 2000, 3000, false], + ['user_saml', 2000, 4000, false], + ['user_saml', 2000, 3000, false], + ['foo', 2000, 3815, false], + ['foo', 2000, 3816, true], + ]; + } +} diff --git a/tests/lib/AppFramework/Middleware/Security/SecurityMiddlewareTest.php b/tests/lib/AppFramework/Middleware/Security/SecurityMiddlewareTest.php index 6b311c7ae15..151d6935e7f 100644 --- a/tests/lib/AppFramework/Middleware/Security/SecurityMiddlewareTest.php +++ b/tests/lib/AppFramework/Middleware/Security/SecurityMiddlewareTest.php @@ -50,6 +50,8 @@ use OCP\INavigationManager; use OCP\IRequest; use OCP\ISession; use OCP\IURLGenerator; +use OCP\IUser; +use OCP\IUserSession; use OCP\Security\ISecureRandom; class SecurityMiddlewareTest extends \Test\TestCase { @@ -62,8 +64,6 @@ class SecurityMiddlewareTest extends \Test\TestCase { private $secException; /** @var SecurityException */ private $secAjaxException; - /** @var ISession|\PHPUnit_Framework_MockObject_MockObject */ - private $session; /** @var IRequest|\PHPUnit_Framework_MockObject_MockObject */ private $request; /** @var ControllerMethodReflector */ @@ -82,6 +82,8 @@ class SecurityMiddlewareTest extends \Test\TestCase { private $cspNonceManager; /** @var IAppManager|\PHPUnit_Framework_MockObject_MockObject */ private $appManager; + /** @var IUserSession|\PHPUnit_Framework_MockObject_MockObject */ + private $userSession; protected function setUp() { parent::setUp(); @@ -91,7 +93,6 @@ class SecurityMiddlewareTest extends \Test\TestCase { $this->logger = $this->createMock(ILogger::class); $this->navigationManager = $this->createMock(INavigationManager::class); $this->urlGenerator = $this->createMock(IURLGenerator::class); - $this->session = $this->createMock(ISession::class); $this->request = $this->createMock(IRequest::class); $this->contentSecurityPolicyManager = $this->createMock(ContentSecurityPolicyManager::class); $this->csrfTokenManager = $this->createMock(CsrfTokenManager::class); @@ -117,7 +118,6 @@ class SecurityMiddlewareTest extends \Test\TestCase { $this->navigationManager, $this->urlGenerator, $this->logger, - $this->session, 'files', $isLoggedIn, $isAdminUser, |