diff options
| author | Bjoern Schiessle <bjoern@schiessle.org> | 2018-12-20 11:11:04 +0100 |
|---|---|---|
| committer | Bjoern Schiessle <bjoern@schiessle.org> | 2018-12-20 12:28:40 +0100 |
| commit | 4b3308bf3fd4c6fe572ee1658a7809bba20c7339 (patch) | |
| tree | b7b50eaed48775240a1960a5d85ab3b58acad40a /tests | |
| parent | 9e9b04737e41ce2a582afdb5decade5293ab115b (diff) | |
| download | nextcloud-server-4b3308bf3fd4c6fe572ee1658a7809bba20c7339.tar.gz nextcloud-server-4b3308bf3fd4c6fe572ee1658a7809bba20c7339.zip | |
fix can change password check in case of encryption is enabled
Admin should _not_ be able to change password when:
- if an encryption module is loaded and it uses per-user keys
- if encryption is enabled but no encryption modules are loaded
Admin should be able to change the password when:
- no encryption module is loaded and encryption is disabled
- encryption module is loaded but it doesn't require per user keys
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/Settings/Controller/UsersControllerTest.php | 48 |
1 files changed, 47 insertions, 1 deletions
diff --git a/tests/Settings/Controller/UsersControllerTest.php b/tests/Settings/Controller/UsersControllerTest.php index 74ac990be92..8294514fa50 100644 --- a/tests/Settings/Controller/UsersControllerTest.php +++ b/tests/Settings/Controller/UsersControllerTest.php @@ -11,6 +11,7 @@ namespace Tests\Settings\Controller; use OC\Accounts\AccountManager; +use OC\Encryption\Exceptions\ModuleDoesNotExistsException; use OC\Group\Group; use OC\Group\Manager; use OC\Settings\Controller\UsersController; @@ -98,7 +99,7 @@ class UsersControllerTest extends \Test\TestCase { $this->securityManager = $this->getMockBuilder(\OC\Security\IdentityProof\Manager::class)->disableOriginalConstructor()->getMock(); $this->jobList = $this->createMock(IJobList::class); $this->encryptionManager = $this->createMock(IManager::class); - + $this->l->method('t') ->will($this->returnCallback(function ($text, $parameters = []) { return vsprintf($text, $parameters); @@ -513,4 +514,49 @@ class UsersControllerTest extends \Test\TestCase { $this->assertSame(Http::STATUS_BAD_REQUEST, $result->getStatus()); } + /** + * @dataProvider dataTestCanAdminChangeUserPasswords + * + * @param bool $encryptionEnabled + * @param bool $encryptionModuleLoaded + * @param bool $masterKeyEnabled + * @param bool $expected + */ + public function testCanAdminChangeUserPasswords($encryptionEnabled, + $encryptionModuleLoaded, + $masterKeyEnabled, + $expected) { + $controller = $this->getController(); + + $this->encryptionManager->expects($this->any()) + ->method('isEnabled') + ->willReturn($encryptionEnabled); + $this->encryptionManager->expects($this->any()) + ->method('getEncryptionModule') + ->willReturnCallback(function() use ($encryptionModuleLoaded) { + if ($encryptionModuleLoaded) return $this->encryptionModule; + else throw new ModuleDoesNotExistsException(); + }); + $this->encryptionModule->expects($this->any()) + ->method('needDetailedAccessList') + ->willReturn(!$masterKeyEnabled); + + $result = $this->invokePrivate($controller, 'canAdminChangeUserPasswords', []); + $this->assertSame($expected, $result); + } + + public function dataTestCanAdminChangeUserPasswords() { + return [ + // encryptionEnabled, encryptionModuleLoaded, masterKeyEnabled, expectedResult + [true, true, true, true], + [false, true, true, true], + [true, false, true, false], + [false, false, true, true], + [true, true, false, false], + [false, true, false, false], + [true, false, false, false], + [false, false, false, true], + ]; + } + } |