diff options
author | Morris Jobke <hey@morrisjobke.de> | 2018-10-02 21:45:10 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-10-02 21:45:10 +0200 |
commit | 6b730b4c478bc4f55a89fd7d6a7c2715e2e5b829 (patch) | |
tree | 06218c0625e5ddc4045a7990347bcb8ca7fdc5ce /tests | |
parent | 19d552e00b16d8b5423b01755b5b1027df5a21ed (diff) | |
parent | 19f84f7b5485e204014671d0439e8af5693acbb1 (diff) | |
download | nextcloud-server-6b730b4c478bc4f55a89fd7d6a7c2715e2e5b829.tar.gz nextcloud-server-6b730b4c478bc4f55a89fd7d6a7c2715e2e5b829.zip |
Merge pull request #11390 from nextcloud/feature/11043/apptoken_v3
Apptoken v3: imrpove token handling on external password change
Diffstat (limited to 'tests')
-rw-r--r-- | tests/lib/Authentication/Token/DefaultTokenProviderTest.php | 19 | ||||
-rw-r--r-- | tests/lib/Authentication/Token/ManagerTest.php | 41 | ||||
-rw-r--r-- | tests/lib/Authentication/Token/PublicKeyTokenMapperTest.php | 31 | ||||
-rw-r--r-- | tests/lib/Authentication/Token/PublicKeyTokenProviderTest.php | 72 | ||||
-rw-r--r-- | tests/lib/User/SessionTest.php | 63 |
5 files changed, 216 insertions, 10 deletions
diff --git a/tests/lib/Authentication/Token/DefaultTokenProviderTest.php b/tests/lib/Authentication/Token/DefaultTokenProviderTest.php index 3fb11f410ba..8b005bd8bdb 100644 --- a/tests/lib/Authentication/Token/DefaultTokenProviderTest.php +++ b/tests/lib/Authentication/Token/DefaultTokenProviderTest.php @@ -28,6 +28,7 @@ use OC\Authentication\Token\DefaultTokenMapper; use OC\Authentication\Token\DefaultTokenProvider; use OC\Authentication\Token\ExpiredTokenException; use OC\Authentication\Token\IToken; +use OC\Authentication\Token\PublicKeyToken; use OCP\AppFramework\Db\DoesNotExistException; use OCP\AppFramework\Utility\ITimeFactory; use OCP\IConfig; @@ -532,4 +533,22 @@ class DefaultTokenProviderTest extends TestCase { $this->tokenProvider->rotate($token, 'oldtoken', 'newtoken'); } + + public function testMarkPasswordInvalidInvalidToken() { + $token = $this->createMock(PublicKeyToken::class); + + $this->expectException(InvalidTokenException::class); + + $this->tokenProvider->markPasswordInvalid($token, 'tokenId'); + } + + public function testMarkPasswordInvalid() { + $token = $this->createMock(DefaultToken::class); + + $this->mapper->expects($this->once()) + ->method('invalidate') + ->with('0c7db0098fe8ddba6032b22719ec18867c69a1820fa36d71c28bf96d52843bdc44a112bd24093b049be5bb54769bcb72d67190a4a9690e51aac263cba38186fb'); + + $this->tokenProvider->markPasswordInvalid($token, 'tokenId'); + } } diff --git a/tests/lib/Authentication/Token/ManagerTest.php b/tests/lib/Authentication/Token/ManagerTest.php index 8b77bfc4994..1b7f3a637ce 100644 --- a/tests/lib/Authentication/Token/ManagerTest.php +++ b/tests/lib/Authentication/Token/ManagerTest.php @@ -448,4 +448,45 @@ class ManagerTest extends TestCase { $this->assertSame($newToken, $this->manager->rotate($oldToken, 'oldId', 'newId')); } + + public function testMarkPasswordInvalidDefault() { + $token = $this->createMock(DefaultToken::class); + + $this->defaultTokenProvider->expects($this->once()) + ->method('markPasswordInvalid') + ->with($token, 'tokenId'); + $this->publicKeyTokenProvider->expects($this->never()) + ->method($this->anything()); + + $this->manager->markPasswordInvalid($token, 'tokenId'); + } + + public function testMarkPasswordInvalidPublicKey() { + $token = $this->createMock(PublicKeyToken::class); + + $this->publicKeyTokenProvider->expects($this->once()) + ->method('markPasswordInvalid') + ->with($token, 'tokenId'); + $this->defaultTokenProvider->expects($this->never()) + ->method($this->anything()); + + $this->manager->markPasswordInvalid($token, 'tokenId'); + } + + public function testMarkPasswordInvalidInvalidToken() { + $this->expectException(InvalidTokenException::class); + + $this->manager->markPasswordInvalid($this->createMock(IToken::class), 'tokenId'); + } + + public function testUpdatePasswords() { + $this->defaultTokenProvider->expects($this->once()) + ->method('updatePasswords') + ->with('uid', 'pass'); + $this->publicKeyTokenProvider->expects($this->once()) + ->method('updatePasswords') + ->with('uid', 'pass'); + + $this->manager->updatePasswords('uid', 'pass'); + } } diff --git a/tests/lib/Authentication/Token/PublicKeyTokenMapperTest.php b/tests/lib/Authentication/Token/PublicKeyTokenMapperTest.php index 5a98747ab0d..89adef5bb8f 100644 --- a/tests/lib/Authentication/Token/PublicKeyTokenMapperTest.php +++ b/tests/lib/Authentication/Token/PublicKeyTokenMapperTest.php @@ -99,6 +99,20 @@ class PublicKeyTokenMapperTest extends TestCase { 'private_key' => $qb->createNamedParameter('private key'), 'version' => $qb->createNamedParameter(2), ])->execute(); + $qb->insert('authtoken')->values([ + 'uid' => $qb->createNamedParameter('user3'), + 'login_name' => $qb->createNamedParameter('User3'), + 'password' => $qb->createNamedParameter('063de945d6f6b26862d9b6f40652f2d5|DZ/z520tfdXPtd0T|395f6b89be8d9d605e409e20b9d9abe477fde1be38a3223f9e508f979bf906e50d9eaa4dca983ca4fb22a241eb696c3f98654e7775f78c4caf13108f98642b53'), + 'name' => $qb->createNamedParameter('Iceweasel on Linux'), + 'token' => $qb->createNamedParameter('6d9a290d239d09f2cc33a03cc54cccd46f7dc71630dcc27d39214824bd3e093f1feb4e2b55eb159d204caa15dee9556c202a5aa0b9d67806c3f4ec2cde11af67'), + 'type' => $qb->createNamedParameter(IToken::TEMPORARY_TOKEN), + 'last_activity' => $qb->createNamedParameter($this->time - 120, IQueryBuilder::PARAM_INT), // Two minutes ago + 'last_check' => $this->time - 60 * 10, // 10mins ago + 'public_key' => $qb->createNamedParameter('public key'), + 'private_key' => $qb->createNamedParameter('private key'), + 'version' => $qb->createNamedParameter(2), + 'password_invalid' => $qb->createNamedParameter(1), + ])->execute(); } private function getNumberOfTokens() { @@ -115,7 +129,7 @@ class PublicKeyTokenMapperTest extends TestCase { $this->mapper->invalidate($token); - $this->assertSame(2, $this->getNumberOfTokens()); + $this->assertSame(3, $this->getNumberOfTokens()); } public function testInvalidateInvalid() { @@ -123,7 +137,7 @@ class PublicKeyTokenMapperTest extends TestCase { $this->mapper->invalidate($token); - $this->assertSame(3, $this->getNumberOfTokens()); + $this->assertSame(4, $this->getNumberOfTokens()); } public function testInvalidateOld() { @@ -131,7 +145,7 @@ class PublicKeyTokenMapperTest extends TestCase { $this->mapper->invalidateOld($olderThan); - $this->assertSame(2, $this->getNumberOfTokens()); + $this->assertSame(3, $this->getNumberOfTokens()); } public function testGetToken() { @@ -224,7 +238,7 @@ class PublicKeyTokenMapperTest extends TestCase { $id = $result->fetch()['id']; $this->mapper->deleteById('user1', (int)$id); - $this->assertEquals(2, $this->getNumberOfTokens()); + $this->assertEquals(3, $this->getNumberOfTokens()); } public function testDeleteByIdWrongUser() { @@ -233,7 +247,7 @@ class PublicKeyTokenMapperTest extends TestCase { $id = 33; $this->mapper->deleteById('user1000', $id); - $this->assertEquals(3, $this->getNumberOfTokens()); + $this->assertEquals(4, $this->getNumberOfTokens()); } public function testDeleteByName() { @@ -244,7 +258,12 @@ class PublicKeyTokenMapperTest extends TestCase { $result = $qb->execute(); $name = $result->fetch()['name']; $this->mapper->deleteByName($name); - $this->assertEquals(2, $this->getNumberOfTokens()); + $this->assertEquals(3, $this->getNumberOfTokens()); + } + + public function testHasExpiredTokens() { + $this->assertFalse($this->mapper->hasExpiredTokens('user1')); + $this->assertTrue($this->mapper->hasExpiredTokens('user3')); } } diff --git a/tests/lib/Authentication/Token/PublicKeyTokenProviderTest.php b/tests/lib/Authentication/Token/PublicKeyTokenProviderTest.php index 681ad35c644..02ec62d3d77 100644 --- a/tests/lib/Authentication/Token/PublicKeyTokenProviderTest.php +++ b/tests/lib/Authentication/Token/PublicKeyTokenProviderTest.php @@ -504,4 +504,76 @@ class PublicKeyTokenProviderTest extends TestCase { $this->assertSame(IToken::REMEMBER, $newToken->getRemember()); $this->assertSame(IToken::PERMANENT_TOKEN, $newToken->getType()); } + + public function testMarkPasswordInvalidInvalidToken() { + $token = $this->createMock(DefaultToken::class); + + $this->expectException(InvalidTokenException::class); + + $this->tokenProvider->markPasswordInvalid($token, 'tokenId'); + } + + public function testMarkPasswordInvalid() { + $token = $this->createMock(PublicKeyToken::class); + + $token->expects($this->once()) + ->method('setPasswordInvalid') + ->with(true); + $this->mapper->expects($this->once()) + ->method('update') + ->with($token); + + $this->tokenProvider->markPasswordInvalid($token, 'tokenId'); + } + + public function testUpdatePasswords() { + $uid = 'myUID'; + $token1 = $this->tokenProvider->generateToken( + 'foo', + $uid, + $uid, + 'bar', + 'random1', + IToken::PERMANENT_TOKEN, + IToken::REMEMBER); + $token2 = $this->tokenProvider->generateToken( + 'foobar', + $uid, + $uid, + 'bar', + 'random2', + IToken::PERMANENT_TOKEN, + IToken::REMEMBER); + + $this->mapper->expects($this->once()) + ->method('hasExpiredTokens') + ->with($uid) + ->willReturn(true); + $this->mapper->expects($this->once()) + ->method('getTokenByUser') + ->with($uid) + ->willReturn([$token1, $token2]); + $this->mapper->expects($this->exactly(2)) + ->method('update') + ->with($this->callback(function (PublicKeyToken $t) use ($token1, $token2) { + return $t === $token1 || $t === $token2; + })); + + $this->tokenProvider->updatePasswords($uid, 'bar2'); + } + + public function testUpdatePasswordsNotRequired() { + $uid = 'myUID'; + + $this->mapper->expects($this->once()) + ->method('hasExpiredTokens') + ->with($uid) + ->willReturn(false); + $this->mapper->expects($this->never()) + ->method('getTokenByUser'); + $this->mapper->expects($this->never()) + ->method('update'); + + $this->tokenProvider->updatePasswords($uid, 'bar2'); + } } diff --git a/tests/lib/User/SessionTest.php b/tests/lib/User/SessionTest.php index 24677b57dd6..114b2eb5597 100644 --- a/tests/lib/User/SessionTest.php +++ b/tests/lib/User/SessionTest.php @@ -1017,10 +1017,8 @@ class SessionTest extends \Test\TestCase { ->method('getPassword') ->with($token, 'APP-PASSWORD') ->will($this->returnValue('123456')); - $userManager->expects($this->once()) - ->method('checkPassword') - ->with('susan', '123456') - ->will($this->returnValue(true)); + $userManager->expects($this->never()) + ->method('checkPassword'); $user->expects($this->once()) ->method('isEnabled') ->will($this->returnValue(false)); @@ -1069,6 +1067,55 @@ class SessionTest extends \Test\TestCase { $this->assertEquals(1000, $token->getLastCheck()); } + public function testValidateSessionInvalidPassword() { + $userManager = $this->createMock(Manager::class); + $session = $this->createMock(ISession::class); + $timeFactory = $this->createMock(ITimeFactory::class); + $tokenProvider = $this->createMock(IProvider::class); + $userSession = $this->getMockBuilder(Session::class) + ->setConstructorArgs([$userManager, $session, $timeFactory, $tokenProvider, $this->config, $this->random, $this->lockdownManager, $this->logger]) + ->setMethods(['logout']) + ->getMock(); + + $user = $this->createMock(IUser::class); + $token = new \OC\Authentication\Token\DefaultToken(); + $token->setLoginName('susan'); + $token->setLastCheck(20); + + $session->expects($this->once()) + ->method('get') + ->with('app_password') + ->will($this->returnValue('APP-PASSWORD')); + $tokenProvider->expects($this->once()) + ->method('getToken') + ->with('APP-PASSWORD') + ->will($this->returnValue($token)); + $timeFactory->expects($this->once()) + ->method('getTime') + ->will($this->returnValue(1000)); // more than 5min since last check + $tokenProvider->expects($this->once()) + ->method('getPassword') + ->with($token, 'APP-PASSWORD') + ->will($this->returnValue('123456')); + $userManager->expects($this->once()) + ->method('checkPassword') + ->with('susan', '123456') + ->willReturn(false); + $user->expects($this->once()) + ->method('isEnabled') + ->will($this->returnValue(true)); + $tokenProvider->expects($this->never()) + ->method('invalidateToken'); + $tokenProvider->expects($this->once()) + ->method('markPasswordInvalid') + ->with($token, 'APP-PASSWORD'); + $userSession->expects($this->once()) + ->method('logout'); + + $userSession->setUser($user); + $this->invokePrivate($userSession, 'validateSession'); + } + public function testUpdateSessionTokenPassword() { $userManager = $this->createMock(Manager::class); $session = $this->createMock(ISession::class); @@ -1364,4 +1411,12 @@ class SessionTest extends \Test\TestCase { $this->assertFalse($userSession->tryBasicAuthLogin($request, $this->throttler)); } + + public function testUpdateTokens() { + $this->tokenProvider->expects($this->once()) + ->method('updatePasswords') + ->with('uid', 'pass'); + + $this->userSession->updateTokens('uid', 'pass'); + } } |