diff options
| author | Roeland Jago Douma <rullzer@users.noreply.github.com> | 2016-11-02 12:09:30 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2016-11-02 12:09:30 +0100 |
| commit | 370123b8b0b7adc21429b991f06e2c5052a54795 (patch) | |
| tree | 17301239f9dfe5afca5afe2a6dea4887c0ccaf1d /tests | |
| parent | acf01b7f061211eb898c974d1cda0f30851ea996 (diff) | |
| parent | e5d78a35231d1412aa7427f061aacdf73d92a796 (diff) | |
| download | nextcloud-server-370123b8b0b7adc21429b991f06e2c5052a54795.tar.gz nextcloud-server-370123b8b0b7adc21429b991f06e2c5052a54795.zip | |
Merge pull request #1966 from nextcloud/fix-csrf-token-generation
Fix CSRF token generation / validation
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/lib/Security/CSRF/CsrfTokenManagerTest.php | 8 | ||||
| -rw-r--r-- | tests/lib/Security/CSRF/CsrfTokenTest.php | 8 |
2 files changed, 12 insertions, 4 deletions
diff --git a/tests/lib/Security/CSRF/CsrfTokenManagerTest.php b/tests/lib/Security/CSRF/CsrfTokenManagerTest.php index 6f7842fdfd9..f9dd8127e5a 100644 --- a/tests/lib/Security/CSRF/CsrfTokenManagerTest.php +++ b/tests/lib/Security/CSRF/CsrfTokenManagerTest.php @@ -137,15 +137,19 @@ class CsrfTokenManagerTest extends \Test\TestCase { } public function testIsTokenValidWithValidToken() { + $a = 'abc'; + $b = 'def'; + $xorB64 = 'BQcF'; + $tokenVal = sprintf('%s:%s', $xorB64, base64_encode($a)); $this->storageInterface ->expects($this->once()) ->method('hasToken') ->willReturn(true); - $token = new \OC\Security\CSRF\CsrfToken('XlQhHjgWCgBXAEI0Khl+IQEiCXN2LUcDHAQTQAc1HQs=:qgkUlg8l3m8WnkOG4XM9Az33pAt1vSVMx4hcJFsxdqc='); + $token = new \OC\Security\CSRF\CsrfToken($tokenVal); $this->storageInterface ->expects($this->once()) ->method('getToken') - ->willReturn('/3JKTq2ldmzcDr1f5zDJ7Wt0lEgqqfKF'); + ->willReturn($b); $this->assertSame(true, $this->csrfTokenManager->isTokenValid($token)); } diff --git a/tests/lib/Security/CSRF/CsrfTokenTest.php b/tests/lib/Security/CSRF/CsrfTokenTest.php index d19d1de916c..fbb92cd315a 100644 --- a/tests/lib/Security/CSRF/CsrfTokenTest.php +++ b/tests/lib/Security/CSRF/CsrfTokenTest.php @@ -36,7 +36,11 @@ class CsrfTokenTest extends \Test\TestCase { } public function testGetDecryptedValue() { - $csrfToken = new \OC\Security\CSRF\CsrfToken('XlQhHjgWCgBXAEI0Khl+IQEiCXN2LUcDHAQTQAc1HQs=:qgkUlg8l3m8WnkOG4XM9Az33pAt1vSVMx4hcJFsxdqc='); - $this->assertSame('/3JKTq2ldmzcDr1f5zDJ7Wt0lEgqqfKF', $csrfToken->getDecryptedValue()); + $a = 'abc'; + $b = 'def'; + $xorB64 = 'BQcF'; + $tokenVal = sprintf('%s:%s', $xorB64, base64_encode($a)); + $csrfToken = new \OC\Security\CSRF\CsrfToken($tokenVal); + $this->assertSame($b, $csrfToken->getDecryptedValue()); } } |