diff options
| author | Lukas Reschke <lukas@owncloud.com> | 2015-08-04 18:34:33 +0200 |
|---|---|---|
| committer | Lukas Reschke <lukas@owncloud.com> | 2015-08-04 18:34:33 +0200 |
| commit | 4efa7c09b135e1af5269f72a6f6a1803e5c1edd2 (patch) | |
| tree | c30d2d2b3fc9ca59559185b0517f619ed621c736 /tests | |
| parent | 728780aee8dbbdb41746b7510096c8690505a991 (diff) | |
| download | nextcloud-server-4efa7c09b135e1af5269f72a6f6a1803e5c1edd2.tar.gz nextcloud-server-4efa7c09b135e1af5269f72a6f6a1803e5c1edd2.zip | |
Use StringUtils::equals on CSRF token and add unit tests
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/lib/appframework/http/RequestTest.php | 95 |
1 files changed, 95 insertions, 0 deletions
diff --git a/tests/lib/appframework/http/RequestTest.php b/tests/lib/appframework/http/RequestTest.php index 6e86f3d7041..10a9e486c97 100644 --- a/tests/lib/appframework/http/RequestTest.php +++ b/tests/lib/appframework/http/RequestTest.php @@ -1156,4 +1156,99 @@ class RequestTest extends \Test\TestCase { $this->assertSame($expectedUri, $request->getRequestUri()); } + public function testPassesCSRFCheckWithGet() { + /** @var Request $request */ + $request = $this->getMockBuilder('\OC\AppFramework\Http\Request') + ->setMethods(['getScriptName']) + ->setConstructorArgs([ + [ + 'get' => [ + 'requesttoken' => 'MyStoredRequestToken', + ], + 'requesttoken' => 'MyStoredRequestToken', + ], + $this->secureRandom, + $this->config, + $this->stream + ]) + ->getMock(); + + $this->assertTrue($request->passesCSRFCheck()); + } + + public function testPassesCSRFCheckWithPost() { + /** @var Request $request */ + $request = $this->getMockBuilder('\OC\AppFramework\Http\Request') + ->setMethods(['getScriptName']) + ->setConstructorArgs([ + [ + 'post' => [ + 'requesttoken' => 'MyStoredRequestToken', + ], + 'requesttoken' => 'MyStoredRequestToken', + ], + $this->secureRandom, + $this->config, + $this->stream + ]) + ->getMock(); + + $this->assertTrue($request->passesCSRFCheck()); + } + + public function testPassesCSRFCheckWithHeader() { + /** @var Request $request */ + $request = $this->getMockBuilder('\OC\AppFramework\Http\Request') + ->setMethods(['getScriptName']) + ->setConstructorArgs([ + [ + 'server' => [ + 'HTTP_REQUESTTOKEN' => 'MyStoredRequestToken', + ], + 'requesttoken' => 'MyStoredRequestToken', + ], + $this->secureRandom, + $this->config, + $this->stream + ]) + ->getMock(); + + $this->assertTrue($request->passesCSRFCheck()); + } + + public function testPassesCSRFCheckWithInvalidToken() { + /** @var Request $request */ + $request = $this->getMockBuilder('\OC\AppFramework\Http\Request') + ->setMethods(['getScriptName']) + ->setConstructorArgs([ + [ + 'server' => [ + 'HTTP_REQUESTTOKEN' => 'MyInvalidSentToken', + ], + 'requesttoken' => 'MyStoredRequestToken', + ], + $this->secureRandom, + $this->config, + $this->stream + ]) + ->getMock(); + + $this->assertFalse($request->passesCSRFCheck()); + } + + public function testPassesCSRFCheckWithoutTokenFail() { + /** @var Request $request */ + $request = $this->getMockBuilder('\OC\AppFramework\Http\Request') + ->setMethods(['getScriptName']) + ->setConstructorArgs([ + [], + $this->secureRandom, + $this->config, + $this->stream + ]) + ->getMock(); + + $this->assertFalse($request->passesCSRFCheck()); + } + } |