summaryrefslogtreecommitdiffstats
path: root/tests
diff options
context:
space:
mode:
authorRoeland Jago Douma <rullzer@users.noreply.github.com>2020-01-07 13:43:46 +0100
committerGitHub <noreply@github.com>2020-01-07 13:43:46 +0100
commit52e4ecd66e2269dd47f2fa7b9e99babc96308713 (patch)
treed394124c609511f9667dd9157d952a1a316d84a2 /tests
parent33039a4c97a6deb7b0a2c1e38111e4eaa50a2818 (diff)
parentda81b71f9337621a60def04c304cb301321163b7 (diff)
downloadnextcloud-server-52e4ecd66e2269dd47f2fa7b9e99babc96308713.tar.gz
nextcloud-server-52e4ecd66e2269dd47f2fa7b9e99babc96308713.zip
Merge pull request #18644 from nextcloud/harden/csrf_endpoint
Only allow requesting new CSRF tokens if it passes the SameSite Cooki…
Diffstat (limited to 'tests')
-rw-r--r--tests/Core/Controller/CSRFTokenControllerTest.php13
1 files changed, 12 insertions, 1 deletions
diff --git a/tests/Core/Controller/CSRFTokenControllerTest.php b/tests/Core/Controller/CSRFTokenControllerTest.php
index 74eebf61749..a02f84832e5 100644
--- a/tests/Core/Controller/CSRFTokenControllerTest.php
+++ b/tests/Core/Controller/CSRFTokenControllerTest.php
@@ -54,7 +54,9 @@ class CSRFTokenControllerTest extends TestCase {
$this->tokenManager);
}
- public function testGetToken() {
+ public function testGetToken(): void {
+ $this->request->method('passesStrictCookieCheck')->willReturn(true);
+
$token = $this->createMock(CsrfToken::class);
$this->tokenManager->method('getToken')->willReturn($token);
$token->method('getEncryptedValue')->willReturn('toktok123');
@@ -68,4 +70,13 @@ class CSRFTokenControllerTest extends TestCase {
], $response->getData());
}
+ public function testGetTokenNoStrictSameSiteCookie(): void {
+ $this->request->method('passesStrictCookieCheck')->willReturn(false);
+
+ $response = $this->controller->index();
+
+ $this->assertInstanceOf(JSONResponse::class, $response);
+ $this->assertSame(Http::STATUS_FORBIDDEN, $response->getStatus());
+ }
+
}