Return proper status code in case of a CORS exception

When returning a 500 statuscode external applications may interpret this as an error instead of handling this more gracefully. This will now make return a 401 thus. Fixes https://github.com/owncloud/core/issues/17742
author: Lukas Reschke <lukas@owncloud.com> 2015-07-20 12:54:22 +0200
committer: Lukas Reschke <lukas@owncloud.com> 2015-07-20 12:54:22 +0200
commit: 7dda86f371b66982dbade9532f5c4dc3a6fac3ac (patch)
tree: 0c6aa803279bbe7ccfee8a864ecca02af4993b15 /tests
parent: 1e4496c1cb779e6ceb7107301f0b0008997cc0ea (diff)
download: nextcloud-server-7dda86f371b66982dbade9532f5c4dc3a6fac3ac.tar.gz
nextcloud-server-7dda86f371b66982dbade9532f5c4dc3a6fac3ac.zip
1 files changed, 51 insertions, 0 deletions
diff --git a/tests/lib/appframework/middleware/security/CORSMiddlewareTest.php b/tests/lib/appframework/middleware/security/CORSMiddlewareTest.php
index 5c93c95e188..ca526fb859c 100644
--- a/tests/lib/appframework/middleware/security/CORSMiddlewareTest.php
+++ b/tests/lib/appframework/middleware/security/CORSMiddlewareTest.php
@@ -15,6 +15,8 @@ namespace OC\AppFramework\Middleware\Security;
 use OC\AppFramework\Http\Request;
 use OC\AppFramework\Utility\ControllerMethodReflector;
 
+use OCP\AppFramework\Http;
+use OCP\AppFramework\Http\JSONResponse;
 use OCP\AppFramework\Http\Response;
 
 
@@ -181,4 +183,53 @@ class CORSMiddlewareTest extends \Test\TestCase {
 		$middleware->beforeController($this, __FUNCTION__, new Response());
 	}
 
+	public function testAfterExceptionWithSecurityExceptionNoStatus() {
+		$request = new Request(
+			['server' => [
+				'PHP_AUTH_USER' => 'user',
+				'PHP_AUTH_PW' => 'pass'
+			]],
+			$this->getMock('\OCP\Security\ISecureRandom'),
+			$this->getMock('\OCP\IConfig')
+		);
+		$middleware = new CORSMiddleware($request, $this->reflector, $this->session);
+		$response = $middleware->afterException($this, __FUNCTION__, new SecurityException('A security exception'));
+
+		$expected = new JSONResponse(['message' => 'A security exception'], 500);
+		$this->assertEquals($expected, $response);
+	}
+
+	public function testAfterExceptionWithSecurityExceptionWithStatus() {
+		$request = new Request(
+			['server' => [
+				'PHP_AUTH_USER' => 'user',
+				'PHP_AUTH_PW' => 'pass'
+			]],
+			$this->getMock('\OCP\Security\ISecureRandom'),
+			$this->getMock('\OCP\IConfig')
+		);
+		$middleware = new CORSMiddleware($request, $this->reflector, $this->session);
+		$response = $middleware->afterException($this, __FUNCTION__, new SecurityException('A security exception', 501));
+
+		$expected = new JSONResponse(['message' => 'A security exception'], 501);
+		$this->assertEquals($expected, $response);
+	}
+
+	/**
+	 * @expectedException \Exception
+	 * @expectedExceptionMessage A regular exception
+	 */
+	public function testAfterExceptionWithRegularException() {
+		$request = new Request(
+			['server' => [
+				'PHP_AUTH_USER' => 'user',
+				'PHP_AUTH_PW' => 'pass'
+			]],
+			$this->getMock('\OCP\Security\ISecureRandom'),
+			$this->getMock('\OCP\IConfig')
+		);
+		$middleware = new CORSMiddleware($request, $this->reflector, $this->session);
+		$middleware->afterException($this, __FUNCTION__, new \Exception('A regular exception'));
+	}
+
 }
author	Lukas Reschke <lukas@owncloud.com>	2015-07-20 12:54:22 +0200
committer	Lukas Reschke <lukas@owncloud.com>	2015-07-20 12:54:22 +0200
commit	7dda86f371b66982dbade9532f5c4dc3a6fac3ac (patch)
tree	0c6aa803279bbe7ccfee8a864ecca02af4993b15 /tests
parent	1e4496c1cb779e6ceb7107301f0b0008997cc0ea (diff)
download	nextcloud-server-7dda86f371b66982dbade9532f5c4dc3a6fac3ac.tar.gz nextcloud-server-7dda86f371b66982dbade9532f5c4dc3a6fac3ac.zip