diff options
| author | Roeland Jago Douma <roeland@famdouma.nl> | 2019-07-27 16:04:51 +0200 |
|---|---|---|
| committer | Roeland Jago Douma <roeland@famdouma.nl> | 2019-07-27 16:11:45 +0200 |
| commit | 37a4282c7ae27c518ce7143be491a00a651e4f4a (patch) | |
| tree | 47ac0e32a0e7725134a7ce57ea1babef84b24961 /tests | |
| parent | 1ec98af3e028f5aa8591bda26d5dac96dfd66f43 (diff) | |
| download | nextcloud-server-37a4282c7ae27c518ce7143be491a00a651e4f4a.tar.gz nextcloud-server-37a4282c7ae27c518ce7143be491a00a651e4f4a.zip | |
Split up security middleware
With upcoming work for the feature policy header. Splitting this in
smaller classes that just do 1 thing makes sense.
I rather have a few small classes that are tiny and do 1 thing right
(and we all understand what is going on) than have big ones.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/lib/AppFramework/Middleware/Security/CSPMiddlewareTest.php | 149 | ||||
| -rw-r--r-- | tests/lib/AppFramework/Middleware/Security/SecurityMiddlewareTest.php | 97 |
2 files changed, 149 insertions, 97 deletions
diff --git a/tests/lib/AppFramework/Middleware/Security/CSPMiddlewareTest.php b/tests/lib/AppFramework/Middleware/Security/CSPMiddlewareTest.php new file mode 100644 index 00000000000..9f2b4e399fb --- /dev/null +++ b/tests/lib/AppFramework/Middleware/Security/CSPMiddlewareTest.php @@ -0,0 +1,149 @@ +<?php +declare(strict_types=1); +/** + * @copyright Copyright (c) 2019, Roeland Jago Douma <roeland@famdouma.nl> + * + * @author Roeland Jago Douma <roeland@famdouma.nl> + * + * @license GNU AGPL version 3 or any later version + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + */ + +namespace Test\AppFramework\Middleware\Security; + +use OC\AppFramework\Middleware\Security\CSPMiddleware; +use OC\Security\CSP\ContentSecurityPolicy; +use OC\Security\CSP\ContentSecurityPolicyManager; +use OC\Security\CSP\ContentSecurityPolicyNonceManager; +use OC\Security\CSRF\CsrfToken; +use OC\Security\CSRF\CsrfTokenManager; +use OCP\AppFramework\Controller; +use OCP\AppFramework\Http\EmptyContentSecurityPolicy; +use OCP\AppFramework\Http\Response; +use PHPUnit\Framework\MockObject\MockObject; + +class CSPMiddlewareTest extends \Test\TestCase { + + /** @var CSPMiddleware|MockObject */ + private $middleware; + /** @var Controller|MockObject */ + private $controller; + /** @var ContentSecurityPolicyManager|MockObject */ + private $contentSecurityPolicyManager; + /** @var CsrfTokenManager|MockObject */ + private $csrfTokenManager; + /** @var ContentSecurityPolicyNonceManager|MockObject */ + private $cspNonceManager; + + protected function setUp() { + parent::setUp(); + + $this->controller = $this->createMock(Controller::class); + $this->contentSecurityPolicyManager = $this->createMock(ContentSecurityPolicyManager::class); + $this->csrfTokenManager = $this->createMock(CsrfTokenManager::class); + $this->cspNonceManager = $this->createMock(ContentSecurityPolicyNonceManager::class); + $this->middleware = new CSPMiddleware( + $this->contentSecurityPolicyManager, + $this->cspNonceManager, + $this->csrfTokenManager + ); + } + + public function testAfterController() { + $this->cspNonceManager + ->expects($this->once()) + ->method('browserSupportsCspV3') + ->willReturn(false); + $response = $this->createMock(Response::class); + $defaultPolicy = new ContentSecurityPolicy(); + $defaultPolicy->addAllowedImageDomain('defaultpolicy'); + $currentPolicy = new ContentSecurityPolicy(); + $currentPolicy->addAllowedConnectDomain('currentPolicy'); + $mergedPolicy = new ContentSecurityPolicy(); + $mergedPolicy->addAllowedMediaDomain('mergedPolicy'); + $response + ->expects($this->exactly(2)) + ->method('getContentSecurityPolicy') + ->willReturn($currentPolicy); + $this->contentSecurityPolicyManager + ->expects($this->once()) + ->method('getDefaultPolicy') + ->willReturn($defaultPolicy); + $this->contentSecurityPolicyManager + ->expects($this->once()) + ->method('mergePolicies') + ->with($defaultPolicy, $currentPolicy) + ->willReturn($mergedPolicy); + $response->expects($this->once()) + ->method('setContentSecurityPolicy') + ->with($mergedPolicy); + + $this->middleware->afterController($this->controller, 'test', $response); + } + + public function testAfterControllerEmptyCSP() { + $response = $this->createMock(Response::class); + $emptyPolicy = new EmptyContentSecurityPolicy(); + $response->expects($this->any()) + ->method('getContentSecurityPolicy') + ->willReturn($emptyPolicy); + $response->expects($this->never()) + ->method('setContentSecurityPolicy'); + + $this->middleware->afterController($this->controller, 'test', $response); + } + + public function testAfterControllerWithContentSecurityPolicy3Support() { + $this->cspNonceManager + ->expects($this->once()) + ->method('browserSupportsCspV3') + ->willReturn(true); + $token = $this->createMock(CsrfToken::class); + $token + ->expects($this->once()) + ->method('getEncryptedValue') + ->willReturn('MyEncryptedToken'); + $this->csrfTokenManager + ->expects($this->once()) + ->method('getToken') + ->willReturn($token); + $response = $this->createMock(Response::class); + $defaultPolicy = new ContentSecurityPolicy(); + $defaultPolicy->addAllowedImageDomain('defaultpolicy'); + $currentPolicy = new ContentSecurityPolicy(); + $currentPolicy->addAllowedConnectDomain('currentPolicy'); + $mergedPolicy = new ContentSecurityPolicy(); + $mergedPolicy->addAllowedMediaDomain('mergedPolicy'); + $response + ->expects($this->exactly(2)) + ->method('getContentSecurityPolicy') + ->willReturn($currentPolicy); + $this->contentSecurityPolicyManager + ->expects($this->once()) + ->method('getDefaultPolicy') + ->willReturn($defaultPolicy); + $this->contentSecurityPolicyManager + ->expects($this->once()) + ->method('mergePolicies') + ->with($defaultPolicy, $currentPolicy) + ->willReturn($mergedPolicy); + $response->expects($this->once()) + ->method('setContentSecurityPolicy') + ->with($mergedPolicy); + + $this->assertEquals($response, $this->middleware->afterController($this->controller, 'test', $response)); + } +} diff --git a/tests/lib/AppFramework/Middleware/Security/SecurityMiddlewareTest.php b/tests/lib/AppFramework/Middleware/Security/SecurityMiddlewareTest.php index ab243616be0..6a1adf03b2f 100644 --- a/tests/lib/AppFramework/Middleware/Security/SecurityMiddlewareTest.php +++ b/tests/lib/AppFramework/Middleware/Security/SecurityMiddlewareTest.php @@ -72,12 +72,6 @@ class SecurityMiddlewareTest extends \Test\TestCase { private $navigationManager; /** @var IURLGenerator|\PHPUnit_Framework_MockObject_MockObject */ private $urlGenerator; - /** @var ContentSecurityPolicyManager|\PHPUnit_Framework_MockObject_MockObject */ - private $contentSecurityPolicyManager; - /** @var CsrfTokenManager|\PHPUnit_Framework_MockObject_MockObject */ - private $csrfTokenManager; - /** @var ContentSecurityPolicyNonceManager|\PHPUnit_Framework_MockObject_MockObject */ - private $cspNonceManager; /** @var IAppManager|\PHPUnit_Framework_MockObject_MockObject */ private $appManager; /** @var IL10N|\PHPUnit_Framework_MockObject_MockObject */ @@ -92,9 +86,6 @@ class SecurityMiddlewareTest extends \Test\TestCase { $this->navigationManager = $this->createMock(INavigationManager::class); $this->urlGenerator = $this->createMock(IURLGenerator::class); $this->request = $this->createMock(IRequest::class); - $this->contentSecurityPolicyManager = $this->createMock(ContentSecurityPolicyManager::class); - $this->csrfTokenManager = $this->createMock(CsrfTokenManager::class); - $this->cspNonceManager = $this->createMock(ContentSecurityPolicyNonceManager::class); $this->l10n = $this->createMock(IL10N::class); $this->middleware = $this->getMiddleware(true, true, false); $this->secException = new SecurityException('hey', false); @@ -118,9 +109,6 @@ class SecurityMiddlewareTest extends \Test\TestCase { $isLoggedIn, $isAdminUser, $isSubAdmin, - $this->contentSecurityPolicyManager, - $this->csrfTokenManager, - $this->cspNonceManager, $this->appManager, $this->l10n ); @@ -611,91 +599,6 @@ class SecurityMiddlewareTest extends \Test\TestCase { $this->assertTrue($response instanceof JSONResponse); } - public function testAfterController() { - $this->cspNonceManager - ->expects($this->once()) - ->method('browserSupportsCspV3') - ->willReturn(false); - $response = $this->createMock(Response::class); - $defaultPolicy = new ContentSecurityPolicy(); - $defaultPolicy->addAllowedImageDomain('defaultpolicy'); - $currentPolicy = new ContentSecurityPolicy(); - $currentPolicy->addAllowedConnectDomain('currentPolicy'); - $mergedPolicy = new ContentSecurityPolicy(); - $mergedPolicy->addAllowedMediaDomain('mergedPolicy'); - $response - ->expects($this->exactly(2)) - ->method('getContentSecurityPolicy') - ->willReturn($currentPolicy); - $this->contentSecurityPolicyManager - ->expects($this->once()) - ->method('getDefaultPolicy') - ->willReturn($defaultPolicy); - $this->contentSecurityPolicyManager - ->expects($this->once()) - ->method('mergePolicies') - ->with($defaultPolicy, $currentPolicy) - ->willReturn($mergedPolicy); - $response->expects($this->once()) - ->method('setContentSecurityPolicy') - ->with($mergedPolicy); - - $this->middleware->afterController($this->controller, 'test', $response); - } - - public function testAfterControllerEmptyCSP() { - $response = $this->createMock(Response::class); - $emptyPolicy = new EmptyContentSecurityPolicy(); - $response->expects($this->any()) - ->method('getContentSecurityPolicy') - ->willReturn($emptyPolicy); - $response->expects($this->never()) - ->method('setContentSecurityPolicy'); - - $this->middleware->afterController($this->controller, 'test', $response); - } - - public function testAfterControllerWithContentSecurityPolicy3Support() { - $this->cspNonceManager - ->expects($this->once()) - ->method('browserSupportsCspV3') - ->willReturn(true); - $token = $this->createMock(CsrfToken::class); - $token - ->expects($this->once()) - ->method('getEncryptedValue') - ->willReturn('MyEncryptedToken'); - $this->csrfTokenManager - ->expects($this->once()) - ->method('getToken') - ->willReturn($token); - $response = $this->createMock(Response::class); - $defaultPolicy = new ContentSecurityPolicy(); - $defaultPolicy->addAllowedImageDomain('defaultpolicy'); - $currentPolicy = new ContentSecurityPolicy(); - $currentPolicy->addAllowedConnectDomain('currentPolicy'); - $mergedPolicy = new ContentSecurityPolicy(); - $mergedPolicy->addAllowedMediaDomain('mergedPolicy'); - $response - ->expects($this->exactly(2)) - ->method('getContentSecurityPolicy') - ->willReturn($currentPolicy); - $this->contentSecurityPolicyManager - ->expects($this->once()) - ->method('getDefaultPolicy') - ->willReturn($defaultPolicy); - $this->contentSecurityPolicyManager - ->expects($this->once()) - ->method('mergePolicies') - ->with($defaultPolicy, $currentPolicy) - ->willReturn($mergedPolicy); - $response->expects($this->once()) - ->method('setContentSecurityPolicy') - ->with($mergedPolicy); - - $this->assertEquals($response, $this->middleware->afterController($this->controller, 'test', $response)); - } - public function dataRestrictedApp() { return [ [false, false, false,], |