Merge pull request #9518 from nextcloud/feature/5986/public_share_controller_middleware

Public share middleware & controller

4 files changed, 550 insertions, 2 deletions

diff --git a/tests/acceptance/features/bootstrap/FilesSharingAppContext.php b/tests/acceptance/features/bootstrap/FilesSharingAppContext.php
index 61357142ae4..1fe12d5f42d 100644
--- a/tests/acceptance/features/bootstrap/FilesSharingAppContext.php
+++ b/tests/acceptance/features/bootstrap/FilesSharingAppContext.php
@@ -137,7 +137,7 @@ class FilesSharingAppContext implements Context, ActorAwareInterface {
 	 */
 	public function iSeeThatTheCurrentPageIsTheAuthenticatePageForTheSharedLinkIWroteDown() {
 		PHPUnit_Framework_Assert::assertEquals(
-				$this->actor->getSharedNotebook()["shared link"] . "/authenticate/preview",
+				$this->actor->getSharedNotebook()["shared link"] . "/authenticate/showShare",
 				$this->actor->getSession()->getCurrentUrl());
 	}
 
@@ -146,7 +146,7 @@ class FilesSharingAppContext implements Context, ActorAwareInterface {
 	 */
 	public function iSeeThatTheCurrentPageIsTheAuthenticatePageForTheDirectDownloadSharedLinkIWroteDown() {
 		PHPUnit_Framework_Assert::assertEquals(
-				$this->actor->getSharedNotebook()["shared link"] . "/authenticate/download",
+				$this->actor->getSharedNotebook()["shared link"] . "/authenticate/downloadShare",
 				$this->actor->getSession()->getCurrentUrl());
 	}
 
diff --git a/tests/lib/AppFramework/Controller/AuthPublicShareControllerTest.php b/tests/lib/AppFramework/Controller/AuthPublicShareControllerTest.php
new file mode 100644
index 00000000000..169ec82ce6d
--- /dev/null
+++ b/tests/lib/AppFramework/Controller/AuthPublicShareControllerTest.php
@@ -0,0 +1,159 @@
+<?php
+/**
+ * @copyright 2018, Roeland Jago Douma <roeland@famdouma.nl>
+ *
+ * @author Roeland Jago Douma <roeland@famdouma.nl>
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+namespace Test\AppFramework\Controller;
+
+use OC\AppFramework\Middleware\PublicShare\Exceptions\NeedAuthenticationException;
+use OC\AppFramework\Middleware\PublicShare\PublicShareMiddleware;
+use OCP\AppFramework\AuthPublicShareController;
+use OCP\AppFramework\Controller;
+use OCP\AppFramework\Http\NotFoundResponse;
+use OCP\AppFramework\Http\RedirectResponse;
+use OCP\AppFramework\Http\TemplateResponse;
+use OCP\AppFramework\PublicShareController;
+use OCP\Files\NotFoundException;
+use OCP\IConfig;
+use OCP\IRequest;
+use OCP\ISession;
+use OCP\IURLGenerator;
+
+class AuthPublicShareControllerTest extends \Test\TestCase {
+
+	/** @var IRequest|\PHPUnit_Framework_MockObject_MockObject */
+	private $request;
+	/** @var ISession|\PHPUnit_Framework_MockObject_MockObject */
+	private $session;
+	/** @var IURLGenerator|\PHPUnit_Framework_MockObject_MockObject */
+	private $urlGenerator;
+
+	/** @var AuthPublicShareController|\PHPUnit_Framework_MockObject_MockObject */
+	private $controller;
+
+
+	protected function setUp() {
+		parent::setUp();
+
+		$this->request = $this->createMock(IRequest::class);
+		$this->session = $this->createMock(ISession::class);
+		$this->urlGenerator = $this->createMock(IURLGenerator::class);
+
+		$this->controller = $this->getMockBuilder(AuthPublicShareController::class)
+			->setConstructorArgs([
+				'app',
+				$this->request,
+				$this->session,
+				$this->urlGenerator
+			])->setMethods([
+				'authFailed',
+				'getPasswordHash',
+				'isAuthenticated',
+				'isPasswordProtected',
+				'isValidToken',
+				'showShare',
+				'verifyPassword'
+			])->getMock();
+	}
+
+	public function testShowAuthenticate() {
+		$expects = new TemplateResponse('core', 'publicshareauth', [], 'guest');
+
+		$this->assertEquals($expects, $this->controller->showAuthenticate());
+	}
+
+	public function testAuthenticateAuthenticated() {
+		$this->controller->method('isAuthenticated')
+			->willReturn(true);
+
+		$this->controller->setToken('myToken');
+
+		$this->session->method('get')
+			->willReturnMap(['public_link_authenticate_redirect', ['foo' => 'bar']]);
+
+		$this->urlGenerator->method('linkToRoute')
+			->willReturn('myLink!');
+
+		$result = $this->controller->authenticate('password');
+		$this->assertInstanceOf(RedirectResponse::class, $result);
+		$this->assertSame('myLink!', $result->getRedirectURL());
+	}
+
+	public function testAuthenticateInvalidPassword() {
+		$this->controller->setToken('token');
+		$this->controller->method('isPasswordProtected')
+			->willReturn(true);
+
+		$this->controller->method('verifyPassword')
+			->with('password')
+			->willReturn(false);
+
+		$this->controller->expects($this->once())
+			->method('authFailed');
+
+		$expects = new TemplateResponse('core', 'publicshareauth', ['wrongpw' => true], 'guest');
+		$expects->throttle();
+
+		$result = $this->controller->authenticate('password');
+
+		$this->assertEquals($expects, $result);
+	}
+
+	public function testAuthenticateValidPassword() {
+		$this->controller->setToken('token');
+		$this->controller->method('isPasswordProtected')
+			->willReturn(true);
+		$this->controller->method('verifyPassword')
+			->with('password')
+			->willReturn(true);
+		$this->controller->method('getPasswordHash')
+			->willReturn('hash');
+
+		$this->session->expects($this->once())
+			->method('regenerateId');
+		$this->session->method('get')
+			->willReturnMap(['public_link_authenticate_redirect', ['foo' => 'bar']]);
+
+		$tokenSet = false;
+		$hashSet = false;
+		$this->session
+			->method('set')
+			->will($this->returnCallback(function($key, $value) use (&$tokenSet, &$hashSet) {
+				if ($key === 'public_link_authenticated_token' && $value === 'token') {
+					$tokenSet = true;
+					return true;
+				}
+				if ($key === 'public_link_authenticated_password_hash' && $value === 'hash') {
+					$hashSet = true;
+					return true;
+				}
+				return false;
+			}));
+
+		$this->urlGenerator->method('linkToRoute')
+			->willReturn('myLink!');
+
+		$result = $this->controller->authenticate('password');
+		$this->assertInstanceOf(RedirectResponse::class, $result);
+		$this->assertSame('myLink!', $result->getRedirectURL());
+		$this->assertTrue($tokenSet);
+		$this->assertTrue($hashSet);
+	}
+}
diff --git a/tests/lib/AppFramework/Controller/PublicShareControllerTest.php b/tests/lib/AppFramework/Controller/PublicShareControllerTest.php
new file mode 100644
index 00000000000..eff7563cc4f
--- /dev/null
+++ b/tests/lib/AppFramework/Controller/PublicShareControllerTest.php
@@ -0,0 +1,102 @@
+<?php
+/**
+ * @copyright 2018, Roeland Jago Douma <roeland@famdouma.nl>
+ *
+ * @author Roeland Jago Douma <roeland@famdouma.nl>
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+namespace Test\AppFramework\Controller;
+
+use OC\AppFramework\Middleware\PublicShare\Exceptions\NeedAuthenticationException;
+use OC\AppFramework\Middleware\PublicShare\PublicShareMiddleware;
+use OCP\AppFramework\AuthPublicShareController;
+use OCP\AppFramework\Controller;
+use OCP\AppFramework\Http\NotFoundResponse;
+use OCP\AppFramework\Http\RedirectResponse;
+use OCP\AppFramework\PublicShareController;
+use OCP\Files\NotFoundException;
+use OCP\IConfig;
+use OCP\IRequest;
+use OCP\ISession;
+use OCP\IURLGenerator;
+
+
+class PublicShareControllerTest extends \Test\TestCase {
+
+	/** @var IRequest|\PHPUnit_Framework_MockObject_MockObject */
+	private $request;
+	/** @var ISession|\PHPUnit_Framework_MockObject_MockObject */
+	private $session;
+
+	/** @var PublicShareController|\PHPUnit_Framework_MockObject_MockObject */
+	private $controller;
+
+
+	protected function setUp() {
+		parent::setUp();
+
+		$this->request = $this->createMock(IRequest::class);
+		$this->session = $this->createMock(ISession::class);
+
+		$this->controller = $this->getMockBuilder(PublicShareController::class)
+			->setConstructorArgs([
+				'app',
+				$this->request,
+				$this->session
+			])->getMock();
+	}
+
+	public function testGetToken() {
+		$this->controller->setToken('test');
+		$this->assertEquals('test', $this->controller->getToken());
+	}
+
+	public function dataIsAuthenticated() {
+		return [
+			[false, 'token1', 'token1', 'hash1', 'hash1',  true],
+			[false, 'token1', 'token1', 'hash1', 'hash2',  true],
+			[false, 'token1', 'token2', 'hash1', 'hash1',  true],
+			[false, 'token1', 'token2', 'hash1', 'hash2',  true],
+			[ true, 'token1', 'token1', 'hash1', 'hash1',  true],
+			[ true, 'token1', 'token1', 'hash1', 'hash2', false],
+			[ true, 'token1', 'token2', 'hash1', 'hash1', false],
+			[ true, 'token1', 'token2', 'hash1', 'hash2', false],
+		];
+	}
+
+	/**
+	 * @dataProvider dataIsAuthenticated
+	 */
+	public function testIsAuthenticatedNotPasswordProtected(bool $protected, string $token1, string $token2, string $hash1, string $hash2, bool $expected) {
+		$this->controller->method('isPasswordProtected')
+			->willReturn($protected);
+
+		$this->session->method('get')
+			->willReturnMap([
+				['public_link_authenticated_token', $token1],
+				['public_link_authenticated_password_hash', $hash1],
+			]);
+
+		$this->controller->setToken($token2);
+		$this->controller->method('getPasswordHash')
+			->willReturn($hash2);
+
+		$this->assertEquals($expected, $this->controller->isAuthenticated());
+	}
+
+}
diff --git a/tests/lib/AppFramework/Middleware/PublicShare/PublicShareMiddlewareTest.php b/tests/lib/AppFramework/Middleware/PublicShare/PublicShareMiddlewareTest.php
new file mode 100644
index 00000000000..de610100c2a
--- /dev/null
+++ b/tests/lib/AppFramework/Middleware/PublicShare/PublicShareMiddlewareTest.php
@@ -0,0 +1,287 @@
+<?php
+/**
+ * @copyright 2018, Roeland Jago Douma <roeland@famdouma.nl>
+ *
+ * @author Roeland Jago Douma <roeland@famdouma.nl>
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+namespace Test\AppFramework\Middleware\PublicShare;
+
+use OC\AppFramework\Middleware\PublicShare\Exceptions\NeedAuthenticationException;
+use OC\AppFramework\Middleware\PublicShare\PublicShareMiddleware;
+use OCP\AppFramework\AuthPublicShareController;
+use OCP\AppFramework\Controller;
+use OCP\AppFramework\Http\NotFoundResponse;
+use OCP\AppFramework\Http\RedirectResponse;
+use OCP\AppFramework\PublicShareController;
+use OCP\Files\NotFoundException;
+use OCP\IConfig;
+use OCP\IRequest;
+use OCP\ISession;
+use OCP\IURLGenerator;
+
+
+class PublicShareMiddlewareTest extends \Test\TestCase {
+
+	/** @var IRequest|\PHPUnit_Framework_MockObject_MockObject */
+	private $request;
+	/** @var ISession|\PHPUnit_Framework_MockObject_MockObject */
+	private $session;
+	/** @var IConfig|\PHPUnit_Framework_MockObject_MockObject */
+	private $config;
+
+	/** @var PublicShareMiddleware */
+	private $middleware;
+
+
+	protected function setUp() {
+		parent::setUp();
+
+		$this->request = $this->createMock(IRequest::class);
+		$this->session = $this->createMock(ISession::class);
+		$this->config = $this->createMock(IConfig::class);
+
+		$this->middleware = new PublicShareMiddleware(
+			$this->request,
+			$this->session,
+			$this->config
+		);
+	}
+
+	public function testBeforeControllerNoPublicShareController() {
+		$controller = $this->createMock(Controller::class);
+
+		$this->middleware->beforeController($controller, 'method');
+		$this->assertTrue(true);
+	}
+
+	public function dataShareApi() {
+		return [
+			['no', 'no',],
+			['no', 'yes',],
+			['yes', 'no',],
+		];
+	}
+
+	/**
+	 * @dataProvider dataShareApi
+	 */
+	public function testBeforeControllerShareApiDisabled(string $shareApi, string $shareLinks) {
+		$controller = $this->createMock(PublicShareController::class);
+
+		$this->config->method('getAppValue')
+			->willReturnMap([
+				['core', 'shareapi_enabled', 'yes', $shareApi],
+				['core', 'shareapi_allow_links', 'yes', $shareLinks],
+			]);
+
+		$this->expectException(NotFoundException::class);
+		$this->middleware->beforeController($controller, 'mehod');
+	}
+
+	public function testBeforeControllerNoTokenParam() {
+		$controller = $this->createMock(PublicShareController::class);
+
+		$this->config->method('getAppValue')
+			->willReturnMap([
+				['core', 'shareapi_enabled', 'yes', 'yes'],
+				['core', 'shareapi_allow_links', 'yes', 'yes'],
+			]);
+
+		$this->expectException(NotFoundException::class);
+		$this->middleware->beforeController($controller, 'mehod');
+	}
+
+	public function testBeforeControllerInvalidToken() {
+		$controller = $this->createMock(PublicShareController::class);
+
+		$this->config->method('getAppValue')
+			->willReturnMap([
+				['core', 'shareapi_enabled', 'yes', 'yes'],
+				['core', 'shareapi_allow_links', 'yes', 'yes'],
+			]);
+
+		$this->request->method('getParam')
+			->with('token', null)
+			->willReturn('myToken');
+
+		$controller->method('isValidToken')
+			->willReturn(false);
+		$controller->expects($this->once())
+			->method('shareNotFound');
+
+		$this->expectException(NotFoundException::class);
+		$this->middleware->beforeController($controller, 'mehod');
+	}
+
+	public function testBeforeControllerValidTokenNotAuthenticated() {
+		$controller = $this->getMockBuilder(PublicShareController::class)
+			->setConstructorArgs(['app', $this->request, $this->session])
+			->getMock();
+
+		$this->config->method('getAppValue')
+			->willReturnMap([
+				['core', 'shareapi_enabled', 'yes', 'yes'],
+				['core', 'shareapi_allow_links', 'yes', 'yes'],
+			]);
+
+		$this->request->method('getParam')
+			->with('token', null)
+			->willReturn('myToken');
+
+		$controller->method('isValidToken')
+			->willReturn(true);
+
+		$controller->method('isPasswordProtected')
+			->willReturn(true);
+
+		$this->expectException(NotFoundException::class);
+		$this->middleware->beforeController($controller, 'mehod');
+	}
+
+	public function testBeforeControllerValidTokenAuthenticateMethod() {
+		$controller = $this->getMockBuilder(PublicShareController::class)
+			->setConstructorArgs(['app', $this->request, $this->session])
+			->getMock();
+
+		$this->config->method('getAppValue')
+			->willReturnMap([
+				['core', 'shareapi_enabled', 'yes', 'yes'],
+				['core', 'shareapi_allow_links', 'yes', 'yes'],
+			]);
+
+		$this->request->method('getParam')
+			->with('token', null)
+			->willReturn('myToken');
+
+		$controller->method('isValidToken')
+			->willReturn(true);
+
+		$controller->method('isPasswordProtected')
+			->willReturn(true);
+
+		$this->middleware->beforeController($controller, 'authenticate');
+		$this->assertTrue(true);
+	}
+
+	public function testBeforeControllerValidTokenShowAuthenticateMethod() {
+		$controller = $this->getMockBuilder(PublicShareController::class)
+			->setConstructorArgs(['app', $this->request, $this->session])
+			->getMock();
+
+		$this->config->method('getAppValue')
+			->willReturnMap([
+				['core', 'shareapi_enabled', 'yes', 'yes'],
+				['core', 'shareapi_allow_links', 'yes', 'yes'],
+			]);
+
+		$this->request->method('getParam')
+			->with('token', null)
+			->willReturn('myToken');
+
+		$controller->method('isValidToken')
+			->willReturn(true);
+
+		$controller->method('isPasswordProtected')
+			->willReturn(true);
+
+		$this->middleware->beforeController($controller, 'showAuthenticate');
+		$this->assertTrue(true);
+	}
+
+	public function testBeforeControllerAuthPublicShareController() {
+		$controller = $this->getMockBuilder(AuthPublicShareController::class)
+			->setConstructorArgs(['app', $this->request, $this->session, $this->createMock(IURLGenerator::class)])
+			->getMock();
+
+		$this->config->method('getAppValue')
+			->willReturnMap([
+				['core', 'shareapi_enabled', 'yes', 'yes'],
+				['core', 'shareapi_allow_links', 'yes', 'yes'],
+			]);
+
+		$this->request->method('getParam')
+			->with('token', null)
+			->willReturn('myToken');
+
+		$controller->method('isValidToken')
+			->willReturn(true);
+
+		$controller->method('isPasswordProtected')
+			->willReturn(true);
+
+		$this->session->expects($this->once())
+			->method('set')
+			->with('public_link_authenticate_redirect', '[]');
+
+		$this->expectException(NeedAuthenticationException::class);
+		$this->middleware->beforeController($controller, 'method');
+	}
+
+	public function testAfterExceptionNoPublicShareController() {
+		$controller = $this->createMock(Controller::class);
+		$exception = new \Exception();
+
+		try {
+			$this->middleware->afterException($controller, 'method', $exception);
+		} catch (\Exception $e) {
+			$this->assertEquals($exception, $e);
+		}
+	}
+
+	public function testAfterExceptionPublicShareControllerNotFoundException() {
+		$controller = $this->createMock(PublicShareController::class);
+		$exception = new NotFoundException();
+
+		$result = $this->middleware->afterException($controller, 'method', $exception);
+		$this->assertInstanceOf(NotFoundResponse::class, $result);
+	}
+
+	public function testAfterExceptionPublicShareController() {
+		$controller = $this->createMock(PublicShareController::class);
+		$exception = new \Exception();
+
+		try {
+			$this->middleware->afterException($controller, 'method', $exception);
+		} catch (\Exception $e) {
+			$this->assertEquals($exception, $e);
+		}
+	}
+
+	public function testAfterExceptionAuthPublicShareController() {
+		$controller = $this->getMockBuilder(AuthPublicShareController::class)
+			->setConstructorArgs([
+				'app',
+				$this->request,
+				$this->session,
+				$this->createMock(IURLGenerator::class),
+			])->getMock();
+		$controller->setToken('token');
+
+		$exception = new NeedAuthenticationException();
+
+		$this->request->method('getParam')
+			->with('_route')
+			->willReturn('my.route');
+
+		$result = $this->middleware->afterException($controller, 'method', $exception);
+		$this->assertInstanceOf(RedirectResponse::class, $result);
+	}
+
+
+}