diff options
| -rw-r--r-- | core/Controller/TokenController.php | 6 | ||||
| -rw-r--r-- | tests/core/controller/TokenControllerTest.php | 90 | ||||
| -rw-r--r-- | tests/lib/authentication/token/defaulttokencleanupjobtest.php | 55 | ||||
| -rw-r--r-- | tests/lib/authentication/token/defaulttokenmappertest.php | 131 | ||||
| -rw-r--r-- | tests/lib/authentication/token/defaulttokenprovidertest.php | 162 |
5 files changed, 441 insertions, 3 deletions
diff --git a/core/Controller/TokenController.php b/core/Controller/TokenController.php index d1d7b50d084..db48ea27b99 100644 --- a/core/Controller/TokenController.php +++ b/core/Controller/TokenController.php @@ -47,14 +47,14 @@ class TokenController extends Controller { * @param IRequest $request * @param Manager $userManager * @param DefaultTokenProvider $tokenProvider - * @param ISecureRandom $crypto + * @param ISecureRandom $secureRandom */ public function __construct($appName, IRequest $request, Manager $userManager, DefaultTokenProvider $tokenProvider, - ISecureRandom $crypto) { + ISecureRandom $secureRandom) { parent::__construct($appName, $request); $this->userManager = $userManager; $this->tokenProvider = $tokenProvider; - $this->secureRandom = $crypto; + $this->secureRandom = $secureRandom; } /** diff --git a/tests/core/controller/TokenControllerTest.php b/tests/core/controller/TokenControllerTest.php new file mode 100644 index 00000000000..11ba3bc0532 --- /dev/null +++ b/tests/core/controller/TokenControllerTest.php @@ -0,0 +1,90 @@ +<?php + +/** + * @author Christoph Wurst <christoph@owncloud.com> + * + * @copyright Copyright (c) 2016, ownCloud, Inc. + * @license AGPL-3.0 + * + * This code is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License, version 3, + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License, version 3, + * along with this program. If not, see <http://www.gnu.org/licenses/> + * + */ + +namespace OC\Core\Controller; + +use OC\AppFramework\Http; +use OCP\AppFramework\Http\Response; +use Test\TestCase; + +class TokenControllerTest extends TestCase { + + /** \OC\Core\Controller\TokenController */ + private $tokenController; + private $request; + private $userManager; + private $tokenProvider; + private $secureRandom; + + protected function setUp() { + parent::setUp(); + + $this->request = $this->getMock('\OCP\IRequest'); + $this->userManager = $this->getMockWithoutInvokingTheOriginalConstructor('\OC\User\Manager'); + $this->tokenProvider = $this->getMockWithoutInvokingTheOriginalConstructor('\OC\Authentication\Token\DefaultTokenProvider'); + $this->secureRandom = $this->getMock('\OCP\Security\ISecureRandom'); + + $this->tokenController = new TokenController('core', $this->request, $this->userManager, $this->tokenProvider, + $this->secureRandom); + } + + public function testWithoutCredentials() { + $expected = new Response(); + $expected->setStatus(Http::STATUS_UNPROCESSABLE_ENTITY); + + $actual = $this->tokenController->generateToken(null, null); + + $this->assertEquals($expected, $actual); + } + + public function testWithInvalidCredentials() { + $this->userManager->expects($this->once()) + ->method('checkPassword') + ->with('john', 'passme') + ->will($this->returnValue(false)); + $expected = new Response(); + $expected->setStatus(Http::STATUS_UNAUTHORIZED); + + $actual = $this->tokenController->generateToken('john', 'passme'); + + $this->assertEquals($expected, $actual); + } + + public function testWithValidCredentials() { + $this->userManager->expects($this->once()) + ->method('checkPassword') + ->with('john', '123456') + ->will($this->returnValue(true)); + $this->secureRandom->expects($this->once()) + ->method('generate') + ->with(128) + ->will($this->returnValue('verysecurerandomtoken')); + $expected = [ + 'token' => 'verysecurerandomtoken' + ]; + + $actual = $this->tokenController->generateToken('john', '123456'); + + $this->assertEquals($expected, $actual); + } + +} diff --git a/tests/lib/authentication/token/defaulttokencleanupjobtest.php b/tests/lib/authentication/token/defaulttokencleanupjobtest.php new file mode 100644 index 00000000000..53cab00df31 --- /dev/null +++ b/tests/lib/authentication/token/defaulttokencleanupjobtest.php @@ -0,0 +1,55 @@ +<?php + +/** + * @author Christoph Wurst <christoph@owncloud.com> + * + * @copyright Copyright (c) 2016, ownCloud, Inc. + * @license AGPL-3.0 + * + * This code is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License, version 3, + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License, version 3, + * along with this program. If not, see <http://www.gnu.org/licenses/> + * + */ + +namespace Test\Authentication\Token; + +use OC\Authentication\Token\DefaultTokenCleanupJob; +use Test\TestCase; + +class DefaultTokenCleanupJobTest extends TestCase { + + /** @var DefaultTokenCleanupJob */ + private $job; + private $tokenProvider; + + protected function setUp() { + parent::setUp(); + + $this->tokenProvider = $this->getMockWithoutInvokingTheOriginalConstructor('\OC\Authentication\Token\DefaultTokenProvider'); + $this->overwriteService('\OC\Authentication\Token\DefaultTokenProvider', $this->tokenProvider); + $this->job = new DefaultTokenCleanupJob(); + } + + protected function tearDown() { + parent::tearDown(); + + $this->restoreService('\OC\Authentication\Token\DefaultTokenProvider'); + } + + public function testRun() { + $this->tokenProvider->expects($this->once()) + ->method('invalidateOldTokens') + ->with(); + $this->invokePrivate($this->job, 'run', [null]); + } + +} diff --git a/tests/lib/authentication/token/defaulttokenmappertest.php b/tests/lib/authentication/token/defaulttokenmappertest.php new file mode 100644 index 00000000000..1f0fdc160e9 --- /dev/null +++ b/tests/lib/authentication/token/defaulttokenmappertest.php @@ -0,0 +1,131 @@ +<?php + +/** + * @author Christoph Wurst <christoph@owncloud.com> + * + * @copyright Copyright (c) 2016, ownCloud, Inc. + * @license AGPL-3.0 + * + * This code is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License, version 3, + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License, version 3, + * along with this program. If not, see <http://www.gnu.org/licenses/> + * + */ + +namespace Test\Authentication\Token; + +use OC; +use OC\Authentication\Token\DefaultTokenMapper; +use OCP\DB\QueryBuilder\IQueryBuilder; +use Test\TestCase; + +/** + * Class DefaultTokenMapperTest + * + * @group DB + * @package Test\Authentication + */ +class DefaultTokenMapperTest extends TestCase { + + /** @var DefaultTokenMapper */ + private $mapper; + private $dbConnection; + + protected function setUp() { + parent::setUp(); + + $this->dbConnection = \OC::$server->getDatabaseConnection(); + $this->resetDatabase(); + + $this->mapper = new DefaultTokenMapper($this->dbConnection); + } + + private function resetDatabase() { + $qb = $this->dbConnection->getQueryBuilder(); + $qb->delete('authtoken')->execute(); + $qb->insert('authtoken')->values([ + 'uid' => $qb->createNamedParameter('user1'), + 'password' => $qb->createNamedParameter('a75c7116460c082912d8f6860a850904|3nz5qbG1nNSLLi6V|c55365a0e54cfdfac4a175bcf11a7612aea74492277bba6e5d96a24497fa9272488787cb2f3ad34d8b9b8060934fce02f008d371df3ff3848f4aa61944851ff0'), + 'name' => $qb->createNamedParameter('Firefox on Linux'), + 'token' => $qb->createNamedParameter('9c5a2e661482b65597408a6bb6c4a3d1af36337381872ac56e445a06cdb7fea2b1039db707545c11027a4966919918b19d875a8b774840b18c6cbb7ae56fe206'), + 'type' => $qb->createNamedParameter(OC\Authentication\Token\IToken::TEMPORARY_TOKEN), + 'last_activity' => $qb->createNamedParameter(time() - 120, IQueryBuilder::PARAM_INT), // Two minutes ago + ])->execute(); + $qb->insert('authtoken')->values([ + 'uid' => $qb->createNamedParameter('user2'), + 'password' => $qb->createNamedParameter('971a337057853344700bbeccf836519f|UwOQwyb34sJHtqPV|036d4890f8c21d17bbc7b88072d8ef049a5c832a38e97f3e3d5f9186e896c2593aee16883f617322fa242728d0236ff32d163caeb4bd45e14ca002c57a88665f'), + 'name' => $qb->createNamedParameter('Firefox on Android'), + 'token' => $qb->createNamedParameter('1504445f1524fc801035448a95681a9378ba2e83930c814546c56e5d6ebde221198792fd900c88ed5ead0555780dad1ebce3370d7e154941cd5de87eb419899b'), + 'type' => $qb->createNamedParameter(OC\Authentication\Token\IToken::TEMPORARY_TOKEN), + 'last_activity' => $qb->createNamedParameter(time() - 60 * 60 * 24 * 3, IQueryBuilder::PARAM_INT), // Three days ago + ])->execute(); + $qb->insert('authtoken')->values([ + 'uid' => $qb->createNamedParameter('user1'), + 'password' => $qb->createNamedParameter('063de945d6f6b26862d9b6f40652f2d5|DZ/z520tfdXPtd0T|395f6b89be8d9d605e409e20b9d9abe477fde1be38a3223f9e508f979bf906e50d9eaa4dca983ca4fb22a241eb696c3f98654e7775f78c4caf13108f98642b53'), + 'name' => $qb->createNamedParameter('Iceweasel on Linux'), + 'token' => $qb->createNamedParameter('47af8697ba590fb82579b5f1b3b6e8066773a62100abbe0db09a289a62f5d980dc300fa3d98b01d7228468d1ab05c1aa14c8d14bd5b6eee9cdf1ac14864680c3'), + 'type' => $qb->createNamedParameter(OC\Authentication\Token\IToken::TEMPORARY_TOKEN), + 'last_activity' => $qb->createNamedParameter(time() - 120, IQueryBuilder::PARAM_INT), // Two minutes ago + ])->execute(); + } + + private function getNumberOfTokens() { + $qb = $this->dbConnection->getQueryBuilder(); + $result = $qb->select($qb->createFunction('COUNT(*)')) + ->from('authtoken') + ->execute() + ->fetch(); + print_r($result); + return (int) $result['COUNT(*)']; + } + + public function testInvalidate() { + $token = '9c5a2e661482b65597408a6bb6c4a3d1af36337381872ac56e445a06cdb7fea2b1039db707545c11027a4966919918b19d875a8b774840b18c6cbb7ae56fe206'; + + $this->mapper->invalidate($token); + + $this->assertSame(2, $this->getNumberOfTokens()); + } + + public function testInvalidateInvalid() { + $token = 'youwontfindthisoneinthedatabase'; + + $this->mapper->invalidate($token); + + $this->assertSame(3, $this->getNumberOfTokens()); + } + + public function testInvalidateOld() { + $olderThan = time() - 60 * 60; // One hour + + $this->mapper->invalidateOld($olderThan); + + $this->assertSame(2, $this->getNumberOfTokens()); + } + + public function testGetToken() { + $token = '1504445f1524fc801035448a95681a9378ba2e83930c814546c56e5d6ebde221198792fd900c88ed5ead0555780dad1ebce3370d7e154941cd5de87eb419899b'; + + $dbToken = $this->mapper->getToken($token); + + $this->assertNotNull($dbToken); + } + + /** + * @expectedException \OCP\AppFramework\Db\DoesNotExistException + */ + public function testGetInvalidToken() { + $token = 'thisisaninvalidtokenthatisnotinthedatabase'; + + $this->mapper->getToken($token); + } + +} diff --git a/tests/lib/authentication/token/defaulttokenprovidertest.php b/tests/lib/authentication/token/defaulttokenprovidertest.php new file mode 100644 index 00000000000..47bddffa011 --- /dev/null +++ b/tests/lib/authentication/token/defaulttokenprovidertest.php @@ -0,0 +1,162 @@ +<?php + +/** + * @author Christoph Wurst <christoph@owncloud.com> + * + * @copyright Copyright (c) 2016, ownCloud, Inc. + * @license AGPL-3.0 + * + * This code is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License, version 3, + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License, version 3, + * along with this program. If not, see <http://www.gnu.org/licenses/> + * + */ + +namespace Test\Authentication\Token; + +use OC\Authentication\Token\DefaultToken; +use OC\Authentication\Token\DefaultTokenProvider; +use OC\Authentication\Token\IToken; +use OCP\AppFramework\Db\DoesNotExistException; +use Test\TestCase; + +class DefaultTokenProviderTest extends TestCase { + + /** @var DefaultTokenProvider */ + private $tokenProvider; + private $mapper; + private $crypto; + private $config; + private $logger; + + protected function setUp() { + parent::setUp(); + + $this->mapper = $this->getMockWithoutInvokingTheOriginalConstructor('\OC\Authentication\Token\DefaultTokenMapper'); + $this->crypto = $this->getMock('\OCP\Security\ICrypto'); + $this->config = $this->getMock('\OCP\IConfig'); + $this->logger = $this->getMock('\OCP\ILogger'); + + $this->tokenProvider = new DefaultTokenProvider($this->mapper, $this->crypto, $this->config, $this->logger); + } + + public function testGenerateToken() { + $token = 'token'; + $uid = 'user'; + $password = 'passme'; + $name = 'Some browser'; + $type = IToken::PERMANENT_TOKEN; + + $toInsert = new DefaultToken(); + $toInsert->setUid($uid); + $toInsert->setPassword('encryptedpassword'); + $toInsert->setName($name); + $toInsert->setToken(hash('sha512', $token)); + $toInsert->setType($type); + $toInsert->setLastActivity(time()); + + $this->config->expects($this->once()) + ->method('getSystemValue') + ->with('secret') + ->will($this->returnValue('1f4h9s')); + $this->crypto->expects($this->once()) + ->method('encrypt') + ->with($password, $token . '1f4h9s') + ->will($this->returnValue('encryptedpassword')); + $this->mapper->expects($this->once()) + ->method('insert') + ->with($this->equalTo($toInsert)); + + $actual = $this->tokenProvider->generateToken($token, $uid, $password, $name, $type); + + $this->assertEquals($toInsert, $actual); + } + + public function testUpdateToken() { + $tk = $this->getMockWithoutInvokingTheOriginalConstructor('\OC\Authentication\Token\DefaultTokenProvider'); + $tk->expects($this->once()) + ->method('setLastActivity') + ->with(time()); + $this->mapper->expects($this->once()) + ->method('update') + ->with($tk); + + $this->tokenProvider->updateToken($tk); + } + + public function testGetPassword() { + $token = 'token1234'; + $tk = $this->getMockWithoutInvokingTheOriginalConstructor('\OC\Authentication\Token\DefaultToken'); + $tk->expects($this->once()) + ->method('getPassword') + ->will($this->returnValue('someencryptedvalue')); + $this->config->expects($this->once()) + ->method('getSystemValue') + ->with('secret') + ->will($this->returnValue('1f4h9s')); + $this->crypto->expects($this->once()) + ->method('decrypt') + ->with('someencryptedvalue', $token . '1f4h9s') + ->will($this->returnValue('passme')); + + $actual = $this->tokenProvider->getPassword($tk, $token); + + $this->assertEquals('passme', $actual); + } + + public function testInvalidateToken() { + $this->mapper->expects($this->once()) + ->method('invalidate') + ->with(hash('sha512', 'token7')); + + $this->tokenProvider->invalidateToken('token7'); + } + + public function testInvalidateOldTokens() { + $defaultSessionLifetime = 60 * 60 * 24; + $this->config->expects($this->once()) + ->method('getSystemValue') + ->with('session_lifetime', $defaultSessionLifetime) + ->will($this->returnValue(150)); + $this->mapper->expects($this->once()) + ->method('invalidateOld') + ->with(time() - 150); + + $this->tokenProvider->invalidateOldTokens(); + } + + public function testValidateToken() { + $token = 'sometoken'; + $dbToken = new DefaultToken(); + $this->mapper->expects($this->once()) + ->method('getToken') + ->with(hash('sha512', $token)) + ->will($this->returnValue($dbToken)); + + $actual = $this->tokenProvider->validateToken($token); + + $this->assertEquals($dbToken, $actual); + } + + /** + * @expectedException \OC\Authentication\Exceptions\InvalidTokenException + */ + public function testValidateInvalidToken() { + $token = 'sometoken'; + $this->mapper->expects($this->once()) + ->method('getToken') + ->with(hash('sha512', $token)) + ->will($this->throwException(new DoesNotExistException(''))); + + $this->tokenProvider->validateToken($token); + } + +} |