summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--lib/private/appframework/http/request.php15
-rw-r--r--lib/private/server.php2
-rw-r--r--lib/private/util.php19
-rw-r--r--tests/lib/appframework/controller/ApiControllerTest.php1
-rw-r--r--tests/lib/appframework/controller/ControllerTest.php1
-rw-r--r--tests/lib/appframework/controller/OCSControllerTest.php4
-rw-r--r--tests/lib/appframework/dependencyinjection/DIContainerTest.php1
-rw-r--r--tests/lib/appframework/http/DispatcherTest.php6
-rw-r--r--tests/lib/appframework/http/RequestTest.php84
-rw-r--r--tests/lib/appframework/middleware/MiddlewareDispatcherTest.php1
-rw-r--r--tests/lib/appframework/middleware/MiddlewareTest.php1
-rw-r--r--tests/lib/appframework/middleware/security/CORSMiddlewareTest.php10
-rw-r--r--tests/lib/appframework/middleware/security/SecurityMiddlewareTest.php1
-rw-r--r--tests/lib/appframework/middleware/sessionmiddlewaretest.php1
-rw-r--r--tests/lib/util.php2
15 files changed, 22 insertions, 127 deletions
diff --git a/lib/private/appframework/http/request.php b/lib/private/appframework/http/request.php
index 77785135162..96620838dfb 100644
--- a/lib/private/appframework/http/request.php
+++ b/lib/private/appframework/http/request.php
@@ -88,20 +88,17 @@ class Request implements \ArrayAccess, \Countable, IRequest {
* - string 'method' the request method (GET, POST etc)
* - string|false 'requesttoken' the requesttoken or false when not available
* @param ISecureRandom $secureRandom
- * @param ICrypto $crypto
* @param IConfig $config
* @param string $stream
* @see http://www.php.net/manual/en/reserved.variables.php
*/
public function __construct(array $vars=array(),
ISecureRandom $secureRandom = null,
- ICrypto $crypto,
IConfig $config,
$stream='php://input') {
$this->inputStream = $stream;
$this->items['params'] = array();
$this->secureRandom = $secureRandom;
- $this->crypto = $crypto;
$this->config = $config;
if(!array_key_exists('method', $vars)) {
@@ -439,22 +436,18 @@ class Request implements \ArrayAccess, \Countable, IRequest {
return false;
}
- // Decrypt token to prevent BREACH like attacks
+ // Deobfuscate token to prevent BREACH like attacks
$token = explode(':', $token);
if (count($token) !== 2) {
return false;
}
- $encryptedToken = $token[0];
+ $obfuscatedToken = $token[0];
$secret = $token[1];
- try {
- $decryptedToken = $this->crypto->decrypt($encryptedToken, $secret);
- } catch (\Exception $e) {
- return false;
- }
+ $deobfuscatedToken = base64_decode($obfuscatedToken) ^ $secret;
// Check if the token is valid
- if(\OCP\Security\StringUtils::equals($decryptedToken, $this->items['requesttoken'])) {
+ if(\OCP\Security\StringUtils::equals($deobfuscatedToken, $this->items['requesttoken'])) {
return true;
} else {
return false;
diff --git a/lib/private/server.php b/lib/private/server.php
index 14fa323f74d..15ee3454d85 100644
--- a/lib/private/server.php
+++ b/lib/private/server.php
@@ -438,7 +438,6 @@ class Server extends SimpleContainer implements IServerContainer {
'requesttoken' => $requestToken,
],
$this->getSecureRandom(),
- $this->getCrypto(),
$this->getConfig(),
$stream
);
@@ -512,7 +511,6 @@ class Server extends SimpleContainer implements IServerContainer {
: null,
],
new SecureRandom(),
- $c->getCrypto(),
$c->getConfig()
);
diff --git a/lib/private/util.php b/lib/private/util.php
index 05f10aef1e0..e51edaf0ee3 100644
--- a/lib/private/util.php
+++ b/lib/private/util.php
@@ -1093,7 +1093,7 @@ class OC_Util {
return $id;
}
- protected static $encryptedToken;
+ protected static $obfuscatedToken;
/**
* Register an get/post call. Important to prevent CSRF attacks.
*
@@ -1107,24 +1107,27 @@ class OC_Util {
*/
public static function callRegister() {
// Use existing token if function has already been called
- if(isset(self::$encryptedToken)) {
- return self::$encryptedToken;
+ if(isset(self::$obfuscatedToken)) {
+ return self::$obfuscatedToken;
}
+ $tokenLength = 30;
+
// Check if a token exists
if (!\OC::$server->getSession()->exists('requesttoken')) {
// No valid token found, generate a new one.
- $requestToken = \OC::$server->getSecureRandom()->getMediumStrengthGenerator()->generate(30);
+ $requestToken = \OC::$server->getSecureRandom()->getMediumStrengthGenerator()->generate($tokenLength);
\OC::$server->getSession()->set('requesttoken', $requestToken);
} else {
// Valid token already exists, send it
$requestToken = \OC::$server->getSession()->get('requesttoken');
}
- // Encrypt the token to mitigate breach-like attacks
- $sharedSecret = \OC::$server->getSecureRandom()->getMediumStrengthGenerator()->generate(10);
- self::$encryptedToken = \OC::$server->getCrypto()->encrypt($requestToken, $sharedSecret) . ':' . $sharedSecret;
- return self::$encryptedToken;
+ // XOR the token to mitigate breach-like attacks
+ $sharedSecret = \OC::$server->getSecureRandom()->getMediumStrengthGenerator()->generate($tokenLength);
+ self::$obfuscatedToken = base64_encode($requestToken ^ $sharedSecret) .':'.$sharedSecret;
+
+ return self::$obfuscatedToken;
}
/**
diff --git a/tests/lib/appframework/controller/ApiControllerTest.php b/tests/lib/appframework/controller/ApiControllerTest.php
index 573fe7f3bad..137e5950f67 100644
--- a/tests/lib/appframework/controller/ApiControllerTest.php
+++ b/tests/lib/appframework/controller/ApiControllerTest.php
@@ -38,7 +38,6 @@ class ApiControllerTest extends \Test\TestCase {
$request = new Request(
['server' => ['HTTP_ORIGIN' => 'test']],
$this->getMock('\OCP\Security\ISecureRandom'),
- $this->getMock('\OCP\Security\ICrypto'),
$this->getMock('\OCP\IConfig')
);
$this->controller = new ChildApiController('app', $request, 'verbs',
diff --git a/tests/lib/appframework/controller/ControllerTest.php b/tests/lib/appframework/controller/ControllerTest.php
index c847525c263..1493c0c3175 100644
--- a/tests/lib/appframework/controller/ControllerTest.php
+++ b/tests/lib/appframework/controller/ControllerTest.php
@@ -76,7 +76,6 @@ class ControllerTest extends \Test\TestCase {
'method' => 'hi',
],
$this->getMock('\OCP\Security\ISecureRandom'),
- $this->getMock('\OCP\Security\ICrypto'),
$this->getMock('\OCP\IConfig')
);
diff --git a/tests/lib/appframework/controller/OCSControllerTest.php b/tests/lib/appframework/controller/OCSControllerTest.php
index 292a56e3caa..92b092cf0e9 100644
--- a/tests/lib/appframework/controller/OCSControllerTest.php
+++ b/tests/lib/appframework/controller/OCSControllerTest.php
@@ -43,7 +43,6 @@ class OCSControllerTest extends \Test\TestCase {
],
],
$this->getMock('\OCP\Security\ISecureRandom'),
- $this->getMock('\OCP\Security\ICrypto'),
$this->getMock('\OCP\IConfig')
);
$controller = new ChildOCSController('app', $request, 'verbs',
@@ -65,7 +64,6 @@ class OCSControllerTest extends \Test\TestCase {
$controller = new ChildOCSController('app', new Request(
[],
$this->getMock('\OCP\Security\ISecureRandom'),
- $this->getMock('\OCP\Security\ICrypto'),
$this->getMock('\OCP\IConfig')
));
$expected = "<?xml version=\"1.0\"?>\n" .
@@ -98,7 +96,6 @@ class OCSControllerTest extends \Test\TestCase {
$controller = new ChildOCSController('app', new Request(
[],
$this->getMock('\OCP\Security\ISecureRandom'),
- $this->getMock('\OCP\Security\ICrypto'),
$this->getMock('\OCP\IConfig')
));
$expected = "<?xml version=\"1.0\"?>\n" .
@@ -131,7 +128,6 @@ class OCSControllerTest extends \Test\TestCase {
$controller = new ChildOCSController('app', new Request(
[],
$this->getMock('\OCP\Security\ISecureRandom'),
- $this->getMock('\OCP\Security\ICrypto'),
$this->getMock('\OCP\IConfig')
));
$expected = '{"ocs":{"meta":{"status":"failure","statuscode":400,"message":"OK",' .
diff --git a/tests/lib/appframework/dependencyinjection/DIContainerTest.php b/tests/lib/appframework/dependencyinjection/DIContainerTest.php
index 598e70beffc..0cbdddbb205 100644
--- a/tests/lib/appframework/dependencyinjection/DIContainerTest.php
+++ b/tests/lib/appframework/dependencyinjection/DIContainerTest.php
@@ -74,7 +74,6 @@ class DIContainerTest extends \Test\TestCase {
$this->container['Request'] = new Request(
['method' => 'GET'],
$this->getMock('\OCP\Security\ISecureRandom'),
- $this->getMock('\OCP\Security\ICrypto'),
$this->getMock('\OCP\IConfig')
);
$security = $this->container['SecurityMiddleware'];
diff --git a/tests/lib/appframework/http/DispatcherTest.php b/tests/lib/appframework/http/DispatcherTest.php
index c25fd7b6f85..02c86df8e72 100644
--- a/tests/lib/appframework/http/DispatcherTest.php
+++ b/tests/lib/appframework/http/DispatcherTest.php
@@ -295,7 +295,6 @@ class DispatcherTest extends \Test\TestCase {
'method' => 'POST'
],
$this->getMock('\OCP\Security\ISecureRandom'),
- $this->getMock('\OCP\Security\ICrypto'),
$this->getMock('\OCP\IConfig')
);
$this->dispatcher = new Dispatcher(
@@ -323,7 +322,6 @@ class DispatcherTest extends \Test\TestCase {
'method' => 'POST',
],
$this->getMock('\OCP\Security\ISecureRandom'),
- $this->getMock('\OCP\Security\ICrypto'),
$this->getMock('\OCP\IConfig')
);
$this->dispatcher = new Dispatcher(
@@ -354,7 +352,6 @@ class DispatcherTest extends \Test\TestCase {
'method' => 'GET'
],
$this->getMock('\OCP\Security\ISecureRandom'),
- $this->getMock('\OCP\Security\ICrypto'),
$this->getMock('\OCP\IConfig')
);
$this->dispatcher = new Dispatcher(
@@ -384,7 +381,6 @@ class DispatcherTest extends \Test\TestCase {
'method' => 'GET'
],
$this->getMock('\OCP\Security\ISecureRandom'),
- $this->getMock('\OCP\Security\ICrypto'),
$this->getMock('\OCP\IConfig')
);
$this->dispatcher = new Dispatcher(
@@ -415,7 +411,6 @@ class DispatcherTest extends \Test\TestCase {
'method' => 'PUT'
],
$this->getMock('\OCP\Security\ISecureRandom'),
- $this->getMock('\OCP\Security\ICrypto'),
$this->getMock('\OCP\IConfig')
);
$this->dispatcher = new Dispatcher(
@@ -448,7 +443,6 @@ class DispatcherTest extends \Test\TestCase {
'method' => 'POST'
],
$this->getMock('\OCP\Security\ISecureRandom'),
- $this->getMock('\OCP\Security\ICrypto'),
$this->getMock('\OCP\IConfig')
);
$this->dispatcher = new Dispatcher(
diff --git a/tests/lib/appframework/http/RequestTest.php b/tests/lib/appframework/http/RequestTest.php
index bb9910b6a46..f628a30f1da 100644
--- a/tests/lib/appframework/http/RequestTest.php
+++ b/tests/lib/appframework/http/RequestTest.php
@@ -54,7 +54,6 @@ class RequestTest extends \Test\TestCase {
$request = new Request(
$vars,
$this->secureRandom,
- $this->getMock('\OCP\Security\ICrypto'),
$this->config,
$this->stream
);
@@ -87,7 +86,6 @@ class RequestTest extends \Test\TestCase {
$request = new Request(
$vars,
$this->secureRandom,
- $this->getMock('\OCP\Security\ICrypto'),
$this->config,
$this->stream
);
@@ -110,7 +108,6 @@ class RequestTest extends \Test\TestCase {
$request = new Request(
$vars,
$this->secureRandom,
- $this->getMock('\OCP\Security\ICrypto'),
$this->config,
$this->stream
);
@@ -130,7 +127,6 @@ class RequestTest extends \Test\TestCase {
$request = new Request(
$vars,
$this->secureRandom,
- $this->getMock('\OCP\Security\ICrypto'),
$this->config,
$this->stream
);
@@ -150,7 +146,6 @@ class RequestTest extends \Test\TestCase {
$request = new Request(
$vars,
$this->secureRandom,
- $this->getMock('\OCP\Security\ICrypto'),
$this->config,
$this->stream
);
@@ -167,7 +162,6 @@ class RequestTest extends \Test\TestCase {
$request = new Request(
$vars,
$this->secureRandom,
- $this->getMock('\OCP\Security\ICrypto'),
$this->config,
$this->stream
);
@@ -189,7 +183,6 @@ class RequestTest extends \Test\TestCase {
$request = new Request(
$vars,
$this->secureRandom,
- $this->getMock('\OCP\Security\ICrypto'),
$this->config,
$this->stream
);
@@ -213,7 +206,6 @@ class RequestTest extends \Test\TestCase {
$request = new Request(
$vars,
$this->secureRandom,
- $this->getMock('\OCP\Security\ICrypto'),
$this->config,
$this->stream
);
@@ -235,7 +227,6 @@ class RequestTest extends \Test\TestCase {
$request = new Request(
$vars,
$this->secureRandom,
- $this->getMock('\OCP\Security\ICrypto'),
$this->config,
$this->stream
);
@@ -260,7 +251,6 @@ class RequestTest extends \Test\TestCase {
$request = new Request(
$vars,
$this->secureRandom,
- $this->getMock('\OCP\Security\ICrypto'),
$this->config,
$this->stream
);
@@ -281,7 +271,6 @@ class RequestTest extends \Test\TestCase {
$request = new Request(
$vars,
$this->secureRandom,
- $this->getMock('\OCP\Security\ICrypto'),
$this->config,
$this->stream
);
@@ -306,7 +295,6 @@ class RequestTest extends \Test\TestCase {
$request = new Request(
$vars,
$this->secureRandom,
- $this->getMock('\OCP\Security\ICrypto'),
$this->config,
$this->stream
);
@@ -336,7 +324,6 @@ class RequestTest extends \Test\TestCase {
$request = new Request(
$vars,
$this->secureRandom,
- $this->getMock('\OCP\Security\ICrypto'),
$this->config,
$this->stream
);
@@ -358,7 +345,6 @@ class RequestTest extends \Test\TestCase {
$request = new Request(
$vars,
$this->secureRandom,
- $this->getMock('\OCP\Security\ICrypto'),
$this->config,
$this->stream
);
@@ -382,7 +368,6 @@ class RequestTest extends \Test\TestCase {
$request = new Request(
[],
$this->secureRandom,
- $this->getMock('\OCP\Security\ICrypto'),
$this->config,
$this->stream
);
@@ -394,7 +379,6 @@ class RequestTest extends \Test\TestCase {
$request = new Request(
[],
\OC::$server->getSecureRandom(),
- $this->getMock('\OCP\Security\ICrypto'),
$this->config,
$this->stream
);
@@ -419,7 +403,6 @@ class RequestTest extends \Test\TestCase {
],
],
$this->secureRandom,
- $this->getMock('\OCP\Security\ICrypto'),
$this->config,
$this->stream
);
@@ -448,7 +431,6 @@ class RequestTest extends \Test\TestCase {
],
],
$this->secureRandom,
- $this->getMock('\OCP\Security\ICrypto'),
$this->config,
$this->stream
);
@@ -477,7 +459,6 @@ class RequestTest extends \Test\TestCase {
],
],
$this->secureRandom,
- $this->getMock('\OCP\Security\ICrypto'),
$this->config,
$this->stream
);
@@ -510,7 +491,6 @@ class RequestTest extends \Test\TestCase {
],
],
$this->secureRandom,
- $this->getMock('\OCP\Security\ICrypto'),
$this->config,
$this->stream
);
@@ -561,7 +541,6 @@ class RequestTest extends \Test\TestCase {
],
],
$this->secureRandom,
- $this->getMock('\OCP\Security\ICrypto'),
$this->config,
$this->stream
);
@@ -589,7 +568,6 @@ class RequestTest extends \Test\TestCase {
$request = new Request(
[],
$this->secureRandom,
- $this->getMock('\OCP\Security\ICrypto'),
$this->config,
$this->stream
);
@@ -611,7 +589,6 @@ class RequestTest extends \Test\TestCase {
],
],
$this->secureRandom,
- $this->getMock('\OCP\Security\ICrypto'),
$this->config,
$this->stream
);
@@ -622,7 +599,6 @@ class RequestTest extends \Test\TestCase {
],
],
$this->secureRandom,
- $this->getMock('\OCP\Security\ICrypto'),
$this->config,
$this->stream
);
@@ -646,7 +622,6 @@ class RequestTest extends \Test\TestCase {
],
],
$this->secureRandom,
- $this->getMock('\OCP\Security\ICrypto'),
$this->config,
$this->stream
);
@@ -667,7 +642,6 @@ class RequestTest extends \Test\TestCase {
],
],
$this->secureRandom,
- $this->getMock('\OCP\Security\ICrypto'),
$this->config,
$this->stream
);
@@ -684,7 +658,6 @@ class RequestTest extends \Test\TestCase {
$request = new Request(
[],
$this->secureRandom,
- $this->getMock('\OCP\Security\ICrypto'),
$this->config,
$this->stream
);
@@ -705,7 +678,6 @@ class RequestTest extends \Test\TestCase {
],
],
$this->secureRandom,
- $this->getMock('\OCP\Security\ICrypto'),
$this->config,
$this->stream
);
@@ -727,7 +699,6 @@ class RequestTest extends \Test\TestCase {
]
],
$this->secureRandom,
- $this->getMock('\OCP\Security\ICrypto'),
$this->config,
$this->stream
);
@@ -816,7 +787,6 @@ class RequestTest extends \Test\TestCase {
]
],
$this->secureRandom,
- $this->getMock('\OCP\Security\ICrypto'),
$this->config,
$this->stream
);
@@ -833,7 +803,6 @@ class RequestTest extends \Test\TestCase {
]
],
$this->secureRandom,
- $this->getMock('\OCP\Security\ICrypto'),
$this->config,
$this->stream
);
@@ -851,7 +820,6 @@ class RequestTest extends \Test\TestCase {
]
],
$this->secureRandom,
- $this->getMock('\OCP\Security\ICrypto'),
$this->config,
$this->stream
);
@@ -869,7 +837,6 @@ class RequestTest extends \Test\TestCase {
]
],
$this->secureRandom,
- $this->getMock('\OCP\Security\ICrypto'),
$this->config,
$this->stream
);
@@ -897,7 +864,6 @@ class RequestTest extends \Test\TestCase {
$request = new Request(
[],
$this->secureRandom,
- $this->getMock('\OCP\Security\ICrypto'),
$this->config,
$this->stream
);
@@ -919,7 +885,6 @@ class RequestTest extends \Test\TestCase {
],
],
$this->secureRandom,
- $this->getMock('\OCP\Security\ICrypto'),
$this->config,
$this->stream
);
@@ -946,7 +911,6 @@ class RequestTest extends \Test\TestCase {
],
],
$this->secureRandom,
- $this->getMock('\OCP\Security\ICrypto'),
$this->config,
$this->stream
);
@@ -973,7 +937,6 @@ class RequestTest extends \Test\TestCase {
],
],
$this->secureRandom,
- $this->getMock('\OCP\Security\ICrypto'),
$this->config,
$this->stream
);
@@ -990,7 +953,6 @@ class RequestTest extends \Test\TestCase {
$request = new Request(
[],
$this->secureRandom,
- $this->getMock('\OCP\Security\ICrypto'),
$this->config,
$this->stream
);
@@ -1018,7 +980,6 @@ class RequestTest extends \Test\TestCase {
$request = new Request(
[],
$this->secureRandom,
- $this->getMock('\OCP\Security\ICrypto'),
$this->config,
$this->stream
);
@@ -1034,7 +995,6 @@ class RequestTest extends \Test\TestCase {
]
],
$this->secureRandom,
- $this->getMock('\OCP\Security\ICrypto'),
$this->config,
$this->stream
);
@@ -1055,7 +1015,6 @@ class RequestTest extends \Test\TestCase {
]
],
$this->secureRandom,
- $this->getMock('\OCP\Security\ICrypto'),
$this->config,
$this->stream
);
@@ -1076,7 +1035,6 @@ class RequestTest extends \Test\TestCase {
]
],
$this->secureRandom,
- $this->getMock('\OCP\Security\ICrypto'),
$this->config,
$this->stream
);
@@ -1099,7 +1057,6 @@ class RequestTest extends \Test\TestCase {
]
],
$this->secureRandom,
- $this->getMock('\OCP\Security\ICrypto'),
$this->config,
$this->stream
);
@@ -1122,7 +1079,6 @@ class RequestTest extends \Test\TestCase {
]
],
$this->secureRandom,
- $this->getMock('\OCP\Security\ICrypto'),
$this->config,
$this->stream
);
@@ -1145,7 +1101,6 @@ class RequestTest extends \Test\TestCase {
]
],
$this->secureRandom,
- $this->getMock('\OCP\Security\ICrypto'),
$this->config,
$this->stream
);
@@ -1168,7 +1123,6 @@ class RequestTest extends \Test\TestCase {
]
],
$this->secureRandom,
- $this->getMock('\OCP\Security\ICrypto'),
$this->config,
$this->stream
);
@@ -1223,7 +1177,6 @@ class RequestTest extends \Test\TestCase {
]
],
$this->secureRandom,
- $this->getMock('\OCP\Security\ICrypto'),
$this->config,
$this->stream
);
@@ -1263,7 +1216,6 @@ class RequestTest extends \Test\TestCase {
]
],
$this->secureRandom,
- $this->getMock('\OCP\Security\ICrypto'),
$this->config,
$this->stream
])
@@ -1277,25 +1229,17 @@ class RequestTest extends \Test\TestCase {
}
public function testPassesCSRFCheckWithGet() {
- $crypto = $this->getMock('\OCP\Security\ICrypto');
- $crypto
- ->expects($this->once())
- ->method('decrypt')
- ->with('1c637c4147e40a8a8f09428ec2059cebea3480c27b402b4e793c69710a731513|wlXxNUaFqHuQnZr5|e6ab49c9e0e20c8d3607e02f1d8e6ec17ad6020ae10b7d64ab4b0a6318c0875940943a6aa303dc090fea0b4cd5b9fb8bcbecac4308a2bd15d9f369cdc22121a4', 'secret')
- ->will($this->returnValue('MyStoredRequestToken'));
-
/** @var Request $request */
$request = $this->getMockBuilder('\OC\AppFramework\Http\Request')
->setMethods(['getScriptName'])
->setConstructorArgs([
[
'get' => [
- 'requesttoken' => '1c637c4147e40a8a8f09428ec2059cebea3480c27b402b4e793c69710a731513|wlXxNUaFqHuQnZr5|e6ab49c9e0e20c8d3607e02f1d8e6ec17ad6020ae10b7d64ab4b0a6318c0875940943a6aa303dc090fea0b4cd5b9fb8bcbecac4308a2bd15d9f369cdc22121a4:secret',
+ 'requesttoken' => 'AAAHGxsTCTc3BgMQESAcNR0OAR0=:MyTotalSecretShareds',
],
'requesttoken' => 'MyStoredRequestToken',
],
$this->secureRandom,
- $crypto,
$this->config,
$this->stream
])
@@ -1305,25 +1249,17 @@ class RequestTest extends \Test\TestCase {
}
public function testPassesCSRFCheckWithPost() {
- $crypto = $this->getMock('\OCP\Security\ICrypto');
- $crypto
- ->expects($this->once())
- ->method('decrypt')
- ->with('1c637c4147e40a8a8f09428ec2059cebea3480c27b402b4e793c69710a731513|wlXxNUaFqHuQnZr5|e6ab49c9e0e20c8d3607e02f1d8e6ec17ad6020ae10b7d64ab4b0a6318c0875940943a6aa303dc090fea0b4cd5b9fb8bcbecac4308a2bd15d9f369cdc22121a4', 'secret')
- ->will($this->returnValue('MyStoredRequestToken'));
-
/** @var Request $request */
$request = $this->getMockBuilder('\OC\AppFramework\Http\Request')
->setMethods(['getScriptName'])
->setConstructorArgs([
[
'post' => [
- 'requesttoken' => '1c637c4147e40a8a8f09428ec2059cebea3480c27b402b4e793c69710a731513|wlXxNUaFqHuQnZr5|e6ab49c9e0e20c8d3607e02f1d8e6ec17ad6020ae10b7d64ab4b0a6318c0875940943a6aa303dc090fea0b4cd5b9fb8bcbecac4308a2bd15d9f369cdc22121a4:secret',
+ 'requesttoken' => 'AAAHGxsTCTc3BgMQESAcNR0OAR0=:MyTotalSecretShareds',
],
'requesttoken' => 'MyStoredRequestToken',
],
$this->secureRandom,
- $crypto,
$this->config,
$this->stream
])
@@ -1333,24 +1269,17 @@ class RequestTest extends \Test\TestCase {
}
public function testPassesCSRFCheckWithHeader() {
- $crypto = $this->getMock('\OCP\Security\ICrypto');
- $crypto
- ->expects($this->once())
- ->method('decrypt')
- ->with('1c637c4147e40a8a8f09428ec2059cebea3480c27b402b4e793c69710a731513|wlXxNUaFqHuQnZr5|e6ab49c9e0e20c8d3607e02f1d8e6ec17ad6020ae10b7d64ab4b0a6318c0875940943a6aa303dc090fea0b4cd5b9fb8bcbecac4308a2bd15d9f369cdc22121a4', 'secret')
- ->will($this->returnValue('MyStoredRequestToken'));
/** @var Request $request */
$request = $this->getMockBuilder('\OC\AppFramework\Http\Request')
->setMethods(['getScriptName'])
->setConstructorArgs([
[
'server' => [
- 'HTTP_REQUESTTOKEN' => '1c637c4147e40a8a8f09428ec2059cebea3480c27b402b4e793c69710a731513|wlXxNUaFqHuQnZr5|e6ab49c9e0e20c8d3607e02f1d8e6ec17ad6020ae10b7d64ab4b0a6318c0875940943a6aa303dc090fea0b4cd5b9fb8bcbecac4308a2bd15d9f369cdc22121a4:secret',
+ 'HTTP_REQUESTTOKEN' => 'AAAHGxsTCTc3BgMQESAcNR0OAR0=:MyTotalSecretShareds',
],
'requesttoken' => 'MyStoredRequestToken',
],
$this->secureRandom,
- $crypto,
$this->config,
$this->stream
])
@@ -1359,6 +1288,9 @@ class RequestTest extends \Test\TestCase {
$this->assertTrue($request->passesCSRFCheck());
}
+ /**
+ * @return array
+ */
public function invalidTokenDataProvider() {
return [
['InvalidSentToken'],
@@ -1373,8 +1305,6 @@ class RequestTest extends \Test\TestCase {
* @param string $invalidToken
*/
public function testPassesCSRFCheckWithInvalidToken($invalidToken) {
- $crypto = new Crypto($this->config, $this->secureRandom);
-
/** @var Request $request */
$request = $this->getMockBuilder('\OC\AppFramework\Http\Request')
->setMethods(['getScriptName'])
@@ -1386,7 +1316,6 @@ class RequestTest extends \Test\TestCase {
'requesttoken' => 'MyStoredRequestToken',
],
$this->secureRandom,
- $crypto,
$this->config,
$this->stream
])
@@ -1402,7 +1331,6 @@ class RequestTest extends \Test\TestCase {
->setConstructorArgs([
[],
$this->secureRandom,
- $this->getMock('\OCP\Security\ICrypto'),
$this->config,
$this->stream
])
diff --git a/tests/lib/appframework/middleware/MiddlewareDispatcherTest.php b/tests/lib/appframework/middleware/MiddlewareDispatcherTest.php
index eab45b03c98..a8731525798 100644
--- a/tests/lib/appframework/middleware/MiddlewareDispatcherTest.php
+++ b/tests/lib/appframework/middleware/MiddlewareDispatcherTest.php
@@ -133,7 +133,6 @@ class MiddlewareDispatcherTest extends \Test\TestCase {
new Request(
['method' => 'GET'],
$this->getMock('\OCP\Security\ISecureRandom'),
- $this->getMock('\OCP\Security\ICrypto'),
$this->getMock('\OCP\IConfig')
)
]
diff --git a/tests/lib/appframework/middleware/MiddlewareTest.php b/tests/lib/appframework/middleware/MiddlewareTest.php
index 8e077b37e2f..33f04e1383d 100644
--- a/tests/lib/appframework/middleware/MiddlewareTest.php
+++ b/tests/lib/appframework/middleware/MiddlewareTest.php
@@ -61,7 +61,6 @@ class MiddlewareTest extends \Test\TestCase {
new Request(
[],
$this->getMock('\OCP\Security\ISecureRandom'),
- $this->getMock('\OCP\Security\ICrypto'),
$this->getMock('\OCP\IConfig')
)
]
diff --git a/tests/lib/appframework/middleware/security/CORSMiddlewareTest.php b/tests/lib/appframework/middleware/security/CORSMiddlewareTest.php
index f5e6106dc3a..ca526fb859c 100644
--- a/tests/lib/appframework/middleware/security/CORSMiddlewareTest.php
+++ b/tests/lib/appframework/middleware/security/CORSMiddlewareTest.php
@@ -42,7 +42,6 @@ class CORSMiddlewareTest extends \Test\TestCase {
]
],
$this->getMock('\OCP\Security\ISecureRandom'),
- $this->getMock('\OCP\Security\ICrypto'),
$this->getMock('\OCP\IConfig')
);
$this->reflector->reflect($this, __FUNCTION__);
@@ -62,7 +61,6 @@ class CORSMiddlewareTest extends \Test\TestCase {
]
],
$this->getMock('\OCP\Security\ISecureRandom'),
- $this->getMock('\OCP\Security\ICrypto'),
$this->getMock('\OCP\IConfig')
);
$middleware = new CORSMiddleware($request, $this->reflector, $this->session);
@@ -80,7 +78,6 @@ class CORSMiddlewareTest extends \Test\TestCase {
$request = new Request(
[],
$this->getMock('\OCP\Security\ISecureRandom'),
- $this->getMock('\OCP\Security\ICrypto'),
$this->getMock('\OCP\IConfig')
);
$this->reflector->reflect($this, __FUNCTION__);
@@ -104,7 +101,6 @@ class CORSMiddlewareTest extends \Test\TestCase {
]
],
$this->getMock('\OCP\Security\ISecureRandom'),
- $this->getMock('\OCP\Security\ICrypto'),
$this->getMock('\OCP\IConfig')
);
$this->reflector->reflect($this, __FUNCTION__);
@@ -123,7 +119,6 @@ class CORSMiddlewareTest extends \Test\TestCase {
$request = new Request(
[],
$this->getMock('\OCP\Security\ISecureRandom'),
- $this->getMock('\OCP\Security\ICrypto'),
$this->getMock('\OCP\IConfig')
);
$this->reflector->reflect($this, __FUNCTION__);
@@ -149,7 +144,6 @@ class CORSMiddlewareTest extends \Test\TestCase {
'PHP_AUTH_PW' => 'pass'
]],
$this->getMock('\OCP\Security\ISecureRandom'),
- $this->getMock('\OCP\Security\ICrypto'),
$this->getMock('\OCP\IConfig')
);
$this->session->expects($this->once())
@@ -175,7 +169,6 @@ class CORSMiddlewareTest extends \Test\TestCase {
'PHP_AUTH_PW' => 'pass'
]],
$this->getMock('\OCP\Security\ISecureRandom'),
- $this->getMock('\OCP\Security\ICrypto'),
$this->getMock('\OCP\IConfig')
);
$this->session->expects($this->once())
@@ -197,7 +190,6 @@ class CORSMiddlewareTest extends \Test\TestCase {
'PHP_AUTH_PW' => 'pass'
]],
$this->getMock('\OCP\Security\ISecureRandom'),
- $this->getMock('\OCP\Security\ICrypto'),
$this->getMock('\OCP\IConfig')
);
$middleware = new CORSMiddleware($request, $this->reflector, $this->session);
@@ -214,7 +206,6 @@ class CORSMiddlewareTest extends \Test\TestCase {
'PHP_AUTH_PW' => 'pass'
]],
$this->getMock('\OCP\Security\ISecureRandom'),
- $this->getMock('\OCP\Security\ICrypto'),
$this->getMock('\OCP\IConfig')
);
$middleware = new CORSMiddleware($request, $this->reflector, $this->session);
@@ -235,7 +226,6 @@ class CORSMiddlewareTest extends \Test\TestCase {
'PHP_AUTH_PW' => 'pass'
]],
$this->getMock('\OCP\Security\ISecureRandom'),
- $this->getMock('\OCP\Security\ICrypto'),
$this->getMock('\OCP\IConfig')
);
$middleware = new CORSMiddleware($request, $this->reflector, $this->session);
diff --git a/tests/lib/appframework/middleware/security/SecurityMiddlewareTest.php b/tests/lib/appframework/middleware/security/SecurityMiddlewareTest.php
index 3b4d7987e94..347a0423ea6 100644
--- a/tests/lib/appframework/middleware/security/SecurityMiddlewareTest.php
+++ b/tests/lib/appframework/middleware/security/SecurityMiddlewareTest.php
@@ -322,7 +322,6 @@ class SecurityMiddlewareTest extends \Test\TestCase {
]
],
$this->getMock('\OCP\Security\ISecureRandom'),
- $this->getMock('\OCP\Security\ICrypto'),
$this->getMock('\OCP\IConfig')
);
$this->middleware = $this->getMiddleware(true, true);
diff --git a/tests/lib/appframework/middleware/sessionmiddlewaretest.php b/tests/lib/appframework/middleware/sessionmiddlewaretest.php
index 06390e96d4c..11c1600f515 100644
--- a/tests/lib/appframework/middleware/sessionmiddlewaretest.php
+++ b/tests/lib/appframework/middleware/sessionmiddlewaretest.php
@@ -36,7 +36,6 @@ class SessionMiddlewareTest extends \Test\TestCase {
$this->request = new Request(
[],
$this->getMockBuilder('\OCP\Security\ISecureRandom')->getMock(),
- $this->getMock('\OCP\Security\ICrypto'),
$this->getMock('\OCP\IConfig')
);
$this->reflector = new ControllerMethodReflector();
diff --git a/tests/lib/util.php b/tests/lib/util.php
index eaa3d0795e3..9974e799d08 100644
--- a/tests/lib/util.php
+++ b/tests/lib/util.php
@@ -91,7 +91,7 @@ class Test_Util extends \Test\TestCase {
function testCallRegister() {
$result = strlen(OC_Util::callRegister());
- $this->assertEquals(221, $result);
+ $this->assertEquals(71, $result);
}
function testSanitizeHTML() {