diff options
Diffstat (limited to 'apps/oauth2/tests')
6 files changed, 111 insertions, 16 deletions
diff --git a/apps/oauth2/tests/Controller/LoginRedirectorControllerTest.php b/apps/oauth2/tests/Controller/LoginRedirectorControllerTest.php index afa5aae4f07..04ac0bfbd28 100644 --- a/apps/oauth2/tests/Controller/LoginRedirectorControllerTest.php +++ b/apps/oauth2/tests/Controller/LoginRedirectorControllerTest.php @@ -1,4 +1,5 @@ <?php + /** * SPDX-FileCopyrightText: 2017 Nextcloud GmbH and Nextcloud contributors * SPDX-License-Identifier: AGPL-3.0-or-later @@ -13,6 +14,7 @@ use OCA\OAuth2\Exceptions\ClientNotFoundException; use OCP\AppFramework\Http\RedirectResponse; use OCP\AppFramework\Http\TemplateResponse; use OCP\IAppConfig; +use OCP\IConfig; use OCP\IL10N; use OCP\IRequest; use OCP\ISession; @@ -32,6 +34,7 @@ class LoginRedirectorControllerTest extends TestCase { private IL10N&MockObject $l; private ISecureRandom&MockObject $random; private IAppConfig&MockObject $appConfig; + private IConfig&MockObject $config; private LoginRedirectorController $loginRedirectorController; @@ -45,6 +48,7 @@ class LoginRedirectorControllerTest extends TestCase { $this->l = $this->createMock(IL10N::class); $this->random = $this->createMock(ISecureRandom::class); $this->appConfig = $this->createMock(IAppConfig::class); + $this->config = $this->createMock(IConfig::class); $this->loginRedirectorController = new LoginRedirectorController( 'oauth2', @@ -55,6 +59,7 @@ class LoginRedirectorControllerTest extends TestCase { $this->l, $this->random, $this->appConfig, + $this->config, ); } @@ -77,9 +82,15 @@ class LoginRedirectorControllerTest extends TestCase { 'core.ClientFlowLogin.showAuthPickerPage', [ 'clientIdentifier' => 'MyClientIdentifier', + 'providedRedirectUri' => '', ] ) ->willReturn('https://example.com/?clientIdentifier=foo'); + $this->config + ->expects($this->once()) + ->method('getSystemValueBool') + ->with('oauth2.enable_oc_clients', false) + ->willReturn(false); $expected = new RedirectResponse('https://example.com/?clientIdentifier=foo'); $this->assertEquals($expected, $this->loginRedirectorController->authorize('MyClientId', 'MyState', 'code')); @@ -124,9 +135,15 @@ class LoginRedirectorControllerTest extends TestCase { [ 'stateToken' => 'MyStateToken', 'clientIdentifier' => 'MyClientIdentifier', + 'providedRedirectUri' => '', ] ) ->willReturn('https://example.com/?clientIdentifier=foo'); + $this->config + ->expects($this->once()) + ->method('getSystemValueBool') + ->with('oauth2.enable_oc_clients', false) + ->willReturn(false); $expected = new RedirectResponse('https://example.com/?clientIdentifier=foo'); $this->assertEquals($expected, $this->loginRedirectorController->authorize('MyClientId', 'MyState', 'code')); @@ -150,6 +167,74 @@ class LoginRedirectorControllerTest extends TestCase { $this->assertEquals($expected, $this->loginRedirectorController->authorize('MyClientId', 'MyState', 'wrongcode')); } + public function testAuthorizeWithLegacyOcClient(): void { + $client = new Client(); + $client->setClientIdentifier('MyClientIdentifier'); + $client->setRedirectUri('http://localhost:*'); + $this->clientMapper + ->expects($this->once()) + ->method('getByIdentifier') + ->with('MyClientId') + ->willReturn($client); + $this->session + ->expects($this->once()) + ->method('set') + ->with('oauth.state', 'MyState'); + $this->urlGenerator + ->expects($this->once()) + ->method('linkToRouteAbsolute') + ->with( + 'core.ClientFlowLogin.showAuthPickerPage', + [ + 'clientIdentifier' => 'MyClientIdentifier', + 'providedRedirectUri' => 'http://localhost:30000', + ] + ) + ->willReturn('https://example.com/?clientIdentifier=foo&providedRedirectUri=http://localhost:30000'); + $this->config + ->expects($this->once()) + ->method('getSystemValueBool') + ->with('oauth2.enable_oc_clients', false) + ->willReturn(true); + + $expected = new RedirectResponse('https://example.com/?clientIdentifier=foo&providedRedirectUri=http://localhost:30000'); + $this->assertEquals($expected, $this->loginRedirectorController->authorize('MyClientId', 'MyState', 'code', 'http://localhost:30000')); + } + + public function testAuthorizeNotForwardingUntrustedURIs(): void { + $client = new Client(); + $client->setClientIdentifier('MyClientIdentifier'); + $this->clientMapper + ->expects($this->once()) + ->method('getByIdentifier') + ->with('MyClientId') + ->willReturn($client); + $this->session + ->expects($this->once()) + ->method('set') + ->with('oauth.state', 'MyState'); + $this->urlGenerator + ->expects($this->once()) + ->method('linkToRouteAbsolute') + ->with( + 'core.ClientFlowLogin.showAuthPickerPage', + [ + 'clientIdentifier' => 'MyClientIdentifier', + 'providedRedirectUri' => '', + ] + ) + ->willReturn('https://example.com/?clientIdentifier=foo'); + $this->config + ->expects($this->once()) + ->method('getSystemValueBool') + ->with('oauth2.enable_oc_clients', false) + ->willReturn(false); + + $expected = new RedirectResponse('https://example.com/?clientIdentifier=foo'); + $this->assertEquals($expected, $this->loginRedirectorController->authorize('MyClientId', 'MyState', 'code', 'http://untrusted-uri.com')); + } + + public function testClientNotFound(): void { $clientNotFound = new ClientNotFoundException('could not find client test123', 0); $this->clientMapper diff --git a/apps/oauth2/tests/Controller/OauthApiControllerTest.php b/apps/oauth2/tests/Controller/OauthApiControllerTest.php index 8d13265ec9e..53dd8549196 100644 --- a/apps/oauth2/tests/Controller/OauthApiControllerTest.php +++ b/apps/oauth2/tests/Controller/OauthApiControllerTest.php @@ -1,4 +1,5 @@ <?php + /** * SPDX-FileCopyrightText: 2017 Nextcloud GmbH and Nextcloud contributors * SPDX-License-Identifier: AGPL-3.0-or-later @@ -222,7 +223,7 @@ class OauthApiControllerTest extends TestCase { $this->assertEquals($expected, $this->oauthApiController->getToken('refresh_token', null, 'validrefresh', null, null)); } - public function invalidClientProvider() { + public static function invalidClientProvider() { return [ ['invalidClientId', 'invalidClientSecret'], ['clientId', 'invalidClientSecret'], @@ -231,11 +232,11 @@ class OauthApiControllerTest extends TestCase { } /** - * @dataProvider invalidClientProvider * * @param string $clientId * @param string $clientSecret */ + #[\PHPUnit\Framework\Attributes\DataProvider('invalidClientProvider')] public function testRefreshTokenInvalidClient($clientId, $clientSecret): void { $expected = new JSONResponse([ 'error' => 'invalid_client', @@ -382,8 +383,8 @@ class OauthApiControllerTest extends TestCase { ->method('update') ->with( $this->callback(function (AccessToken $token) { - return $token->getHashedCode() === hash('sha512', 'random128') && - $token->getEncryptedToken() === 'newEncryptedToken'; + return $token->getHashedCode() === hash('sha512', 'random128') + && $token->getEncryptedToken() === 'newEncryptedToken'; }) ); @@ -478,8 +479,8 @@ class OauthApiControllerTest extends TestCase { ->method('update') ->with( $this->callback(function (AccessToken $token) { - return $token->getHashedCode() === hash('sha512', 'random128') && - $token->getEncryptedToken() === 'newEncryptedToken'; + return $token->getHashedCode() === hash('sha512', 'random128') + && $token->getEncryptedToken() === 'newEncryptedToken'; }) ); @@ -577,8 +578,8 @@ class OauthApiControllerTest extends TestCase { ->method('update') ->with( $this->callback(function (AccessToken $token) { - return $token->getHashedCode() === hash('sha512', 'random128') && - $token->getEncryptedToken() === 'newEncryptedToken'; + return $token->getHashedCode() === hash('sha512', 'random128') + && $token->getEncryptedToken() === 'newEncryptedToken'; }) ); diff --git a/apps/oauth2/tests/Controller/SettingsControllerTest.php b/apps/oauth2/tests/Controller/SettingsControllerTest.php index 5b8a57a4062..030a220e3d7 100644 --- a/apps/oauth2/tests/Controller/SettingsControllerTest.php +++ b/apps/oauth2/tests/Controller/SettingsControllerTest.php @@ -1,4 +1,5 @@ <?php + /** * SPDX-FileCopyrightText: 2017 Nextcloud GmbH and Nextcloud contributors * SPDX-License-Identifier: AGPL-3.0-or-later @@ -18,6 +19,7 @@ use OCP\IUser; use OCP\IUserManager; use OCP\Security\ICrypto; use OCP\Security\ISecureRandom; +use OCP\Server; use Test\TestCase; /** @@ -94,10 +96,10 @@ class SettingsControllerTest extends TestCase { ->expects($this->once()) ->method('insert') ->with($this->callback(function (Client $c) { - return $c->getName() === 'My Client Name' && - $c->getRedirectUri() === 'https://example.com/' && - $c->getSecret() === bin2hex('MyHashedSecret') && - $c->getClientIdentifier() === 'MyClientIdentifier'; + return $c->getName() === 'My Client Name' + && $c->getRedirectUri() === 'https://example.com/' + && $c->getSecret() === bin2hex('MyHashedSecret') + && $c->getClientIdentifier() === 'MyClientIdentifier'; }))->willReturnCallback(function (Client $c) { $c->setId(42); return $c; @@ -119,7 +121,7 @@ class SettingsControllerTest extends TestCase { public function testDeleteClient(): void { - $userManager = \OC::$server->getUserManager(); + $userManager = Server::get(IUserManager::class); // count other users in the db before adding our own $count = 0; $function = function (IUser $user) use (&$count): void { diff --git a/apps/oauth2/tests/Db/AccessTokenMapperTest.php b/apps/oauth2/tests/Db/AccessTokenMapperTest.php index d1d595ef003..41a79fe725b 100644 --- a/apps/oauth2/tests/Db/AccessTokenMapperTest.php +++ b/apps/oauth2/tests/Db/AccessTokenMapperTest.php @@ -1,4 +1,5 @@ <?php + /** * SPDX-FileCopyrightText: 2017 Nextcloud GmbH and Nextcloud contributors * SPDX-License-Identifier: AGPL-3.0-or-later @@ -9,6 +10,8 @@ use OCA\OAuth2\Db\AccessToken; use OCA\OAuth2\Db\AccessTokenMapper; use OCA\OAuth2\Exceptions\AccessTokenNotFoundException; use OCP\AppFramework\Utility\ITimeFactory; +use OCP\IDBConnection; +use OCP\Server; use Test\TestCase; /** @@ -20,7 +23,7 @@ class AccessTokenMapperTest extends TestCase { protected function setUp(): void { parent::setUp(); - $this->accessTokenMapper = new AccessTokenMapper(\OC::$server->getDatabaseConnection(), \OC::$server->get(ITimeFactory::class)); + $this->accessTokenMapper = new AccessTokenMapper(Server::get(IDBConnection::class), Server::get(ITimeFactory::class)); } public function testGetByCode(): void { diff --git a/apps/oauth2/tests/Db/ClientMapperTest.php b/apps/oauth2/tests/Db/ClientMapperTest.php index 7c11470d096..2e8d20ad200 100644 --- a/apps/oauth2/tests/Db/ClientMapperTest.php +++ b/apps/oauth2/tests/Db/ClientMapperTest.php @@ -1,4 +1,5 @@ <?php + /** * SPDX-FileCopyrightText: 2017 Nextcloud GmbH and Nextcloud contributors * SPDX-License-Identifier: AGPL-3.0-or-later @@ -8,6 +9,8 @@ namespace OCA\OAuth2\Tests\Db; use OCA\OAuth2\Db\Client; use OCA\OAuth2\Db\ClientMapper; use OCA\OAuth2\Exceptions\ClientNotFoundException; +use OCP\IDBConnection; +use OCP\Server; use Test\TestCase; /** @@ -19,11 +22,11 @@ class ClientMapperTest extends TestCase { protected function setUp(): void { parent::setUp(); - $this->clientMapper = new ClientMapper(\OC::$server->getDatabaseConnection()); + $this->clientMapper = new ClientMapper(Server::get(IDBConnection::class)); } protected function tearDown(): void { - $query = \OC::$server->getDatabaseConnection()->getQueryBuilder(); + $query = Server::get(IDBConnection::class)->getQueryBuilder(); $query->delete('oauth2_clients')->execute(); parent::tearDown(); diff --git a/apps/oauth2/tests/Settings/AdminTest.php b/apps/oauth2/tests/Settings/AdminTest.php index ca9100669df..0f08bb30276 100644 --- a/apps/oauth2/tests/Settings/AdminTest.php +++ b/apps/oauth2/tests/Settings/AdminTest.php @@ -1,4 +1,5 @@ <?php + /** * SPDX-FileCopyrightText: 2017 Nextcloud GmbH and Nextcloud contributors * SPDX-License-Identifier: AGPL-3.0-or-later |