aboutsummaryrefslogtreecommitdiffstats
path: root/tests/Core/Controller/CSRFTokenControllerTest.php
diff options
context:
space:
mode:
Diffstat (limited to 'tests/Core/Controller/CSRFTokenControllerTest.php')
-rw-r--r--tests/Core/Controller/CSRFTokenControllerTest.php62
1 files changed, 62 insertions, 0 deletions
diff --git a/tests/Core/Controller/CSRFTokenControllerTest.php b/tests/Core/Controller/CSRFTokenControllerTest.php
new file mode 100644
index 00000000000..a401788be8d
--- /dev/null
+++ b/tests/Core/Controller/CSRFTokenControllerTest.php
@@ -0,0 +1,62 @@
+<?php
+
+/**
+ * SPDX-FileCopyrightText: 2017 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-License-Identifier: AGPL-3.0-or-later
+ */
+
+namespace Tests\Core\Controller;
+
+use OC\Core\Controller\CSRFTokenController;
+use OC\Security\CSRF\CsrfToken;
+use OC\Security\CSRF\CsrfTokenManager;
+use OCP\AppFramework\Http;
+use OCP\AppFramework\Http\JSONResponse;
+use OCP\IRequest;
+use Test\TestCase;
+
+class CSRFTokenControllerTest extends TestCase {
+ /** @var CSRFTokenController */
+ private $controller;
+
+ /** @var IRequest|\PHPUnit\Framework\MockObject\MockObject */
+ private $request;
+
+ /** @var CsrfTokenManager|\PHPUnit\Framework\MockObject\MockObject */
+ private $tokenManager;
+
+ protected function setUp(): void {
+ parent::setUp();
+
+ $this->request = $this->createMock(IRequest::class);
+ $this->tokenManager = $this->createMock(CsrfTokenManager::class);
+
+ $this->controller = new CSRFTokenController('core', $this->request,
+ $this->tokenManager);
+ }
+
+ public function testGetToken(): void {
+ $this->request->method('passesStrictCookieCheck')->willReturn(true);
+
+ $token = $this->createMock(CsrfToken::class);
+ $this->tokenManager->method('getToken')->willReturn($token);
+ $token->method('getEncryptedValue')->willReturn('toktok123');
+
+ $response = $this->controller->index();
+
+ $this->assertInstanceOf(JSONResponse::class, $response);
+ $this->assertSame(Http::STATUS_OK, $response->getStatus());
+ $this->assertEquals([
+ 'token' => 'toktok123'
+ ], $response->getData());
+ }
+
+ public function testGetTokenNoStrictSameSiteCookie(): void {
+ $this->request->method('passesStrictCookieCheck')->willReturn(false);
+
+ $response = $this->controller->index();
+
+ $this->assertInstanceOf(JSONResponse::class, $response);
+ $this->assertSame(Http::STATUS_FORBIDDEN, $response->getStatus());
+ }
+}
generated by cgit v1.2.3 (git 2.39.1) at 2025-08-15 14:04:51 +0000