diff options
Diffstat (limited to 'tests/Core')
| -rw-r--r-- | tests/Core/Controller/LoginControllerTest.php | 87 |
1 files changed, 69 insertions, 18 deletions
diff --git a/tests/Core/Controller/LoginControllerTest.php b/tests/Core/Controller/LoginControllerTest.php index 50ecbe5e19c..67c4349957f 100644 --- a/tests/Core/Controller/LoginControllerTest.php +++ b/tests/Core/Controller/LoginControllerTest.php @@ -15,6 +15,9 @@ use OC\Authentication\Login\LoginData; use OC\Authentication\Login\LoginResult; use OC\Authentication\TwoFactorAuth\Manager; use OC\Core\Controller\LoginController; +use OC\Security\CSRF\CsrfToken; +use OC\Security\CSRF\CsrfTokenManager; +use OC\Security\CSRF\CsrfValidator; use OC\User\Session; use OCP\App\IAppManager; use OCP\AppFramework\Http\RedirectResponse; @@ -79,6 +82,9 @@ class LoginControllerTest extends TestCase { /** @var IAppManager|MockObject */ private $appManager; + private CsrfTokenManager $csrfTokenManager; + private CsrfValidator $csrfValidator; + protected function setUp(): void { parent::setUp(); $this->request = $this->createMock(IRequest::class); @@ -101,6 +107,8 @@ class LoginControllerTest extends TestCase { ->willReturnCallback(function ($text, $parameters = []) { return vsprintf($text, $parameters); }); + $this->csrfTokenManager = $this->createMock(CsrfTokenManager::class); + $this->csrfValidator = new CsrfValidator($this->csrfTokenManager); $this->request->method('getRemoteAddress') @@ -126,6 +134,7 @@ class LoginControllerTest extends TestCase { $this->notificationManager, $this->l, $this->appManager, + $this->csrfValidator, ); } @@ -437,9 +446,16 @@ class LoginControllerTest extends TestCase { $password = 'secret'; $loginPageUrl = '/login?redirect_url=/apps/files'; $loginChain = $this->createMock(LoginChain::class); - $this->request - ->expects($this->once()) - ->method('passesCSRFCheck') + $this->request->expects($this->once()) + ->method('passesStrictCookieCheck') + ->willReturn(true); + $this->request->expects($this->once()) + ->method('getParam') + ->with('requesttoken', '') + ->willReturn('foobar'); + $this->csrfTokenManager->expects($this->once()) + ->method('isTokenValid') + ->with(new CsrfToken('foobar')) ->willReturn(true); $loginData = new LoginData( $this->request, @@ -472,9 +488,16 @@ class LoginControllerTest extends TestCase { $user = 'MyUserName'; $password = 'secret'; $loginChain = $this->createMock(LoginChain::class); - $this->request - ->expects($this->once()) - ->method('passesCSRFCheck') + $this->request->expects($this->once()) + ->method('passesStrictCookieCheck') + ->willReturn(true); + $this->request->expects($this->once()) + ->method('getParam') + ->with('requesttoken', '') + ->willReturn('foobar'); + $this->csrfTokenManager->expects($this->once()) + ->method('isTokenValid') + ->with(new CsrfToken('foobar')) ->willReturn(true); $loginData = new LoginData( $this->request, @@ -504,9 +527,16 @@ class LoginControllerTest extends TestCase { $password = 'secret'; $originalUrl = 'another%20url'; $loginChain = $this->createMock(LoginChain::class); - $this->request - ->expects($this->once()) - ->method('passesCSRFCheck') + $this->request->expects($this->once()) + ->method('passesStrictCookieCheck') + ->willReturn(true); + $this->request->expects($this->once()) + ->method('getParam') + ->with('requesttoken', '') + ->willReturn('foobar'); + $this->csrfTokenManager->expects($this->once()) + ->method('isTokenValid') + ->with(new CsrfToken('foobar')) ->willReturn(false); $this->userSession ->method('isLoggedIn') @@ -533,9 +563,16 @@ class LoginControllerTest extends TestCase { $originalUrl = 'another url'; $redirectUrl = 'http://localhost/another url'; $loginChain = $this->createMock(LoginChain::class); - $this->request - ->expects($this->once()) - ->method('passesCSRFCheck') + $this->request->expects($this->once()) + ->method('passesStrictCookieCheck') + ->willReturn(true); + $this->request->expects($this->once()) + ->method('getParam') + ->with('requesttoken', '') + ->willReturn('foobar'); + $this->csrfTokenManager->expects($this->once()) + ->method('isTokenValid') + ->with(new CsrfToken('foobar')) ->willReturn(false); $this->userSession ->method('isLoggedIn') @@ -565,9 +602,16 @@ class LoginControllerTest extends TestCase { $password = 'secret'; $redirectUrl = 'https://next.cloud/apps/mail'; $loginChain = $this->createMock(LoginChain::class); - $this->request - ->expects($this->once()) - ->method('passesCSRFCheck') + $this->request->expects($this->once()) + ->method('passesStrictCookieCheck') + ->willReturn(true); + $this->request->expects($this->once()) + ->method('getParam') + ->with('requesttoken', '') + ->willReturn('foobar'); + $this->csrfTokenManager->expects($this->once()) + ->method('isTokenValid') + ->with(new CsrfToken('foobar')) ->willReturn(true); $loginData = new LoginData( $this->request, @@ -596,9 +640,16 @@ class LoginControllerTest extends TestCase { public function testToNotLeakLoginName() { $loginChain = $this->createMock(LoginChain::class); - $this->request - ->expects($this->once()) - ->method('passesCSRFCheck') + $this->request->expects($this->once()) + ->method('passesStrictCookieCheck') + ->willReturn(true); + $this->request->expects($this->once()) + ->method('getParam') + ->with('requesttoken', '') + ->willReturn('foobar'); + $this->csrfTokenManager->expects($this->once()) + ->method('isTokenValid') + ->with(new CsrfToken('foobar')) ->willReturn(true); $loginPageUrl = '/login?redirect_url=/apps/files'; $loginData = new LoginData( |