diff options
Diffstat (limited to 'tests/lib/AppFramework/Http')
19 files changed, 1361 insertions, 1282 deletions
diff --git a/tests/lib/AppFramework/Http/ContentSecurityPolicyTest.php b/tests/lib/AppFramework/Http/ContentSecurityPolicyTest.php index a96cd4a163b..75527e7eaf8 100644 --- a/tests/lib/AppFramework/Http/ContentSecurityPolicyTest.php +++ b/tests/lib/AppFramework/Http/ContentSecurityPolicyTest.php @@ -1,9 +1,9 @@ <?php + /** - * Copyright (c) 2015 Lukas Reschke lukas@owncloud.com - * This file is licensed under the Affero General Public License version 3 or - * later. - * See the COPYING-README file. + * SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors + * SPDX-FileCopyrightText: 2016 ownCloud, Inc. + * SPDX-License-Identifier: AGPL-3.0-or-later */ namespace Test\AppFramework\Http; @@ -16,7 +16,6 @@ use OCP\AppFramework\Http\ContentSecurityPolicy; * @package OC\AppFramework\Http */ class ContentSecurityPolicyTest extends \Test\TestCase { - /** @var ContentSecurityPolicy */ private $contentSecurityPolicy; @@ -25,416 +24,400 @@ class ContentSecurityPolicyTest extends \Test\TestCase { $this->contentSecurityPolicy = new ContentSecurityPolicy(); } - public function testGetPolicyDefault() { + public function testGetPolicyDefault(): void { $defaultPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self';frame-ancestors 'self';form-action 'self'"; $this->assertSame($defaultPolicy, $this->contentSecurityPolicy->buildPolicy()); } - public function testGetPolicyScriptDomainValid() { - $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self' www.owncloud.com;style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self';frame-ancestors 'self';form-action 'self'"; + public function testGetPolicyScriptDomainValid(): void { + $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self' www.nextcloud.com;style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self';frame-ancestors 'self';form-action 'self'"; - $this->contentSecurityPolicy->addAllowedScriptDomain('www.owncloud.com'); + $this->contentSecurityPolicy->addAllowedScriptDomain('www.nextcloud.com'); $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); } - public function testGetPolicyScriptDomainValidMultiple() { - $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self' www.owncloud.com www.owncloud.org;style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self';frame-ancestors 'self';form-action 'self'"; + public function testGetPolicyScriptDomainValidMultiple(): void { + $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self' www.nextcloud.com www.nextcloud.org;style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self';frame-ancestors 'self';form-action 'self'"; - $this->contentSecurityPolicy->addAllowedScriptDomain('www.owncloud.com'); - $this->contentSecurityPolicy->addAllowedScriptDomain('www.owncloud.org'); + $this->contentSecurityPolicy->addAllowedScriptDomain('www.nextcloud.com'); + $this->contentSecurityPolicy->addAllowedScriptDomain('www.nextcloud.org'); $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); } - public function testGetPolicyDisallowScriptDomain() { + public function testGetPolicyDisallowScriptDomain(): void { $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self';frame-ancestors 'self';form-action 'self'"; - $this->contentSecurityPolicy->addAllowedScriptDomain('www.owncloud.com'); - $this->contentSecurityPolicy->disallowScriptDomain('www.owncloud.com'); + $this->contentSecurityPolicy->addAllowedScriptDomain('www.nextcloud.com'); + $this->contentSecurityPolicy->disallowScriptDomain('www.nextcloud.com'); $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); } - public function testGetPolicyDisallowScriptDomainMultiple() { - $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self' www.owncloud.com;style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self';frame-ancestors 'self';form-action 'self'"; + public function testGetPolicyDisallowScriptDomainMultiple(): void { + $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self' www.nextcloud.com;style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self';frame-ancestors 'self';form-action 'self'"; - $this->contentSecurityPolicy->addAllowedScriptDomain('www.owncloud.com'); - $this->contentSecurityPolicy->disallowScriptDomain('www.owncloud.org'); + $this->contentSecurityPolicy->addAllowedScriptDomain('www.nextcloud.com'); + $this->contentSecurityPolicy->disallowScriptDomain('www.nextcloud.org'); $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); } - public function testGetPolicyDisallowScriptDomainMultipleStacked() { + public function testGetPolicyDisallowScriptDomainMultipleStacked(): void { $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self';frame-ancestors 'self';form-action 'self'"; - $this->contentSecurityPolicy->addAllowedScriptDomain('www.owncloud.com'); - $this->contentSecurityPolicy->disallowScriptDomain('www.owncloud.org')->disallowScriptDomain('www.owncloud.com'); - $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); - } - - public function testGetPolicyScriptAllowInline() { - $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self' 'unsafe-inline';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self';frame-ancestors 'self';form-action 'self'"; - - $this->contentSecurityPolicy->allowInlineScript(true); - $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); - } - - public function testGetPolicyScriptAllowInlineWithDomain() { - $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self' www.owncloud.com 'unsafe-inline';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self';frame-ancestors 'self';form-action 'self'"; - - $this->contentSecurityPolicy->addAllowedScriptDomain('www.owncloud.com'); - $this->contentSecurityPolicy->allowInlineScript(true); + $this->contentSecurityPolicy->addAllowedScriptDomain('www.nextcloud.com'); + $this->contentSecurityPolicy->disallowScriptDomain('www.nextcloud.org')->disallowScriptDomain('www.nextcloud.com'); $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); } - public function testGetPolicyScriptDisallowInlineAndEval() { + public function testGetPolicyScriptDisallowEval(): void { $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self';frame-ancestors 'self';form-action 'self'"; - $this->contentSecurityPolicy->allowInlineScript(false); $this->contentSecurityPolicy->allowEvalScript(false); $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); } - public function testGetPolicyStyleDomainValid() { - $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self';style-src 'self' www.owncloud.com 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self';frame-ancestors 'self';form-action 'self'"; + public function testGetPolicyStyleDomainValid(): void { + $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self';style-src 'self' www.nextcloud.com 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self';frame-ancestors 'self';form-action 'self'"; - $this->contentSecurityPolicy->addAllowedStyleDomain('www.owncloud.com'); + $this->contentSecurityPolicy->addAllowedStyleDomain('www.nextcloud.com'); $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); } - public function testGetPolicyStyleDomainValidMultiple() { - $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self';style-src 'self' www.owncloud.com www.owncloud.org 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self';frame-ancestors 'self';form-action 'self'"; + public function testGetPolicyStyleDomainValidMultiple(): void { + $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self';style-src 'self' www.nextcloud.com www.nextcloud.org 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self';frame-ancestors 'self';form-action 'self'"; - $this->contentSecurityPolicy->addAllowedStyleDomain('www.owncloud.com'); - $this->contentSecurityPolicy->addAllowedStyleDomain('www.owncloud.org'); + $this->contentSecurityPolicy->addAllowedStyleDomain('www.nextcloud.com'); + $this->contentSecurityPolicy->addAllowedStyleDomain('www.nextcloud.org'); $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); } - public function testGetPolicyDisallowStyleDomain() { + public function testGetPolicyDisallowStyleDomain(): void { $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self';frame-ancestors 'self';form-action 'self'"; - $this->contentSecurityPolicy->addAllowedStyleDomain('www.owncloud.com'); - $this->contentSecurityPolicy->disallowStyleDomain('www.owncloud.com'); + $this->contentSecurityPolicy->addAllowedStyleDomain('www.nextcloud.com'); + $this->contentSecurityPolicy->disallowStyleDomain('www.nextcloud.com'); $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); } - public function testGetPolicyDisallowStyleDomainMultiple() { - $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self';style-src 'self' www.owncloud.com 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self';frame-ancestors 'self';form-action 'self'"; + public function testGetPolicyDisallowStyleDomainMultiple(): void { + $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self';style-src 'self' www.nextcloud.com 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self';frame-ancestors 'self';form-action 'self'"; - $this->contentSecurityPolicy->addAllowedStyleDomain('www.owncloud.com'); - $this->contentSecurityPolicy->disallowStyleDomain('www.owncloud.org'); + $this->contentSecurityPolicy->addAllowedStyleDomain('www.nextcloud.com'); + $this->contentSecurityPolicy->disallowStyleDomain('www.nextcloud.org'); $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); } - public function testGetPolicyDisallowStyleDomainMultipleStacked() { + public function testGetPolicyDisallowStyleDomainMultipleStacked(): void { $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self';frame-ancestors 'self';form-action 'self'"; - $this->contentSecurityPolicy->addAllowedStyleDomain('www.owncloud.com'); - $this->contentSecurityPolicy->disallowStyleDomain('www.owncloud.org')->disallowStyleDomain('www.owncloud.com'); + $this->contentSecurityPolicy->addAllowedStyleDomain('www.nextcloud.com'); + $this->contentSecurityPolicy->disallowStyleDomain('www.nextcloud.org')->disallowStyleDomain('www.nextcloud.com'); $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); } - public function testGetPolicyStyleAllowInline() { + public function testGetPolicyStyleAllowInline(): void { $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self';frame-ancestors 'self';form-action 'self'"; $this->contentSecurityPolicy->allowInlineStyle(true); $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); } - public function testGetPolicyStyleAllowInlineWithDomain() { - $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self';style-src 'self' www.owncloud.com 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self';frame-ancestors 'self';form-action 'self'"; + public function testGetPolicyStyleAllowInlineWithDomain(): void { + $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self';style-src 'self' www.nextcloud.com 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self';frame-ancestors 'self';form-action 'self'"; - $this->contentSecurityPolicy->addAllowedStyleDomain('www.owncloud.com'); + $this->contentSecurityPolicy->addAllowedStyleDomain('www.nextcloud.com'); $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); } - public function testGetPolicyStyleDisallowInline() { + public function testGetPolicyStyleDisallowInline(): void { $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self';style-src 'self';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self';frame-ancestors 'self';form-action 'self'"; $this->contentSecurityPolicy->allowInlineStyle(false); $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); } - public function testGetPolicyImageDomainValid() { - $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self';style-src 'self' 'unsafe-inline';img-src 'self' data: blob: www.owncloud.com;font-src 'self' data:;connect-src 'self';media-src 'self';frame-ancestors 'self';form-action 'self'"; + public function testGetPolicyImageDomainValid(): void { + $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self';style-src 'self' 'unsafe-inline';img-src 'self' data: blob: www.nextcloud.com;font-src 'self' data:;connect-src 'self';media-src 'self';frame-ancestors 'self';form-action 'self'"; - $this->contentSecurityPolicy->addAllowedImageDomain('www.owncloud.com'); + $this->contentSecurityPolicy->addAllowedImageDomain('www.nextcloud.com'); $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); } - public function testGetPolicyImageDomainValidMultiple() { - $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self';style-src 'self' 'unsafe-inline';img-src 'self' data: blob: www.owncloud.com www.owncloud.org;font-src 'self' data:;connect-src 'self';media-src 'self';frame-ancestors 'self';form-action 'self'"; + public function testGetPolicyImageDomainValidMultiple(): void { + $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self';style-src 'self' 'unsafe-inline';img-src 'self' data: blob: www.nextcloud.com www.nextcloud.org;font-src 'self' data:;connect-src 'self';media-src 'self';frame-ancestors 'self';form-action 'self'"; - $this->contentSecurityPolicy->addAllowedImageDomain('www.owncloud.com'); - $this->contentSecurityPolicy->addAllowedImageDomain('www.owncloud.org'); + $this->contentSecurityPolicy->addAllowedImageDomain('www.nextcloud.com'); + $this->contentSecurityPolicy->addAllowedImageDomain('www.nextcloud.org'); $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); } - public function testGetPolicyDisallowImageDomain() { + public function testGetPolicyDisallowImageDomain(): void { $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self';frame-ancestors 'self';form-action 'self'"; - $this->contentSecurityPolicy->addAllowedImageDomain('www.owncloud.com'); - $this->contentSecurityPolicy->disallowImageDomain('www.owncloud.com'); + $this->contentSecurityPolicy->addAllowedImageDomain('www.nextcloud.com'); + $this->contentSecurityPolicy->disallowImageDomain('www.nextcloud.com'); $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); } - public function testGetPolicyDisallowImageDomainMultiple() { - $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self';style-src 'self' 'unsafe-inline';img-src 'self' data: blob: www.owncloud.com;font-src 'self' data:;connect-src 'self';media-src 'self';frame-ancestors 'self';form-action 'self'"; + public function testGetPolicyDisallowImageDomainMultiple(): void { + $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self';style-src 'self' 'unsafe-inline';img-src 'self' data: blob: www.nextcloud.com;font-src 'self' data:;connect-src 'self';media-src 'self';frame-ancestors 'self';form-action 'self'"; - $this->contentSecurityPolicy->addAllowedImageDomain('www.owncloud.com'); - $this->contentSecurityPolicy->disallowImageDomain('www.owncloud.org'); + $this->contentSecurityPolicy->addAllowedImageDomain('www.nextcloud.com'); + $this->contentSecurityPolicy->disallowImageDomain('www.nextcloud.org'); $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); } - public function testGetPolicyDisallowImageDomainMultipleStakes() { + public function testGetPolicyDisallowImageDomainMultipleStakes(): void { $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self';frame-ancestors 'self';form-action 'self'"; - $this->contentSecurityPolicy->addAllowedImageDomain('www.owncloud.com'); - $this->contentSecurityPolicy->disallowImageDomain('www.owncloud.org')->disallowImageDomain('www.owncloud.com'); + $this->contentSecurityPolicy->addAllowedImageDomain('www.nextcloud.com'); + $this->contentSecurityPolicy->disallowImageDomain('www.nextcloud.org')->disallowImageDomain('www.nextcloud.com'); $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); } - public function testGetPolicyFontDomainValid() { - $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data: www.owncloud.com;connect-src 'self';media-src 'self';frame-ancestors 'self';form-action 'self'"; + public function testGetPolicyFontDomainValid(): void { + $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data: www.nextcloud.com;connect-src 'self';media-src 'self';frame-ancestors 'self';form-action 'self'"; - $this->contentSecurityPolicy->addAllowedFontDomain('www.owncloud.com'); + $this->contentSecurityPolicy->addAllowedFontDomain('www.nextcloud.com'); $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); } - public function testGetPolicyFontDomainValidMultiple() { - $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data: www.owncloud.com www.owncloud.org;connect-src 'self';media-src 'self';frame-ancestors 'self';form-action 'self'"; + public function testGetPolicyFontDomainValidMultiple(): void { + $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data: www.nextcloud.com www.nextcloud.org;connect-src 'self';media-src 'self';frame-ancestors 'self';form-action 'self'"; - $this->contentSecurityPolicy->addAllowedFontDomain('www.owncloud.com'); - $this->contentSecurityPolicy->addAllowedFontDomain('www.owncloud.org'); + $this->contentSecurityPolicy->addAllowedFontDomain('www.nextcloud.com'); + $this->contentSecurityPolicy->addAllowedFontDomain('www.nextcloud.org'); $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); } - public function testGetPolicyDisallowFontDomain() { + public function testGetPolicyDisallowFontDomain(): void { $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self';frame-ancestors 'self';form-action 'self'"; - $this->contentSecurityPolicy->addAllowedFontDomain('www.owncloud.com'); - $this->contentSecurityPolicy->disallowFontDomain('www.owncloud.com'); + $this->contentSecurityPolicy->addAllowedFontDomain('www.nextcloud.com'); + $this->contentSecurityPolicy->disallowFontDomain('www.nextcloud.com'); $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); } - public function testGetPolicyDisallowFontDomainMultiple() { - $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data: www.owncloud.com;connect-src 'self';media-src 'self';frame-ancestors 'self';form-action 'self'"; + public function testGetPolicyDisallowFontDomainMultiple(): void { + $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data: www.nextcloud.com;connect-src 'self';media-src 'self';frame-ancestors 'self';form-action 'self'"; - $this->contentSecurityPolicy->addAllowedFontDomain('www.owncloud.com'); - $this->contentSecurityPolicy->disallowFontDomain('www.owncloud.org'); + $this->contentSecurityPolicy->addAllowedFontDomain('www.nextcloud.com'); + $this->contentSecurityPolicy->disallowFontDomain('www.nextcloud.org'); $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); } - public function testGetPolicyDisallowFontDomainMultipleStakes() { + public function testGetPolicyDisallowFontDomainMultipleStakes(): void { $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self';frame-ancestors 'self';form-action 'self'"; - $this->contentSecurityPolicy->addAllowedFontDomain('www.owncloud.com'); - $this->contentSecurityPolicy->disallowFontDomain('www.owncloud.org')->disallowFontDomain('www.owncloud.com'); + $this->contentSecurityPolicy->addAllowedFontDomain('www.nextcloud.com'); + $this->contentSecurityPolicy->disallowFontDomain('www.nextcloud.org')->disallowFontDomain('www.nextcloud.com'); $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); } - public function testGetPolicyConnectDomainValid() { - $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self' www.owncloud.com;media-src 'self';frame-ancestors 'self';form-action 'self'"; + public function testGetPolicyConnectDomainValid(): void { + $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self' www.nextcloud.com;media-src 'self';frame-ancestors 'self';form-action 'self'"; - $this->contentSecurityPolicy->addAllowedConnectDomain('www.owncloud.com'); + $this->contentSecurityPolicy->addAllowedConnectDomain('www.nextcloud.com'); $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); } - public function testGetPolicyConnectDomainValidMultiple() { - $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self' www.owncloud.com www.owncloud.org;media-src 'self';frame-ancestors 'self';form-action 'self'"; + public function testGetPolicyConnectDomainValidMultiple(): void { + $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self' www.nextcloud.com www.nextcloud.org;media-src 'self';frame-ancestors 'self';form-action 'self'"; - $this->contentSecurityPolicy->addAllowedConnectDomain('www.owncloud.com'); - $this->contentSecurityPolicy->addAllowedConnectDomain('www.owncloud.org'); + $this->contentSecurityPolicy->addAllowedConnectDomain('www.nextcloud.com'); + $this->contentSecurityPolicy->addAllowedConnectDomain('www.nextcloud.org'); $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); } - public function testGetPolicyDisallowConnectDomain() { + public function testGetPolicyDisallowConnectDomain(): void { $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self';frame-ancestors 'self';form-action 'self'"; - $this->contentSecurityPolicy->addAllowedConnectDomain('www.owncloud.com'); - $this->contentSecurityPolicy->disallowConnectDomain('www.owncloud.com'); + $this->contentSecurityPolicy->addAllowedConnectDomain('www.nextcloud.com'); + $this->contentSecurityPolicy->disallowConnectDomain('www.nextcloud.com'); $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); } - public function testGetPolicyDisallowConnectDomainMultiple() { - $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self' www.owncloud.com;media-src 'self';frame-ancestors 'self';form-action 'self'"; + public function testGetPolicyDisallowConnectDomainMultiple(): void { + $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self' www.nextcloud.com;media-src 'self';frame-ancestors 'self';form-action 'self'"; - $this->contentSecurityPolicy->addAllowedConnectDomain('www.owncloud.com'); - $this->contentSecurityPolicy->disallowConnectDomain('www.owncloud.org'); + $this->contentSecurityPolicy->addAllowedConnectDomain('www.nextcloud.com'); + $this->contentSecurityPolicy->disallowConnectDomain('www.nextcloud.org'); $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); } - public function testGetPolicyDisallowConnectDomainMultipleStakes() { + public function testGetPolicyDisallowConnectDomainMultipleStakes(): void { $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self';frame-ancestors 'self';form-action 'self'"; - $this->contentSecurityPolicy->addAllowedConnectDomain('www.owncloud.com'); - $this->contentSecurityPolicy->disallowConnectDomain('www.owncloud.org')->disallowConnectDomain('www.owncloud.com'); + $this->contentSecurityPolicy->addAllowedConnectDomain('www.nextcloud.com'); + $this->contentSecurityPolicy->disallowConnectDomain('www.nextcloud.org')->disallowConnectDomain('www.nextcloud.com'); $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); } - public function testGetPolicyMediaDomainValid() { - $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self' www.owncloud.com;frame-ancestors 'self';form-action 'self'"; + public function testGetPolicyMediaDomainValid(): void { + $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self' www.nextcloud.com;frame-ancestors 'self';form-action 'self'"; - $this->contentSecurityPolicy->addAllowedMediaDomain('www.owncloud.com'); + $this->contentSecurityPolicy->addAllowedMediaDomain('www.nextcloud.com'); $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); } - public function testGetPolicyMediaDomainValidMultiple() { - $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self' www.owncloud.com www.owncloud.org;frame-ancestors 'self';form-action 'self'"; + public function testGetPolicyMediaDomainValidMultiple(): void { + $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self' www.nextcloud.com www.nextcloud.org;frame-ancestors 'self';form-action 'self'"; - $this->contentSecurityPolicy->addAllowedMediaDomain('www.owncloud.com'); - $this->contentSecurityPolicy->addAllowedMediaDomain('www.owncloud.org'); + $this->contentSecurityPolicy->addAllowedMediaDomain('www.nextcloud.com'); + $this->contentSecurityPolicy->addAllowedMediaDomain('www.nextcloud.org'); $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); } - public function testGetPolicyDisallowMediaDomain() { + public function testGetPolicyDisallowMediaDomain(): void { $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self';frame-ancestors 'self';form-action 'self'"; - $this->contentSecurityPolicy->addAllowedMediaDomain('www.owncloud.com'); - $this->contentSecurityPolicy->disallowMediaDomain('www.owncloud.com'); + $this->contentSecurityPolicy->addAllowedMediaDomain('www.nextcloud.com'); + $this->contentSecurityPolicy->disallowMediaDomain('www.nextcloud.com'); $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); } - public function testGetPolicyDisallowMediaDomainMultiple() { - $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self' www.owncloud.com;frame-ancestors 'self';form-action 'self'"; + public function testGetPolicyDisallowMediaDomainMultiple(): void { + $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self' www.nextcloud.com;frame-ancestors 'self';form-action 'self'"; - $this->contentSecurityPolicy->addAllowedMediaDomain('www.owncloud.com'); - $this->contentSecurityPolicy->disallowMediaDomain('www.owncloud.org'); + $this->contentSecurityPolicy->addAllowedMediaDomain('www.nextcloud.com'); + $this->contentSecurityPolicy->disallowMediaDomain('www.nextcloud.org'); $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); } - public function testGetPolicyDisallowMediaDomainMultipleStakes() { + public function testGetPolicyDisallowMediaDomainMultipleStakes(): void { $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self';frame-ancestors 'self';form-action 'self'"; - $this->contentSecurityPolicy->addAllowedMediaDomain('www.owncloud.com'); - $this->contentSecurityPolicy->disallowMediaDomain('www.owncloud.org')->disallowMediaDomain('www.owncloud.com'); + $this->contentSecurityPolicy->addAllowedMediaDomain('www.nextcloud.com'); + $this->contentSecurityPolicy->disallowMediaDomain('www.nextcloud.org')->disallowMediaDomain('www.nextcloud.com'); $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); } - public function testGetPolicyObjectDomainValid() { - $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self';object-src www.owncloud.com;frame-ancestors 'self';form-action 'self'"; + public function testGetPolicyObjectDomainValid(): void { + $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self';object-src www.nextcloud.com;frame-ancestors 'self';form-action 'self'"; - $this->contentSecurityPolicy->addAllowedObjectDomain('www.owncloud.com'); + $this->contentSecurityPolicy->addAllowedObjectDomain('www.nextcloud.com'); $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); } - public function testGetPolicyObjectDomainValidMultiple() { - $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self';object-src www.owncloud.com www.owncloud.org;frame-ancestors 'self';form-action 'self'"; + public function testGetPolicyObjectDomainValidMultiple(): void { + $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self';object-src www.nextcloud.com www.nextcloud.org;frame-ancestors 'self';form-action 'self'"; - $this->contentSecurityPolicy->addAllowedObjectDomain('www.owncloud.com'); - $this->contentSecurityPolicy->addAllowedObjectDomain('www.owncloud.org'); + $this->contentSecurityPolicy->addAllowedObjectDomain('www.nextcloud.com'); + $this->contentSecurityPolicy->addAllowedObjectDomain('www.nextcloud.org'); $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); } - public function testGetPolicyDisallowObjectDomain() { + public function testGetPolicyDisallowObjectDomain(): void { $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self';frame-ancestors 'self';form-action 'self'"; - $this->contentSecurityPolicy->addAllowedObjectDomain('www.owncloud.com'); - $this->contentSecurityPolicy->disallowObjectDomain('www.owncloud.com'); + $this->contentSecurityPolicy->addAllowedObjectDomain('www.nextcloud.com'); + $this->contentSecurityPolicy->disallowObjectDomain('www.nextcloud.com'); $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); } - public function testGetPolicyDisallowObjectDomainMultiple() { - $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self';object-src www.owncloud.com;frame-ancestors 'self';form-action 'self'"; + public function testGetPolicyDisallowObjectDomainMultiple(): void { + $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self';object-src www.nextcloud.com;frame-ancestors 'self';form-action 'self'"; - $this->contentSecurityPolicy->addAllowedObjectDomain('www.owncloud.com'); - $this->contentSecurityPolicy->disallowObjectDomain('www.owncloud.org'); + $this->contentSecurityPolicy->addAllowedObjectDomain('www.nextcloud.com'); + $this->contentSecurityPolicy->disallowObjectDomain('www.nextcloud.org'); $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); } - public function testGetPolicyDisallowObjectDomainMultipleStakes() { + public function testGetPolicyDisallowObjectDomainMultipleStakes(): void { $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self';frame-ancestors 'self';form-action 'self'"; - $this->contentSecurityPolicy->addAllowedObjectDomain('www.owncloud.com'); - $this->contentSecurityPolicy->disallowObjectDomain('www.owncloud.org')->disallowObjectDomain('www.owncloud.com'); + $this->contentSecurityPolicy->addAllowedObjectDomain('www.nextcloud.com'); + $this->contentSecurityPolicy->disallowObjectDomain('www.nextcloud.org')->disallowObjectDomain('www.nextcloud.com'); $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); } - public function testGetAllowedFrameDomain() { - $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self';frame-src www.owncloud.com;frame-ancestors 'self';form-action 'self'"; + public function testGetAllowedFrameDomain(): void { + $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self';frame-src www.nextcloud.com;frame-ancestors 'self';form-action 'self'"; - $this->contentSecurityPolicy->addAllowedFrameDomain('www.owncloud.com'); + $this->contentSecurityPolicy->addAllowedFrameDomain('www.nextcloud.com'); $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); } - public function testGetPolicyFrameDomainValidMultiple() { - $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self';frame-src www.owncloud.com www.owncloud.org;frame-ancestors 'self';form-action 'self'"; + public function testGetPolicyFrameDomainValidMultiple(): void { + $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self';frame-src www.nextcloud.com www.nextcloud.org;frame-ancestors 'self';form-action 'self'"; - $this->contentSecurityPolicy->addAllowedFrameDomain('www.owncloud.com'); - $this->contentSecurityPolicy->addAllowedFrameDomain('www.owncloud.org'); + $this->contentSecurityPolicy->addAllowedFrameDomain('www.nextcloud.com'); + $this->contentSecurityPolicy->addAllowedFrameDomain('www.nextcloud.org'); $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); } - public function testGetPolicyDisallowFrameDomain() { + public function testGetPolicyDisallowFrameDomain(): void { $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self';frame-ancestors 'self';form-action 'self'"; - $this->contentSecurityPolicy->addAllowedFrameDomain('www.owncloud.com'); - $this->contentSecurityPolicy->disallowFrameDomain('www.owncloud.com'); + $this->contentSecurityPolicy->addAllowedFrameDomain('www.nextcloud.com'); + $this->contentSecurityPolicy->disallowFrameDomain('www.nextcloud.com'); $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); } - public function testGetPolicyDisallowFrameDomainMultiple() { - $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self';frame-src www.owncloud.com;frame-ancestors 'self';form-action 'self'"; + public function testGetPolicyDisallowFrameDomainMultiple(): void { + $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self';frame-src www.nextcloud.com;frame-ancestors 'self';form-action 'self'"; - $this->contentSecurityPolicy->addAllowedFrameDomain('www.owncloud.com'); - $this->contentSecurityPolicy->disallowFrameDomain('www.owncloud.org'); + $this->contentSecurityPolicy->addAllowedFrameDomain('www.nextcloud.com'); + $this->contentSecurityPolicy->disallowFrameDomain('www.nextcloud.org'); $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); } - public function testGetPolicyDisallowFrameDomainMultipleStakes() { + public function testGetPolicyDisallowFrameDomainMultipleStakes(): void { $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self';frame-ancestors 'self';form-action 'self'"; - $this->contentSecurityPolicy->addAllowedFrameDomain('www.owncloud.com'); - $this->contentSecurityPolicy->disallowFrameDomain('www.owncloud.org')->disallowFrameDomain('www.owncloud.com'); + $this->contentSecurityPolicy->addAllowedFrameDomain('www.nextcloud.com'); + $this->contentSecurityPolicy->disallowFrameDomain('www.nextcloud.org')->disallowFrameDomain('www.nextcloud.com'); $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); } - public function testGetAllowedChildSrcDomain() { - $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self';child-src child.owncloud.com;frame-ancestors 'self';form-action 'self'"; + public function testGetAllowedChildSrcDomain(): void { + $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self';child-src child.nextcloud.com;frame-ancestors 'self';form-action 'self'"; - $this->contentSecurityPolicy->addAllowedChildSrcDomain('child.owncloud.com'); + $this->contentSecurityPolicy->addAllowedChildSrcDomain('child.nextcloud.com'); $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); } - public function testGetPolicyChildSrcValidMultiple() { - $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self';child-src child.owncloud.com child.owncloud.org;frame-ancestors 'self';form-action 'self'"; + public function testGetPolicyChildSrcValidMultiple(): void { + $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self';child-src child.nextcloud.com child.nextcloud.org;frame-ancestors 'self';form-action 'self'"; - $this->contentSecurityPolicy->addAllowedChildSrcDomain('child.owncloud.com'); - $this->contentSecurityPolicy->addAllowedChildSrcDomain('child.owncloud.org'); + $this->contentSecurityPolicy->addAllowedChildSrcDomain('child.nextcloud.com'); + $this->contentSecurityPolicy->addAllowedChildSrcDomain('child.nextcloud.org'); $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); } - public function testGetPolicyDisallowChildSrcDomain() { + public function testGetPolicyDisallowChildSrcDomain(): void { $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self';frame-ancestors 'self';form-action 'self'"; - $this->contentSecurityPolicy->addAllowedChildSrcDomain('www.owncloud.com'); - $this->contentSecurityPolicy->disallowChildSrcDomain('www.owncloud.com'); + $this->contentSecurityPolicy->addAllowedChildSrcDomain('www.nextcloud.com'); + $this->contentSecurityPolicy->disallowChildSrcDomain('www.nextcloud.com'); $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); } - public function testGetPolicyDisallowChildSrcDomainMultiple() { - $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self';child-src www.owncloud.com;frame-ancestors 'self';form-action 'self'"; + public function testGetPolicyDisallowChildSrcDomainMultiple(): void { + $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self';child-src www.nextcloud.com;frame-ancestors 'self';form-action 'self'"; - $this->contentSecurityPolicy->addAllowedChildSrcDomain('www.owncloud.com'); - $this->contentSecurityPolicy->disallowChildSrcDomain('www.owncloud.org'); + $this->contentSecurityPolicy->addAllowedChildSrcDomain('www.nextcloud.com'); + $this->contentSecurityPolicy->disallowChildSrcDomain('www.nextcloud.org'); $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); } - public function testGetPolicyDisallowChildSrcDomainMultipleStakes() { + public function testGetPolicyDisallowChildSrcDomainMultipleStakes(): void { $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self';frame-ancestors 'self';form-action 'self'"; - $this->contentSecurityPolicy->addAllowedChildSrcDomain('www.owncloud.com'); - $this->contentSecurityPolicy->disallowChildSrcDomain('www.owncloud.org')->disallowChildSrcDomain('www.owncloud.com'); + $this->contentSecurityPolicy->addAllowedChildSrcDomain('www.nextcloud.com'); + $this->contentSecurityPolicy->disallowChildSrcDomain('www.nextcloud.org')->disallowChildSrcDomain('www.nextcloud.com'); $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); } - public function testGetAllowedFrameAncestorDomain() { + public function testGetAllowedFrameAncestorDomain(): void { $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self';frame-ancestors 'self' sub.nextcloud.com;form-action 'self'"; $this->contentSecurityPolicy->addAllowedFrameAncestorDomain('sub.nextcloud.com'); $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); } - public function testGetPolicyFrameAncestorValidMultiple() { + public function testGetPolicyFrameAncestorValidMultiple(): void { $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self';frame-ancestors 'self' sub.nextcloud.com foo.nextcloud.com;form-action 'self'"; $this->contentSecurityPolicy->addAllowedFrameAncestorDomain('sub.nextcloud.com'); @@ -442,7 +425,7 @@ class ContentSecurityPolicyTest extends \Test\TestCase { $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); } - public function testGetPolicyDisallowFrameAncestorDomain() { + public function testGetPolicyDisallowFrameAncestorDomain(): void { $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self';frame-ancestors 'self';form-action 'self'"; $this->contentSecurityPolicy->addAllowedFrameAncestorDomain('www.nextcloud.com'); @@ -450,7 +433,7 @@ class ContentSecurityPolicyTest extends \Test\TestCase { $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); } - public function testGetPolicyDisallowFrameAncestorDomainMultiple() { + public function testGetPolicyDisallowFrameAncestorDomainMultiple(): void { $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self';frame-ancestors 'self' www.nextcloud.com;form-action 'self'"; $this->contentSecurityPolicy->addAllowedFrameAncestorDomain('www.nextcloud.com'); @@ -458,35 +441,76 @@ class ContentSecurityPolicyTest extends \Test\TestCase { $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); } - public function testGetPolicyDisallowFrameAncestorDomainMultipleStakes() { + public function testGetPolicyDisallowFrameAncestorDomainMultipleStakes(): void { $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self';frame-ancestors 'self';form-action 'self'"; - $this->contentSecurityPolicy->addAllowedChildSrcDomain('www.owncloud.com'); - $this->contentSecurityPolicy->disallowChildSrcDomain('www.owncloud.org')->disallowChildSrcDomain('www.owncloud.com'); + $this->contentSecurityPolicy->addAllowedChildSrcDomain('www.nextcloud.com'); + $this->contentSecurityPolicy->disallowChildSrcDomain('www.nextcloud.org')->disallowChildSrcDomain('www.nextcloud.com'); $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); } - public function testGetPolicyUnsafeEval() { + public function testGetPolicyUnsafeEval(): void { $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self';frame-ancestors 'self';form-action 'self'"; $this->contentSecurityPolicy->allowEvalScript(true); $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); } - public function testGetPolicyNonce() { - $nonce = 'my-nonce'; - $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'nonce-".base64_encode($nonce) . "';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self';frame-ancestors 'self';form-action 'self'"; + public function testGetPolicyUnsafeWasmEval(): void { + $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self' 'wasm-unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self';frame-ancestors 'self';form-action 'self'"; + + $this->contentSecurityPolicy->allowEvalWasm(true); + $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); + } + + public function testGetPolicyNonce(): void { + $nonce = base64_encode('my-nonce'); + $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'nonce-$nonce';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self';frame-ancestors 'self';form-action 'self'"; + + $this->contentSecurityPolicy->useJsNonce($nonce); + $this->contentSecurityPolicy->useStrictDynamicOnScripts(false); + $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); + } + + public function testGetPolicyNonceDefault(): void { + $nonce = base64_encode('my-nonce'); + $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'nonce-$nonce';script-src-elem 'strict-dynamic' 'nonce-$nonce';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self';frame-ancestors 'self';form-action 'self'"; $this->contentSecurityPolicy->useJsNonce($nonce); $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); } - public function testGetPolicyNonceStrictDynamic() { - $nonce = 'my-nonce'; - $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'strict-dynamic' 'nonce-".base64_encode($nonce) . "';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self';frame-ancestors 'self';form-action 'self'"; + public function testGetPolicyNonceStrictDynamic(): void { + $nonce = base64_encode('my-nonce'); + $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'strict-dynamic' 'nonce-$nonce';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self';frame-ancestors 'self';form-action 'self'"; $this->contentSecurityPolicy->useJsNonce($nonce); $this->contentSecurityPolicy->useStrictDynamic(true); + $this->contentSecurityPolicy->useStrictDynamicOnScripts(false); + $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); + } + + public function testGetPolicyNonceStrictDynamicDefault(): void { + $nonce = base64_encode('my-nonce'); + $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'strict-dynamic' 'nonce-$nonce';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self';frame-ancestors 'self';form-action 'self'"; + + $this->contentSecurityPolicy->useJsNonce($nonce); + $this->contentSecurityPolicy->useStrictDynamic(true); + $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); + } + + public function testGetPolicyStrictDynamicOnScriptsOff(): void { + $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self';frame-ancestors 'self';form-action 'self'"; + + $this->contentSecurityPolicy->useStrictDynamicOnScripts(false); + $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); + } + + public function testGetPolicyStrictDynamicAndStrictDynamicOnScripts(): void { + $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self';frame-ancestors 'self';form-action 'self'"; + + $this->contentSecurityPolicy->useStrictDynamic(true); + $this->contentSecurityPolicy->useStrictDynamicOnScripts(true); $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); } } diff --git a/tests/lib/AppFramework/Http/DataResponseTest.php b/tests/lib/AppFramework/Http/DataResponseTest.php index f933b3102b7..e9a2c511140 100644 --- a/tests/lib/AppFramework/Http/DataResponseTest.php +++ b/tests/lib/AppFramework/Http/DataResponseTest.php @@ -1,24 +1,9 @@ <?php /** - * ownCloud - App Framework - * - * @author Bernhard Posselt - * @copyright 2014 Bernhard Posselt <dev@bernhard-posselt.com> - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE - * License as published by the Free Software Foundation; either - * version 3 of the License, or any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU AFFERO GENERAL PUBLIC LICENSE for more details. - * - * You should have received a copy of the GNU Affero General Public - * License along with this library. If not, see <http://www.gnu.org/licenses/>. - * + * SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors + * SPDX-FileCopyrightText: 2016 ownCloud, Inc. + * SPDX-License-Identifier: AGPL-3.0-or-later */ namespace Test\AppFramework\Http; @@ -26,9 +11,9 @@ namespace Test\AppFramework\Http; use OCP\AppFramework\Http; use OCP\AppFramework\Http\DataResponse; use OCP\IRequest; +use OCP\Server; class DataResponseTest extends \Test\TestCase { - /** * @var DataResponse */ @@ -40,7 +25,7 @@ class DataResponseTest extends \Test\TestCase { } - public function testSetData() { + public function testSetData(): void { $params = ['hi', 'yo']; $this->response->setData($params); @@ -48,7 +33,7 @@ class DataResponseTest extends \Test\TestCase { } - public function testConstructorAllowsToSetData() { + public function testConstructorAllowsToSetData(): void { $data = ['hi']; $code = 300; $response = new DataResponse($data, $code); @@ -58,7 +43,7 @@ class DataResponseTest extends \Test\TestCase { } - public function testConstructorAllowsToSetHeaders() { + public function testConstructorAllowsToSetHeaders(): void { $data = ['hi']; $code = 300; $headers = ['test' => 'something']; @@ -68,8 +53,8 @@ class DataResponseTest extends \Test\TestCase { 'Cache-Control' => 'no-cache, no-store, must-revalidate', 'Content-Security-Policy' => "default-src 'none';base-uri 'none';manifest-src 'self';frame-ancestors 'none'", 'Feature-Policy' => "autoplay 'none';camera 'none';fullscreen 'none';geolocation 'none';microphone 'none';payment 'none'", - 'X-Robots-Tag' => 'none', - 'X-Request-Id' => \OC::$server->get(IRequest::class)->getId(), + 'X-Robots-Tag' => 'noindex, nofollow', + 'X-Request-Id' => Server::get(IRequest::class)->getId(), ]; $expectedHeaders = array_merge($expectedHeaders, $headers); @@ -79,7 +64,7 @@ class DataResponseTest extends \Test\TestCase { } - public function testChainability() { + public function testChainability(): void { $params = ['hi', 'yo']; $this->response->setData($params) ->setStatus(Http::STATUS_NOT_FOUND); diff --git a/tests/lib/AppFramework/Http/DispatcherTest.php b/tests/lib/AppFramework/Http/DispatcherTest.php index e1d78082a2d..86c78e840e0 100644 --- a/tests/lib/AppFramework/Http/DispatcherTest.php +++ b/tests/lib/AppFramework/Http/DispatcherTest.php @@ -1,28 +1,14 @@ <?php /** - * ownCloud - App Framework - * - * @author Bernhard Posselt - * @copyright 2012 Bernhard Posselt <dev@bernhard-posselt.com> - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE - * License as published by the Free Software Foundation; either - * version 3 of the License, or any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU AFFERO GENERAL PUBLIC LICENSE for more details. - * - * You should have received a copy of the GNU Affero General Public - * License along with this library. If not, see <http://www.gnu.org/licenses/>. - * + * SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors + * SPDX-FileCopyrightText: 2016 ownCloud, Inc. + * SPDX-License-Identifier: AGPL-3.0-or-later */ namespace Test\AppFramework\Http; +use OC\AppFramework\DependencyInjection\DIContainer; use OC\AppFramework\Http\Dispatcher; use OC\AppFramework\Http\Request; use OC\AppFramework\Middleware\MiddlewareDispatcher; @@ -31,18 +17,22 @@ use OCP\AppFramework\Controller; use OCP\AppFramework\Http; use OCP\AppFramework\Http\DataResponse; use OCP\AppFramework\Http\JSONResponse; +use OCP\AppFramework\Http\ParameterOutOfRangeException; use OCP\AppFramework\Http\Response; use OCP\Diagnostics\IEventLogger; use OCP\IConfig; +use OCP\IDBConnection; use OCP\IRequest; +use OCP\IRequestId; +use OCP\Server; use PHPUnit\Framework\MockObject\MockObject; +use Psr\Container\ContainerInterface; use Psr\Log\LoggerInterface; -use OCP\IRequestId; class TestController extends Controller { /** * @param string $appName - * @param \OCP\IRequest $request + * @param IRequest $request */ public function __construct($appName, $request) { parent::__construct($appName, $request); @@ -51,11 +41,12 @@ class TestController extends Controller { /** * @param int $int * @param bool $bool + * @param double $foo * @param int $test - * @param int $test2 + * @param integer $test2 * @return array */ - public function exec($int, $bool, $test = 4, $test2 = 1) { + public function exec($int, $bool, $foo, $test = 4, $test2 = 1) { $this->registerResponder('text', function ($in) { return new JSONResponse(['text' => $in]); }); @@ -75,6 +66,10 @@ class TestController extends Controller { 'text' => [$int, $bool, $test, $test2] ]); } + + public function test(): Response { + return new DataResponse(); + } } /** @@ -89,22 +84,24 @@ class DispatcherTest extends \Test\TestCase { /** @var Dispatcher */ private $dispatcher; private $controllerMethod; + /** @var Controller|MockObject */ + private $controller; private $response; - /** @var IRequest|MockObject */ + /** @var IRequest|MockObject */ private $request; private $lastModified; private $etag; - /** @var Http|MockObject */ + /** @var Http|MockObject */ private $http; private $reflector; - /** @var IConfig|MockObject */ + /** @var IConfig|MockObject */ private $config; - /** @var LoggerInterface|MockObject */ + /** @var LoggerInterface|MockObject */ private $logger; - /** - * @var IEventLogger|MockObject - */ + /** @var IEventLogger|MockObject */ private $eventLogger; + /** @var ContainerInterface|MockObject */ + private $container; protected function setUp(): void { parent::setUp(); @@ -113,33 +110,18 @@ class DispatcherTest extends \Test\TestCase { $this->config = $this->createMock(IConfig::class); $this->logger = $this->createMock(LoggerInterface::class); $this->eventLogger = $this->createMock(IEventLogger::class); - $app = $this->getMockBuilder( - 'OC\AppFramework\DependencyInjection\DIContainer') - ->disableOriginalConstructor() - ->getMock(); - $request = $this->getMockBuilder( - '\OC\AppFramework\Http\Request') - ->disableOriginalConstructor() - ->getMock(); - $this->http = $this->getMockBuilder( - \OC\AppFramework\Http::class) - ->disableOriginalConstructor() - ->getMock(); - - $this->middlewareDispatcher = $this->getMockBuilder( - '\OC\AppFramework\Middleware\MiddlewareDispatcher') - ->disableOriginalConstructor() - ->getMock(); - $this->controller = $this->getMockBuilder( - '\OCP\AppFramework\Controller') - ->setMethods([$this->controllerMethod]) + $this->container = $this->createMock(ContainerInterface::class); + $app = $this->createMock(DIContainer::class); + $request = $this->createMock(Request::class); + $this->http = $this->createMock(\OC\AppFramework\Http::class); + + $this->middlewareDispatcher = $this->createMock(MiddlewareDispatcher::class); + $this->controller = $this->getMockBuilder(TestController::class) + ->onlyMethods([$this->controllerMethod]) ->setConstructorArgs([$app, $request]) ->getMock(); - $this->request = $this->getMockBuilder( - '\OC\AppFramework\Http\Request') - ->disableOriginalConstructor() - ->getMock(); + $this->request = $this->createMock(Request::class); $this->reflector = new ControllerMethodReflector(); @@ -149,9 +131,10 @@ class DispatcherTest extends \Test\TestCase { $this->reflector, $this->request, $this->config, - \OC::$server->getDatabaseConnection(), + Server::get(IDBConnection::class), $this->logger, - $this->eventLogger + $this->eventLogger, + $this->container, ); $this->response = $this->createMock(Response::class); @@ -174,7 +157,7 @@ class DispatcherTest extends \Test\TestCase { ->method('beforeController') ->with($this->equalTo($this->controller), $this->equalTo($this->controllerMethod)) - ->will($this->throwException($exception)); + ->willThrowException($exception); if ($catchEx) { $this->middlewareDispatcher->expects($this->once()) ->method('afterException') @@ -238,7 +221,7 @@ class DispatcherTest extends \Test\TestCase { } - public function testDispatcherReturnsArrayWith2Entries() { + public function testDispatcherReturnsArrayWith2Entries(): void { $this->setMiddlewareExpectations(''); $response = $this->dispatcher->dispatch($this->controller, $this->controllerMethod); @@ -248,7 +231,7 @@ class DispatcherTest extends \Test\TestCase { } - public function testHeadersAndOutputAreReturned() { + public function testHeadersAndOutputAreReturned(): void { $out = 'yo'; $httpHeaders = 'Http'; $responseHeaders = ['hell' => 'yeah']; @@ -263,7 +246,7 @@ class DispatcherTest extends \Test\TestCase { } - public function testExceptionCallsAfterException() { + public function testExceptionCallsAfterException(): void { $out = 'yo'; $httpHeaders = 'Http'; $responseHeaders = ['hell' => 'yeah']; @@ -278,7 +261,7 @@ class DispatcherTest extends \Test\TestCase { } - public function testExceptionThrowsIfCanNotBeHandledByAfterException() { + public function testExceptionThrowsIfCanNotBeHandledByAfterException(): void { $out = 'yo'; $httpHeaders = 'Http'; $responseHeaders = ['hell' => 'yeah']; @@ -294,7 +277,7 @@ class DispatcherTest extends \Test\TestCase { private function dispatcherPassthrough() { $this->middlewareDispatcher->expects($this->once()) - ->method('beforeController'); + ->method('beforeController'); $this->middlewareDispatcher->expects($this->once()) ->method('afterController') ->willReturnCallback(function ($a, $b, $in) { @@ -308,12 +291,13 @@ class DispatcherTest extends \Test\TestCase { } - public function testControllerParametersInjected() { + public function testControllerParametersInjected(): void { $this->request = new Request( [ 'post' => [ 'int' => '3', - 'bool' => 'false' + 'bool' => 'false', + 'double' => 1.2, ], 'method' => 'POST' ], @@ -324,9 +308,10 @@ class DispatcherTest extends \Test\TestCase { $this->http, $this->middlewareDispatcher, $this->reflector, $this->request, $this->config, - \OC::$server->getDatabaseConnection(), + Server::get(IDBConnection::class), $this->logger, - $this->eventLogger + $this->eventLogger, + $this->container ); $controller = new TestController('app', $this->request); @@ -334,16 +319,17 @@ class DispatcherTest extends \Test\TestCase { $this->dispatcherPassthrough(); $response = $this->dispatcher->dispatch($controller, 'exec'); - $this->assertEquals('[3,true,4,1]', $response[3]); + $this->assertEquals('[3,false,4,1]', $response[3]); } - public function testControllerParametersInjectedDefaultOverwritten() { + public function testControllerParametersInjectedDefaultOverwritten(): void { $this->request = new Request( [ 'post' => [ 'int' => '3', 'bool' => 'false', + 'double' => 1.2, 'test2' => 7 ], 'method' => 'POST', @@ -355,9 +341,10 @@ class DispatcherTest extends \Test\TestCase { $this->http, $this->middlewareDispatcher, $this->reflector, $this->request, $this->config, - \OC::$server->getDatabaseConnection(), + Server::get(IDBConnection::class), $this->logger, - $this->eventLogger + $this->eventLogger, + $this->container ); $controller = new TestController('app', $this->request); @@ -365,17 +352,18 @@ class DispatcherTest extends \Test\TestCase { $this->dispatcherPassthrough(); $response = $this->dispatcher->dispatch($controller, 'exec'); - $this->assertEquals('[3,true,4,7]', $response[3]); + $this->assertEquals('[3,false,4,7]', $response[3]); } - public function testResponseTransformedByUrlFormat() { + public function testResponseTransformedByUrlFormat(): void { $this->request = new Request( [ 'post' => [ 'int' => '3', - 'bool' => 'false' + 'bool' => 'false', + 'double' => 1.2, ], 'urlParams' => [ 'format' => 'text' @@ -389,9 +377,10 @@ class DispatcherTest extends \Test\TestCase { $this->http, $this->middlewareDispatcher, $this->reflector, $this->request, $this->config, - \OC::$server->getDatabaseConnection(), + Server::get(IDBConnection::class), $this->logger, - $this->eventLogger + $this->eventLogger, + $this->container ); $controller = new TestController('app', $this->request); @@ -403,12 +392,13 @@ class DispatcherTest extends \Test\TestCase { } - public function testResponseTransformsDataResponse() { + public function testResponseTransformsDataResponse(): void { $this->request = new Request( [ 'post' => [ 'int' => '3', - 'bool' => 'false' + 'bool' => 'false', + 'double' => 1.2, ], 'urlParams' => [ 'format' => 'json' @@ -422,9 +412,10 @@ class DispatcherTest extends \Test\TestCase { $this->http, $this->middlewareDispatcher, $this->reflector, $this->request, $this->config, - \OC::$server->getDatabaseConnection(), + Server::get(IDBConnection::class), $this->logger, - $this->eventLogger + $this->eventLogger, + $this->container ); $controller = new TestController('app', $this->request); @@ -436,12 +427,13 @@ class DispatcherTest extends \Test\TestCase { } - public function testResponseTransformedByAcceptHeader() { + public function testResponseTransformedByAcceptHeader(): void { $this->request = new Request( [ 'post' => [ 'int' => '3', - 'bool' => 'false' + 'bool' => 'false', + 'double' => 1.2, ], 'server' => [ 'HTTP_ACCEPT' => 'application/text, test', @@ -456,9 +448,10 @@ class DispatcherTest extends \Test\TestCase { $this->http, $this->middlewareDispatcher, $this->reflector, $this->request, $this->config, - \OC::$server->getDatabaseConnection(), + Server::get(IDBConnection::class), $this->logger, - $this->eventLogger + $this->eventLogger, + $this->container ); $controller = new TestController('app', $this->request); @@ -469,13 +462,49 @@ class DispatcherTest extends \Test\TestCase { $this->assertEquals('{"text":[3,false,4,1]}', $response[3]); } + public function testResponseTransformedBySendingMultipartFormData(): void { + $this->request = new Request( + [ + 'post' => [ + 'int' => '3', + 'bool' => 'false', + 'double' => 1.2, + ], + 'server' => [ + 'HTTP_ACCEPT' => 'application/text, test', + 'HTTP_CONTENT_TYPE' => 'multipart/form-data' + ], + 'method' => 'POST' + ], + $this->createMock(IRequestId::class), + $this->createMock(IConfig::class) + ); + $this->dispatcher = new Dispatcher( + $this->http, $this->middlewareDispatcher, $this->reflector, + $this->request, + $this->config, + Server::get(IDBConnection::class), + $this->logger, + $this->eventLogger, + $this->container + ); + $controller = new TestController('app', $this->request); + + // reflector is supposed to be called once + $this->dispatcherPassthrough(); + $response = $this->dispatcher->dispatch($controller, 'exec'); + + $this->assertEquals('{"text":[3,false,4,1]}', $response[3]); + } - public function testResponsePrimarilyTransformedByParameterFormat() { + + public function testResponsePrimarilyTransformedByParameterFormat(): void { $this->request = new Request( [ 'post' => [ 'int' => '3', - 'bool' => 'false' + 'bool' => 'false', + 'double' => 1.2, ], 'get' => [ 'format' => 'text' @@ -492,9 +521,10 @@ class DispatcherTest extends \Test\TestCase { $this->http, $this->middlewareDispatcher, $this->reflector, $this->request, $this->config, - \OC::$server->getDatabaseConnection(), + Server::get(IDBConnection::class), $this->logger, - $this->eventLogger + $this->eventLogger, + $this->container ); $controller = new TestController('app', $this->request); @@ -502,6 +532,51 @@ class DispatcherTest extends \Test\TestCase { $this->dispatcherPassthrough(); $response = $this->dispatcher->dispatch($controller, 'exec'); - $this->assertEquals('{"text":[3,true,4,1]}', $response[3]); + $this->assertEquals('{"text":[3,false,4,1]}', $response[3]); + } + + + public static function rangeDataProvider(): array { + return [ + [PHP_INT_MIN, PHP_INT_MAX, 42, false], + [0, 12, -5, true], + [-12, 0, 5, true], + [7, 14, 5, true], + [7, 14, 10, false], + [-14, -7, -10, false], + ]; + } + + #[\PHPUnit\Framework\Attributes\DataProvider('rangeDataProvider')] + public function testEnsureParameterValueSatisfiesRange(int $min, int $max, int $input, bool $throw): void { + $this->reflector = $this->createMock(ControllerMethodReflector::class); + $this->reflector->expects($this->any()) + ->method('getRange') + ->willReturn([ + 'min' => $min, + 'max' => $max, + ]); + + $this->dispatcher = new Dispatcher( + $this->http, + $this->middlewareDispatcher, + $this->reflector, + $this->request, + $this->config, + Server::get(IDBConnection::class), + $this->logger, + $this->eventLogger, + $this->container, + ); + + if ($throw) { + $this->expectException(ParameterOutOfRangeException::class); + } + + $this->invokePrivate($this->dispatcher, 'ensureParameterValueSatisfiesRange', ['myArgument', $input]); + if (!$throw) { + // do not mark this test risky + $this->assertTrue(true); + } } } diff --git a/tests/lib/AppFramework/Http/DownloadResponseTest.php b/tests/lib/AppFramework/Http/DownloadResponseTest.php index 89de248cea0..b2f60edd999 100644 --- a/tests/lib/AppFramework/Http/DownloadResponseTest.php +++ b/tests/lib/AppFramework/Http/DownloadResponseTest.php @@ -1,24 +1,9 @@ <?php /** - * ownCloud - App Framework - * - * @author Bernhard Posselt - * @copyright 2012 Bernhard Posselt <dev@bernhard-posselt.com> - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE - * License as published by the Free Software Foundation; either - * version 3 of the License, or any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU AFFERO GENERAL PUBLIC LICENSE for more details. - * - * You should have received a copy of the GNU Affero General Public - * License along with this library. If not, see <http://www.gnu.org/licenses/>. - * + * SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors + * SPDX-FileCopyrightText: 2016 ownCloud, Inc. + * SPDX-License-Identifier: AGPL-3.0-or-later */ namespace Test\AppFramework\Http; @@ -34,7 +19,7 @@ class DownloadResponseTest extends \Test\TestCase { parent::setUp(); } - public function testHeaders() { + public function testHeaders(): void { $response = new ChildDownloadResponse('file', 'content'); $headers = $response->getHeaders(); @@ -42,17 +27,15 @@ class DownloadResponseTest extends \Test\TestCase { $this->assertEquals('content', $headers['Content-Type']); } - /** - * @dataProvider filenameEncodingProvider - */ - public function testFilenameEncoding(string $input, string $expected) { + #[\PHPUnit\Framework\Attributes\DataProvider('filenameEncodingProvider')] + public function testFilenameEncoding(string $input, string $expected): void { $response = new ChildDownloadResponse($input, 'content'); $headers = $response->getHeaders(); - $this->assertEquals('attachment; filename="'.$expected.'"', $headers['Content-Disposition']); + $this->assertEquals('attachment; filename="' . $expected . '"', $headers['Content-Disposition']); } - public function filenameEncodingProvider() : array { + public static function filenameEncodingProvider() : array { return [ ['TestName.txt', 'TestName.txt'], ['A "Quoted" Filename.txt', 'A \\"Quoted\\" Filename.txt'], diff --git a/tests/lib/AppFramework/Http/EmptyContentSecurityPolicyTest.php b/tests/lib/AppFramework/Http/EmptyContentSecurityPolicyTest.php index 5fe81bb0136..66abce43cc4 100644 --- a/tests/lib/AppFramework/Http/EmptyContentSecurityPolicyTest.php +++ b/tests/lib/AppFramework/Http/EmptyContentSecurityPolicyTest.php @@ -1,9 +1,9 @@ <?php + /** - * Copyright (c) 2015 Lukas Reschke lukas@owncloud.com - * This file is licensed under the Affero General Public License version 3 or - * later. - * See the COPYING-README file. + * SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors + * SPDX-FileCopyrightText: 2016 ownCloud, Inc. + * SPDX-License-Identifier: AGPL-3.0-or-later */ namespace Test\AppFramework\Http; @@ -16,7 +16,6 @@ use OCP\AppFramework\Http\EmptyContentSecurityPolicy; * @package OC\AppFramework\Http */ class EmptyContentSecurityPolicyTest extends \Test\TestCase { - /** @var EmptyContentSecurityPolicy */ private $contentSecurityPolicy; @@ -25,443 +24,475 @@ class EmptyContentSecurityPolicyTest extends \Test\TestCase { $this->contentSecurityPolicy = new EmptyContentSecurityPolicy(); } - public function testGetPolicyDefault() { + public function testGetPolicyDefault(): void { $defaultPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';frame-ancestors 'none'"; $this->assertSame($defaultPolicy, $this->contentSecurityPolicy->buildPolicy()); } - public function testGetPolicyScriptDomainValid() { - $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src www.owncloud.com;frame-ancestors 'none'"; + public function testGetPolicyScriptDomainValid(): void { + $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src www.nextcloud.com;frame-ancestors 'none'"; - $this->contentSecurityPolicy->addAllowedScriptDomain('www.owncloud.com'); + $this->contentSecurityPolicy->addAllowedScriptDomain('www.nextcloud.com'); $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); } - public function testGetPolicyScriptDomainValidMultiple() { - $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src www.owncloud.com www.owncloud.org;frame-ancestors 'none'"; + public function testGetPolicyScriptDomainValidMultiple(): void { + $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src www.nextcloud.com www.nextcloud.org;frame-ancestors 'none'"; - $this->contentSecurityPolicy->addAllowedScriptDomain('www.owncloud.com'); - $this->contentSecurityPolicy->addAllowedScriptDomain('www.owncloud.org'); + $this->contentSecurityPolicy->addAllowedScriptDomain('www.nextcloud.com'); + $this->contentSecurityPolicy->addAllowedScriptDomain('www.nextcloud.org'); $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); } - public function testGetPolicyDisallowScriptDomain() { + public function testGetPolicyDisallowScriptDomain(): void { $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';frame-ancestors 'none'"; - $this->contentSecurityPolicy->addAllowedScriptDomain('www.owncloud.com'); - $this->contentSecurityPolicy->disallowScriptDomain('www.owncloud.com'); + $this->contentSecurityPolicy->addAllowedScriptDomain('www.nextcloud.com'); + $this->contentSecurityPolicy->disallowScriptDomain('www.nextcloud.com'); $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); } - public function testGetPolicyDisallowScriptDomainMultiple() { - $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src www.owncloud.com;frame-ancestors 'none'"; + public function testGetPolicyDisallowScriptDomainMultiple(): void { + $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src www.nextcloud.com;frame-ancestors 'none'"; - $this->contentSecurityPolicy->addAllowedScriptDomain('www.owncloud.com'); - $this->contentSecurityPolicy->disallowScriptDomain('www.owncloud.org'); + $this->contentSecurityPolicy->addAllowedScriptDomain('www.nextcloud.com'); + $this->contentSecurityPolicy->disallowScriptDomain('www.nextcloud.org'); $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); } - public function testGetPolicyDisallowScriptDomainMultipleStacked() { + public function testGetPolicyDisallowScriptDomainMultipleStacked(): void { $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';frame-ancestors 'none'"; - $this->contentSecurityPolicy->addAllowedScriptDomain('www.owncloud.com'); - $this->contentSecurityPolicy->disallowScriptDomain('www.owncloud.org')->disallowScriptDomain('www.owncloud.com'); - $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); - } - - public function testGetPolicyScriptAllowInline() { - $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'unsafe-inline';frame-ancestors 'none'"; - - $this->contentSecurityPolicy->allowInlineScript(true); + $this->contentSecurityPolicy->addAllowedScriptDomain('www.nextcloud.com'); + $this->contentSecurityPolicy->disallowScriptDomain('www.nextcloud.org')->disallowScriptDomain('www.nextcloud.com'); $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); } - public function testGetPolicyScriptAllowInlineWithDomain() { - $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src www.owncloud.com 'unsafe-inline';frame-ancestors 'none'"; + public function testGetPolicyScriptAllowEval(): void { + $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'unsafe-eval';frame-ancestors 'none'"; - $this->contentSecurityPolicy->addAllowedScriptDomain('www.owncloud.com'); - $this->contentSecurityPolicy->allowInlineScript(true); + $this->contentSecurityPolicy->allowEvalScript(true); $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); } - public function testGetPolicyScriptAllowInlineAndEval() { - $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'unsafe-inline' 'unsafe-eval';frame-ancestors 'none'"; + public function testGetPolicyScriptAllowWasmEval(): void { + $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'wasm-unsafe-eval';frame-ancestors 'none'"; - $this->contentSecurityPolicy->allowInlineScript(true); - $this->contentSecurityPolicy->allowEvalScript(true); + $this->contentSecurityPolicy->allowEvalWasm(true); $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); } - public function testGetPolicyStyleDomainValid() { - $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';style-src www.owncloud.com;frame-ancestors 'none'"; + public function testGetPolicyStyleDomainValid(): void { + $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';style-src www.nextcloud.com;frame-ancestors 'none'"; - $this->contentSecurityPolicy->addAllowedStyleDomain('www.owncloud.com'); + $this->contentSecurityPolicy->addAllowedStyleDomain('www.nextcloud.com'); $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); } - public function testGetPolicyStyleDomainValidMultiple() { - $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';style-src www.owncloud.com www.owncloud.org;frame-ancestors 'none'"; + public function testGetPolicyStyleDomainValidMultiple(): void { + $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';style-src www.nextcloud.com www.nextcloud.org;frame-ancestors 'none'"; - $this->contentSecurityPolicy->addAllowedStyleDomain('www.owncloud.com'); - $this->contentSecurityPolicy->addAllowedStyleDomain('www.owncloud.org'); + $this->contentSecurityPolicy->addAllowedStyleDomain('www.nextcloud.com'); + $this->contentSecurityPolicy->addAllowedStyleDomain('www.nextcloud.org'); $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); } - public function testGetPolicyDisallowStyleDomain() { + public function testGetPolicyDisallowStyleDomain(): void { $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';frame-ancestors 'none'"; - $this->contentSecurityPolicy->addAllowedStyleDomain('www.owncloud.com'); - $this->contentSecurityPolicy->disallowStyleDomain('www.owncloud.com'); + $this->contentSecurityPolicy->addAllowedStyleDomain('www.nextcloud.com'); + $this->contentSecurityPolicy->disallowStyleDomain('www.nextcloud.com'); $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); } - public function testGetPolicyDisallowStyleDomainMultiple() { - $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';style-src www.owncloud.com;frame-ancestors 'none'"; + public function testGetPolicyDisallowStyleDomainMultiple(): void { + $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';style-src www.nextcloud.com;frame-ancestors 'none'"; - $this->contentSecurityPolicy->addAllowedStyleDomain('www.owncloud.com'); - $this->contentSecurityPolicy->disallowStyleDomain('www.owncloud.org'); + $this->contentSecurityPolicy->addAllowedStyleDomain('www.nextcloud.com'); + $this->contentSecurityPolicy->disallowStyleDomain('www.nextcloud.org'); $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); } - public function testGetPolicyDisallowStyleDomainMultipleStacked() { + public function testGetPolicyDisallowStyleDomainMultipleStacked(): void { $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';frame-ancestors 'none'"; - $this->contentSecurityPolicy->addAllowedStyleDomain('www.owncloud.com'); - $this->contentSecurityPolicy->disallowStyleDomain('www.owncloud.org')->disallowStyleDomain('www.owncloud.com'); + $this->contentSecurityPolicy->addAllowedStyleDomain('www.nextcloud.com'); + $this->contentSecurityPolicy->disallowStyleDomain('www.nextcloud.org')->disallowStyleDomain('www.nextcloud.com'); $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); } - public function testGetPolicyStyleAllowInline() { + public function testGetPolicyStyleAllowInline(): void { $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';style-src 'unsafe-inline';frame-ancestors 'none'"; $this->contentSecurityPolicy->allowInlineStyle(true); $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); } - public function testGetPolicyStyleAllowInlineWithDomain() { - $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';style-src www.owncloud.com 'unsafe-inline';frame-ancestors 'none'"; + public function testGetPolicyStyleAllowInlineWithDomain(): void { + $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';style-src www.nextcloud.com 'unsafe-inline';frame-ancestors 'none'"; - $this->contentSecurityPolicy->addAllowedStyleDomain('www.owncloud.com'); + $this->contentSecurityPolicy->addAllowedStyleDomain('www.nextcloud.com'); $this->contentSecurityPolicy->allowInlineStyle(true); $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); } - public function testGetPolicyStyleDisallowInline() { + public function testGetPolicyStyleDisallowInline(): void { $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';frame-ancestors 'none'"; $this->contentSecurityPolicy->allowInlineStyle(false); $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); } - public function testGetPolicyImageDomainValid() { - $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';img-src www.owncloud.com;frame-ancestors 'none'"; + public function testGetPolicyImageDomainValid(): void { + $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';img-src www.nextcloud.com;frame-ancestors 'none'"; - $this->contentSecurityPolicy->addAllowedImageDomain('www.owncloud.com'); + $this->contentSecurityPolicy->addAllowedImageDomain('www.nextcloud.com'); $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); } - public function testGetPolicyImageDomainValidMultiple() { - $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';img-src www.owncloud.com www.owncloud.org;frame-ancestors 'none'"; + public function testGetPolicyImageDomainValidMultiple(): void { + $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';img-src www.nextcloud.com www.nextcloud.org;frame-ancestors 'none'"; - $this->contentSecurityPolicy->addAllowedImageDomain('www.owncloud.com'); - $this->contentSecurityPolicy->addAllowedImageDomain('www.owncloud.org'); + $this->contentSecurityPolicy->addAllowedImageDomain('www.nextcloud.com'); + $this->contentSecurityPolicy->addAllowedImageDomain('www.nextcloud.org'); $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); } - public function testGetPolicyDisallowImageDomain() { + public function testGetPolicyDisallowImageDomain(): void { $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';frame-ancestors 'none'"; - $this->contentSecurityPolicy->addAllowedImageDomain('www.owncloud.com'); - $this->contentSecurityPolicy->disallowImageDomain('www.owncloud.com'); + $this->contentSecurityPolicy->addAllowedImageDomain('www.nextcloud.com'); + $this->contentSecurityPolicy->disallowImageDomain('www.nextcloud.com'); $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); } - public function testGetPolicyDisallowImageDomainMultiple() { - $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';img-src www.owncloud.com;frame-ancestors 'none'"; + public function testGetPolicyDisallowImageDomainMultiple(): void { + $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';img-src www.nextcloud.com;frame-ancestors 'none'"; - $this->contentSecurityPolicy->addAllowedImageDomain('www.owncloud.com'); - $this->contentSecurityPolicy->disallowImageDomain('www.owncloud.org'); + $this->contentSecurityPolicy->addAllowedImageDomain('www.nextcloud.com'); + $this->contentSecurityPolicy->disallowImageDomain('www.nextcloud.org'); $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); } - public function testGetPolicyDisallowImageDomainMultipleStakes() { + public function testGetPolicyDisallowImageDomainMultipleStakes(): void { $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';frame-ancestors 'none'"; - $this->contentSecurityPolicy->addAllowedImageDomain('www.owncloud.com'); - $this->contentSecurityPolicy->disallowImageDomain('www.owncloud.org')->disallowImageDomain('www.owncloud.com'); + $this->contentSecurityPolicy->addAllowedImageDomain('www.nextcloud.com'); + $this->contentSecurityPolicy->disallowImageDomain('www.nextcloud.org')->disallowImageDomain('www.nextcloud.com'); $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); } - public function testGetPolicyFontDomainValid() { - $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';font-src www.owncloud.com;frame-ancestors 'none'"; + public function testGetPolicyFontDomainValid(): void { + $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';font-src www.nextcloud.com;frame-ancestors 'none'"; - $this->contentSecurityPolicy->addAllowedFontDomain('www.owncloud.com'); + $this->contentSecurityPolicy->addAllowedFontDomain('www.nextcloud.com'); $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); } - public function testGetPolicyFontDomainValidMultiple() { - $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';font-src www.owncloud.com www.owncloud.org;frame-ancestors 'none'"; + public function testGetPolicyFontDomainValidMultiple(): void { + $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';font-src www.nextcloud.com www.nextcloud.org;frame-ancestors 'none'"; - $this->contentSecurityPolicy->addAllowedFontDomain('www.owncloud.com'); - $this->contentSecurityPolicy->addAllowedFontDomain('www.owncloud.org'); + $this->contentSecurityPolicy->addAllowedFontDomain('www.nextcloud.com'); + $this->contentSecurityPolicy->addAllowedFontDomain('www.nextcloud.org'); $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); } - public function testGetPolicyDisallowFontDomain() { + public function testGetPolicyDisallowFontDomain(): void { $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';frame-ancestors 'none'"; - $this->contentSecurityPolicy->addAllowedFontDomain('www.owncloud.com'); - $this->contentSecurityPolicy->disallowFontDomain('www.owncloud.com'); + $this->contentSecurityPolicy->addAllowedFontDomain('www.nextcloud.com'); + $this->contentSecurityPolicy->disallowFontDomain('www.nextcloud.com'); $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); } - public function testGetPolicyDisallowFontDomainMultiple() { - $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';font-src www.owncloud.com;frame-ancestors 'none'"; + public function testGetPolicyDisallowFontDomainMultiple(): void { + $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';font-src www.nextcloud.com;frame-ancestors 'none'"; - $this->contentSecurityPolicy->addAllowedFontDomain('www.owncloud.com'); - $this->contentSecurityPolicy->disallowFontDomain('www.owncloud.org'); + $this->contentSecurityPolicy->addAllowedFontDomain('www.nextcloud.com'); + $this->contentSecurityPolicy->disallowFontDomain('www.nextcloud.org'); $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); } - public function testGetPolicyDisallowFontDomainMultipleStakes() { + public function testGetPolicyDisallowFontDomainMultipleStakes(): void { $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';frame-ancestors 'none'"; - $this->contentSecurityPolicy->addAllowedFontDomain('www.owncloud.com'); - $this->contentSecurityPolicy->disallowFontDomain('www.owncloud.org')->disallowFontDomain('www.owncloud.com'); + $this->contentSecurityPolicy->addAllowedFontDomain('www.nextcloud.com'); + $this->contentSecurityPolicy->disallowFontDomain('www.nextcloud.org')->disallowFontDomain('www.nextcloud.com'); $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); } - public function testGetPolicyConnectDomainValid() { - $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';connect-src www.owncloud.com;frame-ancestors 'none'"; + public function testGetPolicyConnectDomainValid(): void { + $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';connect-src www.nextcloud.com;frame-ancestors 'none'"; - $this->contentSecurityPolicy->addAllowedConnectDomain('www.owncloud.com'); + $this->contentSecurityPolicy->addAllowedConnectDomain('www.nextcloud.com'); $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); } - public function testGetPolicyConnectDomainValidMultiple() { - $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';connect-src www.owncloud.com www.owncloud.org;frame-ancestors 'none'"; + public function testGetPolicyConnectDomainValidMultiple(): void { + $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';connect-src www.nextcloud.com www.nextcloud.org;frame-ancestors 'none'"; - $this->contentSecurityPolicy->addAllowedConnectDomain('www.owncloud.com'); - $this->contentSecurityPolicy->addAllowedConnectDomain('www.owncloud.org'); + $this->contentSecurityPolicy->addAllowedConnectDomain('www.nextcloud.com'); + $this->contentSecurityPolicy->addAllowedConnectDomain('www.nextcloud.org'); $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); } - public function testGetPolicyDisallowConnectDomain() { + public function testGetPolicyDisallowConnectDomain(): void { $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';frame-ancestors 'none'"; - $this->contentSecurityPolicy->addAllowedConnectDomain('www.owncloud.com'); - $this->contentSecurityPolicy->disallowConnectDomain('www.owncloud.com'); + $this->contentSecurityPolicy->addAllowedConnectDomain('www.nextcloud.com'); + $this->contentSecurityPolicy->disallowConnectDomain('www.nextcloud.com'); $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); } - public function testGetPolicyDisallowConnectDomainMultiple() { - $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';connect-src www.owncloud.com;frame-ancestors 'none'"; + public function testGetPolicyDisallowConnectDomainMultiple(): void { + $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';connect-src www.nextcloud.com;frame-ancestors 'none'"; - $this->contentSecurityPolicy->addAllowedConnectDomain('www.owncloud.com'); - $this->contentSecurityPolicy->disallowConnectDomain('www.owncloud.org'); + $this->contentSecurityPolicy->addAllowedConnectDomain('www.nextcloud.com'); + $this->contentSecurityPolicy->disallowConnectDomain('www.nextcloud.org'); $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); } - public function testGetPolicyDisallowConnectDomainMultipleStakes() { + public function testGetPolicyDisallowConnectDomainMultipleStakes(): void { $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';frame-ancestors 'none'"; - $this->contentSecurityPolicy->addAllowedConnectDomain('www.owncloud.com'); - $this->contentSecurityPolicy->disallowConnectDomain('www.owncloud.org')->disallowConnectDomain('www.owncloud.com'); + $this->contentSecurityPolicy->addAllowedConnectDomain('www.nextcloud.com'); + $this->contentSecurityPolicy->disallowConnectDomain('www.nextcloud.org')->disallowConnectDomain('www.nextcloud.com'); $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); } - public function testGetPolicyMediaDomainValid() { - $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';media-src www.owncloud.com;frame-ancestors 'none'"; + public function testGetPolicyMediaDomainValid(): void { + $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';media-src www.nextcloud.com;frame-ancestors 'none'"; - $this->contentSecurityPolicy->addAllowedMediaDomain('www.owncloud.com'); + $this->contentSecurityPolicy->addAllowedMediaDomain('www.nextcloud.com'); $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); } - public function testGetPolicyMediaDomainValidMultiple() { - $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';media-src www.owncloud.com www.owncloud.org;frame-ancestors 'none'"; + public function testGetPolicyMediaDomainValidMultiple(): void { + $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';media-src www.nextcloud.com www.nextcloud.org;frame-ancestors 'none'"; - $this->contentSecurityPolicy->addAllowedMediaDomain('www.owncloud.com'); - $this->contentSecurityPolicy->addAllowedMediaDomain('www.owncloud.org'); + $this->contentSecurityPolicy->addAllowedMediaDomain('www.nextcloud.com'); + $this->contentSecurityPolicy->addAllowedMediaDomain('www.nextcloud.org'); $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); } - public function testGetPolicyDisallowMediaDomain() { + public function testGetPolicyDisallowMediaDomain(): void { $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';frame-ancestors 'none'"; - $this->contentSecurityPolicy->addAllowedMediaDomain('www.owncloud.com'); - $this->contentSecurityPolicy->disallowMediaDomain('www.owncloud.com'); + $this->contentSecurityPolicy->addAllowedMediaDomain('www.nextcloud.com'); + $this->contentSecurityPolicy->disallowMediaDomain('www.nextcloud.com'); $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); } - public function testGetPolicyDisallowMediaDomainMultiple() { - $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';media-src www.owncloud.com;frame-ancestors 'none'"; + public function testGetPolicyDisallowMediaDomainMultiple(): void { + $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';media-src www.nextcloud.com;frame-ancestors 'none'"; - $this->contentSecurityPolicy->addAllowedMediaDomain('www.owncloud.com'); - $this->contentSecurityPolicy->disallowMediaDomain('www.owncloud.org'); + $this->contentSecurityPolicy->addAllowedMediaDomain('www.nextcloud.com'); + $this->contentSecurityPolicy->disallowMediaDomain('www.nextcloud.org'); $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); } - public function testGetPolicyDisallowMediaDomainMultipleStakes() { + public function testGetPolicyDisallowMediaDomainMultipleStakes(): void { $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';frame-ancestors 'none'"; - $this->contentSecurityPolicy->addAllowedMediaDomain('www.owncloud.com'); - $this->contentSecurityPolicy->disallowMediaDomain('www.owncloud.org')->disallowMediaDomain('www.owncloud.com'); + $this->contentSecurityPolicy->addAllowedMediaDomain('www.nextcloud.com'); + $this->contentSecurityPolicy->disallowMediaDomain('www.nextcloud.org')->disallowMediaDomain('www.nextcloud.com'); $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); } - public function testGetPolicyObjectDomainValid() { - $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';object-src www.owncloud.com;frame-ancestors 'none'"; + public function testGetPolicyObjectDomainValid(): void { + $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';object-src www.nextcloud.com;frame-ancestors 'none'"; - $this->contentSecurityPolicy->addAllowedObjectDomain('www.owncloud.com'); + $this->contentSecurityPolicy->addAllowedObjectDomain('www.nextcloud.com'); $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); } - public function testGetPolicyObjectDomainValidMultiple() { - $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';object-src www.owncloud.com www.owncloud.org;frame-ancestors 'none'"; + public function testGetPolicyObjectDomainValidMultiple(): void { + $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';object-src www.nextcloud.com www.nextcloud.org;frame-ancestors 'none'"; - $this->contentSecurityPolicy->addAllowedObjectDomain('www.owncloud.com'); - $this->contentSecurityPolicy->addAllowedObjectDomain('www.owncloud.org'); + $this->contentSecurityPolicy->addAllowedObjectDomain('www.nextcloud.com'); + $this->contentSecurityPolicy->addAllowedObjectDomain('www.nextcloud.org'); $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); } - public function testGetPolicyDisallowObjectDomain() { + public function testGetPolicyDisallowObjectDomain(): void { $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';frame-ancestors 'none'"; - $this->contentSecurityPolicy->addAllowedObjectDomain('www.owncloud.com'); - $this->contentSecurityPolicy->disallowObjectDomain('www.owncloud.com'); + $this->contentSecurityPolicy->addAllowedObjectDomain('www.nextcloud.com'); + $this->contentSecurityPolicy->disallowObjectDomain('www.nextcloud.com'); $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); } - public function testGetPolicyDisallowObjectDomainMultiple() { - $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';object-src www.owncloud.com;frame-ancestors 'none'"; + public function testGetPolicyDisallowObjectDomainMultiple(): void { + $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';object-src www.nextcloud.com;frame-ancestors 'none'"; - $this->contentSecurityPolicy->addAllowedObjectDomain('www.owncloud.com'); - $this->contentSecurityPolicy->disallowObjectDomain('www.owncloud.org'); + $this->contentSecurityPolicy->addAllowedObjectDomain('www.nextcloud.com'); + $this->contentSecurityPolicy->disallowObjectDomain('www.nextcloud.org'); $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); } - public function testGetPolicyDisallowObjectDomainMultipleStakes() { + public function testGetPolicyDisallowObjectDomainMultipleStakes(): void { $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';frame-ancestors 'none'"; - $this->contentSecurityPolicy->addAllowedObjectDomain('www.owncloud.com'); - $this->contentSecurityPolicy->disallowObjectDomain('www.owncloud.org')->disallowObjectDomain('www.owncloud.com'); + $this->contentSecurityPolicy->addAllowedObjectDomain('www.nextcloud.com'); + $this->contentSecurityPolicy->disallowObjectDomain('www.nextcloud.org')->disallowObjectDomain('www.nextcloud.com'); $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); } - public function testGetAllowedFrameDomain() { - $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';frame-src www.owncloud.com;frame-ancestors 'none'"; + public function testGetAllowedFrameDomain(): void { + $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';frame-src www.nextcloud.com;frame-ancestors 'none'"; - $this->contentSecurityPolicy->addAllowedFrameDomain('www.owncloud.com'); + $this->contentSecurityPolicy->addAllowedFrameDomain('www.nextcloud.com'); $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); } - public function testGetPolicyFrameDomainValidMultiple() { - $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';frame-src www.owncloud.com www.owncloud.org;frame-ancestors 'none'"; + public function testGetPolicyFrameDomainValidMultiple(): void { + $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';frame-src www.nextcloud.com www.nextcloud.org;frame-ancestors 'none'"; - $this->contentSecurityPolicy->addAllowedFrameDomain('www.owncloud.com'); - $this->contentSecurityPolicy->addAllowedFrameDomain('www.owncloud.org'); + $this->contentSecurityPolicy->addAllowedFrameDomain('www.nextcloud.com'); + $this->contentSecurityPolicy->addAllowedFrameDomain('www.nextcloud.org'); $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); } - public function testGetPolicyDisallowFrameDomain() { + public function testGetPolicyDisallowFrameDomain(): void { $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';frame-ancestors 'none'"; - $this->contentSecurityPolicy->addAllowedFrameDomain('www.owncloud.com'); - $this->contentSecurityPolicy->disallowFrameDomain('www.owncloud.com'); + $this->contentSecurityPolicy->addAllowedFrameDomain('www.nextcloud.com'); + $this->contentSecurityPolicy->disallowFrameDomain('www.nextcloud.com'); $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); } - public function testGetPolicyDisallowFrameDomainMultiple() { - $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';frame-src www.owncloud.com;frame-ancestors 'none'"; + public function testGetPolicyDisallowFrameDomainMultiple(): void { + $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';frame-src www.nextcloud.com;frame-ancestors 'none'"; - $this->contentSecurityPolicy->addAllowedFrameDomain('www.owncloud.com'); - $this->contentSecurityPolicy->disallowFrameDomain('www.owncloud.org'); + $this->contentSecurityPolicy->addAllowedFrameDomain('www.nextcloud.com'); + $this->contentSecurityPolicy->disallowFrameDomain('www.nextcloud.org'); $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); } - public function testGetPolicyDisallowFrameDomainMultipleStakes() { + public function testGetPolicyDisallowFrameDomainMultipleStakes(): void { $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';frame-ancestors 'none'"; - $this->contentSecurityPolicy->addAllowedFrameDomain('www.owncloud.com'); - $this->contentSecurityPolicy->disallowFrameDomain('www.owncloud.org')->disallowFrameDomain('www.owncloud.com'); + $this->contentSecurityPolicy->addAllowedFrameDomain('www.nextcloud.com'); + $this->contentSecurityPolicy->disallowFrameDomain('www.nextcloud.org')->disallowFrameDomain('www.nextcloud.com'); $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); } - public function testGetAllowedChildSrcDomain() { - $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';child-src child.owncloud.com;frame-ancestors 'none'"; + public function testGetAllowedChildSrcDomain(): void { + $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';child-src child.nextcloud.com;frame-ancestors 'none'"; - $this->contentSecurityPolicy->addAllowedChildSrcDomain('child.owncloud.com'); + $this->contentSecurityPolicy->addAllowedChildSrcDomain('child.nextcloud.com'); $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); } - public function testGetPolicyChildSrcValidMultiple() { - $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';child-src child.owncloud.com child.owncloud.org;frame-ancestors 'none'"; + public function testGetPolicyChildSrcValidMultiple(): void { + $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';child-src child.nextcloud.com child.nextcloud.org;frame-ancestors 'none'"; - $this->contentSecurityPolicy->addAllowedChildSrcDomain('child.owncloud.com'); - $this->contentSecurityPolicy->addAllowedChildSrcDomain('child.owncloud.org'); + $this->contentSecurityPolicy->addAllowedChildSrcDomain('child.nextcloud.com'); + $this->contentSecurityPolicy->addAllowedChildSrcDomain('child.nextcloud.org'); $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); } - public function testGetPolicyDisallowChildSrcDomain() { + public function testGetPolicyDisallowChildSrcDomain(): void { $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';frame-ancestors 'none'"; - $this->contentSecurityPolicy->addAllowedChildSrcDomain('www.owncloud.com'); - $this->contentSecurityPolicy->disallowChildSrcDomain('www.owncloud.com'); + $this->contentSecurityPolicy->addAllowedChildSrcDomain('www.nextcloud.com'); + $this->contentSecurityPolicy->disallowChildSrcDomain('www.nextcloud.com'); $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); } - public function testGetPolicyDisallowChildSrcDomainMultiple() { - $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';child-src www.owncloud.com;frame-ancestors 'none'"; + public function testGetPolicyDisallowChildSrcDomainMultiple(): void { + $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';child-src www.nextcloud.com;frame-ancestors 'none'"; - $this->contentSecurityPolicy->addAllowedChildSrcDomain('www.owncloud.com'); - $this->contentSecurityPolicy->disallowChildSrcDomain('www.owncloud.org'); + $this->contentSecurityPolicy->addAllowedChildSrcDomain('www.nextcloud.com'); + $this->contentSecurityPolicy->disallowChildSrcDomain('www.nextcloud.org'); $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); } - public function testGetPolicyDisallowChildSrcDomainMultipleStakes() { + public function testGetPolicyDisallowChildSrcDomainMultipleStakes(): void { $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';frame-ancestors 'none'"; - $this->contentSecurityPolicy->addAllowedChildSrcDomain('www.owncloud.com'); - $this->contentSecurityPolicy->disallowChildSrcDomain('www.owncloud.org')->disallowChildSrcDomain('www.owncloud.com'); + $this->contentSecurityPolicy->addAllowedChildSrcDomain('www.nextcloud.com'); + $this->contentSecurityPolicy->disallowChildSrcDomain('www.nextcloud.org')->disallowChildSrcDomain('www.nextcloud.com'); $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); } - public function testGetPolicyWithJsNonceAndScriptDomains() { - $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'nonce-TXlKc05vbmNl' www.nextcloud.com www.nextcloud.org;frame-ancestors 'none'"; + public function testGetPolicyWithJsNonceAndScriptDomains(): void { + $nonce = base64_encode('MyJsNonce'); + $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'nonce-$nonce' www.nextcloud.com www.nextcloud.org;frame-ancestors 'none'"; $this->contentSecurityPolicy->addAllowedScriptDomain('www.nextcloud.com'); - $this->contentSecurityPolicy->useJsNonce('MyJsNonce'); + $this->contentSecurityPolicy->useJsNonce($nonce); $this->contentSecurityPolicy->addAllowedScriptDomain('www.nextcloud.org'); $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); } - public function testGetPolicyWithJsNonceAndSelfScriptDomain() { - $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'nonce-TXlKc05vbmNl';frame-ancestors 'none'"; + public function testGetPolicyWithJsNonceAndStrictDynamic(): void { + $nonce = base64_encode('MyJsNonce'); + $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'strict-dynamic' 'nonce-$nonce' www.nextcloud.com;frame-ancestors 'none'"; + + $this->contentSecurityPolicy->addAllowedScriptDomain('www.nextcloud.com'); + $this->contentSecurityPolicy->useStrictDynamic(true); + $this->contentSecurityPolicy->useJsNonce($nonce); + $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); + } + + public function testGetPolicyWithJsNonceAndStrictDynamicAndStrictDynamicOnScripts(): void { + $nonce = base64_encode('MyJsNonce'); + $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'strict-dynamic' 'nonce-$nonce' www.nextcloud.com;frame-ancestors 'none'"; + + $this->contentSecurityPolicy->addAllowedScriptDomain('www.nextcloud.com'); + $this->contentSecurityPolicy->useStrictDynamic(true); + $this->contentSecurityPolicy->useStrictDynamicOnScripts(true); + $this->contentSecurityPolicy->useJsNonce($nonce); + // Should be same as `testGetPolicyWithJsNonceAndStrictDynamic` because of fallback + $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); + } + + public function testGetPolicyWithJsNonceAndStrictDynamicOnScripts(): void { + $nonce = base64_encode('MyJsNonce'); + $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'nonce-$nonce' www.nextcloud.com;script-src-elem 'strict-dynamic' 'nonce-$nonce' www.nextcloud.com;frame-ancestors 'none'"; + + $this->contentSecurityPolicy->addAllowedScriptDomain('www.nextcloud.com'); + $this->contentSecurityPolicy->useStrictDynamicOnScripts(true); + $this->contentSecurityPolicy->useJsNonce($nonce); + $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); + } + + public function testGetPolicyWithStrictDynamicOnScripts(): void { + $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';frame-ancestors 'none'"; + + $this->contentSecurityPolicy->useStrictDynamicOnScripts(true); + $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); + } + + public function testGetPolicyWithJsNonceAndSelfScriptDomain(): void { + $nonce = base64_encode('MyJsNonce'); + $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'nonce-$nonce';frame-ancestors 'none'"; - $this->contentSecurityPolicy->useJsNonce('MyJsNonce'); + $this->contentSecurityPolicy->useJsNonce($nonce); $this->contentSecurityPolicy->addAllowedScriptDomain("'self'"); $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); } - public function testGetPolicyWithoutJsNonceAndSelfScriptDomain() { + public function testGetPolicyWithoutJsNonceAndSelfScriptDomain(): void { $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self';frame-ancestors 'none'"; $this->contentSecurityPolicy->addAllowedScriptDomain("'self'"); $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); } - public function testGetPolicyWithReportUri() { + public function testGetPolicyWithReportUri(): void { $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';frame-ancestors 'none';report-uri https://my-report-uri.com"; - $this->contentSecurityPolicy->addReportTo("https://my-report-uri.com"); + $this->contentSecurityPolicy->addReportTo('https://my-report-uri.com'); $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); } - public function testGetPolicyWithMultipleReportUri() { + public function testGetPolicyWithMultipleReportUri(): void { $expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';frame-ancestors 'none';report-uri https://my-report-uri.com https://my-other-report-uri.com"; - $this->contentSecurityPolicy->addReportTo("https://my-report-uri.com"); - $this->contentSecurityPolicy->addReportTo("https://my-other-report-uri.com"); + $this->contentSecurityPolicy->addReportTo('https://my-report-uri.com'); + $this->contentSecurityPolicy->addReportTo('https://my-other-report-uri.com'); $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); } } diff --git a/tests/lib/AppFramework/Http/EmptyFeaturePolicyTest.php b/tests/lib/AppFramework/Http/EmptyFeaturePolicyTest.php index 18c255463c5..71342485552 100644 --- a/tests/lib/AppFramework/Http/EmptyFeaturePolicyTest.php +++ b/tests/lib/AppFramework/Http/EmptyFeaturePolicyTest.php @@ -2,25 +2,8 @@ declare(strict_types=1); /** - * @copyright Copyright (c) 2019, Roeland Jago Douma <roeland@famdouma.nl> - * - * @author Roeland Jago Douma <roeland@famdouma.nl> - * - * @license GNU AGPL version 3 or any later version - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License as - * published by the Free Software Foundation, either version 3 of the - * License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License - * along with this program. If not, see <http://www.gnu.org/licenses/>. - * + * SPDX-FileCopyrightText: 2019 Nextcloud GmbH and Nextcloud contributors + * SPDX-License-Identifier: AGPL-3.0-or-later */ namespace Test\AppFramework\Http; @@ -28,7 +11,6 @@ namespace Test\AppFramework\Http; use OCP\AppFramework\Http\EmptyFeaturePolicy; class EmptyFeaturePolicyTest extends \Test\TestCase { - /** @var EmptyFeaturePolicy */ private $policy; @@ -37,19 +19,19 @@ class EmptyFeaturePolicyTest extends \Test\TestCase { $this->policy = new EmptyFeaturePolicy(); } - public function testGetPolicyDefault() { + public function testGetPolicyDefault(): void { $defaultPolicy = "autoplay 'none';camera 'none';fullscreen 'none';geolocation 'none';microphone 'none';payment 'none'"; $this->assertSame($defaultPolicy, $this->policy->buildPolicy()); } - public function testGetPolicyAutoplayDomainValid() { + public function testGetPolicyAutoplayDomainValid(): void { $expectedPolicy = "autoplay www.nextcloud.com;camera 'none';fullscreen 'none';geolocation 'none';microphone 'none';payment 'none'"; $this->policy->addAllowedAutoplayDomain('www.nextcloud.com'); $this->assertSame($expectedPolicy, $this->policy->buildPolicy()); } - public function testGetPolicyAutoplayDomainValidMultiple() { + public function testGetPolicyAutoplayDomainValidMultiple(): void { $expectedPolicy = "autoplay www.nextcloud.com www.nextcloud.org;camera 'none';fullscreen 'none';geolocation 'none';microphone 'none';payment 'none'"; $this->policy->addAllowedAutoplayDomain('www.nextcloud.com'); @@ -57,14 +39,14 @@ class EmptyFeaturePolicyTest extends \Test\TestCase { $this->assertSame($expectedPolicy, $this->policy->buildPolicy()); } - public function testGetPolicyCameraDomainValid() { + public function testGetPolicyCameraDomainValid(): void { $expectedPolicy = "autoplay 'none';camera www.nextcloud.com;fullscreen 'none';geolocation 'none';microphone 'none';payment 'none'"; $this->policy->addAllowedCameraDomain('www.nextcloud.com'); $this->assertSame($expectedPolicy, $this->policy->buildPolicy()); } - public function testGetPolicyCameraDomainValidMultiple() { + public function testGetPolicyCameraDomainValidMultiple(): void { $expectedPolicy = "autoplay 'none';camera www.nextcloud.com www.nextcloud.org;fullscreen 'none';geolocation 'none';microphone 'none';payment 'none'"; $this->policy->addAllowedCameraDomain('www.nextcloud.com'); @@ -72,14 +54,14 @@ class EmptyFeaturePolicyTest extends \Test\TestCase { $this->assertSame($expectedPolicy, $this->policy->buildPolicy()); } - public function testGetPolicyFullScreenDomainValid() { + public function testGetPolicyFullScreenDomainValid(): void { $expectedPolicy = "autoplay 'none';camera 'none';fullscreen www.nextcloud.com;geolocation 'none';microphone 'none';payment 'none'"; $this->policy->addAllowedFullScreenDomain('www.nextcloud.com'); $this->assertSame($expectedPolicy, $this->policy->buildPolicy()); } - public function testGetPolicyFullScreenDomainValidMultiple() { + public function testGetPolicyFullScreenDomainValidMultiple(): void { $expectedPolicy = "autoplay 'none';camera 'none';fullscreen www.nextcloud.com www.nextcloud.org;geolocation 'none';microphone 'none';payment 'none'"; $this->policy->addAllowedFullScreenDomain('www.nextcloud.com'); @@ -87,14 +69,14 @@ class EmptyFeaturePolicyTest extends \Test\TestCase { $this->assertSame($expectedPolicy, $this->policy->buildPolicy()); } - public function testGetPolicyGeoLocationDomainValid() { + public function testGetPolicyGeoLocationDomainValid(): void { $expectedPolicy = "autoplay 'none';camera 'none';fullscreen 'none';geolocation www.nextcloud.com;microphone 'none';payment 'none'"; $this->policy->addAllowedGeoLocationDomain('www.nextcloud.com'); $this->assertSame($expectedPolicy, $this->policy->buildPolicy()); } - public function testGetPolicyGeoLocationDomainValidMultiple() { + public function testGetPolicyGeoLocationDomainValidMultiple(): void { $expectedPolicy = "autoplay 'none';camera 'none';fullscreen 'none';geolocation www.nextcloud.com www.nextcloud.org;microphone 'none';payment 'none'"; $this->policy->addAllowedGeoLocationDomain('www.nextcloud.com'); @@ -102,14 +84,14 @@ class EmptyFeaturePolicyTest extends \Test\TestCase { $this->assertSame($expectedPolicy, $this->policy->buildPolicy()); } - public function testGetPolicyMicrophoneDomainValid() { + public function testGetPolicyMicrophoneDomainValid(): void { $expectedPolicy = "autoplay 'none';camera 'none';fullscreen 'none';geolocation 'none';microphone www.nextcloud.com;payment 'none'"; $this->policy->addAllowedMicrophoneDomain('www.nextcloud.com'); $this->assertSame($expectedPolicy, $this->policy->buildPolicy()); } - public function testGetPolicyMicrophoneDomainValidMultiple() { + public function testGetPolicyMicrophoneDomainValidMultiple(): void { $expectedPolicy = "autoplay 'none';camera 'none';fullscreen 'none';geolocation 'none';microphone www.nextcloud.com www.nextcloud.org;payment 'none'"; $this->policy->addAllowedMicrophoneDomain('www.nextcloud.com'); @@ -117,14 +99,14 @@ class EmptyFeaturePolicyTest extends \Test\TestCase { $this->assertSame($expectedPolicy, $this->policy->buildPolicy()); } - public function testGetPolicyPaymentDomainValid() { + public function testGetPolicyPaymentDomainValid(): void { $expectedPolicy = "autoplay 'none';camera 'none';fullscreen 'none';geolocation 'none';microphone 'none';payment www.nextcloud.com"; $this->policy->addAllowedPaymentDomain('www.nextcloud.com'); $this->assertSame($expectedPolicy, $this->policy->buildPolicy()); } - public function testGetPolicyPaymentDomainValidMultiple() { + public function testGetPolicyPaymentDomainValidMultiple(): void { $expectedPolicy = "autoplay 'none';camera 'none';fullscreen 'none';geolocation 'none';microphone 'none';payment www.nextcloud.com www.nextcloud.org"; $this->policy->addAllowedPaymentDomain('www.nextcloud.com'); diff --git a/tests/lib/AppFramework/Http/FeaturePolicyTest.php b/tests/lib/AppFramework/Http/FeaturePolicyTest.php index 869650f42b1..6ea990fb111 100644 --- a/tests/lib/AppFramework/Http/FeaturePolicyTest.php +++ b/tests/lib/AppFramework/Http/FeaturePolicyTest.php @@ -2,25 +2,8 @@ declare(strict_types=1); /** - * @copyright Copyright (c) 2019, Roeland Jago Douma <roeland@famdouma.nl> - * - * @author Roeland Jago Douma <roeland@famdouma.nl> - * - * @license GNU AGPL version 3 or any later version - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License as - * published by the Free Software Foundation, either version 3 of the - * License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License - * along with this program. If not, see <http://www.gnu.org/licenses/>. - * + * SPDX-FileCopyrightText: 2019 Nextcloud GmbH and Nextcloud contributors + * SPDX-License-Identifier: AGPL-3.0-or-later */ namespace Test\AppFramework\Http; @@ -28,7 +11,6 @@ namespace Test\AppFramework\Http; use OCP\AppFramework\Http\FeaturePolicy; class FeaturePolicyTest extends \Test\TestCase { - /** @var EmptyFeaturePolicy */ private $policy; @@ -37,19 +19,19 @@ class FeaturePolicyTest extends \Test\TestCase { $this->policy = new FeaturePolicy(); } - public function testGetPolicyDefault() { + public function testGetPolicyDefault(): void { $defaultPolicy = "autoplay 'self';camera 'none';fullscreen 'self';geolocation 'none';microphone 'none';payment 'none'"; $this->assertSame($defaultPolicy, $this->policy->buildPolicy()); } - public function testGetPolicyAutoplayDomainValid() { + public function testGetPolicyAutoplayDomainValid(): void { $expectedPolicy = "autoplay 'self' www.nextcloud.com;camera 'none';fullscreen 'self';geolocation 'none';microphone 'none';payment 'none'"; $this->policy->addAllowedAutoplayDomain('www.nextcloud.com'); $this->assertSame($expectedPolicy, $this->policy->buildPolicy()); } - public function testGetPolicyAutoplayDomainValidMultiple() { + public function testGetPolicyAutoplayDomainValidMultiple(): void { $expectedPolicy = "autoplay 'self' www.nextcloud.com www.nextcloud.org;camera 'none';fullscreen 'self';geolocation 'none';microphone 'none';payment 'none'"; $this->policy->addAllowedAutoplayDomain('www.nextcloud.com'); @@ -57,14 +39,14 @@ class FeaturePolicyTest extends \Test\TestCase { $this->assertSame($expectedPolicy, $this->policy->buildPolicy()); } - public function testGetPolicyCameraDomainValid() { + public function testGetPolicyCameraDomainValid(): void { $expectedPolicy = "autoplay 'self';camera www.nextcloud.com;fullscreen 'self';geolocation 'none';microphone 'none';payment 'none'"; $this->policy->addAllowedCameraDomain('www.nextcloud.com'); $this->assertSame($expectedPolicy, $this->policy->buildPolicy()); } - public function testGetPolicyCameraDomainValidMultiple() { + public function testGetPolicyCameraDomainValidMultiple(): void { $expectedPolicy = "autoplay 'self';camera www.nextcloud.com www.nextcloud.org;fullscreen 'self';geolocation 'none';microphone 'none';payment 'none'"; $this->policy->addAllowedCameraDomain('www.nextcloud.com'); @@ -72,14 +54,14 @@ class FeaturePolicyTest extends \Test\TestCase { $this->assertSame($expectedPolicy, $this->policy->buildPolicy()); } - public function testGetPolicyFullScreenDomainValid() { + public function testGetPolicyFullScreenDomainValid(): void { $expectedPolicy = "autoplay 'self';camera 'none';fullscreen 'self' www.nextcloud.com;geolocation 'none';microphone 'none';payment 'none'"; $this->policy->addAllowedFullScreenDomain('www.nextcloud.com'); $this->assertSame($expectedPolicy, $this->policy->buildPolicy()); } - public function testGetPolicyFullScreenDomainValidMultiple() { + public function testGetPolicyFullScreenDomainValidMultiple(): void { $expectedPolicy = "autoplay 'self';camera 'none';fullscreen 'self' www.nextcloud.com www.nextcloud.org;geolocation 'none';microphone 'none';payment 'none'"; $this->policy->addAllowedFullScreenDomain('www.nextcloud.com'); @@ -87,14 +69,14 @@ class FeaturePolicyTest extends \Test\TestCase { $this->assertSame($expectedPolicy, $this->policy->buildPolicy()); } - public function testGetPolicyGeoLocationDomainValid() { + public function testGetPolicyGeoLocationDomainValid(): void { $expectedPolicy = "autoplay 'self';camera 'none';fullscreen 'self';geolocation www.nextcloud.com;microphone 'none';payment 'none'"; $this->policy->addAllowedGeoLocationDomain('www.nextcloud.com'); $this->assertSame($expectedPolicy, $this->policy->buildPolicy()); } - public function testGetPolicyGeoLocationDomainValidMultiple() { + public function testGetPolicyGeoLocationDomainValidMultiple(): void { $expectedPolicy = "autoplay 'self';camera 'none';fullscreen 'self';geolocation www.nextcloud.com www.nextcloud.org;microphone 'none';payment 'none'"; $this->policy->addAllowedGeoLocationDomain('www.nextcloud.com'); @@ -102,14 +84,14 @@ class FeaturePolicyTest extends \Test\TestCase { $this->assertSame($expectedPolicy, $this->policy->buildPolicy()); } - public function testGetPolicyMicrophoneDomainValid() { + public function testGetPolicyMicrophoneDomainValid(): void { $expectedPolicy = "autoplay 'self';camera 'none';fullscreen 'self';geolocation 'none';microphone www.nextcloud.com;payment 'none'"; $this->policy->addAllowedMicrophoneDomain('www.nextcloud.com'); $this->assertSame($expectedPolicy, $this->policy->buildPolicy()); } - public function testGetPolicyMicrophoneDomainValidMultiple() { + public function testGetPolicyMicrophoneDomainValidMultiple(): void { $expectedPolicy = "autoplay 'self';camera 'none';fullscreen 'self';geolocation 'none';microphone www.nextcloud.com www.nextcloud.org;payment 'none'"; $this->policy->addAllowedMicrophoneDomain('www.nextcloud.com'); @@ -117,14 +99,14 @@ class FeaturePolicyTest extends \Test\TestCase { $this->assertSame($expectedPolicy, $this->policy->buildPolicy()); } - public function testGetPolicyPaymentDomainValid() { + public function testGetPolicyPaymentDomainValid(): void { $expectedPolicy = "autoplay 'self';camera 'none';fullscreen 'self';geolocation 'none';microphone 'none';payment www.nextcloud.com"; $this->policy->addAllowedPaymentDomain('www.nextcloud.com'); $this->assertSame($expectedPolicy, $this->policy->buildPolicy()); } - public function testGetPolicyPaymentDomainValidMultiple() { + public function testGetPolicyPaymentDomainValidMultiple(): void { $expectedPolicy = "autoplay 'self';camera 'none';fullscreen 'self';geolocation 'none';microphone 'none';payment www.nextcloud.com www.nextcloud.org"; $this->policy->addAllowedPaymentDomain('www.nextcloud.com'); diff --git a/tests/lib/AppFramework/Http/FileDisplayResponseTest.php b/tests/lib/AppFramework/Http/FileDisplayResponseTest.php index 0a244a85754..029ddaad712 100644 --- a/tests/lib/AppFramework/Http/FileDisplayResponseTest.php +++ b/tests/lib/AppFramework/Http/FileDisplayResponseTest.php @@ -1,24 +1,8 @@ <?php + /** - * @copyright 2016 Roeland Jago Douma <roeland@famdouma.nl> - * - * @author Roeland Jago Douma <roeland@famdouma.nl> - * - * @license GNU AGPL version 3 or any later version - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License as - * published by the Free Software Foundation, either version 3 of the - * License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License - * along with this program. If not, see <http://www.gnu.org/licenses/>. - * + * SPDX-FileCopyrightText: 2016 Nextcloud GmbH and Nextcloud contributors + * SPDX-License-Identifier: AGPL-3.0-or-later */ namespace Test\AppFramework\Http; @@ -51,23 +35,23 @@ class FileDisplayResponseTest extends \Test\TestCase { $this->response = new FileDisplayResponse($this->file); } - public function testHeader() { + public function testHeader(): void { $headers = $this->response->getHeaders(); $this->assertArrayHasKey('Content-Disposition', $headers); $this->assertSame('inline; filename="myFileName"', $headers['Content-Disposition']); } - public function testETag() { + public function testETag(): void { $this->assertSame('myETag', $this->response->getETag()); } - public function testLastModified() { + public function testLastModified(): void { $lastModified = $this->response->getLastModified(); $this->assertNotNull($lastModified); $this->assertSame(1464825600, $lastModified->getTimestamp()); } - public function test304() { + public function test304(): void { $output = $this->getMockBuilder('OCP\AppFramework\Http\IOutput') ->disableOriginalConstructor() ->getMock(); @@ -84,7 +68,7 @@ class FileDisplayResponseTest extends \Test\TestCase { } - public function testNon304() { + public function testNon304(): void { $output = $this->getMockBuilder('OCP\AppFramework\Http\IOutput') ->disableOriginalConstructor() ->getMock(); diff --git a/tests/lib/AppFramework/Http/HttpTest.php b/tests/lib/AppFramework/Http/HttpTest.php index d3d23425f7c..d3ec8438554 100644 --- a/tests/lib/AppFramework/Http/HttpTest.php +++ b/tests/lib/AppFramework/Http/HttpTest.php @@ -1,24 +1,9 @@ <?php /** - * ownCloud - App Framework - * - * @author Bernhard Posselt - * @copyright 2012 Bernhard Posselt <dev@bernhard-posselt.com> - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE - * License as published by the Free Software Foundation; either - * version 3 of the License, or any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU AFFERO GENERAL PUBLIC LICENSE for more details. - * - * You should have received a copy of the GNU Affero General Public - * License along with this library. If not, see <http://www.gnu.org/licenses/>. - * + * SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors + * SPDX-FileCopyrightText: 2016 ownCloud, Inc. + * SPDX-License-Identifier: AGPL-3.0-or-later */ namespace Test\AppFramework\Http; @@ -41,19 +26,19 @@ class HttpTest extends \Test\TestCase { } - public function testProtocol() { + public function testProtocol(): void { $header = $this->http->getStatusHeader(Http::STATUS_TEMPORARY_REDIRECT); $this->assertEquals('HTTP/1.1 307 Temporary Redirect', $header); } - public function testProtocol10() { + public function testProtocol10(): void { $this->http = new Http($this->server, 'HTTP/1.0'); $header = $this->http->getStatusHeader(Http::STATUS_OK); $this->assertEquals('HTTP/1.0 200 OK', $header); } - public function testTempRedirectBecomesFoundInHttp10() { + public function testTempRedirectBecomesFoundInHttp10(): void { $http = new Http([], 'HTTP/1.0'); $header = $http->getStatusHeader(Http::STATUS_TEMPORARY_REDIRECT); diff --git a/tests/lib/AppFramework/Http/JSONResponseTest.php b/tests/lib/AppFramework/Http/JSONResponseTest.php index 504876b2d88..56f67b23f0d 100644 --- a/tests/lib/AppFramework/Http/JSONResponseTest.php +++ b/tests/lib/AppFramework/Http/JSONResponseTest.php @@ -1,26 +1,9 @@ <?php /** - * ownCloud - App Framework - * - * @author Bernhard Posselt - * @author Morris Jobke - * @copyright 2012 Bernhard Posselt <dev@bernhard-posselt.com> - * @copyright 2013 Morris Jobke <morris.jobke@gmail.com> - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE - * License as published by the Free Software Foundation; either - * version 3 of the License, or any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU AFFERO GENERAL PUBLIC LICENSE for more details. - * - * You should have received a copy of the GNU Affero General Public - * License along with this library. If not, see <http://www.gnu.org/licenses/>. - * + * SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors + * SPDX-FileCopyrightText: 2016 ownCloud, Inc. + * SPDX-License-Identifier: AGPL-3.0-or-later */ namespace Test\AppFramework\Http; @@ -29,7 +12,6 @@ use OCP\AppFramework\Http; use OCP\AppFramework\Http\JSONResponse; class JSONResponseTest extends \Test\TestCase { - /** * @var JSONResponse */ @@ -41,13 +23,13 @@ class JSONResponseTest extends \Test\TestCase { } - public function testHeader() { + public function testHeader(): void { $headers = $this->json->getHeaders(); $this->assertEquals('application/json; charset=utf-8', $headers['Content-Type']); } - public function testSetData() { + public function testSetData(): void { $params = ['hi', 'yo']; $this->json->setData($params); @@ -55,7 +37,7 @@ class JSONResponseTest extends \Test\TestCase { } - public function testSetRender() { + public function testSetRender(): void { $params = ['test' => 'hi']; $this->json->setData($params); @@ -64,10 +46,7 @@ class JSONResponseTest extends \Test\TestCase { $this->assertEquals($expected, $this->json->render()); } - /** - * @return array - */ - public function renderDataProvider() { + public static function renderDataProvider(): array { return [ [ ['test' => 'hi'], '{"test":"hi"}', @@ -79,26 +58,26 @@ class JSONResponseTest extends \Test\TestCase { } /** - * @dataProvider renderDataProvider * @param array $input * @param string $expected */ - public function testRender(array $input, $expected) { + #[\PHPUnit\Framework\Attributes\DataProvider('renderDataProvider')] + public function testRender(array $input, $expected): void { $this->json->setData($input); $this->assertEquals($expected, $this->json->render()); } - - public function testRenderWithNonUtf8Encoding() { - $this->expectException(\Exception::class); - $this->expectExceptionMessage('Could not json_encode due to invalid non UTF-8 characters in the array: array ('); + + public function testRenderWithNonUtf8Encoding(): void { + $this->expectException(\JsonException::class); + $this->expectExceptionMessage('Malformed UTF-8 characters, possibly incorrectly encoded'); $params = ['test' => hex2bin('e9')]; $this->json->setData($params); $this->json->render(); } - public function testConstructorAllowsToSetData() { + public function testConstructorAllowsToSetData(): void { $data = ['hi']; $code = 300; $response = new JSONResponse($data, $code); @@ -108,7 +87,7 @@ class JSONResponseTest extends \Test\TestCase { $this->assertEquals($code, $response->getStatus()); } - public function testChainability() { + public function testChainability(): void { $params = ['hi', 'yo']; $this->json->setData($params) ->setStatus(Http::STATUS_NOT_FOUND); diff --git a/tests/lib/AppFramework/Http/OutputTest.php b/tests/lib/AppFramework/Http/OutputTest.php index 5fe35d24bde..2ba93833dd1 100644 --- a/tests/lib/AppFramework/Http/OutputTest.php +++ b/tests/lib/AppFramework/Http/OutputTest.php @@ -1,9 +1,8 @@ <?php + /** - * Copyright (c) 2016 Robin Appelman <robin@icewind.nl> - * This file is licensed under the Affero General Public License version 3 or - * later. - * See the COPYING-README file. + * SPDX-FileCopyrightText: 2016 Nextcloud GmbH and Nextcloud contributors + * SPDX-License-Identifier: AGPL-3.0-or-later */ namespace Test\AppFramework\Http; @@ -11,19 +10,19 @@ namespace Test\AppFramework\Http; use OC\AppFramework\Http\Output; class OutputTest extends \Test\TestCase { - public function testSetOutput() { + public function testSetOutput(): void { $this->expectOutputString('foo'); $output = new Output(''); $output->setOutput('foo'); } - public function testSetReadfile() { + public function testSetReadfile(): void { $this->expectOutputString(file_get_contents(__FILE__)); $output = new Output(''); $output->setReadfile(__FILE__); } - public function testSetReadfileStream() { + public function testSetReadfileStream(): void { $this->expectOutputString(file_get_contents(__FILE__)); $output = new Output(''); $output->setReadfile(fopen(__FILE__, 'r')); diff --git a/tests/lib/AppFramework/Http/PublicTemplateResponseTest.php b/tests/lib/AppFramework/Http/PublicTemplateResponseTest.php index cbf8f8303c3..cb7bd97f5da 100644 --- a/tests/lib/AppFramework/Http/PublicTemplateResponseTest.php +++ b/tests/lib/AppFramework/Http/PublicTemplateResponseTest.php @@ -1,41 +1,23 @@ <?php /** - * @copyright Copyright (c) 2018 Julius Härtl <jus@bitgrid.net> - * - * @author Julius Härtl <jus@bitgrid.net> - * - * @license GNU AGPL version 3 or any later version - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License as - * published by the Free Software Foundation, either version 3 of the - * License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License - * along with this program. If not, see <http://www.gnu.org/licenses/>. - * + * SPDX-FileCopyrightText: 2018 Nextcloud GmbH and Nextcloud contributors + * SPDX-License-Identifier: AGPL-3.0-or-later */ namespace Test\AppFramework\Http; -use OCP\AppFramework\Http; use OCP\AppFramework\Http\Template\PublicTemplateResponse; +use OCP\AppFramework\Http\Template\SimpleMenuAction; use Test\TestCase; class PublicTemplateResponseTest extends TestCase { - public function testSetParamsConstructor() { + public function testSetParamsConstructor(): void { $template = new PublicTemplateResponse('app', 'home', ['key' => 'value']); - $this->assertContains('core/js/public/publicpage', \OC_Util::$scripts); $this->assertEquals(['key' => 'value'], $template->getParams()); } - public function testAdditionalElements() { + public function testAdditionalElements(): void { $template = new PublicTemplateResponse('app', 'home', ['key' => 'value']); $template->setHeaderTitle('Header'); $template->setHeaderDetails('Details'); @@ -44,9 +26,9 @@ class PublicTemplateResponseTest extends TestCase { $this->assertEquals('Details', $template->getHeaderDetails()); } - public function testActionSingle() { + public function testActionSingle(): void { $actions = [ - new Http\Template\SimpleMenuAction('link', 'Download', 'download', 'downloadLink', 0) + new SimpleMenuAction('link', 'Download', 'download', 'downloadLink', 0) ]; $template = new PublicTemplateResponse('app', 'home', ['key' => 'value']); $template->setHeaderActions($actions); @@ -57,11 +39,11 @@ class PublicTemplateResponseTest extends TestCase { } - public function testActionMultiple() { + public function testActionMultiple(): void { $actions = [ - new Http\Template\SimpleMenuAction('link1', 'Download1', 'download1', 'downloadLink1', 100), - new Http\Template\SimpleMenuAction('link2', 'Download2', 'download2', 'downloadLink2', 20), - new Http\Template\SimpleMenuAction('link3', 'Download3', 'download3', 'downloadLink3', 0) + new SimpleMenuAction('link1', 'Download1', 'download1', 'downloadLink1', 100), + new SimpleMenuAction('link2', 'Download2', 'download2', 'downloadLink2', 20), + new SimpleMenuAction('link3', 'Download3', 'download3', 'downloadLink3', 0) ]; $template = new PublicTemplateResponse('app', 'home', ['key' => 'value']); $template->setHeaderActions($actions); @@ -72,9 +54,8 @@ class PublicTemplateResponseTest extends TestCase { } - public function testGetRenderAs() { + public function testGetRenderAs(): void { $template = new PublicTemplateResponse('app', 'home', ['key' => 'value']); - $this->assertContains('core/js/public/publicpage', \OC_Util::$scripts); $this->assertEquals(['key' => 'value'], $template->getParams()); $this->assertEquals('public', $template->getRenderAs()); } diff --git a/tests/lib/AppFramework/Http/RedirectResponseTest.php b/tests/lib/AppFramework/Http/RedirectResponseTest.php index 5130d36937f..f6319782e79 100644 --- a/tests/lib/AppFramework/Http/RedirectResponseTest.php +++ b/tests/lib/AppFramework/Http/RedirectResponseTest.php @@ -1,24 +1,9 @@ <?php /** - * ownCloud - App Framework - * - * @author Bernhard Posselt - * @copyright 2012 Bernhard Posselt <dev@bernhard-posselt.com> - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE - * License as published by the Free Software Foundation; either - * version 3 of the License, or any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU AFFERO GENERAL PUBLIC LICENSE for more details. - * - * You should have received a copy of the GNU Affero General Public - * License along with this library. If not, see <http://www.gnu.org/licenses/>. - * + * SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors + * SPDX-FileCopyrightText: 2016 ownCloud, Inc. + * SPDX-License-Identifier: AGPL-3.0-or-later */ namespace Test\AppFramework\Http; @@ -27,7 +12,6 @@ use OCP\AppFramework\Http; use OCP\AppFramework\Http\RedirectResponse; class RedirectResponseTest extends \Test\TestCase { - /** * @var RedirectResponse */ @@ -39,7 +23,7 @@ class RedirectResponseTest extends \Test\TestCase { } - public function testHeaders() { + public function testHeaders(): void { $headers = $this->response->getHeaders(); $this->assertEquals('/url', $headers['Location']); $this->assertEquals(Http::STATUS_SEE_OTHER, @@ -47,7 +31,7 @@ class RedirectResponseTest extends \Test\TestCase { } - public function testGetRedirectUrl() { + public function testGetRedirectUrl(): void { $this->assertEquals('/url', $this->response->getRedirectUrl()); } } diff --git a/tests/lib/AppFramework/Http/RequestIdTest.php b/tests/lib/AppFramework/Http/RequestIdTest.php index 9f9afed4b7f..9cfd3b1785c 100644 --- a/tests/lib/AppFramework/Http/RequestIdTest.php +++ b/tests/lib/AppFramework/Http/RequestIdTest.php @@ -2,23 +2,8 @@ declare(strict_types=1); /** - * @copyright Copyright (c) 2022 Joas Schilling <coding@schilljs.com> - * - * @license GNU AGPL version 3 or any later version - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License as - * published by the Free Software Foundation, either version 3 of the - * License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License - * along with this program. If not, see <http://www.gnu.org/licenses/>. - * + * SPDX-FileCopyrightText: 2022 Nextcloud GmbH and Nextcloud contributors + * SPDX-License-Identifier: AGPL-3.0-or-later */ namespace Test\AppFramework\Http; @@ -64,11 +49,7 @@ class RequestIdTest extends \Test\TestCase { $this->secureRandom->expects($this->once()) ->method('generate') ->with('20') - ->willReturnOnConsecutiveCalls( - 'GeneratedByNextcloudItself1', - 'GeneratedByNextcloudItself2', - 'GeneratedByNextcloudItself3' - ); + ->willReturn('GeneratedByNextcloudItself1'); $this->assertSame('GeneratedByNextcloudItself1', $requestId->getId()); $this->assertSame('GeneratedByNextcloudItself1', $requestId->getId()); diff --git a/tests/lib/AppFramework/Http/RequestStream.php b/tests/lib/AppFramework/Http/RequestStream.php index 3868ed16505..7340391b2d5 100644 --- a/tests/lib/AppFramework/Http/RequestStream.php +++ b/tests/lib/AppFramework/Http/RequestStream.php @@ -1,5 +1,9 @@ <?php +/** + * SPDX-FileCopyrightText: 2016 Nextcloud GmbH and Nextcloud contributors + * SPDX-License-Identifier: AGPL-3.0-or-later + */ namespace Test\AppFramework\Http; /** @@ -7,24 +11,26 @@ namespace Test\AppFramework\Http; * Used to simulate php://input for Request tests */ class RequestStream { - protected $position; - protected $varname; + protected int $position = 0; + protected string $varname = ''; + /* @var resource */ + public $context; - public function stream_open($path, $mode, $options, &$opened_path) { + public function stream_open(string $path, string $mode, int $options, ?string &$opened_path): bool { $url = parse_url($path); - $this->varname = $url["host"]; + $this->varname = $url['host'] ?? ''; $this->position = 0; return true; } - public function stream_read($count) { + public function stream_read(int $count): string { $ret = substr($GLOBALS[$this->varname], $this->position, $count); $this->position += strlen($ret); return $ret; } - public function stream_write($data) { + public function stream_write(string $data): int { $left = substr($GLOBALS[$this->varname], 0, $this->position); $right = substr($GLOBALS[$this->varname], $this->position + strlen($data)); $GLOBALS[$this->varname] = $left . $data . $right; @@ -32,15 +38,15 @@ class RequestStream { return strlen($data); } - public function stream_tell() { + public function stream_tell(): int { return $this->position; } - public function stream_eof() { + public function stream_eof(): bool { return $this->position >= strlen($GLOBALS[$this->varname]); } - public function stream_seek($offset, $whence) { + public function stream_seek(int $offset, int $whence = SEEK_SET): bool { switch ($whence) { case SEEK_SET: if ($offset < strlen($GLOBALS[$this->varname]) && $offset >= 0) { @@ -74,7 +80,7 @@ class RequestStream { } } - public function stream_stat() { + public function stream_stat(): array { $size = strlen($GLOBALS[$this->varname]); $time = time(); $data = [ @@ -96,10 +102,10 @@ class RequestStream { //return false; } - public function stream_metadata($path, $option, $var) { + public function stream_metadata(string $path, int $option, $var): bool { if ($option == STREAM_META_TOUCH) { $url = parse_url($path); - $varname = $url["host"]; + $varname = $url['host'] ?? ''; if (!isset($GLOBALS[$varname])) { $GLOBALS[$varname] = ''; } diff --git a/tests/lib/AppFramework/Http/RequestTest.php b/tests/lib/AppFramework/Http/RequestTest.php index e15f3fe656c..7ea2cb31482 100644 --- a/tests/lib/AppFramework/Http/RequestTest.php +++ b/tests/lib/AppFramework/Http/RequestTest.php @@ -1,13 +1,10 @@ <?php + /** - * @copyright 2013 Thomas Tanghus (thomas@tanghus.net) - * @copyright 2016 Lukas Reschke lukas@owncloud.com - * - * This file is licensed under the Affero General Public License version 3 or - * later. - * See the COPYING-README file. + * SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors + * SPDX-FileCopyrightText: 2016 ownCloud, Inc. + * SPDX-License-Identifier: AGPL-3.0-or-later */ - namespace Test\AppFramework\Http; use OC\AppFramework\Http\Request; @@ -51,7 +48,7 @@ class RequestTest extends \Test\TestCase { parent::tearDown(); } - public function testRequestAccessors() { + public function testRequestAccessors(): void { $vars = [ 'get' => ['name' => 'John Q. Public', 'nickname' => 'Joey'], 'method' => 'GET', @@ -81,7 +78,7 @@ class RequestTest extends \Test\TestCase { } // urlParams has precedence over POST which has precedence over GET - public function testPrecedence() { + public function testPrecedence(): void { $vars = [ 'get' => ['name' => 'John Q. Public', 'nickname' => 'Joey'], 'post' => ['name' => 'Jane Doe', 'nickname' => 'Janey'], @@ -104,7 +101,7 @@ class RequestTest extends \Test\TestCase { - public function testImmutableArrayAccess() { + public function testImmutableArrayAccess(): void { $this->expectException(\RuntimeException::class); $vars = [ @@ -124,7 +121,7 @@ class RequestTest extends \Test\TestCase { } - public function testImmutableMagicAccess() { + public function testImmutableMagicAccess(): void { $this->expectException(\RuntimeException::class); $vars = [ @@ -144,7 +141,7 @@ class RequestTest extends \Test\TestCase { } - public function testGetTheMethodRight() { + public function testGetTheMethodRight(): void { $this->expectException(\LogicException::class); $vars = [ @@ -163,7 +160,7 @@ class RequestTest extends \Test\TestCase { $request->post; } - public function testTheMethodIsRight() { + public function testTheMethodIsRight(): void { $vars = [ 'get' => ['name' => 'John Q. Public', 'nickname' => 'Joey'], 'method' => 'GET', @@ -183,7 +180,7 @@ class RequestTest extends \Test\TestCase { $this->assertSame('Joey', $result['nickname']); } - public function testJsonPost() { + public function testJsonPost(): void { global $data; $data = '{"name": "John Q. Public", "nickname": "Joey"}'; $vars = [ @@ -207,9 +204,66 @@ class RequestTest extends \Test\TestCase { $this->assertSame('Joey', $request['nickname']); } - public function testNotJsonPost() { + public function testScimJsonPost(): void { global $data; - $data = 'this is not valid json'; + $data = '{"userName":"testusername", "displayName":"Example User"}'; + $vars = [ + 'method' => 'POST', + 'server' => ['CONTENT_TYPE' => 'application/scim+json; utf-8'] + ]; + + $request = new Request( + $vars, + $this->requestId, + $this->config, + $this->csrfTokenManager, + $this->stream + ); + + $this->assertSame('POST', $request->method); + $result = $request->post; + $this->assertSame('testusername', $result['userName']); + $this->assertSame('Example User', $result['displayName']); + $this->assertSame('Example User', $request->params['displayName']); + $this->assertSame('Example User', $request['displayName']); + } + + public function testCustomJsonPost(): void { + global $data; + $data = '{"propertyA":"sometestvalue", "propertyB":"someothertestvalue"}'; + + // Note: the content type used here is fictional and intended to check if the regex for JSON content types works fine + $vars = [ + 'method' => 'POST', + 'server' => ['CONTENT_TYPE' => 'application/custom-type+json; utf-8'] + ]; + + $request = new Request( + $vars, + $this->requestId, + $this->config, + $this->csrfTokenManager, + $this->stream + ); + + $this->assertSame('POST', $request->method); + $result = $request->post; + $this->assertSame('sometestvalue', $result['propertyA']); + $this->assertSame('someothertestvalue', $result['propertyB']); + } + + public static function dataNotJsonData(): array { + return [ + ['this is not valid json'], + ['"just a string"'], + ['{"just a string"}'], + ]; + } + + #[\PHPUnit\Framework\Attributes\DataProvider('dataNotJsonData')] + public function testNotJsonPost(string $testData): void { + global $data; + $data = $testData; $vars = [ 'method' => 'POST', 'server' => ['CONTENT_TYPE' => 'application/json; utf-8'] @@ -228,7 +282,49 @@ class RequestTest extends \Test\TestCase { // ensure there's no error attempting to decode the content } - public function testPatch() { + public function testNotScimJsonPost(): void { + global $data; + $data = 'this is not valid scim json'; + $vars = [ + 'method' => 'POST', + 'server' => ['CONTENT_TYPE' => 'application/scim+json; utf-8'] + ]; + + $request = new Request( + $vars, + $this->requestId, + $this->config, + $this->csrfTokenManager, + $this->stream + ); + + $this->assertEquals('POST', $request->method); + $result = $request->post; + // ensure there's no error attempting to decode the content + } + + public function testNotCustomJsonPost(): void { + global $data; + $data = 'this is not valid json'; + $vars = [ + 'method' => 'POST', + 'server' => ['CONTENT_TYPE' => 'application/custom-type+json; utf-8'] + ]; + + $request = new Request( + $vars, + $this->requestId, + $this->config, + $this->csrfTokenManager, + $this->stream + ); + + $this->assertEquals('POST', $request->method); + $result = $request->post; + // ensure there's no error attempting to decode the content + } + + public function testPatch(): void { global $data; $data = http_build_query(['name' => 'John Q. Public', 'nickname' => 'Joey'], '', '&'); @@ -252,7 +348,7 @@ class RequestTest extends \Test\TestCase { $this->assertSame('Joey', $result['nickname']); } - public function testJsonPatchAndPut() { + public function testJsonPatchAndPut(): void { global $data; // PUT content @@ -298,7 +394,99 @@ class RequestTest extends \Test\TestCase { $this->assertSame(null, $result['nickname']); } - public function testPutStream() { + public function testScimJsonPatchAndPut(): void { + global $data; + + // PUT content + $data = '{"userName": "sometestusername", "displayName": "Example User"}'; + $vars = [ + 'method' => 'PUT', + 'server' => ['CONTENT_TYPE' => 'application/scim+json; utf-8'], + ]; + + $request = new Request( + $vars, + $this->requestId, + $this->config, + $this->csrfTokenManager, + $this->stream + ); + + $this->assertSame('PUT', $request->method); + $result = $request->put; + + $this->assertSame('sometestusername', $result['userName']); + $this->assertSame('Example User', $result['displayName']); + + // PATCH content + $data = '{"userName": "sometestusername", "displayName": null}'; + $vars = [ + 'method' => 'PATCH', + 'server' => ['CONTENT_TYPE' => 'application/scim+json; utf-8'], + ]; + + $request = new Request( + $vars, + $this->requestId, + $this->config, + $this->csrfTokenManager, + $this->stream + ); + + $this->assertSame('PATCH', $request->method); + $result = $request->patch; + + $this->assertSame('sometestusername', $result['userName']); + $this->assertSame(null, $result['displayName']); + } + + public function testCustomJsonPatchAndPut(): void { + global $data; + + // PUT content + $data = '{"propertyA": "sometestvalue", "propertyB": "someothertestvalue"}'; + $vars = [ + 'method' => 'PUT', + 'server' => ['CONTENT_TYPE' => 'application/custom-type+json; utf-8'], + ]; + + $request = new Request( + $vars, + $this->requestId, + $this->config, + $this->csrfTokenManager, + $this->stream + ); + + $this->assertSame('PUT', $request->method); + $result = $request->put; + + $this->assertSame('sometestvalue', $result['propertyA']); + $this->assertSame('someothertestvalue', $result['propertyB']); + + // PATCH content + $data = '{"propertyA": "sometestvalue", "propertyB": null}'; + $vars = [ + 'method' => 'PATCH', + 'server' => ['CONTENT_TYPE' => 'application/custom-type+json; utf-8'], + ]; + + $request = new Request( + $vars, + $this->requestId, + $this->config, + $this->csrfTokenManager, + $this->stream + ); + + $this->assertSame('PATCH', $request->method); + $result = $request->patch; + + $this->assertSame('sometestvalue', $result['propertyA']); + $this->assertSame(null, $result['propertyB']); + } + + public function testPutStream(): void { global $data; $data = file_get_contents(__DIR__ . '/../../../data/testimage.png'); @@ -333,7 +521,7 @@ class RequestTest extends \Test\TestCase { } - public function testSetUrlParameters() { + public function testSetUrlParameters(): void { $vars = [ 'post' => [], 'method' => 'POST', @@ -355,254 +543,182 @@ class RequestTest extends \Test\TestCase { $this->assertEquals('3', $request->getParams()['id']); } - public function testGetRemoteAddressWithoutTrustedRemote() { - $this->config - ->expects($this->once()) - ->method('getSystemValue') - ->with('trusted_proxies') - ->willReturn([]); - - $request = new Request( - [ - 'server' => [ + public static function dataGetRemoteAddress(): array { + return [ + 'IPv4 without trusted remote' => [ + [ 'REMOTE_ADDR' => '10.0.0.2', 'HTTP_X_FORWARDED' => '10.4.0.5, 10.4.0.4', - 'HTTP_X_FORWARDED_FOR' => '192.168.0.233' + 'HTTP_X_FORWARDED_FOR' => '192.168.0.233', ], + [], + [], + '10.0.0.2', ], - $this->requestId, - $this->config, - $this->csrfTokenManager, - $this->stream - ); - - $this->assertSame('10.0.0.2', $request->getRemoteAddress()); - } - - public function testGetRemoteAddressWithNoTrustedHeader() { - $this->config - ->expects($this->at(0)) - ->method('getSystemValue') - ->with('trusted_proxies') - ->willReturn(['10.0.0.2']); - $this->config - ->expects($this->at(1)) - ->method('getSystemValue') - ->with('forwarded_for_headers') - ->willReturn([]); - - $request = new Request( - [ - 'server' => [ + 'IPv4 without trusted headers' => [ + [ 'REMOTE_ADDR' => '10.0.0.2', 'HTTP_X_FORWARDED' => '10.4.0.5, 10.4.0.4', - 'HTTP_X_FORWARDED_FOR' => '192.168.0.233' + 'HTTP_X_FORWARDED_FOR' => '192.168.0.233', ], + ['10.0.0.2'], + [], + '10.0.0.2', ], - $this->requestId, - $this->config, - $this->csrfTokenManager, - $this->stream - ); - - $this->assertSame('10.0.0.2', $request->getRemoteAddress()); - } - - public function testGetRemoteAddressWithSingleTrustedRemote() { - $this->config - ->expects($this->at(0)) - ->method('getSystemValue') - ->with('trusted_proxies') - ->willReturn(['10.0.0.2']); - $this->config - ->expects($this->at(1)) - ->method('getSystemValue') - ->with('forwarded_for_headers') - ->willReturn(['HTTP_X_FORWARDED']); - - $request = new Request( - [ - 'server' => [ + 'IPv4 with single trusted remote' => [ + [ 'REMOTE_ADDR' => '10.0.0.2', 'HTTP_X_FORWARDED' => '10.4.0.5, 10.4.0.4', - 'HTTP_X_FORWARDED_FOR' => '192.168.0.233' + 'HTTP_X_FORWARDED_FOR' => '192.168.0.233', ], + ['10.0.0.2'], + ['HTTP_X_FORWARDED'], + '10.4.0.4', ], - $this->requestId, - $this->config, - $this->csrfTokenManager, - $this->stream - ); - - $this->assertSame('10.4.0.5', $request->getRemoteAddress()); - } - - public function testGetRemoteAddressIPv6WithSingleTrustedRemote() { - $this->config - ->expects($this->at(0)) - ->method('getSystemValue') - ->with('trusted_proxies') - ->willReturn(['2001:db8:85a3:8d3:1319:8a2e:370:7348']); - $this->config - ->expects($this->at(1)) - ->method('getSystemValue') - ->with('forwarded_for_headers') - ->willReturn(['HTTP_X_FORWARDED']); - - $request = new Request( - [ - 'server' => [ + 'IPv6 with single trusted remote' => [ + [ 'REMOTE_ADDR' => '2001:db8:85a3:8d3:1319:8a2e:370:7348', 'HTTP_X_FORWARDED' => '10.4.0.5, 10.4.0.4', - 'HTTP_X_FORWARDED_FOR' => '192.168.0.233' + 'HTTP_X_FORWARDED_FOR' => '192.168.0.233', ], + ['2001:db8:85a3:8d3:1319:8a2e:370:7348'], + ['HTTP_X_FORWARDED'], + '10.4.0.4', ], - $this->requestId, - $this->config, - $this->csrfTokenManager, - $this->stream - ); - - $this->assertSame('10.4.0.5', $request->getRemoteAddress()); - } - - public function testGetRemoteAddressVerifyPriorityHeader() { - $this->config - ->expects($this->at(0)) - ->method('getSystemValue') - ->with('trusted_proxies') - ->willReturn(['10.0.0.2']); - $this->config - ->expects($this->at(1)) - ->method('getSystemValue') - ->with('forwarded_for_headers') - ->willReturn([ - 'HTTP_CLIENT_IP', - 'HTTP_X_FORWARDED_FOR', - 'HTTP_X_FORWARDED' - ]); - - $request = new Request( - [ - 'server' => [ + 'IPv4 with multiple trusted remotes' => [ + [ + 'REMOTE_ADDR' => '10.0.0.2', + 'HTTP_X_FORWARDED' => '10.4.0.5, 10.4.0.4, ::1', + 'HTTP_X_FORWARDED_FOR' => '192.168.0.233', + ], + ['10.0.0.2', '::1'], + ['HTTP_X_FORWARDED'], + '10.4.0.4', + ], + 'IPv4 order of forwarded-for headers' => [ + [ 'REMOTE_ADDR' => '10.0.0.2', 'HTTP_X_FORWARDED' => '10.4.0.5, 10.4.0.4', - 'HTTP_X_FORWARDED_FOR' => '192.168.0.233' + 'HTTP_X_FORWARDED_FOR' => '192.168.0.233', + ], + ['10.0.0.2'], + [ + 'HTTP_X_FORWARDED', + 'HTTP_X_FORWARDED_FOR', + 'HTTP_CLIENT_IP', ], + '192.168.0.233', ], - $this->requestId, - $this->config, - $this->csrfTokenManager, - $this->stream - ); - - $this->assertSame('192.168.0.233', $request->getRemoteAddress()); - } - - public function testGetRemoteAddressIPv6VerifyPriorityHeader() { - $this->config - ->expects($this->at(0)) - ->method('getSystemValue') - ->with('trusted_proxies') - ->willReturn(['2001:db8:85a3:8d3:1319:8a2e:370:7348']); - $this->config - ->expects($this->at(1)) - ->method('getSystemValue') - ->with('forwarded_for_headers') - ->willReturn([ - 'HTTP_CLIENT_IP', - 'HTTP_X_FORWARDED_FOR', - 'HTTP_X_FORWARDED' - ]); - - $request = new Request( - [ - 'server' => [ - 'REMOTE_ADDR' => '2001:db8:85a3:8d3:1319:8a2e:370:7348', + 'IPv4 order of forwarded-for headers (reversed)' => [ + [ + 'REMOTE_ADDR' => '10.0.0.2', 'HTTP_X_FORWARDED' => '10.4.0.5, 10.4.0.4', - 'HTTP_X_FORWARDED_FOR' => '192.168.0.233' + 'HTTP_X_FORWARDED_FOR' => '192.168.0.233', ], + ['10.0.0.2'], + [ + 'HTTP_CLIENT_IP', + 'HTTP_X_FORWARDED_FOR', + 'HTTP_X_FORWARDED', + ], + '10.4.0.4', ], - $this->requestId, - $this->config, - $this->csrfTokenManager, - $this->stream - ); - - $this->assertSame('192.168.0.233', $request->getRemoteAddress()); - } - - public function testGetRemoteAddressWithMatchingCidrTrustedRemote() { - $this->config - ->expects($this->at(0)) - ->method('getSystemValue') - ->with('trusted_proxies') - ->willReturn(['192.168.2.0/24']); - $this->config - ->expects($this->at(1)) - ->method('getSystemValue') - ->with('forwarded_for_headers') - ->willReturn(['HTTP_X_FORWARDED_FOR']); - - $request = new Request( - [ - 'server' => [ - 'REMOTE_ADDR' => '192.168.2.99', + 'IPv6 order of forwarded-for headers' => [ + [ + 'REMOTE_ADDR' => '2001:db8:85a3:8d3:1319:8a2e:370:7348', 'HTTP_X_FORWARDED' => '10.4.0.5, 10.4.0.4', - 'HTTP_X_FORWARDED_FOR' => '192.168.0.233' + 'HTTP_X_FORWARDED_FOR' => '192.168.0.233', + ], + ['2001:db8:85a3:8d3:1319:8a2e:370:7348'], + [ + 'HTTP_X_FORWARDED', + 'HTTP_X_FORWARDED_FOR', + 'HTTP_CLIENT_IP', ], + '192.168.0.233', ], - $this->requestId, - $this->config, - $this->csrfTokenManager, - $this->stream - ); - - $this->assertSame('192.168.0.233', $request->getRemoteAddress()); - } - - public function testGetRemoteAddressWithNotMatchingCidrTrustedRemote() { - $this->config - ->expects($this->once()) - ->method('getSystemValue') - ->with('trusted_proxies') - ->willReturn(['192.168.2.0/24']); - - $request = new Request( - [ - 'server' => [ + 'IPv4 matching CIDR of trusted proxy' => [ + [ 'REMOTE_ADDR' => '192.168.3.99', 'HTTP_X_FORWARDED' => '10.4.0.5, 10.4.0.4', - 'HTTP_X_FORWARDED_FOR' => '192.168.0.233' + 'HTTP_X_FORWARDED_FOR' => '192.168.0.233', ], + ['192.168.2.0/24'], + ['HTTP_X_FORWARDED_FOR'], + '192.168.3.99', ], - $this->requestId, - $this->config, - $this->csrfTokenManager, - $this->stream - ); - - $this->assertSame('192.168.3.99', $request->getRemoteAddress()); + 'IPv6 matching CIDR of trusted proxy' => [ + [ + 'REMOTE_ADDR' => '2001:db8:85a3:8d3:1319:8a21:370:7348', + 'HTTP_X_FORWARDED' => '10.4.0.5, 10.4.0.4', + 'HTTP_X_FORWARDED_FOR' => '192.168.0.233', + ], + ['2001:db8:85a3:8d3:1319:8a20::/95'], + ['HTTP_X_FORWARDED_FOR'], + '192.168.0.233', + ], + 'IPv6 not matching CIDR of trusted proxy' => [ + [ + 'REMOTE_ADDR' => '2001:db8:85a3:8d3:1319:8a2e:370:7348', + 'HTTP_X_FORWARDED' => '10.4.0.5, 10.4.0.4', + 'HTTP_X_FORWARDED_FOR' => '192.168.0.233', + ], + ['fd::/8'], + [], + '2001:db8:85a3:8d3:1319:8a2e:370:7348', + ], + 'IPv6 with invalid trusted proxy' => [ + [ + 'REMOTE_ADDR' => '2001:db8:85a3:8d3:1319:8a2e:370:7348', + 'HTTP_X_FORWARDED' => '10.4.0.5, 10.4.0.4', + 'HTTP_X_FORWARDED_FOR' => '192.168.0.233', + ], + ['fx::/8'], + [], + '2001:db8:85a3:8d3:1319:8a2e:370:7348', + ], + 'IPv4 forwarded for IPv6' => [ + [ + 'REMOTE_ADDR' => '192.168.2.99', + 'HTTP_X_FORWARDED_FOR' => '[2001:db8:85a3:8d3:1319:8a2e:370:7348]', + ], + ['192.168.2.0/24'], + ['HTTP_X_FORWARDED_FOR'], + '2001:db8:85a3:8d3:1319:8a2e:370:7348', + ], + 'IPv4 with port' => [ + [ + 'REMOTE_ADDR' => '2001:db8:85a3:8d3:1319:8a2e:370:7348', + 'HTTP_X_FORWARDED_FOR' => '192.168.2.99:8080', + ], + ['2001:db8::/8'], + ['HTTP_X_FORWARDED_FOR'], + '192.168.2.99', + ], + 'IPv6 with port' => [ + [ + 'REMOTE_ADDR' => '192.168.2.99', + 'HTTP_X_FORWARDED_FOR' => '[2001:db8:85a3:8d3:1319:8a2e:370:7348]:8080', + ], + ['192.168.2.0/24'], + ['HTTP_X_FORWARDED_FOR'], + '2001:db8:85a3:8d3:1319:8a2e:370:7348', + ], + ]; } - public function testGetRemoteAddressWithXForwardedForIPv6() { - $this->config - ->expects($this->at(0)) - ->method('getSystemValue') - ->with('trusted_proxies') - ->willReturn(['192.168.2.0/24']); + #[\PHPUnit\Framework\Attributes\DataProvider('dataGetRemoteAddress')] + public function testGetRemoteAddress(array $headers, array $trustedProxies, array $forwardedForHeaders, string $expected): void { $this->config - ->expects($this->at(1)) ->method('getSystemValue') - ->with('forwarded_for_headers') - ->willReturn(['HTTP_X_FORWARDED_FOR']); + ->willReturnMap([ + ['trusted_proxies', [], $trustedProxies], + ['forwarded_for_headers', ['HTTP_X_FORWARDED_FOR'], $forwardedForHeaders], + ]); $request = new Request( [ - 'server' => [ - 'REMOTE_ADDR' => '192.168.2.99', - 'HTTP_X_FORWARDED_FOR' => '[2001:db8:85a3:8d3:1319:8a2e:370:7348]', - ], + 'server' => $headers, ], $this->requestId, $this->config, @@ -610,13 +726,10 @@ class RequestTest extends \Test\TestCase { $this->stream ); - $this->assertSame('2001:db8:85a3:8d3:1319:8a2e:370:7348', $request->getRemoteAddress()); + $this->assertSame($expected, $request->getRemoteAddress()); } - /** - * @return array - */ - public function httpProtocolProvider() { + public static function dataHttpProtocol(): array { return [ // Valid HTTP 1.0 ['HTTP/1.0', 'HTTP/1.0'], @@ -643,12 +756,12 @@ class RequestTest extends \Test\TestCase { } /** - * @dataProvider httpProtocolProvider * * @param mixed $input * @param string $expected */ - public function testGetHttpProtocol($input, $expected) { + #[\PHPUnit\Framework\Attributes\DataProvider('dataHttpProtocol')] + public function testGetHttpProtocol($input, $expected): void { $request = new Request( [ 'server' => [ @@ -664,22 +777,34 @@ class RequestTest extends \Test\TestCase { $this->assertSame($expected, $request->getHttpProtocol()); } - public function testGetServerProtocolWithOverride() { + public function testGetServerProtocolWithOverrideValid(): void { $this->config - ->expects($this->at(0)) - ->method('getSystemValue') - ->with('overwriteprotocol') - ->willReturn('customProtocol'); - $this->config - ->expects($this->at(1)) - ->method('getSystemValue') - ->with('overwritecondaddr') - ->willReturn(''); + ->expects($this->exactly(3)) + ->method('getSystemValueString') + ->willReturnMap([ + ['overwriteprotocol', '', 'HTTPS'], // should be automatically lowercased + ['overwritecondaddr', '', ''], + ]); + + $request = new Request( + [], + $this->requestId, + $this->config, + $this->csrfTokenManager, + $this->stream + ); + + $this->assertSame('https', $request->getServerProtocol()); + } + + public function testGetServerProtocolWithOverrideInValid(): void { $this->config - ->expects($this->at(2)) - ->method('getSystemValue') - ->with('overwriteprotocol') - ->willReturn('customProtocol'); + ->expects($this->exactly(3)) + ->method('getSystemValueString') + ->willReturnMap([ + ['overwriteprotocol', '', 'bogusProtocol'], // should trigger fallback to http + ['overwritecondaddr', '', ''], + ]); $request = new Request( [], @@ -689,10 +814,10 @@ class RequestTest extends \Test\TestCase { $this->stream ); - $this->assertSame('customProtocol', $request->getServerProtocol()); + $this->assertSame('http', $request->getServerProtocol()); } - public function testGetServerProtocolWithProtoValid() { + public function testGetServerProtocolWithProtoValid(): void { $this->config ->method('getSystemValue') ->willReturnCallback(function ($key, $default) { @@ -733,7 +858,7 @@ class RequestTest extends \Test\TestCase { $this->assertSame('http', $requestHttp->getServerProtocol()); } - public function testGetServerProtocolWithHttpsServerValueOn() { + public function testGetServerProtocolWithHttpsServerValueOn(): void { $this->config ->method('getSystemValue') ->willReturnCallback(function ($key, $default) { @@ -754,7 +879,7 @@ class RequestTest extends \Test\TestCase { $this->assertSame('https', $request->getServerProtocol()); } - public function testGetServerProtocolWithHttpsServerValueOff() { + public function testGetServerProtocolWithHttpsServerValueOff(): void { $this->config ->method('getSystemValue') ->willReturnCallback(function ($key, $default) { @@ -775,7 +900,7 @@ class RequestTest extends \Test\TestCase { $this->assertSame('http', $request->getServerProtocol()); } - public function testGetServerProtocolWithHttpsServerValueEmpty() { + public function testGetServerProtocolWithHttpsServerValueEmpty(): void { $this->config ->method('getSystemValue') ->willReturnCallback(function ($key, $default) { @@ -796,7 +921,7 @@ class RequestTest extends \Test\TestCase { $this->assertSame('http', $request->getServerProtocol()); } - public function testGetServerProtocolDefault() { + public function testGetServerProtocolDefault(): void { $this->config ->method('getSystemValue') ->willReturnCallback(function ($key, $default) { @@ -813,7 +938,7 @@ class RequestTest extends \Test\TestCase { $this->assertSame('http', $request->getServerProtocol()); } - public function testGetServerProtocolBehindLoadBalancers() { + public function testGetServerProtocolBehindLoadBalancers(): void { $this->config ->method('getSystemValue') ->willReturnCallback(function ($key, $default) { @@ -841,12 +966,12 @@ class RequestTest extends \Test\TestCase { } /** - * @dataProvider userAgentProvider * @param string $testAgent * @param array $userAgent * @param bool $matches */ - public function testUserAgent($testAgent, $userAgent, $matches) { + #[\PHPUnit\Framework\Attributes\DataProvider('dataUserAgent')] + public function testUserAgent($testAgent, $userAgent, $matches): void { $request = new Request( [ 'server' => [ @@ -863,12 +988,12 @@ class RequestTest extends \Test\TestCase { } /** - * @dataProvider userAgentProvider * @param string $testAgent * @param array $userAgent * @param bool $matches */ - public function testUndefinedUserAgent($testAgent, $userAgent, $matches) { + #[\PHPUnit\Framework\Attributes\DataProvider('dataUserAgent')] + public function testUndefinedUserAgent($testAgent, $userAgent, $matches): void { $request = new Request( [], $this->requestId, @@ -880,10 +1005,7 @@ class RequestTest extends \Test\TestCase { $this->assertFalse($request->isUserAgent($userAgent)); } - /** - * @return array - */ - public function userAgentProvider() { + public static function dataUserAgent(): array { return [ [ 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)', @@ -1002,7 +1124,64 @@ class RequestTest extends \Test\TestCase { ]; } - public function testInsecureServerHostServerNameHeader() { + public static function dataMatchClientVersion(): array { + return [ + [ + 'Mozilla/5.0 (Android) Nextcloud-android/3.24.1', + Request::USER_AGENT_CLIENT_ANDROID, + '3.24.1', + ], + [ + 'Mozilla/5.0 (iOS) Nextcloud-iOS/4.8.2', + Request::USER_AGENT_CLIENT_IOS, + '4.8.2', + ], + [ + 'Mozilla/5.0 (Windows) mirall/3.8.1', + Request::USER_AGENT_CLIENT_DESKTOP, + '3.8.1', + ], + [ + 'Mozilla/5.0 (Android) Nextcloud-Talk v17.10.0', + Request::USER_AGENT_TALK_ANDROID, + '17.10.0', + ], + [ + 'Mozilla/5.0 (iOS) Nextcloud-Talk v17.0.1', + Request::USER_AGENT_TALK_IOS, + '17.0.1', + ], + [ + 'Mozilla/5.0 (Windows) Nextcloud-Talk v0.6.0', + Request::USER_AGENT_TALK_DESKTOP, + '0.6.0', + ], + [ + 'Mozilla/5.0 (Windows) Nextcloud-Outlook v1.0.0', + Request::USER_AGENT_OUTLOOK_ADDON, + '1.0.0', + ], + [ + 'Filelink for *cloud/1.0.0', + Request::USER_AGENT_THUNDERBIRD_ADDON, + '1.0.0', + ], + ]; + } + + /** + * @param string $testAgent + * @param string $userAgent + * @param string $version + */ + #[\PHPUnit\Framework\Attributes\DataProvider('dataMatchClientVersion')] + public function testMatchClientVersion(string $testAgent, string $userAgent, string $version): void { + preg_match($userAgent, $testAgent, $matches); + + $this->assertSame($version, $matches[1]); + } + + public function testInsecureServerHostServerNameHeader(): void { $request = new Request( [ 'server' => [ @@ -1018,7 +1197,7 @@ class RequestTest extends \Test\TestCase { $this->assertSame('from.server.name:8080', $request->getInsecureServerHost()); } - public function testInsecureServerHostHttpHostHeader() { + public function testInsecureServerHostHttpHostHeader(): void { $request = new Request( [ 'server' => [ @@ -1035,7 +1214,7 @@ class RequestTest extends \Test\TestCase { $this->assertSame('from.host.header:8080', $request->getInsecureServerHost()); } - public function testInsecureServerHostHttpFromForwardedHeaderSingle() { + public function testInsecureServerHostHttpFromForwardedHeaderSingle(): void { $this->config ->method('getSystemValue') ->willReturnCallback(function ($key, $default) { @@ -1064,7 +1243,7 @@ class RequestTest extends \Test\TestCase { $this->assertSame('from.forwarded.host:8080', $request->getInsecureServerHost()); } - public function testInsecureServerHostHttpFromForwardedHeaderStacked() { + public function testInsecureServerHostHttpFromForwardedHeaderStacked(): void { $this->config ->method('getSystemValue') ->willReturnCallback(function ($key, $default) { @@ -1093,9 +1272,9 @@ class RequestTest extends \Test\TestCase { $this->assertSame('from.forwarded.host2:8080', $request->getInsecureServerHost()); } - public function testGetServerHostWithOverwriteHost() { + public function testGetServerHostWithOverwriteHost(): void { $this->config - ->method('getSystemValue') + ->method('getSystemValueString') ->willReturnCallback(function ($key, $default) { if ($key === 'overwritecondaddr') { return ''; @@ -1117,7 +1296,7 @@ class RequestTest extends \Test\TestCase { $this->assertSame('my.overwritten.host', $request->getServerHost()); } - public function testGetServerHostWithTrustedDomain() { + public function testGetServerHostWithTrustedDomain(): void { $this->config ->method('getSystemValue') ->willReturnCallback(function ($key, $default) { @@ -1146,7 +1325,7 @@ class RequestTest extends \Test\TestCase { $this->assertSame('my.trusted.host', $request->getServerHost()); } - public function testGetServerHostWithUntrustedDomain() { + public function testGetServerHostWithUntrustedDomain(): void { $this->config ->method('getSystemValue') ->willReturnCallback(function ($key, $default) { @@ -1175,7 +1354,7 @@ class RequestTest extends \Test\TestCase { $this->assertSame('my.trusted.host', $request->getServerHost()); } - public function testGetServerHostWithNoTrustedDomain() { + public function testGetServerHostWithNoTrustedDomain(): void { $this->config ->method('getSystemValue') ->willReturnCallback(function ($key, $default) { @@ -1201,10 +1380,7 @@ class RequestTest extends \Test\TestCase { $this->assertSame('', $request->getServerHost()); } - /** - * @return array - */ - public function dataGetServerHostTrustedDomain() { + public static function dataGetServerHostTrustedDomain(): array { return [ 'is array' => ['my.trusted.host', ['my.trusted.host']], 'is array but undefined index 0' => ['my.trusted.host', [2 => 'my.trusted.host']], @@ -1213,12 +1389,8 @@ class RequestTest extends \Test\TestCase { ]; } - /** - * @dataProvider dataGetServerHostTrustedDomain - * @param $expected - * @param $trustedDomain - */ - public function testGetServerHostTrustedDomain($expected, $trustedDomain) { + #[\PHPUnit\Framework\Attributes\DataProvider('dataGetServerHostTrustedDomain')] + public function testGetServerHostTrustedDomain(string $expected, $trustedDomain): void { $this->config ->method('getSystemValue') ->willReturnCallback(function ($key, $default) use ($trustedDomain) { @@ -1247,10 +1419,10 @@ class RequestTest extends \Test\TestCase { $this->assertSame($expected, $request->getServerHost()); } - public function testGetOverwriteHostDefaultNull() { + public function testGetOverwriteHostDefaultNull(): void { $this->config ->expects($this->once()) - ->method('getSystemValue') + ->method('getSystemValueString') ->with('overwritehost') ->willReturn(''); $request = new Request( @@ -1264,22 +1436,14 @@ class RequestTest extends \Test\TestCase { $this->assertNull(self::invokePrivate($request, 'getOverwriteHost')); } - public function testGetOverwriteHostWithOverwrite() { - $this->config - ->expects($this->at(0)) - ->method('getSystemValue') - ->with('overwritehost') - ->willReturn('www.owncloud.org'); - $this->config - ->expects($this->at(1)) - ->method('getSystemValue') - ->with('overwritecondaddr') - ->willReturn(''); + public function testGetOverwriteHostWithOverwrite(): void { $this->config - ->expects($this->at(2)) - ->method('getSystemValue') - ->with('overwritehost') - ->willReturn('www.owncloud.org'); + ->expects($this->exactly(3)) + ->method('getSystemValueString') + ->willReturnMap([ + ['overwritehost', '', 'www.owncloud.org'], + ['overwritecondaddr', '', ''], + ]); $request = new Request( [], @@ -1293,7 +1457,7 @@ class RequestTest extends \Test\TestCase { } - public function testGetPathInfoNotProcessible() { + public function testGetPathInfoNotProcessible(): void { $this->expectException(\Exception::class); $this->expectExceptionMessage('The requested uri(/foo.php) cannot be processed by the script \'/var/www/index.php\')'); @@ -1314,7 +1478,7 @@ class RequestTest extends \Test\TestCase { } - public function testGetRawPathInfoNotProcessible() { + public function testGetRawPathInfoNotProcessible(): void { $this->expectException(\Exception::class); $this->expectExceptionMessage('The requested uri(/foo.php) cannot be processed by the script \'/var/www/index.php\')'); @@ -1335,12 +1499,12 @@ class RequestTest extends \Test\TestCase { } /** - * @dataProvider genericPathInfoProvider * @param string $requestUri * @param string $scriptName * @param string $expected */ - public function testGetPathInfoWithoutSetEnvGeneric($requestUri, $scriptName, $expected) { + #[\PHPUnit\Framework\Attributes\DataProvider('dataGenericPathInfo')] + public function testGetPathInfoWithoutSetEnvGeneric($requestUri, $scriptName, $expected): void { $request = new Request( [ 'server' => [ @@ -1358,12 +1522,12 @@ class RequestTest extends \Test\TestCase { } /** - * @dataProvider genericPathInfoProvider * @param string $requestUri * @param string $scriptName * @param string $expected */ - public function testGetRawPathInfoWithoutSetEnvGeneric($requestUri, $scriptName, $expected) { + #[\PHPUnit\Framework\Attributes\DataProvider('dataGenericPathInfo')] + public function testGetRawPathInfoWithoutSetEnvGeneric($requestUri, $scriptName, $expected): void { $request = new Request( [ 'server' => [ @@ -1381,12 +1545,12 @@ class RequestTest extends \Test\TestCase { } /** - * @dataProvider rawPathInfoProvider * @param string $requestUri * @param string $scriptName * @param string $expected */ - public function testGetRawPathInfoWithoutSetEnv($requestUri, $scriptName, $expected) { + #[\PHPUnit\Framework\Attributes\DataProvider('dataRawPathInfo')] + public function testGetRawPathInfoWithoutSetEnv($requestUri, $scriptName, $expected): void { $request = new Request( [ 'server' => [ @@ -1404,12 +1568,12 @@ class RequestTest extends \Test\TestCase { } /** - * @dataProvider pathInfoProvider * @param string $requestUri * @param string $scriptName * @param string $expected */ - public function testGetPathInfoWithoutSetEnv($requestUri, $scriptName, $expected) { + #[\PHPUnit\Framework\Attributes\DataProvider('dataPathInfo')] + public function testGetPathInfoWithoutSetEnv($requestUri, $scriptName, $expected): void { $request = new Request( [ 'server' => [ @@ -1426,10 +1590,7 @@ class RequestTest extends \Test\TestCase { $this->assertSame($expected, $request->getPathInfo()); } - /** - * @return array - */ - public function genericPathInfoProvider() { + public static function dataGenericPathInfo(): array { return [ ['/core/index.php?XDEBUG_SESSION_START=14600', '/core/index.php', ''], ['/index.php/apps/files/', 'index.php', '/apps/files/'], @@ -1441,28 +1602,22 @@ class RequestTest extends \Test\TestCase { ]; } - /** - * @return array - */ - public function rawPathInfoProvider() { + public static function dataRawPathInfo(): array { return [ ['/foo%2Fbar/subfolder', '', 'foo%2Fbar/subfolder'], ]; } - /** - * @return array - */ - public function pathInfoProvider() { + public static function dataPathInfo(): array { return [ ['/foo%2Fbar/subfolder', '', 'foo/bar/subfolder'], ]; } - public function testGetRequestUriWithoutOverwrite() { + public function testGetRequestUriWithoutOverwrite(): void { $this->config ->expects($this->once()) - ->method('getSystemValue') + ->method('getSystemValueString') ->with('overwritewebroot') ->willReturn(''); @@ -1481,35 +1636,31 @@ class RequestTest extends \Test\TestCase { $this->assertSame('/test.php', $request->getRequestUri()); } - public function providesGetRequestUriWithOverwriteData() { + public static function dataGetRequestUriWithOverwrite(): array { return [ ['/scriptname.php/some/PathInfo', '/owncloud/', ''], - ['/scriptname.php/some/PathInfo', '/owncloud/', '123'], + ['/scriptname.php/some/PathInfo', '/owncloud/', '123', '123.123.123.123'], ]; } - /** - * @dataProvider providesGetRequestUriWithOverwriteData - */ - public function testGetRequestUriWithOverwrite($expectedUri, $overwriteWebRoot, $overwriteCondAddr) { - $this->config - ->expects($this->at(0)) - ->method('getSystemValue') - ->with('overwritewebroot') - ->willReturn($overwriteWebRoot); + #[\PHPUnit\Framework\Attributes\DataProvider('dataGetRequestUriWithOverwrite')] + public function testGetRequestUriWithOverwrite($expectedUri, $overwriteWebRoot, $overwriteCondAddr, $remoteAddr = ''): void { $this->config - ->expects($this->at(1)) - ->method('getSystemValue') - ->with('overwritecondaddr') - ->willReturn($overwriteCondAddr); + ->expects($this->exactly(2)) + ->method('getSystemValueString') + ->willReturnMap([ + ['overwritewebroot', '', $overwriteWebRoot], + ['overwritecondaddr', '', $overwriteCondAddr], + ]); - $request = $this->getMockBuilder('\OC\AppFramework\Http\Request') - ->setMethods(['getScriptName']) + $request = $this->getMockBuilder(Request::class) + ->onlyMethods(['getScriptName']) ->setConstructorArgs([ [ 'server' => [ 'REQUEST_URI' => '/test.php/some/PathInfo', 'SCRIPT_NAME' => '/test.php', + 'REMOTE_ADDR' => $remoteAddr ] ], $this->requestId, @@ -1526,10 +1677,10 @@ class RequestTest extends \Test\TestCase { $this->assertSame($expectedUri, $request->getRequestUri()); } - public function testPassesCSRFCheckWithGet() { + public function testPassesCSRFCheckWithGet(): void { /** @var Request $request */ - $request = $this->getMockBuilder('\OC\AppFramework\Http\Request') - ->setMethods(['getScriptName']) + $request = $this->getMockBuilder(Request::class) + ->onlyMethods(['getScriptName']) ->setConstructorArgs([ [ 'get' => [ @@ -1556,10 +1707,10 @@ class RequestTest extends \Test\TestCase { $this->assertTrue($request->passesCSRFCheck()); } - public function testPassesCSRFCheckWithPost() { + public function testPassesCSRFCheckWithPost(): void { /** @var Request $request */ - $request = $this->getMockBuilder('\OC\AppFramework\Http\Request') - ->setMethods(['getScriptName']) + $request = $this->getMockBuilder(Request::class) + ->onlyMethods(['getScriptName']) ->setConstructorArgs([ [ 'post' => [ @@ -1586,10 +1737,10 @@ class RequestTest extends \Test\TestCase { $this->assertTrue($request->passesCSRFCheck()); } - public function testPassesCSRFCheckWithHeader() { + public function testPassesCSRFCheckWithHeader(): void { /** @var Request $request */ - $request = $this->getMockBuilder('\OC\AppFramework\Http\Request') - ->setMethods(['getScriptName']) + $request = $this->getMockBuilder(Request::class) + ->onlyMethods(['getScriptName']) ->setConstructorArgs([ [ 'server' => [ @@ -1616,10 +1767,10 @@ class RequestTest extends \Test\TestCase { $this->assertTrue($request->passesCSRFCheck()); } - public function testPassesCSRFCheckWithGetAndWithoutCookies() { + public function testPassesCSRFCheckWithGetAndWithoutCookies(): void { /** @var Request $request */ - $request = $this->getMockBuilder('\OC\AppFramework\Http\Request') - ->setMethods(['getScriptName']) + $request = $this->getMockBuilder(Request::class) + ->onlyMethods(['getScriptName']) ->setConstructorArgs([ [ 'get' => [ @@ -1640,10 +1791,10 @@ class RequestTest extends \Test\TestCase { $this->assertTrue($request->passesCSRFCheck()); } - public function testPassesCSRFCheckWithPostAndWithoutCookies() { + public function testPassesCSRFCheckWithPostAndWithoutCookies(): void { /** @var Request $request */ - $request = $this->getMockBuilder('\OC\AppFramework\Http\Request') - ->setMethods(['getScriptName']) + $request = $this->getMockBuilder(Request::class) + ->onlyMethods(['getScriptName']) ->setConstructorArgs([ [ 'post' => [ @@ -1664,10 +1815,10 @@ class RequestTest extends \Test\TestCase { $this->assertTrue($request->passesCSRFCheck()); } - public function testPassesCSRFCheckWithHeaderAndWithoutCookies() { + public function testPassesCSRFCheckWithHeaderAndWithoutCookies(): void { /** @var Request $request */ - $request = $this->getMockBuilder('\OC\AppFramework\Http\Request') - ->setMethods(['getScriptName']) + $request = $this->getMockBuilder(Request::class) + ->onlyMethods(['getScriptName']) ->setConstructorArgs([ [ 'server' => [ @@ -1688,10 +1839,10 @@ class RequestTest extends \Test\TestCase { $this->assertTrue($request->passesCSRFCheck()); } - public function testFailsCSRFCheckWithHeaderAndNotAllChecksPassing() { + public function testFailsCSRFCheckWithHeaderAndNotAllChecksPassing(): void { /** @var Request $request */ - $request = $this->getMockBuilder('\OC\AppFramework\Http\Request') - ->setMethods(['getScriptName']) + $request = $this->getMockBuilder(Request::class) + ->onlyMethods(['getScriptName']) ->setConstructorArgs([ [ 'server' => [ @@ -1715,10 +1866,10 @@ class RequestTest extends \Test\TestCase { $this->assertFalse($request->passesCSRFCheck()); } - public function testPassesStrictCookieCheckWithAllCookiesAndStrict() { + public function testPassesStrictCookieCheckWithAllCookiesAndStrict(): void { /** @var Request $request */ - $request = $this->getMockBuilder('\OC\AppFramework\Http\Request') - ->setMethods(['getScriptName', 'getCookieParams']) + $request = $this->getMockBuilder(Request::class) + ->onlyMethods(['getScriptName', 'getCookieParams']) ->setConstructorArgs([ [ 'server' => [ @@ -1747,10 +1898,10 @@ class RequestTest extends \Test\TestCase { $this->assertTrue($request->passesStrictCookieCheck()); } - public function testFailsStrictCookieCheckWithAllCookiesAndMissingStrict() { + public function testFailsStrictCookieCheckWithAllCookiesAndMissingStrict(): void { /** @var Request $request */ - $request = $this->getMockBuilder('\OC\AppFramework\Http\Request') - ->setMethods(['getScriptName', 'getCookieParams']) + $request = $this->getMockBuilder(Request::class) + ->onlyMethods(['getScriptName', 'getCookieParams']) ->setConstructorArgs([ [ 'server' => [ @@ -1779,10 +1930,10 @@ class RequestTest extends \Test\TestCase { $this->assertFalse($request->passesStrictCookieCheck()); } - public function testGetCookieParams() { + public function testGetCookieParams(): void { /** @var Request $request */ $request = $this->getMockBuilder(Request::class) - ->setMethods(['getScriptName']) + ->onlyMethods(['getScriptName']) ->setConstructorArgs([ [], $this->requestId, @@ -1795,10 +1946,10 @@ class RequestTest extends \Test\TestCase { $this->assertSame(session_get_cookie_params(), $actual); } - public function testPassesStrictCookieCheckWithAllCookies() { + public function testPassesStrictCookieCheckWithAllCookies(): void { /** @var Request $request */ - $request = $this->getMockBuilder('\OC\AppFramework\Http\Request') - ->setMethods(['getScriptName']) + $request = $this->getMockBuilder(Request::class) + ->onlyMethods(['getScriptName']) ->setConstructorArgs([ [ 'server' => [ @@ -1820,10 +1971,10 @@ class RequestTest extends \Test\TestCase { $this->assertTrue($request->passesStrictCookieCheck()); } - public function testPassesStrictCookieCheckWithRandomCookies() { + public function testPassesStrictCookieCheckWithRandomCookies(): void { /** @var Request $request */ - $request = $this->getMockBuilder('\OC\AppFramework\Http\Request') - ->setMethods(['getScriptName']) + $request = $this->getMockBuilder(Request::class) + ->onlyMethods(['getScriptName']) ->setConstructorArgs([ [ 'server' => [ @@ -1843,10 +1994,10 @@ class RequestTest extends \Test\TestCase { $this->assertTrue($request->passesStrictCookieCheck()); } - public function testFailsStrictCookieCheckWithSessionCookie() { + public function testFailsStrictCookieCheckWithSessionCookie(): void { /** @var Request $request */ - $request = $this->getMockBuilder('\OC\AppFramework\Http\Request') - ->setMethods(['getScriptName']) + $request = $this->getMockBuilder(Request::class) + ->onlyMethods(['getScriptName']) ->setConstructorArgs([ [ 'server' => [ @@ -1866,10 +2017,10 @@ class RequestTest extends \Test\TestCase { $this->assertFalse($request->passesStrictCookieCheck()); } - public function testFailsStrictCookieCheckWithRememberMeCookie() { + public function testFailsStrictCookieCheckWithRememberMeCookie(): void { /** @var Request $request */ - $request = $this->getMockBuilder('\OC\AppFramework\Http\Request') - ->setMethods(['getScriptName']) + $request = $this->getMockBuilder(Request::class) + ->onlyMethods(['getScriptName']) ->setConstructorArgs([ [ 'server' => [ @@ -1889,10 +2040,10 @@ class RequestTest extends \Test\TestCase { $this->assertFalse($request->passesStrictCookieCheck()); } - public function testFailsCSRFCheckWithPostAndWithCookies() { + public function testFailsCSRFCheckWithPostAndWithCookies(): void { /** @var Request $request */ - $request = $this->getMockBuilder('\OC\AppFramework\Http\Request') - ->setMethods(['getScriptName']) + $request = $this->getMockBuilder(Request::class) + ->onlyMethods(['getScriptName']) ->setConstructorArgs([ [ 'post' => [ @@ -1916,10 +2067,10 @@ class RequestTest extends \Test\TestCase { $this->assertFalse($request->passesCSRFCheck()); } - public function testFailStrictCookieCheckWithOnlyLaxCookie() { + public function testFailStrictCookieCheckWithOnlyLaxCookie(): void { /** @var Request $request */ - $request = $this->getMockBuilder('\OC\AppFramework\Http\Request') - ->setMethods(['getScriptName']) + $request = $this->getMockBuilder(Request::class) + ->onlyMethods(['getScriptName']) ->setConstructorArgs([ [ 'server' => [ @@ -1940,10 +2091,10 @@ class RequestTest extends \Test\TestCase { $this->assertFalse($request->passesStrictCookieCheck()); } - public function testFailStrictCookieCheckWithOnlyStrictCookie() { + public function testFailStrictCookieCheckWithOnlyStrictCookie(): void { /** @var Request $request */ - $request = $this->getMockBuilder('\OC\AppFramework\Http\Request') - ->setMethods(['getScriptName']) + $request = $this->getMockBuilder(Request::class) + ->onlyMethods(['getScriptName']) ->setConstructorArgs([ [ 'server' => [ @@ -1964,10 +2115,10 @@ class RequestTest extends \Test\TestCase { $this->assertFalse($request->passesStrictCookieCheck()); } - public function testPassesLaxCookieCheck() { + public function testPassesLaxCookieCheck(): void { /** @var Request $request */ - $request = $this->getMockBuilder('\OC\AppFramework\Http\Request') - ->setMethods(['getScriptName']) + $request = $this->getMockBuilder(Request::class) + ->onlyMethods(['getScriptName']) ->setConstructorArgs([ [ 'server' => [ @@ -1988,10 +2139,10 @@ class RequestTest extends \Test\TestCase { $this->assertTrue($request->passesLaxCookieCheck()); } - public function testFailsLaxCookieCheckWithOnlyStrictCookie() { + public function testFailsLaxCookieCheckWithOnlyStrictCookie(): void { /** @var Request $request */ - $request = $this->getMockBuilder('\OC\AppFramework\Http\Request') - ->setMethods(['getScriptName']) + $request = $this->getMockBuilder(Request::class) + ->onlyMethods(['getScriptName']) ->setConstructorArgs([ [ 'server' => [ @@ -2012,10 +2163,10 @@ class RequestTest extends \Test\TestCase { $this->assertFalse($request->passesLaxCookieCheck()); } - public function testSkipCookieCheckForOCSRequests() { + public function testSkipCookieCheckForOCSRequests(): void { /** @var Request $request */ - $request = $this->getMockBuilder('\OC\AppFramework\Http\Request') - ->setMethods(['getScriptName']) + $request = $this->getMockBuilder(Request::class) + ->onlyMethods(['getScriptName']) ->setConstructorArgs([ [ 'server' => [ @@ -2037,10 +2188,7 @@ class RequestTest extends \Test\TestCase { $this->assertTrue($request->passesStrictCookieCheck()); } - /** - * @return array - */ - public function invalidTokenDataProvider() { + public static function dataInvalidToken(): array { return [ ['InvalidSentToken'], ['InvalidSentToken:InvalidSecret'], @@ -2048,14 +2196,11 @@ class RequestTest extends \Test\TestCase { ]; } - /** - * @dataProvider invalidTokenDataProvider - * @param string $invalidToken - */ - public function testPassesCSRFCheckWithInvalidToken($invalidToken) { + #[\PHPUnit\Framework\Attributes\DataProvider('dataInvalidToken')] + public function testPassesCSRFCheckWithInvalidToken(string $invalidToken): void { /** @var Request $request */ - $request = $this->getMockBuilder('\OC\AppFramework\Http\Request') - ->setMethods(['getScriptName']) + $request = $this->getMockBuilder(Request::class) + ->onlyMethods(['getScriptName']) ->setConstructorArgs([ [ 'server' => [ @@ -2079,10 +2224,10 @@ class RequestTest extends \Test\TestCase { $this->assertFalse($request->passesCSRFCheck()); } - public function testPassesCSRFCheckWithoutTokenFail() { + public function testPassesCSRFCheckWithoutTokenFail(): void { /** @var Request $request */ - $request = $this->getMockBuilder('\OC\AppFramework\Http\Request') - ->setMethods(['getScriptName']) + $request = $this->getMockBuilder(Request::class) + ->onlyMethods(['getScriptName']) ->setConstructorArgs([ [], $this->requestId, @@ -2094,4 +2239,24 @@ class RequestTest extends \Test\TestCase { $this->assertFalse($request->passesCSRFCheck()); } + + public function testPassesCSRFCheckWithOCSAPIRequestHeader(): void { + /** @var Request $request */ + $request = $this->getMockBuilder(Request::class) + ->onlyMethods(['getScriptName']) + ->setConstructorArgs([ + [ + 'server' => [ + 'HTTP_OCS_APIREQUEST' => 'true', + ], + ], + $this->requestId, + $this->config, + $this->csrfTokenManager, + $this->stream + ]) + ->getMock(); + + $this->assertTrue($request->passesCSRFCheck()); + } } diff --git a/tests/lib/AppFramework/Http/ResponseTest.php b/tests/lib/AppFramework/Http/ResponseTest.php index c725e2fb602..4c76695f6e4 100644 --- a/tests/lib/AppFramework/Http/ResponseTest.php +++ b/tests/lib/AppFramework/Http/ResponseTest.php @@ -1,36 +1,22 @@ <?php /** - * ownCloud - App Framework - * - * @author Bernhard Posselt - * @copyright 2012 Bernhard Posselt <dev@bernhard-posselt.com> - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE - * License as published by the Free Software Foundation; either - * version 3 of the License, or any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU AFFERO GENERAL PUBLIC LICENSE for more details. - * - * You should have received a copy of the GNU Affero General Public - * License along with this library. If not, see <http://www.gnu.org/licenses/>. - * + * SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors + * SPDX-FileCopyrightText: 2016 ownCloud, Inc. + * SPDX-License-Identifier: AGPL-3.0-or-later */ namespace Test\AppFramework\Http; use OCP\AppFramework\Http; +use OCP\AppFramework\Http\ContentSecurityPolicy; +use OCP\AppFramework\Http\EmptyContentSecurityPolicy; use OCP\AppFramework\Http\Response; use OCP\AppFramework\Utility\ITimeFactory; class ResponseTest extends \Test\TestCase { - /** - * @var \OCP\AppFramework\Http\Response + * @var Response */ private $childResponse; @@ -40,35 +26,37 @@ class ResponseTest extends \Test\TestCase { } - public function testAddHeader() { + public function testAddHeader(): void { $this->childResponse->addHeader(' hello ', 'world'); $headers = $this->childResponse->getHeaders(); $this->assertEquals('world', $headers['hello']); } - public function testSetHeaders() { + public function testSetHeaders(): void { $expected = [ 'Last-Modified' => 1, 'ETag' => 3, 'Something-Else' => 'hi', - 'X-Robots-Tag' => 'none', + 'X-Robots-Tag' => 'noindex, nofollow', + 'Cache-Control' => 'no-cache, no-store, must-revalidate', ]; $this->childResponse->setHeaders($expected); - $headers = $this->childResponse->getHeaders(); $expected['Content-Security-Policy'] = "default-src 'none';base-uri 'none';manifest-src 'self';frame-ancestors 'none'"; $expected['Feature-Policy'] = "autoplay 'none';camera 'none';fullscreen 'none';geolocation 'none';microphone 'none';payment 'none'"; + $headers = $this->childResponse->getHeaders(); + unset($headers['X-Request-Id']); + $this->assertEquals($expected, $headers); } - public function testOverwriteCsp() { + public function testOverwriteCsp(): void { $expected = [ 'Content-Security-Policy' => "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self' 'unsafe-inline';style-src 'self' 'unsafe-inline';img-src 'self';font-src 'self' data:;connect-src 'self';media-src 'self'", ]; - $policy = new Http\ContentSecurityPolicy(); - $policy->allowInlineScript(true); + $policy = new ContentSecurityPolicy(); $this->childResponse->setContentSecurityPolicy($policy); $headers = $this->childResponse->getHeaders(); @@ -76,32 +64,31 @@ class ResponseTest extends \Test\TestCase { $this->assertEquals(array_merge($expected, $headers), $headers); } - public function testGetCsp() { - $policy = new Http\ContentSecurityPolicy(); - $policy->allowInlineScript(true); + public function testGetCsp(): void { + $policy = new ContentSecurityPolicy(); $this->childResponse->setContentSecurityPolicy($policy); $this->assertEquals($policy, $this->childResponse->getContentSecurityPolicy()); } - public function testGetCspEmpty() { - $this->assertEquals(new Http\EmptyContentSecurityPolicy(), $this->childResponse->getContentSecurityPolicy()); + public function testGetCspEmpty(): void { + $this->assertEquals(new EmptyContentSecurityPolicy(), $this->childResponse->getContentSecurityPolicy()); } - public function testAddHeaderValueNullDeletesIt() { + public function testAddHeaderValueNullDeletesIt(): void { $this->childResponse->addHeader('hello', 'world'); $this->childResponse->addHeader('hello', null); $this->assertEquals(5, count($this->childResponse->getHeaders())); } - public function testCacheHeadersAreDisabledByDefault() { + public function testCacheHeadersAreDisabledByDefault(): void { $headers = $this->childResponse->getHeaders(); $this->assertEquals('no-cache, no-store, must-revalidate', $headers['Cache-Control']); } - public function testAddCookie() { + public function testAddCookie(): void { $this->childResponse->addCookie('foo', 'bar'); $this->childResponse->addCookie('bar', 'foo', new \DateTime('1970-01-01')); @@ -121,7 +108,7 @@ class ResponseTest extends \Test\TestCase { } - public function testSetCookies() { + public function testSetCookies(): void { $expected = [ 'foo' => [ 'value' => 'bar', @@ -140,7 +127,7 @@ class ResponseTest extends \Test\TestCase { } - public function testInvalidateCookie() { + public function testInvalidateCookie(): void { $this->childResponse->addCookie('foo', 'bar'); $this->childResponse->invalidateCookie('foo'); $expected = [ @@ -157,7 +144,7 @@ class ResponseTest extends \Test\TestCase { } - public function testInvalidateCookies() { + public function testInvalidateCookies(): void { $this->childResponse->addCookie('foo', 'bar'); $this->childResponse->addCookie('bar', 'foo'); $expected = [ @@ -194,12 +181,12 @@ class ResponseTest extends \Test\TestCase { } - public function testRenderReturnNullByDefault() { + public function testRenderReturnNullByDefault(): void { $this->assertEquals(null, $this->childResponse->render()); } - public function testGetStatus() { + public function testGetStatus(): void { $default = $this->childResponse->getStatus(); $this->childResponse->setStatus(Http::STATUS_NOT_FOUND); @@ -209,13 +196,13 @@ class ResponseTest extends \Test\TestCase { } - public function testGetEtag() { + public function testGetEtag(): void { $this->childResponse->setEtag('hi'); $this->assertSame('hi', $this->childResponse->getEtag()); } - public function testGetLastModified() { + public function testGetLastModified(): void { $lastModified = new \DateTime('now', new \DateTimeZone('GMT')); $lastModified->setTimestamp(1); $this->childResponse->setLastModified($lastModified); @@ -224,17 +211,16 @@ class ResponseTest extends \Test\TestCase { - public function testCacheSecondsZero() { + public function testCacheSecondsZero(): void { $this->childResponse->cacheFor(0); $headers = $this->childResponse->getHeaders(); $this->assertEquals('no-cache, no-store, must-revalidate', $headers['Cache-Control']); - $this->assertFalse(isset($headers['Pragma'])); $this->assertFalse(isset($headers['Expires'])); } - public function testCacheSeconds() { + public function testCacheSeconds(): void { $time = $this->createMock(ITimeFactory::class); $time->method('getTime') ->willReturn(1234567); @@ -245,21 +231,20 @@ class ResponseTest extends \Test\TestCase { $headers = $this->childResponse->getHeaders(); $this->assertEquals('private, max-age=33, must-revalidate', $headers['Cache-Control']); - $this->assertEquals('private', $headers['Pragma']); - $this->assertEquals('Thu, 15 Jan 1970 06:56:40 +0000', $headers['Expires']); + $this->assertEquals('Thu, 15 Jan 1970 06:56:40 GMT', $headers['Expires']); } - public function testEtagLastModifiedHeaders() { + public function testEtagLastModifiedHeaders(): void { $lastModified = new \DateTime('now', new \DateTimeZone('GMT')); $lastModified->setTimestamp(1); $this->childResponse->setLastModified($lastModified); $headers = $this->childResponse->getHeaders(); - $this->assertEquals('Thu, 01 Jan 1970 00:00:01 +0000', $headers['Last-Modified']); + $this->assertEquals('Thu, 01 Jan 1970 00:00:01 GMT', $headers['Last-Modified']); } - public function testChainability() { + public function testChainability(): void { $lastModified = new \DateTime('now', new \DateTimeZone('GMT')); $lastModified->setTimestamp(1); @@ -274,18 +259,18 @@ class ResponseTest extends \Test\TestCase { $this->assertEquals('world', $headers['hello']); $this->assertEquals(Http::STATUS_NOT_FOUND, $this->childResponse->getStatus()); $this->assertEquals('hi', $this->childResponse->getEtag()); - $this->assertEquals('Thu, 01 Jan 1970 00:00:01 +0000', $headers['Last-Modified']); + $this->assertEquals('Thu, 01 Jan 1970 00:00:01 GMT', $headers['Last-Modified']); $this->assertEquals('private, max-age=33, must-revalidate', $headers['Cache-Control']); } - public function testThrottle() { + public function testThrottle(): void { $this->assertFalse($this->childResponse->isThrottled()); $this->childResponse->throttle(); $this->assertTrue($this->childResponse->isThrottled()); } - public function testGetThrottleMetadata() { + public function testGetThrottleMetadata(): void { $this->childResponse->throttle(['foo' => 'bar']); $this->assertSame(['foo' => 'bar'], $this->childResponse->getThrottleMetadata()); } diff --git a/tests/lib/AppFramework/Http/StreamResponseTest.php b/tests/lib/AppFramework/Http/StreamResponseTest.php index 97aced01506..87f6097a07a 100644 --- a/tests/lib/AppFramework/Http/StreamResponseTest.php +++ b/tests/lib/AppFramework/Http/StreamResponseTest.php @@ -1,24 +1,9 @@ <?php /** - * ownCloud - App Framework - * - * @author Bernhard Posselt - * @copyright 2015 Bernhard Posselt <dev@bernhard-posselt.com> - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE - * License as published by the Free Software Foundation; either - * version 3 of the License, or any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU AFFERO GENERAL PUBLIC LICENSE for more details. - * - * You should have received a copy of the GNU Affero General Public - * License along with this library. If not, see <http://www.gnu.org/licenses/>. - * + * SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors + * SPDX-FileCopyrightText: 2016 ownCloud, Inc. + * SPDX-License-Identifier: AGPL-3.0-or-later */ namespace Test\AppFramework\Http; @@ -28,7 +13,6 @@ use OCP\AppFramework\Http\IOutput; use OCP\AppFramework\Http\StreamResponse; class StreamResponseTest extends \Test\TestCase { - /** @var IOutput */ private $output; @@ -39,7 +23,7 @@ class StreamResponseTest extends \Test\TestCase { ->getMock(); } - public function testOutputNotModified() { + public function testOutputNotModified(): void { $path = __FILE__; $this->output->expects($this->once()) ->method('getHttpResponseCode') @@ -51,7 +35,7 @@ class StreamResponseTest extends \Test\TestCase { $response->callback($this->output); } - public function testOutputOk() { + public function testOutputOk(): void { $path = __FILE__; $this->output->expects($this->once()) ->method('getHttpResponseCode') @@ -65,7 +49,7 @@ class StreamResponseTest extends \Test\TestCase { $response->callback($this->output); } - public function testOutputNotFound() { + public function testOutputNotFound(): void { $path = __FILE__ . 'test'; $this->output->expects($this->once()) ->method('getHttpResponseCode') @@ -80,7 +64,7 @@ class StreamResponseTest extends \Test\TestCase { $response->callback($this->output); } - public function testOutputReadFileError() { + public function testOutputReadFileError(): void { $path = __FILE__; $this->output->expects($this->once()) ->method('getHttpResponseCode') diff --git a/tests/lib/AppFramework/Http/TemplateResponseTest.php b/tests/lib/AppFramework/Http/TemplateResponseTest.php index 6cbf112494e..28f952e35e3 100644 --- a/tests/lib/AppFramework/Http/TemplateResponseTest.php +++ b/tests/lib/AppFramework/Http/TemplateResponseTest.php @@ -1,24 +1,9 @@ <?php /** - * ownCloud - App Framework - * - * @author Bernhard Posselt - * @copyright 2012 Bernhard Posselt <dev@bernhard-posselt.com> - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE - * License as published by the Free Software Foundation; either - * version 3 of the License, or any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU AFFERO GENERAL PUBLIC LICENSE for more details. - * - * You should have received a copy of the GNU Affero General Public - * License along with this library. If not, see <http://www.gnu.org/licenses/>. - * + * SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors + * SPDX-FileCopyrightText: 2016 ownCloud, Inc. + * SPDX-License-Identifier: AGPL-3.0-or-later */ namespace Test\AppFramework\Http; @@ -27,9 +12,8 @@ use OCP\AppFramework\Http; use OCP\AppFramework\Http\TemplateResponse; class TemplateResponseTest extends \Test\TestCase { - /** - * @var \OCP\AppFramework\Http\TemplateResponse + * @var TemplateResponse */ private $tpl; @@ -40,7 +24,7 @@ class TemplateResponseTest extends \Test\TestCase { } - public function testSetParamsConstructor() { + public function testSetParamsConstructor(): void { $params = ['hi' => 'yo']; $this->tpl = new TemplateResponse('app', 'home', $params); @@ -48,7 +32,7 @@ class TemplateResponseTest extends \Test\TestCase { } - public function testSetRenderAsConstructor() { + public function testSetRenderAsConstructor(): void { $renderAs = 'myrender'; $this->tpl = new TemplateResponse('app', 'home', [], $renderAs); @@ -56,7 +40,7 @@ class TemplateResponseTest extends \Test\TestCase { } - public function testSetParams() { + public function testSetParams(): void { $params = ['hi' => 'yo']; $this->tpl->setParams($params); @@ -64,17 +48,17 @@ class TemplateResponseTest extends \Test\TestCase { } - public function testGetTemplateName() { + public function testGetTemplateName(): void { $this->assertEquals('home', $this->tpl->getTemplateName()); } - public function testGetRenderAs() { + public function testGetRenderAs(): void { $render = 'myrender'; $this->tpl->renderAs($render); $this->assertEquals($render, $this->tpl->getRenderAs()); } - public function testChainability() { + public function testChainability(): void { $params = ['hi' => 'yo']; $this->tpl->setParams($params) ->setStatus(Http::STATUS_NOT_FOUND); |