aboutsummaryrefslogtreecommitdiffstats
path: root/tests/lib/AppFramework/Middleware/Security/SecurityMiddlewareTest.php
diff options
context:
space:
mode:
Diffstat (limited to 'tests/lib/AppFramework/Middleware/Security/SecurityMiddlewareTest.php')
-rw-r--r--tests/lib/AppFramework/Middleware/Security/SecurityMiddlewareTest.php133
1 files changed, 43 insertions, 90 deletions
diff --git a/tests/lib/AppFramework/Middleware/Security/SecurityMiddlewareTest.php b/tests/lib/AppFramework/Middleware/Security/SecurityMiddlewareTest.php
index 07e368fd1e6..0c6fc21357d 100644
--- a/tests/lib/AppFramework/Middleware/Security/SecurityMiddlewareTest.php
+++ b/tests/lib/AppFramework/Middleware/Security/SecurityMiddlewareTest.php
@@ -1,4 +1,5 @@
<?php
+
/**
* SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors
* SPDX-FileCopyrightText: 2016 ownCloud, Inc.
@@ -125,7 +126,7 @@ class SecurityMiddlewareTest extends \Test\TestCase {
);
}
- public function dataNoCSRFRequiredPublicPage(): array {
+ public static function dataNoCSRFRequiredPublicPage(): array {
return [
['testAnnotationNoCSRFRequiredPublicPage'],
['testAnnotationNoCSRFRequiredAttributePublicPage'],
@@ -134,21 +135,21 @@ class SecurityMiddlewareTest extends \Test\TestCase {
];
}
- public function dataPublicPage(): array {
+ public static function dataPublicPage(): array {
return [
['testAnnotationPublicPage'],
['testAttributePublicPage'],
];
}
- public function dataNoCSRFRequired(): array {
+ public static function dataNoCSRFRequired(): array {
return [
['testAnnotationNoCSRFRequired'],
['testAttributeNoCSRFRequired'],
];
}
- public function dataPublicPageStrictCookieRequired(): array {
+ public static function dataPublicPageStrictCookieRequired(): array {
return [
['testAnnotationPublicPageStrictCookieRequired'],
['testAnnotationStrictCookieRequiredAttributePublicPage'],
@@ -157,28 +158,28 @@ class SecurityMiddlewareTest extends \Test\TestCase {
];
}
- public function dataNoCSRFRequiredPublicPageStrictCookieRequired(): array {
+ public static function dataNoCSRFRequiredPublicPageStrictCookieRequired(): array {
return [
['testAnnotationNoCSRFRequiredPublicPageStrictCookieRequired'],
['testAttributeNoCSRFRequiredPublicPageStrictCookiesRequired'],
];
}
- public function dataNoAdminRequiredNoCSRFRequired(): array {
+ public static function dataNoAdminRequiredNoCSRFRequired(): array {
return [
['testAnnotationNoAdminRequiredNoCSRFRequired'],
['testAttributeNoAdminRequiredNoCSRFRequired'],
];
}
- public function dataNoAdminRequiredNoCSRFRequiredPublicPage(): array {
+ public static function dataNoAdminRequiredNoCSRFRequiredPublicPage(): array {
return [
['testAnnotationNoAdminRequiredNoCSRFRequiredPublicPage'],
['testAttributeNoAdminRequiredNoCSRFRequiredPublicPage'],
];
}
- public function dataNoCSRFRequiredSubAdminRequired(): array {
+ public static function dataNoCSRFRequiredSubAdminRequired(): array {
return [
['testAnnotationNoCSRFRequiredSubAdminRequired'],
['testAnnotationNoCSRFRequiredAttributeSubAdminRequired'],
@@ -194,9 +195,7 @@ class SecurityMiddlewareTest extends \Test\TestCase {
];
}
- /**
- * @dataProvider dataNoCSRFRequiredPublicPage
- */
+ #[\PHPUnit\Framework\Attributes\DataProvider('dataNoCSRFRequiredPublicPage')]
public function testSetNavigationEntry(string $method): void {
$this->navigationManager->expects($this->once())
->method('setActiveEntry')
@@ -244,9 +243,7 @@ class SecurityMiddlewareTest extends \Test\TestCase {
);
}
- /**
- * @dataProvider dataNoCSRFRequired
- */
+ #[\PHPUnit\Framework\Attributes\DataProvider('dataNoCSRFRequired')]
public function testAjaxNotAdminCheck(string $method): void {
$this->ajaxExceptionStatus(
$method,
@@ -255,9 +252,7 @@ class SecurityMiddlewareTest extends \Test\TestCase {
);
}
- /**
- * @dataProvider dataPublicPage
- */
+ #[\PHPUnit\Framework\Attributes\DataProvider('dataPublicPage')]
public function testAjaxStatusCSRFCheck(string $method): void {
$this->ajaxExceptionStatus(
$method,
@@ -266,9 +261,7 @@ class SecurityMiddlewareTest extends \Test\TestCase {
);
}
- /**
- * @dataProvider dataNoCSRFRequiredPublicPage
- */
+ #[\PHPUnit\Framework\Attributes\DataProvider('dataNoCSRFRequiredPublicPage')]
public function testAjaxStatusAllGood(string $method): void {
$this->ajaxExceptionStatus(
$method,
@@ -287,9 +280,7 @@ class SecurityMiddlewareTest extends \Test\TestCase {
);
}
- /**
- * @dataProvider dataNoCSRFRequiredPublicPage
- */
+ #[\PHPUnit\Framework\Attributes\DataProvider('dataNoCSRFRequiredPublicPage')]
public function testNoChecks(string $method): void {
$this->request->expects($this->never())
->method('passesCSRFCheck')
@@ -328,11 +319,9 @@ class SecurityMiddlewareTest extends \Test\TestCase {
}
- /**
- * @dataProvider dataPublicPage
- */
+ #[\PHPUnit\Framework\Attributes\DataProvider('dataPublicPage')]
public function testCsrfCheck(string $method): void {
- $this->expectException(\OC\AppFramework\Middleware\Security\Exceptions\CrossSiteRequestForgeryException::class);
+ $this->expectException(CrossSiteRequestForgeryException::class);
$this->request->expects($this->once())
->method('passesCSRFCheck')
@@ -344,9 +333,7 @@ class SecurityMiddlewareTest extends \Test\TestCase {
$this->middleware->beforeController($this->controller, $method);
}
- /**
- * @dataProvider dataNoCSRFRequiredPublicPage
- */
+ #[\PHPUnit\Framework\Attributes\DataProvider('dataNoCSRFRequiredPublicPage')]
public function testNoCsrfCheck(string $method): void {
$this->request->expects($this->never())
->method('passesCSRFCheck')
@@ -356,9 +343,7 @@ class SecurityMiddlewareTest extends \Test\TestCase {
$this->middleware->beforeController($this->controller, $method);
}
- /**
- * @dataProvider dataPublicPage
- */
+ #[\PHPUnit\Framework\Attributes\DataProvider('dataPublicPage')]
public function testPassesCsrfCheck(string $method): void {
$this->request->expects($this->once())
->method('passesCSRFCheck')
@@ -371,11 +356,9 @@ class SecurityMiddlewareTest extends \Test\TestCase {
$this->middleware->beforeController($this->controller, $method);
}
- /**
- * @dataProvider dataPublicPage
- */
+ #[\PHPUnit\Framework\Attributes\DataProvider('dataPublicPage')]
public function testFailCsrfCheck(string $method): void {
- $this->expectException(\OC\AppFramework\Middleware\Security\Exceptions\CrossSiteRequestForgeryException::class);
+ $this->expectException(CrossSiteRequestForgeryException::class);
$this->request->expects($this->once())
->method('passesCSRFCheck')
@@ -388,9 +371,7 @@ class SecurityMiddlewareTest extends \Test\TestCase {
$this->middleware->beforeController($this->controller, $method);
}
- /**
- * @dataProvider dataPublicPageStrictCookieRequired
- */
+ #[\PHPUnit\Framework\Attributes\DataProvider('dataPublicPageStrictCookieRequired')]
public function testStrictCookieRequiredCheck(string $method): void {
$this->expectException(\OC\AppFramework\Middleware\Security\Exceptions\StrictCookieMissingException::class);
@@ -404,9 +385,7 @@ class SecurityMiddlewareTest extends \Test\TestCase {
$this->middleware->beforeController($this->controller, $method);
}
- /**
- * @dataProvider dataNoCSRFRequiredPublicPage
- */
+ #[\PHPUnit\Framework\Attributes\DataProvider('dataNoCSRFRequiredPublicPage')]
public function testNoStrictCookieRequiredCheck(string $method): void {
$this->request->expects($this->never())
->method('passesStrictCookieCheck')
@@ -416,9 +395,7 @@ class SecurityMiddlewareTest extends \Test\TestCase {
$this->middleware->beforeController($this->controller, $method);
}
- /**
- * @dataProvider dataNoCSRFRequiredPublicPageStrictCookieRequired
- */
+ #[\PHPUnit\Framework\Attributes\DataProvider('dataNoCSRFRequiredPublicPageStrictCookieRequired')]
public function testPassesStrictCookieRequiredCheck(string $method): void {
$this->request
->expects($this->once())
@@ -429,7 +406,7 @@ class SecurityMiddlewareTest extends \Test\TestCase {
$this->middleware->beforeController($this->controller, $method);
}
- public function dataCsrfOcsController(): array {
+ public static function dataCsrfOcsController(): array {
return [
[NormalController::class, false, false, true],
[NormalController::class, false, true, true],
@@ -444,12 +421,12 @@ class SecurityMiddlewareTest extends \Test\TestCase {
}
/**
- * @dataProvider dataCsrfOcsController
* @param string $controllerClass
* @param bool $hasOcsApiHeader
* @param bool $hasBearerAuth
* @param bool $exception
*/
+ #[\PHPUnit\Framework\Attributes\DataProvider('dataCsrfOcsController')]
public function testCsrfOcsController(string $controllerClass, bool $hasOcsApiHeader, bool $hasBearerAuth, bool $exception): void {
$this->request
->method('getHeader')
@@ -476,30 +453,22 @@ class SecurityMiddlewareTest extends \Test\TestCase {
}
}
- /**
- * @dataProvider dataNoAdminRequiredNoCSRFRequired
- */
+ #[\PHPUnit\Framework\Attributes\DataProvider('dataNoAdminRequiredNoCSRFRequired')]
public function testLoggedInCheck(string $method): void {
$this->securityCheck($method, 'isLoggedIn');
}
- /**
- * @dataProvider dataNoAdminRequiredNoCSRFRequired
- */
+ #[\PHPUnit\Framework\Attributes\DataProvider('dataNoAdminRequiredNoCSRFRequired')]
public function testFailLoggedInCheck(string $method): void {
$this->securityCheck($method, 'isLoggedIn', true);
}
- /**
- * @dataProvider dataNoCSRFRequired
- */
+ #[\PHPUnit\Framework\Attributes\DataProvider('dataNoCSRFRequired')]
public function testIsAdminCheck(string $method): void {
$this->securityCheck($method, 'isAdminUser');
}
- /**
- * @dataProvider dataNoCSRFRequiredSubAdminRequired
- */
+ #[\PHPUnit\Framework\Attributes\DataProvider('dataNoCSRFRequiredSubAdminRequired')]
public function testIsNotSubAdminCheck(string $method): void {
$this->reader->reflect($this->controller, $method);
$sec = $this->getMiddleware(true, false, false);
@@ -508,9 +477,7 @@ class SecurityMiddlewareTest extends \Test\TestCase {
$sec->beforeController($this->controller, $method);
}
- /**
- * @dataProvider dataNoCSRFRequiredSubAdminRequired
- */
+ #[\PHPUnit\Framework\Attributes\DataProvider('dataNoCSRFRequiredSubAdminRequired')]
public function testIsSubAdminCheck(string $method): void {
$this->reader->reflect($this->controller, $method);
$sec = $this->getMiddleware(true, false, true);
@@ -519,9 +486,7 @@ class SecurityMiddlewareTest extends \Test\TestCase {
$this->addToAssertionCount(1);
}
- /**
- * @dataProvider dataNoCSRFRequiredSubAdminRequired
- */
+ #[\PHPUnit\Framework\Attributes\DataProvider('dataNoCSRFRequiredSubAdminRequired')]
public function testIsSubAdminAndAdminCheck(string $method): void {
$this->reader->reflect($this->controller, $method);
$sec = $this->getMiddleware(true, true, true);
@@ -530,16 +495,12 @@ class SecurityMiddlewareTest extends \Test\TestCase {
$this->addToAssertionCount(1);
}
- /**
- * @dataProvider dataNoCSRFRequired
- */
+ #[\PHPUnit\Framework\Attributes\DataProvider('dataNoCSRFRequired')]
public function testFailIsAdminCheck(string $method): void {
$this->securityCheck($method, 'isAdminUser', true);
}
- /**
- * @dataProvider dataNoAdminRequiredNoCSRFRequiredPublicPage
- */
+ #[\PHPUnit\Framework\Attributes\DataProvider('dataNoAdminRequiredNoCSRFRequiredPublicPage')]
public function testRestrictedAppLoggedInPublicPage(string $method): void {
$middleware = $this->getMiddleware(true, false, false);
$this->reader->reflect($this->controller, $method);
@@ -556,9 +517,7 @@ class SecurityMiddlewareTest extends \Test\TestCase {
$this->addToAssertionCount(1);
}
- /**
- * @dataProvider dataNoAdminRequiredNoCSRFRequiredPublicPage
- */
+ #[\PHPUnit\Framework\Attributes\DataProvider('dataNoAdminRequiredNoCSRFRequiredPublicPage')]
public function testRestrictedAppNotLoggedInPublicPage(string $method): void {
$middleware = $this->getMiddleware(false, false, false);
$this->reader->reflect($this->controller, $method);
@@ -575,9 +534,7 @@ class SecurityMiddlewareTest extends \Test\TestCase {
$this->addToAssertionCount(1);
}
- /**
- * @dataProvider dataNoAdminRequiredNoCSRFRequired
- */
+ #[\PHPUnit\Framework\Attributes\DataProvider('dataNoAdminRequiredNoCSRFRequired')]
public function testRestrictedAppLoggedIn(string $method): void {
$middleware = $this->getMiddleware(true, false, false, false);
$this->reader->reflect($this->controller, $method);
@@ -600,8 +557,8 @@ class SecurityMiddlewareTest extends \Test\TestCase {
public function testAfterExceptionReturnsRedirectForNotLoggedInUser(): void {
$this->request = new Request(
[
- 'server' =>
- [
+ 'server'
+ => [
'HTTP_ACCEPT' => 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
'REQUEST_URI' => 'nextcloud/index.php/apps/specialapp'
]
@@ -659,7 +616,7 @@ class SecurityMiddlewareTest extends \Test\TestCase {
/**
* @return array
*/
- public function exceptionProvider() {
+ public static function exceptionProvider(): array {
return [
[
new AppNotEnabledException(),
@@ -674,14 +631,14 @@ class SecurityMiddlewareTest extends \Test\TestCase {
}
/**
- * @dataProvider exceptionProvider
* @param SecurityException $exception
*/
+ #[\PHPUnit\Framework\Attributes\DataProvider('exceptionProvider')]
public function testAfterExceptionReturnsTemplateResponse(SecurityException $exception): void {
$this->request = new Request(
[
- 'server' =>
- [
+ 'server'
+ => [
'HTTP_ACCEPT' => 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
'REQUEST_URI' => 'nextcloud/index.php/apps/specialapp'
]
@@ -710,9 +667,7 @@ class SecurityMiddlewareTest extends \Test\TestCase {
$this->assertTrue($response instanceof JSONResponse);
}
- /**
- * @dataProvider dataExAppRequired
- */
+ #[\PHPUnit\Framework\Attributes\DataProvider('dataExAppRequired')]
public function testExAppRequired(string $method): void {
$middleware = $this->getMiddleware(true, false, false);
$this->reader->reflect($this->controller, $method);
@@ -731,9 +686,7 @@ class SecurityMiddlewareTest extends \Test\TestCase {
$middleware->beforeController($this->controller, $method);
}
- /**
- * @dataProvider dataExAppRequired
- */
+ #[\PHPUnit\Framework\Attributes\DataProvider('dataExAppRequired')]
public function testExAppRequiredError(string $method): void {
$middleware = $this->getMiddleware(true, false, false, false);
$this->reader->reflect($this->controller, $method);
generated by cgit v1.2.3 (git 2.39.1) at 2025-07-04 00:12:25 +0000