diff options
Diffstat (limited to 'tests/lib/Security/CSRF')
| -rw-r--r-- | tests/lib/Security/CSRF/CsrfTokenGeneratorTest.php | 31 | ||||
| -rw-r--r-- | tests/lib/Security/CSRF/CsrfTokenManagerTest.php | 67 | ||||
| -rw-r--r-- | tests/lib/Security/CSRF/CsrfTokenTest.php | 34 | ||||
| -rw-r--r-- | tests/lib/Security/CSRF/TokenStorage/SessionStorageTest.php | 43 |
4 files changed, 64 insertions, 111 deletions
diff --git a/tests/lib/Security/CSRF/CsrfTokenGeneratorTest.php b/tests/lib/Security/CSRF/CsrfTokenGeneratorTest.php index 256199eff15..86f458d8ea8 100644 --- a/tests/lib/Security/CSRF/CsrfTokenGeneratorTest.php +++ b/tests/lib/Security/CSRF/CsrfTokenGeneratorTest.php @@ -3,29 +3,18 @@ declare(strict_types=1); /** - * @author Lukas Reschke <lukas@owncloud.com> - * - * @copyright Copyright (c) 2016, ownCloud, Inc. - * @license AGPL-3.0 - * - * This code is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License, version 3, - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License, version 3, - * along with this program. If not, see <http://www.gnu.org/licenses/> - * + * SPDX-FileCopyrightText: 2019-2024 Nextcloud GmbH and Nextcloud contributors + * SPDX-FileCopyrightText: 2016 ownCloud, Inc. + * SPDX-License-Identifier: AGPL-3.0-only */ namespace Test\Security\CSRF; +use OC\Security\CSRF\CsrfTokenGenerator; +use OCP\Security\ISecureRandom; + class CsrfTokenGeneratorTest extends \Test\TestCase { - /** @var \OCP\Security\ISecureRandom */ + /** @var ISecureRandom */ private $random; /** @var \OC\Security\CSRF\CsrfTokenGenerator */ private $csrfTokenGenerator; @@ -34,10 +23,10 @@ class CsrfTokenGeneratorTest extends \Test\TestCase { parent::setUp(); $this->random = $this->getMockBuilder('\OCP\Security\ISecureRandom') ->disableOriginalConstructor()->getMock(); - $this->csrfTokenGenerator = new \OC\Security\CSRF\CsrfTokenGenerator($this->random); + $this->csrfTokenGenerator = new CsrfTokenGenerator($this->random); } - public function testGenerateTokenWithCustomNumber() { + public function testGenerateTokenWithCustomNumber(): void { $this->random ->expects($this->once()) ->method('generate') @@ -46,7 +35,7 @@ class CsrfTokenGeneratorTest extends \Test\TestCase { $this->assertSame('abc', $this->csrfTokenGenerator->generateToken(3)); } - public function testGenerateTokenWithDefault() { + public function testGenerateTokenWithDefault(): void { $this->random ->expects($this->once()) ->method('generate') diff --git a/tests/lib/Security/CSRF/CsrfTokenManagerTest.php b/tests/lib/Security/CSRF/CsrfTokenManagerTest.php index 44a9a7a929d..66ee18475a4 100644 --- a/tests/lib/Security/CSRF/CsrfTokenManagerTest.php +++ b/tests/lib/Security/CSRF/CsrfTokenManagerTest.php @@ -3,27 +3,16 @@ declare(strict_types=1); /** - * @author Lukas Reschke <lukas@owncloud.com> - * - * @copyright Copyright (c) 2016, ownCloud, Inc. - * @license AGPL-3.0 - * - * This code is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License, version 3, - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License, version 3, - * along with this program. If not, see <http://www.gnu.org/licenses/> - * + * SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors + * SPDX-FileCopyrightText: 2016 ownCloud, Inc. + * SPDX-License-Identifier: AGPL-3.0-only */ namespace Test\Security\CSRF; +use OC\Security\CSRF\CsrfToken; +use OC\Security\CSRF\CsrfTokenManager; + class CsrfTokenManagerTest extends \Test\TestCase { /** @var \OC\Security\CSRF\CsrfTokenManager */ private $csrfTokenManager; @@ -39,13 +28,13 @@ class CsrfTokenManagerTest extends \Test\TestCase { $this->storageInterface = $this->getMockBuilder('\OC\Security\CSRF\TokenStorage\SessionStorage') ->disableOriginalConstructor()->getMock(); - $this->csrfTokenManager = new \OC\Security\CSRF\CsrfTokenManager( + $this->csrfTokenManager = new CsrfTokenManager( $this->tokenGenerator, $this->storageInterface ); } - public function testGetTokenWithExistingToken() { + public function testGetTokenWithExistingToken(): void { $this->storageInterface ->expects($this->once()) ->method('hasToken') @@ -55,11 +44,11 @@ class CsrfTokenManagerTest extends \Test\TestCase { ->method('getToken') ->willReturn('MyExistingToken'); - $expected = new \OC\Security\CSRF\CsrfToken('MyExistingToken'); + $expected = new CsrfToken('MyExistingToken'); $this->assertEquals($expected, $this->csrfTokenManager->getToken()); } - public function testGetTokenWithExistingTokenKeepsOnSecondRequest() { + public function testGetTokenWithExistingTokenKeepsOnSecondRequest(): void { $this->storageInterface ->expects($this->once()) ->method('hasToken') @@ -69,13 +58,13 @@ class CsrfTokenManagerTest extends \Test\TestCase { ->method('getToken') ->willReturn('MyExistingToken'); - $expected = new \OC\Security\CSRF\CsrfToken('MyExistingToken'); + $expected = new CsrfToken('MyExistingToken'); $token = $this->csrfTokenManager->getToken(); $this->assertSame($token, $this->csrfTokenManager->getToken()); $this->assertSame($token, $this->csrfTokenManager->getToken()); } - public function testGetTokenWithoutExistingToken() { + public function testGetTokenWithoutExistingToken(): void { $this->storageInterface ->expects($this->once()) ->method('hasToken') @@ -89,11 +78,11 @@ class CsrfTokenManagerTest extends \Test\TestCase { ->method('setToken') ->with('MyNewToken'); - $expected = new \OC\Security\CSRF\CsrfToken('MyNewToken'); + $expected = new CsrfToken('MyNewToken'); $this->assertEquals($expected, $this->csrfTokenManager->getToken()); } - public function testRefreshToken() { + public function testRefreshToken(): void { $this->tokenGenerator ->expects($this->once()) ->method('generateToken') @@ -103,11 +92,11 @@ class CsrfTokenManagerTest extends \Test\TestCase { ->method('setToken') ->with('MyNewToken'); - $expected = new \OC\Security\CSRF\CsrfToken('MyNewToken'); + $expected = new CsrfToken('MyNewToken'); $this->assertEquals($expected, $this->csrfTokenManager->refreshToken()); } - public function testRemoveToken() { + public function testRemoveToken(): void { $this->storageInterface ->expects($this->once()) ->method('removeToken'); @@ -115,22 +104,22 @@ class CsrfTokenManagerTest extends \Test\TestCase { $this->csrfTokenManager->removeToken(); } - public function testIsTokenValidWithoutToken() { + public function testIsTokenValidWithoutToken(): void { $this->storageInterface ->expects($this->once()) ->method('hasToken') ->willReturn(false); - $token = new \OC\Security\CSRF\CsrfToken('Token'); + $token = new CsrfToken('Token'); $this->assertSame(false, $this->csrfTokenManager->isTokenValid($token)); } - public function testIsTokenValidWithWrongToken() { + public function testIsTokenValidWithWrongToken(): void { $this->storageInterface ->expects($this->once()) ->method('hasToken') ->willReturn(true); - $token = new \OC\Security\CSRF\CsrfToken('Token'); + $token = new CsrfToken('Token'); $this->storageInterface ->expects($this->once()) ->method('getToken') @@ -139,20 +128,20 @@ class CsrfTokenManagerTest extends \Test\TestCase { $this->assertSame(false, $this->csrfTokenManager->isTokenValid($token)); } - public function testIsTokenValidWithValidToken() { + public function testIsTokenValidWithValidToken(): void { $a = 'abc'; $b = 'def'; $xorB64 = 'BQcF'; $tokenVal = sprintf('%s:%s', $xorB64, base64_encode($a)); $this->storageInterface - ->expects($this->once()) - ->method('hasToken') - ->willReturn(true); - $token = new \OC\Security\CSRF\CsrfToken($tokenVal); + ->expects($this->once()) + ->method('hasToken') + ->willReturn(true); + $token = new CsrfToken($tokenVal); $this->storageInterface - ->expects($this->once()) - ->method('getToken') - ->willReturn($b); + ->expects($this->once()) + ->method('getToken') + ->willReturn($b); $this->assertSame(true, $this->csrfTokenManager->isTokenValid($token)); } diff --git a/tests/lib/Security/CSRF/CsrfTokenTest.php b/tests/lib/Security/CSRF/CsrfTokenTest.php index b694e797232..5b5ba5ae54f 100644 --- a/tests/lib/Security/CSRF/CsrfTokenTest.php +++ b/tests/lib/Security/CSRF/CsrfTokenTest.php @@ -3,47 +3,35 @@ declare(strict_types=1); /** - * @author Lukas Reschke <lukas@owncloud.com> - * - * @copyright Copyright (c) 2016, ownCloud, Inc. - * @license AGPL-3.0 - * - * This code is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License, version 3, - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License, version 3, - * along with this program. If not, see <http://www.gnu.org/licenses/> - * + * SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors + * SPDX-FileCopyrightText: 2016 ownCloud, Inc. + * SPDX-License-Identifier: AGPL-3.0-only */ namespace Test\Security\CSRF; +use OC\Security\CSRF\CsrfToken; + class CsrfTokenTest extends \Test\TestCase { - public function testGetEncryptedValue() { - $csrfToken = new \OC\Security\CSRF\CsrfToken('MyCsrfToken'); + public function testGetEncryptedValue(): void { + $csrfToken = new CsrfToken('MyCsrfToken'); $this->assertSame(33, strlen($csrfToken->getEncryptedValue())); $this->assertSame(':', $csrfToken->getEncryptedValue()[16]); } - public function testGetEncryptedValueStaysSameOnSecondRequest() { - $csrfToken = new \OC\Security\CSRF\CsrfToken('MyCsrfToken'); + public function testGetEncryptedValueStaysSameOnSecondRequest(): void { + $csrfToken = new CsrfToken('MyCsrfToken'); $tokenValue = $csrfToken->getEncryptedValue(); $this->assertSame($tokenValue, $csrfToken->getEncryptedValue()); $this->assertSame($tokenValue, $csrfToken->getEncryptedValue()); } - public function testGetDecryptedValue() { + public function testGetDecryptedValue(): void { $a = 'abc'; $b = 'def'; $xorB64 = 'BQcF'; $tokenVal = sprintf('%s:%s', $xorB64, base64_encode($a)); - $csrfToken = new \OC\Security\CSRF\CsrfToken($tokenVal); + $csrfToken = new CsrfToken($tokenVal); $this->assertSame($b, $csrfToken->getDecryptedValue()); } } diff --git a/tests/lib/Security/CSRF/TokenStorage/SessionStorageTest.php b/tests/lib/Security/CSRF/TokenStorage/SessionStorageTest.php index f55cf49f142..2b2c4af0444 100644 --- a/tests/lib/Security/CSRF/TokenStorage/SessionStorageTest.php +++ b/tests/lib/Security/CSRF/TokenStorage/SessionStorageTest.php @@ -3,31 +3,18 @@ declare(strict_types=1); /** - * @author Lukas Reschke <lukas@owncloud.com> - * - * @copyright Copyright (c) 2016, ownCloud, Inc. - * @license AGPL-3.0 - * - * This code is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License, version 3, - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License, version 3, - * along with this program. If not, see <http://www.gnu.org/licenses/> - * + * SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors + * SPDX-FileCopyrightText: 2016 ownCloud, Inc. + * SPDX-License-Identifier: AGPL-3.0-only */ namespace Test\Security\CSRF\TokenStorage; +use OC\Security\CSRF\TokenStorage\SessionStorage; use OCP\ISession; class SessionStorageTest extends \Test\TestCase { - /** @var \OCP\ISession */ + /** @var ISession */ private $session; /** @var \OC\Security\CSRF\TokenStorage\SessionStorage */ private $sessionStorage; @@ -36,13 +23,13 @@ class SessionStorageTest extends \Test\TestCase { parent::setUp(); $this->session = $this->getMockBuilder(ISession::class) ->disableOriginalConstructor()->getMock(); - $this->sessionStorage = new \OC\Security\CSRF\TokenStorage\SessionStorage($this->session); + $this->sessionStorage = new SessionStorage($this->session); } /** * @return array */ - public function getTokenDataProvider() { + public static function getTokenDataProvider(): array { return [ [ '', @@ -55,10 +42,10 @@ class SessionStorageTest extends \Test\TestCase { /** * @param string $token - * @dataProvider getTokenDataProvider * */ - public function testGetTokenWithEmptyToken($token) { + #[\PHPUnit\Framework\Attributes\DataProvider('getTokenDataProvider')] + public function testGetTokenWithEmptyToken($token): void { $this->expectException(\Exception::class); $this->expectExceptionMessage('Session does not contain a requesttoken'); @@ -70,7 +57,7 @@ class SessionStorageTest extends \Test\TestCase { $this->sessionStorage->getToken(); } - public function testGetTokenWithValidToken() { + public function testGetTokenWithValidToken(): void { $this->session ->expects($this->once()) ->method('get') @@ -79,7 +66,7 @@ class SessionStorageTest extends \Test\TestCase { $this->assertSame('MyFancyCsrfToken', $this->sessionStorage->getToken()); } - public function testSetToken() { + public function testSetToken(): void { $this->session ->expects($this->once()) ->method('set') @@ -87,7 +74,7 @@ class SessionStorageTest extends \Test\TestCase { $this->sessionStorage->setToken('TokenToSet'); } - public function testRemoveToken() { + public function testRemoveToken(): void { $this->session ->expects($this->once()) ->method('remove') @@ -95,7 +82,7 @@ class SessionStorageTest extends \Test\TestCase { $this->sessionStorage->removeToken(); } - public function testHasTokenWithExistingToken() { + public function testHasTokenWithExistingToken(): void { $this->session ->expects($this->once()) ->method('exists') @@ -104,7 +91,7 @@ class SessionStorageTest extends \Test\TestCase { $this->assertSame(true, $this->sessionStorage->hasToken()); } - public function testHasTokenWithoutExistingToken() { + public function testHasTokenWithoutExistingToken(): void { $this->session ->expects($this->once()) ->method('exists') @@ -113,7 +100,7 @@ class SessionStorageTest extends \Test\TestCase { $this->assertSame(false, $this->sessionStorage->hasToken()); } - public function testSetSession() { + public function testSetSession(): void { $session = $this->createMock(ISession::class); $session ->expects($this->once()) |