diff options
Diffstat (limited to 'tests/lib/Security/CSRF')
| -rw-r--r-- | tests/lib/Security/CSRF/CsrfTokenGeneratorTest.php | 46 | ||||
| -rw-r--r-- | tests/lib/Security/CSRF/CsrfTokenManagerTest.php | 148 | ||||
| -rw-r--r-- | tests/lib/Security/CSRF/CsrfTokenTest.php | 37 | ||||
| -rw-r--r-- | tests/lib/Security/CSRF/TokenStorage/SessionStorageTest.php | 113 |
4 files changed, 344 insertions, 0 deletions
diff --git a/tests/lib/Security/CSRF/CsrfTokenGeneratorTest.php b/tests/lib/Security/CSRF/CsrfTokenGeneratorTest.php new file mode 100644 index 00000000000..86f458d8ea8 --- /dev/null +++ b/tests/lib/Security/CSRF/CsrfTokenGeneratorTest.php @@ -0,0 +1,46 @@ +<?php + +declare(strict_types=1); + +/** + * SPDX-FileCopyrightText: 2019-2024 Nextcloud GmbH and Nextcloud contributors + * SPDX-FileCopyrightText: 2016 ownCloud, Inc. + * SPDX-License-Identifier: AGPL-3.0-only + */ + +namespace Test\Security\CSRF; + +use OC\Security\CSRF\CsrfTokenGenerator; +use OCP\Security\ISecureRandom; + +class CsrfTokenGeneratorTest extends \Test\TestCase { + /** @var ISecureRandom */ + private $random; + /** @var \OC\Security\CSRF\CsrfTokenGenerator */ + private $csrfTokenGenerator; + + protected function setUp(): void { + parent::setUp(); + $this->random = $this->getMockBuilder('\OCP\Security\ISecureRandom') + ->disableOriginalConstructor()->getMock(); + $this->csrfTokenGenerator = new CsrfTokenGenerator($this->random); + } + + public function testGenerateTokenWithCustomNumber(): void { + $this->random + ->expects($this->once()) + ->method('generate') + ->with(3) + ->willReturn('abc'); + $this->assertSame('abc', $this->csrfTokenGenerator->generateToken(3)); + } + + public function testGenerateTokenWithDefault(): void { + $this->random + ->expects($this->once()) + ->method('generate') + ->with(32) + ->willReturn('12345678901234567890123456789012'); + $this->assertSame('12345678901234567890123456789012', $this->csrfTokenGenerator->generateToken(32)); + } +} diff --git a/tests/lib/Security/CSRF/CsrfTokenManagerTest.php b/tests/lib/Security/CSRF/CsrfTokenManagerTest.php new file mode 100644 index 00000000000..66ee18475a4 --- /dev/null +++ b/tests/lib/Security/CSRF/CsrfTokenManagerTest.php @@ -0,0 +1,148 @@ +<?php + +declare(strict_types=1); + +/** + * SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors + * SPDX-FileCopyrightText: 2016 ownCloud, Inc. + * SPDX-License-Identifier: AGPL-3.0-only + */ + +namespace Test\Security\CSRF; + +use OC\Security\CSRF\CsrfToken; +use OC\Security\CSRF\CsrfTokenManager; + +class CsrfTokenManagerTest extends \Test\TestCase { + /** @var \OC\Security\CSRF\CsrfTokenManager */ + private $csrfTokenManager; + /** @var \OC\Security\CSRF\CsrfTokenGenerator */ + private $tokenGenerator; + /** @var \OC\Security\CSRF\TokenStorage\SessionStorage */ + private $storageInterface; + + protected function setUp(): void { + parent::setUp(); + $this->tokenGenerator = $this->getMockBuilder('\OC\Security\CSRF\CsrfTokenGenerator') + ->disableOriginalConstructor()->getMock(); + $this->storageInterface = $this->getMockBuilder('\OC\Security\CSRF\TokenStorage\SessionStorage') + ->disableOriginalConstructor()->getMock(); + + $this->csrfTokenManager = new CsrfTokenManager( + $this->tokenGenerator, + $this->storageInterface + ); + } + + public function testGetTokenWithExistingToken(): void { + $this->storageInterface + ->expects($this->once()) + ->method('hasToken') + ->willReturn(true); + $this->storageInterface + ->expects($this->once()) + ->method('getToken') + ->willReturn('MyExistingToken'); + + $expected = new CsrfToken('MyExistingToken'); + $this->assertEquals($expected, $this->csrfTokenManager->getToken()); + } + + public function testGetTokenWithExistingTokenKeepsOnSecondRequest(): void { + $this->storageInterface + ->expects($this->once()) + ->method('hasToken') + ->willReturn(true); + $this->storageInterface + ->expects($this->once()) + ->method('getToken') + ->willReturn('MyExistingToken'); + + $expected = new CsrfToken('MyExistingToken'); + $token = $this->csrfTokenManager->getToken(); + $this->assertSame($token, $this->csrfTokenManager->getToken()); + $this->assertSame($token, $this->csrfTokenManager->getToken()); + } + + public function testGetTokenWithoutExistingToken(): void { + $this->storageInterface + ->expects($this->once()) + ->method('hasToken') + ->willReturn(false); + $this->tokenGenerator + ->expects($this->once()) + ->method('generateToken') + ->willReturn('MyNewToken'); + $this->storageInterface + ->expects($this->once()) + ->method('setToken') + ->with('MyNewToken'); + + $expected = new CsrfToken('MyNewToken'); + $this->assertEquals($expected, $this->csrfTokenManager->getToken()); + } + + public function testRefreshToken(): void { + $this->tokenGenerator + ->expects($this->once()) + ->method('generateToken') + ->willReturn('MyNewToken'); + $this->storageInterface + ->expects($this->once()) + ->method('setToken') + ->with('MyNewToken'); + + $expected = new CsrfToken('MyNewToken'); + $this->assertEquals($expected, $this->csrfTokenManager->refreshToken()); + } + + public function testRemoveToken(): void { + $this->storageInterface + ->expects($this->once()) + ->method('removeToken'); + + $this->csrfTokenManager->removeToken(); + } + + public function testIsTokenValidWithoutToken(): void { + $this->storageInterface + ->expects($this->once()) + ->method('hasToken') + ->willReturn(false); + $token = new CsrfToken('Token'); + + $this->assertSame(false, $this->csrfTokenManager->isTokenValid($token)); + } + + public function testIsTokenValidWithWrongToken(): void { + $this->storageInterface + ->expects($this->once()) + ->method('hasToken') + ->willReturn(true); + $token = new CsrfToken('Token'); + $this->storageInterface + ->expects($this->once()) + ->method('getToken') + ->willReturn('MyToken'); + + $this->assertSame(false, $this->csrfTokenManager->isTokenValid($token)); + } + + public function testIsTokenValidWithValidToken(): void { + $a = 'abc'; + $b = 'def'; + $xorB64 = 'BQcF'; + $tokenVal = sprintf('%s:%s', $xorB64, base64_encode($a)); + $this->storageInterface + ->expects($this->once()) + ->method('hasToken') + ->willReturn(true); + $token = new CsrfToken($tokenVal); + $this->storageInterface + ->expects($this->once()) + ->method('getToken') + ->willReturn($b); + + $this->assertSame(true, $this->csrfTokenManager->isTokenValid($token)); + } +} diff --git a/tests/lib/Security/CSRF/CsrfTokenTest.php b/tests/lib/Security/CSRF/CsrfTokenTest.php new file mode 100644 index 00000000000..5b5ba5ae54f --- /dev/null +++ b/tests/lib/Security/CSRF/CsrfTokenTest.php @@ -0,0 +1,37 @@ +<?php + +declare(strict_types=1); + +/** + * SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors + * SPDX-FileCopyrightText: 2016 ownCloud, Inc. + * SPDX-License-Identifier: AGPL-3.0-only + */ + +namespace Test\Security\CSRF; + +use OC\Security\CSRF\CsrfToken; + +class CsrfTokenTest extends \Test\TestCase { + public function testGetEncryptedValue(): void { + $csrfToken = new CsrfToken('MyCsrfToken'); + $this->assertSame(33, strlen($csrfToken->getEncryptedValue())); + $this->assertSame(':', $csrfToken->getEncryptedValue()[16]); + } + + public function testGetEncryptedValueStaysSameOnSecondRequest(): void { + $csrfToken = new CsrfToken('MyCsrfToken'); + $tokenValue = $csrfToken->getEncryptedValue(); + $this->assertSame($tokenValue, $csrfToken->getEncryptedValue()); + $this->assertSame($tokenValue, $csrfToken->getEncryptedValue()); + } + + public function testGetDecryptedValue(): void { + $a = 'abc'; + $b = 'def'; + $xorB64 = 'BQcF'; + $tokenVal = sprintf('%s:%s', $xorB64, base64_encode($a)); + $csrfToken = new CsrfToken($tokenVal); + $this->assertSame($b, $csrfToken->getDecryptedValue()); + } +} diff --git a/tests/lib/Security/CSRF/TokenStorage/SessionStorageTest.php b/tests/lib/Security/CSRF/TokenStorage/SessionStorageTest.php new file mode 100644 index 00000000000..2b2c4af0444 --- /dev/null +++ b/tests/lib/Security/CSRF/TokenStorage/SessionStorageTest.php @@ -0,0 +1,113 @@ +<?php + +declare(strict_types=1); + +/** + * SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors + * SPDX-FileCopyrightText: 2016 ownCloud, Inc. + * SPDX-License-Identifier: AGPL-3.0-only + */ + +namespace Test\Security\CSRF\TokenStorage; + +use OC\Security\CSRF\TokenStorage\SessionStorage; +use OCP\ISession; + +class SessionStorageTest extends \Test\TestCase { + /** @var ISession */ + private $session; + /** @var \OC\Security\CSRF\TokenStorage\SessionStorage */ + private $sessionStorage; + + protected function setUp(): void { + parent::setUp(); + $this->session = $this->getMockBuilder(ISession::class) + ->disableOriginalConstructor()->getMock(); + $this->sessionStorage = new SessionStorage($this->session); + } + + /** + * @return array + */ + public static function getTokenDataProvider(): array { + return [ + [ + '', + ], + [ + null, + ], + ]; + } + + /** + * @param string $token + * + */ + #[\PHPUnit\Framework\Attributes\DataProvider('getTokenDataProvider')] + public function testGetTokenWithEmptyToken($token): void { + $this->expectException(\Exception::class); + $this->expectExceptionMessage('Session does not contain a requesttoken'); + + $this->session + ->expects($this->once()) + ->method('get') + ->with('requesttoken') + ->willReturn($token); + $this->sessionStorage->getToken(); + } + + public function testGetTokenWithValidToken(): void { + $this->session + ->expects($this->once()) + ->method('get') + ->with('requesttoken') + ->willReturn('MyFancyCsrfToken'); + $this->assertSame('MyFancyCsrfToken', $this->sessionStorage->getToken()); + } + + public function testSetToken(): void { + $this->session + ->expects($this->once()) + ->method('set') + ->with('requesttoken', 'TokenToSet'); + $this->sessionStorage->setToken('TokenToSet'); + } + + public function testRemoveToken(): void { + $this->session + ->expects($this->once()) + ->method('remove') + ->with('requesttoken'); + $this->sessionStorage->removeToken(); + } + + public function testHasTokenWithExistingToken(): void { + $this->session + ->expects($this->once()) + ->method('exists') + ->with('requesttoken') + ->willReturn(true); + $this->assertSame(true, $this->sessionStorage->hasToken()); + } + + public function testHasTokenWithoutExistingToken(): void { + $this->session + ->expects($this->once()) + ->method('exists') + ->with('requesttoken') + ->willReturn(false); + $this->assertSame(false, $this->sessionStorage->hasToken()); + } + + public function testSetSession(): void { + $session = $this->createMock(ISession::class); + $session + ->expects($this->once()) + ->method('get') + ->with('requesttoken') + ->willReturn('MyToken'); + $this->sessionStorage->setSession($session); + $this->assertSame('MyToken', $this->sessionStorage->getToken()); + } +} |