diff options
Diffstat (limited to 'tests/lib/User/SessionTest.php')
-rw-r--r-- | tests/lib/User/SessionTest.php | 420 |
1 files changed, 0 insertions, 420 deletions
diff --git a/tests/lib/User/SessionTest.php b/tests/lib/User/SessionTest.php index 334c3d9065f..bed83cf0e31 100644 --- a/tests/lib/User/SessionTest.php +++ b/tests/lib/User/SessionTest.php @@ -9,8 +9,6 @@ namespace Test\User; use OC\AppFramework\Http\Request; -use OC\Authentication\Token\DefaultTokenMapper; -use OC\Authentication\Token\DefaultTokenProvider; use OC\Authentication\Token\IProvider; use OC\Authentication\Token\IToken; use OC\Security\Bruteforce\Throttler; @@ -42,8 +40,6 @@ use Symfony\Component\EventDispatcher\EventDispatcherInterface; class SessionTest extends \Test\TestCase { /** @var ITimeFactory|MockObject */ private $timeFactory; - /** @var DefaultTokenProvider|MockObject */ - protected $tokenProvider; /** @var IConfig|MockObject */ private $config; /** @var Throttler|MockObject */ @@ -99,63 +95,6 @@ class SessionTest extends \Test\TestCase { \OC_User::setIncognitoMode(false); } - public function testGetUser() { - $token = new \OC\Authentication\Token\DefaultToken(); - $token->setLoginName('User123'); - $token->setLastCheck(200); - - $expectedUser = $this->createMock(IUser::class); - $expectedUser->expects($this->any()) - ->method('getUID') - ->willReturn('user123'); - $session = $this->getMockBuilder(Memory::class)->setConstructorArgs([''])->getMock(); - $session->expects($this->at(0)) - ->method('get') - ->with('user_id') - ->willReturn($expectedUser->getUID()); - $sessionId = 'abcdef12345'; - - $manager = $this->getMockBuilder('\OC\User\Manager') - ->disableOriginalConstructor() - ->getMock(); - $session->expects($this->at(1)) - ->method('get') - ->with('app_password') - ->willReturn(null); // No password set -> browser session - $session->expects($this->once()) - ->method('getId') - ->willReturn($sessionId); - $this->tokenProvider->expects($this->once()) - ->method('getToken') - ->with($sessionId) - ->willReturn($token); - $this->tokenProvider->expects($this->once()) - ->method('getPassword') - ->with($token, $sessionId) - ->willReturn('passme'); - $manager->expects($this->once()) - ->method('checkPassword') - ->with('User123', 'passme') - ->willReturn(true); - $expectedUser->expects($this->once()) - ->method('isEnabled') - ->willReturn(true); - - $this->tokenProvider->expects($this->once()) - ->method('updateTokenActivity') - ->with($token); - - $manager->expects($this->once()) - ->method('get') - ->with($expectedUser->getUID()) - ->willReturn($expectedUser); - - $userSession = new \OC\User\Session($manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random, $this->lockdownManager, $this->logger, $this->dispatcher); - $user = $userSession->getUser(); - $this->assertSame($expectedUser, $user); - $this->assertSame(10000, $token->getLastCheck()); - } - public function isLoggedInData() { return [ [true], @@ -390,36 +329,6 @@ class SessionTest extends \Test\TestCase { $userSession->login('foo', 'bar'); } - /** - * When using a device token, the loginname must match the one that was used - * when generating the token on the browser. - */ - public function testLoginWithDifferentTokenLoginName() { - $session = $this->getMockBuilder(Memory::class)->setConstructorArgs([''])->getMock(); - $manager = $this->createMock(Manager::class); - $userSession = new \OC\User\Session($manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random, $this->lockdownManager, $this->logger, $this->dispatcher); - $username = 'user123'; - $token = new \OC\Authentication\Token\DefaultToken(); - $token->setLoginName($username); - - $session->expects($this->never()) - ->method('set'); - $session->expects($this->once()) - ->method('regenerateId'); - $this->tokenProvider->expects($this->once()) - ->method('getToken') - ->with('bar') - ->willReturn($token); - - $manager->expects($this->once()) - ->method('checkPasswordNoLogging') - ->with('foo', 'bar') - ->willReturn(false); - - $userSession->login('foo', 'bar'); - } - - public function testLogClientInNoTokenPasswordWith2fa() { $this->expectException(\OC\Authentication\Exceptions\PasswordLoginForbiddenException::class); @@ -1008,335 +917,6 @@ class SessionTest extends \Test\TestCase { $this->assertFalse($userSession->createSessionToken($request, $uid, $loginName, $password)); } - - public function testTryTokenLoginWithDisabledUser() { - $this->expectException(\OC\User\LoginException::class); - - $manager = $this->getMockBuilder('\OC\User\Manager') - ->disableOriginalConstructor() - ->getMock(); - $session = new Memory(''); - $token = new \OC\Authentication\Token\DefaultToken(); - $token->setLoginName('fritz'); - $token->setUid('fritz0'); - $token->setLastCheck(100); // Needs check - $user = $this->createMock(IUser::class); - $userSession = $this->getMockBuilder(Session::class) - ->setMethods(['logout']) - ->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random, $this->lockdownManager, $this->logger, $this->dispatcher]) - ->getMock(); - $request = $this->createMock(IRequest::class); - - $request->expects($this->once()) - ->method('getHeader') - ->with('Authorization') - ->willReturn('Bearer xxxxx'); - $this->tokenProvider->expects($this->once()) - ->method('getToken') - ->with('xxxxx') - ->willReturn($token); - $manager->expects($this->once()) - ->method('get') - ->with('fritz0') - ->willReturn($user); - $user->expects($this->once()) - ->method('isEnabled') - ->willReturn(false); - - $userSession->tryTokenLogin($request); - } - - public function testValidateSessionDisabledUser() { - $userManager = $this->createMock(Manager::class); - $session = $this->createMock(ISession::class); - $timeFactory = $this->createMock(ITimeFactory::class); - $tokenProvider = $this->createMock(IProvider::class); - $userSession = $this->getMockBuilder(Session::class) - ->setConstructorArgs([$userManager, $session, $timeFactory, $tokenProvider, $this->config, $this->random, $this->lockdownManager, $this->logger, $this->dispatcher]) - ->setMethods(['logout']) - ->getMock(); - - $user = $this->createMock(IUser::class); - $token = new \OC\Authentication\Token\DefaultToken(); - $token->setLoginName('susan'); - $token->setLastCheck(20); - - $session->expects($this->once()) - ->method('get') - ->with('app_password') - ->willReturn('APP-PASSWORD'); - $tokenProvider->expects($this->once()) - ->method('getToken') - ->with('APP-PASSWORD') - ->willReturn($token); - $timeFactory->expects($this->once()) - ->method('getTime') - ->willReturn(1000); // more than 5min since last check - $tokenProvider->expects($this->once()) - ->method('getPassword') - ->with($token, 'APP-PASSWORD') - ->willReturn('123456'); - $userManager->expects($this->never()) - ->method('checkPassword'); - $user->expects($this->once()) - ->method('isEnabled') - ->willReturn(false); - $tokenProvider->expects($this->once()) - ->method('invalidateToken') - ->with('APP-PASSWORD'); - $userSession->expects($this->once()) - ->method('logout'); - - $userSession->setUser($user); - $this->invokePrivate($userSession, 'validateSession'); - } - - public function testValidateSessionNoPassword() { - $userManager = $this->createMock(Manager::class); - $session = $this->createMock(ISession::class); - $timeFactory = $this->createMock(ITimeFactory::class); - $tokenProvider = $this->createMock(IProvider::class); - $userSession = $this->getMockBuilder(Session::class) - ->setConstructorArgs([$userManager, $session, $timeFactory, $tokenProvider, $this->config, $this->random, $this->lockdownManager, $this->logger, $this->dispatcher]) - ->setMethods(['logout']) - ->getMock(); - - $user = $this->createMock(IUser::class); - $token = new \OC\Authentication\Token\DefaultToken(); - $token->setLastCheck(20); - - $session->expects($this->once()) - ->method('get') - ->with('app_password') - ->willReturn('APP-PASSWORD'); - $tokenProvider->expects($this->once()) - ->method('getToken') - ->with('APP-PASSWORD') - ->willReturn($token); - $timeFactory->expects($this->once()) - ->method('getTime') - ->willReturn(1000); // more than 5min since last check - $tokenProvider->expects($this->once()) - ->method('getPassword') - ->with($token, 'APP-PASSWORD') - ->will($this->throwException(new \OC\Authentication\Exceptions\PasswordlessTokenException())); - - $this->invokePrivate($userSession, 'validateSession', [$user]); - - $this->assertEquals(1000, $token->getLastCheck()); - } - - public function testValidateSessionInvalidPassword() { - $userManager = $this->createMock(Manager::class); - $session = $this->createMock(ISession::class); - $timeFactory = $this->createMock(ITimeFactory::class); - $tokenProvider = $this->createMock(IProvider::class); - $userSession = $this->getMockBuilder(Session::class) - ->setConstructorArgs([$userManager, $session, $timeFactory, $tokenProvider, $this->config, $this->random, $this->lockdownManager, $this->logger, $this->dispatcher]) - ->setMethods(['logout']) - ->getMock(); - - $user = $this->createMock(IUser::class); - $token = new \OC\Authentication\Token\DefaultToken(); - $token->setLoginName('susan'); - $token->setLastCheck(20); - - $session->expects($this->once()) - ->method('get') - ->with('app_password') - ->willReturn('APP-PASSWORD'); - $tokenProvider->expects($this->once()) - ->method('getToken') - ->with('APP-PASSWORD') - ->willReturn($token); - $timeFactory->expects($this->once()) - ->method('getTime') - ->willReturn(1000); // more than 5min since last check - $tokenProvider->expects($this->once()) - ->method('getPassword') - ->with($token, 'APP-PASSWORD') - ->willReturn('123456'); - $userManager->expects($this->once()) - ->method('checkPassword') - ->with('susan', '123456') - ->willReturn(false); - $user->expects($this->once()) - ->method('isEnabled') - ->willReturn(true); - $tokenProvider->expects($this->never()) - ->method('invalidateToken'); - $tokenProvider->expects($this->once()) - ->method('markPasswordInvalid') - ->with($token, 'APP-PASSWORD'); - $userSession->expects($this->once()) - ->method('logout'); - - $userSession->setUser($user); - $this->invokePrivate($userSession, 'validateSession'); - } - - public function testUpdateSessionTokenPassword() { - $userManager = $this->createMock(Manager::class); - $session = $this->createMock(ISession::class); - $timeFactory = $this->createMock(ITimeFactory::class); - $tokenProvider = $this->createMock(IProvider::class); - $userSession = new \OC\User\Session($userManager, $session, $timeFactory, $tokenProvider, $this->config, $this->random, $this->lockdownManager, $this->logger, $this->dispatcher); - - $password = '123456'; - $sessionId = 'session1234'; - $token = new \OC\Authentication\Token\DefaultToken(); - - $session->expects($this->once()) - ->method('getId') - ->willReturn($sessionId); - $tokenProvider->expects($this->once()) - ->method('getToken') - ->with($sessionId) - ->willReturn($token); - $tokenProvider->expects($this->once()) - ->method('setPassword') - ->with($token, $sessionId, $password); - - $userSession->updateSessionTokenPassword($password); - } - - public function testUpdateSessionTokenPasswordNoSessionAvailable() { - $userManager = $this->createMock(Manager::class); - $session = $this->createMock(ISession::class); - $timeFactory = $this->createMock(ITimeFactory::class); - $tokenProvider = $this->createMock(IProvider::class); - $userSession = new \OC\User\Session($userManager, $session, $timeFactory, $tokenProvider, $this->config, $this->random, $this->lockdownManager, $this->logger, $this->dispatcher); - - $session->expects($this->once()) - ->method('getId') - ->will($this->throwException(new \OCP\Session\Exceptions\SessionNotAvailableException())); - - $userSession->updateSessionTokenPassword('1234'); - } - - public function testUpdateSessionTokenPasswordInvalidTokenException() { - $userManager = $this->createMock(Manager::class); - $session = $this->createMock(ISession::class); - $timeFactory = $this->createMock(ITimeFactory::class); - $tokenProvider = $this->createMock(IProvider::class); - $userSession = new \OC\User\Session($userManager, $session, $timeFactory, $tokenProvider, $this->config, $this->random, $this->lockdownManager, $this->logger, $this->dispatcher); - - $password = '123456'; - $sessionId = 'session1234'; - $token = new \OC\Authentication\Token\DefaultToken(); - - $session->expects($this->once()) - ->method('getId') - ->willReturn($sessionId); - $tokenProvider->expects($this->once()) - ->method('getToken') - ->with($sessionId) - ->willReturn($token); - $tokenProvider->expects($this->once()) - ->method('setPassword') - ->with($token, $sessionId, $password) - ->will($this->throwException(new \OC\Authentication\Exceptions\InvalidTokenException())); - - $userSession->updateSessionTokenPassword($password); - } - - public function testUpdateAuthTokenLastCheck() { - $manager = $this->createMock(Manager::class); - $session = $this->createMock(ISession::class); - $request = $this->createMock(IRequest::class); - - $token = new \OC\Authentication\Token\DefaultToken(); - $token->setUid('john'); - $token->setLoginName('john'); - $token->setLastActivity(100); - $token->setLastCheck(100); - - $mapper = $this->getMockBuilder(DefaultTokenMapper::class) - ->disableOriginalConstructor() - ->getMock(); - $crypto = $this->createMock(ICrypto::class); - $logger = $this->createMock(LoggerInterface::class); - $tokenProvider = new DefaultTokenProvider($mapper, $crypto, $this->config, $logger, $this->timeFactory); - - /** @var \OC\User\Session $userSession */ - $userSession = new Session($manager, $session, $this->timeFactory, $tokenProvider, $this->config, $this->random, $this->lockdownManager, $this->logger, $this->dispatcher); - - $mapper->expects($this->any()) - ->method('getToken') - ->willReturn($token); - $mapper->expects($this->exactly(2)) - ->method('update'); - $request - ->expects($this->any()) - ->method('getRemoteAddress') - ->willReturn('192.168.0.1'); - $this->throttler - ->expects($this->once()) - ->method('sleepDelay') - ->with('192.168.0.1') - ->willReturn(5); - $this->timeFactory - ->expects($this->any()) - ->method('getTime') - ->willReturn(100); - - $manager->method('getByEmail') - ->with('john') - ->willReturn([]); - - $userSession->logClientIn('john', 'doe', $request, $this->throttler); - - $this->assertEquals(10000, $token->getLastActivity()); - $this->assertEquals(10000, $token->getLastCheck()); - } - - public function testNoUpdateAuthTokenLastCheckRecent() { - $manager = $this->createMock(Manager::class); - $session = $this->createMock(ISession::class); - $request = $this->createMock(IRequest::class); - - $token = new \OC\Authentication\Token\DefaultToken(); - $token->setUid('john'); - $token->setLoginName('john'); - $token->setLastActivity(10000); - $token->setLastCheck(100); - - $mapper = $this->getMockBuilder(DefaultTokenMapper::class) - ->disableOriginalConstructor() - ->getMock(); - $crypto = $this->createMock(ICrypto::class); - $logger = $this->createMock(LoggerInterface::class); - $tokenProvider = new DefaultTokenProvider($mapper, $crypto, $this->config, $logger, $this->timeFactory); - - /** @var \OC\User\Session $userSession */ - $userSession = new Session($manager, $session, $this->timeFactory, $tokenProvider, $this->config, $this->random, $this->lockdownManager, $this->logger, $this->dispatcher); - - $mapper->expects($this->any()) - ->method('getToken') - ->willReturn($token); - $mapper->expects($this->once()) - ->method('update'); - $request - ->expects($this->any()) - ->method('getRemoteAddress') - ->willReturn('192.168.0.1'); - $this->throttler - ->expects($this->once()) - ->method('sleepDelay') - ->with('192.168.0.1') - ->willReturn(5); - $this->timeFactory - ->expects($this->any()) - ->method('getTime') - ->willReturn(100); - - $manager->method('getByEmail') - ->with('john') - ->willReturn([]); - - $userSession->logClientIn('john', 'doe', $request, $this->throttler); - } - public function testCreateRememberMeToken() { $user = $this->createMock(IUser::class); $user |