aboutsummaryrefslogtreecommitdiffstats
path: root/tests/lib/User/SessionTest.php
diff options
context:
space:
mode:
Diffstat (limited to 'tests/lib/User/SessionTest.php')
-rw-r--r--tests/lib/User/SessionTest.php127
1 files changed, 83 insertions, 44 deletions
diff --git a/tests/lib/User/SessionTest.php b/tests/lib/User/SessionTest.php
index b3f040d71ec..50c449559a0 100644
--- a/tests/lib/User/SessionTest.php
+++ b/tests/lib/User/SessionTest.php
@@ -1,4 +1,5 @@
<?php
+
/**
* SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors
* SPDX-FileCopyrightText: 2016 ownCloud, Inc.
@@ -34,6 +35,7 @@ use OCP\Lockdown\ILockdownManager;
use OCP\Security\Bruteforce\IThrottler;
use OCP\Security\ISecureRandom;
use OCP\User\Events\PostLoginEvent;
+use PHPUnit\Framework\ExpectationFailedException;
use PHPUnit\Framework\MockObject\MockObject;
use Psr\Log\LoggerInterface;
use function array_diff;
@@ -95,7 +97,7 @@ class SessionTest extends \Test\TestCase {
$this->logger,
$this->dispatcher
])
- ->setMethods([
+ ->onlyMethods([
'setMagicInCookie',
])
->getMock();
@@ -103,16 +105,14 @@ class SessionTest extends \Test\TestCase {
\OC_User::setIncognitoMode(false);
}
- public function isLoggedInData() {
+ public static function isLoggedInData(): array {
return [
[true],
[false],
];
}
- /**
- * @dataProvider isLoggedInData
- */
+ #[\PHPUnit\Framework\Attributes\DataProvider('isLoggedInData')]
public function testIsLoggedIn($isLoggedIn): void {
$session = $this->createMock(Memory::class);
@@ -120,7 +120,7 @@ class SessionTest extends \Test\TestCase {
$userSession = $this->getMockBuilder(Session::class)
->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random, $this->lockdownManager, $this->logger, $this->dispatcher])
- ->setMethods([
+ ->onlyMethods([
'getUser'
])
->getMock();
@@ -157,7 +157,7 @@ class SessionTest extends \Test\TestCase {
$this->tokenProvider->expects($this->once())
->method('getToken')
->with('bar')
- ->will($this->throwException(new InvalidTokenException()));
+ ->willThrowException(new InvalidTokenException());
$session->expects($this->exactly(2))
->method('set')
->with($this->callback(function ($key) {
@@ -176,7 +176,7 @@ class SessionTest extends \Test\TestCase {
//keep following methods intact in order to ensure hooks are working
$mockedManagerMethods = array_diff($managerMethods, ['__construct', 'emit', 'listen']);
$manager = $this->getMockBuilder(Manager::class)
- ->setMethods($mockedManagerMethods)
+ ->onlyMethods($mockedManagerMethods)
->setConstructorArgs([
$this->config,
$this->createMock(ICacheFactory::class),
@@ -204,7 +204,7 @@ class SessionTest extends \Test\TestCase {
$userSession = $this->getMockBuilder(Session::class)
->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random, $this->lockdownManager, $this->logger, $this->dispatcher])
- ->setMethods([
+ ->onlyMethods([
'prepareUserLogin'
])
->getMock();
@@ -215,9 +215,9 @@ class SessionTest extends \Test\TestCase {
->method('dispatchTyped')
->with(
$this->callback(function (PostLoginEvent $e) {
- return $e->getUser()->getUID() === 'foo' &&
- $e->getPassword() === 'bar' &&
- $e->isTokenLogin() === false;
+ return $e->getUser()->getUID() === 'foo'
+ && $e->getPassword() === 'bar'
+ && $e->isTokenLogin() === false;
})
);
@@ -237,13 +237,13 @@ class SessionTest extends \Test\TestCase {
$this->tokenProvider->expects($this->once())
->method('getToken')
->with('bar')
- ->will($this->throwException(new InvalidTokenException()));
+ ->willThrowException(new InvalidTokenException());
$managerMethods = get_class_methods(Manager::class);
//keep following methods intact in order to ensure hooks are working
$mockedManagerMethods = array_diff($managerMethods, ['__construct', 'emit', 'listen']);
$manager = $this->getMockBuilder(Manager::class)
- ->setMethods($mockedManagerMethods)
+ ->onlyMethods($mockedManagerMethods)
->setConstructorArgs([
$this->config,
$this->createMock(ICacheFactory::class),
@@ -277,7 +277,7 @@ class SessionTest extends \Test\TestCase {
//keep following methods intact in order to ensure hooks are working
$mockedManagerMethods = array_diff($managerMethods, ['__construct', 'emit', 'listen']);
$manager = $this->getMockBuilder(Manager::class)
- ->setMethods($mockedManagerMethods)
+ ->onlyMethods($mockedManagerMethods)
->setConstructorArgs([
$this->config,
$this->createMock(ICacheFactory::class),
@@ -297,7 +297,7 @@ class SessionTest extends \Test\TestCase {
$this->tokenProvider->expects($this->once())
->method('getToken')
->with('bar')
- ->will($this->throwException(new InvalidTokenException()));
+ ->willThrowException(new InvalidTokenException());
$user->expects($this->never())
->method('isEnabled');
@@ -321,7 +321,7 @@ class SessionTest extends \Test\TestCase {
// Keep following methods intact in order to ensure hooks are working
$mockedManagerMethods = array_diff($managerMethods, ['__construct', 'emit', 'listen']);
$manager = $this->getMockBuilder(Manager::class)
- ->setMethods($mockedManagerMethods)
+ ->onlyMethods($mockedManagerMethods)
->setConstructorArgs([
$this->config,
$this->createMock(ICacheFactory::class),
@@ -359,7 +359,7 @@ class SessionTest extends \Test\TestCase {
// Keep following methods intact in order to ensure hooks are working
$mockedManagerMethods = array_diff($managerMethods, ['__construct', 'emit', 'listen']);
$manager = $this->getMockBuilder(Manager::class)
- ->setMethods($mockedManagerMethods)
+ ->onlyMethods($mockedManagerMethods)
->setConstructorArgs([
$this->config,
$this->createMock(ICacheFactory::class),
@@ -403,7 +403,7 @@ class SessionTest extends \Test\TestCase {
$this->tokenProvider->expects($this->once())
->method('getToken')
->with('bar')
- ->will($this->throwException(new InvalidTokenException()));
+ ->willThrowException(new InvalidTokenException());
$manager->expects($this->once())
->method('checkPasswordNoLogging')
@@ -423,13 +423,13 @@ class SessionTest extends \Test\TestCase {
/** @var Session $userSession */
$userSession = $this->getMockBuilder(Session::class)
->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random, $this->lockdownManager, $this->logger, $this->dispatcher])
- ->setMethods(['login', 'supportsCookies', 'createSessionToken', 'getUser'])
+ ->onlyMethods(['login', 'supportsCookies', 'createSessionToken', 'getUser'])
->getMock();
$this->tokenProvider->expects($this->once())
->method('getToken')
->with('doe')
- ->will($this->throwException(new InvalidTokenException()));
+ ->willThrowException(new InvalidTokenException());
$this->config->expects($this->once())
->method('getSystemValueBool')
->with('token_auth_enforced', false)
@@ -459,13 +459,13 @@ class SessionTest extends \Test\TestCase {
/** @var Session $userSession */
$userSession = $this->getMockBuilder(Session::class)
->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random, $this->lockdownManager, $this->logger, $this->dispatcher])
- ->setMethods(['login', 'supportsCookies', 'createSessionToken', 'getUser'])
+ ->onlyMethods(['login', 'supportsCookies', 'createSessionToken', 'getUser'])
->getMock();
$this->tokenProvider->expects($this->once())
->method('getToken')
->with('doe')
- ->will($this->throwException(new InvalidTokenException()));
+ ->willThrowException(new InvalidTokenException());
$this->config->expects($this->once())
->method('getSystemValueBool')
->with('token_auth_enforced', false)
@@ -485,7 +485,7 @@ class SessionTest extends \Test\TestCase {
/** @var Session $userSession */
$userSession = $this->getMockBuilder(Session::class)
->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random, $this->lockdownManager, $this->logger, $this->dispatcher])
- ->setMethods(['isTokenPassword', 'login', 'supportsCookies', 'createSessionToken', 'getUser'])
+ ->onlyMethods(['isTokenPassword', 'login', 'supportsCookies', 'createSessionToken', 'getUser'])
->getMock();
$userSession->expects($this->once())
@@ -527,13 +527,13 @@ class SessionTest extends \Test\TestCase {
/** @var Session $userSession */
$userSession = $this->getMockBuilder(Session::class)
->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random, $this->lockdownManager, $this->logger, $this->dispatcher])
- ->setMethods(['login', 'isTwoFactorEnforced'])
+ ->onlyMethods(['login', 'isTwoFactorEnforced'])
->getMock();
$this->tokenProvider->expects($this->once())
->method('getToken')
->with('doe')
- ->will($this->throwException(new InvalidTokenException()));
+ ->willThrowException(new InvalidTokenException());
$this->config->expects($this->once())
->method('getSystemValueBool')
->with('token_auth_enforced', false)
@@ -611,13 +611,52 @@ class SessionTest extends \Test\TestCase {
self::assertFalse($loginResult);
}
+ public function testTryTokenLoginNotAnAppPassword(): void {
+ $request = $this->createMock(IRequest::class);
+ $this->config->expects(self::once())
+ ->method('getSystemValueString')
+ ->with('instanceid')
+ ->willReturn('abc123');
+ $request->method('getHeader')->with('Authorization')->willReturn('');
+ $request->method('getCookie')->with('abc123')->willReturn('abcde12345');
+ $this->session->expects(self::once())
+ ->method('getId')
+ ->willReturn('abcde12345');
+ $dbToken = new PublicKeyToken();
+ $dbToken->setId(42);
+ $dbToken->setUid('johnny');
+ $dbToken->setLoginName('johnny');
+ $dbToken->setLastCheck(0);
+ $dbToken->setType(IToken::TEMPORARY_TOKEN);
+ $dbToken->setRemember(IToken::REMEMBER);
+ $this->tokenProvider->expects(self::any())
+ ->method('getToken')
+ ->with('abcde12345')
+ ->willReturn($dbToken);
+ $this->session->method('set')
+ ->willReturnCallback(function ($key, $value): void {
+ if ($key === 'app_password') {
+ throw new ExpectationFailedException('app_password should not be set in session');
+ }
+ });
+ $user = $this->createMock(IUser::class);
+ $user->method('isEnabled')->willReturn(true);
+ $this->manager->method('get')
+ ->with('johnny')
+ ->willReturn($user);
+
+ $loginResult = $this->userSession->tryTokenLogin($request);
+
+ self::assertTrue($loginResult);
+ }
+
public function testRememberLoginValidToken(): void {
$session = $this->createMock(Memory::class);
$managerMethods = get_class_methods(Manager::class);
//keep following methods intact in order to ensure hooks are working
$mockedManagerMethods = array_diff($managerMethods, ['__construct', 'emit', 'listen']);
$manager = $this->getMockBuilder(Manager::class)
- ->setMethods($mockedManagerMethods)
+ ->onlyMethods($mockedManagerMethods)
->setConstructorArgs([
$this->config,
$this->createMock(ICacheFactory::class),
@@ -627,7 +666,7 @@ class SessionTest extends \Test\TestCase {
->getMock();
$userSession = $this->getMockBuilder(Session::class)
//override, otherwise tests will fail because of setcookie()
- ->setMethods(['setMagicInCookie', 'setLoginName'])
+ ->onlyMethods(['setMagicInCookie', 'setLoginName'])
->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random, $this->lockdownManager, $this->logger, $this->dispatcher])
->getMock();
@@ -685,7 +724,7 @@ class SessionTest extends \Test\TestCase {
$setUID = false;
$session
->method('set')
- ->willReturnCallback(function ($k, $v) use (&$setUID) {
+ ->willReturnCallback(function ($k, $v) use (&$setUID): void {
if ($k === 'user_id' && $v === 'foo') {
$setUID = true;
}
@@ -707,7 +746,7 @@ class SessionTest extends \Test\TestCase {
//keep following methods intact in order to ensure hooks are working
$mockedManagerMethods = array_diff($managerMethods, ['__construct', 'emit', 'listen']);
$manager = $this->getMockBuilder(Manager::class)
- ->setMethods($mockedManagerMethods)
+ ->onlyMethods($mockedManagerMethods)
->setConstructorArgs([
$this->config,
$this->createMock(ICacheFactory::class),
@@ -717,7 +756,7 @@ class SessionTest extends \Test\TestCase {
->getMock();
$userSession = $this->getMockBuilder(Session::class)
//override, otherwise tests will fail because of setcookie()
- ->setMethods(['setMagicInCookie'])
+ ->onlyMethods(['setMagicInCookie'])
->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random, $this->lockdownManager, $this->logger, $this->dispatcher])
->getMock();
@@ -748,7 +787,7 @@ class SessionTest extends \Test\TestCase {
$this->tokenProvider->expects($this->once())
->method('renewSessionToken')
->with($oldSessionId, $sessionId)
- ->will($this->throwException(new InvalidTokenException()));
+ ->willThrowException(new InvalidTokenException());
$user->expects($this->never())
->method('getUID')
@@ -772,7 +811,7 @@ class SessionTest extends \Test\TestCase {
//keep following methods intact in order to ensure hooks are working
$mockedManagerMethods = array_diff($managerMethods, ['__construct', 'emit', 'listen']);
$manager = $this->getMockBuilder(Manager::class)
- ->setMethods($mockedManagerMethods)
+ ->onlyMethods($mockedManagerMethods)
->setConstructorArgs([
$this->config,
$this->createMock(ICacheFactory::class),
@@ -782,7 +821,7 @@ class SessionTest extends \Test\TestCase {
->getMock();
$userSession = $this->getMockBuilder(Session::class)
//override, otherwise tests will fail because of setcookie()
- ->setMethods(['setMagicInCookie'])
+ ->onlyMethods(['setMagicInCookie'])
->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random, $this->lockdownManager, $this->logger, $this->dispatcher])
->getMock();
@@ -825,7 +864,7 @@ class SessionTest extends \Test\TestCase {
//keep following methods intact in order to ensure hooks are working
$mockedManagerMethods = array_diff($managerMethods, ['__construct', 'emit', 'listen']);
$manager = $this->getMockBuilder(Manager::class)
- ->setMethods($mockedManagerMethods)
+ ->onlyMethods($mockedManagerMethods)
->setConstructorArgs([
$this->config,
$this->createMock(ICacheFactory::class),
@@ -835,7 +874,7 @@ class SessionTest extends \Test\TestCase {
->getMock();
$userSession = $this->getMockBuilder(Session::class)
//override, otherwise tests will fail because of setcookie()
- ->setMethods(['setMagicInCookie'])
+ ->onlyMethods(['setMagicInCookie'])
->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random, $this->lockdownManager, $this->logger, $this->dispatcher])
->getMock();
$token = 'goodToken';
@@ -885,7 +924,7 @@ class SessionTest extends \Test\TestCase {
$session->set('user_id', 'foo');
$userSession = $this->getMockBuilder(Session::class)
->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random, $this->lockdownManager, $this->logger, $this->dispatcher])
- ->setMethods([
+ ->onlyMethods([
'validateSession'
])
->getMock();
@@ -932,7 +971,7 @@ class SessionTest extends \Test\TestCase {
$this->tokenProvider->expects($this->once())
->method('getToken')
->with($password)
- ->will($this->throwException(new InvalidTokenException()));
+ ->willThrowException(new InvalidTokenException());
$this->tokenProvider->expects($this->once())
->method('generateToken')
@@ -973,7 +1012,7 @@ class SessionTest extends \Test\TestCase {
$this->tokenProvider->expects($this->once())
->method('getToken')
->with($password)
- ->will($this->throwException(new InvalidTokenException()));
+ ->willThrowException(new InvalidTokenException());
$this->tokenProvider->expects($this->once())
->method('generateToken')
@@ -1090,7 +1129,7 @@ class SessionTest extends \Test\TestCase {
$this->session
->method('set')
- ->willReturnCallback(function ($k, $v) use (&$davAuthenticatedSet, &$lastPasswordConfirmSet) {
+ ->willReturnCallback(function ($k, $v) use (&$davAuthenticatedSet, &$lastPasswordConfirmSet): void {
switch ($k) {
case Auth::DAV_AUTHENTICATED:
$davAuthenticatedSet = $v;
@@ -1115,7 +1154,7 @@ class SessionTest extends \Test\TestCase {
$this->logger,
$this->dispatcher
])
- ->setMethods([
+ ->onlyMethods([
'logClientIn',
'getUser',
])
@@ -1167,7 +1206,7 @@ class SessionTest extends \Test\TestCase {
$this->logger,
$this->dispatcher
])
- ->setMethods([
+ ->onlyMethods([
'logClientIn',
])
->getMock();
@@ -1195,7 +1234,7 @@ class SessionTest extends \Test\TestCase {
/** @var Session $userSession */
$userSession = $this->getMockBuilder(Session::class)
->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random, $this->lockdownManager, $this->logger, $this->dispatcher])
- ->setMethods(['isTokenPassword', 'login', 'supportsCookies', 'createSessionToken', 'getUser'])
+ ->onlyMethods(['isTokenPassword', 'login', 'supportsCookies', 'createSessionToken', 'getUser'])
->getMock();
$userSession->expects($this->once())
@@ -1241,7 +1280,7 @@ class SessionTest extends \Test\TestCase {
/** @var Session $userSession */
$userSession = $this->getMockBuilder(Session::class)
->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random, $this->lockdownManager, $this->logger, $this->dispatcher])
- ->setMethods(['isTokenPassword', 'login', 'supportsCookies', 'createSessionToken', 'getUser'])
+ ->onlyMethods(['isTokenPassword', 'login', 'supportsCookies', 'createSessionToken', 'getUser'])
->getMock();
$userSession->expects($this->once())
generated by cgit v1.2.3 (git 2.39.1) at 2025-07-08 07:54:12 +0000