diff options
Diffstat (limited to 'tests/lib/security')
| -rw-r--r-- | tests/lib/security/certificate.php | 101 | ||||
| -rw-r--r-- | tests/lib/security/certificatemanager.php | 119 | ||||
| -rw-r--r-- | tests/lib/security/credentialsmanager.php | 102 | ||||
| -rw-r--r-- | tests/lib/security/crypto.php | 71 | ||||
| -rw-r--r-- | tests/lib/security/csp/ContentSecurityPolicyManagerTest.php | 66 | ||||
| -rw-r--r-- | tests/lib/security/csrf/CsrfTokenGeneratorTest.php | 54 | ||||
| -rw-r--r-- | tests/lib/security/csrf/CsrfTokenManagerTest.php | 134 | ||||
| -rw-r--r-- | tests/lib/security/csrf/CsrfTokenTest.php | 33 | ||||
| -rw-r--r-- | tests/lib/security/csrf/tokenstorage/SessionStorageTest.php | 107 | ||||
| -rw-r--r-- | tests/lib/security/hasher.php | 116 | ||||
| -rw-r--r-- | tests/lib/security/securerandom.php | 76 | ||||
| -rw-r--r-- | tests/lib/security/trusteddomainhelper.php | 80 |
12 files changed, 0 insertions, 1059 deletions
diff --git a/tests/lib/security/certificate.php b/tests/lib/security/certificate.php deleted file mode 100644 index 81d159ebd52..00000000000 --- a/tests/lib/security/certificate.php +++ /dev/null @@ -1,101 +0,0 @@ -<?php -/** - * @author Lukas Reschke <lukas@owncloud.com> - * - * @copyright Copyright (c) 2015, ownCloud, Inc. - * @license AGPL-3.0 - * - * This code is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License, version 3, - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License, version 3, - * along with this program. If not, see <http://www.gnu.org/licenses/> - * - */ - -use \OC\Security\Certificate; - -class CertificateTest extends \Test\TestCase { - - /** @var Certificate That contains a valid certificate */ - protected $goodCertificate; - /** @var Certificate That contains an invalid certificate */ - protected $invalidCertificate; - /** @var Certificate That contains an expired certificate */ - protected $expiredCertificate; - - protected function setUp() { - parent::setUp(); - - $goodCertificate = file_get_contents(__DIR__ . '/../../data/certificates/goodCertificate.crt'); - $this->goodCertificate = new Certificate($goodCertificate, 'GoodCertificate'); - $badCertificate = file_get_contents(__DIR__ . '/../../data/certificates/badCertificate.crt'); - $this->invalidCertificate = new Certificate($badCertificate, 'BadCertificate'); - $expiredCertificate = file_get_contents(__DIR__ . '/../../data/certificates/expiredCertificate.crt'); - $this->expiredCertificate = new Certificate($expiredCertificate, 'ExpiredCertificate'); - } - - /** - * @expectedException \Exception - * @expectedExceptionMessage Certificate could not get parsed. - */ - public function testBogusData() { - $certificate = new Certificate('foo', 'bar'); - $certificate->getIssueDate(); - } - - public function testGetName() { - $this->assertSame('GoodCertificate', $this->goodCertificate->getName()); - $this->assertSame('BadCertificate', $this->invalidCertificate->getName()); - } - - public function testGetCommonName() { - $this->assertSame('security.owncloud.com', $this->goodCertificate->getCommonName()); - $this->assertSame(null, $this->invalidCertificate->getCommonName()); - } - - public function testGetOrganization() { - $this->assertSame('ownCloud Security', $this->goodCertificate->getOrganization()); - $this->assertSame('Internet Widgits Pty Ltd', $this->invalidCertificate->getOrganization()); - } - - public function testGetIssueDate() { - $expected = new DateTime('2015-08-27 20:03:42 GMT'); - $this->assertEquals($expected->getTimestamp(), $this->goodCertificate->getIssueDate()->getTimestamp()); - $expected = new DateTime('2015-08-27 20:19:13 GMT'); - $this->assertEquals($expected->getTimestamp(), $this->invalidCertificate->getIssueDate()->getTimestamp()); - } - - public function testGetExpireDate() { - $expected = new DateTime('2025-08-24 20:03:42 GMT'); - $this->assertEquals($expected->getTimestamp(), $this->goodCertificate->getExpireDate()->getTimestamp()); - $expected = new DateTime('2025-08-24 20:19:13 GMT'); - $this->assertEquals($expected->getTimestamp(), $this->invalidCertificate->getExpireDate()->getTimestamp()); - $expected = new DateTime('2014-08-28 09:12:43 GMT'); - $this->assertEquals($expected->getTimestamp(), $this->expiredCertificate->getExpireDate()->getTimestamp()); - } - - public function testIsExpired() { - $this->assertSame(false, $this->goodCertificate->isExpired()); - $this->assertSame(false, $this->invalidCertificate->isExpired()); - $this->assertSame(true, $this->expiredCertificate->isExpired()); - } - - public function testGetIssuerName() { - $this->assertSame('security.owncloud.com', $this->goodCertificate->getIssuerName()); - $this->assertSame(null, $this->invalidCertificate->getIssuerName()); - $this->assertSame(null, $this->expiredCertificate->getIssuerName()); - } - - public function testGetIssuerOrganization() { - $this->assertSame('ownCloud Security', $this->goodCertificate->getIssuerOrganization()); - $this->assertSame('Internet Widgits Pty Ltd', $this->invalidCertificate->getIssuerOrganization()); - $this->assertSame('Internet Widgits Pty Ltd', $this->expiredCertificate->getIssuerOrganization()); - } -} diff --git a/tests/lib/security/certificatemanager.php b/tests/lib/security/certificatemanager.php deleted file mode 100644 index e9ccea39efe..00000000000 --- a/tests/lib/security/certificatemanager.php +++ /dev/null @@ -1,119 +0,0 @@ -<?php -/** - * Copyright (c) 2014 Lukas Reschke <lukas@owncloud.com> - * This file is licensed under the Affero General Public License version 3 or - * later. - * See the COPYING-README file. - */ - -use \OC\Security\CertificateManager; - -/** - * Class CertificateManagerTest - * - * @group DB - */ -class CertificateManagerTest extends \Test\TestCase { - use \Test\Traits\UserTrait; - use \Test\Traits\MountProviderTrait; - - /** @var CertificateManager */ - private $certificateManager; - /** @var String */ - private $username; - - protected function setUp() { - parent::setUp(); - - $this->username = $this->getUniqueID('', 20); - $this->createUser($this->username, ''); - - $storage = new \OC\Files\Storage\Temporary(); - $this->registerMount($this->username, $storage, '/' . $this->username . '/'); - - \OC_Util::tearDownFS(); - \OC_User::setUserId(''); - \OC\Files\Filesystem::tearDown(); - \OC_Util::setupFS($this->username); - - $config = $this->getMock('OCP\IConfig'); - $config->expects($this->any())->method('getSystemValue') - ->with('installed', false)->willReturn(true); - - $this->certificateManager = new CertificateManager($this->username, new \OC\Files\View(), $config); - } - - protected function tearDown() { - $user = \OC::$server->getUserManager()->get($this->username); - if ($user !== null) { - $user->delete(); - } - parent::tearDown(); - } - - protected function assertEqualsArrays($expected, $actual) { - sort($expected); - sort($actual); - - $this->assertEquals($expected, $actual); - } - - function testListCertificates() { - // Test empty certificate bundle - $this->assertSame(array(), $this->certificateManager->listCertificates()); - - // Add some certificates - $this->certificateManager->addCertificate(file_get_contents(__DIR__ . '/../../data/certificates/goodCertificate.crt'), 'GoodCertificate'); - $certificateStore = array(); - $certificateStore[] = new \OC\Security\Certificate(file_get_contents(__DIR__ . '/../../data/certificates/goodCertificate.crt'), 'GoodCertificate'); - $this->assertEqualsArrays($certificateStore, $this->certificateManager->listCertificates()); - - // Add another certificates - $this->certificateManager->addCertificate(file_get_contents(__DIR__ . '/../../data/certificates/expiredCertificate.crt'), 'ExpiredCertificate'); - $certificateStore[] = new \OC\Security\Certificate(file_get_contents(__DIR__ . '/../../data/certificates/expiredCertificate.crt'), 'ExpiredCertificate'); - $this->assertEqualsArrays($certificateStore, $this->certificateManager->listCertificates()); - } - - /** - * @expectedException \Exception - * @expectedExceptionMessage Certificate could not get parsed. - */ - function testAddInvalidCertificate() { - $this->certificateManager->addCertificate('InvalidCertificate', 'invalidCertificate'); - } - - /** - * @return array - */ - public function dangerousFileProvider() { - return [ - ['.htaccess'], - ['../../foo.txt'], - ['..\..\foo.txt'], - ]; - } - - /** - * @expectedException \Exception - * @expectedExceptionMessage Filename is not valid - * @dataProvider dangerousFileProvider - * @param string $filename - */ - function testAddDangerousFile($filename) { - $this->certificateManager->addCertificate(file_get_contents(__DIR__ . '/../../data/certificates/expiredCertificate.crt'), $filename); - } - - function testRemoveDangerousFile() { - $this->assertFalse($this->certificateManager->removeCertificate('../../foo.txt')); - } - - function testRemoveExistingFile() { - $this->certificateManager->addCertificate(file_get_contents(__DIR__ . '/../../data/certificates/goodCertificate.crt'), 'GoodCertificate'); - $this->assertTrue($this->certificateManager->removeCertificate('GoodCertificate')); - } - - function testGetCertificateBundle() { - $this->assertSame('/' . $this->username . '/files_external/rootcerts.crt', $this->certificateManager->getCertificateBundle()); - } - -} diff --git a/tests/lib/security/credentialsmanager.php b/tests/lib/security/credentialsmanager.php deleted file mode 100644 index 72f061e05bb..00000000000 --- a/tests/lib/security/credentialsmanager.php +++ /dev/null @@ -1,102 +0,0 @@ -<?php -/** - * @author Robin McCorkell <rmccorkell@owncloud.com> - * - * @copyright Copyright (c) 2015, ownCloud, Inc. - * @license AGPL-3.0 - * - * This code is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License, version 3, - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License, version 3, - * along with this program. If not, see <http://www.gnu.org/licenses/> - * - */ - -use \OCP\Security\ICrypto; -use \OCP\IDBConnection; -use \OC\Security\CredentialsManager; - -class CredentialsManagerTest extends \Test\TestCase { - - /** @var ICrypto */ - protected $crypto; - - /** @var IDBConnection */ - protected $dbConnection; - - /** @var CredentialsManager */ - protected $manager; - - protected function setUp() { - parent::setUp(); - $this->crypto = $this->getMock('\OCP\Security\ICrypto'); - $this->dbConnection = $this->getMockBuilder('\OC\DB\Connection') - ->disableOriginalConstructor() - ->getMock(); - $this->manager = new CredentialsManager($this->crypto, $this->dbConnection); - } - - private function getQeuryResult($row) { - $result = $this->getMockBuilder('\Doctrine\DBAL\Driver\Statement') - ->disableOriginalConstructor() - ->getMock(); - - $result->expects($this->any()) - ->method('fetch') - ->will($this->returnValue($row)); - - return $result; - } - - public function testStore() { - $userId = 'abc'; - $identifier = 'foo'; - $credentials = 'bar'; - - $this->crypto->expects($this->once()) - ->method('encrypt') - ->with(json_encode($credentials)) - ->willReturn('baz'); - - $this->dbConnection->expects($this->once()) - ->method('setValues') - ->with(CredentialsManager::DB_TABLE, - ['user' => $userId, 'identifier' => $identifier], - ['credentials' => 'baz'] - ); - - $this->manager->store($userId, $identifier, $credentials); - } - - public function testRetrieve() { - $userId = 'abc'; - $identifier = 'foo'; - - $this->crypto->expects($this->once()) - ->method('decrypt') - ->with('baz') - ->willReturn(json_encode('bar')); - - $qb = $this->getMockBuilder('\OC\DB\QueryBuilder\QueryBuilder') - ->setConstructorArgs([$this->dbConnection]) - ->setMethods(['execute']) - ->getMock(); - $qb->expects($this->once()) - ->method('execute') - ->willReturn($this->getQeuryResult(['credentials' => 'baz'])); - - $this->dbConnection->expects($this->once()) - ->method('getQueryBuilder') - ->willReturn($qb); - - $this->manager->retrieve($userId, $identifier); - } - -} diff --git a/tests/lib/security/crypto.php b/tests/lib/security/crypto.php deleted file mode 100644 index 1571cf89248..00000000000 --- a/tests/lib/security/crypto.php +++ /dev/null @@ -1,71 +0,0 @@ -<?php -/** - * Copyright (c) 2014 Lukas Reschke <lukas@owncloud.com> - * This file is licensed under the Affero General Public License version 3 or - * later. - * See the COPYING-README file. - */ - -use \OC\Security\Crypto; - -class CryptoTest extends \Test\TestCase { - - public function defaultEncryptionProvider() - { - return array( - array('Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt.'), - array(''), - array('我看这本书。 我看這本書') - ); - } - - /** @var Crypto */ - protected $crypto; - - protected function setUp() { - parent::setUp(); - $this->crypto = new Crypto(\OC::$server->getConfig(), \OC::$server->getSecureRandom()); - } - - /** - * @dataProvider defaultEncryptionProvider - */ - function testDefaultEncrypt($stringToEncrypt) { - $ciphertext = $this->crypto->encrypt($stringToEncrypt); - $this->assertEquals($stringToEncrypt, $this->crypto->decrypt($ciphertext)); - } - - /** - * @expectedException \Exception - * @expectedExceptionMessage HMAC does not match. - */ - function testWrongPassword() { - $stringToEncrypt = 'Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt.'; - $ciphertext = $this->crypto->encrypt($stringToEncrypt); - $this->crypto->decrypt($ciphertext, 'A wrong password!'); - } - - function testLaterDecryption() { - $stringToEncrypt = 'Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt.'; - $encryptedString = '44a35023cca2e7a6125e06c29fc4b2ad9d8a33d0873a8b45b0de4ef9284f260c6c46bf25dc62120644c59b8bafe4281ddc47a70c35ae6c29ef7a63d79eefacc297e60b13042ac582733598d0a6b4de37311556bb5c480fd2633de4e6ebafa868c2d1e2d80a5d24f9660360dba4d6e0c8|lhrFgK0zd9U160Wo|a75e57ab701f9124e1113543fd1dc596f21e20d456a0d1e813d5a8aaec9adcb11213788e96598b67fe9486a9f0b99642c18296d0175db44b1ae426e4e91080ee'; - $this->assertEquals($stringToEncrypt, $this->crypto->decrypt($encryptedString, 'ThisIsAVeryS3cur3P4ssw0rd')); - } - - /** - * @expectedException \Exception - * @expectedExceptionMessage HMAC does not match. - */ - function testWrongIV() { - $encryptedString = '560f5436ba864b9f12f7f7ca6d41c327554a6f2c0a160a03316b202af07c65163274993f3a46e7547c07ba89304f00594a2f3bd99f83859097c58049c39d0d4ade10e0de914ff0604961e7c849d0271ed6c0b23f984ba16e7d033e3305fb0910e7b6a2a65c988d17dbee71d8f953684d|d2kdFUspVjC0o0sr|1a5feacf87eaa6869a6abdfba9a296e7bbad45b6ad89f7dce67cdc98e2da5dc4379cc672cc655e52bbf19599bf59482fbea13a73937697fa656bf10f3fc4f1aa'; - $this->crypto->decrypt($encryptedString, 'ThisIsAVeryS3cur3P4ssw0rd'); - } - - /** - * @expectedException \Exception - * @expectedExceptionMessage Authenticated ciphertext could not be decoded. - */ - function testWrongParameters() { - $encryptedString = '1|2'; - $this->crypto->decrypt($encryptedString, 'ThisIsAVeryS3cur3P4ssw0rd'); - } -} diff --git a/tests/lib/security/csp/ContentSecurityPolicyManagerTest.php b/tests/lib/security/csp/ContentSecurityPolicyManagerTest.php deleted file mode 100644 index 975c35d3780..00000000000 --- a/tests/lib/security/csp/ContentSecurityPolicyManagerTest.php +++ /dev/null @@ -1,66 +0,0 @@ -<?php -/** - * @author Lukas Reschke <lukas@owncloud.com> - * - * @copyright Copyright (c) 2016, ownCloud, Inc. - * @license AGPL-3.0 - * - * This code is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License, version 3, - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License, version 3, - * along with this program. If not, see <http://www.gnu.org/licenses/> - * - */ - -use OC\Security\CSP\ContentSecurityPolicyManager; - -class ContentSecurityPolicyManagerTest extends \Test\TestCase { - /** @var ContentSecurityPolicyManager */ - private $contentSecurityPolicyManager; - - public function setUp() { - parent::setUp(); - $this->contentSecurityPolicyManager = new ContentSecurityPolicyManager(); - } - - public function testAddDefaultPolicy() { - $this->contentSecurityPolicyManager->addDefaultPolicy(new \OCP\AppFramework\Http\ContentSecurityPolicy()); - } - - public function testGetDefaultPolicyWithPolicies() { - $policy = new \OCP\AppFramework\Http\ContentSecurityPolicy(); - $policy->addAllowedFontDomain('mydomain.com'); - $policy->addAllowedImageDomain('anotherdomain.de'); - $this->contentSecurityPolicyManager->addDefaultPolicy($policy); - $policy = new \OCP\AppFramework\Http\ContentSecurityPolicy(); - $policy->addAllowedFontDomain('example.com'); - $policy->addAllowedImageDomain('example.org'); - $policy->allowInlineScript(true); - $this->contentSecurityPolicyManager->addDefaultPolicy($policy); - $policy = new \OCP\AppFramework\Http\EmptyContentSecurityPolicy(); - $policy->addAllowedChildSrcDomain('childdomain'); - $policy->addAllowedFontDomain('anotherFontDomain'); - $this->contentSecurityPolicyManager->addDefaultPolicy($policy); - - $expected = new \OC\Security\CSP\ContentSecurityPolicy(); - $expected->allowInlineScript(true); - $expected->addAllowedFontDomain('mydomain.com'); - $expected->addAllowedFontDomain('example.com'); - $expected->addAllowedFontDomain('anotherFontDomain'); - $expected->addAllowedImageDomain('anotherdomain.de'); - $expected->addAllowedImageDomain('example.org'); - $expected->addAllowedChildSrcDomain('childdomain'); - $expectedStringPolicy = 'default-src \'none\';script-src \'self\' \'unsafe-inline\' \'unsafe-eval\';style-src \'self\' \'unsafe-inline\';img-src \'self\' data: blob: anotherdomain.de example.org;font-src \'self\' mydomain.com example.com anotherFontDomain;connect-src \'self\';media-src \'self\';child-src childdomain'; - - $this->assertEquals($expected, $this->contentSecurityPolicyManager->getDefaultPolicy()); - $this->assertSame($expectedStringPolicy, $this->contentSecurityPolicyManager->getDefaultPolicy()->buildPolicy()); - } - -} diff --git a/tests/lib/security/csrf/CsrfTokenGeneratorTest.php b/tests/lib/security/csrf/CsrfTokenGeneratorTest.php deleted file mode 100644 index be7434f514f..00000000000 --- a/tests/lib/security/csrf/CsrfTokenGeneratorTest.php +++ /dev/null @@ -1,54 +0,0 @@ -<?php -/** - * @author Lukas Reschke <lukas@owncloud.com> - * - * @copyright Copyright (c) 2016, ownCloud, Inc. - * @license AGPL-3.0 - * - * This code is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License, version 3, - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License, version 3, - * along with this program. If not, see <http://www.gnu.org/licenses/> - * - */ - -class CsrfTokenGeneratorTest extends \Test\TestCase { - /** @var \OCP\Security\ISecureRandom */ - private $random; - /** @var \OC\Security\CSRF\CsrfTokenGenerator */ - private $csrfTokenGenerator; - - public function setUp() { - parent::setUp(); - $this->random = $this->getMockBuilder('\OCP\Security\ISecureRandom') - ->disableOriginalConstructor()->getMock(); - $this->csrfTokenGenerator = new \OC\Security\CSRF\CsrfTokenGenerator($this->random); - - } - - public function testGenerateTokenWithCustomNumber() { - $this->random - ->expects($this->once()) - ->method('generate') - ->with(3) - ->willReturn('abc'); - $this->assertSame('abc', $this->csrfTokenGenerator->generateToken(3)); - } - - public function testGenerateTokenWithDefault() { - $this->random - ->expects($this->once()) - ->method('generate') - ->with(32) - ->willReturn('12345678901234567890123456789012'); - $this->assertSame('12345678901234567890123456789012', $this->csrfTokenGenerator->generateToken(32)); - } -} - diff --git a/tests/lib/security/csrf/CsrfTokenManagerTest.php b/tests/lib/security/csrf/CsrfTokenManagerTest.php deleted file mode 100644 index 145fc03c51e..00000000000 --- a/tests/lib/security/csrf/CsrfTokenManagerTest.php +++ /dev/null @@ -1,134 +0,0 @@ -<?php -/** - * @author Lukas Reschke <lukas@owncloud.com> - * - * @copyright Copyright (c) 2016, ownCloud, Inc. - * @license AGPL-3.0 - * - * This code is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License, version 3, - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License, version 3, - * along with this program. If not, see <http://www.gnu.org/licenses/> - * - */ - -class CsrfTokenManagerTest extends \Test\TestCase { - /** @var \OC\Security\CSRF\CsrfTokenManager */ - private $csrfTokenManager; - /** @var \OC\Security\CSRF\CsrfTokenGenerator */ - private $tokenGenerator; - /** @var \OC\Security\CSRF\TokenStorage\SessionStorage */ - private $storageInterface; - - public function setUp() { - parent::setUp(); - $this->tokenGenerator = $this->getMockBuilder('\OC\Security\CSRF\CsrfTokenGenerator') - ->disableOriginalConstructor()->getMock(); - $this->storageInterface = $this->getMockBuilder('\OC\Security\CSRF\TokenStorage\SessionStorage') - ->disableOriginalConstructor()->getMock(); - - $this->csrfTokenManager = new \OC\Security\CSRF\CsrfTokenManager( - $this->tokenGenerator, - $this->storageInterface - ); - } - - public function testGetTokenWithExistingToken() { - $this->storageInterface - ->expects($this->once()) - ->method('hasToken') - ->willReturn(true); - $this->storageInterface - ->expects($this->once()) - ->method('getToken') - ->willReturn('MyExistingToken'); - - $expected = new \OC\Security\CSRF\CsrfToken('MyExistingToken'); - $this->assertEquals($expected, $this->csrfTokenManager->getToken()); - } - - public function testGetTokenWithoutExistingToken() { - $this->storageInterface - ->expects($this->once()) - ->method('hasToken') - ->willReturn(false); - $this->tokenGenerator - ->expects($this->once()) - ->method('generateToken') - ->willReturn('MyNewToken'); - $this->storageInterface - ->expects($this->once()) - ->method('setToken') - ->with('MyNewToken'); - - $expected = new \OC\Security\CSRF\CsrfToken('MyNewToken'); - $this->assertEquals($expected, $this->csrfTokenManager->getToken()); - } - - public function testRefreshToken() { - $this->tokenGenerator - ->expects($this->once()) - ->method('generateToken') - ->willReturn('MyNewToken'); - $this->storageInterface - ->expects($this->once()) - ->method('setToken') - ->with('MyNewToken'); - - $expected = new \OC\Security\CSRF\CsrfToken('MyNewToken'); - $this->assertEquals($expected, $this->csrfTokenManager->refreshToken()); - } - - public function testRemoveToken() { - $this->storageInterface - ->expects($this->once()) - ->method('removeToken'); - - $this->csrfTokenManager->removeToken(); - } - - public function testIsTokenValidWithoutToken() { - $this->storageInterface - ->expects($this->once()) - ->method('hasToken') - ->willReturn(false); - $token = new \OC\Security\CSRF\CsrfToken('Token'); - - $this->assertSame(false, $this->csrfTokenManager->isTokenValid($token)); - } - - public function testIsTokenValidWithWrongToken() { - $this->storageInterface - ->expects($this->once()) - ->method('hasToken') - ->willReturn(true); - $token = new \OC\Security\CSRF\CsrfToken('Token'); - $this->storageInterface - ->expects($this->once()) - ->method('getToken') - ->willReturn('MyToken'); - - $this->assertSame(false, $this->csrfTokenManager->isTokenValid($token)); - } - - public function testIsTokenValidWithValidToken() { - $this->storageInterface - ->expects($this->once()) - ->method('hasToken') - ->willReturn(true); - $token = new \OC\Security\CSRF\CsrfToken('XlQhHjgWCgBXAEI0Khl+IQEiCXN2LUcDHAQTQAc1HQs=:qgkUlg8l3m8WnkOG4XM9Az33pAt1vSVMx4hcJFsxdqc='); - $this->storageInterface - ->expects($this->once()) - ->method('getToken') - ->willReturn('/3JKTq2ldmzcDr1f5zDJ7Wt0lEgqqfKF'); - - $this->assertSame(true, $this->csrfTokenManager->isTokenValid($token)); - } -} diff --git a/tests/lib/security/csrf/CsrfTokenTest.php b/tests/lib/security/csrf/CsrfTokenTest.php deleted file mode 100644 index 62e6ad112e7..00000000000 --- a/tests/lib/security/csrf/CsrfTokenTest.php +++ /dev/null @@ -1,33 +0,0 @@ -<?php -/** - * @author Lukas Reschke <lukas@owncloud.com> - * - * @copyright Copyright (c) 2016, ownCloud, Inc. - * @license AGPL-3.0 - * - * This code is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License, version 3, - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License, version 3, - * along with this program. If not, see <http://www.gnu.org/licenses/> - * - */ - -class CsrfTokenTest extends \Test\TestCase { - public function testGetEncryptedValue() { - $csrfToken = new \OC\Security\CSRF\CsrfToken('MyCsrfToken'); - $this->assertSame(33, strlen($csrfToken->getEncryptedValue())); - $this->assertSame(':', $csrfToken->getEncryptedValue()[16]); - } - - public function testGetDecryptedValue() { - $csrfToken = new \OC\Security\CSRF\CsrfToken('XlQhHjgWCgBXAEI0Khl+IQEiCXN2LUcDHAQTQAc1HQs=:qgkUlg8l3m8WnkOG4XM9Az33pAt1vSVMx4hcJFsxdqc='); - $this->assertSame('/3JKTq2ldmzcDr1f5zDJ7Wt0lEgqqfKF', $csrfToken->getDecryptedValue()); - } -} diff --git a/tests/lib/security/csrf/tokenstorage/SessionStorageTest.php b/tests/lib/security/csrf/tokenstorage/SessionStorageTest.php deleted file mode 100644 index 3a83f6a8c00..00000000000 --- a/tests/lib/security/csrf/tokenstorage/SessionStorageTest.php +++ /dev/null @@ -1,107 +0,0 @@ -<?php -/** - * @author Lukas Reschke <lukas@owncloud.com> - * - * @copyright Copyright (c) 2016, ownCloud, Inc. - * @license AGPL-3.0 - * - * This code is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License, version 3, - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License, version 3, - * along with this program. If not, see <http://www.gnu.org/licenses/> - * - */ - -class SessionStorageTest extends \Test\TestCase { - /** @var \OCP\ISession */ - private $session; - /** @var \OC\Security\CSRF\TokenStorage\SessionStorage */ - private $sessionStorage; - - public function setUp() { - parent::setUp(); - $this->session = $this->getMockBuilder('\OCP\ISession') - ->disableOriginalConstructor()->getMock(); - $this->sessionStorage = new \OC\Security\CSRF\TokenStorage\SessionStorage($this->session); - } - - /** - * @return array - */ - public function getTokenDataProvider() { - return [ - [ - '', - ], - [ - null, - ], - ]; - } - - /** - * @param string $token - * @dataProvider getTokenDataProvider - * - * @expectedException \Exception - * @expectedExceptionMessage Session does not contain a requesttoken - */ - public function testGetTokenWithEmptyToken($token) { - $this->session - ->expects($this->once()) - ->method('get') - ->with('requesttoken') - ->willReturn($token); - $this->sessionStorage->getToken(); - } - - public function testGetTokenWithValidToken() { - $this->session - ->expects($this->once()) - ->method('get') - ->with('requesttoken') - ->willReturn('MyFancyCsrfToken'); - $this->assertSame('MyFancyCsrfToken', $this->sessionStorage->getToken()); - } - - public function testSetToken() { - $this->session - ->expects($this->once()) - ->method('set') - ->with('requesttoken', 'TokenToSet'); - $this->sessionStorage->setToken('TokenToSet'); - } - - public function testRemoveToken() { - $this->session - ->expects($this->once()) - ->method('remove') - ->with('requesttoken'); - $this->sessionStorage->removeToken(); - } - - public function testHasTokenWithExistingToken() { - $this->session - ->expects($this->once()) - ->method('exists') - ->with('requesttoken') - ->willReturn(true); - $this->assertSame(true, $this->sessionStorage->hasToken()); - } - - public function testHasTokenWithoutExistingToken() { - $this->session - ->expects($this->once()) - ->method('exists') - ->with('requesttoken') - ->willReturn(false); - $this->assertSame(false, $this->sessionStorage->hasToken()); - } -} diff --git a/tests/lib/security/hasher.php b/tests/lib/security/hasher.php deleted file mode 100644 index a6f7df5b79f..00000000000 --- a/tests/lib/security/hasher.php +++ /dev/null @@ -1,116 +0,0 @@ -<?php -/** - * Copyright (c) 2014 Lukas Reschke <lukas@owncloud.com> - * This file is licensed under the Affero General Public License version 3 or - * later. - * See the COPYING-README file. - */ - -use OC\Security\Hasher; - -/** - * Class HasherTest - */ -class HasherTest extends \Test\TestCase { - - /** - * @return array - */ - public function versionHashProvider() - { - return array( - array('asf32äà$$a.|3', null), - array('asf32äà$$a.|3|5', null), - array('1|2|3|4', array('version' => 1, 'hash' => '2|3|4')), - array('1|我看|这本书。 我看這本書', array('version' => 1, 'hash' => '我看|这本书。 我看這本書')) - ); - } - - /** - * @return array - */ - public function allHashProviders() - { - return array( - // Bogus values - array(null, 'asf32äà$$a.|3', false), - array(null, false, false), - - // Valid SHA1 strings - array('password', '5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8', true), - array('owncloud.com', '27a4643e43046c3569e33b68c1a4b15d31306d29', true), - - // Invalid SHA1 strings - array('InvalidString', '5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8', false), - array('AnotherInvalidOne', '27a4643e43046c3569e33b68c1a4b15d31306d29', false), - - // Valid legacy password string with password salt "6Wow67q1wZQZpUUeI6G2LsWUu4XKx" - array('password', '$2a$08$emCpDEl.V.QwPWt5gPrqrOhdpH6ailBmkj2Hd2vD5U8qIy20HBe7.', true), - array('password', '$2a$08$yjaLO4ev70SaOsWZ9gRS3eRSEpHVsmSWTdTms1949mylxJ279hzo2', true), - array('password', '$2a$08$.jNRG/oB4r7gHJhAyb.mDupNUAqTnBIW/tWBqFobaYflKXiFeG0A6', true), - array('owncloud.com', '$2a$08$YbEsyASX/hXVNMv8hXQo7ezreN17T8Jl6PjecGZvpX.Ayz2aUyaZ2', true), - array('owncloud.com', '$2a$11$cHdDA2IkUP28oNGBwlL7jO/U3dpr8/0LIjTZmE8dMPA7OCUQsSTqS', true), - array('owncloud.com', '$2a$08$GH.UoIfJ1e.qeZ85KPqzQe6NR8XWRgJXWIUeE1o/j1xndvyTA1x96', true), - - // Invalid legacy passwords - array('password', '$2a$08$oKAQY5IhnZocP.61MwP7xu7TNeOb7Ostvk3j6UpacvaNMs.xRj7O2', false), - - // Valid passwords "6Wow67q1wZQZpUUeI6G2LsWUu4XKx" - array('password', '1|$2a$05$ezAE0dkwk57jlfo6z5Pql.gcIK3ReXT15W7ITNxVS0ksfhO/4E4Kq', true), - array('password', '1|$2a$05$4OQmloFW4yTVez2MEWGIleDO9Z5G9tWBXxn1vddogmKBQq/Mq93pe', true), - array('password', '1|$2a$11$yj0hlp6qR32G9exGEXktB.yW2rgt2maRBbPgi3EyxcDwKrD14x/WO', true), - array('owncloud.com', '1|$2a$10$Yiss2WVOqGakxuuqySv5UeOKpF8d8KmNjuAPcBMiRJGizJXjA2bKm', true), - array('owncloud.com', '1|$2a$10$v9mh8/.mF/Ut9jZ7pRnpkuac3bdFCnc4W/gSumheQUi02Sr.xMjPi', true), - array('owncloud.com', '1|$2a$05$ST5E.rplNRfDCzRpzq69leRzsTGtY7k88h9Vy2eWj0Ug/iA9w5kGK', true), - - // Invalid passwords - array('password', '0|$2a$08$oKAQY5IhnZocP.61MwP7xu7TNeOb7Ostvk3j6UpacvaNMs.xRj7O2', false), - array('password', '1|$2a$08$oKAQY5IhnZocP.61MwP7xu7TNeOb7Ostvk3j6UpacvaNMs.xRj7O2', false), - array('password', '2|$2a$08$oKAQY5IhnZocP.61MwP7xu7TNeOb7Ostvk3j6UpacvaNMs.xRj7O2', false), - ); - } - - /** @var Hasher */ - protected $hasher; - - /** @var \OCP\IConfig */ - protected $config; - - protected function setUp() { - parent::setUp(); - - $this->config = $this->getMockBuilder('\OCP\IConfig') - ->disableOriginalConstructor()->getMock(); - - $this->hasher = new Hasher($this->config); - } - - function testHash() { - $hash = $this->hasher->hash('String To Hash'); - $this->assertNotNull($hash); - } - - /** - * @dataProvider versionHashProvider - */ - function testSplitHash($hash, $expected) { - $relativePath = self::invokePrivate($this->hasher, 'splitHash', array($hash)); - $this->assertSame($expected, $relativePath); - } - - - /** - * @dataProvider allHashProviders - */ - function testVerify($password, $hash, $expected) { - $this->config - ->expects($this->any()) - ->method('getSystemValue') - ->with('passwordsalt', null) - ->will($this->returnValue('6Wow67q1wZQZpUUeI6G2LsWUu4XKx')); - - $result = $this->hasher->verify($password, $hash); - $this->assertSame($expected, $result); - } - -} diff --git a/tests/lib/security/securerandom.php b/tests/lib/security/securerandom.php deleted file mode 100644 index 526066d92ee..00000000000 --- a/tests/lib/security/securerandom.php +++ /dev/null @@ -1,76 +0,0 @@ -<?php -/** - * Copyright (c) 2014 Lukas Reschke <lukas@owncloud.com> - * This file is licensed under the Affero General Public License version 3 or - * later. - * See the COPYING-README file. - */ - -use \OC\Security\SecureRandom; - -class SecureRandomTest extends \Test\TestCase { - - public function stringGenerationProvider() { - return array( - array(0, 0), - array(1, 1), - array(128, 128), - array(256, 256), - array(1024, 1024), - array(2048, 2048), - array(64000, 64000), - ); - } - - public static function charCombinations() { - return array( - array('CHAR_LOWER', '[a-z]'), - array('CHAR_UPPER', '[A-Z]'), - array('CHAR_DIGITS', '[0-9]'), - ); - } - - /** @var SecureRandom */ - protected $rng; - - protected function setUp() { - parent::setUp(); - $this->rng = new \OC\Security\SecureRandom(); - } - - /** - * @dataProvider stringGenerationProvider - */ - function testGetLowStrengthGeneratorLength($length, $expectedLength) { - $generator = $this->rng; - - $this->assertEquals($expectedLength, strlen($generator->generate($length))); - } - - /** - * @dataProvider stringGenerationProvider - */ - function testMediumLowStrengthGeneratorLength($length, $expectedLength) { - $generator = $this->rng; - - $this->assertEquals($expectedLength, strlen($generator->generate($length))); - } - - /** - * @dataProvider stringGenerationProvider - */ - function testUninitializedGenerate($length, $expectedLength) { - $this->assertEquals($expectedLength, strlen($this->rng->generate($length))); - } - - /** - * @dataProvider charCombinations - */ - public function testScheme($charName, $chars) { - $generator = $this->rng; - $scheme = constant('OCP\Security\ISecureRandom::' . $charName); - $randomString = $generator->generate(100, $scheme); - $matchesRegex = preg_match('/^'.$chars.'+$/', $randomString); - $this->assertSame(1, $matchesRegex); - } -} diff --git a/tests/lib/security/trusteddomainhelper.php b/tests/lib/security/trusteddomainhelper.php deleted file mode 100644 index 3581211ce61..00000000000 --- a/tests/lib/security/trusteddomainhelper.php +++ /dev/null @@ -1,80 +0,0 @@ -<?php -/** - * Copyright (c) 2015 Lukas Reschke <lukas@owncloud.com> - * This file is licensed under the Affero General Public License version 3 or - * later. - * See the COPYING-README file. - */ - -use \OC\Security\TrustedDomainHelper; -use OCP\IConfig; - -/** - * Class TrustedDomainHelperTest - */ -class TrustedDomainHelperTest extends \Test\TestCase { - /** @var IConfig */ - protected $config; - - protected function setUp() { - parent::setUp(); - - $this->config = $this->getMockBuilder('\OCP\IConfig')->getMock(); - } - - /** - * @dataProvider trustedDomainDataProvider - * @param string $trustedDomains - * @param string $testDomain - * @param bool $result - */ - public function testIsTrustedDomain($trustedDomains, $testDomain, $result) { - $this->config->expects($this->once()) - ->method('getSystemValue') - ->with('trusted_domains') - ->will($this->returnValue($trustedDomains)); - - $trustedDomainHelper = new TrustedDomainHelper($this->config); - $this->assertEquals($result, $trustedDomainHelper->isTrustedDomain($testDomain)); - } - - /** - * @return array - */ - public function trustedDomainDataProvider() { - $trustedHostTestList = [ - 'host.one.test', - 'host.two.test', - '[1fff:0:a88:85a3::ac1f]', - 'host.three.test:443', - ]; - return [ - // empty defaults to false with 8.1 - [null, 'host.one.test:8080', false], - ['', 'host.one.test:8080', false], - [[], 'host.one.test:8080', false], - // trust list when defined - [$trustedHostTestList, 'host.two.test:8080', true], - [$trustedHostTestList, 'host.two.test:9999', true], - [$trustedHostTestList, 'host.three.test:8080', false], - [$trustedHostTestList, 'host.two.test:8080:aa:222', false], - [$trustedHostTestList, '[1fff:0:a88:85a3::ac1f]', true], - [$trustedHostTestList, '[1fff:0:a88:85a3::ac1f]:801', true], - [$trustedHostTestList, '[1fff:0:a88:85a3::ac1f]:801:34', false], - [$trustedHostTestList, 'host.three.test:443', true], - [$trustedHostTestList, 'host.three.test:80', false], - [$trustedHostTestList, 'host.three.test', false], - // trust localhost regardless of trust list - [$trustedHostTestList, 'localhost', true], - [$trustedHostTestList, 'localhost:8080', true], - [$trustedHostTestList, '127.0.0.1', true], - [$trustedHostTestList, '127.0.0.1:8080', true], - // do not trust invalid localhosts - [$trustedHostTestList, 'localhost:1:2', false], - [$trustedHostTestList, 'localhost: evil.host', false], - // do not trust casting - [[1], '1', false], - ]; - } - -} |