diff options
Diffstat (limited to 'tests')
14 files changed, 924 insertions, 379 deletions
diff --git a/tests/lib/appframework/controller/ApiControllerTest.php b/tests/lib/appframework/controller/ApiControllerTest.php index b2e52cc0b5c..137e5950f67 100644 --- a/tests/lib/appframework/controller/ApiControllerTest.php +++ b/tests/lib/appframework/controller/ApiControllerTest.php @@ -37,7 +37,8 @@ class ApiControllerTest extends \Test\TestCase { public function testCors() { $request = new Request( ['server' => ['HTTP_ORIGIN' => 'test']], - $this->getMockBuilder('\OCP\Security\ISecureRandom')->getMock() + $this->getMock('\OCP\Security\ISecureRandom'), + $this->getMock('\OCP\IConfig') ); $this->controller = new ChildApiController('app', $request, 'verbs', 'headers', 100); diff --git a/tests/lib/appframework/controller/ControllerTest.php b/tests/lib/appframework/controller/ControllerTest.php index 58395d05914..78c0d9d15a1 100644 --- a/tests/lib/appframework/controller/ControllerTest.php +++ b/tests/lib/appframework/controller/ControllerTest.php @@ -75,7 +75,8 @@ class ControllerTest extends \Test\TestCase { 'session' => ['sezession' => 'kein'], 'method' => 'hi', ], - $this->getMockBuilder('\OCP\Security\ISecureRandom')->getMock() + $this->getMock('\OCP\Security\ISecureRandom'), + $this->getMock('\OCP\IConfig') ); $this->app = $this->getMock('OC\AppFramework\DependencyInjection\DIContainer', diff --git a/tests/lib/appframework/controller/OCSControllerTest.php b/tests/lib/appframework/controller/OCSControllerTest.php index 3b4de1d7a05..11a9d45eb92 100644 --- a/tests/lib/appframework/controller/OCSControllerTest.php +++ b/tests/lib/appframework/controller/OCSControllerTest.php @@ -33,11 +33,17 @@ class ChildOCSController extends OCSController {} class OCSControllerTest extends \Test\TestCase { + private $controller; public function testCors() { $request = new Request( - array('server' => array('HTTP_ORIGIN' => 'test')), - $this->getMock('\OCP\Security\ISecureRandom') + [ + 'server' => [ + 'HTTP_ORIGIN' => 'test', + ], + ], + $this->getMock('\OCP\Security\ISecureRandom'), + $this->getMock('\OCP\IConfig') ); $controller = new ChildOCSController('app', $request, 'verbs', 'headers', 100); @@ -57,7 +63,8 @@ class OCSControllerTest extends \Test\TestCase { public function testXML() { $controller = new ChildOCSController('app', new Request( [], - $this->getMock('\OCP\Security\ISecureRandom') + $this->getMock('\OCP\Security\ISecureRandom'), + $this->getMock('\OCP\IConfig') )); $expected = "<?xml version=\"1.0\"?>\n" . "<ocs>\n" . @@ -86,7 +93,8 @@ class OCSControllerTest extends \Test\TestCase { public function testXMLDataResponse() { $controller = new ChildOCSController('app', new Request( [], - $this->getMock('\OCP\Security\ISecureRandom') + $this->getMock('\OCP\Security\ISecureRandom'), + $this->getMock('\OCP\IConfig') )); $expected = "<?xml version=\"1.0\"?>\n" . "<ocs>\n" . @@ -115,7 +123,8 @@ class OCSControllerTest extends \Test\TestCase { public function testJSON() { $controller = new ChildOCSController('app', new Request( [], - $this->getMock('\OCP\Security\ISecureRandom') + $this->getMock('\OCP\Security\ISecureRandom'), + $this->getMock('\OCP\IConfig') )); $expected = '{"status":"OK","statuscode":400,"message":"OK",' . '"totalitems":"","itemsperpage":"","data":{"test":"hi"}}'; diff --git a/tests/lib/appframework/dependencyinjection/DIContainerTest.php b/tests/lib/appframework/dependencyinjection/DIContainerTest.php index 43309f64e63..0cbdddbb205 100644 --- a/tests/lib/appframework/dependencyinjection/DIContainerTest.php +++ b/tests/lib/appframework/dependencyinjection/DIContainerTest.php @@ -73,7 +73,8 @@ class DIContainerTest extends \Test\TestCase { public function testMiddlewareDispatcherIncludesSecurityMiddleware(){ $this->container['Request'] = new Request( ['method' => 'GET'], - $this->getMockBuilder('\OCP\Security\ISecureRandom')->getMock() + $this->getMock('\OCP\Security\ISecureRandom'), + $this->getMock('\OCP\IConfig') ); $security = $this->container['SecurityMiddleware']; $dispatcher = $this->container['MiddlewareDispatcher']; diff --git a/tests/lib/appframework/http/DispatcherTest.php b/tests/lib/appframework/http/DispatcherTest.php index 832cd80e60a..02c86df8e72 100644 --- a/tests/lib/appframework/http/DispatcherTest.php +++ b/tests/lib/appframework/http/DispatcherTest.php @@ -24,7 +24,6 @@ namespace OC\AppFramework\Http; -use OC\AppFramework\Middleware\MiddlewareDispatcher; use OC\AppFramework\Utility\ControllerMethodReflector; use OCP\AppFramework\Http; use OCP\AppFramework\Http\JSONResponse; @@ -33,6 +32,10 @@ use OCP\AppFramework\Controller; class TestController extends Controller { + /** + * @param string $appName + * @param \OCP\IRequest $request + */ public function __construct($appName, $request) { parent::__construct($appName, $request); } @@ -40,6 +43,9 @@ class TestController extends Controller { /** * @param int $int * @param bool $bool + * @param int $test + * @param int $test2 + * @return array */ public function exec($int, $bool, $test=4, $test2=1) { $this->registerResponder('text', function($in) { @@ -52,6 +58,9 @@ class TestController extends Controller { /** * @param int $int * @param bool $bool + * @param int $test + * @param int $test2 + * @return DataResponse */ public function execDataResponse($int, $bool, $test=4, $test2=1) { return new DataResponse(array( @@ -67,6 +76,7 @@ class DispatcherTest extends \Test\TestCase { private $dispatcher; private $controllerMethod; private $response; + private $request; private $lastModified; private $etag; private $http; @@ -284,7 +294,8 @@ class DispatcherTest extends \Test\TestCase { ], 'method' => 'POST' ], - $this->getMockBuilder('\OCP\Security\ISecureRandom')->getMock() + $this->getMock('\OCP\Security\ISecureRandom'), + $this->getMock('\OCP\IConfig') ); $this->dispatcher = new Dispatcher( $this->http, $this->middlewareDispatcher, $this->reflector, @@ -310,7 +321,8 @@ class DispatcherTest extends \Test\TestCase { ], 'method' => 'POST', ], - $this->getMockBuilder('\OCP\Security\ISecureRandom')->getMock() + $this->getMock('\OCP\Security\ISecureRandom'), + $this->getMock('\OCP\IConfig') ); $this->dispatcher = new Dispatcher( $this->http, $this->middlewareDispatcher, $this->reflector, @@ -339,7 +351,8 @@ class DispatcherTest extends \Test\TestCase { ], 'method' => 'GET' ], - $this->getMockBuilder('\OCP\Security\ISecureRandom')->getMock() + $this->getMock('\OCP\Security\ISecureRandom'), + $this->getMock('\OCP\IConfig') ); $this->dispatcher = new Dispatcher( $this->http, $this->middlewareDispatcher, $this->reflector, @@ -367,7 +380,8 @@ class DispatcherTest extends \Test\TestCase { ], 'method' => 'GET' ], - $this->getMockBuilder('\OCP\Security\ISecureRandom')->getMock() + $this->getMock('\OCP\Security\ISecureRandom'), + $this->getMock('\OCP\IConfig') ); $this->dispatcher = new Dispatcher( $this->http, $this->middlewareDispatcher, $this->reflector, @@ -396,7 +410,8 @@ class DispatcherTest extends \Test\TestCase { ], 'method' => 'PUT' ], - $this->getMockBuilder('\OCP\Security\ISecureRandom')->getMock() + $this->getMock('\OCP\Security\ISecureRandom'), + $this->getMock('\OCP\IConfig') ); $this->dispatcher = new Dispatcher( $this->http, $this->middlewareDispatcher, $this->reflector, @@ -427,7 +442,8 @@ class DispatcherTest extends \Test\TestCase { ], 'method' => 'POST' ], - $this->getMockBuilder('\OCP\Security\ISecureRandom')->getMock() + $this->getMock('\OCP\Security\ISecureRandom'), + $this->getMock('\OCP\IConfig') ); $this->dispatcher = new Dispatcher( $this->http, $this->middlewareDispatcher, $this->reflector, diff --git a/tests/lib/appframework/http/RequestTest.php b/tests/lib/appframework/http/RequestTest.php index eeba64b7f69..3185a0093c4 100644 --- a/tests/lib/appframework/http/RequestTest.php +++ b/tests/lib/appframework/http/RequestTest.php @@ -1,6 +1,8 @@ <?php /** - * Copyright (c) 2013 Thomas Tanghus (thomas@tanghus.net) + * @copyright 2013 Thomas Tanghus (thomas@tanghus.net) + * @copyright 2015 Lukas Reschke lukas@owncloud.com + * * This file is licensed under the Affero General Public License version 3 or * later. * See the COPYING-README file. @@ -9,12 +11,20 @@ namespace OC\AppFramework\Http; use OCP\Security\ISecureRandom; +use OCP\IConfig; +/** + * Class RequestTest + * + * @package OC\AppFramework\Http + */ class RequestTest extends \Test\TestCase { /** @var string */ protected $stream = 'fakeinput://data'; /** @var ISecureRandom */ protected $secureRandom; + /** @var IConfig */ + protected $config; protected function setUp() { parent::setUp(); @@ -26,6 +36,7 @@ class RequestTest extends \Test\TestCase { stream_wrapper_register('fakeinput', 'RequestStream'); $this->secureRandom = $this->getMockBuilder('\OCP\Security\ISecureRandom')->getMock(); + $this->config = $this->getMockBuilder('\OCP\IConfig')->getMock(); } protected function tearDown() { @@ -39,7 +50,12 @@ class RequestTest extends \Test\TestCase { 'method' => 'GET', ); - $request = new Request($vars, $this->secureRandom, $this->stream); + $request = new Request( + $vars, + $this->secureRandom, + $this->config, + $this->stream + ); // Countable $this->assertEquals(2, count($request)); @@ -66,7 +82,12 @@ class RequestTest extends \Test\TestCase { 'method' => 'GET' ); - $request = new Request($vars, $this->secureRandom, $this->stream); + $request = new Request( + $vars, + $this->secureRandom, + $this->config, + $this->stream + ); $this->assertEquals(3, count($request)); $this->assertEquals('Janey', $request->{'nickname'}); @@ -75,7 +96,7 @@ class RequestTest extends \Test\TestCase { /** - * @expectedException RuntimeException + * @expectedException \RuntimeException */ public function testImmutableArrayAccess() { $vars = array( @@ -83,12 +104,18 @@ class RequestTest extends \Test\TestCase { 'method' => 'GET' ); - $request = new Request($vars, $this->secureRandom, $this->stream); + $request = new Request( + $vars, + $this->secureRandom, + $this->config, + $this->stream + ); + $request['nickname'] = 'Janey'; } /** - * @expectedException RuntimeException + * @expectedException \RuntimeException */ public function testImmutableMagicAccess() { $vars = array( @@ -96,12 +123,18 @@ class RequestTest extends \Test\TestCase { 'method' => 'GET' ); - $request = new Request($vars, $this->secureRandom, $this->stream); + $request = new Request( + $vars, + $this->secureRandom, + $this->config, + $this->stream + ); + $request->{'nickname'} = 'Janey'; } /** - * @expectedException LogicException + * @expectedException \LogicException */ public function testGetTheMethodRight() { $vars = array( @@ -109,8 +142,14 @@ class RequestTest extends \Test\TestCase { 'method' => 'GET', ); - $request = new Request($vars, $this->secureRandom, $this->stream); - $result = $request->post; + $request = new Request( + $vars, + $this->secureRandom, + $this->config, + $this->stream + ); + + $request->post; } public function testTheMethodIsRight() { @@ -119,7 +158,13 @@ class RequestTest extends \Test\TestCase { 'method' => 'GET', ); - $request = new Request($vars, $this->secureRandom, $this->stream); + $request = new Request( + $vars, + $this->secureRandom, + $this->config, + $this->stream + ); + $this->assertEquals('GET', $request->method); $result = $request->get; $this->assertEquals('John Q. Public', $result['name']); @@ -134,7 +179,13 @@ class RequestTest extends \Test\TestCase { 'server' => array('CONTENT_TYPE' => 'application/json; utf-8') ); - $request = new Request($vars, $this->secureRandom, $this->stream); + $request = new Request( + $vars, + $this->secureRandom, + $this->config, + $this->stream + ); + $this->assertEquals('POST', $request->method); $result = $request->post; $this->assertEquals('John Q. Public', $result['name']); @@ -152,7 +203,12 @@ class RequestTest extends \Test\TestCase { 'server' => array('CONTENT_TYPE' => 'application/x-www-form-urlencoded'), ); - $request = new Request($vars, $this->secureRandom, $this->stream); + $request = new Request( + $vars, + $this->secureRandom, + $this->config, + $this->stream + ); $this->assertEquals('PATCH', $request->method); $result = $request->patch; @@ -171,7 +227,12 @@ class RequestTest extends \Test\TestCase { 'server' => array('CONTENT_TYPE' => 'application/json; utf-8'), ); - $request = new Request($vars, $this->secureRandom, $this->stream); + $request = new Request( + $vars, + $this->secureRandom, + $this->config, + $this->stream + ); $this->assertEquals('PUT', $request->method); $result = $request->put; @@ -186,7 +247,12 @@ class RequestTest extends \Test\TestCase { 'server' => array('CONTENT_TYPE' => 'application/json; utf-8'), ); - $request = new Request($vars, $this->secureRandom, $this->stream); + $request = new Request( + $vars, + $this->secureRandom, + $this->config, + $this->stream + ); $this->assertEquals('PATCH', $request->method); $result = $request->patch; @@ -205,7 +271,13 @@ class RequestTest extends \Test\TestCase { 'server' => array('CONTENT_TYPE' => 'image/png'), ); - $request = new Request($vars, $this->secureRandom, $this->stream); + $request = new Request( + $vars, + $this->secureRandom, + $this->config, + $this->stream + ); + $this->assertEquals('PUT', $request->method); $resource = $request->put; $contents = stream_get_contents($resource); @@ -228,7 +300,12 @@ class RequestTest extends \Test\TestCase { 'urlParams' => array('id' => '2'), ); - $request = new Request($vars, $this->secureRandom, $this->stream); + $request = new Request( + $vars, + $this->secureRandom, + $this->config, + $this->stream + ); $newParams = array('id' => '3', 'test' => 'test2'); $request->setUrlParameters($newParams); @@ -244,7 +321,13 @@ class RequestTest extends \Test\TestCase { ], ]; - $request = new Request($vars, $this->secureRandom, $this->stream); + $request = new Request( + $vars, + $this->secureRandom, + $this->config, + $this->stream + ); + $this->assertSame('GeneratedUniqueIdByModUnique', $request->getId()); } @@ -261,14 +344,695 @@ class RequestTest extends \Test\TestCase { ->method('getLowStrengthGenerator') ->will($this->returnValue($lowRandomSource)); - $request = new Request([], $this->secureRandom, $this->stream); + $request = new Request( + [], + $this->secureRandom, + $this->config, + $this->stream + ); + $this->assertSame('GeneratedByOwnCloudItself', $request->getId()); } public function testGetIdWithoutModUniqueStable() { - $request = new Request([], \OC::$server->getSecureRandom(), $this->stream); + $request = new Request( + [], + \OC::$server->getSecureRandom(), + $this->config, + $this->stream + ); $firstId = $request->getId(); $secondId = $request->getId(); $this->assertSame($firstId, $secondId); } + + public function testGetRemoteAddressWithoutTrustedRemote() { + $this->config + ->expects($this->once()) + ->method('getSystemValue') + ->with('trusted_proxies') + ->will($this->returnValue([])); + + $request = new Request( + [ + 'server' => [ + 'REMOTE_ADDR' => '10.0.0.2', + 'HTTP_X_FORWARDED' => '10.4.0.5, 10.4.0.4', + 'HTTP_X_FORWARDED_FOR' => '192.168.0.233' + ], + ], + $this->secureRandom, + $this->config, + $this->stream + ); + + $this->assertSame('10.0.0.2', $request->getRemoteAddress()); + } + + public function testGetRemoteAddressWithNoTrustedHeader() { + $this->config + ->expects($this->at(0)) + ->method('getSystemValue') + ->with('trusted_proxies') + ->will($this->returnValue(['10.0.0.2'])); + $this->config + ->expects($this->at(1)) + ->method('getSystemValue') + ->with('forwarded_for_headers') + ->will($this->returnValue([])); + + $request = new Request( + [ + 'server' => [ + 'REMOTE_ADDR' => '10.0.0.2', + 'HTTP_X_FORWARDED' => '10.4.0.5, 10.4.0.4', + 'HTTP_X_FORWARDED_FOR' => '192.168.0.233' + ], + ], + $this->secureRandom, + $this->config, + $this->stream + ); + + $this->assertSame('10.0.0.2', $request->getRemoteAddress()); + } + + public function testGetRemoteAddressWithSingleTrustedRemote() { + $this->config + ->expects($this->at(0)) + ->method('getSystemValue') + ->with('trusted_proxies') + ->will($this->returnValue(['10.0.0.2'])); + $this->config + ->expects($this->at(1)) + ->method('getSystemValue') + ->with('forwarded_for_headers') + ->will($this->returnValue(['HTTP_X_FORWARDED'])); + + $request = new Request( + [ + 'server' => [ + 'REMOTE_ADDR' => '10.0.0.2', + 'HTTP_X_FORWARDED' => '10.4.0.5, 10.4.0.4', + 'HTTP_X_FORWARDED_FOR' => '192.168.0.233' + ], + ], + $this->secureRandom, + $this->config, + $this->stream + ); + + $this->assertSame('10.4.0.5', $request->getRemoteAddress()); + } + + public function testGetRemoteAddressVerifyPriorityHeader() { + $this->config + ->expects($this->at(0)) + ->method('getSystemValue') + ->with('trusted_proxies') + ->will($this->returnValue(['10.0.0.2'])); + $this->config + ->expects($this->at(1)) + ->method('getSystemValue') + ->with('forwarded_for_headers') + ->will($this->returnValue([ + 'HTTP_CLIENT_IP', + 'HTTP_X_FORWARDED_FOR', + 'HTTP_X_FORWARDED' + ])); + + $request = new Request( + [ + 'server' => [ + 'REMOTE_ADDR' => '10.0.0.2', + 'HTTP_X_FORWARDED' => '10.4.0.5, 10.4.0.4', + 'HTTP_X_FORWARDED_FOR' => '192.168.0.233' + ], + ], + $this->secureRandom, + $this->config, + $this->stream + ); + + $this->assertSame('192.168.0.233', $request->getRemoteAddress()); + } + + public function testGetServerProtocolWithOverride() { + $this->config + ->expects($this->at(0)) + ->method('getSystemValue') + ->with('overwriteprotocol') + ->will($this->returnValue('customProtocol')); + $this->config + ->expects($this->at(1)) + ->method('getSystemValue') + ->with('overwritecondaddr') + ->will($this->returnValue('')); + $this->config + ->expects($this->at(2)) + ->method('getSystemValue') + ->with('overwriteprotocol') + ->will($this->returnValue('customProtocol')); + + $request = new Request( + [], + $this->secureRandom, + $this->config, + $this->stream + ); + + $this->assertSame('customProtocol', $request->getServerProtocol()); + } + + public function testGetServerProtocolWithProtoValid() { + $this->config + ->expects($this->exactly(2)) + ->method('getSystemValue') + ->with('overwriteprotocol') + ->will($this->returnValue('')); + + $requestHttps = new Request( + [ + 'server' => [ + 'HTTP_X_FORWARDED_PROTO' => 'HtTpS' + ], + ], + $this->secureRandom, + $this->config, + $this->stream + ); + $requestHttp = new Request( + [ + 'server' => [ + 'HTTP_X_FORWARDED_PROTO' => 'HTTp' + ], + ], + $this->secureRandom, + $this->config, + $this->stream + ); + + + $this->assertSame('https', $requestHttps->getServerProtocol()); + $this->assertSame('http', $requestHttp->getServerProtocol()); + } + + public function testGetServerProtocolWithHttpsServerValueOn() { + $this->config + ->expects($this->once()) + ->method('getSystemValue') + ->with('overwriteprotocol') + ->will($this->returnValue('')); + + $request = new Request( + [ + 'server' => [ + 'HTTPS' => 'on' + ], + ], + $this->secureRandom, + $this->config, + $this->stream + ); + $this->assertSame('https', $request->getServerProtocol()); + } + + public function testGetServerProtocolWithHttpsServerValueOff() { + $this->config + ->expects($this->once()) + ->method('getSystemValue') + ->with('overwriteprotocol') + ->will($this->returnValue('')); + + $request = new Request( + [ + 'server' => [ + 'HTTPS' => 'off' + ], + ], + $this->secureRandom, + $this->config, + $this->stream + ); + $this->assertSame('http', $request->getServerProtocol()); + } + + public function testGetServerProtocolDefault() { + $this->config + ->expects($this->once()) + ->method('getSystemValue') + ->with('overwriteprotocol') + ->will($this->returnValue('')); + + $request = new Request( + [], + $this->secureRandom, + $this->config, + $this->stream + ); + $this->assertSame('http', $request->getServerProtocol()); + } + + /** + * @dataProvider userAgentProvider + * @param string $testAgent + * @param array $userAgent + * @param bool $matches + */ + public function testUserAgent($testAgent, $userAgent, $matches) { + $request = new Request( + [ + 'server' => [ + 'HTTP_USER_AGENT' => $testAgent, + ] + ], + $this->secureRandom, + $this->config, + $this->stream + ); + + $this->assertEquals($matches, $request->isUserAgent($userAgent)); + } + + /** + * @return array + */ + function userAgentProvider() { + return [ + [ + 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)', + [ + Request::USER_AGENT_IE + ], + true, + ], + [ + 'Mozilla/5.0 (X11; Linux i686; rv:24.0) Gecko/20100101 Firefox/24.0', + [ + Request::USER_AGENT_IE + ], + false, + ], + [ + 'Mozilla/5.0 (Linux; Android 4.4; Nexus 4 Build/KRT16S) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.59 Mobile Safari/537.36', + [ + Request::USER_AGENT_ANDROID_MOBILE_CHROME + ], + true, + ], + [ + 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)', + [ + Request::USER_AGENT_ANDROID_MOBILE_CHROME + ], + false, + ], + [ + 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)', + [ + Request::USER_AGENT_IE, + Request::USER_AGENT_ANDROID_MOBILE_CHROME, + ], + true, + ], + [ + 'Mozilla/5.0 (Linux; Android 4.4; Nexus 4 Build/KRT16S) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.59 Mobile Safari/537.36', + [ + Request::USER_AGENT_IE, + Request::USER_AGENT_ANDROID_MOBILE_CHROME, + ], + true, + ], + [ + 'Mozilla/5.0 (X11; Linux i686; rv:24.0) Gecko/20100101 Firefox/24.0', + [ + Request::USER_AGENT_FREEBOX + ], + false, + ], + [ + 'Mozilla/5.0', + [ + Request::USER_AGENT_FREEBOX + ], + true, + ], + [ + 'Fake Mozilla/5.0', + [ + Request::USER_AGENT_FREEBOX + ], + false, + ], + ]; + } + + public function testInsecureServerHostServerNameHeader() { + $request = new Request( + [ + 'server' => [ + 'SERVER_NAME' => 'from.server.name:8080', + ] + ], + $this->secureRandom, + $this->config, + $this->stream + ); + + $this->assertEquals('from.server.name:8080', $request->getInsecureServerHost()); + } + + public function testInsecureServerHostHttpHostHeader() { + $request = new Request( + [ + 'server' => [ + 'SERVER_NAME' => 'from.server.name:8080', + 'HTTP_HOST' => 'from.host.header:8080', + ] + ], + $this->secureRandom, + $this->config, + $this->stream + ); + + $this->assertEquals('from.host.header:8080', $request->getInsecureServerHost()); + } + + public function testInsecureServerHostHttpFromForwardedHeaderSingle() { + $request = new Request( + [ + 'server' => [ + 'SERVER_NAME' => 'from.server.name:8080', + 'HTTP_HOST' => 'from.host.header:8080', + 'HTTP_X_FORWARDED_HOST' => 'from.forwarded.host:8080', + ] + ], + $this->secureRandom, + $this->config, + $this->stream + ); + + $this->assertEquals('from.forwarded.host:8080', $request->getInsecureServerHost()); + } + + public function testInsecureServerHostHttpFromForwardedHeaderStacked() { + $request = new Request( + [ + 'server' => [ + 'SERVER_NAME' => 'from.server.name:8080', + 'HTTP_HOST' => 'from.host.header:8080', + 'HTTP_X_FORWARDED_HOST' => 'from.forwarded.host2:8080,another.one:9000', + ] + ], + $this->secureRandom, + $this->config, + $this->stream + ); + + $this->assertEquals('from.forwarded.host2:8080', $request->getInsecureServerHost()); + } + + public function testGetServerHost() { + $request = new Request( + [], + $this->secureRandom, + $this->config, + $this->stream + ); + + $this->assertEquals('localhost', $request->getServerHost()); + } + + public function testGetOverwriteHostDefaultNull() { + $this->config + ->expects($this->once()) + ->method('getSystemValue') + ->with('overwritehost') + ->will($this->returnValue('')); + $request = new Request( + [], + $this->secureRandom, + $this->config, + $this->stream + ); + + $this->assertNull(\Test_Helper::invokePrivate($request, 'getOverwriteHost')); + } + + public function testGetOverwriteHostWithOverwrite() { + $this->config + ->expects($this->at(0)) + ->method('getSystemValue') + ->with('overwritehost') + ->will($this->returnValue('www.owncloud.org')); + $this->config + ->expects($this->at(1)) + ->method('getSystemValue') + ->with('overwritecondaddr') + ->will($this->returnValue('')); + $this->config + ->expects($this->at(2)) + ->method('getSystemValue') + ->with('overwritehost') + ->will($this->returnValue('www.owncloud.org')); + + $request = new Request( + [], + $this->secureRandom, + $this->config, + $this->stream + ); + + $this->assertSame('www.owncloud.org', \Test_Helper::invokePrivate($request, 'getOverwriteHost')); + } + + public function testGetPathInfoWithSetEnv() { + $request = new Request( + [ + 'server' => [ + 'PATH_INFO' => 'apps/files/', + ] + ], + $this->secureRandom, + $this->config, + $this->stream + ); + + $this->assertEquals('apps/files/', $request->getPathInfo()); + } + + /** + * @expectedException \Exception + * @expectedExceptionMessage The requested uri(/foo.php) cannot be processed by the script '/var/www/index.php') + */ + public function testGetPathInfoNotProcessible() { + $request = new Request( + [ + 'server' => [ + 'REQUEST_URI' => '/foo.php', + 'SCRIPT_NAME' => '/var/www/index.php', + ] + ], + $this->secureRandom, + $this->config, + $this->stream + ); + + $request->getPathInfo(); + } + + /** + * @expectedException \Exception + * @expectedExceptionMessage The requested uri(/foo.php) cannot be processed by the script '/var/www/index.php') + */ + public function testGetRawPathInfoNotProcessible() { + $request = new Request( + [ + 'server' => [ + 'REQUEST_URI' => '/foo.php', + 'SCRIPT_NAME' => '/var/www/index.php', + ] + ], + $this->secureRandom, + $this->config, + $this->stream + ); + + $request->getRawPathInfo(); + } + + /** + * @dataProvider genericPathInfoProvider + * @param string $requestUri + * @param string $scriptName + * @param string $expected + */ + public function testGetPathInfoWithoutSetEnvGeneric($requestUri, $scriptName, $expected) { + $request = new Request( + [ + 'server' => [ + 'REQUEST_URI' => $requestUri, + 'SCRIPT_NAME' => $scriptName, + ] + ], + $this->secureRandom, + $this->config, + $this->stream + ); + + $this->assertEquals($expected, $request->getPathInfo()); + } + + /** + * @dataProvider genericPathInfoProvider + * @param string $requestUri + * @param string $scriptName + * @param string $expected + */ + public function testGetRawPathInfoWithoutSetEnvGeneric($requestUri, $scriptName, $expected) { + $request = new Request( + [ + 'server' => [ + 'REQUEST_URI' => $requestUri, + 'SCRIPT_NAME' => $scriptName, + ] + ], + $this->secureRandom, + $this->config, + $this->stream + ); + + $this->assertEquals($expected, $request->getRawPathInfo()); + } + + /** + * @dataProvider rawPathInfoProvider + * @param string $requestUri + * @param string $scriptName + * @param string $expected + */ + public function testGetRawPathInfoWithoutSetEnv($requestUri, $scriptName, $expected) { + $request = new Request( + [ + 'server' => [ + 'REQUEST_URI' => $requestUri, + 'SCRIPT_NAME' => $scriptName, + ] + ], + $this->secureRandom, + $this->config, + $this->stream + ); + + $this->assertEquals($expected, $request->getRawPathInfo()); + } + + /** + * @dataProvider pathInfoProvider + * @param string $requestUri + * @param string $scriptName + * @param string $expected + */ + public function testGetPathInfoWithoutSetEnv($requestUri, $scriptName, $expected) { + $request = new Request( + [ + 'server' => [ + 'REQUEST_URI' => $requestUri, + 'SCRIPT_NAME' => $scriptName, + ] + ], + $this->secureRandom, + $this->config, + $this->stream + ); + + $this->assertEquals($expected, $request->getPathInfo()); + } + + /** + * @return array + */ + public function genericPathInfoProvider() { + return [ + ['/index.php/apps/files/', 'index.php', '/apps/files/'], + ['/index.php/apps/files/../&/&?someQueryParameter=QueryParam', 'index.php', '/apps/files/../&/&'], + ['/remote.php/漢字編碼方法 / 汉字编码方法', 'remote.php', '/漢字編碼方法 / 汉字编码方法'], + ['///removeTrailin//gSlashes///', 'remote.php', '/removeTrailin/gSlashes/'], + ['/', '/', ''], + ['', '', ''], + ]; + } + + /** + * @return array + */ + public function rawPathInfoProvider() { + return [ + ['/foo%2Fbar/subfolder', '', 'foo%2Fbar/subfolder'], + ]; + } + + /** + * @return array + */ + public function pathInfoProvider() { + return [ + ['/foo%2Fbar/subfolder', '', 'foo/bar/subfolder'], + ]; + } + + public function testGetRequestUriWithoutOverwrite() { + $this->config + ->expects($this->once()) + ->method('getSystemValue') + ->with('overwritewebroot') + ->will($this->returnValue('')); + + $request = new Request( + [ + 'server' => [ + 'REQUEST_URI' => '/test.php' + ] + ], + $this->secureRandom, + $this->config, + $this->stream + ); + + $this->assertSame('/test.php', $request->getRequestUri()); + } + + public function testGetRequestUriWithOverwrite() { + $this->config + ->expects($this->at(0)) + ->method('getSystemValue') + ->with('overwritewebroot') + ->will($this->returnValue('/owncloud/')); + $this->config + ->expects($this->at(1)) + ->method('getSystemValue') + ->with('overwritecondaddr') + ->will($this->returnValue('')); + + $request = $this->getMockBuilder('\OC\AppFramework\Http\Request') + ->setMethods(['getScriptName']) + ->setConstructorArgs([ + [ + 'server' => [ + 'REQUEST_URI' => '/test.php/some/PathInfo', + 'SCRIPT_NAME' => '/test.php', + ] + ], + $this->secureRandom, + $this->config, + $this->stream + ]) + ->getMock(); + $request + ->expects($this->once()) + ->method('getScriptName') + ->will($this->returnValue('/scriptname.php')); + + $this->assertSame('/scriptname.php/some/PathInfo', $request->getRequestUri()); + } } diff --git a/tests/lib/appframework/middleware/MiddlewareDispatcherTest.php b/tests/lib/appframework/middleware/MiddlewareDispatcherTest.php index 078543c7b59..a8731525798 100644 --- a/tests/lib/appframework/middleware/MiddlewareDispatcherTest.php +++ b/tests/lib/appframework/middleware/MiddlewareDispatcherTest.php @@ -132,7 +132,8 @@ class MiddlewareDispatcherTest extends \Test\TestCase { ['app', new Request( ['method' => 'GET'], - $this->getMockBuilder('\OCP\Security\ISecureRandom')->getMock() + $this->getMock('\OCP\Security\ISecureRandom'), + $this->getMock('\OCP\IConfig') ) ] ); diff --git a/tests/lib/appframework/middleware/MiddlewareTest.php b/tests/lib/appframework/middleware/MiddlewareTest.php index fcc0c300a8a..33f04e1383d 100644 --- a/tests/lib/appframework/middleware/MiddlewareTest.php +++ b/tests/lib/appframework/middleware/MiddlewareTest.php @@ -26,7 +26,7 @@ namespace OC\AppFramework; use OC\AppFramework\Http\Request; use OCP\AppFramework\Middleware; - +use OCP\AppFramework\Http\Response; class ChildMiddleware extends Middleware {}; @@ -40,6 +40,8 @@ class MiddlewareTest extends \Test\TestCase { private $controller; private $exception; private $api; + /** @var Response */ + private $response; protected function setUp(){ parent::setUp(); @@ -56,7 +58,11 @@ class MiddlewareTest extends \Test\TestCase { [], [ $this->api, - new Request([], $this->getMockBuilder('\OCP\Security\ISecureRandom')->getMock()) + new Request( + [], + $this->getMock('\OCP\Security\ISecureRandom'), + $this->getMock('\OCP\IConfig') + ) ] ); $this->exception = new \Exception(); diff --git a/tests/lib/appframework/middleware/security/CORSMiddlewareTest.php b/tests/lib/appframework/middleware/security/CORSMiddlewareTest.php index 57a7c524abe..a4f3137cb11 100644 --- a/tests/lib/appframework/middleware/security/CORSMiddlewareTest.php +++ b/tests/lib/appframework/middleware/security/CORSMiddlewareTest.php @@ -37,7 +37,8 @@ class CORSMiddlewareTest extends \Test\TestCase { 'HTTP_ORIGIN' => 'test' ] ], - $this->getMockBuilder('\OCP\Security\ISecureRandom')->getMock() + $this->getMock('\OCP\Security\ISecureRandom'), + $this->getMock('\OCP\IConfig') ); $this->reflector->reflect($this, __FUNCTION__); $middleware = new CORSMiddleware($request, $this->reflector); @@ -55,7 +56,8 @@ class CORSMiddlewareTest extends \Test\TestCase { 'HTTP_ORIGIN' => 'test' ] ], - $this->getMockBuilder('\OCP\Security\ISecureRandom')->getMock() + $this->getMock('\OCP\Security\ISecureRandom'), + $this->getMock('\OCP\IConfig') ); $middleware = new CORSMiddleware($request, $this->reflector); @@ -69,7 +71,11 @@ class CORSMiddlewareTest extends \Test\TestCase { * @CORS */ public function testNoOriginHeaderNoCORSHEADER() { - $request = new Request([], $this->getMockBuilder('\OCP\Security\ISecureRandom')->getMock()); + $request = new Request( + [], + $this->getMock('\OCP\Security\ISecureRandom'), + $this->getMock('\OCP\IConfig') + ); $this->reflector->reflect($this, __FUNCTION__); $middleware = new CORSMiddleware($request, $this->reflector); @@ -90,14 +96,15 @@ class CORSMiddlewareTest extends \Test\TestCase { 'HTTP_ORIGIN' => 'test' ] ], - $this->getMockBuilder('\OCP\Security\ISecureRandom')->getMock() + $this->getMock('\OCP\Security\ISecureRandom'), + $this->getMock('\OCP\IConfig') ); $this->reflector->reflect($this, __FUNCTION__); $middleware = new CORSMiddleware($request, $this->reflector); $response = new Response(); $response->addHeader('AcCess-control-Allow-Credentials ', 'TRUE'); - $response = $middleware->afterController($this, __FUNCTION__, $response); + $middleware->afterController($this, __FUNCTION__, $response); } } diff --git a/tests/lib/appframework/middleware/security/SecurityMiddlewareTest.php b/tests/lib/appframework/middleware/security/SecurityMiddlewareTest.php index 3acba7ce1d8..347a0423ea6 100644 --- a/tests/lib/appframework/middleware/security/SecurityMiddlewareTest.php +++ b/tests/lib/appframework/middleware/security/SecurityMiddlewareTest.php @@ -321,7 +321,8 @@ class SecurityMiddlewareTest extends \Test\TestCase { 'REQUEST_URI' => 'owncloud/index.php/apps/specialapp' ] ], - $this->getMockBuilder('\OCP\Security\ISecureRandom')->getMock() + $this->getMock('\OCP\Security\ISecureRandom'), + $this->getMock('\OCP\IConfig') ); $this->middleware = $this->getMiddleware(true, true); $response = $this->middleware->afterException($this->controller, 'test', diff --git a/tests/lib/appframework/middleware/sessionmiddlewaretest.php b/tests/lib/appframework/middleware/sessionmiddlewaretest.php index c417225d908..11c1600f515 100644 --- a/tests/lib/appframework/middleware/sessionmiddlewaretest.php +++ b/tests/lib/appframework/middleware/sessionmiddlewaretest.php @@ -35,7 +35,8 @@ class SessionMiddlewareTest extends \Test\TestCase { $this->request = new Request( [], - $this->getMockBuilder('\OCP\Security\ISecureRandom')->getMock() + $this->getMockBuilder('\OCP\Security\ISecureRandom')->getMock(), + $this->getMock('\OCP\IConfig') ); $this->reflector = new ControllerMethodReflector(); } diff --git a/tests/lib/request.php b/tests/lib/request.php deleted file mode 100644 index dd6d1e47cd5..00000000000 --- a/tests/lib/request.php +++ /dev/null @@ -1,333 +0,0 @@ -<?php -/** - * Copyright (c) 2013 Thomas Müller <thomas.mueller@tmit.eu> - * This file is licensed under the Affero General Public License version 3 or - * later. - * See the COPYING-README file. - */ - -class Test_Request extends \Test\TestCase { - - protected function setUp() { - parent::setUp(); - - OC::$server->getConfig()->setSystemValue('overwritewebroot', '/domain.tld/ownCloud'); - - OC::$server->getConfig()->setSystemValue('trusted_proxies', array()); - OC::$server->getConfig()->setSystemValue('forwarded_for_headers', array()); - } - - protected function tearDown() { - OC::$server->getConfig()->setSystemValue('overwritewebroot', ''); - OC::$server->getConfig()->setSystemValue('trusted_proxies', array()); - OC::$server->getConfig()->setSystemValue('forwarded_for_headers', array()); - - parent::tearDown(); - } - - public function testScriptNameOverWrite() { - $_SERVER['REMOTE_ADDR'] = '10.0.0.1'; - $_SERVER['SCRIPT_FILENAME'] = __FILE__; - - $scriptName = OC_Request::scriptName(); - $this->assertEquals('/domain.tld/ownCloud/tests/lib/request.php', $scriptName); - } - - public function testGetRemoteAddress() { - $_SERVER['REMOTE_ADDR'] = '10.0.0.2'; - $_SERVER['HTTP_X_FORWARDED'] = '10.4.0.5, 10.4.0.4'; - $_SERVER['HTTP_X_FORWARDED_FOR'] = '192.168.0.233'; - - // Without having specified a trusted remote address - $this->assertEquals('10.0.0.2', OC_Request::getRemoteAddress()); - - // With specifying a trusted remote address but no trusted header - OC::$server->getConfig()->setSystemValue('trusted_proxies', array('10.0.0.2')); - $this->assertEquals('10.0.0.2', OC_Request::getRemoteAddress()); - - // With specifying a trusted remote address and trusted headers - OC::$server->getConfig()->setSystemValue('trusted_proxies', array('10.0.0.2')); - OC::$server->getConfig()->setSystemValue('forwarded_for_headers', array('HTTP_X_FORWARDED')); - $this->assertEquals('10.4.0.5', OC_Request::getRemoteAddress()); - OC::$server->getConfig()->setSystemValue('forwarded_for_headers', array('HTTP_CLIENT_IP', 'HTTP_X_FORWARDED_FOR', 'HTTP_X_FORWARDED')); - $this->assertEquals('192.168.0.233', OC_Request::getRemoteAddress()); - - // With specifying multiple trusted remote addresses and trusted headers - OC::$server->getConfig()->setSystemValue('trusted_proxies', array('10.3.4.2', '10.0.0.2', '127.0.3.3')); - OC::$server->getConfig()->setSystemValue('forwarded_for_headers', array('HTTP_X_FORWARDED')); - $this->assertEquals('10.4.0.5', OC_Request::getRemoteAddress()); - OC::$server->getConfig()->setSystemValue('forwarded_for_headers', array('HTTP_CLIENT_IP', 'HTTP_X_FORWARDED_FOR', 'HTTP_X_FORWARDED')); - $this->assertEquals('192.168.0.233', OC_Request::getRemoteAddress()); - } - - /** - * @dataProvider rawPathInfoProvider - * @param $expected - * @param $requestUri - * @param $scriptName - */ - public function testRawPathInfo($expected, $requestUri, $scriptName) { - $_SERVER['REQUEST_URI'] = $requestUri; - $_SERVER['SCRIPT_NAME'] = $scriptName; - $rawPathInfo = OC_Request::getRawPathInfo(); - $this->assertEquals($expected, $rawPathInfo); - } - - function rawPathInfoProvider() { - return array( - array('/core/ajax/translations.php', 'index.php/core/ajax/translations.php', 'index.php'), - array('/core/ajax/translations.php', '/index.php/core/ajax/translations.php', '/index.php'), - array('/core/ajax/translations.php', '//index.php/core/ajax/translations.php', '/index.php'), - array('', '/oc/core', '/oc/core/index.php'), - array('', '/oc/core/', '/oc/core/index.php'), - array('', '/oc/core/index.php', '/oc/core/index.php'), - array('/core/ajax/translations.php', '/core/ajax/translations.php', 'index.php'), - array('/core/ajax/translations.php', '//core/ajax/translations.php', '/index.php'), - array('/core/ajax/translations.php', '/oc/core/ajax/translations.php', '/oc/index.php'), - array('/core/ajax/translations.php', '/oc//index.php/core/ajax/translations.php', '/oc/index.php'), - array('/1', '/oc/core/1', '/oc/core/index.php'), - ); - } - - /** - * @dataProvider rawPathInfoThrowsExceptionProvider - * @expectedException Exception - * - * @param $requestUri - * @param $scriptName - */ - public function testRawPathInfoThrowsException($requestUri, $scriptName) { - $_SERVER['REQUEST_URI'] = $requestUri; - $_SERVER['SCRIPT_NAME'] = $scriptName; - OC_Request::getRawPathInfo(); - } - - function rawPathInfoThrowsExceptionProvider() { - return array( - array('/oc/core1', '/oc/core/index.php'), - ); - } - - /** - * @dataProvider userAgentProvider - */ - public function testUserAgent($testAgent, $userAgent, $matches) { - $_SERVER['HTTP_USER_AGENT'] = $testAgent; - $this->assertEquals($matches, OC_Request::isUserAgent($userAgent)); - } - - function userAgentProvider() { - return array( - array( - 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)', - OC_Request::USER_AGENT_IE, - true - ), - array( - 'Mozilla/5.0 (X11; Linux i686; rv:24.0) Gecko/20100101 Firefox/24.0', - OC_Request::USER_AGENT_IE, - false - ), - array( - 'Mozilla/5.0 (Linux; Android 4.4; Nexus 4 Build/KRT16S) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.59 Mobile Safari/537.36', - OC_Request::USER_AGENT_ANDROID_MOBILE_CHROME, - true - ), - array( - 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)', - OC_Request::USER_AGENT_ANDROID_MOBILE_CHROME, - false - ), - // test two values - array( - 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)', - array( - OC_Request::USER_AGENT_IE, - OC_Request::USER_AGENT_ANDROID_MOBILE_CHROME, - ), - true - ), - array( - 'Mozilla/5.0 (Linux; Android 4.4; Nexus 4 Build/KRT16S) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.59 Mobile Safari/537.36', - array( - OC_Request::USER_AGENT_IE, - OC_Request::USER_AGENT_ANDROID_MOBILE_CHROME, - ), - true - ), - array( - 'Mozilla/5.0 (X11; Linux i686; rv:24.0) Gecko/20100101 Firefox/24.0', - OC_Request::USER_AGENT_FREEBOX, - false - ), - array( - 'Mozilla/5.0', - OC_Request::USER_AGENT_FREEBOX, - true - ), - array( - 'Fake Mozilla/5.0', - OC_Request::USER_AGENT_FREEBOX, - false - ), - ); - } - - public function testInsecureServerHost() { - unset($_SERVER['HTTP_X_FORWARDED_HOST']); - unset($_SERVER['HTTP_HOST']); - unset($_SERVER['SERVER_NAME']); - $_SERVER['SERVER_NAME'] = 'from.server.name:8080'; - $host = OC_Request::insecureServerHost(); - $this->assertEquals('from.server.name:8080', $host); - - $_SERVER['HTTP_HOST'] = 'from.host.header:8080'; - $host = OC_Request::insecureServerHost(); - $this->assertEquals('from.host.header:8080', $host); - - $_SERVER['HTTP_X_FORWARDED_HOST'] = 'from.forwarded.host:8080'; - $host = OC_Request::insecureServerHost(); - $this->assertEquals('from.forwarded.host:8080', $host); - - $_SERVER['HTTP_X_FORWARDED_HOST'] = 'from.forwarded.host2:8080,another.one:9000'; - $host = OC_Request::insecureServerHost(); - $this->assertEquals('from.forwarded.host2:8080', $host); - - // clean up - unset($_SERVER['HTTP_X_FORWARDED_HOST']); - unset($_SERVER['HTTP_HOST']); - unset($_SERVER['SERVER_NAME']); - } - - public function testGetOverwriteHost() { - unset($_SERVER['REMOTE_ADDR']); - OC_Config::deleteKey('overwritecondaddr'); - OC_Config::deleteKey('overwritehost'); - $host = OC_Request::getOverwriteHost(); - $this->assertNull($host); - - OC_Config::setValue('overwritehost', ''); - $host = OC_Request::getOverwriteHost(); - $this->assertNull($host); - - OC_Config::setValue('overwritehost', 'host.one.test:8080'); - $host = OC_Request::getOverwriteHost(); - $this->assertEquals('host.one.test:8080', $host); - - $_SERVER['REMOTE_ADDR'] = 'somehost.test:8080'; - OC_Config::setValue('overwritecondaddr', '^somehost\..*$'); - $host = OC_Request::getOverwriteHost(); - $this->assertEquals('host.one.test:8080', $host); - - OC_Config::setValue('overwritecondaddr', '^somethingelse.*$'); - $host = OC_Request::getOverwriteHost(); - $this->assertNull($host); - - // clean up - unset($_SERVER['REMOTE_ADDR']); - OC_Config::deleteKey('overwritecondaddr'); - OC_Config::deleteKey('overwritehost'); - } - - public function hostWithPortProvider() { - return array( - array('localhost:500', 'localhost'), - array('foo.com', 'foo.com'), - array('[1fff:0:a88:85a3::ac1f]:801', '[1fff:0:a88:85a3::ac1f]'), - array('[1fff:0:a88:85a3::ac1f]', '[1fff:0:a88:85a3::ac1f]') - ); - } - - /** - * @dataProvider hostWithPortProvider - */ - public function testGetDomainWithoutPort($hostWithPort, $host) { - $this->assertEquals($host, OC_Request::getDomainWithoutPort($hostWithPort)); - - } - - /** - * @dataProvider trustedDomainDataProvider - */ - public function testIsTrustedDomain($trustedDomains, $testDomain, $result) { - OC_Config::deleteKey('trusted_domains'); - if ($trustedDomains !== null) { - OC_Config::setValue('trusted_domains', $trustedDomains); - } - - $this->assertEquals($result, OC_Request::isTrustedDomain($testDomain)); - - // clean up - OC_Config::deleteKey('trusted_domains'); - } - - public function trustedDomainDataProvider() { - $trustedHostTestList = array('host.one.test', 'host.two.test', '[1fff:0:a88:85a3::ac1f]'); - return array( - // empty defaults to true - array(null, 'host.one.test:8080', true), - array('', 'host.one.test:8080', true), - array(array(), 'host.one.test:8080', true), - - // trust list when defined - array($trustedHostTestList, 'host.two.test:8080', true), - array($trustedHostTestList, 'host.two.test:9999', true), - array($trustedHostTestList, 'host.three.test:8080', false), - array($trustedHostTestList, 'host.two.test:8080:aa:222', false), - array($trustedHostTestList, '[1fff:0:a88:85a3::ac1f]', true), - array($trustedHostTestList, '[1fff:0:a88:85a3::ac1f]:801', true), - array($trustedHostTestList, '[1fff:0:a88:85a3::ac1f]:801:34', false), - - // trust localhost regardless of trust list - array($trustedHostTestList, 'localhost', true), - array($trustedHostTestList, 'localhost:8080', true), - array($trustedHostTestList, '127.0.0.1', true), - array($trustedHostTestList, '127.0.0.1:8080', true), - - // do not trust invalid localhosts - array($trustedHostTestList, 'localhost:1:2', false), - array($trustedHostTestList, 'localhost: evil.host', false), - ); - } - - public function testServerHost() { - OC_Config::deleteKey('overwritecondaddr'); - OC_Config::setValue('overwritehost', 'overwritten.host:8080'); - OC_Config::setValue( - 'trusted_domains', - array( - 'trusted.host:8080', - 'second.trusted.host:8080' - ) - ); - $_SERVER['HTTP_HOST'] = 'trusted.host:8080'; - - // CLI always gives localhost - $oldCLI = OC::$CLI; - OC::$CLI = true; - $host = OC_Request::serverHost(); - $this->assertEquals('localhost', $host); - OC::$CLI = false; - - // overwritehost overrides trusted domain - $host = OC_Request::serverHost(); - $this->assertEquals('overwritten.host:8080', $host); - - // trusted domain returned when used - OC_Config::deleteKey('overwritehost'); - $host = OC_Request::serverHost(); - $this->assertEquals('trusted.host:8080', $host); - - // trusted domain returned when untrusted one in header - $_SERVER['HTTP_HOST'] = 'untrusted.host:8080'; - OC_Config::deleteKey('overwritehost'); - $host = OC_Request::serverHost(); - $this->assertEquals('trusted.host:8080', $host); - - // clean up - OC_Config::deleteKey('overwritecondaddr'); - OC_Config::deleteKey('overwritehost'); - unset($_SERVER['HTTP_HOST']); - OC::$CLI = $oldCLI; - } -} diff --git a/tests/lib/security/trusteddomainhelper.php b/tests/lib/security/trusteddomainhelper.php new file mode 100644 index 00000000000..c8d5ffa587b --- /dev/null +++ b/tests/lib/security/trusteddomainhelper.php @@ -0,0 +1,70 @@ +<?php +/** + * Copyright (c) 2015 Lukas Reschke <lukas@owncloud.com> + * This file is licensed under the Affero General Public License version 3 or + * later. + * See the COPYING-README file. + */ + +use \OC\Security\TrustedDomainHelper; +use OCP\IConfig; + +/** + * Class TrustedDomainHelperTest + */ +class TrustedDomainHelperTest extends \Test\TestCase { + /** @var IConfig */ + protected $config; + + protected function setUp() { + parent::setUp(); + + $this->config = $this->getMockBuilder('\OCP\IConfig')->getMock(); + } + + /** + * @dataProvider trustedDomainDataProvider + * @param string $trustedDomains + * @param string $testDomain + * @param bool $result + */ + public function testIsTrustedDomain($trustedDomains, $testDomain, $result) { + $this->config->expects($this->once()) + ->method('getSystemValue') + ->with('trusted_domains') + ->will($this->returnValue($trustedDomains)); + + $trustedDomainHelper = new TrustedDomainHelper($this->config); + $this->assertEquals($result, $trustedDomainHelper->isTrustedDomain($testDomain)); + } + + /** + * @return array + */ + public function trustedDomainDataProvider() { + $trustedHostTestList = ['host.one.test', 'host.two.test', '[1fff:0:a88:85a3::ac1f]']; + return [ + // empty defaults to false with 8.1 + [null, 'host.one.test:8080', false], + ['', 'host.one.test:8080', false], + [[], 'host.one.test:8080', false], + // trust list when defined + [$trustedHostTestList, 'host.two.test:8080', true], + [$trustedHostTestList, 'host.two.test:9999', true], + [$trustedHostTestList, 'host.three.test:8080', false], + [$trustedHostTestList, 'host.two.test:8080:aa:222', false], + [$trustedHostTestList, '[1fff:0:a88:85a3::ac1f]', true], + [$trustedHostTestList, '[1fff:0:a88:85a3::ac1f]:801', true], + [$trustedHostTestList, '[1fff:0:a88:85a3::ac1f]:801:34', false], + // trust localhost regardless of trust list + [$trustedHostTestList, 'localhost', true], + [$trustedHostTestList, 'localhost:8080', true], + [$trustedHostTestList, '127.0.0.1', true], + [$trustedHostTestList, '127.0.0.1:8080', true], + // do not trust invalid localhosts + [$trustedHostTestList, 'localhost:1:2', false], + [$trustedHostTestList, 'localhost: evil.host', false], + ]; + } + +} diff --git a/tests/lib/templatelayout.php b/tests/lib/templatelayout.php index 1035dae122d..c23aaa9b762 100644 --- a/tests/lib/templatelayout.php +++ b/tests/lib/templatelayout.php @@ -52,7 +52,7 @@ class OC_TemplateLayout extends \Test\TestCase { */ public function testConvertToRelativePath($absolutePath, $expected) { $_SERVER['REQUEST_URI'] = $expected; - $_SERVER['SCRIPT_NAME'] = '/'; + $_SERVER['SCRIPT_NAME'] = $expected; $relativePath = \Test_Helper::invokePrivate(new \OC_TemplateLayout('user'), 'convertToRelativePath', array($absolutePath)); $this->assertEquals($expected, $relativePath); |