summaryrefslogtreecommitdiffstats
path: root/tests
diff options
context:
space:
mode:
Diffstat (limited to 'tests')
-rw-r--r--tests/lib/AppFramework/Http/EmptyContentSecurityPolicyTest.php24
-rw-r--r--tests/lib/AppFramework/Middleware/Security/SecurityMiddlewareTest.php53
-rw-r--r--tests/lib/Security/CSRF/CsrfTokenManagerTest.php16
-rw-r--r--tests/lib/Security/CSRF/CsrfTokenTest.php7
4 files changed, 99 insertions, 1 deletions
diff --git a/tests/lib/AppFramework/Http/EmptyContentSecurityPolicyTest.php b/tests/lib/AppFramework/Http/EmptyContentSecurityPolicyTest.php
index 248c3d808d2..33e2315ed89 100644
--- a/tests/lib/AppFramework/Http/EmptyContentSecurityPolicyTest.php
+++ b/tests/lib/AppFramework/Http/EmptyContentSecurityPolicyTest.php
@@ -427,4 +427,28 @@ class EmptyContentSecurityPolicyTest extends \Test\TestCase {
$this->contentSecurityPolicy->disallowChildSrcDomain('www.owncloud.org')->disallowChildSrcDomain('www.owncloud.com');
$this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy());
}
+
+ public function testGetPolicyWithJsNonceAndScriptDomains() {
+ $expectedPolicy = "default-src 'none';script-src 'nonce-TXlKc05vbmNl' www.nextcloud.com www.nextcloud.org";
+
+ $this->contentSecurityPolicy->addAllowedScriptDomain('www.nextcloud.com');
+ $this->contentSecurityPolicy->useJsNonce('MyJsNonce');
+ $this->contentSecurityPolicy->addAllowedScriptDomain('www.nextcloud.org');
+ $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy());
+ }
+
+ public function testGetPolicyWithJsNonceAndSelfScriptDomain() {
+ $expectedPolicy = "default-src 'none';script-src 'nonce-TXlKc05vbmNl'";
+
+ $this->contentSecurityPolicy->useJsNonce('MyJsNonce');
+ $this->contentSecurityPolicy->addAllowedScriptDomain("'self'");
+ $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy());
+ }
+
+ public function testGetPolicyWithoutJsNonceAndSelfScriptDomain() {
+ $expectedPolicy = "default-src 'none';script-src 'self'";
+
+ $this->contentSecurityPolicy->addAllowedScriptDomain("'self'");
+ $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy());
+ }
}
diff --git a/tests/lib/AppFramework/Middleware/Security/SecurityMiddlewareTest.php b/tests/lib/AppFramework/Middleware/Security/SecurityMiddlewareTest.php
index 55bf3e46e07..b597317fca4 100644
--- a/tests/lib/AppFramework/Middleware/Security/SecurityMiddlewareTest.php
+++ b/tests/lib/AppFramework/Middleware/Security/SecurityMiddlewareTest.php
@@ -36,6 +36,8 @@ use OC\AppFramework\Middleware\Security\SecurityMiddleware;
use OC\AppFramework\Utility\ControllerMethodReflector;
use OC\Security\CSP\ContentSecurityPolicy;
use OC\Security\CSP\ContentSecurityPolicyManager;
+use OC\Security\CSRF\CsrfToken;
+use OC\Security\CSRF\CsrfTokenManager;
use OCP\AppFramework\Controller;
use OCP\AppFramework\Http\EmptyContentSecurityPolicy;
use OCP\AppFramework\Http\RedirectResponse;
@@ -72,6 +74,8 @@ class SecurityMiddlewareTest extends \Test\TestCase {
private $urlGenerator;
/** @var ContentSecurityPolicyManager|\PHPUnit_Framework_MockObject_MockObject */
private $contentSecurityPolicyManager;
+ /** @var CsrfTokenManager|\PHPUnit_Framework_MockObject_MockObject */
+ private $csrfTokenManager;
protected function setUp() {
parent::setUp();
@@ -83,6 +87,7 @@ class SecurityMiddlewareTest extends \Test\TestCase {
$this->urlGenerator = $this->createMock(IURLGenerator::class);
$this->request = $this->createMock(IRequest::class);
$this->contentSecurityPolicyManager = $this->createMock(ContentSecurityPolicyManager::class);
+ $this->csrfTokenManager = $this->createMock(CsrfTokenManager::class);
$this->middleware = $this->getMiddleware(true, true);
$this->secException = new SecurityException('hey', false);
$this->secAjaxException = new SecurityException('hey', true);
@@ -103,7 +108,8 @@ class SecurityMiddlewareTest extends \Test\TestCase {
'files',
$isLoggedIn,
$isAdminUser,
- $this->contentSecurityPolicyManager
+ $this->contentSecurityPolicyManager,
+ $this->csrfTokenManager
);
}
@@ -553,6 +559,10 @@ class SecurityMiddlewareTest extends \Test\TestCase {
}
public function testAfterController() {
+ $this->request
+ ->expects($this->once())
+ ->method('isUserAgent')
+ ->willReturn(false);
$response = $this->createMock(Response::class);
$defaultPolicy = new ContentSecurityPolicy();
$defaultPolicy->addAllowedImageDomain('defaultpolicy');
@@ -591,4 +601,45 @@ class SecurityMiddlewareTest extends \Test\TestCase {
$this->middleware->afterController($this->controller, 'test', $response);
}
+
+ public function testAfterControllerWithContentSecurityPolicy3Support() {
+ $this->request
+ ->expects($this->once())
+ ->method('isUserAgent')
+ ->willReturn(true);
+ $token = $this->createMock(CsrfToken::class);
+ $token
+ ->expects($this->once())
+ ->method('getEncryptedValue')
+ ->willReturn('MyEncryptedToken');
+ $this->csrfTokenManager
+ ->expects($this->once())
+ ->method('getToken')
+ ->willReturn($token);
+ $response = $this->createMock(Response::class);
+ $defaultPolicy = new ContentSecurityPolicy();
+ $defaultPolicy->addAllowedImageDomain('defaultpolicy');
+ $currentPolicy = new ContentSecurityPolicy();
+ $currentPolicy->addAllowedConnectDomain('currentPolicy');
+ $mergedPolicy = new ContentSecurityPolicy();
+ $mergedPolicy->addAllowedMediaDomain('mergedPolicy');
+ $response
+ ->expects($this->exactly(2))
+ ->method('getContentSecurityPolicy')
+ ->willReturn($currentPolicy);
+ $this->contentSecurityPolicyManager
+ ->expects($this->once())
+ ->method('getDefaultPolicy')
+ ->willReturn($defaultPolicy);
+ $this->contentSecurityPolicyManager
+ ->expects($this->once())
+ ->method('mergePolicies')
+ ->with($defaultPolicy, $currentPolicy)
+ ->willReturn($mergedPolicy);
+ $response->expects($this->once())
+ ->method('setContentSecurityPolicy')
+ ->with($mergedPolicy);
+
+ $this->assertEquals($response, $this->middleware->afterController($this->controller, 'test', $response));
+ }
}
diff --git a/tests/lib/Security/CSRF/CsrfTokenManagerTest.php b/tests/lib/Security/CSRF/CsrfTokenManagerTest.php
index ab19a43e91e..6f7842fdfd9 100644
--- a/tests/lib/Security/CSRF/CsrfTokenManagerTest.php
+++ b/tests/lib/Security/CSRF/CsrfTokenManagerTest.php
@@ -56,6 +56,22 @@ class CsrfTokenManagerTest extends \Test\TestCase {
$this->assertEquals($expected, $this->csrfTokenManager->getToken());
}
+ public function testGetTokenWithExistingTokenKeepsOnSecondRequest() {
+ $this->storageInterface
+ ->expects($this->once())
+ ->method('hasToken')
+ ->willReturn(true);
+ $this->storageInterface
+ ->expects($this->once())
+ ->method('getToken')
+ ->willReturn('MyExistingToken');
+
+ $expected = new \OC\Security\CSRF\CsrfToken('MyExistingToken');
+ $token = $this->csrfTokenManager->getToken();
+ $this->assertSame($token, $this->csrfTokenManager->getToken());
+ $this->assertSame($token, $this->csrfTokenManager->getToken());
+ }
+
public function testGetTokenWithoutExistingToken() {
$this->storageInterface
->expects($this->once())
diff --git a/tests/lib/Security/CSRF/CsrfTokenTest.php b/tests/lib/Security/CSRF/CsrfTokenTest.php
index da640ce5052..d19d1de916c 100644
--- a/tests/lib/Security/CSRF/CsrfTokenTest.php
+++ b/tests/lib/Security/CSRF/CsrfTokenTest.php
@@ -28,6 +28,13 @@ class CsrfTokenTest extends \Test\TestCase {
$this->assertSame(':', $csrfToken->getEncryptedValue()[16]);
}
+ public function testGetEncryptedValueStaysSameOnSecondRequest() {
+ $csrfToken = new \OC\Security\CSRF\CsrfToken('MyCsrfToken');
+ $tokenValue = $csrfToken->getEncryptedValue();
+ $this->assertSame($tokenValue, $csrfToken->getEncryptedValue());
+ $this->assertSame($tokenValue, $csrfToken->getEncryptedValue());
+ }
+
public function testGetDecryptedValue() {
$csrfToken = new \OC\Security\CSRF\CsrfToken('XlQhHjgWCgBXAEI0Khl+IQEiCXN2LUcDHAQTQAc1HQs=:qgkUlg8l3m8WnkOG4XM9Az33pAt1vSVMx4hcJFsxdqc=');
$this->assertSame('/3JKTq2ldmzcDr1f5zDJ7Wt0lEgqqfKF', $csrfToken->getDecryptedValue());
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-31 01:00:44 +0000