From 16ff207465335b624e67b9a9d0dae00ef23cd45c Mon Sep 17 00:00:00 2001 From: Roeland Jago Douma Date: Fri, 19 Aug 2016 14:25:59 +0200 Subject: Move OCSAuthAPI to AppFramework * Convert class * Convert routes * Convert tests --- apps/federation/appinfo/routes.php | 16 +- apps/federation/lib/API/OCSAuthAPI.php | 177 ------------------ .../lib/Controller/OCSAuthAPIController.php | 187 +++++++++++++++++++ apps/federation/tests/API/OCSAuthAPITest.php | 195 -------------------- .../tests/Controller/OCSAuthAPIControllerTest.php | 202 +++++++++++++++++++++ 5 files changed, 402 insertions(+), 375 deletions(-) delete mode 100644 apps/federation/lib/API/OCSAuthAPI.php create mode 100644 apps/federation/lib/Controller/OCSAuthAPIController.php delete mode 100644 apps/federation/tests/API/OCSAuthAPITest.php create mode 100644 apps/federation/tests/Controller/OCSAuthAPIControllerTest.php diff --git a/apps/federation/appinfo/routes.php b/apps/federation/appinfo/routes.php index 03acc60c682..b9515812a01 100644 --- a/apps/federation/appinfo/routes.php +++ b/apps/federation/appinfo/routes.php @@ -41,8 +41,18 @@ $application->registerRoutes( 'url' => '/auto-add-servers', 'verb' => 'POST' ], - ] + ], + 'ocs' => [ + [ + 'name' => 'OCSAuthAPI#getSharedSecret', + 'url' => '/api/v1/shared-secret', + 'verb' => 'GET', + ], + [ + 'name' => 'OCSAuthAPI#requestSharedSecret', + 'url' => '/api/v1/request-shared-secret', + 'verb' => 'POST', + ], + ], ] ); - -$application->registerOCSApi(); diff --git a/apps/federation/lib/API/OCSAuthAPI.php b/apps/federation/lib/API/OCSAuthAPI.php deleted file mode 100644 index a22de155d4c..00000000000 --- a/apps/federation/lib/API/OCSAuthAPI.php +++ /dev/null @@ -1,177 +0,0 @@ - - * @author Lukas Reschke - * @author Robin Appelman - * @author Roeland Jago Douma - * @author Thomas Müller - * - * @license AGPL-3.0 - * - * This code is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License, version 3, - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License, version 3, - * along with this program. If not, see - * - */ - - -namespace OCA\Federation\API; - -use OCA\Federation\DbHandler; -use OCA\Federation\TrustedServers; -use OCP\AppFramework\Http; -use OCP\BackgroundJob\IJobList; -use OCP\ILogger; -use OCP\IRequest; -use OCP\Security\ISecureRandom; - -/** - * Class OCSAuthAPI - * - * OCS API end-points to exchange shared secret between two connected ownClouds - * - * @package OCA\Federation\API - */ -class OCSAuthAPI { - - /** @var IRequest */ - private $request; - - /** @var ISecureRandom */ - private $secureRandom; - - /** @var IJobList */ - private $jobList; - - /** @var TrustedServers */ - private $trustedServers; - - /** @var DbHandler */ - private $dbHandler; - - /** @var ILogger */ - private $logger; - - /** - * OCSAuthAPI constructor. - * - * @param IRequest $request - * @param ISecureRandom $secureRandom - * @param IJobList $jobList - * @param TrustedServers $trustedServers - * @param DbHandler $dbHandler - * @param ILogger $logger - */ - public function __construct( - IRequest $request, - ISecureRandom $secureRandom, - IJobList $jobList, - TrustedServers $trustedServers, - DbHandler $dbHandler, - ILogger $logger - ) { - $this->request = $request; - $this->secureRandom = $secureRandom; - $this->jobList = $jobList; - $this->trustedServers = $trustedServers; - $this->dbHandler = $dbHandler; - $this->logger = $logger; - } - - /** - * request received to ask remote server for a shared secret - * - * @return \OC_OCS_Result - */ - public function requestSharedSecret() { - - $url = $this->request->getParam('url'); - $token = $this->request->getParam('token'); - - if ($this->trustedServers->isTrustedServer($url) === false) { - $this->logger->error('remote server not trusted (' . $url . ') while requesting shared secret', ['app' => 'federation']); - return new \OC_OCS_Result(null, HTTP::STATUS_FORBIDDEN); - } - - // if both server initiated the exchange of the shared secret the greater - // token wins - $localToken = $this->dbHandler->getToken($url); - if (strcmp($localToken, $token) > 0) { - $this->logger->info( - 'remote server (' . $url . ') presented lower token. We will initiate the exchange of the shared secret.', - ['app' => 'federation'] - ); - return new \OC_OCS_Result(null, HTTP::STATUS_FORBIDDEN); - } - - // we ask for the shared secret so we no longer have to ask the other server - // to request the shared secret - $this->jobList->remove('OCA\Federation\BackgroundJob\RequestSharedSecret', - [ - 'url' => $url, - 'token' => $localToken - ] - ); - - $this->jobList->add( - 'OCA\Federation\BackgroundJob\GetSharedSecret', - [ - 'url' => $url, - 'token' => $token, - ] - ); - - return new \OC_OCS_Result(null, Http::STATUS_OK); - - } - - /** - * create shared secret and return it - * - * @return \OC_OCS_Result - */ - public function getSharedSecret() { - - $url = $this->request->getParam('url'); - $token = $this->request->getParam('token'); - - if ($this->trustedServers->isTrustedServer($url) === false) { - $this->logger->error('remote server not trusted (' . $url . ') while getting shared secret', ['app' => 'federation']); - return new \OC_OCS_Result(null, HTTP::STATUS_FORBIDDEN); - } - - if ($this->isValidToken($url, $token) === false) { - $expectedToken = $this->dbHandler->getToken($url); - $this->logger->error( - 'remote server (' . $url . ') didn\'t send a valid token (got "' . $token . '" but expected "'. $expectedToken . '") while getting shared secret', - ['app' => 'federation'] - ); - return new \OC_OCS_Result(null, HTTP::STATUS_FORBIDDEN); - } - - $sharedSecret = $this->secureRandom->generate(32); - - $this->trustedServers->addSharedSecret($url, $sharedSecret); - // reset token after the exchange of the shared secret was successful - $this->dbHandler->addToken($url, ''); - - return new \OC_OCS_Result(['sharedSecret' => $sharedSecret], Http::STATUS_OK); - - } - - protected function isValidToken($url, $token) { - $storedToken = $this->dbHandler->getToken($url); - return hash_equals($storedToken, $token); - } - -} diff --git a/apps/federation/lib/Controller/OCSAuthAPIController.php b/apps/federation/lib/Controller/OCSAuthAPIController.php new file mode 100644 index 00000000000..68e0f8b271e --- /dev/null +++ b/apps/federation/lib/Controller/OCSAuthAPIController.php @@ -0,0 +1,187 @@ + + * @author Lukas Reschke + * @author Robin Appelman + * @author Roeland Jago Douma + * @author Thomas Müller + * + * @license AGPL-3.0 + * + * This code is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License, version 3, + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License, version 3, + * along with this program. If not, see + * + */ + + +namespace OCA\Federation\Controller; + +use OCA\Federation\DbHandler; +use OCA\Federation\TrustedServers; +use OCP\AppFramework\Http; +use OCP\AppFramework\OCS\OCSForbiddenException; +use OCP\AppFramework\OCSController; +use OCP\BackgroundJob\IJobList; +use OCP\ILogger; +use OCP\IRequest; +use OCP\Security\ISecureRandom; + +/** + * Class OCSAuthAPI + * + * OCS API end-points to exchange shared secret between two connected ownClouds + * + * @package OCA\Federation\Controller + */ +class OCSAuthAPIController extends OCSController{ + + /** @var ISecureRandom */ + private $secureRandom; + + /** @var IJobList */ + private $jobList; + + /** @var TrustedServers */ + private $trustedServers; + + /** @var DbHandler */ + private $dbHandler; + + /** @var ILogger */ + private $logger; + + /** + * OCSAuthAPI constructor. + * + * @param string $appName + * @param IRequest $request + * @param ISecureRandom $secureRandom + * @param IJobList $jobList + * @param TrustedServers $trustedServers + * @param DbHandler $dbHandler + * @param ILogger $logger + */ + public function __construct( + $appName, + IRequest $request, + ISecureRandom $secureRandom, + IJobList $jobList, + TrustedServers $trustedServers, + DbHandler $dbHandler, + ILogger $logger + ) { + parent::__construct($appName, $request); + + $this->secureRandom = $secureRandom; + $this->jobList = $jobList; + $this->trustedServers = $trustedServers; + $this->dbHandler = $dbHandler; + $this->logger = $logger; + } + + /** + * @NoCSRFRequired + * @PublicPage + * + * request received to ask remote server for a shared secret + * + * @return Http\DataResponse + * @throws OCSForbiddenException + */ + public function requestSharedSecret() { + + $url = $this->request->getParam('url'); + $token = $this->request->getParam('token'); + + if ($this->trustedServers->isTrustedServer($url) === false) { + $this->logger->error('remote server not trusted (' . $url . ') while requesting shared secret', ['app' => 'federation']); + throw new OCSForbiddenException(); + } + + // if both server initiated the exchange of the shared secret the greater + // token wins + $localToken = $this->dbHandler->getToken($url); + if (strcmp($localToken, $token) > 0) { + $this->logger->info( + 'remote server (' . $url . ') presented lower token. We will initiate the exchange of the shared secret.', + ['app' => 'federation'] + ); + throw new OCSForbiddenException(); + } + + // we ask for the shared secret so we no longer have to ask the other server + // to request the shared secret + $this->jobList->remove('OCA\Federation\BackgroundJob\RequestSharedSecret', + [ + 'url' => $url, + 'token' => $localToken + ] + ); + + $this->jobList->add( + 'OCA\Federation\BackgroundJob\GetSharedSecret', + [ + 'url' => $url, + 'token' => $token, + ] + ); + + return new Http\DataResponse(); + } + + /** + * @NoCSRFRequired + * @PublicPage + * + * create shared secret and return it + * + * @return Http\DataResponse + * @throws OCSForbiddenException + */ + public function getSharedSecret() { + + $url = $this->request->getParam('url'); + $token = $this->request->getParam('token'); + + if ($this->trustedServers->isTrustedServer($url) === false) { + $this->logger->error('remote server not trusted (' . $url . ') while getting shared secret', ['app' => 'federation']); + throw new OCSForbiddenException(); + } + + if ($this->isValidToken($url, $token) === false) { + $expectedToken = $this->dbHandler->getToken($url); + $this->logger->error( + 'remote server (' . $url . ') didn\'t send a valid token (got "' . $token . '" but expected "'. $expectedToken . '") while getting shared secret', + ['app' => 'federation'] + ); + throw new OCSForbiddenException(); + } + + $sharedSecret = $this->secureRandom->generate(32); + + $this->trustedServers->addSharedSecret($url, $sharedSecret); + // reset token after the exchange of the shared secret was successful + $this->dbHandler->addToken($url, ''); + + return new Http\DataResponse([ + 'sharedSecret' => $sharedSecret + ]); + } + + protected function isValidToken($url, $token) { + $storedToken = $this->dbHandler->getToken($url); + return hash_equals($storedToken, $token); + } + +} diff --git a/apps/federation/tests/API/OCSAuthAPITest.php b/apps/federation/tests/API/OCSAuthAPITest.php deleted file mode 100644 index 7861e917ff8..00000000000 --- a/apps/federation/tests/API/OCSAuthAPITest.php +++ /dev/null @@ -1,195 +0,0 @@ - - * @author Robin Appelman - * - * @license AGPL-3.0 - * - * This code is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License, version 3, - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License, version 3, - * along with this program. If not, see - * - */ - - -namespace OCA\Federation\Tests\API; - - -use OC\BackgroundJob\JobList; -use OCA\Federation\API\OCSAuthAPI; -use OCA\Federation\DbHandler; -use OCA\Federation\TrustedServers; -use OCP\AppFramework\Http; -use OCP\ILogger; -use OCP\IRequest; -use OCP\Security\ISecureRandom; -use Test\TestCase; - -class OCSAuthAPITest extends TestCase { - - /** @var \PHPUnit_Framework_MockObject_MockObject | IRequest */ - private $request; - - /** @var \PHPUnit_Framework_MockObject_MockObject | ISecureRandom */ - private $secureRandom; - - /** @var \PHPUnit_Framework_MockObject_MockObject | JobList */ - private $jobList; - - /** @var \PHPUnit_Framework_MockObject_MockObject | TrustedServers */ - private $trustedServers; - - /** @var \PHPUnit_Framework_MockObject_MockObject | DbHandler */ - private $dbHandler; - - /** @var \PHPUnit_Framework_MockObject_MockObject | ILogger */ - private $logger; - - /** @var OCSAuthApi */ - private $ocsAuthApi; - - public function setUp() { - parent::setUp(); - - $this->request = $this->getMock('OCP\IRequest'); - $this->secureRandom = $this->getMock('OCP\Security\ISecureRandom'); - $this->trustedServers = $this->getMockBuilder('OCA\Federation\TrustedServers') - ->disableOriginalConstructor()->getMock(); - $this->dbHandler = $this->getMockBuilder('OCA\Federation\DbHandler') - ->disableOriginalConstructor()->getMock(); - $this->jobList = $this->getMockBuilder('OC\BackgroundJob\JobList') - ->disableOriginalConstructor()->getMock(); - $this->logger = $this->getMockBuilder('OCP\ILogger') - ->disableOriginalConstructor()->getMock(); - - $this->ocsAuthApi = new OCSAuthAPI( - $this->request, - $this->secureRandom, - $this->jobList, - $this->trustedServers, - $this->dbHandler, - $this->logger - ); - - } - - /** - * @dataProvider dataTestRequestSharedSecret - * - * @param string $token - * @param string $localToken - * @param bool $isTrustedServer - * @param int $expected - */ - public function testRequestSharedSecret($token, $localToken, $isTrustedServer, $expected) { - - $url = 'url'; - - $this->request->expects($this->at(0))->method('getParam')->with('url')->willReturn($url); - $this->request->expects($this->at(1))->method('getParam')->with('token')->willReturn($token); - $this->trustedServers - ->expects($this->once()) - ->method('isTrustedServer')->with($url)->willReturn($isTrustedServer); - $this->dbHandler->expects($this->any()) - ->method('getToken')->with($url)->willReturn($localToken); - - if ($expected === Http::STATUS_OK) { - $this->jobList->expects($this->once())->method('add') - ->with('OCA\Federation\BackgroundJob\GetSharedSecret', ['url' => $url, 'token' => $token]); - $this->jobList->expects($this->once())->method('remove') - ->with('OCA\Federation\BackgroundJob\RequestSharedSecret', ['url' => $url, 'token' => $localToken]); - } else { - $this->jobList->expects($this->never())->method('add'); - $this->jobList->expects($this->never())->method('remove'); - } - - $result = $this->ocsAuthApi->requestSharedSecret(); - $this->assertSame($expected, $result->getStatusCode()); - } - - public function dataTestRequestSharedSecret() { - return [ - ['token2', 'token1', true, Http::STATUS_OK], - ['token1', 'token2', false, Http::STATUS_FORBIDDEN], - ['token1', 'token2', true, Http::STATUS_FORBIDDEN], - ]; - } - - /** - * @dataProvider dataTestGetSharedSecret - * - * @param bool $isTrustedServer - * @param bool $isValidToken - * @param int $expected - */ - public function testGetSharedSecret($isTrustedServer, $isValidToken, $expected) { - - $url = 'url'; - $token = 'token'; - - $this->request->expects($this->at(0))->method('getParam')->with('url')->willReturn($url); - $this->request->expects($this->at(1))->method('getParam')->with('token')->willReturn($token); - - /** @var OCSAuthAPI | \PHPUnit_Framework_MockObject_MockObject $ocsAuthApi */ - $ocsAuthApi = $this->getMockBuilder('OCA\Federation\API\OCSAuthAPI') - ->setConstructorArgs( - [ - $this->request, - $this->secureRandom, - $this->jobList, - $this->trustedServers, - $this->dbHandler, - $this->logger - ] - )->setMethods(['isValidToken'])->getMock(); - - $this->trustedServers - ->expects($this->any()) - ->method('isTrustedServer')->with($url)->willReturn($isTrustedServer); - $ocsAuthApi->expects($this->any()) - ->method('isValidToken')->with($url, $token)->willReturn($isValidToken); - - if($expected === Http::STATUS_OK) { - $this->secureRandom->expects($this->once())->method('generate')->with(32) - ->willReturn('secret'); - $this->trustedServers->expects($this->once()) - ->method('addSharedSecret')->willReturn($url, 'secret'); - $this->dbHandler->expects($this->once()) - ->method('addToken')->with($url, ''); - } else { - $this->secureRandom->expects($this->never())->method('getMediumStrengthGenerator'); - $this->secureRandom->expects($this->never())->method('generate'); - $this->trustedServers->expects($this->never())->method('addSharedSecret'); - $this->dbHandler->expects($this->never())->method('addToken'); - } - - $result = $ocsAuthApi->getSharedSecret(); - - $this->assertSame($expected, $result->getStatusCode()); - - if ($expected === Http::STATUS_OK) { - $data = $result->getData(); - $this->assertSame('secret', $data['sharedSecret']); - } - } - - public function dataTestGetSharedSecret() { - return [ - [true, true, Http::STATUS_OK], - [false, true, Http::STATUS_FORBIDDEN], - [true, false, Http::STATUS_FORBIDDEN], - [false, false, Http::STATUS_FORBIDDEN], - ]; - } - -} diff --git a/apps/federation/tests/Controller/OCSAuthAPIControllerTest.php b/apps/federation/tests/Controller/OCSAuthAPIControllerTest.php new file mode 100644 index 00000000000..ba10ce57c30 --- /dev/null +++ b/apps/federation/tests/Controller/OCSAuthAPIControllerTest.php @@ -0,0 +1,202 @@ + + * @author Robin Appelman + * + * @license AGPL-3.0 + * + * This code is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License, version 3, + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License, version 3, + * along with this program. If not, see + * + */ + + +namespace OCA\Federation\Tests\Controller; + + +use OC\BackgroundJob\JobList; +use OCA\Federation\Controller\OCSAuthAPIController; +use OCA\Federation\DbHandler; +use OCA\Federation\TrustedServers; +use OCP\AppFramework\Http; +use OCP\AppFramework\OCS\OCSForbiddenException; +use OCP\ILogger; +use OCP\IRequest; +use OCP\Security\ISecureRandom; +use Test\TestCase; + +class OCSAuthAPIControllerTest extends TestCase { + + /** @var \PHPUnit_Framework_MockObject_MockObject | IRequest */ + private $request; + + /** @var \PHPUnit_Framework_MockObject_MockObject | ISecureRandom */ + private $secureRandom; + + /** @var \PHPUnit_Framework_MockObject_MockObject | JobList */ + private $jobList; + + /** @var \PHPUnit_Framework_MockObject_MockObject | TrustedServers */ + private $trustedServers; + + /** @var \PHPUnit_Framework_MockObject_MockObject | DbHandler */ + private $dbHandler; + + /** @var \PHPUnit_Framework_MockObject_MockObject | ILogger */ + private $logger; + + /** @var OCSAuthAPIController */ + private $ocsAuthApi; + + public function setUp() { + parent::setUp(); + + $this->request = $this->getMockBuilder('OCP\IRequest')->getMock(); + $this->secureRandom = $this->getMockBuilder('OCP\Security\ISecureRandom')->getMock(); + $this->trustedServers = $this->getMockBuilder('OCA\Federation\TrustedServers') + ->disableOriginalConstructor()->getMock(); + $this->dbHandler = $this->getMockBuilder('OCA\Federation\DbHandler') + ->disableOriginalConstructor()->getMock(); + $this->jobList = $this->getMockBuilder('OC\BackgroundJob\JobList') + ->disableOriginalConstructor()->getMock(); + $this->logger = $this->getMockBuilder('OCP\ILogger') + ->disableOriginalConstructor()->getMock(); + + $this->ocsAuthApi = new OCSAuthAPIController( + 'federation', + $this->request, + $this->secureRandom, + $this->jobList, + $this->trustedServers, + $this->dbHandler, + $this->logger + ); + + } + + /** + * @dataProvider dataTestRequestSharedSecret + * + * @param string $token + * @param string $localToken + * @param bool $isTrustedServer + * @param bool $ok + */ + public function testRequestSharedSecret($token, $localToken, $isTrustedServer, $ok) { + + $url = 'url'; + + $this->request->expects($this->at(0))->method('getParam')->with('url')->willReturn($url); + $this->request->expects($this->at(1))->method('getParam')->with('token')->willReturn($token); + $this->trustedServers + ->expects($this->once()) + ->method('isTrustedServer')->with($url)->willReturn($isTrustedServer); + $this->dbHandler->expects($this->any()) + ->method('getToken')->with($url)->willReturn($localToken); + + if ($ok) { + $this->jobList->expects($this->once())->method('add') + ->with('OCA\Federation\BackgroundJob\GetSharedSecret', ['url' => $url, 'token' => $token]); + $this->jobList->expects($this->once())->method('remove') + ->with('OCA\Federation\BackgroundJob\RequestSharedSecret', ['url' => $url, 'token' => $localToken]); + } else { + $this->jobList->expects($this->never())->method('add'); + $this->jobList->expects($this->never())->method('remove'); + } + + try { + $result = $this->ocsAuthApi->requestSharedSecret(); + $this->assertTrue($ok); + } catch (OCSForbiddenException $e) { + $this->assertFalse($ok); + } + } + + public function dataTestRequestSharedSecret() { + return [ + ['token2', 'token1', true, true], + ['token1', 'token2', false, false], + ['token1', 'token2', true, false], + ]; + } + + /** + * @dataProvider dataTestGetSharedSecret + * + * @param bool $isTrustedServer + * @param bool $isValidToken + * @param bool $ok + */ + public function testGetSharedSecret($isTrustedServer, $isValidToken, $ok) { + + $url = 'url'; + $token = 'token'; + + $this->request->expects($this->at(0))->method('getParam')->with('url')->willReturn($url); + $this->request->expects($this->at(1))->method('getParam')->with('token')->willReturn($token); + + /** @var OCSAuthAPIController | \PHPUnit_Framework_MockObject_MockObject $ocsAuthApi */ + $ocsAuthApi = $this->getMockBuilder('OCA\Federation\Controller\OCSAuthAPIController') + ->setConstructorArgs( + [ + 'federation', + $this->request, + $this->secureRandom, + $this->jobList, + $this->trustedServers, + $this->dbHandler, + $this->logger + ] + )->setMethods(['isValidToken'])->getMock(); + + $this->trustedServers + ->expects($this->any()) + ->method('isTrustedServer')->with($url)->willReturn($isTrustedServer); + $ocsAuthApi->expects($this->any()) + ->method('isValidToken')->with($url, $token)->willReturn($isValidToken); + + if($ok) { + $this->secureRandom->expects($this->once())->method('generate')->with(32) + ->willReturn('secret'); + $this->trustedServers->expects($this->once()) + ->method('addSharedSecret')->willReturn($url, 'secret'); + $this->dbHandler->expects($this->once()) + ->method('addToken')->with($url, ''); + } else { + $this->secureRandom->expects($this->never())->method('getMediumStrengthGenerator'); + $this->secureRandom->expects($this->never())->method('generate'); + $this->trustedServers->expects($this->never())->method('addSharedSecret'); + $this->dbHandler->expects($this->never())->method('addToken'); + } + + try { + $result = $ocsAuthApi->getSharedSecret(); + $this->assertTrue($ok); + $data = $result->getData(); + $this->assertSame('secret', $data['sharedSecret']); + } catch (OCSForbiddenException $e) { + $this->assertFalse($ok); + } + } + + public function dataTestGetSharedSecret() { + return [ + [true, true, true], + [false, true, false], + [true, false, false], + [false, false, false], + ]; + } + +} -- cgit v1.2.3