From 98eb190e048ee9ea0bd27f36589bda3e34c12d0a Mon Sep 17 00:00:00 2001 From: Daniel Kesselberg Date: Wed, 12 Jun 2024 11:46:12 +0200 Subject: test: add tests for ProfilePageController Signed-off-by: Daniel Kesselberg --- core/Controller/ProfilePageController.php | 13 +++- .../Core/Controller/ProfilePageControllerTest.php | 78 ++++++++++++++++++++++ 2 files changed, 89 insertions(+), 2 deletions(-) create mode 100644 tests/Core/Controller/ProfilePageControllerTest.php diff --git a/core/Controller/ProfilePageController.php b/core/Controller/ProfilePageController.php index 8638da1f4af..73a6be5f65c 100644 --- a/core/Controller/ProfilePageController.php +++ b/core/Controller/ProfilePageController.php @@ -11,14 +11,16 @@ namespace OC\Core\Controller; use OC\Profile\ProfileManager; use OCP\AppFramework\Controller; +use OCP\AppFramework\Http\Attribute\AnonRateLimit; +use OCP\AppFramework\Http\Attribute\BruteForceProtection; use OCP\AppFramework\Http\Attribute\FrontpageRoute; use OCP\AppFramework\Http\Attribute\OpenAPI; +use OCP\AppFramework\Http\Attribute\UserRateLimit; use OCP\AppFramework\Http\TemplateResponse; use OCP\AppFramework\Services\IInitialState; use OCP\EventDispatcher\IEventDispatcher; use OCP\INavigationManager; use OCP\IRequest; -use OCP\IUser; use OCP\IUserManager; use OCP\IUserSession; use OCP\Profile\BeforeTemplateRenderedEvent; @@ -49,6 +51,9 @@ class ProfilePageController extends Controller { * @NoSubAdminRequired */ #[FrontpageRoute(verb: 'GET', url: '/u/{targetUserId}')] + #[BruteForceProtection(action: 'user')] + #[UserRateLimit(limit: 30, period: 120)] + #[AnonRateLimit(limit: 30, period: 120)] public function index(string $targetUserId): TemplateResponse { $profileNotFoundTemplate = new TemplateResponse( 'core', @@ -58,7 +63,11 @@ class ProfilePageController extends Controller { ); $targetUser = $this->userManager->get($targetUserId); - if (!($targetUser instanceof IUser) || !$targetUser->isEnabled()) { + if ($targetUser === null) { + $profileNotFoundTemplate->throttle(); + return $profileNotFoundTemplate; + } + if (!$targetUser->isEnabled()) { return $profileNotFoundTemplate; } $visitingUser = $this->userSession->getUser(); diff --git a/tests/Core/Controller/ProfilePageControllerTest.php b/tests/Core/Controller/ProfilePageControllerTest.php new file mode 100644 index 00000000000..361f93ff409 --- /dev/null +++ b/tests/Core/Controller/ProfilePageControllerTest.php @@ -0,0 +1,78 @@ +createMock(IRequest::class); + $initialStateService = $this->createMock(IInitialState::class); + $profileManager = $this->createMock(ProfileManager::class); + $shareManager = $this->createMock(IManager::class); + $this->userManager = $this->createMock(IUserManager::class); + $userSession = $this->createMock(IUserSession::class); + $userStatusManager = $this->createMock(Manager::class); + $navigationManager = $this->createMock(INavigationManager::class); + $eventDispatcher = $this->createMock(IEventDispatcher::class); + + $this->controller = new ProfilePageController( + 'core', + $request, + $initialStateService, + $profileManager, + $shareManager, + $this->userManager, + $userSession, + $userStatusManager, + $navigationManager, + $eventDispatcher, + ); + } + + public function testUserNotFound(): void { + $this->userManager->method('get') + ->willReturn(null); + + $response = $this->controller->index('bob'); + + $this->assertTrue($response->isThrottled()); + } + + public function testUserDisabled(): void { + $user = $this->createMock(IUser::class); + $user->method('isEnabled') + ->willReturn(false); + + $this->userManager->method('get') + ->willReturn($user); + + $response = $this->controller->index('bob'); + + $this->assertFalse($response->isThrottled()); + } +} -- cgit v1.2.3