From c9a2790893a160a5967a672051e15142fe5f779e Mon Sep 17 00:00:00 2001 From: Christoph Wurst Date: Mon, 27 Jun 2016 15:23:52 +0200 Subject: prevent users from deleting their own session token --- .../Controller/AuthSettingsControllerTest.php | 41 +++++++++++++++++++--- 1 file changed, 36 insertions(+), 5 deletions(-) (limited to 'tests') diff --git a/tests/Settings/Controller/AuthSettingsControllerTest.php b/tests/Settings/Controller/AuthSettingsControllerTest.php index ee67b221022..1705cb5ddf1 100644 --- a/tests/Settings/Controller/AuthSettingsControllerTest.php +++ b/tests/Settings/Controller/AuthSettingsControllerTest.php @@ -24,6 +24,7 @@ namespace Test\Settings\Controller; use OC\AppFramework\Http; use OC\Authentication\Exceptions\InvalidTokenException; +use OC\Authentication\Token\DefaultToken; use OC\Authentication\Token\IToken; use OC\Settings\Controller\AuthSettingsController; use OCP\AppFramework\Http\JSONResponse; @@ -56,10 +57,17 @@ class AuthSettingsControllerTest extends TestCase { } public function testIndex() { - $result = [ - 'token1', - 'token2', + $token1 = new DefaultToken(); + $token1->setId(100); + $token2 = new DefaultToken(); + $token2->setId(200); + $tokens = [ + $token1, + $token2, ]; + $sessionToken = new DefaultToken(); + $sessionToken->setId(100); + $this->userManager->expects($this->once()) ->method('get') ->with($this->uid) @@ -67,9 +75,31 @@ class AuthSettingsControllerTest extends TestCase { $this->tokenProvider->expects($this->once()) ->method('getTokenByUser') ->with($this->user) - ->will($this->returnValue($result)); + ->will($this->returnValue($tokens)); + $this->session->expects($this->once()) + ->method('getId') + ->will($this->returnValue('session123')); + $this->tokenProvider->expects($this->once()) + ->method('getToken') + ->with('session123') + ->will($this->returnValue($sessionToken)); - $this->assertEquals($result, $this->controller->index()); + $this->assertEquals([ + [ + 'id' => 100, + 'name' => null, + 'lastActivity' => null, + 'type' => null, + 'canDelete' => false, + ], + [ + 'id' => 200, + 'name' => null, + 'lastActivity' => null, + 'type' => null, + 'canDelete' => true, + ] + ], $this->controller->index()); } public function testCreate() { @@ -107,6 +137,7 @@ class AuthSettingsControllerTest extends TestCase { $expected = [ 'token' => $newToken, 'deviceToken' => $deviceToken, + 'loginName' => 'User13', ]; $this->assertEquals($expected, $this->controller->create($name)); } -- cgit v1.2.3 From d2d99a91a0bb47ab4f2116692f363b90a736711b Mon Sep 17 00:00:00 2001 From: Thomas Müller Date: Tue, 5 Jul 2016 08:54:51 +0200 Subject: fix swift primary object store test (#25281) * Wait for socket to be open * Fix call on null * Allow DB access for MountProviderTest Makes unit tests pass when using object store, since their FS access is actually oc_filecache DB access. It is currently not possible to mock or bypass the logic from "SharedMount::verifyMountPoint()" triggered by this test. --- apps/files_sharing/tests/MountProviderTest.php | 3 ++ lib/private/Files/View.php | 2 +- tests/objectstore/start-swift-ceph.sh | 11 ++++++- tests/objectstore/wait-for-connection | 45 ++++++++++++++++++++++++++ 4 files changed, 59 insertions(+), 2 deletions(-) create mode 100755 tests/objectstore/wait-for-connection (limited to 'tests') diff --git a/apps/files_sharing/tests/MountProviderTest.php b/apps/files_sharing/tests/MountProviderTest.php index f69098cde7b..90d9f0a8567 100644 --- a/apps/files_sharing/tests/MountProviderTest.php +++ b/apps/files_sharing/tests/MountProviderTest.php @@ -30,6 +30,9 @@ use OCP\Share\IShare; use OCP\Share\IManager; use OCP\Files\Mount\IMountPoint; +/** + * @group DB + */ class MountProviderTest extends \Test\TestCase { /** @var MountProvider */ diff --git a/lib/private/Files/View.php b/lib/private/Files/View.php index 31549c93cb2..7d9771e6394 100644 --- a/lib/private/Files/View.php +++ b/lib/private/Files/View.php @@ -1980,7 +1980,7 @@ class View { $mount = $this->getMountForLock($absolutePath, $lockMountPoint); if ($mount) { $storage = $mount->getStorage(); - if ($storage->instanceOfStorage('\OCP\Files\Storage\ILockingStorage')) { + if ($storage && $storage->instanceOfStorage('\OCP\Files\Storage\ILockingStorage')) { $storage->releaseLock( $mount->getInternalPath($absolutePath), $type, diff --git a/tests/objectstore/start-swift-ceph.sh b/tests/objectstore/start-swift-ceph.sh index 089aab6a648..bbf483c2897 100755 --- a/tests/objectstore/start-swift-ceph.sh +++ b/tests/objectstore/start-swift-ceph.sh @@ -30,6 +30,7 @@ thisFolder="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" # create readiness notification socket notify_sock=$(readlink -f "$thisFolder"/dockerContainerCeph.$EXECUTOR_NUMBER.swift.sock) +rm -f "$notify_sock" # in case an unfinished test left one behind mkfifo "$notify_sock" port=5034 @@ -67,7 +68,13 @@ if [[ $ready != 'READY=1' ]]; then docker logs $container exit 1 fi -sleep 1 +if ! "$thisFolder"/wait-for-connection ${host} 80 600; then + echo "[ERROR] Waited 600 seconds, no response" >&2 + docker logs $container + exit 1 +fi +echo "Waiting another 15 seconds" +sleep 15 cat > $thisFolder/swift.config.php < $timeout) { + $socketTimeout = $timeout; +} + +$stopTime = time() + $timeout; +do { + $sock = @fsockopen($host, $port, $errno, $errstr, $socketTimeout); + if ($sock !== false) { + fclose($sock); + fwrite(STDOUT, "\n"); + exit(0); + } + sleep(1); + fwrite(STDOUT, '.'); +} while (time() < $stopTime); + +fwrite(STDOUT, "\n"); +exit(1); -- cgit v1.2.3 From d769e718a58ff76a85f032913728936d77581452 Mon Sep 17 00:00:00 2001 From: Vincent Petry Date: Wed, 6 Jul 2016 22:47:16 +0200 Subject: Set content type when downloading log file to force download in some browsers (#25382) --- settings/Controller/LogSettingsController.php | 1 + tests/Settings/Controller/LogSettingsControllerTest.php | 3 +++ 2 files changed, 4 insertions(+) (limited to 'tests') diff --git a/settings/Controller/LogSettingsController.php b/settings/Controller/LogSettingsController.php index 4863c2369be..f9a69fa38c8 100644 --- a/settings/Controller/LogSettingsController.php +++ b/settings/Controller/LogSettingsController.php @@ -105,6 +105,7 @@ class LogSettingsController extends Controller { */ public function download() { $resp = new StreamResponse(\OC\Log\Owncloud::getLogFilePath()); + $resp->addHeader('Content-Type', 'application/octet-stream'); $resp->addHeader('Content-Disposition', 'attachment; filename="owncloud.log"'); return $resp; } diff --git a/tests/Settings/Controller/LogSettingsControllerTest.php b/tests/Settings/Controller/LogSettingsControllerTest.php index 092c04aecc7..1660369fafe 100644 --- a/tests/Settings/Controller/LogSettingsControllerTest.php +++ b/tests/Settings/Controller/LogSettingsControllerTest.php @@ -71,5 +71,8 @@ class LogSettingsControllerTest extends \Test\TestCase { $response = $this->logSettingsController->download(); $this->assertInstanceOf('\OCP\AppFramework\Http\StreamResponse', $response); + $headers = $response->getHeaders(); + $this->assertEquals('application/octet-stream', $headers['Content-Type']); + $this->assertEquals('attachment; filename="owncloud.log"', $headers['Content-Disposition']); } } -- cgit v1.2.3 From 2791b8f00dec7136280e53175285de04f6c8f092 Mon Sep 17 00:00:00 2001 From: Morris Jobke Date: Thu, 7 Jul 2016 12:14:45 +0200 Subject: Revert "occ web executor (#24957)" This reverts commit 854352d9a064a1e469ede207493bce44fd41d96c. --- core/Application.php | 13 --- core/Controller/OccController.php | 147 ---------------------------- core/routes.php | 1 - lib/base.php | 19 +--- lib/private/Console/Application.php | 3 +- public.php | 4 +- tests/Core/Controller/OccControllerTest.php | 143 --------------------------- 7 files changed, 6 insertions(+), 324 deletions(-) delete mode 100644 core/Controller/OccController.php delete mode 100644 tests/Core/Controller/OccControllerTest.php (limited to 'tests') diff --git a/core/Application.php b/core/Application.php index 8ea2672e54e..a87917b626a 100644 --- a/core/Application.php +++ b/core/Application.php @@ -32,7 +32,6 @@ use OC\AppFramework\Utility\TimeFactory; use OC\Core\Controller\AvatarController; use OC\Core\Controller\LoginController; use OC\Core\Controller\LostController; -use OC\Core\Controller\OccController; use OC\Core\Controller\TokenController; use OC\Core\Controller\TwoFactorChallengeController; use OC\Core\Controller\UserController; @@ -126,18 +125,6 @@ class Application extends App { $c->query('SecureRandom') ); }); - $container->registerService('OccController', function(SimpleContainer $c) { - return new OccController( - $c->query('AppName'), - $c->query('Request'), - $c->query('Config'), - new \OC\Console\Application( - $c->query('Config'), - $c->query('ServerContainer')->getEventDispatcher(), - $c->query('Request') - ) - ); - }); /** * Core class wrappers diff --git a/core/Controller/OccController.php b/core/Controller/OccController.php deleted file mode 100644 index 917d02f37f1..00000000000 --- a/core/Controller/OccController.php +++ /dev/null @@ -1,147 +0,0 @@ - - * - * @copyright Copyright (c) 2016, ownCloud, Inc. - * @license AGPL-3.0 - * - * This code is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License, version 3, - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License, version 3, - * along with this program. If not, see - * - */ - -namespace OC\Core\Controller; - -use OCP\AppFramework\Controller; -use OCP\AppFramework\Http\JSONResponse; -use OC\Console\Application; -use OCP\IConfig; -use OCP\IRequest; -use Symfony\Component\Console\Input\ArrayInput; -use Symfony\Component\Console\Output\BufferedOutput; - -class OccController extends Controller { - - /** @var array */ - private $allowedCommands = [ - 'app:disable', - 'app:enable', - 'app:getpath', - 'app:list', - 'check', - 'config:list', - 'maintenance:mode', - 'status', - 'upgrade' - ]; - - /** @var IConfig */ - private $config; - /** @var Application */ - private $console; - - /** - * OccController constructor. - * - * @param string $appName - * @param IRequest $request - * @param IConfig $config - * @param Application $console - */ - public function __construct($appName, IRequest $request, - IConfig $config, Application $console) { - parent::__construct($appName, $request); - $this->config = $config; - $this->console = $console; - } - - /** - * @PublicPage - * @NoCSRFRequired - * - * Execute occ command - * Sample request - * POST http://domain.tld/index.php/occ/status', - * { - * 'params': { - * '--no-warnings':'1', - * '--output':'json' - * }, - * 'token': 'someToken' - * } - * - * @param string $command - * @param string $token - * @param array $params - * - * @return JSONResponse - * @throws \Exception - */ - public function execute($command, $token, $params = []) { - try { - $this->validateRequest($command, $token); - - $output = new BufferedOutput(); - $formatter = $output->getFormatter(); - $formatter->setDecorated(false); - $this->console->setAutoExit(false); - $this->console->loadCommands(new ArrayInput([]), $output); - - $inputArray = array_merge(['command' => $command], $params); - $input = new ArrayInput($inputArray); - - $exitCode = $this->console->run($input, $output); - $response = $output->fetch(); - - $json = [ - 'exitCode' => $exitCode, - 'response' => $response - ]; - - } catch (\UnexpectedValueException $e){ - $json = [ - 'exitCode' => 126, - 'response' => 'Not allowed', - 'details' => $e->getMessage() - ]; - } - return new JSONResponse($json); - } - - /** - * Check if command is allowed and has a valid security token - * @param $command - * @param $token - */ - protected function validateRequest($command, $token){ - if (!in_array($this->request->getRemoteAddress(), ['::1', '127.0.0.1', 'localhost'])) { - throw new \UnexpectedValueException('Web executor is not allowed to run from a different host'); - } - - if (!in_array($command, $this->allowedCommands)) { - throw new \UnexpectedValueException(sprintf('Command "%s" is not allowed to run via web request', $command)); - } - - $coreToken = $this->config->getSystemValue('updater.secret', ''); - if ($coreToken === '') { - throw new \UnexpectedValueException( - 'updater.secret is undefined in config/config.php. Either browse the admin settings in your ownCloud and click "Open updater" or define a strong secret using 
php -r \'echo password_hash("MyStrongSecretDoUseYourOwn!", PASSWORD_DEFAULT)."\n";\'
and set this in the config.php.' - ); - } - - if (!password_verify($token, $coreToken)) { - throw new \UnexpectedValueException( - 'updater.secret does not match the provided token' - ); - } - } -} diff --git a/core/routes.php b/core/routes.php index c473408e2e9..402277d8f3e 100644 --- a/core/routes.php +++ b/core/routes.php @@ -48,7 +48,6 @@ $application->registerRoutes($this, [ ['name' => 'login#showLoginForm', 'url' => '/login', 'verb' => 'GET'], ['name' => 'login#logout', 'url' => '/logout', 'verb' => 'GET'], ['name' => 'token#generateToken', 'url' => '/token/generate', 'verb' => 'POST'], - ['name' => 'occ#execute', 'url' => '/occ/{command}', 'verb' => 'POST'], ['name' => 'TwoFactorChallenge#selectChallenge', 'url' => '/login/selectchallenge', 'verb' => 'GET'], ['name' => 'TwoFactorChallenge#showChallenge', 'url' => '/login/challenge/{challengeProviderId}', 'verb' => 'GET'], ['name' => 'TwoFactorChallenge#solveChallenge', 'url' => '/login/challenge/{challengeProviderId}', 'verb' => 'POST'], diff --git a/lib/base.php b/lib/base.php index dde8e38218a..70fac6d707b 100644 --- a/lib/base.php +++ b/lib/base.php @@ -49,8 +49,6 @@ * */ -use OCP\IRequest; - require_once 'public/Constants.php'; /** @@ -273,20 +271,9 @@ class OC { } } - /** - * Limit maintenance mode access - * @param IRequest $request - */ - public static function checkMaintenanceMode(IRequest $request) { - // Check if requested URL matches 'index.php/occ' - $isOccControllerRequested = preg_match('|/index\.php$|', $request->getScriptName()) === 1 - && strpos($request->getPathInfo(), '/occ/') === 0; + public static function checkMaintenanceMode() { // Allow ajax update script to execute without being stopped - if ( - \OC::$server->getSystemConfig()->getValue('maintenance', false) - && OC::$SUBURI != '/core/ajax/update.php' - && !$isOccControllerRequested - ) { + if (\OC::$server->getSystemConfig()->getValue('maintenance', false) && OC::$SUBURI != '/core/ajax/update.php') { // send http status 503 header('HTTP/1.1 503 Service Temporarily Unavailable'); header('Status: 503 Service Temporarily Unavailable'); @@ -835,7 +822,7 @@ class OC { $request = \OC::$server->getRequest(); $requestPath = $request->getRawPathInfo(); if (substr($requestPath, -3) !== '.js') { // we need these files during the upgrade - self::checkMaintenanceMode($request); + self::checkMaintenanceMode(); self::checkUpgrade(); } diff --git a/lib/private/Console/Application.php b/lib/private/Console/Application.php index 8a9191a4c53..ec91064278e 100644 --- a/lib/private/Console/Application.php +++ b/lib/private/Console/Application.php @@ -138,10 +138,9 @@ class Application { * @throws \Exception */ public function run(InputInterface $input = null, OutputInterface $output = null) { - $args = isset($this->request->server['argv']) ? $this->request->server['argv'] : []; $this->dispatcher->dispatch(ConsoleEvent::EVENT_RUN, new ConsoleEvent( ConsoleEvent::EVENT_RUN, - $args + $this->request->server['argv'] )); return $this->application->run($input, $output); } diff --git a/public.php b/public.php index b7125502ee8..964ed03c1aa 100644 --- a/public.php +++ b/public.php @@ -35,9 +35,9 @@ try { exit; } - $request = \OC::$server->getRequest(); - OC::checkMaintenanceMode($request); + OC::checkMaintenanceMode(); OC::checkSingleUserMode(true); + $request = \OC::$server->getRequest(); $pathInfo = $request->getPathInfo(); if (!$pathInfo && $request->getParam('service', '') === '') { diff --git a/tests/Core/Controller/OccControllerTest.php b/tests/Core/Controller/OccControllerTest.php deleted file mode 100644 index 682d9170096..00000000000 --- a/tests/Core/Controller/OccControllerTest.php +++ /dev/null @@ -1,143 +0,0 @@ - - * - * @copyright Copyright (c) 2015, ownCloud, Inc. - * @license AGPL-3.0 - * - * This code is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License, version 3, - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License, version 3, - * along with this program. If not, see - * - */ - -namespace Tests\Core\Controller; - -use OC\Console\Application; -use OC\Core\Controller\OccController; -use OCP\IConfig; -use Symfony\Component\Console\Output\Output; -use Test\TestCase; - -/** - * Class OccControllerTest - * - * @package OC\Core\Controller - */ -class OccControllerTest extends TestCase { - - const TEMP_SECRET = 'test'; - - /** @var \OC\AppFramework\Http\Request | \PHPUnit_Framework_MockObject_MockObject */ - private $request; - /** @var \OC\Core\Controller\OccController | \PHPUnit_Framework_MockObject_MockObject */ - private $controller; - /** @var IConfig | \PHPUnit_Framework_MockObject_MockObject */ - private $config; - /** @var Application | \PHPUnit_Framework_MockObject_MockObject */ - private $console; - - public function testFromInvalidLocation(){ - $this->getControllerMock('example.org'); - - $response = $this->controller->execute('status', ''); - $responseData = $response->getData(); - - $this->assertArrayHasKey('exitCode', $responseData); - $this->assertEquals(126, $responseData['exitCode']); - - $this->assertArrayHasKey('details', $responseData); - $this->assertEquals('Web executor is not allowed to run from a different host', $responseData['details']); - } - - public function testNotWhiteListedCommand(){ - $this->getControllerMock('localhost'); - - $response = $this->controller->execute('missing_command', ''); - $responseData = $response->getData(); - - $this->assertArrayHasKey('exitCode', $responseData); - $this->assertEquals(126, $responseData['exitCode']); - - $this->assertArrayHasKey('details', $responseData); - $this->assertEquals('Command "missing_command" is not allowed to run via web request', $responseData['details']); - } - - public function testWrongToken(){ - $this->getControllerMock('localhost'); - - $response = $this->controller->execute('status', self::TEMP_SECRET . '-'); - $responseData = $response->getData(); - - $this->assertArrayHasKey('exitCode', $responseData); - $this->assertEquals(126, $responseData['exitCode']); - - $this->assertArrayHasKey('details', $responseData); - $this->assertEquals('updater.secret does not match the provided token', $responseData['details']); - } - - public function testSuccess(){ - $this->getControllerMock('localhost'); - $this->console->expects($this->once())->method('run') - ->willReturnCallback( - function ($input, $output) { - /** @var Output $output */ - $output->writeln('{"installed":true,"version":"9.1.0.8","versionstring":"9.1.0 beta 2","edition":""}'); - return 0; - } - ); - - $response = $this->controller->execute('status', self::TEMP_SECRET, ['--output'=>'json']); - $responseData = $response->getData(); - - $this->assertArrayHasKey('exitCode', $responseData); - $this->assertEquals(0, $responseData['exitCode']); - - $this->assertArrayHasKey('response', $responseData); - $decoded = json_decode($responseData['response'], true); - - $this->assertArrayHasKey('installed', $decoded); - $this->assertEquals(true, $decoded['installed']); - } - - private function getControllerMock($host){ - $this->request = $this->getMockBuilder('OC\AppFramework\Http\Request') - ->setConstructorArgs([ - ['server' => []], - \OC::$server->getSecureRandom(), - \OC::$server->getConfig() - ]) - ->setMethods(['getRemoteAddress']) - ->getMock(); - - $this->request->expects($this->any())->method('getRemoteAddress') - ->will($this->returnValue($host)); - - $this->config = $this->getMockBuilder('\OCP\IConfig') - ->disableOriginalConstructor() - ->getMock(); - $this->config->expects($this->any())->method('getSystemValue') - ->with('updater.secret') - ->willReturn(password_hash(self::TEMP_SECRET, PASSWORD_DEFAULT)); - - $this->console = $this->getMockBuilder('\OC\Console\Application') - ->disableOriginalConstructor() - ->getMock(); - - $this->controller = new OccController( - 'core', - $this->request, - $this->config, - $this->console - ); - } - -} -- cgit v1.2.3