From c1589f163c44839fba9b2d3dcfb1e45ee7fa47ef Mon Sep 17 00:00:00 2001
From: Lukas Reschke <lukas@statuscode.ch>
Date: Wed, 20 Jul 2016 23:09:27 +0200
Subject: Mitigate race condition

---
 tests/Core/Controller/LoginControllerTest.php | 37 ++++++++++++++++++++++-----
 tests/lib/User/SessionTest.php                | 21 ++++++++++++---
 2 files changed, 49 insertions(+), 9 deletions(-)

(limited to 'tests')

diff --git a/tests/Core/Controller/LoginControllerTest.php b/tests/Core/Controller/LoginControllerTest.php
index 0e13485b272..f09f3c98118 100644
--- a/tests/Core/Controller/LoginControllerTest.php
+++ b/tests/Core/Controller/LoginControllerTest.php
@@ -289,13 +289,18 @@ class LoginControllerTest extends TestCase {
 		$loginPageUrl = 'some url';
 
 		$this->request
-			->expects($this->exactly(2))
+			->expects($this->exactly(4))
 			->method('getRemoteAddress')
 			->willReturn('192.168.0.1');
 		$this->throttler
-			->expects($this->once())
+			->expects($this->exactly(2))
 			->method('sleepDelay')
 			->with('192.168.0.1');
+		$this->throttler
+			->expects($this->once())
+			->method('getDelay')
+			->with('192.168.0.1')
+			->willReturn(0);
 		$this->throttler
 			->expects($this->once())
 			->method('registerAttempt')
@@ -322,13 +327,18 @@ class LoginControllerTest extends TestCase {
 		$indexPageUrl = 'some url';
 
 		$this->request
-			->expects($this->once())
+			->expects($this->exactly(2))
 			->method('getRemoteAddress')
 			->willReturn('192.168.0.1');
 		$this->throttler
 			->expects($this->once())
 			->method('sleepDelay')
 			->with('192.168.0.1');
+		$this->throttler
+			->expects($this->once())
+			->method('getDelay')
+			->with('192.168.0.1')
+			->willReturn(200);
 		$this->userManager->expects($this->once())
 			->method('checkPassword')
 			->will($this->returnValue($user));
@@ -362,13 +372,18 @@ class LoginControllerTest extends TestCase {
 		$redirectUrl = 'http://localhost/another url';
 
 		$this->request
-			->expects($this->once())
+			->expects($this->exactly(2))
 			->method('getRemoteAddress')
 			->willReturn('192.168.0.1');
 		$this->throttler
 			->expects($this->once())
 			->method('sleepDelay')
 			->with('192.168.0.1');
+		$this->throttler
+			->expects($this->once())
+			->method('getDelay')
+			->with('192.168.0.1')
+			->willReturn(200);
 		$this->userManager->expects($this->once())
 			->method('checkPassword')
 			->with('Jane', $password)
@@ -399,13 +414,18 @@ class LoginControllerTest extends TestCase {
 		$challengeUrl = 'challenge/url';
 
 		$this->request
-			->expects($this->once())
+			->expects($this->exactly(2))
 			->method('getRemoteAddress')
 			->willReturn('192.168.0.1');
 		$this->throttler
 			->expects($this->once())
 			->method('sleepDelay')
 			->with('192.168.0.1');
+		$this->throttler
+			->expects($this->once())
+			->method('getDelay')
+			->with('192.168.0.1')
+			->willReturn(200);
 		$this->userManager->expects($this->once())
 			->method('checkPassword')
 			->will($this->returnValue($user));
@@ -456,9 +476,14 @@ class LoginControllerTest extends TestCase {
 			->with('core.login.showLoginForm', ['user' => 'john@doe.com'])
 			->will($this->returnValue(''));
 		$this->request
-			->expects($this->exactly(2))
+			->expects($this->exactly(3))
 			->method('getRemoteAddress')
 			->willReturn('192.168.0.1');
+		$this->throttler
+			->expects($this->once())
+			->method('getDelay')
+			->with('192.168.0.1')
+			->willReturn(200);
 		$this->throttler
 			->expects($this->once())
 			->method('sleepDelay')
diff --git a/tests/lib/User/SessionTest.php b/tests/lib/User/SessionTest.php
index 33930a50ce5..379c7e39442 100644
--- a/tests/lib/User/SessionTest.php
+++ b/tests/lib/User/SessionTest.php
@@ -371,13 +371,18 @@ class SessionTest extends \Test\TestCase {
 			->with('token_auth_enforced', false)
 			->will($this->returnValue(true));
 		$request
-			->expects($this->once())
+			->expects($this->exactly(2))
 			->method('getRemoteAddress')
 			->willReturn('192.168.0.1');
 		$this->throttler
 			->expects($this->once())
 			->method('sleepDelay')
 			->with('192.168.0.1');
+		$this->throttler
+			->expects($this->once())
+			->method('getDelay')
+			->with('192.168.0.1')
+			->willReturn(0);
 
 		$userSession->logClientIn('john', 'doe', $request, $this->throttler);
 	}
@@ -407,13 +412,18 @@ class SessionTest extends \Test\TestCase {
 			->method('set')
 			->with('app_password', 'I-AM-AN-APP-PASSWORD');
 		$request
-			->expects($this->once())
+			->expects($this->exactly(2))
 			->method('getRemoteAddress')
 			->willReturn('192.168.0.1');
 		$this->throttler
 			->expects($this->once())
 			->method('sleepDelay')
 			->with('192.168.0.1');
+		$this->throttler
+			->expects($this->once())
+			->method('getDelay')
+			->with('192.168.0.1')
+			->willReturn(0);
 
 		$this->assertTrue($userSession->logClientIn('john', 'I-AM-AN-APP-PASSWORD', $request, $this->throttler));
 	}
@@ -449,13 +459,18 @@ class SessionTest extends \Test\TestCase {
 			->will($this->returnValue(true));
 
 		$request
-			->expects($this->once())
+			->expects($this->exactly(2))
 			->method('getRemoteAddress')
 			->willReturn('192.168.0.1');
 		$this->throttler
 			->expects($this->once())
 			->method('sleepDelay')
 			->with('192.168.0.1');
+		$this->throttler
+			->expects($this->once())
+			->method('getDelay')
+			->with('192.168.0.1')
+			->willReturn(0);
 
 		$userSession->logClientIn('john', 'doe', $request, $this->throttler);
 	}
-- 
cgit v1.2.3