config = $this->createMock(IConfig::class); $this->themingDefaults = $this->createMock(ThemingDefaults::class); $this->blockLegacyClientVersionPlugin = new BlockLegacyClientPlugin( $this->config, $this->themingDefaults, ); } public static function oldDesktopClientProvider(): array { return [ ['Mozilla/5.0 (Windows) mirall/1.5.0'], ['Mozilla/5.0 (Bogus Text) mirall/1.6.9'], ]; } /** * @dataProvider oldDesktopClientProvider */ public function testBeforeHandlerException(string $userAgent): void { $this->expectException(\Sabre\DAV\Exception\Forbidden::class); $this->themingDefaults ->expects($this->once()) ->method('getSyncClientUrl') ->willReturn('https://nextcloud.com/install/#install-clients'); $this->config ->expects($this->once()) ->method('getSystemValue') ->with('minimum.supported.desktop.version', '2.3.0') ->willReturn('1.7.0'); $this->expectExceptionMessage('This version of the client is unsupported. Upgrade to version 1.7.0 or later.'); /** @var RequestInterface|MockObject $request */ $request = $this->createMock('\Sabre\HTTP\RequestInterface'); $request ->expects($this->once()) ->method('getHeader') ->with('User-Agent') ->willReturn($userAgent); $this->blockLegacyClientVersionPlugin->beforeHandler($request); } /** * Ensure that there is no room for XSS attack through configured URL / version * @dataProvider oldDesktopClientProvider */ public function testBeforeHandlerExceptionPreventXSSAttack(string $userAgent): void { $this->expectException(\Sabre\DAV\Exception\Forbidden::class); $this->themingDefaults ->expects($this->once()) ->method('getSyncClientUrl') ->willReturn('https://example.com">'); $this->config ->expects($this->once()) ->method('getSystemValue') ->with('minimum.supported.desktop.version', '2.3.0') ->willReturn('1.7.0 '); $this->expectExceptionMessage('This version of the client is unsupported. Upgrade to version 1.7.0 <script>alert("unsafe")</script> or later.'); /** @var RequestInterface|MockObject $request */ $request = $this->createMock('\Sabre\HTTP\RequestInterface'); $request ->expects($this->once()) ->method('getHeader') ->with('User-Agent') ->willReturn($userAgent); $this->blockLegacyClientVersionPlugin->beforeHandler($request); } public function newAndAlternateDesktopClientProvider(): array { return [ ['Mozilla/5.0 (Windows) mirall/1.7.0'], ['Mozilla/5.0 (Bogus Text) mirall/1.9.3'], ['Mozilla/5.0 (Not Our Client But Old Version) LegacySync/1.1.0'], ]; } /** * @dataProvider newAndAlternateDesktopClientProvider */ public function testBeforeHandlerSuccess(string $userAgent): void { /** @var RequestInterface|MockObject $request */ $request = $this->createMock(RequestInterface::class); $request ->expects($this->once()) ->method('getHeader') ->with('User-Agent') ->willReturn($userAgent); $this->config ->expects($this->once()) ->method('getSystemValue') ->with('minimum.supported.desktop.version', '2.3.0') ->willReturn('1.7.0'); $this->blockLegacyClientVersionPlugin->beforeHandler($request); } public function testBeforeHandlerNoUserAgent(): void { /** @var RequestInterface|MockObject $request */ $request = $this->createMock(RequestInterface::class); $request ->expects($this->once()) ->method('getHeader') ->with('User-Agent') ->willReturn(null); $this->blockLegacyClientVersionPlugin->beforeHandler($request); } }