SameSiteCookieMiddlewareTest.php 3.6 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119
  1. <?php
  2. /**
  3. * SPDX-FileCopyrightText: 2017 Nextcloud GmbH and Nextcloud contributors
  4. * SPDX-License-Identifier: AGPL-3.0-or-later
  5. */
  6. namespace Test\AppFramework\Middleware\Security;
  7. use OC\AppFramework\Http\Request;
  8. use OC\AppFramework\Middleware\Security\Exceptions\LaxSameSiteCookieFailedException;
  9. use OC\AppFramework\Middleware\Security\Exceptions\SecurityException;
  10. use OC\AppFramework\Middleware\Security\SameSiteCookieMiddleware;
  11. use OC\AppFramework\Utility\ControllerMethodReflector;
  12. use OCP\AppFramework\Controller;
  13. use OCP\AppFramework\Http;
  14. use Test\TestCase;
  15. class SameSiteCookieMiddlewareTest extends TestCase {
  16. /** @var SameSiteCookieMiddleware */
  17. private $middleware;
  18. /** @var Request|\PHPUnit\Framework\MockObject\MockObject */
  19. private $request;
  20. /** @var ControllerMethodReflector|\PHPUnit\Framework\MockObject\MockObject */
  21. private $reflector;
  22. protected function setUp(): void {
  23. parent::setUp();
  24. $this->request = $this->createMock(Request::class);
  25. $this->reflector = $this->createMock(ControllerMethodReflector::class);
  26. $this->middleware = new SameSiteCookieMiddleware($this->request, $this->reflector);
  27. }
  28. public function testBeforeControllerNoIndex(): void {
  29. $this->request->method('getScriptName')
  30. ->willReturn('/ocs/v2.php');
  31. $this->middleware->beforeController($this->createMock(Controller::class), 'foo');
  32. $this->addToAssertionCount(1);
  33. }
  34. public function testBeforeControllerIndexHasAnnotation(): void {
  35. $this->request->method('getScriptName')
  36. ->willReturn('/index.php');
  37. $this->reflector->method('hasAnnotation')
  38. ->with('NoSameSiteCookieRequired')
  39. ->willReturn(true);
  40. $this->middleware->beforeController($this->createMock(Controller::class), 'foo');
  41. $this->addToAssertionCount(1);
  42. }
  43. public function testBeforeControllerIndexNoAnnotationPassingCheck(): void {
  44. $this->request->method('getScriptName')
  45. ->willReturn('/index.php');
  46. $this->reflector->method('hasAnnotation')
  47. ->with('NoSameSiteCookieRequired')
  48. ->willReturn(false);
  49. $this->request->method('passesLaxCookieCheck')
  50. ->willReturn(true);
  51. $this->middleware->beforeController($this->createMock(Controller::class), 'foo');
  52. $this->addToAssertionCount(1);
  53. }
  54. public function testBeforeControllerIndexNoAnnotationFailingCheck(): void {
  55. $this->expectException(LaxSameSiteCookieFailedException::class);
  56. $this->request->method('getScriptName')
  57. ->willReturn('/index.php');
  58. $this->reflector->method('hasAnnotation')
  59. ->with('NoSameSiteCookieRequired')
  60. ->willReturn(false);
  61. $this->request->method('passesLaxCookieCheck')
  62. ->willReturn(false);
  63. $this->middleware->beforeController($this->createMock(Controller::class), 'foo');
  64. }
  65. public function testAfterExceptionNoLaxCookie(): void {
  66. $ex = new SecurityException();
  67. try {
  68. $this->middleware->afterException($this->createMock(Controller::class), 'foo', $ex);
  69. $this->fail();
  70. } catch (\Exception $e) {
  71. $this->assertSame($ex, $e);
  72. }
  73. }
  74. public function testAfterExceptionLaxCookie(): void {
  75. $ex = new LaxSameSiteCookieFailedException();
  76. $this->request->method('getRequestUri')
  77. ->willReturn('/myrequri');
  78. $middleware = $this->getMockBuilder(SameSiteCookieMiddleware::class)
  79. ->setConstructorArgs([$this->request, $this->reflector])
  80. ->setMethods(['setSameSiteCookie'])
  81. ->getMock();
  82. $middleware->expects($this->once())
  83. ->method('setSameSiteCookie');
  84. $resp = $middleware->afterException($this->createMock(Controller::class), 'foo', $ex);
  85. $this->assertSame(Http::STATUS_FOUND, $resp->getStatus());
  86. $headers = $resp->getHeaders();
  87. $this->assertSame('/myrequri', $headers['Location']);
  88. }
  89. }