RISCI_ATOM
/
nextcloud-server
mirror of https://github.com/nextcloud/server.git


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119
							<?php
/**
 * SPDX-FileCopyrightText: 2017 Nextcloud GmbH and Nextcloud contributors
 * SPDX-License-Identifier: AGPL-3.0-or-later
 */

namespace Test\AppFramework\Middleware\Security;

use OC\AppFramework\Http\Request;
use OC\AppFramework\Middleware\Security\Exceptions\LaxSameSiteCookieFailedException;
use OC\AppFramework\Middleware\Security\Exceptions\SecurityException;
use OC\AppFramework\Middleware\Security\SameSiteCookieMiddleware;
use OC\AppFramework\Utility\ControllerMethodReflector;
use OCP\AppFramework\Controller;
use OCP\AppFramework\Http;
use Test\TestCase;

class SameSiteCookieMiddlewareTest extends TestCase {
	/** @var SameSiteCookieMiddleware */
	private $middleware;

	/** @var Request|\PHPUnit\Framework\MockObject\MockObject */
	private $request;

	/** @var ControllerMethodReflector|\PHPUnit\Framework\MockObject\MockObject */
	private $reflector;

	protected function setUp(): void {
		parent::setUp();

		$this->request = $this->createMock(Request::class);
		$this->reflector = $this->createMock(ControllerMethodReflector::class);
		$this->middleware = new SameSiteCookieMiddleware($this->request, $this->reflector);
	}

	public function testBeforeControllerNoIndex(): void {
		$this->request->method('getScriptName')
			->willReturn('/ocs/v2.php');

		$this->middleware->beforeController($this->createMock(Controller::class), 'foo');
		$this->addToAssertionCount(1);
	}

	public function testBeforeControllerIndexHasAnnotation(): void {
		$this->request->method('getScriptName')
			->willReturn('/index.php');

		$this->reflector->method('hasAnnotation')
			->with('NoSameSiteCookieRequired')
			->willReturn(true);

		$this->middleware->beforeController($this->createMock(Controller::class), 'foo');
		$this->addToAssertionCount(1);
	}

	public function testBeforeControllerIndexNoAnnotationPassingCheck(): void {
		$this->request->method('getScriptName')
			->willReturn('/index.php');

		$this->reflector->method('hasAnnotation')
			->with('NoSameSiteCookieRequired')
			->willReturn(false);

		$this->request->method('passesLaxCookieCheck')
			->willReturn(true);

		$this->middleware->beforeController($this->createMock(Controller::class), 'foo');
		$this->addToAssertionCount(1);
	}

	public function testBeforeControllerIndexNoAnnotationFailingCheck(): void {
		$this->expectException(LaxSameSiteCookieFailedException::class);

		$this->request->method('getScriptName')
			->willReturn('/index.php');

		$this->reflector->method('hasAnnotation')
			->with('NoSameSiteCookieRequired')
			->willReturn(false);

		$this->request->method('passesLaxCookieCheck')
			->willReturn(false);

		$this->middleware->beforeController($this->createMock(Controller::class), 'foo');
	}

	public function testAfterExceptionNoLaxCookie(): void {
		$ex = new SecurityException();

		try {
			$this->middleware->afterException($this->createMock(Controller::class), 'foo', $ex);
			$this->fail();
		} catch (\Exception $e) {
			$this->assertSame($ex, $e);
		}
	}

	public function testAfterExceptionLaxCookie(): void {
		$ex = new LaxSameSiteCookieFailedException();

		$this->request->method('getRequestUri')
			->willReturn('/myrequri');

		$middleware = $this->getMockBuilder(SameSiteCookieMiddleware::class)
			->setConstructorArgs([$this->request, $this->reflector])
			->setMethods(['setSameSiteCookie'])
			->getMock();

		$middleware->expects($this->once())
			->method('setSameSiteCookie');

		$resp = $middleware->afterException($this->createMock(Controller::class), 'foo', $ex);

		$this->assertSame(Http::STATUS_FOUND, $resp->getStatus());

		$headers = $resp->getHeaders();
		$this->assertSame('/myrequri', $headers['Location']);
	}
}