1
0

CsrfTokenManagerTest.php 4.6 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159
  1. <?php
  2. declare(strict_types=1);
  3. /**
  4. * @author Lukas Reschke <lukas@owncloud.com>
  5. *
  6. * @copyright Copyright (c) 2016, ownCloud, Inc.
  7. * @license AGPL-3.0
  8. *
  9. * This code is free software: you can redistribute it and/or modify
  10. * it under the terms of the GNU Affero General Public License, version 3,
  11. * as published by the Free Software Foundation.
  12. *
  13. * This program is distributed in the hope that it will be useful,
  14. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  15. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  16. * GNU Affero General Public License for more details.
  17. *
  18. * You should have received a copy of the GNU Affero General Public License, version 3,
  19. * along with this program. If not, see <http://www.gnu.org/licenses/>
  20. *
  21. */
  22. namespace Test\Security\CSRF;
  23. class CsrfTokenManagerTest extends \Test\TestCase {
  24. /** @var \OC\Security\CSRF\CsrfTokenManager */
  25. private $csrfTokenManager;
  26. /** @var \OC\Security\CSRF\CsrfTokenGenerator */
  27. private $tokenGenerator;
  28. /** @var \OC\Security\CSRF\TokenStorage\SessionStorage */
  29. private $storageInterface;
  30. protected function setUp(): void {
  31. parent::setUp();
  32. $this->tokenGenerator = $this->getMockBuilder('\OC\Security\CSRF\CsrfTokenGenerator')
  33. ->disableOriginalConstructor()->getMock();
  34. $this->storageInterface = $this->getMockBuilder('\OC\Security\CSRF\TokenStorage\SessionStorage')
  35. ->disableOriginalConstructor()->getMock();
  36. $this->csrfTokenManager = new \OC\Security\CSRF\CsrfTokenManager(
  37. $this->tokenGenerator,
  38. $this->storageInterface
  39. );
  40. }
  41. public function testGetTokenWithExistingToken() {
  42. $this->storageInterface
  43. ->expects($this->once())
  44. ->method('hasToken')
  45. ->willReturn(true);
  46. $this->storageInterface
  47. ->expects($this->once())
  48. ->method('getToken')
  49. ->willReturn('MyExistingToken');
  50. $expected = new \OC\Security\CSRF\CsrfToken('MyExistingToken');
  51. $this->assertEquals($expected, $this->csrfTokenManager->getToken());
  52. }
  53. public function testGetTokenWithExistingTokenKeepsOnSecondRequest() {
  54. $this->storageInterface
  55. ->expects($this->once())
  56. ->method('hasToken')
  57. ->willReturn(true);
  58. $this->storageInterface
  59. ->expects($this->once())
  60. ->method('getToken')
  61. ->willReturn('MyExistingToken');
  62. $expected = new \OC\Security\CSRF\CsrfToken('MyExistingToken');
  63. $token = $this->csrfTokenManager->getToken();
  64. $this->assertSame($token, $this->csrfTokenManager->getToken());
  65. $this->assertSame($token, $this->csrfTokenManager->getToken());
  66. }
  67. public function testGetTokenWithoutExistingToken() {
  68. $this->storageInterface
  69. ->expects($this->once())
  70. ->method('hasToken')
  71. ->willReturn(false);
  72. $this->tokenGenerator
  73. ->expects($this->once())
  74. ->method('generateToken')
  75. ->willReturn('MyNewToken');
  76. $this->storageInterface
  77. ->expects($this->once())
  78. ->method('setToken')
  79. ->with('MyNewToken');
  80. $expected = new \OC\Security\CSRF\CsrfToken('MyNewToken');
  81. $this->assertEquals($expected, $this->csrfTokenManager->getToken());
  82. }
  83. public function testRefreshToken() {
  84. $this->tokenGenerator
  85. ->expects($this->once())
  86. ->method('generateToken')
  87. ->willReturn('MyNewToken');
  88. $this->storageInterface
  89. ->expects($this->once())
  90. ->method('setToken')
  91. ->with('MyNewToken');
  92. $expected = new \OC\Security\CSRF\CsrfToken('MyNewToken');
  93. $this->assertEquals($expected, $this->csrfTokenManager->refreshToken());
  94. }
  95. public function testRemoveToken() {
  96. $this->storageInterface
  97. ->expects($this->once())
  98. ->method('removeToken');
  99. $this->csrfTokenManager->removeToken();
  100. }
  101. public function testIsTokenValidWithoutToken() {
  102. $this->storageInterface
  103. ->expects($this->once())
  104. ->method('hasToken')
  105. ->willReturn(false);
  106. $token = new \OC\Security\CSRF\CsrfToken('Token');
  107. $this->assertSame(false, $this->csrfTokenManager->isTokenValid($token));
  108. }
  109. public function testIsTokenValidWithWrongToken() {
  110. $this->storageInterface
  111. ->expects($this->once())
  112. ->method('hasToken')
  113. ->willReturn(true);
  114. $token = new \OC\Security\CSRF\CsrfToken('Token');
  115. $this->storageInterface
  116. ->expects($this->once())
  117. ->method('getToken')
  118. ->willReturn('MyToken');
  119. $this->assertSame(false, $this->csrfTokenManager->isTokenValid($token));
  120. }
  121. public function testIsTokenValidWithValidToken() {
  122. $a = 'abc';
  123. $b = 'def';
  124. $xorB64 = 'BQcF';
  125. $tokenVal = sprintf('%s:%s', $xorB64, base64_encode($a));
  126. $this->storageInterface
  127. ->expects($this->once())
  128. ->method('hasToken')
  129. ->willReturn(true);
  130. $token = new \OC\Security\CSRF\CsrfToken($tokenVal);
  131. $this->storageInterface
  132. ->expects($this->once())
  133. ->method('getToken')
  134. ->willReturn($b);
  135. $this->assertSame(true, $this->csrfTokenManager->isTokenValid($token));
  136. }
  137. }