123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218121912201221122212231224122512261227122812291230123112321233123412351236123712381239124012411242124312441245124612471248124912501251125212531254125512561257125812591260126112621263126412651266126712681269127012711272127312741275127612771278127912801281128212831284128512861287128812891290129112921293129412951296129712981299130013011302130313041305130613071308130913101311131213131314131513161317131813191320132113221323132413251326132713281329133013311332133313341335133613371338133913401341134213431344134513461347134813491350135113521353135413551356135713581359136013611362136313641365136613671368136913701371137213731374137513761377137813791380138113821383138413851386138713881389139013911392139313941395139613971398139914001401140214031404140514061407140814091410141114121413141414151416141714181419142014211422142314241425142614271428142914301431143214331434143514361437143814391440144114421443144414451446144714481449145014511452145314541455145614571458145914601461146214631464146514661467146814691470147114721473147414751476147714781479148014811482148314841485148614871488148914901491149214931494149514961497149814991500150115021503150415051506150715081509151015111512151315141515151615171518151915201521152215231524152515261527152815291530153115321533153415351536153715381539154015411542154315441545154615471548154915501551155215531554155515561557155815591560156115621563156415651566156715681569157015711572157315741575157615771578157915801581158215831584158515861587158815891590159115921593159415951596159715981599160016011602160316041605160616071608160916101611161216131614161516161617161816191620162116221623162416251626162716281629163016311632163316341635163616371638163916401641164216431644164516461647164816491650165116521653165416551656165716581659166016611662166316641665166616671668166916701671167216731674167516761677167816791680168116821683168416851686168716881689169016911692169316941695169616971698169917001701170217031704170517061707170817091710171117121713171417151716171717181719172017211722172317241725172617271728172917301731173217331734173517361737173817391740174117421743174417451746174717481749175017511752175317541755175617571758175917601761176217631764176517661767176817691770177117721773177417751776177717781779178017811782178317841785178617871788178917901791179217931794179517961797179817991800180118021803180418051806180718081809181018111812181318141815181618171818181918201821182218231824182518261827182818291830183118321833183418351836183718381839184018411842184318441845184618471848184918501851185218531854185518561857185818591860186118621863186418651866186718681869187018711872187318741875187618771878187918801881188218831884188518861887188818891890189118921893189418951896189718981899190019011902190319041905190619071908190919101911191219131914191519161917191819191920192119221923192419251926192719281929193019311932193319341935193619371938193919401941194219431944194519461947194819491950195119521953195419551956195719581959196019611962196319641965196619671968196919701971197219731974197519761977197819791980198119821983198419851986198719881989199019911992199319941995199619971998199920002001200220032004200520062007200820092010201120122013201420152016201720182019202020212022202320242025202620272028202920302031203220332034203520362037203820392040204120422043204420452046204720482049205020512052205320542055205620572058205920602061206220632064206520662067206820692070207120722073207420752076207720782079208020812082208320842085208620872088208920902091209220932094209520962097209820992100210121022103210421052106210721082109211021112112211321142115211621172118211921202121212221232124212521262127212821292130213121322133213421352136213721382139214021412142214321442145214621472148214921502151215221532154215521562157215821592160216121622163216421652166216721682169217021712172217321742175217621772178217921802181218221832184218521862187218821892190219121922193219421952196219721982199220022012202220322042205220622072208220922102211221222132214221522162217221822192220222122222223222422252226222722282229223022312232223322342235223622372238223922402241224222432244224522462247224822492250225122522253225422552256225722582259226022612262226322642265226622672268226922702271227222732274227522762277227822792280228122822283228422852286228722882289229022912292229322942295229622972298229923002301230223032304230523062307230823092310231123122313231423152316231723182319232023212322232323242325232623272328232923302331233223332334233523362337233823392340234123422343234423452346234723482349235023512352235323542355235623572358235923602361236223632364236523662367236823692370237123722373237423752376237723782379238023812382238323842385238623872388238923902391239223932394239523962397239823992400240124022403240424052406240724082409241024112412241324142415241624172418241924202421242224232424242524262427242824292430243124322433 |
- <?php
- /**
- * @copyright 2013 Thomas Tanghus (thomas@tanghus.net)
- * @copyright 2016 Lukas Reschke lukas@owncloud.com
- * @copyright 2022 Stanimir Bozhilov (stanimir@audriga.com)
- *
- * This file is licensed under the Affero General Public License version 3 or
- * later.
- * See the COPYING-README file.
- */
- namespace Test\AppFramework\Http;
- use OC\AppFramework\Http\Request;
- use OC\Security\CSRF\CsrfToken;
- use OC\Security\CSRF\CsrfTokenManager;
- use OCP\IConfig;
- use OCP\IRequestId;
- /**
- * Class RequestTest
- *
- * @package OC\AppFramework\Http
- */
- class RequestTest extends \Test\TestCase {
- /** @var string */
- protected $stream = 'fakeinput://data';
- /** @var IRequestId */
- protected $requestId;
- /** @var IConfig */
- protected $config;
- /** @var CsrfTokenManager */
- protected $csrfTokenManager;
- protected function setUp(): void {
- parent::setUp();
- if (in_array('fakeinput', stream_get_wrappers())) {
- stream_wrapper_unregister('fakeinput');
- }
- stream_wrapper_register('fakeinput', 'Test\AppFramework\Http\RequestStream');
- $this->requestId = $this->createMock(IRequestId::class);
- $this->config = $this->createMock(IConfig::class);
- $this->csrfTokenManager = $this->getMockBuilder(CsrfTokenManager::class)
- ->disableOriginalConstructor()
- ->getMock();
- }
- protected function tearDown(): void {
- stream_wrapper_unregister('fakeinput');
- parent::tearDown();
- }
- public function testRequestAccessors() {
- $vars = [
- 'get' => ['name' => 'John Q. Public', 'nickname' => 'Joey'],
- 'method' => 'GET',
- ];
- $request = new Request(
- $vars,
- $this->requestId,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- );
- // Countable
- $this->assertSame(2, count($request));
- // Array access
- $this->assertSame('Joey', $request['nickname']);
- // "Magic" accessors
- $this->assertSame('Joey', $request->{'nickname'});
- $this->assertTrue(isset($request['nickname']));
- $this->assertTrue(isset($request->{'nickname'}));
- $this->assertFalse(isset($request->{'flickname'}));
- // Only testing 'get', but same approach for post, files etc.
- $this->assertSame('Joey', $request->get['nickname']);
- // Always returns null if variable not set.
- $this->assertSame(null, $request->{'flickname'});
- }
- // urlParams has precedence over POST which has precedence over GET
- public function testPrecedence() {
- $vars = [
- 'get' => ['name' => 'John Q. Public', 'nickname' => 'Joey'],
- 'post' => ['name' => 'Jane Doe', 'nickname' => 'Janey'],
- 'urlParams' => ['user' => 'jw', 'name' => 'Johnny Weissmüller'],
- 'method' => 'GET'
- ];
- $request = new Request(
- $vars,
- $this->requestId,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- );
- $this->assertSame(3, count($request));
- $this->assertSame('Janey', $request->{'nickname'});
- $this->assertSame('Johnny Weissmüller', $request->{'name'});
- }
- public function testImmutableArrayAccess() {
- $this->expectException(\RuntimeException::class);
- $vars = [
- 'get' => ['name' => 'John Q. Public', 'nickname' => 'Joey'],
- 'method' => 'GET'
- ];
- $request = new Request(
- $vars,
- $this->requestId,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- );
- $request['nickname'] = 'Janey';
- }
- public function testImmutableMagicAccess() {
- $this->expectException(\RuntimeException::class);
- $vars = [
- 'get' => ['name' => 'John Q. Public', 'nickname' => 'Joey'],
- 'method' => 'GET'
- ];
- $request = new Request(
- $vars,
- $this->requestId,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- );
- $request->{'nickname'} = 'Janey';
- }
- public function testGetTheMethodRight() {
- $this->expectException(\LogicException::class);
- $vars = [
- 'get' => ['name' => 'John Q. Public', 'nickname' => 'Joey'],
- 'method' => 'GET',
- ];
- $request = new Request(
- $vars,
- $this->requestId,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- );
- $request->post;
- }
- public function testTheMethodIsRight() {
- $vars = [
- 'get' => ['name' => 'John Q. Public', 'nickname' => 'Joey'],
- 'method' => 'GET',
- ];
- $request = new Request(
- $vars,
- $this->requestId,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- );
- $this->assertSame('GET', $request->method);
- $result = $request->get;
- $this->assertSame('John Q. Public', $result['name']);
- $this->assertSame('Joey', $result['nickname']);
- }
- public function testJsonPost() {
- global $data;
- $data = '{"name": "John Q. Public", "nickname": "Joey"}';
- $vars = [
- 'method' => 'POST',
- 'server' => ['CONTENT_TYPE' => 'application/json; utf-8']
- ];
- $request = new Request(
- $vars,
- $this->requestId,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- );
- $this->assertSame('POST', $request->method);
- $result = $request->post;
- $this->assertSame('John Q. Public', $result['name']);
- $this->assertSame('Joey', $result['nickname']);
- $this->assertSame('Joey', $request->params['nickname']);
- $this->assertSame('Joey', $request['nickname']);
- }
- public function testScimJsonPost() {
- global $data;
- $data = '{"userName":"testusername", "displayName":"Example User"}';
- $vars = [
- 'method' => 'POST',
- 'server' => ['CONTENT_TYPE' => 'application/scim+json; utf-8']
- ];
- $request = new Request(
- $vars,
- $this->requestId,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- );
- $this->assertSame('POST', $request->method);
- $result = $request->post;
- $this->assertSame('testusername', $result['userName']);
- $this->assertSame('Example User', $result['displayName']);
- $this->assertSame('Example User', $request->params['displayName']);
- $this->assertSame('Example User', $request['displayName']);
- }
- public function testCustomJsonPost() {
- global $data;
- $data = '{"propertyA":"sometestvalue", "propertyB":"someothertestvalue"}';
- // Note: the content type used here is fictional and intended to check if the regex for JSON content types works fine
- $vars = [
- 'method' => 'POST',
- 'server' => ['CONTENT_TYPE' => 'application/custom-type+json; utf-8']
- ];
- $request = new Request(
- $vars,
- $this->requestId,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- );
- $this->assertSame('POST', $request->method);
- $result = $request->post;
- $this->assertSame('sometestvalue', $result['propertyA']);
- $this->assertSame('someothertestvalue', $result['propertyB']);
- }
- public function notJsonDataProvider() {
- return [
- ['this is not valid json'],
- ['"just a string"'],
- ['{"just a string"}'],
- ];
- }
- /**
- * @dataProvider notJsonDataProvider
- */
- public function testNotJsonPost($testData) {
- global $data;
- $data = $testData;
- $vars = [
- 'method' => 'POST',
- 'server' => ['CONTENT_TYPE' => 'application/json; utf-8']
- ];
- $request = new Request(
- $vars,
- $this->requestId,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- );
- $this->assertEquals('POST', $request->method);
- $result = $request->post;
- // ensure there's no error attempting to decode the content
- }
- public function testNotScimJsonPost() {
- global $data;
- $data = 'this is not valid scim json';
- $vars = [
- 'method' => 'POST',
- 'server' => ['CONTENT_TYPE' => 'application/scim+json; utf-8']
- ];
- $request = new Request(
- $vars,
- $this->requestId,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- );
- $this->assertEquals('POST', $request->method);
- $result = $request->post;
- // ensure there's no error attempting to decode the content
- }
- public function testNotCustomJsonPost() {
- global $data;
- $data = 'this is not valid json';
- $vars = [
- 'method' => 'POST',
- 'server' => ['CONTENT_TYPE' => 'application/custom-type+json; utf-8']
- ];
- $request = new Request(
- $vars,
- $this->requestId,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- );
- $this->assertEquals('POST', $request->method);
- $result = $request->post;
- // ensure there's no error attempting to decode the content
- }
- public function testPatch() {
- global $data;
- $data = http_build_query(['name' => 'John Q. Public', 'nickname' => 'Joey'], '', '&');
- $vars = [
- 'method' => 'PATCH',
- 'server' => ['CONTENT_TYPE' => 'application/x-www-form-urlencoded'],
- ];
- $request = new Request(
- $vars,
- $this->requestId,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- );
- $this->assertSame('PATCH', $request->method);
- $result = $request->patch;
- $this->assertSame('John Q. Public', $result['name']);
- $this->assertSame('Joey', $result['nickname']);
- }
- public function testJsonPatchAndPut() {
- global $data;
- // PUT content
- $data = '{"name": "John Q. Public", "nickname": "Joey"}';
- $vars = [
- 'method' => 'PUT',
- 'server' => ['CONTENT_TYPE' => 'application/json; utf-8'],
- ];
- $request = new Request(
- $vars,
- $this->requestId,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- );
- $this->assertSame('PUT', $request->method);
- $result = $request->put;
- $this->assertSame('John Q. Public', $result['name']);
- $this->assertSame('Joey', $result['nickname']);
- // PATCH content
- $data = '{"name": "John Q. Public", "nickname": null}';
- $vars = [
- 'method' => 'PATCH',
- 'server' => ['CONTENT_TYPE' => 'application/json; utf-8'],
- ];
- $request = new Request(
- $vars,
- $this->requestId,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- );
- $this->assertSame('PATCH', $request->method);
- $result = $request->patch;
- $this->assertSame('John Q. Public', $result['name']);
- $this->assertSame(null, $result['nickname']);
- }
- public function testScimJsonPatchAndPut() {
- global $data;
- // PUT content
- $data = '{"userName": "sometestusername", "displayName": "Example User"}';
- $vars = [
- 'method' => 'PUT',
- 'server' => ['CONTENT_TYPE' => 'application/scim+json; utf-8'],
- ];
- $request = new Request(
- $vars,
- $this->requestId,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- );
- $this->assertSame('PUT', $request->method);
- $result = $request->put;
- $this->assertSame('sometestusername', $result['userName']);
- $this->assertSame('Example User', $result['displayName']);
- // PATCH content
- $data = '{"userName": "sometestusername", "displayName": null}';
- $vars = [
- 'method' => 'PATCH',
- 'server' => ['CONTENT_TYPE' => 'application/scim+json; utf-8'],
- ];
- $request = new Request(
- $vars,
- $this->requestId,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- );
- $this->assertSame('PATCH', $request->method);
- $result = $request->patch;
- $this->assertSame('sometestusername', $result['userName']);
- $this->assertSame(null, $result['displayName']);
- }
- public function testCustomJsonPatchAndPut() {
- global $data;
- // PUT content
- $data = '{"propertyA": "sometestvalue", "propertyB": "someothertestvalue"}';
- $vars = [
- 'method' => 'PUT',
- 'server' => ['CONTENT_TYPE' => 'application/custom-type+json; utf-8'],
- ];
- $request = new Request(
- $vars,
- $this->requestId,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- );
- $this->assertSame('PUT', $request->method);
- $result = $request->put;
- $this->assertSame('sometestvalue', $result['propertyA']);
- $this->assertSame('someothertestvalue', $result['propertyB']);
- // PATCH content
- $data = '{"propertyA": "sometestvalue", "propertyB": null}';
- $vars = [
- 'method' => 'PATCH',
- 'server' => ['CONTENT_TYPE' => 'application/custom-type+json; utf-8'],
- ];
- $request = new Request(
- $vars,
- $this->requestId,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- );
- $this->assertSame('PATCH', $request->method);
- $result = $request->patch;
- $this->assertSame('sometestvalue', $result['propertyA']);
- $this->assertSame(null, $result['propertyB']);
- }
- public function testPutStream() {
- global $data;
- $data = file_get_contents(__DIR__ . '/../../../data/testimage.png');
- $vars = [
- 'put' => $data,
- 'method' => 'PUT',
- 'server' => [
- 'CONTENT_TYPE' => 'image/png',
- 'CONTENT_LENGTH' => (string)strlen($data)
- ],
- ];
- $request = new Request(
- $vars,
- $this->requestId,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- );
- $this->assertSame('PUT', $request->method);
- $resource = $request->put;
- $contents = stream_get_contents($resource);
- $this->assertSame($data, $contents);
- try {
- $resource = $request->put;
- } catch (\LogicException $e) {
- return;
- }
- $this->fail('Expected LogicException.');
- }
- public function testSetUrlParameters() {
- $vars = [
- 'post' => [],
- 'method' => 'POST',
- 'urlParams' => ['id' => '2'],
- ];
- $request = new Request(
- $vars,
- $this->requestId,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- );
- $newParams = ['id' => '3', 'test' => 'test2'];
- $request->setUrlParameters($newParams);
- $this->assertSame('test2', $request->getParam('test'));
- $this->assertEquals('3', $request->getParam('id'));
- $this->assertEquals('3', $request->getParams()['id']);
- }
- public function testGetRemoteAddressWithoutTrustedRemote() {
- $this->config
- ->expects($this->once())
- ->method('getSystemValue')
- ->with('trusted_proxies')
- ->willReturn([]);
- $request = new Request(
- [
- 'server' => [
- 'REMOTE_ADDR' => '10.0.0.2',
- 'HTTP_X_FORWARDED' => '10.4.0.5, 10.4.0.4',
- 'HTTP_X_FORWARDED_FOR' => '192.168.0.233'
- ],
- ],
- $this->requestId,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- );
- $this->assertSame('10.0.0.2', $request->getRemoteAddress());
- }
- public function testGetRemoteAddressWithNoTrustedHeader() {
- $this->config
- ->expects($this->exactly(2))
- ->method('getSystemValue')
- ->withConsecutive(
- ['trusted_proxies'],
- ['forwarded_for_headers'],
- )->willReturnOnConsecutiveCalls(
- ['10.0.0.2'],
- []
- );
- $request = new Request(
- [
- 'server' => [
- 'REMOTE_ADDR' => '10.0.0.2',
- 'HTTP_X_FORWARDED' => '10.4.0.5, 10.4.0.4',
- 'HTTP_X_FORWARDED_FOR' => '192.168.0.233'
- ],
- ],
- $this->requestId,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- );
- $this->assertSame('10.0.0.2', $request->getRemoteAddress());
- }
- public function testGetRemoteAddressWithSingleTrustedRemote() {
- $this->config
- ->expects($this->exactly(2))
- ->method('getSystemValue')
- ->withConsecutive(
- ['trusted_proxies'],
- ['forwarded_for_headers'],
- )-> willReturnOnConsecutiveCalls(
- ['10.0.0.2'],
- ['HTTP_X_FORWARDED'],
- );
- $request = new Request(
- [
- 'server' => [
- 'REMOTE_ADDR' => '10.0.0.2',
- 'HTTP_X_FORWARDED' => '10.4.0.5, 10.4.0.4',
- 'HTTP_X_FORWARDED_FOR' => '192.168.0.233'
- ],
- ],
- $this->requestId,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- );
- $this->assertSame('10.4.0.4', $request->getRemoteAddress());
- }
- public function testGetRemoteAddressWithMultipleTrustedRemotes() {
- $this->config
- ->expects($this->exactly(2))
- ->method('getSystemValue')
- ->willReturnMap([
- ['trusted_proxies', [], ['10.0.0.2', '::1']],
- ['forwarded_for_headers', ['HTTP_X_FORWARDED_FOR'], ['HTTP_X_FORWARDED']],
- ]);
- $request = new Request(
- [
- 'server' => [
- 'REMOTE_ADDR' => '10.0.0.2',
- 'HTTP_X_FORWARDED' => '10.4.0.5, 10.4.0.4, ::1',
- 'HTTP_X_FORWARDED_FOR' => '192.168.0.233'
- ],
- ],
- $this->requestId,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- );
- $this->assertSame('10.4.0.4', $request->getRemoteAddress());
- }
- public function testGetRemoteAddressIPv6WithSingleTrustedRemote() {
- $this->config
- ->expects($this->exactly(2))
- ->method('getSystemValue')
- ->withConsecutive(
- ['trusted_proxies'],
- ['forwarded_for_headers'],
- )-> willReturnOnConsecutiveCalls(
- ['2001:db8:85a3:8d3:1319:8a2e:370:7348'],
- ['HTTP_X_FORWARDED'],
- );
- $request = new Request(
- [
- 'server' => [
- 'REMOTE_ADDR' => '2001:db8:85a3:8d3:1319:8a2e:370:7348',
- 'HTTP_X_FORWARDED' => '10.4.0.5, 10.4.0.4',
- 'HTTP_X_FORWARDED_FOR' => '192.168.0.233'
- ],
- ],
- $this->requestId,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- );
- $this->assertSame('10.4.0.4', $request->getRemoteAddress());
- }
- public function testGetRemoteAddressVerifyPriorityHeader() {
- $this->config
- ->expects($this->exactly(2))
- ->method('getSystemValue')
- ->withConsecutive(
- ['trusted_proxies'],
- ['forwarded_for_headers'],
- )-> willReturnOnConsecutiveCalls(
- ['10.0.0.2'],
- [
- 'HTTP_X_FORWARDED',
- 'HTTP_X_FORWARDED_FOR',
- 'HTTP_CLIENT_IP',
- ],
- );
- $request = new Request(
- [
- 'server' => [
- 'REMOTE_ADDR' => '10.0.0.2',
- 'HTTP_X_FORWARDED' => '10.4.0.5, 10.4.0.4',
- 'HTTP_X_FORWARDED_FOR' => '192.168.0.233'
- ],
- ],
- $this->requestId,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- );
- $this->assertSame('192.168.0.233', $request->getRemoteAddress());
- }
- public function testGetRemoteAddressIPv6VerifyPriorityHeader() {
- $this->config
- ->expects($this->exactly(2))
- ->method('getSystemValue')
- ->withConsecutive(
- ['trusted_proxies'],
- ['forwarded_for_headers'],
- )-> willReturnOnConsecutiveCalls(
- ['2001:db8:85a3:8d3:1319:8a2e:370:7348'],
- [
- 'HTTP_X_FORWARDED',
- 'HTTP_X_FORWARDED_FOR',
- 'HTTP_CLIENT_IP',
- ],
- );
- $request = new Request(
- [
- 'server' => [
- 'REMOTE_ADDR' => '2001:db8:85a3:8d3:1319:8a2e:370:7348',
- 'HTTP_X_FORWARDED' => '10.4.0.5, 10.4.0.4',
- 'HTTP_X_FORWARDED_FOR' => '192.168.0.233'
- ],
- ],
- $this->requestId,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- );
- $this->assertSame('192.168.0.233', $request->getRemoteAddress());
- }
- public function testGetRemoteAddressWithMatchingCidrTrustedRemote() {
- $this->config
- ->expects($this->exactly(2))
- ->method('getSystemValue')
- ->withConsecutive(
- ['trusted_proxies'],
- ['forwarded_for_headers'],
- )-> willReturnOnConsecutiveCalls(
- ['192.168.2.0/24'],
- ['HTTP_X_FORWARDED_FOR'],
- );
- $request = new Request(
- [
- 'server' => [
- 'REMOTE_ADDR' => '192.168.2.99',
- 'HTTP_X_FORWARDED' => '10.4.0.5, 10.4.0.4',
- 'HTTP_X_FORWARDED_FOR' => '192.168.0.233'
- ],
- ],
- $this->requestId,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- );
- $this->assertSame('192.168.0.233', $request->getRemoteAddress());
- }
- public function testGetRemoteAddressWithNotMatchingCidrTrustedRemote() {
- $this->config
- ->expects($this->once())
- ->method('getSystemValue')
- ->with('trusted_proxies')
- ->willReturn(['192.168.2.0/24']);
- $request = new Request(
- [
- 'server' => [
- 'REMOTE_ADDR' => '192.168.3.99',
- 'HTTP_X_FORWARDED' => '10.4.0.5, 10.4.0.4',
- 'HTTP_X_FORWARDED_FOR' => '192.168.0.233'
- ],
- ],
- $this->requestId,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- );
- $this->assertSame('192.168.3.99', $request->getRemoteAddress());
- }
- public function testGetRemoteIpv6AddressWithMatchingIpv6CidrTrustedRemote() {
- $this->config
- ->expects($this->exactly(2))
- ->method('getSystemValue')
- ->withConsecutive(
- ['trusted_proxies'],
- ['forwarded_for_headers']
- )->willReturnOnConsecutiveCalls(
- ['2001:db8:85a3:8d3:1319:8a20::/95'],
- ['HTTP_X_FORWARDED_FOR']
- );
- $request = new Request(
- [
- 'server' => [
- 'REMOTE_ADDR' => '2001:db8:85a3:8d3:1319:8a21:370:7348',
- 'HTTP_X_FORWARDED' => '10.4.0.5, 10.4.0.4',
- 'HTTP_X_FORWARDED_FOR' => '192.168.0.233'
- ],
- ],
- $this->requestId,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- );
- $this->assertSame('192.168.0.233', $request->getRemoteAddress());
- }
- public function testGetRemoteAddressIpv6WithNotMatchingCidrTrustedRemote() {
- $this->config
- ->expects($this->once())
- ->method('getSystemValue')
- ->with('trusted_proxies')
- ->willReturn(['fd::/8']);
- $request = new Request(
- [
- 'server' => [
- 'REMOTE_ADDR' => '2001:db8:85a3:8d3:1319:8a2e:370:7348',
- 'HTTP_X_FORWARDED' => '10.4.0.5, 10.4.0.4',
- 'HTTP_X_FORWARDED_FOR' => '192.168.0.233'
- ],
- ],
- $this->requestId,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- );
- $this->assertSame('2001:db8:85a3:8d3:1319:8a2e:370:7348', $request->getRemoteAddress());
- }
- public function testGetRemoteAddressIpv6WithInvalidTrustedProxy() {
- $this->config
- ->expects($this->once())
- ->method('getSystemValue')
- ->with('trusted_proxies')
- ->willReturn(['fx::/8']);
- $request = new Request(
- [
- 'server' => [
- 'REMOTE_ADDR' => '2001:db8:85a3:8d3:1319:8a2e:370:7348',
- 'HTTP_X_FORWARDED' => '10.4.0.5, 10.4.0.4',
- 'HTTP_X_FORWARDED_FOR' => '192.168.0.233'
- ],
- ],
- $this->requestId,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- );
- $this->assertSame('2001:db8:85a3:8d3:1319:8a2e:370:7348', $request->getRemoteAddress());
- }
- public function testGetRemoteAddressWithXForwardedForIPv6() {
- $this->config
- ->expects($this->exactly(2))
- ->method('getSystemValue')
- ->withConsecutive(
- ['trusted_proxies'],
- ['forwarded_for_headers'],
- )-> willReturnOnConsecutiveCalls(
- ['192.168.2.0/24'],
- ['HTTP_X_FORWARDED_FOR'],
- );
- $request = new Request(
- [
- 'server' => [
- 'REMOTE_ADDR' => '192.168.2.99',
- 'HTTP_X_FORWARDED_FOR' => '[2001:db8:85a3:8d3:1319:8a2e:370:7348]',
- ],
- ],
- $this->requestId,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- );
- $this->assertSame('2001:db8:85a3:8d3:1319:8a2e:370:7348', $request->getRemoteAddress());
- }
- /**
- * @return array
- */
- public function httpProtocolProvider() {
- return [
- // Valid HTTP 1.0
- ['HTTP/1.0', 'HTTP/1.0'],
- ['http/1.0', 'HTTP/1.0'],
- ['HTTp/1.0', 'HTTP/1.0'],
- // Valid HTTP 1.1
- ['HTTP/1.1', 'HTTP/1.1'],
- ['http/1.1', 'HTTP/1.1'],
- ['HTTp/1.1', 'HTTP/1.1'],
- // Valid HTTP 2.0
- ['HTTP/2', 'HTTP/2'],
- ['http/2', 'HTTP/2'],
- ['HTTp/2', 'HTTP/2'],
- // Invalid
- ['HTTp/394', 'HTTP/1.1'],
- ['InvalidProvider/1.1', 'HTTP/1.1'],
- [null, 'HTTP/1.1'],
- ['', 'HTTP/1.1'],
- ];
- }
- /**
- * @dataProvider httpProtocolProvider
- *
- * @param mixed $input
- * @param string $expected
- */
- public function testGetHttpProtocol($input, $expected) {
- $request = new Request(
- [
- 'server' => [
- 'SERVER_PROTOCOL' => $input,
- ],
- ],
- $this->requestId,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- );
- $this->assertSame($expected, $request->getHttpProtocol());
- }
- public function testGetServerProtocolWithOverride() {
- $this->config
- ->expects($this->exactly(3))
- ->method('getSystemValueString')
- ->willReturnMap([
- ['overwriteprotocol', '', 'customProtocol'],
- ['overwritecondaddr', '', ''],
- ]);
- $request = new Request(
- [],
- $this->requestId,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- );
- $this->assertSame('customProtocol', $request->getServerProtocol());
- }
- public function testGetServerProtocolWithProtoValid() {
- $this->config
- ->method('getSystemValue')
- ->willReturnCallback(function ($key, $default) {
- if ($key === 'trusted_proxies') {
- return ['1.2.3.4'];
- }
- return $default;
- });
- $requestHttps = new Request(
- [
- 'server' => [
- 'HTTP_X_FORWARDED_PROTO' => 'HtTpS',
- 'REMOTE_ADDR' => '1.2.3.4',
- ],
- ],
- $this->requestId,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- );
- $requestHttp = new Request(
- [
- 'server' => [
- 'HTTP_X_FORWARDED_PROTO' => 'HTTp',
- 'REMOTE_ADDR' => '1.2.3.4',
- ],
- ],
- $this->requestId,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- );
- $this->assertSame('https', $requestHttps->getServerProtocol());
- $this->assertSame('http', $requestHttp->getServerProtocol());
- }
- public function testGetServerProtocolWithHttpsServerValueOn() {
- $this->config
- ->method('getSystemValue')
- ->willReturnCallback(function ($key, $default) {
- return $default;
- });
- $request = new Request(
- [
- 'server' => [
- 'HTTPS' => 'on'
- ],
- ],
- $this->requestId,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- );
- $this->assertSame('https', $request->getServerProtocol());
- }
- public function testGetServerProtocolWithHttpsServerValueOff() {
- $this->config
- ->method('getSystemValue')
- ->willReturnCallback(function ($key, $default) {
- return $default;
- });
- $request = new Request(
- [
- 'server' => [
- 'HTTPS' => 'off'
- ],
- ],
- $this->requestId,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- );
- $this->assertSame('http', $request->getServerProtocol());
- }
- public function testGetServerProtocolWithHttpsServerValueEmpty() {
- $this->config
- ->method('getSystemValue')
- ->willReturnCallback(function ($key, $default) {
- return $default;
- });
- $request = new Request(
- [
- 'server' => [
- 'HTTPS' => ''
- ],
- ],
- $this->requestId,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- );
- $this->assertSame('http', $request->getServerProtocol());
- }
- public function testGetServerProtocolDefault() {
- $this->config
- ->method('getSystemValue')
- ->willReturnCallback(function ($key, $default) {
- return $default;
- });
- $request = new Request(
- [],
- $this->requestId,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- );
- $this->assertSame('http', $request->getServerProtocol());
- }
- public function testGetServerProtocolBehindLoadBalancers() {
- $this->config
- ->method('getSystemValue')
- ->willReturnCallback(function ($key, $default) {
- if ($key === 'trusted_proxies') {
- return ['1.2.3.4'];
- }
- return $default;
- });
- $request = new Request(
- [
- 'server' => [
- 'HTTP_X_FORWARDED_PROTO' => 'https,http,http',
- 'REMOTE_ADDR' => '1.2.3.4',
- ],
- ],
- $this->requestId,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- );
- $this->assertSame('https', $request->getServerProtocol());
- }
- /**
- * @dataProvider userAgentProvider
- * @param string $testAgent
- * @param array $userAgent
- * @param bool $matches
- */
- public function testUserAgent($testAgent, $userAgent, $matches) {
- $request = new Request(
- [
- 'server' => [
- 'HTTP_USER_AGENT' => $testAgent,
- ]
- ],
- $this->requestId,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- );
- $this->assertSame($matches, $request->isUserAgent($userAgent));
- }
- /**
- * @dataProvider userAgentProvider
- * @param string $testAgent
- * @param array $userAgent
- * @param bool $matches
- */
- public function testUndefinedUserAgent($testAgent, $userAgent, $matches) {
- $request = new Request(
- [],
- $this->requestId,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- );
- $this->assertFalse($request->isUserAgent($userAgent));
- }
- /**
- * @return array
- */
- public function userAgentProvider() {
- return [
- [
- 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)',
- [
- Request::USER_AGENT_IE
- ],
- true,
- ],
- [
- 'Mozilla/5.0 (X11; Linux i686; rv:24.0) Gecko/20100101 Firefox/24.0',
- [
- Request::USER_AGENT_IE
- ],
- false,
- ],
- [
- 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36',
- [
- Request::USER_AGENT_CHROME
- ],
- true,
- ],
- [
- 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/53.0.2785.143 Chrome/53.0.2785.143 Safari/537.36',
- [
- Request::USER_AGENT_CHROME
- ],
- true,
- ],
- [
- 'Mozilla/5.0 (Linux; Android 4.4; Nexus 4 Build/KRT16S) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.59 Mobile Safari/537.36',
- [
- Request::USER_AGENT_ANDROID_MOBILE_CHROME
- ],
- true,
- ],
- [
- 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)',
- [
- Request::USER_AGENT_ANDROID_MOBILE_CHROME
- ],
- false,
- ],
- [
- 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)',
- [
- Request::USER_AGENT_IE,
- Request::USER_AGENT_ANDROID_MOBILE_CHROME,
- ],
- true,
- ],
- [
- 'Mozilla/5.0 (Linux; Android 4.4; Nexus 4 Build/KRT16S) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.59 Mobile Safari/537.36',
- [
- Request::USER_AGENT_IE,
- Request::USER_AGENT_ANDROID_MOBILE_CHROME,
- ],
- true,
- ],
- [
- 'Mozilla/5.0 (X11; Linux i686; rv:24.0) Gecko/20100101 Firefox/24.0',
- [
- Request::USER_AGENT_FREEBOX
- ],
- false,
- ],
- [
- 'Mozilla/5.0',
- [
- Request::USER_AGENT_FREEBOX
- ],
- true,
- ],
- [
- 'Fake Mozilla/5.0',
- [
- Request::USER_AGENT_FREEBOX
- ],
- false,
- ],
- [
- 'Mozilla/5.0 (Android) ownCloud-android/2.0.0',
- [
- Request::USER_AGENT_CLIENT_ANDROID
- ],
- true,
- ],
- [
- 'Mozilla/5.0 (Android) Nextcloud-android/2.0.0',
- [
- Request::USER_AGENT_CLIENT_ANDROID
- ],
- true,
- ],
- [
- 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.99 Safari/537.36 Vivaldi/2.9.1705.41',
- [
- Request::USER_AGENT_CHROME
- ],
- true
- ],
- [
- 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.38 Safari/537.36 Brave/75',
- [
- Request::USER_AGENT_CHROME
- ],
- true
- ],
- [
- 'Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36 OPR/50.0.2762.67',
- [
- Request::USER_AGENT_CHROME
- ],
- true
- ]
- ];
- }
- public function dataMatchClientVersion(): array {
- return [
- [
- 'Mozilla/5.0 (Android) Nextcloud-android/3.24.1',
- Request::USER_AGENT_CLIENT_ANDROID,
- '3.24.1',
- ],
- [
- 'Mozilla/5.0 (iOS) Nextcloud-iOS/4.8.2',
- Request::USER_AGENT_CLIENT_IOS,
- '4.8.2',
- ],
- [
- 'Mozilla/5.0 (Windows) mirall/3.8.1',
- Request::USER_AGENT_CLIENT_DESKTOP,
- '3.8.1',
- ],
- [
- 'Mozilla/5.0 (Android) Nextcloud-Talk v17.10.0',
- Request::USER_AGENT_TALK_ANDROID,
- '17.10.0',
- ],
- [
- 'Mozilla/5.0 (iOS) Nextcloud-Talk v17.0.1',
- Request::USER_AGENT_TALK_IOS,
- '17.0.1',
- ],
- [
- 'Mozilla/5.0 (Windows) Nextcloud-Talk v0.6.0',
- Request::USER_AGENT_TALK_DESKTOP,
- '0.6.0',
- ],
- [
- 'Mozilla/5.0 (Windows) Nextcloud-Outlook v1.0.0',
- Request::USER_AGENT_OUTLOOK_ADDON,
- '1.0.0',
- ],
- [
- 'Mozilla/5.0 (Linux) Nextcloud-Thunderbird v1.0.0',
- Request::USER_AGENT_THUNDERBIRD_ADDON,
- '1.0.0',
- ],
- ];
- }
- /**
- * @dataProvider dataMatchClientVersion
- * @param string $testAgent
- * @param string $userAgent
- * @param string $version
- */
- public function testMatchClientVersion(string $testAgent, string $userAgent, string $version): void {
- preg_match($userAgent, $testAgent, $matches);
- $this->assertSame($version, $matches[1]);
- }
- public function testInsecureServerHostServerNameHeader() {
- $request = new Request(
- [
- 'server' => [
- 'SERVER_NAME' => 'from.server.name:8080',
- ]
- ],
- $this->requestId,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- );
- $this->assertSame('from.server.name:8080', $request->getInsecureServerHost());
- }
- public function testInsecureServerHostHttpHostHeader() {
- $request = new Request(
- [
- 'server' => [
- 'SERVER_NAME' => 'from.server.name:8080',
- 'HTTP_HOST' => 'from.host.header:8080',
- ]
- ],
- $this->requestId,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- );
- $this->assertSame('from.host.header:8080', $request->getInsecureServerHost());
- }
- public function testInsecureServerHostHttpFromForwardedHeaderSingle() {
- $this->config
- ->method('getSystemValue')
- ->willReturnCallback(function ($key, $default) {
- if ($key === 'trusted_proxies') {
- return ['1.2.3.4'];
- }
- return $default;
- });
- $request = new Request(
- [
- 'server' => [
- 'SERVER_NAME' => 'from.server.name:8080',
- 'HTTP_HOST' => 'from.host.header:8080',
- 'HTTP_X_FORWARDED_HOST' => 'from.forwarded.host:8080',
- 'REMOTE_ADDR' => '1.2.3.4',
- ]
- ],
- $this->requestId,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- );
- $this->assertSame('from.forwarded.host:8080', $request->getInsecureServerHost());
- }
- public function testInsecureServerHostHttpFromForwardedHeaderStacked() {
- $this->config
- ->method('getSystemValue')
- ->willReturnCallback(function ($key, $default) {
- if ($key === 'trusted_proxies') {
- return ['1.2.3.4'];
- }
- return $default;
- });
- $request = new Request(
- [
- 'server' => [
- 'SERVER_NAME' => 'from.server.name:8080',
- 'HTTP_HOST' => 'from.host.header:8080',
- 'HTTP_X_FORWARDED_HOST' => 'from.forwarded.host2:8080,another.one:9000',
- 'REMOTE_ADDR' => '1.2.3.4',
- ]
- ],
- $this->requestId,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- );
- $this->assertSame('from.forwarded.host2:8080', $request->getInsecureServerHost());
- }
- public function testGetServerHostWithOverwriteHost() {
- $this->config
- ->method('getSystemValueString')
- ->willReturnCallback(function ($key, $default) {
- if ($key === 'overwritecondaddr') {
- return '';
- } elseif ($key === 'overwritehost') {
- return 'my.overwritten.host';
- }
- return $default;
- });
- $request = new Request(
- [],
- $this->requestId,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- );
- $this->assertSame('my.overwritten.host', $request->getServerHost());
- }
- public function testGetServerHostWithTrustedDomain() {
- $this->config
- ->method('getSystemValue')
- ->willReturnCallback(function ($key, $default) {
- if ($key === 'trusted_proxies') {
- return ['1.2.3.4'];
- } elseif ($key === 'trusted_domains') {
- return ['my.trusted.host'];
- }
- return $default;
- });
- $request = new Request(
- [
- 'server' => [
- 'HTTP_X_FORWARDED_HOST' => 'my.trusted.host',
- 'REMOTE_ADDR' => '1.2.3.4',
- ],
- ],
- $this->requestId,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- );
- $this->assertSame('my.trusted.host', $request->getServerHost());
- }
- public function testGetServerHostWithUntrustedDomain() {
- $this->config
- ->method('getSystemValue')
- ->willReturnCallback(function ($key, $default) {
- if ($key === 'trusted_proxies') {
- return ['1.2.3.4'];
- } elseif ($key === 'trusted_domains') {
- return ['my.trusted.host'];
- }
- return $default;
- });
- $request = new Request(
- [
- 'server' => [
- 'HTTP_X_FORWARDED_HOST' => 'my.untrusted.host',
- 'REMOTE_ADDR' => '1.2.3.4',
- ],
- ],
- $this->requestId,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- );
- $this->assertSame('my.trusted.host', $request->getServerHost());
- }
- public function testGetServerHostWithNoTrustedDomain() {
- $this->config
- ->method('getSystemValue')
- ->willReturnCallback(function ($key, $default) {
- if ($key === 'trusted_proxies') {
- return ['1.2.3.4'];
- }
- return $default;
- });
- $request = new Request(
- [
- 'server' => [
- 'HTTP_X_FORWARDED_HOST' => 'my.untrusted.host',
- 'REMOTE_ADDR' => '1.2.3.4',
- ],
- ],
- $this->requestId,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- );
- $this->assertSame('', $request->getServerHost());
- }
- /**
- * @return array
- */
- public function dataGetServerHostTrustedDomain() {
- return [
- 'is array' => ['my.trusted.host', ['my.trusted.host']],
- 'is array but undefined index 0' => ['my.trusted.host', [2 => 'my.trusted.host']],
- 'is string' => ['my.trusted.host', 'my.trusted.host'],
- 'is null' => ['', null],
- ];
- }
- /**
- * @dataProvider dataGetServerHostTrustedDomain
- * @param $expected
- * @param $trustedDomain
- */
- public function testGetServerHostTrustedDomain($expected, $trustedDomain) {
- $this->config
- ->method('getSystemValue')
- ->willReturnCallback(function ($key, $default) use ($trustedDomain) {
- if ($key === 'trusted_proxies') {
- return ['1.2.3.4'];
- }
- if ($key === 'trusted_domains') {
- return $trustedDomain;
- }
- return $default;
- });
- $request = new Request(
- [
- 'server' => [
- 'HTTP_X_FORWARDED_HOST' => 'my.untrusted.host',
- 'REMOTE_ADDR' => '1.2.3.4',
- ],
- ],
- $this->requestId,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- );
- $this->assertSame($expected, $request->getServerHost());
- }
- public function testGetOverwriteHostDefaultNull() {
- $this->config
- ->expects($this->once())
- ->method('getSystemValueString')
- ->with('overwritehost')
- ->willReturn('');
- $request = new Request(
- [],
- $this->requestId,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- );
- $this->assertNull(self::invokePrivate($request, 'getOverwriteHost'));
- }
- public function testGetOverwriteHostWithOverwrite() {
- $this->config
- ->expects($this->exactly(3))
- ->method('getSystemValueString')
- ->willReturnMap([
- ['overwritehost', '', 'www.owncloud.org'],
- ['overwritecondaddr', '', ''],
- ]);
- $request = new Request(
- [],
- $this->requestId,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- );
- $this->assertSame('www.owncloud.org', self::invokePrivate($request, 'getOverwriteHost'));
- }
- public function testGetPathInfoNotProcessible() {
- $this->expectException(\Exception::class);
- $this->expectExceptionMessage('The requested uri(/foo.php) cannot be processed by the script \'/var/www/index.php\')');
- $request = new Request(
- [
- 'server' => [
- 'REQUEST_URI' => '/foo.php',
- 'SCRIPT_NAME' => '/var/www/index.php',
- ]
- ],
- $this->requestId,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- );
- $request->getPathInfo();
- }
- public function testGetRawPathInfoNotProcessible() {
- $this->expectException(\Exception::class);
- $this->expectExceptionMessage('The requested uri(/foo.php) cannot be processed by the script \'/var/www/index.php\')');
- $request = new Request(
- [
- 'server' => [
- 'REQUEST_URI' => '/foo.php',
- 'SCRIPT_NAME' => '/var/www/index.php',
- ]
- ],
- $this->requestId,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- );
- $request->getRawPathInfo();
- }
- /**
- * @dataProvider genericPathInfoProvider
- * @param string $requestUri
- * @param string $scriptName
- * @param string $expected
- */
- public function testGetPathInfoWithoutSetEnvGeneric($requestUri, $scriptName, $expected) {
- $request = new Request(
- [
- 'server' => [
- 'REQUEST_URI' => $requestUri,
- 'SCRIPT_NAME' => $scriptName,
- ]
- ],
- $this->requestId,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- );
- $this->assertSame($expected, $request->getPathInfo());
- }
- /**
- * @dataProvider genericPathInfoProvider
- * @param string $requestUri
- * @param string $scriptName
- * @param string $expected
- */
- public function testGetRawPathInfoWithoutSetEnvGeneric($requestUri, $scriptName, $expected) {
- $request = new Request(
- [
- 'server' => [
- 'REQUEST_URI' => $requestUri,
- 'SCRIPT_NAME' => $scriptName,
- ]
- ],
- $this->requestId,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- );
- $this->assertSame($expected, $request->getRawPathInfo());
- }
- /**
- * @dataProvider rawPathInfoProvider
- * @param string $requestUri
- * @param string $scriptName
- * @param string $expected
- */
- public function testGetRawPathInfoWithoutSetEnv($requestUri, $scriptName, $expected) {
- $request = new Request(
- [
- 'server' => [
- 'REQUEST_URI' => $requestUri,
- 'SCRIPT_NAME' => $scriptName,
- ]
- ],
- $this->requestId,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- );
- $this->assertSame($expected, $request->getRawPathInfo());
- }
- /**
- * @dataProvider pathInfoProvider
- * @param string $requestUri
- * @param string $scriptName
- * @param string $expected
- */
- public function testGetPathInfoWithoutSetEnv($requestUri, $scriptName, $expected) {
- $request = new Request(
- [
- 'server' => [
- 'REQUEST_URI' => $requestUri,
- 'SCRIPT_NAME' => $scriptName,
- ]
- ],
- $this->requestId,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- );
- $this->assertSame($expected, $request->getPathInfo());
- }
- /**
- * @return array
- */
- public function genericPathInfoProvider() {
- return [
- ['/core/index.php?XDEBUG_SESSION_START=14600', '/core/index.php', ''],
- ['/index.php/apps/files/', 'index.php', '/apps/files/'],
- ['/index.php/apps/files/../&/&?someQueryParameter=QueryParam', 'index.php', '/apps/files/../&/&'],
- ['/remote.php/漢字編碼方法 / 汉字编码方法', 'remote.php', '/漢字編碼方法 / 汉字编码方法'],
- ['///removeTrailin//gSlashes///', 'remote.php', '/removeTrailin/gSlashes/'],
- ['/', '/', ''],
- ['', '', ''],
- ];
- }
- /**
- * @return array
- */
- public function rawPathInfoProvider() {
- return [
- ['/foo%2Fbar/subfolder', '', 'foo%2Fbar/subfolder'],
- ];
- }
- /**
- * @return array
- */
- public function pathInfoProvider() {
- return [
- ['/foo%2Fbar/subfolder', '', 'foo/bar/subfolder'],
- ];
- }
- public function testGetRequestUriWithoutOverwrite() {
- $this->config
- ->expects($this->once())
- ->method('getSystemValueString')
- ->with('overwritewebroot')
- ->willReturn('');
- $request = new Request(
- [
- 'server' => [
- 'REQUEST_URI' => '/test.php'
- ]
- ],
- $this->requestId,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- );
- $this->assertSame('/test.php', $request->getRequestUri());
- }
- public function providesGetRequestUriWithOverwriteData() {
- return [
- ['/scriptname.php/some/PathInfo', '/owncloud/', ''],
- ['/scriptname.php/some/PathInfo', '/owncloud/', '123', '123.123.123.123'],
- ];
- }
- /**
- * @dataProvider providesGetRequestUriWithOverwriteData
- */
- public function testGetRequestUriWithOverwrite($expectedUri, $overwriteWebRoot, $overwriteCondAddr, $remoteAddr = '') {
- $this->config
- ->expects($this->exactly(2))
- ->method('getSystemValueString')
- ->willReturnMap([
- ['overwritewebroot', '', $overwriteWebRoot],
- ['overwritecondaddr', '', $overwriteCondAddr],
- ]);
- $request = $this->getMockBuilder(Request::class)
- ->setMethods(['getScriptName'])
- ->setConstructorArgs([
- [
- 'server' => [
- 'REQUEST_URI' => '/test.php/some/PathInfo',
- 'SCRIPT_NAME' => '/test.php',
- 'REMOTE_ADDR' => $remoteAddr
- ]
- ],
- $this->requestId,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- ])
- ->getMock();
- $request
- ->expects($this->once())
- ->method('getScriptName')
- ->willReturn('/scriptname.php');
- $this->assertSame($expectedUri, $request->getRequestUri());
- }
- public function testPassesCSRFCheckWithGet() {
- /** @var Request $request */
- $request = $this->getMockBuilder('\OC\AppFramework\Http\Request')
- ->setMethods(['getScriptName'])
- ->setConstructorArgs([
- [
- 'get' => [
- 'requesttoken' => 'AAAHGxsTCTc3BgMQESAcNR0OAR0=:MyTotalSecretShareds',
- ],
- 'cookies' => [
- 'nc_sameSiteCookiestrict' => 'true',
- 'nc_sameSiteCookielax' => 'true',
- ],
- ],
- $this->requestId,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- ])
- ->getMock();
- $token = new CsrfToken('AAAHGxsTCTc3BgMQESAcNR0OAR0=:MyTotalSecretShareds');
- $this->csrfTokenManager
- ->expects($this->once())
- ->method('isTokenValid')
- ->with($token)
- ->willReturn(true);
- $this->assertTrue($request->passesCSRFCheck());
- }
- public function testPassesCSRFCheckWithPost() {
- /** @var Request $request */
- $request = $this->getMockBuilder('\OC\AppFramework\Http\Request')
- ->setMethods(['getScriptName'])
- ->setConstructorArgs([
- [
- 'post' => [
- 'requesttoken' => 'AAAHGxsTCTc3BgMQESAcNR0OAR0=:MyTotalSecretShareds',
- ],
- 'cookies' => [
- 'nc_sameSiteCookiestrict' => 'true',
- 'nc_sameSiteCookielax' => 'true',
- ],
- ],
- $this->requestId,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- ])
- ->getMock();
- $token = new CsrfToken('AAAHGxsTCTc3BgMQESAcNR0OAR0=:MyTotalSecretShareds');
- $this->csrfTokenManager
- ->expects($this->once())
- ->method('isTokenValid')
- ->with($token)
- ->willReturn(true);
- $this->assertTrue($request->passesCSRFCheck());
- }
- public function testPassesCSRFCheckWithHeader() {
- /** @var Request $request */
- $request = $this->getMockBuilder('\OC\AppFramework\Http\Request')
- ->setMethods(['getScriptName'])
- ->setConstructorArgs([
- [
- 'server' => [
- 'HTTP_REQUESTTOKEN' => 'AAAHGxsTCTc3BgMQESAcNR0OAR0=:MyTotalSecretShareds',
- ],
- 'cookies' => [
- 'nc_sameSiteCookiestrict' => 'true',
- 'nc_sameSiteCookielax' => 'true',
- ],
- ],
- $this->requestId,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- ])
- ->getMock();
- $token = new CsrfToken('AAAHGxsTCTc3BgMQESAcNR0OAR0=:MyTotalSecretShareds');
- $this->csrfTokenManager
- ->expects($this->once())
- ->method('isTokenValid')
- ->with($token)
- ->willReturn(true);
- $this->assertTrue($request->passesCSRFCheck());
- }
- public function testPassesCSRFCheckWithGetAndWithoutCookies() {
- /** @var Request $request */
- $request = $this->getMockBuilder('\OC\AppFramework\Http\Request')
- ->setMethods(['getScriptName'])
- ->setConstructorArgs([
- [
- 'get' => [
- 'requesttoken' => 'AAAHGxsTCTc3BgMQESAcNR0OAR0=:MyTotalSecretShareds',
- ],
- ],
- $this->requestId,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- ])
- ->getMock();
- $this->csrfTokenManager
- ->expects($this->once())
- ->method('isTokenValid')
- ->willReturn(true);
- $this->assertTrue($request->passesCSRFCheck());
- }
- public function testPassesCSRFCheckWithPostAndWithoutCookies() {
- /** @var Request $request */
- $request = $this->getMockBuilder('\OC\AppFramework\Http\Request')
- ->setMethods(['getScriptName'])
- ->setConstructorArgs([
- [
- 'post' => [
- 'requesttoken' => 'AAAHGxsTCTc3BgMQESAcNR0OAR0=:MyTotalSecretShareds',
- ],
- ],
- $this->requestId,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- ])
- ->getMock();
- $this->csrfTokenManager
- ->expects($this->once())
- ->method('isTokenValid')
- ->willReturn(true);
- $this->assertTrue($request->passesCSRFCheck());
- }
- public function testPassesCSRFCheckWithHeaderAndWithoutCookies() {
- /** @var Request $request */
- $request = $this->getMockBuilder('\OC\AppFramework\Http\Request')
- ->setMethods(['getScriptName'])
- ->setConstructorArgs([
- [
- 'server' => [
- 'HTTP_REQUESTTOKEN' => 'AAAHGxsTCTc3BgMQESAcNR0OAR0=:MyTotalSecretShareds',
- ],
- ],
- $this->requestId,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- ])
- ->getMock();
- $this->csrfTokenManager
- ->expects($this->once())
- ->method('isTokenValid')
- ->willReturn(true);
- $this->assertTrue($request->passesCSRFCheck());
- }
- public function testFailsCSRFCheckWithHeaderAndNotAllChecksPassing() {
- /** @var Request $request */
- $request = $this->getMockBuilder('\OC\AppFramework\Http\Request')
- ->setMethods(['getScriptName'])
- ->setConstructorArgs([
- [
- 'server' => [
- 'HTTP_REQUESTTOKEN' => 'AAAHGxsTCTc3BgMQESAcNR0OAR0=:MyTotalSecretShareds',
- ],
- 'cookies' => [
- session_name() => 'asdf',
- 'nc_sameSiteCookiestrict' => 'true',
- ],
- ],
- $this->requestId,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- ])
- ->getMock();
- $this->csrfTokenManager
- ->expects($this->never())
- ->method('isTokenValid');
- $this->assertFalse($request->passesCSRFCheck());
- }
- public function testPassesStrictCookieCheckWithAllCookiesAndStrict() {
- /** @var Request $request */
- $request = $this->getMockBuilder('\OC\AppFramework\Http\Request')
- ->setMethods(['getScriptName', 'getCookieParams'])
- ->setConstructorArgs([
- [
- 'server' => [
- 'HTTP_REQUESTTOKEN' => 'AAAHGxsTCTc3BgMQESAcNR0OAR0=:MyTotalSecretShareds',
- ],
- 'cookies' => [
- session_name() => 'asdf',
- '__Host-nc_sameSiteCookiestrict' => 'true',
- '__Host-nc_sameSiteCookielax' => 'true',
- ],
- ],
- $this->requestId,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- ])
- ->getMock();
- $request
- ->expects($this->any())
- ->method('getCookieParams')
- ->willReturn([
- 'secure' => true,
- 'path' => '/',
- ]);
- $this->assertTrue($request->passesStrictCookieCheck());
- }
- public function testFailsStrictCookieCheckWithAllCookiesAndMissingStrict() {
- /** @var Request $request */
- $request = $this->getMockBuilder('\OC\AppFramework\Http\Request')
- ->setMethods(['getScriptName', 'getCookieParams'])
- ->setConstructorArgs([
- [
- 'server' => [
- 'HTTP_REQUESTTOKEN' => 'AAAHGxsTCTc3BgMQESAcNR0OAR0=:MyTotalSecretShareds',
- ],
- 'cookies' => [
- session_name() => 'asdf',
- 'nc_sameSiteCookiestrict' => 'true',
- 'nc_sameSiteCookielax' => 'true',
- ],
- ],
- $this->requestId,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- ])
- ->getMock();
- $request
- ->expects($this->any())
- ->method('getCookieParams')
- ->willReturn([
- 'secure' => true,
- 'path' => '/',
- ]);
- $this->assertFalse($request->passesStrictCookieCheck());
- }
- public function testGetCookieParams() {
- /** @var Request $request */
- $request = $this->getMockBuilder(Request::class)
- ->setMethods(['getScriptName'])
- ->setConstructorArgs([
- [],
- $this->requestId,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- ])
- ->getMock();
- $actual = $request->getCookieParams();
- $this->assertSame(session_get_cookie_params(), $actual);
- }
- public function testPassesStrictCookieCheckWithAllCookies() {
- /** @var Request $request */
- $request = $this->getMockBuilder('\OC\AppFramework\Http\Request')
- ->setMethods(['getScriptName'])
- ->setConstructorArgs([
- [
- 'server' => [
- 'HTTP_REQUESTTOKEN' => 'AAAHGxsTCTc3BgMQESAcNR0OAR0=:MyTotalSecretShareds',
- ],
- 'cookies' => [
- session_name() => 'asdf',
- 'nc_sameSiteCookiestrict' => 'true',
- 'nc_sameSiteCookielax' => 'true',
- ],
- ],
- $this->requestId,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- ])
- ->getMock();
- $this->assertTrue($request->passesStrictCookieCheck());
- }
- public function testPassesStrictCookieCheckWithRandomCookies() {
- /** @var Request $request */
- $request = $this->getMockBuilder('\OC\AppFramework\Http\Request')
- ->setMethods(['getScriptName'])
- ->setConstructorArgs([
- [
- 'server' => [
- 'HTTP_REQUESTTOKEN' => 'AAAHGxsTCTc3BgMQESAcNR0OAR0=:MyTotalSecretShareds',
- ],
- 'cookies' => [
- 'RandomCookie' => 'asdf',
- ],
- ],
- $this->requestId,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- ])
- ->getMock();
- $this->assertTrue($request->passesStrictCookieCheck());
- }
- public function testFailsStrictCookieCheckWithSessionCookie() {
- /** @var Request $request */
- $request = $this->getMockBuilder('\OC\AppFramework\Http\Request')
- ->setMethods(['getScriptName'])
- ->setConstructorArgs([
- [
- 'server' => [
- 'HTTP_REQUESTTOKEN' => 'AAAHGxsTCTc3BgMQESAcNR0OAR0=:MyTotalSecretShareds',
- ],
- 'cookies' => [
- session_name() => 'asdf',
- ],
- ],
- $this->requestId,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- ])
- ->getMock();
- $this->assertFalse($request->passesStrictCookieCheck());
- }
- public function testFailsStrictCookieCheckWithRememberMeCookie() {
- /** @var Request $request */
- $request = $this->getMockBuilder('\OC\AppFramework\Http\Request')
- ->setMethods(['getScriptName'])
- ->setConstructorArgs([
- [
- 'server' => [
- 'HTTP_REQUESTTOKEN' => 'AAAHGxsTCTc3BgMQESAcNR0OAR0=:MyTotalSecretShareds',
- ],
- 'cookies' => [
- 'nc_token' => 'asdf',
- ],
- ],
- $this->requestId,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- ])
- ->getMock();
- $this->assertFalse($request->passesStrictCookieCheck());
- }
- public function testFailsCSRFCheckWithPostAndWithCookies() {
- /** @var Request $request */
- $request = $this->getMockBuilder('\OC\AppFramework\Http\Request')
- ->setMethods(['getScriptName'])
- ->setConstructorArgs([
- [
- 'post' => [
- 'requesttoken' => 'AAAHGxsTCTc3BgMQESAcNR0OAR0=:MyTotalSecretShareds',
- ],
- 'cookies' => [
- session_name() => 'asdf',
- 'foo' => 'bar',
- ],
- ],
- $this->requestId,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- ])
- ->getMock();
- $this->csrfTokenManager
- ->expects($this->never())
- ->method('isTokenValid');
- $this->assertFalse($request->passesCSRFCheck());
- }
- public function testFailStrictCookieCheckWithOnlyLaxCookie() {
- /** @var Request $request */
- $request = $this->getMockBuilder('\OC\AppFramework\Http\Request')
- ->setMethods(['getScriptName'])
- ->setConstructorArgs([
- [
- 'server' => [
- 'HTTP_REQUESTTOKEN' => 'AAAHGxsTCTc3BgMQESAcNR0OAR0=:MyTotalSecretShareds',
- ],
- 'cookies' => [
- session_name() => 'asdf',
- 'nc_sameSiteCookielax' => 'true',
- ],
- ],
- $this->requestId,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- ])
- ->getMock();
- $this->assertFalse($request->passesStrictCookieCheck());
- }
- public function testFailStrictCookieCheckWithOnlyStrictCookie() {
- /** @var Request $request */
- $request = $this->getMockBuilder('\OC\AppFramework\Http\Request')
- ->setMethods(['getScriptName'])
- ->setConstructorArgs([
- [
- 'server' => [
- 'HTTP_REQUESTTOKEN' => 'AAAHGxsTCTc3BgMQESAcNR0OAR0=:MyTotalSecretShareds',
- ],
- 'cookies' => [
- session_name() => 'asdf',
- 'nc_sameSiteCookiestrict' => 'true',
- ],
- ],
- $this->requestId,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- ])
- ->getMock();
- $this->assertFalse($request->passesStrictCookieCheck());
- }
- public function testPassesLaxCookieCheck() {
- /** @var Request $request */
- $request = $this->getMockBuilder('\OC\AppFramework\Http\Request')
- ->setMethods(['getScriptName'])
- ->setConstructorArgs([
- [
- 'server' => [
- 'HTTP_REQUESTTOKEN' => 'AAAHGxsTCTc3BgMQESAcNR0OAR0=:MyTotalSecretShareds',
- ],
- 'cookies' => [
- session_name() => 'asdf',
- 'nc_sameSiteCookielax' => 'true',
- ],
- ],
- $this->requestId,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- ])
- ->getMock();
- $this->assertTrue($request->passesLaxCookieCheck());
- }
- public function testFailsLaxCookieCheckWithOnlyStrictCookie() {
- /** @var Request $request */
- $request = $this->getMockBuilder('\OC\AppFramework\Http\Request')
- ->setMethods(['getScriptName'])
- ->setConstructorArgs([
- [
- 'server' => [
- 'HTTP_REQUESTTOKEN' => 'AAAHGxsTCTc3BgMQESAcNR0OAR0=:MyTotalSecretShareds',
- ],
- 'cookies' => [
- session_name() => 'asdf',
- 'nc_sameSiteCookiestrict' => 'true',
- ],
- ],
- $this->requestId,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- ])
- ->getMock();
- $this->assertFalse($request->passesLaxCookieCheck());
- }
- public function testSkipCookieCheckForOCSRequests() {
- /** @var Request $request */
- $request = $this->getMockBuilder('\OC\AppFramework\Http\Request')
- ->setMethods(['getScriptName'])
- ->setConstructorArgs([
- [
- 'server' => [
- 'HTTP_REQUESTTOKEN' => 'AAAHGxsTCTc3BgMQESAcNR0OAR0=:MyTotalSecretShareds',
- 'HTTP_OCS_APIREQUEST' => 'true',
- ],
- 'cookies' => [
- session_name() => 'asdf',
- 'nc_sameSiteCookiestrict' => 'false',
- ],
- ],
- $this->requestId,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- ])
- ->getMock();
- $this->assertTrue($request->passesStrictCookieCheck());
- }
- /**
- * @return array
- */
- public function invalidTokenDataProvider() {
- return [
- ['InvalidSentToken'],
- ['InvalidSentToken:InvalidSecret'],
- [''],
- ];
- }
- /**
- * @dataProvider invalidTokenDataProvider
- * @param string $invalidToken
- */
- public function testPassesCSRFCheckWithInvalidToken($invalidToken) {
- /** @var Request $request */
- $request = $this->getMockBuilder('\OC\AppFramework\Http\Request')
- ->setMethods(['getScriptName'])
- ->setConstructorArgs([
- [
- 'server' => [
- 'HTTP_REQUESTTOKEN' => $invalidToken,
- ],
- ],
- $this->requestId,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- ])
- ->getMock();
- $token = new CsrfToken($invalidToken);
- $this->csrfTokenManager
- ->expects($this->any())
- ->method('isTokenValid')
- ->with($token)
- ->willReturn(false);
- $this->assertFalse($request->passesCSRFCheck());
- }
- public function testPassesCSRFCheckWithoutTokenFail() {
- /** @var Request $request */
- $request = $this->getMockBuilder('\OC\AppFramework\Http\Request')
- ->setMethods(['getScriptName'])
- ->setConstructorArgs([
- [],
- $this->requestId,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- ])
- ->getMock();
- $this->assertFalse($request->passesCSRFCheck());
- }
- }
|