123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748 |
- <?php
- /**
- * SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors
- * SPDX-FileCopyrightText: 2016 ownCloud, Inc.
- * SPDX-License-Identifier: AGPL-3.0-only
- */
- namespace Test\AppFramework\Middleware\Security;
- use OC\AppFramework\Http;
- use OC\AppFramework\Http\Request;
- use OC\AppFramework\Middleware\Security\Exceptions\AppNotEnabledException;
- use OC\AppFramework\Middleware\Security\Exceptions\CrossSiteRequestForgeryException;
- use OC\AppFramework\Middleware\Security\Exceptions\ExAppRequiredException;
- use OC\AppFramework\Middleware\Security\Exceptions\NotAdminException;
- use OC\AppFramework\Middleware\Security\Exceptions\NotLoggedInException;
- use OC\AppFramework\Middleware\Security\Exceptions\SecurityException;
- use OC\Appframework\Middleware\Security\Exceptions\StrictCookieMissingException;
- use OC\AppFramework\Middleware\Security\SecurityMiddleware;
- use OC\AppFramework\Utility\ControllerMethodReflector;
- use OC\Settings\AuthorizedGroupMapper;
- use OC\User\Session;
- use OCP\App\IAppManager;
- use OCP\AppFramework\Http\JSONResponse;
- use OCP\AppFramework\Http\RedirectResponse;
- use OCP\AppFramework\Http\TemplateResponse;
- use OCP\Group\ISubAdmin;
- use OCP\IConfig;
- use OCP\IGroupManager;
- use OCP\IL10N;
- use OCP\INavigationManager;
- use OCP\IRequest;
- use OCP\IRequestId;
- use OCP\ISession;
- use OCP\IURLGenerator;
- use OCP\IUser;
- use OCP\IUserSession;
- use OCP\Security\Ip\IRemoteAddress;
- use Psr\Log\LoggerInterface;
- use Test\AppFramework\Middleware\Security\Mock\NormalController;
- use Test\AppFramework\Middleware\Security\Mock\OCSController;
- use Test\AppFramework\Middleware\Security\Mock\SecurityMiddlewareController;
- class SecurityMiddlewareTest extends \Test\TestCase {
- /** @var SecurityMiddleware|\PHPUnit\Framework\MockObject\MockObject */
- private $middleware;
- /** @var SecurityMiddlewareController */
- private $controller;
- /** @var SecurityException */
- private $secException;
- /** @var SecurityException */
- private $secAjaxException;
- /** @var IRequest|\PHPUnit\Framework\MockObject\MockObject */
- private $request;
- /** @var ControllerMethodReflector */
- private $reader;
- /** @var LoggerInterface|\PHPUnit\Framework\MockObject\MockObject */
- private $logger;
- /** @var INavigationManager|\PHPUnit\Framework\MockObject\MockObject */
- private $navigationManager;
- /** @var IURLGenerator|\PHPUnit\Framework\MockObject\MockObject */
- private $urlGenerator;
- /** @var IAppManager|\PHPUnit\Framework\MockObject\MockObject */
- private $appManager;
- /** @var IL10N|\PHPUnit\Framework\MockObject\MockObject */
- private $l10n;
- /** @var IUserSession|\PHPUnit\Framework\MockObject\MockObject */
- private $userSession;
- /** @var AuthorizedGroupMapper|\PHPUnit\Framework\MockObject\MockObject */
- private $authorizedGroupMapper;
- protected function setUp(): void {
- parent::setUp();
- $this->authorizedGroupMapper = $this->createMock(AuthorizedGroupMapper::class);
- $this->userSession = $this->createMock(Session::class);
- $user = $this->createMock(IUser::class);
- $user->method('getUID')->willReturn('test');
- $this->userSession->method('getUser')->willReturn($user);
- $this->request = $this->createMock(IRequest::class);
- $this->controller = new SecurityMiddlewareController(
- 'test',
- $this->request
- );
- $this->reader = new ControllerMethodReflector();
- $this->logger = $this->createMock(LoggerInterface::class);
- $this->navigationManager = $this->createMock(INavigationManager::class);
- $this->urlGenerator = $this->createMock(IURLGenerator::class);
- $this->l10n = $this->createMock(IL10N::class);
- $this->middleware = $this->getMiddleware(true, true, false);
- $this->secException = new SecurityException('hey', false);
- $this->secAjaxException = new SecurityException('hey', true);
- }
- private function getMiddleware(bool $isLoggedIn, bool $isAdminUser, bool $isSubAdmin, bool $isAppEnabledForUser = true): SecurityMiddleware {
- $this->appManager = $this->createMock(IAppManager::class);
- $this->appManager->expects($this->any())
- ->method('isEnabledForUser')
- ->willReturn($isAppEnabledForUser);
- $remoteIpAddress = $this->createMock(IRemoteAddress::class);
- $remoteIpAddress->method('allowsAdminActions')->willReturn(true);
- $groupManager = $this->createMock(IGroupManager::class);
- $groupManager->method('isAdmin')
- ->willReturn($isAdminUser);
- $subAdminManager = $this->createMock(ISubAdmin::class);
- $subAdminManager->method('isSubAdmin')
- ->willReturn($isSubAdmin);
- return new SecurityMiddleware(
- $this->request,
- $this->reader,
- $this->navigationManager,
- $this->urlGenerator,
- $this->logger,
- 'files',
- $isLoggedIn,
- $groupManager,
- $subAdminManager,
- $this->appManager,
- $this->l10n,
- $this->authorizedGroupMapper,
- $this->userSession,
- $remoteIpAddress
- );
- }
- public function dataNoCSRFRequiredPublicPage(): array {
- return [
- ['testAnnotationNoCSRFRequiredPublicPage'],
- ['testAnnotationNoCSRFRequiredAttributePublicPage'],
- ['testAnnotationPublicPageAttributeNoCSRFRequired'],
- ['testAttributeNoCSRFRequiredPublicPage'],
- ];
- }
- public function dataPublicPage(): array {
- return [
- ['testAnnotationPublicPage'],
- ['testAttributePublicPage'],
- ];
- }
- public function dataNoCSRFRequired(): array {
- return [
- ['testAnnotationNoCSRFRequired'],
- ['testAttributeNoCSRFRequired'],
- ];
- }
- public function dataPublicPageStrictCookieRequired(): array {
- return [
- ['testAnnotationPublicPageStrictCookieRequired'],
- ['testAnnotationStrictCookieRequiredAttributePublicPage'],
- ['testAnnotationPublicPageAttributeStrictCookiesRequired'],
- ['testAttributePublicPageStrictCookiesRequired'],
- ];
- }
- public function dataNoCSRFRequiredPublicPageStrictCookieRequired(): array {
- return [
- ['testAnnotationNoCSRFRequiredPublicPageStrictCookieRequired'],
- ['testAttributeNoCSRFRequiredPublicPageStrictCookiesRequired'],
- ];
- }
- public function dataNoAdminRequiredNoCSRFRequired(): array {
- return [
- ['testAnnotationNoAdminRequiredNoCSRFRequired'],
- ['testAttributeNoAdminRequiredNoCSRFRequired'],
- ];
- }
- public function dataNoAdminRequiredNoCSRFRequiredPublicPage(): array {
- return [
- ['testAnnotationNoAdminRequiredNoCSRFRequiredPublicPage'],
- ['testAttributeNoAdminRequiredNoCSRFRequiredPublicPage'],
- ];
- }
- public function dataNoCSRFRequiredSubAdminRequired(): array {
- return [
- ['testAnnotationNoCSRFRequiredSubAdminRequired'],
- ['testAnnotationNoCSRFRequiredAttributeSubAdminRequired'],
- ['testAnnotationSubAdminRequiredAttributeNoCSRFRequired'],
- ['testAttributeNoCSRFRequiredSubAdminRequired'],
- ];
- }
- public static function dataExAppRequired(): array {
- return [
- ['testAnnotationExAppRequired'],
- ['testAttributeExAppRequired'],
- ];
- }
- /**
- * @dataProvider dataNoCSRFRequiredPublicPage
- */
- public function testSetNavigationEntry(string $method): void {
- $this->navigationManager->expects($this->once())
- ->method('setActiveEntry')
- ->with($this->equalTo('files'));
- $this->reader->reflect($this->controller, $method);
- $this->middleware->beforeController($this->controller, $method);
- }
- /**
- * @param string $method
- * @param string $test
- */
- private function ajaxExceptionStatus($method, $test, $status) {
- $isLoggedIn = false;
- $isAdminUser = false;
- // isAdminUser requires isLoggedIn call to return true
- if ($test === 'isAdminUser') {
- $isLoggedIn = true;
- }
- $sec = $this->getMiddleware($isLoggedIn, $isAdminUser, false);
- try {
- $this->reader->reflect($this->controller, $method);
- $sec->beforeController($this->controller, $method);
- } catch (SecurityException $ex) {
- $this->assertEquals($status, $ex->getCode());
- }
- // add assertion if everything should work fine otherwise phpunit will
- // complain
- if ($status === 0) {
- $this->addToAssertionCount(1);
- }
- }
- public function testAjaxStatusLoggedInCheck(): void {
- $this->ajaxExceptionStatus(
- 'testNoAnnotationNorAttribute',
- 'isLoggedIn',
- Http::STATUS_UNAUTHORIZED
- );
- }
- /**
- * @dataProvider dataNoCSRFRequired
- */
- public function testAjaxNotAdminCheck(string $method): void {
- $this->ajaxExceptionStatus(
- $method,
- 'isAdminUser',
- Http::STATUS_FORBIDDEN
- );
- }
- /**
- * @dataProvider dataPublicPage
- */
- public function testAjaxStatusCSRFCheck(string $method): void {
- $this->ajaxExceptionStatus(
- $method,
- 'passesCSRFCheck',
- Http::STATUS_PRECONDITION_FAILED
- );
- }
- /**
- * @dataProvider dataNoCSRFRequiredPublicPage
- */
- public function testAjaxStatusAllGood(string $method): void {
- $this->ajaxExceptionStatus(
- $method,
- 'isLoggedIn',
- 0
- );
- $this->ajaxExceptionStatus(
- $method,
- 'isAdminUser',
- 0
- );
- $this->ajaxExceptionStatus(
- $method,
- 'passesCSRFCheck',
- 0
- );
- }
- /**
- * @dataProvider dataNoCSRFRequiredPublicPage
- */
- public function testNoChecks(string $method): void {
- $this->request->expects($this->never())
- ->method('passesCSRFCheck')
- ->willReturn(false);
- $sec = $this->getMiddleware(false, false, false);
- $this->reader->reflect($this->controller, $method);
- $sec->beforeController($this->controller, $method);
- }
- /**
- * @param string $method
- * @param string $expects
- */
- private function securityCheck($method, $expects, $shouldFail = false) {
- // admin check requires login
- if ($expects === 'isAdminUser') {
- $isLoggedIn = true;
- $isAdminUser = !$shouldFail;
- } else {
- $isLoggedIn = !$shouldFail;
- $isAdminUser = false;
- }
- $sec = $this->getMiddleware($isLoggedIn, $isAdminUser, false);
- if ($shouldFail) {
- $this->expectException(SecurityException::class);
- } else {
- $this->addToAssertionCount(1);
- }
- $this->reader->reflect($this->controller, $method);
- $sec->beforeController($this->controller, $method);
- }
- /**
- * @dataProvider dataPublicPage
- */
- public function testCsrfCheck(string $method): void {
- $this->expectException(\OC\AppFramework\Middleware\Security\Exceptions\CrossSiteRequestForgeryException::class);
- $this->request->expects($this->once())
- ->method('passesCSRFCheck')
- ->willReturn(false);
- $this->request->expects($this->once())
- ->method('passesStrictCookieCheck')
- ->willReturn(true);
- $this->reader->reflect($this->controller, $method);
- $this->middleware->beforeController($this->controller, $method);
- }
- /**
- * @dataProvider dataNoCSRFRequiredPublicPage
- */
- public function testNoCsrfCheck(string $method): void {
- $this->request->expects($this->never())
- ->method('passesCSRFCheck')
- ->willReturn(false);
- $this->reader->reflect($this->controller, $method);
- $this->middleware->beforeController($this->controller, $method);
- }
- /**
- * @dataProvider dataPublicPage
- */
- public function testPassesCsrfCheck(string $method): void {
- $this->request->expects($this->once())
- ->method('passesCSRFCheck')
- ->willReturn(true);
- $this->request->expects($this->once())
- ->method('passesStrictCookieCheck')
- ->willReturn(true);
- $this->reader->reflect($this->controller, $method);
- $this->middleware->beforeController($this->controller, $method);
- }
- /**
- * @dataProvider dataPublicPage
- */
- public function testFailCsrfCheck(string $method): void {
- $this->expectException(\OC\AppFramework\Middleware\Security\Exceptions\CrossSiteRequestForgeryException::class);
- $this->request->expects($this->once())
- ->method('passesCSRFCheck')
- ->willReturn(false);
- $this->request->expects($this->once())
- ->method('passesStrictCookieCheck')
- ->willReturn(true);
- $this->reader->reflect($this->controller, $method);
- $this->middleware->beforeController($this->controller, $method);
- }
- /**
- * @dataProvider dataPublicPageStrictCookieRequired
- */
- public function testStrictCookieRequiredCheck(string $method): void {
- $this->expectException(\OC\AppFramework\Middleware\Security\Exceptions\StrictCookieMissingException::class);
- $this->request->expects($this->never())
- ->method('passesCSRFCheck');
- $this->request->expects($this->once())
- ->method('passesStrictCookieCheck')
- ->willReturn(false);
- $this->reader->reflect($this->controller, $method);
- $this->middleware->beforeController($this->controller, $method);
- }
- /**
- * @dataProvider dataNoCSRFRequiredPublicPage
- */
- public function testNoStrictCookieRequiredCheck(string $method): void {
- $this->request->expects($this->never())
- ->method('passesStrictCookieCheck')
- ->willReturn(false);
- $this->reader->reflect($this->controller, $method);
- $this->middleware->beforeController($this->controller, $method);
- }
- /**
- * @dataProvider dataNoCSRFRequiredPublicPageStrictCookieRequired
- */
- public function testPassesStrictCookieRequiredCheck(string $method): void {
- $this->request
- ->expects($this->once())
- ->method('passesStrictCookieCheck')
- ->willReturn(true);
- $this->reader->reflect($this->controller, $method);
- $this->middleware->beforeController($this->controller, $method);
- }
- public function dataCsrfOcsController(): array {
- return [
- [NormalController::class, false, false, true],
- [NormalController::class, false, true, true],
- [NormalController::class, true, false, true],
- [NormalController::class, true, true, true],
- [OCSController::class, false, false, true],
- [OCSController::class, false, true, false],
- [OCSController::class, true, false, false],
- [OCSController::class, true, true, false],
- ];
- }
- /**
- * @dataProvider dataCsrfOcsController
- * @param string $controllerClass
- * @param bool $hasOcsApiHeader
- * @param bool $hasBearerAuth
- * @param bool $exception
- */
- public function testCsrfOcsController(string $controllerClass, bool $hasOcsApiHeader, bool $hasBearerAuth, bool $exception): void {
- $this->request
- ->method('getHeader')
- ->willReturnCallback(function ($header) use ($hasOcsApiHeader, $hasBearerAuth) {
- if ($header === 'OCS-APIREQUEST' && $hasOcsApiHeader) {
- return 'true';
- }
- if ($header === 'Authorization' && $hasBearerAuth) {
- return 'Bearer TOKEN!';
- }
- return '';
- });
- $this->request->expects($this->once())
- ->method('passesStrictCookieCheck')
- ->willReturn(true);
- $controller = new $controllerClass('test', $this->request);
- try {
- $this->middleware->beforeController($controller, 'foo');
- $this->assertFalse($exception);
- } catch (CrossSiteRequestForgeryException $e) {
- $this->assertTrue($exception);
- }
- }
- /**
- * @dataProvider dataNoAdminRequiredNoCSRFRequired
- */
- public function testLoggedInCheck(string $method): void {
- $this->securityCheck($method, 'isLoggedIn');
- }
- /**
- * @dataProvider dataNoAdminRequiredNoCSRFRequired
- */
- public function testFailLoggedInCheck(string $method): void {
- $this->securityCheck($method, 'isLoggedIn', true);
- }
- /**
- * @dataProvider dataNoCSRFRequired
- */
- public function testIsAdminCheck(string $method): void {
- $this->securityCheck($method, 'isAdminUser');
- }
- /**
- * @dataProvider dataNoCSRFRequiredSubAdminRequired
- */
- public function testIsNotSubAdminCheck(string $method): void {
- $this->reader->reflect($this->controller, $method);
- $sec = $this->getMiddleware(true, false, false);
- $this->expectException(SecurityException::class);
- $sec->beforeController($this->controller, $method);
- }
- /**
- * @dataProvider dataNoCSRFRequiredSubAdminRequired
- */
- public function testIsSubAdminCheck(string $method): void {
- $this->reader->reflect($this->controller, $method);
- $sec = $this->getMiddleware(true, false, true);
- $sec->beforeController($this->controller, $method);
- $this->addToAssertionCount(1);
- }
- /**
- * @dataProvider dataNoCSRFRequiredSubAdminRequired
- */
- public function testIsSubAdminAndAdminCheck(string $method): void {
- $this->reader->reflect($this->controller, $method);
- $sec = $this->getMiddleware(true, true, true);
- $sec->beforeController($this->controller, $method);
- $this->addToAssertionCount(1);
- }
- /**
- * @dataProvider dataNoCSRFRequired
- */
- public function testFailIsAdminCheck(string $method): void {
- $this->securityCheck($method, 'isAdminUser', true);
- }
- /**
- * @dataProvider dataNoAdminRequiredNoCSRFRequiredPublicPage
- */
- public function testRestrictedAppLoggedInPublicPage(string $method): void {
- $middleware = $this->getMiddleware(true, false, false);
- $this->reader->reflect($this->controller, $method);
- $this->appManager->method('getAppPath')
- ->with('files')
- ->willReturn('foo');
- $this->appManager->method('isEnabledForUser')
- ->with('files')
- ->willReturn(false);
- $middleware->beforeController($this->controller, $method);
- $this->addToAssertionCount(1);
- }
- /**
- * @dataProvider dataNoAdminRequiredNoCSRFRequiredPublicPage
- */
- public function testRestrictedAppNotLoggedInPublicPage(string $method): void {
- $middleware = $this->getMiddleware(false, false, false);
- $this->reader->reflect($this->controller, $method);
- $this->appManager->method('getAppPath')
- ->with('files')
- ->willReturn('foo');
- $this->appManager->method('isEnabledForUser')
- ->with('files')
- ->willReturn(false);
- $middleware->beforeController($this->controller, $method);
- $this->addToAssertionCount(1);
- }
- /**
- * @dataProvider dataNoAdminRequiredNoCSRFRequired
- */
- public function testRestrictedAppLoggedIn(string $method): void {
- $middleware = $this->getMiddleware(true, false, false, false);
- $this->reader->reflect($this->controller, $method);
- $this->appManager->method('getAppPath')
- ->with('files')
- ->willReturn('foo');
- $this->expectException(AppNotEnabledException::class);
- $middleware->beforeController($this->controller, $method);
- }
- public function testAfterExceptionNotCaughtThrowsItAgain(): void {
- $ex = new \Exception();
- $this->expectException(\Exception::class);
- $this->middleware->afterException($this->controller, 'test', $ex);
- }
- public function testAfterExceptionReturnsRedirectForNotLoggedInUser(): void {
- $this->request = new Request(
- [
- 'server' =>
- [
- 'HTTP_ACCEPT' => 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
- 'REQUEST_URI' => 'nextcloud/index.php/apps/specialapp'
- ]
- ],
- $this->createMock(IRequestId::class),
- $this->createMock(IConfig::class)
- );
- $this->middleware = $this->getMiddleware(false, false, false);
- $this->urlGenerator
- ->expects($this->once())
- ->method('linkToRoute')
- ->with(
- 'core.login.showLoginForm',
- [
- 'redirect_url' => 'nextcloud/index.php/apps/specialapp',
- ]
- )
- ->willReturn('http://localhost/nextcloud/index.php/login?redirect_url=nextcloud/index.php/apps/specialapp');
- $this->logger
- ->expects($this->once())
- ->method('debug');
- $response = $this->middleware->afterException(
- $this->controller,
- 'test',
- new NotLoggedInException()
- );
- $expected = new RedirectResponse('http://localhost/nextcloud/index.php/login?redirect_url=nextcloud/index.php/apps/specialapp');
- $this->assertEquals($expected, $response);
- }
- public function testAfterExceptionRedirectsToWebRootAfterStrictCookieFail(): void {
- $this->request = new Request(
- [
- 'server' => [
- 'HTTP_ACCEPT' => 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
- 'REQUEST_URI' => 'nextcloud/index.php/apps/specialapp',
- ],
- ],
- $this->createMock(IRequestId::class),
- $this->createMock(IConfig::class)
- );
- $this->middleware = $this->getMiddleware(false, false, false);
- $response = $this->middleware->afterException(
- $this->controller,
- 'test',
- new StrictCookieMissingException()
- );
- $expected = new RedirectResponse(\OC::$WEBROOT . '/');
- $this->assertEquals($expected, $response);
- }
- /**
- * @return array
- */
- public function exceptionProvider() {
- return [
- [
- new AppNotEnabledException(),
- ],
- [
- new CrossSiteRequestForgeryException(),
- ],
- [
- new NotAdminException(''),
- ],
- ];
- }
- /**
- * @dataProvider exceptionProvider
- * @param SecurityException $exception
- */
- public function testAfterExceptionReturnsTemplateResponse(SecurityException $exception): void {
- $this->request = new Request(
- [
- 'server' =>
- [
- 'HTTP_ACCEPT' => 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
- 'REQUEST_URI' => 'nextcloud/index.php/apps/specialapp'
- ]
- ],
- $this->createMock(IRequestId::class),
- $this->createMock(IConfig::class)
- );
- $this->middleware = $this->getMiddleware(false, false, false);
- $this->logger
- ->expects($this->once())
- ->method('debug');
- $response = $this->middleware->afterException(
- $this->controller,
- 'test',
- $exception
- );
- $expected = new TemplateResponse('core', '403', ['message' => $exception->getMessage()], 'guest');
- $expected->setStatus($exception->getCode());
- $this->assertEquals($expected, $response);
- }
- public function testAfterAjaxExceptionReturnsJSONError(): void {
- $response = $this->middleware->afterException($this->controller, 'test',
- $this->secAjaxException);
- $this->assertTrue($response instanceof JSONResponse);
- }
- /**
- * @dataProvider dataExAppRequired
- */
- public function testExAppRequired(string $method): void {
- $middleware = $this->getMiddleware(true, false, false);
- $this->reader->reflect($this->controller, $method);
- $session = $this->createMock(ISession::class);
- $session->method('get')->with('app_api')->willReturn(true);
- $this->userSession->method('getSession')->willReturn($session);
- $this->request->expects($this->once())
- ->method('passesStrictCookieCheck')
- ->willReturn(true);
- $this->request->expects($this->once())
- ->method('passesCSRFCheck')
- ->willReturn(true);
- $middleware->beforeController($this->controller, $method);
- }
- /**
- * @dataProvider dataExAppRequired
- */
- public function testExAppRequiredError(string $method): void {
- $middleware = $this->getMiddleware(true, false, false, false);
- $this->reader->reflect($this->controller, $method);
- $session = $this->createMock(ISession::class);
- $session->method('get')->with('app_api')->willReturn(false);
- $this->userSession->method('getSession')->willReturn($session);
- $this->expectException(ExAppRequiredException::class);
- $middleware->beforeController($this->controller, $method);
- }
- }
|