123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639 |
- <?php
- declare(strict_types=1);
- /**
- * SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors
- * SPDX-FileCopyrightText: 2016 ownCloud, Inc.
- * SPDX-License-Identifier: AGPL-3.0-only
- */
- namespace Tests\Core\Controller;
- use OC\Authentication\Login\Chain as LoginChain;
- use OC\Authentication\Login\LoginData;
- use OC\Authentication\Login\LoginResult;
- use OC\Authentication\TwoFactorAuth\Manager;
- use OC\Core\Controller\LoginController;
- use OC\User\Session;
- use OCP\App\IAppManager;
- use OCP\AppFramework\Http\RedirectResponse;
- use OCP\AppFramework\Http\TemplateResponse;
- use OCP\AppFramework\Services\IInitialState;
- use OCP\Defaults;
- use OCP\IConfig;
- use OCP\IL10N;
- use OCP\IRequest;
- use OCP\ISession;
- use OCP\IURLGenerator;
- use OCP\IUser;
- use OCP\IUserManager;
- use OCP\Notification\IManager;
- use OCP\Security\Bruteforce\IThrottler;
- use PHPUnit\Framework\MockObject\MockObject;
- use Test\TestCase;
- class LoginControllerTest extends TestCase {
- /** @var LoginController */
- private $loginController;
- /** @var IRequest|MockObject */
- private $request;
- /** @var IUserManager|MockObject */
- private $userManager;
- /** @var IConfig|MockObject */
- private $config;
- /** @var ISession|MockObject */
- private $session;
- /** @var Session|MockObject */
- private $userSession;
- /** @var IURLGenerator|MockObject */
- private $urlGenerator;
- /** @var Manager|MockObject */
- private $twoFactorManager;
- /** @var Defaults|MockObject */
- private $defaults;
- /** @var IThrottler|MockObject */
- private $throttler;
- /** @var IInitialState|MockObject */
- private $initialState;
- /** @var \OC\Authentication\WebAuthn\Manager|MockObject */
- private $webAuthnManager;
- /** @var IManager|MockObject */
- private $notificationManager;
- /** @var IL10N|MockObject */
- private $l;
- /** @var IAppManager|MockObject */
- private $appManager;
- protected function setUp(): void {
- parent::setUp();
- $this->request = $this->createMock(IRequest::class);
- $this->userManager = $this->createMock(\OC\User\Manager::class);
- $this->config = $this->createMock(IConfig::class);
- $this->session = $this->createMock(ISession::class);
- $this->userSession = $this->createMock(Session::class);
- $this->urlGenerator = $this->createMock(IURLGenerator::class);
- $this->twoFactorManager = $this->createMock(Manager::class);
- $this->defaults = $this->createMock(Defaults::class);
- $this->throttler = $this->createMock(IThrottler::class);
- $this->initialState = $this->createMock(IInitialState::class);
- $this->webAuthnManager = $this->createMock(\OC\Authentication\WebAuthn\Manager::class);
- $this->notificationManager = $this->createMock(IManager::class);
- $this->l = $this->createMock(IL10N::class);
- $this->appManager = $this->createMock(IAppManager::class);
- $this->l->expects($this->any())
- ->method('t')
- ->willReturnCallback(function ($text, $parameters = []) {
- return vsprintf($text, $parameters);
- });
- $this->request->method('getRemoteAddress')
- ->willReturn('1.2.3.4');
- $this->throttler->method('getDelay')
- ->with(
- $this->equalTo('1.2.3.4'),
- $this->equalTo('')
- )->willReturn(1000);
- $this->loginController = new LoginController(
- 'core',
- $this->request,
- $this->userManager,
- $this->config,
- $this->session,
- $this->userSession,
- $this->urlGenerator,
- $this->defaults,
- $this->throttler,
- $this->initialState,
- $this->webAuthnManager,
- $this->notificationManager,
- $this->l,
- $this->appManager,
- );
- }
- public function testLogoutWithoutToken() {
- $this->request
- ->expects($this->once())
- ->method('getCookie')
- ->with('nc_token')
- ->willReturn(null);
- $this->request
- ->method('getServerProtocol')
- ->willReturn('https');
- $this->request
- ->expects($this->once())
- ->method('isUserAgent')
- ->willReturn(false);
- $this->config
- ->expects($this->never())
- ->method('deleteUserValue');
- $this->urlGenerator
- ->expects($this->once())
- ->method('linkToRouteAbsolute')
- ->with('core.login.showLoginForm')
- ->willReturn('/login');
- $expected = new RedirectResponse('/login');
- $expected->addHeader('Clear-Site-Data', '"cache", "storage"');
- $this->assertEquals($expected, $this->loginController->logout());
- }
- public function testLogoutNoClearSiteData() {
- $this->request
- ->expects($this->once())
- ->method('getCookie')
- ->with('nc_token')
- ->willReturn(null);
- $this->request
- ->method('getServerProtocol')
- ->willReturn('https');
- $this->request
- ->expects($this->once())
- ->method('isUserAgent')
- ->willReturn(true);
- $this->urlGenerator
- ->expects($this->once())
- ->method('linkToRouteAbsolute')
- ->with('core.login.showLoginForm')
- ->willReturn('/login');
- $expected = new RedirectResponse('/login');
- $this->assertEquals($expected, $this->loginController->logout());
- }
- public function testLogoutWithToken() {
- $this->request
- ->expects($this->once())
- ->method('getCookie')
- ->with('nc_token')
- ->willReturn('MyLoginToken');
- $this->request
- ->method('getServerProtocol')
- ->willReturn('https');
- $this->request
- ->expects($this->once())
- ->method('isUserAgent')
- ->willReturn(false);
- $user = $this->createMock(IUser::class);
- $user
- ->expects($this->once())
- ->method('getUID')
- ->willReturn('JohnDoe');
- $this->userSession
- ->expects($this->once())
- ->method('getUser')
- ->willReturn($user);
- $this->config
- ->expects($this->once())
- ->method('deleteUserValue')
- ->with('JohnDoe', 'login_token', 'MyLoginToken');
- $this->urlGenerator
- ->expects($this->once())
- ->method('linkToRouteAbsolute')
- ->with('core.login.showLoginForm')
- ->willReturn('/login');
- $expected = new RedirectResponse('/login');
- $expected->addHeader('Clear-Site-Data', '"cache", "storage"');
- $this->assertEquals($expected, $this->loginController->logout());
- }
- public function testShowLoginFormForLoggedInUsers() {
- $this->userSession
- ->expects($this->once())
- ->method('isLoggedIn')
- ->willReturn(true);
- $this->urlGenerator
- ->expects($this->once())
- ->method('linkToDefaultPageUrl')
- ->willReturn('/default/foo');
- $expectedResponse = new RedirectResponse('/default/foo');
- $this->assertEquals($expectedResponse, $this->loginController->showLoginForm('', ''));
- }
- public function testShowLoginFormWithErrorsInSession() {
- $this->userSession
- ->expects($this->once())
- ->method('isLoggedIn')
- ->willReturn(false);
- $this->session
- ->expects($this->once())
- ->method('get')
- ->with('loginMessages')
- ->willReturn(
- [
- [
- 'ErrorArray1',
- 'ErrorArray2',
- ],
- [
- 'MessageArray1',
- 'MessageArray2',
- ],
- ]
- );
- $this->initialState->expects($this->exactly(13))
- ->method('provideInitialState')
- ->withConsecutive([
- 'loginMessages',
- [
- 'MessageArray1',
- 'MessageArray2',
- 'This community release of Nextcloud is unsupported and push notifications are limited.',
- ],
- ],
- [
- 'loginErrors',
- [
- 'ErrorArray1',
- 'ErrorArray2',
- ],
- ],
- [
- 'loginUsername',
- '',
- ]);
- $expectedResponse = new TemplateResponse(
- 'core',
- 'login',
- [
- 'alt_login' => [],
- 'pageTitle' => 'Login'
- ],
- 'guest'
- );
- $this->assertEquals($expectedResponse, $this->loginController->showLoginForm('', ''));
- }
- public function testShowLoginFormForFlowAuth() {
- $this->userSession
- ->expects($this->once())
- ->method('isLoggedIn')
- ->willReturn(false);
- $this->initialState->expects($this->exactly(14))
- ->method('provideInitialState')
- ->withConsecutive([], [], [], [
- 'loginAutocomplete',
- false
- ], [
- 'loginRedirectUrl',
- 'login/flow'
- ]);
- $expectedResponse = new TemplateResponse(
- 'core',
- 'login',
- [
- 'alt_login' => [],
- 'pageTitle' => 'Login'
- ],
- 'guest'
- );
- $this->assertEquals($expectedResponse, $this->loginController->showLoginForm('', 'login/flow'));
- }
- /**
- * @return array
- */
- public function passwordResetDataProvider(): array {
- return [
- [
- true,
- true,
- ],
- [
- false,
- false,
- ],
- ];
- }
- /**
- * @dataProvider passwordResetDataProvider
- */
- public function testShowLoginFormWithPasswordResetOption($canChangePassword,
- $expectedResult) {
- $this->userSession
- ->expects($this->once())
- ->method('isLoggedIn')
- ->willReturn(false);
- $this->config
- ->expects(self::once())
- ->method('getSystemValue')
- ->willReturnMap([
- ['login_form_autocomplete', true, true],
- ]);
- $this->config
- ->expects(self::once())
- ->method('getSystemValueString')
- ->willReturnMap([
- ['lost_password_link', '', ''],
- ]);
- $user = $this->createMock(IUser::class);
- $user
- ->expects($this->once())
- ->method('canChangePassword')
- ->willReturn($canChangePassword);
- $this->userManager
- ->expects($this->once())
- ->method('get')
- ->with('LdapUser')
- ->willReturn($user);
- $this->initialState->expects($this->exactly(13))
- ->method('provideInitialState')
- ->withConsecutive([], [], [
- 'loginUsername',
- 'LdapUser'
- ], [], [], [], [
- 'loginCanResetPassword',
- $expectedResult
- ]);
- $expectedResponse = new TemplateResponse(
- 'core',
- 'login',
- [
- 'alt_login' => [],
- 'pageTitle' => 'Login'
- ],
- 'guest'
- );
- $this->assertEquals($expectedResponse, $this->loginController->showLoginForm('LdapUser', ''));
- }
- public function testShowLoginFormForUserNamed0() {
- $this->userSession
- ->expects($this->once())
- ->method('isLoggedIn')
- ->willReturn(false);
- $this->config
- ->expects(self::once())
- ->method('getSystemValue')
- ->willReturnMap([
- ['login_form_autocomplete', true, true],
- ]);
- $this->config
- ->expects(self::once())
- ->method('getSystemValueString')
- ->willReturnMap([
- ['lost_password_link', '', ''],
- ]);
- $user = $this->createMock(IUser::class);
- $user->expects($this->once())
- ->method('canChangePassword')
- ->willReturn(false);
- $this->userManager
- ->expects($this->once())
- ->method('get')
- ->with('0')
- ->willReturn($user);
- $this->initialState->expects($this->exactly(13))
- ->method('provideInitialState')
- ->withConsecutive([], [], [], [
- 'loginAutocomplete',
- true
- ], [], [
- 'loginResetPasswordLink',
- false
- ], [
- 'loginCanResetPassword',
- false
- ]);
- $expectedResponse = new TemplateResponse(
- 'core',
- 'login',
- [
- 'alt_login' => [],
- 'pageTitle' => 'Login'
- ],
- 'guest'
- );
- $this->assertEquals($expectedResponse, $this->loginController->showLoginForm('0', ''));
- }
- public function testLoginWithInvalidCredentials(): void {
- $user = 'MyUserName';
- $password = 'secret';
- $loginPageUrl = '/login?redirect_url=/apps/files';
- $loginChain = $this->createMock(LoginChain::class);
- $this->request
- ->expects($this->once())
- ->method('passesCSRFCheck')
- ->willReturn(true);
- $loginData = new LoginData(
- $this->request,
- $user,
- $password,
- '/apps/files'
- );
- $loginResult = LoginResult::failure($loginData, LoginController::LOGIN_MSG_INVALIDPASSWORD);
- $loginChain->expects($this->once())
- ->method('process')
- ->with($this->equalTo($loginData))
- ->willReturn($loginResult);
- $this->urlGenerator->expects($this->once())
- ->method('linkToRoute')
- ->with('core.login.showLoginForm', [
- 'user' => $user,
- 'redirect_url' => '/apps/files',
- 'direct' => 1,
- ])
- ->willReturn($loginPageUrl);
- $expected = new RedirectResponse($loginPageUrl);
- $expected->throttle(['user' => 'MyUserName']);
- $response = $this->loginController->tryLogin($loginChain, $user, $password, '/apps/files');
- $this->assertEquals($expected, $response);
- }
- public function testLoginWithValidCredentials() {
- $user = 'MyUserName';
- $password = 'secret';
- $loginChain = $this->createMock(LoginChain::class);
- $this->request
- ->expects($this->once())
- ->method('passesCSRFCheck')
- ->willReturn(true);
- $loginData = new LoginData(
- $this->request,
- $user,
- $password
- );
- $loginResult = LoginResult::success($loginData);
- $loginChain->expects($this->once())
- ->method('process')
- ->with($this->equalTo($loginData))
- ->willReturn($loginResult);
- $this->urlGenerator
- ->expects($this->once())
- ->method('linkToDefaultPageUrl')
- ->willReturn('/default/foo');
- $expected = new RedirectResponse('/default/foo');
- $this->assertEquals($expected, $this->loginController->tryLogin($loginChain, $user, $password));
- }
- public function testLoginWithoutPassedCsrfCheckAndNotLoggedIn(): void {
- /** @var IUser|MockObject $user */
- $user = $this->createMock(IUser::class);
- $user->expects($this->any())
- ->method('getUID')
- ->willReturn('jane');
- $password = 'secret';
- $originalUrl = 'another%20url';
- $loginChain = $this->createMock(LoginChain::class);
- $this->request
- ->expects($this->once())
- ->method('passesCSRFCheck')
- ->willReturn(false);
- $this->userSession
- ->method('isLoggedIn')
- ->with()
- ->willReturn(false);
- $this->config->expects($this->never())
- ->method('deleteUserValue');
- $this->userSession->expects($this->never())
- ->method('createRememberMeToken');
- $response = $this->loginController->tryLogin($loginChain, 'Jane', $password, $originalUrl);
- $expected = new RedirectResponse('');
- $expected->throttle(['user' => 'Jane']);
- $this->assertEquals($expected, $response);
- }
- public function testLoginWithoutPassedCsrfCheckAndLoggedIn() {
- /** @var IUser|MockObject $user */
- $user = $this->createMock(IUser::class);
- $user->expects($this->any())
- ->method('getUID')
- ->willReturn('jane');
- $password = 'secret';
- $originalUrl = 'another url';
- $redirectUrl = 'http://localhost/another url';
- $loginChain = $this->createMock(LoginChain::class);
- $this->request
- ->expects($this->once())
- ->method('passesCSRFCheck')
- ->willReturn(false);
- $this->userSession
- ->method('isLoggedIn')
- ->with()
- ->willReturn(true);
- $this->urlGenerator->expects($this->once())
- ->method('getAbsoluteURL')
- ->with(urldecode($originalUrl))
- ->willReturn($redirectUrl);
- $this->config->expects($this->never())
- ->method('deleteUserValue');
- $this->userSession->expects($this->never())
- ->method('createRememberMeToken');
- $this->config
- ->method('getSystemValue')
- ->with('remember_login_cookie_lifetime')
- ->willReturn(1234);
- $response = $this->loginController->tryLogin($loginChain, 'Jane', $password, $originalUrl);
- $expected = new RedirectResponse($redirectUrl);
- $this->assertEquals($expected, $response);
- }
- public function testLoginWithValidCredentialsAndRedirectUrl() {
- $user = 'MyUserName';
- $password = 'secret';
- $redirectUrl = 'https://next.cloud/apps/mail';
- $loginChain = $this->createMock(LoginChain::class);
- $this->request
- ->expects($this->once())
- ->method('passesCSRFCheck')
- ->willReturn(true);
- $loginData = new LoginData(
- $this->request,
- $user,
- $password,
- '/apps/mail'
- );
- $loginResult = LoginResult::success($loginData);
- $loginChain->expects($this->once())
- ->method('process')
- ->with($this->equalTo($loginData))
- ->willReturn($loginResult);
- $this->userSession->expects($this->once())
- ->method('isLoggedIn')
- ->willReturn(true);
- $this->urlGenerator->expects($this->once())
- ->method('getAbsoluteURL')
- ->with('/apps/mail')
- ->willReturn($redirectUrl);
- $expected = new RedirectResponse($redirectUrl);
- $response = $this->loginController->tryLogin($loginChain, $user, $password, '/apps/mail');
- $this->assertEquals($expected, $response);
- }
- public function testToNotLeakLoginName() {
- $loginChain = $this->createMock(LoginChain::class);
- $this->request
- ->expects($this->once())
- ->method('passesCSRFCheck')
- ->willReturn(true);
- $loginPageUrl = '/login?redirect_url=/apps/files';
- $loginData = new LoginData(
- $this->request,
- 'john@doe.com',
- 'just wrong',
- '/apps/files'
- );
- $loginResult = LoginResult::failure($loginData, LoginController::LOGIN_MSG_INVALIDPASSWORD);
- $loginChain->expects($this->once())
- ->method('process')
- ->with($this->equalTo($loginData))
- ->willReturnCallback(function (LoginData $data) use ($loginResult) {
- $data->setUsername('john');
- return $loginResult;
- });
- $this->urlGenerator->expects($this->once())
- ->method('linkToRoute')
- ->with('core.login.showLoginForm', [
- 'user' => 'john@doe.com',
- 'redirect_url' => '/apps/files',
- 'direct' => 1,
- ])
- ->willReturn($loginPageUrl);
- $expected = new RedirectResponse($loginPageUrl);
- $expected->throttle(['user' => 'john']);
- $response = $this->loginController->tryLogin(
- $loginChain,
- 'john@doe.com',
- 'just wrong',
- '/apps/files'
- );
- $this->assertEquals($expected, $response);
- }
- }
|