CSRFTokenControllerTest.php 2.5 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879
  1. <?php
  2. /**
  3. * @copyright 2017 Christoph Wurst <christoph@winzerhof-wurst.at>
  4. *
  5. * @author 2017 Christoph Wurst <christoph@winzerhof-wurst.at>
  6. *
  7. * @license GNU AGPL version 3 or any later version
  8. *
  9. * This program is free software: you can redistribute it and/or modify
  10. * it under the terms of the GNU Affero General Public License as
  11. * published by the Free Software Foundation, either version 3 of the
  12. * License, or (at your option) any later version.
  13. *
  14. * This program is distributed in the hope that it will be useful,
  15. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  16. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  17. * GNU Affero General Public License for more details.
  18. *
  19. * You should have received a copy of the GNU Affero General Public License
  20. * along with this program. If not, see <http://www.gnu.org/licenses/>.
  21. *
  22. */
  23. namespace Tests\Core\Controller;
  24. use OC\Core\Controller\CSRFTokenController;
  25. use OC\Security\CSRF\CsrfToken;
  26. use OC\Security\CSRF\CsrfTokenManager;
  27. use OCP\AppFramework\Http;
  28. use OCP\AppFramework\Http\JSONResponse;
  29. use OCP\IRequest;
  30. use Test\TestCase;
  31. class CSRFTokenControllerTest extends TestCase {
  32. /** @var CSRFTokenController */
  33. private $controller;
  34. /** @var IRequest|\PHPUnit\Framework\MockObject\MockObject */
  35. private $request;
  36. /** @var CsrfTokenManager|\PHPUnit\Framework\MockObject\MockObject */
  37. private $tokenManager;
  38. protected function setUp(): void {
  39. parent::setUp();
  40. $this->request = $this->createMock(IRequest::class);
  41. $this->tokenManager = $this->createMock(CsrfTokenManager::class);
  42. $this->controller = new CSRFTokenController('core', $this->request,
  43. $this->tokenManager);
  44. }
  45. public function testGetToken(): void {
  46. $this->request->method('passesStrictCookieCheck')->willReturn(true);
  47. $token = $this->createMock(CsrfToken::class);
  48. $this->tokenManager->method('getToken')->willReturn($token);
  49. $token->method('getEncryptedValue')->willReturn('toktok123');
  50. $response = $this->controller->index();
  51. $this->assertInstanceOf(JSONResponse::class, $response);
  52. $this->assertSame(Http::STATUS_OK, $response->getStatus());
  53. $this->assertEquals([
  54. 'token' => 'toktok123'
  55. ], $response->getData());
  56. }
  57. public function testGetTokenNoStrictSameSiteCookie(): void {
  58. $this->request->method('passesStrictCookieCheck')->willReturn(false);
  59. $response = $this->controller->index();
  60. $this->assertInstanceOf(JSONResponse::class, $response);
  61. $this->assertSame(Http::STATUS_FORBIDDEN, $response->getStatus());
  62. }
  63. }