SessionTest.php 39 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123112411251126112711281129113011311132113311341135113611371138113911401141114211431144114511461147114811491150115111521153115411551156115711581159116011611162116311641165116611671168116911701171117211731174117511761177117811791180118111821183118411851186118711881189119011911192119311941195119611971198119912001201120212031204120512061207
  1. <?php
  2. /**
  3. * Copyright (c) 2013 Robin Appelman <icewind@owncloud.com>
  4. * This file is licensed under the Affero General Public License version 3 or
  5. * later.
  6. * See the COPYING-README file.
  7. */
  8. namespace Test\User;
  9. use OC\AppFramework\Http\Request;
  10. use OC\Authentication\Events\LoginFailed;
  11. use OC\Authentication\Exceptions\InvalidTokenException;
  12. use OC\Authentication\Exceptions\PasswordLoginForbiddenException;
  13. use OC\Authentication\Token\IProvider;
  14. use OC\Authentication\Token\IToken;
  15. use OC\Security\Bruteforce\Throttler;
  16. use OC\Session\Memory;
  17. use OC\User\LoginException;
  18. use OC\User\Manager;
  19. use OC\User\Session;
  20. use OC\User\User;
  21. use OCA\DAV\Connector\Sabre\Auth;
  22. use OCP\AppFramework\Utility\ITimeFactory;
  23. use OCP\EventDispatcher\IEventDispatcher;
  24. use OCP\ICacheFactory;
  25. use OCP\IConfig;
  26. use OCP\IRequest;
  27. use OCP\IRequestId;
  28. use OCP\ISession;
  29. use OCP\IUser;
  30. use OCP\Lockdown\ILockdownManager;
  31. use OCP\Security\ISecureRandom;
  32. use OCP\User\Events\PostLoginEvent;
  33. use PHPUnit\Framework\MockObject\MockObject;
  34. use Psr\Log\LoggerInterface;
  35. use Symfony\Component\EventDispatcher\EventDispatcherInterface;
  36. use OC\Security\CSRF\CsrfTokenManager;
  37. /**
  38. * @group DB
  39. * @package Test\User
  40. */
  41. class SessionTest extends \Test\TestCase {
  42. /** @var ITimeFactory|MockObject */
  43. private $timeFactory;
  44. /** @var IProvider|MockObject */
  45. private $tokenProvider;
  46. /** @var IConfig|MockObject */
  47. private $config;
  48. /** @var Throttler|MockObject */
  49. private $throttler;
  50. /** @var ISecureRandom|MockObject */
  51. private $random;
  52. /** @var Manager|MockObject */
  53. private $manager;
  54. /** @var ISession|MockObject */
  55. private $session;
  56. /** @var Session|MockObject */
  57. private $userSession;
  58. /** @var ILockdownManager|MockObject */
  59. private $lockdownManager;
  60. /** @var LoggerInterface|MockObject */
  61. private $logger;
  62. /** @var IEventDispatcher|MockObject */
  63. private $dispatcher;
  64. protected function setUp(): void {
  65. parent::setUp();
  66. $this->timeFactory = $this->createMock(ITimeFactory::class);
  67. $this->timeFactory->expects($this->any())
  68. ->method('getTime')
  69. ->willReturn(10000);
  70. $this->tokenProvider = $this->createMock(IProvider::class);
  71. $this->config = $this->createMock(IConfig::class);
  72. $this->throttler = $this->createMock(Throttler::class);
  73. $this->random = $this->createMock(ISecureRandom::class);
  74. $this->manager = $this->createMock(Manager::class);
  75. $this->session = $this->createMock(ISession::class);
  76. $this->lockdownManager = $this->createMock(ILockdownManager::class);
  77. $this->logger = $this->createMock(LoggerInterface::class);
  78. $this->dispatcher = $this->createMock(IEventDispatcher::class);
  79. $this->userSession = $this->getMockBuilder(Session::class)
  80. ->setConstructorArgs([
  81. $this->manager,
  82. $this->session,
  83. $this->timeFactory,
  84. $this->tokenProvider,
  85. $this->config,
  86. $this->random,
  87. $this->lockdownManager,
  88. $this->logger,
  89. $this->dispatcher
  90. ])
  91. ->setMethods([
  92. 'setMagicInCookie',
  93. ])
  94. ->getMock();
  95. \OC_User::setIncognitoMode(false);
  96. }
  97. public function isLoggedInData() {
  98. return [
  99. [true],
  100. [false],
  101. ];
  102. }
  103. /**
  104. * @dataProvider isLoggedInData
  105. */
  106. public function testIsLoggedIn($isLoggedIn) {
  107. $session = $this->getMockBuilder(Memory::class)->setConstructorArgs([''])->getMock();
  108. $manager = $this->createMock(Manager::class);
  109. $userSession = $this->getMockBuilder(Session::class)
  110. ->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random, $this->lockdownManager, $this->logger, $this->dispatcher])
  111. ->setMethods([
  112. 'getUser'
  113. ])
  114. ->getMock();
  115. $user = new User('sepp', null, $this->createMock(EventDispatcherInterface::class));
  116. $userSession->expects($this->once())
  117. ->method('getUser')
  118. ->willReturn($isLoggedIn ? $user : null);
  119. $this->assertEquals($isLoggedIn, $userSession->isLoggedIn());
  120. }
  121. public function testSetUser() {
  122. $session = $this->getMockBuilder(Memory::class)->setConstructorArgs([''])->getMock();
  123. $session->expects($this->once())
  124. ->method('set')
  125. ->with('user_id', 'foo');
  126. $manager = $this->createMock(Manager::class);
  127. $backend = $this->createMock(\Test\Util\User\Dummy::class);
  128. $user = $this->createMock(IUser::class);
  129. $user->expects($this->once())
  130. ->method('getUID')
  131. ->willReturn('foo');
  132. $userSession = new Session($manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random, $this->lockdownManager, $this->logger, $this->dispatcher);
  133. $userSession->setUser($user);
  134. }
  135. public function testLoginValidPasswordEnabled() {
  136. $session = $this->getMockBuilder(Memory::class)->setConstructorArgs([''])->getMock();
  137. $session->expects($this->once())
  138. ->method('regenerateId');
  139. $this->tokenProvider->expects($this->once())
  140. ->method('getToken')
  141. ->with('bar')
  142. ->will($this->throwException(new InvalidTokenException()));
  143. $session->expects($this->exactly(2))
  144. ->method('set')
  145. ->with($this->callback(function ($key) {
  146. switch ($key) {
  147. case 'user_id':
  148. case 'loginname':
  149. return true;
  150. break;
  151. default:
  152. return false;
  153. break;
  154. }
  155. }, 'foo'));
  156. $managerMethods = get_class_methods(Manager::class);
  157. //keep following methods intact in order to ensure hooks are working
  158. $mockedManagerMethods = array_diff($managerMethods, ['__construct', 'emit', 'listen']);
  159. $manager = $this->getMockBuilder(Manager::class)
  160. ->setMethods($mockedManagerMethods)
  161. ->setConstructorArgs([
  162. $this->config,
  163. $this->createMock(EventDispatcherInterface::class),
  164. $this->createMock(ICacheFactory::class),
  165. $this->createMock(IEventDispatcher::class),
  166. ])
  167. ->getMock();
  168. $backend = $this->createMock(\Test\Util\User\Dummy::class);
  169. $user = $this->createMock(IUser::class);
  170. $user->expects($this->any())
  171. ->method('isEnabled')
  172. ->willReturn(true);
  173. $user->expects($this->any())
  174. ->method('getUID')
  175. ->willReturn('foo');
  176. $user->expects($this->once())
  177. ->method('updateLastLoginTimestamp');
  178. $manager->expects($this->once())
  179. ->method('checkPasswordNoLogging')
  180. ->with('foo', 'bar')
  181. ->willReturn($user);
  182. $userSession = $this->getMockBuilder(Session::class)
  183. ->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random, $this->lockdownManager, $this->logger, $this->dispatcher])
  184. ->setMethods([
  185. 'prepareUserLogin'
  186. ])
  187. ->getMock();
  188. $userSession->expects($this->once())
  189. ->method('prepareUserLogin');
  190. $this->dispatcher->expects($this->once())
  191. ->method('dispatchTyped')
  192. ->with(
  193. $this->callback(function (PostLoginEvent $e) {
  194. return $e->getUser()->getUID() === 'foo' &&
  195. $e->getPassword() === 'bar' &&
  196. $e->isTokenLogin() === false;
  197. })
  198. );
  199. $userSession->login('foo', 'bar');
  200. $this->assertEquals($user, $userSession->getUser());
  201. }
  202. public function testLoginValidPasswordDisabled() {
  203. $this->expectException(LoginException::class);
  204. $session = $this->getMockBuilder(Memory::class)->setConstructorArgs([''])->getMock();
  205. $session->expects($this->never())
  206. ->method('set');
  207. $session->expects($this->once())
  208. ->method('regenerateId');
  209. $this->tokenProvider->expects($this->once())
  210. ->method('getToken')
  211. ->with('bar')
  212. ->will($this->throwException(new InvalidTokenException()));
  213. $managerMethods = get_class_methods(Manager::class);
  214. //keep following methods intact in order to ensure hooks are working
  215. $mockedManagerMethods = array_diff($managerMethods, ['__construct', 'emit', 'listen']);
  216. $manager = $this->getMockBuilder(Manager::class)
  217. ->setMethods($mockedManagerMethods)
  218. ->setConstructorArgs([
  219. $this->config,
  220. $this->createMock(EventDispatcherInterface::class),
  221. $this->createMock(ICacheFactory::class),
  222. $this->createMock(IEventDispatcher::class),
  223. ])
  224. ->getMock();
  225. $user = $this->createMock(IUser::class);
  226. $user->expects($this->any())
  227. ->method('isEnabled')
  228. ->willReturn(false);
  229. $user->expects($this->never())
  230. ->method('updateLastLoginTimestamp');
  231. $manager->expects($this->once())
  232. ->method('checkPasswordNoLogging')
  233. ->with('foo', 'bar')
  234. ->willReturn($user);
  235. $this->dispatcher->expects($this->never())
  236. ->method('dispatch');
  237. $userSession = new Session($manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random, $this->lockdownManager, $this->logger, $this->dispatcher);
  238. $userSession->login('foo', 'bar');
  239. }
  240. public function testLoginInvalidPassword() {
  241. $session = $this->getMockBuilder(Memory::class)->setConstructorArgs([''])->getMock();
  242. $managerMethods = get_class_methods(Manager::class);
  243. //keep following methods intact in order to ensure hooks are working
  244. $mockedManagerMethods = array_diff($managerMethods, ['__construct', 'emit', 'listen']);
  245. $manager = $this->getMockBuilder(Manager::class)
  246. ->setMethods($mockedManagerMethods)
  247. ->setConstructorArgs([
  248. $this->config,
  249. $this->createMock(EventDispatcherInterface::class),
  250. $this->createMock(ICacheFactory::class),
  251. $this->createMock(IEventDispatcher::class),
  252. ])
  253. ->getMock();
  254. $backend = $this->createMock(\Test\Util\User\Dummy::class);
  255. $userSession = new Session($manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random, $this->lockdownManager, $this->logger, $this->dispatcher);
  256. $user = $this->createMock(IUser::class);
  257. $session->expects($this->never())
  258. ->method('set');
  259. $session->expects($this->once())
  260. ->method('regenerateId');
  261. $this->tokenProvider->expects($this->once())
  262. ->method('getToken')
  263. ->with('bar')
  264. ->will($this->throwException(new InvalidTokenException()));
  265. $user->expects($this->never())
  266. ->method('isEnabled');
  267. $user->expects($this->never())
  268. ->method('updateLastLoginTimestamp');
  269. $manager->expects($this->once())
  270. ->method('checkPasswordNoLogging')
  271. ->with('foo', 'bar')
  272. ->willReturn(false);
  273. $this->dispatcher->expects($this->never())
  274. ->method('dispatch');
  275. $userSession->login('foo', 'bar');
  276. }
  277. public function testLoginNonExisting() {
  278. $session = $this->getMockBuilder(Memory::class)->setConstructorArgs([''])->getMock();
  279. $manager = $this->createMock(Manager::class);
  280. $userSession = new Session($manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random, $this->lockdownManager, $this->logger, $this->dispatcher);
  281. $session->expects($this->never())
  282. ->method('set');
  283. $session->expects($this->once())
  284. ->method('regenerateId');
  285. $this->tokenProvider->expects($this->once())
  286. ->method('getToken')
  287. ->with('bar')
  288. ->will($this->throwException(new InvalidTokenException()));
  289. $manager->expects($this->once())
  290. ->method('checkPasswordNoLogging')
  291. ->with('foo', 'bar')
  292. ->willReturn(false);
  293. $userSession->login('foo', 'bar');
  294. }
  295. public function testLogClientInNoTokenPasswordWith2fa() {
  296. $this->expectException(PasswordLoginForbiddenException::class);
  297. $manager = $this->createMock(Manager::class);
  298. $session = $this->createMock(ISession::class);
  299. $request = $this->createMock(IRequest::class);
  300. /** @var Session $userSession */
  301. $userSession = $this->getMockBuilder(Session::class)
  302. ->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random, $this->lockdownManager, $this->logger, $this->dispatcher])
  303. ->setMethods(['login', 'supportsCookies', 'createSessionToken', 'getUser'])
  304. ->getMock();
  305. $this->tokenProvider->expects($this->once())
  306. ->method('getToken')
  307. ->with('doe')
  308. ->will($this->throwException(new InvalidTokenException()));
  309. $this->config->expects($this->once())
  310. ->method('getSystemValue')
  311. ->with('token_auth_enforced', false)
  312. ->willReturn(true);
  313. $request
  314. ->expects($this->any())
  315. ->method('getRemoteAddress')
  316. ->willReturn('192.168.0.1');
  317. $this->throttler
  318. ->expects($this->once())
  319. ->method('sleepDelayOrThrowOnMax')
  320. ->with('192.168.0.1');
  321. $this->throttler
  322. ->expects($this->any())
  323. ->method('getDelay')
  324. ->with('192.168.0.1')
  325. ->willReturn(0);
  326. $userSession->logClientIn('john', 'doe', $request, $this->throttler);
  327. }
  328. public function testLogClientInUnexist() {
  329. $manager = $this->createMock(Manager::class);
  330. $session = $this->createMock(ISession::class);
  331. $request = $this->createMock(IRequest::class);
  332. /** @var Session $userSession */
  333. $userSession = $this->getMockBuilder(Session::class)
  334. ->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random, $this->lockdownManager, $this->logger, $this->dispatcher])
  335. ->setMethods(['login', 'supportsCookies', 'createSessionToken', 'getUser'])
  336. ->getMock();
  337. $this->tokenProvider->expects($this->once())
  338. ->method('getToken')
  339. ->with('doe')
  340. ->will($this->throwException(new InvalidTokenException()));
  341. $this->config->expects($this->once())
  342. ->method('getSystemValue')
  343. ->with('token_auth_enforced', false)
  344. ->willReturn(false);
  345. $manager->method('getByEmail')
  346. ->with('unexist')
  347. ->willReturn([]);
  348. $this->assertFalse($userSession->logClientIn('unexist', 'doe', $request, $this->throttler));
  349. }
  350. public function testLogClientInWithTokenPassword() {
  351. $manager = $this->createMock(Manager::class);
  352. $session = $this->createMock(ISession::class);
  353. $request = $this->createMock(IRequest::class);
  354. /** @var Session $userSession */
  355. $userSession = $this->getMockBuilder(Session::class)
  356. ->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random, $this->lockdownManager, $this->logger, $this->dispatcher])
  357. ->setMethods(['isTokenPassword', 'login', 'supportsCookies', 'createSessionToken', 'getUser'])
  358. ->getMock();
  359. $userSession->expects($this->once())
  360. ->method('isTokenPassword')
  361. ->willReturn(true);
  362. $userSession->expects($this->once())
  363. ->method('login')
  364. ->with('john', 'I-AM-AN-APP-PASSWORD')
  365. ->willReturn(true);
  366. $session->expects($this->once())
  367. ->method('set')
  368. ->with('app_password', 'I-AM-AN-APP-PASSWORD');
  369. $request
  370. ->expects($this->any())
  371. ->method('getRemoteAddress')
  372. ->willReturn('192.168.0.1');
  373. $this->throttler
  374. ->expects($this->once())
  375. ->method('sleepDelayOrThrowOnMax')
  376. ->with('192.168.0.1');
  377. $this->throttler
  378. ->expects($this->any())
  379. ->method('getDelay')
  380. ->with('192.168.0.1')
  381. ->willReturn(0);
  382. $this->assertTrue($userSession->logClientIn('john', 'I-AM-AN-APP-PASSWORD', $request, $this->throttler));
  383. }
  384. public function testLogClientInNoTokenPasswordNo2fa() {
  385. $this->expectException(PasswordLoginForbiddenException::class);
  386. $manager = $this->createMock(Manager::class);
  387. $session = $this->createMock(ISession::class);
  388. $request = $this->createMock(IRequest::class);
  389. /** @var Session $userSession */
  390. $userSession = $this->getMockBuilder(Session::class)
  391. ->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random, $this->lockdownManager, $this->logger, $this->dispatcher])
  392. ->setMethods(['login', 'isTwoFactorEnforced'])
  393. ->getMock();
  394. $this->tokenProvider->expects($this->once())
  395. ->method('getToken')
  396. ->with('doe')
  397. ->will($this->throwException(new InvalidTokenException()));
  398. $this->config->expects($this->once())
  399. ->method('getSystemValue')
  400. ->with('token_auth_enforced', false)
  401. ->willReturn(false);
  402. $userSession->expects($this->once())
  403. ->method('isTwoFactorEnforced')
  404. ->with('john')
  405. ->willReturn(true);
  406. $request
  407. ->expects($this->any())
  408. ->method('getRemoteAddress')
  409. ->willReturn('192.168.0.1');
  410. $this->throttler
  411. ->expects($this->once())
  412. ->method('sleepDelayOrThrowOnMax')
  413. ->with('192.168.0.1');
  414. $this->throttler
  415. ->expects($this->any())
  416. ->method('getDelay')
  417. ->with('192.168.0.1')
  418. ->willReturn(0);
  419. $userSession->logClientIn('john', 'doe', $request, $this->throttler);
  420. }
  421. public function testTryTokenLoginNoHeaderNoSessionCookie(): void {
  422. $request = $this->createMock(IRequest::class);
  423. $this->config->expects(self::once())
  424. ->method('getSystemValueString')
  425. ->with('instanceid')
  426. ->willReturn('abc123');
  427. $request->method('getHeader')->with('Authorization')->willReturn('');
  428. $request->method('getCookie')->with('abc123')->willReturn(null);
  429. $this->tokenProvider->expects(self::never())
  430. ->method('getToken');
  431. $loginResult = $this->userSession->tryTokenLogin($request);
  432. self::assertFalse($loginResult);
  433. }
  434. public function testTryTokenLoginAuthorizationHeaderTokenNotFound(): void {
  435. $request = $this->createMock(IRequest::class);
  436. $request->method('getHeader')->with('Authorization')->willReturn('Bearer abcde-12345');
  437. $this->tokenProvider->expects(self::once())
  438. ->method('getToken')
  439. ->with('abcde-12345')
  440. ->willThrowException(new InvalidTokenException());
  441. $loginResult = $this->userSession->tryTokenLogin($request);
  442. self::assertFalse($loginResult);
  443. }
  444. public function testTryTokenLoginSessionIdTokenNotFound(): void {
  445. $request = $this->createMock(IRequest::class);
  446. $this->config->expects(self::once())
  447. ->method('getSystemValueString')
  448. ->with('instanceid')
  449. ->willReturn('abc123');
  450. $request->method('getHeader')->with('Authorization')->willReturn('');
  451. $request->method('getCookie')->with('abc123')->willReturn('abcde12345');
  452. $this->session->expects(self::once())
  453. ->method('getId')
  454. ->willReturn('abcde12345');
  455. $this->tokenProvider->expects(self::once())
  456. ->method('getToken')
  457. ->with('abcde12345')
  458. ->willThrowException(new InvalidTokenException());
  459. $loginResult = $this->userSession->tryTokenLogin($request);
  460. self::assertFalse($loginResult);
  461. }
  462. public function testRememberLoginValidToken() {
  463. $session = $this->getMockBuilder(Memory::class)->setConstructorArgs([''])->getMock();
  464. $managerMethods = get_class_methods(Manager::class);
  465. //keep following methods intact in order to ensure hooks are working
  466. $mockedManagerMethods = array_diff($managerMethods, ['__construct', 'emit', 'listen']);
  467. $manager = $this->getMockBuilder(Manager::class)
  468. ->setMethods($mockedManagerMethods)
  469. ->setConstructorArgs([
  470. $this->config,
  471. $this->createMock(EventDispatcherInterface::class),
  472. $this->createMock(ICacheFactory::class),
  473. $this->createMock(IEventDispatcher::class),
  474. ])
  475. ->getMock();
  476. $userSession = $this->getMockBuilder(Session::class)
  477. //override, otherwise tests will fail because of setcookie()
  478. ->setMethods(['setMagicInCookie', 'setLoginName'])
  479. ->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random, $this->lockdownManager, $this->logger, $this->dispatcher])
  480. ->getMock();
  481. $user = $this->createMock(IUser::class);
  482. $token = 'goodToken';
  483. $oldSessionId = 'sess321';
  484. $sessionId = 'sess123';
  485. $session->expects($this->once())
  486. ->method('regenerateId');
  487. $manager->expects($this->once())
  488. ->method('get')
  489. ->with('foo')
  490. ->willReturn($user);
  491. $this->config->expects($this->once())
  492. ->method('getUserKeys')
  493. ->with('foo', 'login_token')
  494. ->willReturn([$token]);
  495. $this->config->expects($this->once())
  496. ->method('deleteUserValue')
  497. ->with('foo', 'login_token', $token);
  498. $this->random->expects($this->once())
  499. ->method('generate')
  500. ->with(32)
  501. ->willReturn('abcdefg123456');
  502. $this->config->expects($this->once())
  503. ->method('setUserValue')
  504. ->with('foo', 'login_token', 'abcdefg123456', 10000);
  505. $tokenObject = $this->createMock(IToken::class);
  506. $tokenObject->expects($this->once())
  507. ->method('getLoginName')
  508. ->willReturn('foobar');
  509. $tokenObject->method('getId')
  510. ->willReturn(42);
  511. $session->expects($this->once())
  512. ->method('getId')
  513. ->willReturn($sessionId);
  514. $this->tokenProvider->expects($this->once())
  515. ->method('renewSessionToken')
  516. ->with($oldSessionId, $sessionId)
  517. ->willReturn($tokenObject);
  518. $this->tokenProvider->expects($this->never())
  519. ->method('getToken');
  520. $user->expects($this->any())
  521. ->method('getUID')
  522. ->willReturn('foo');
  523. $userSession->expects($this->once())
  524. ->method('setMagicInCookie');
  525. $user->expects($this->once())
  526. ->method('updateLastLoginTimestamp');
  527. $setUID = false;
  528. $session
  529. ->method('set')
  530. ->willReturnCallback(function ($k, $v) use (&$setUID) {
  531. if ($k === 'user_id' && $v === 'foo') {
  532. $setUID = true;
  533. }
  534. });
  535. $userSession->expects($this->once())
  536. ->method('setLoginName')
  537. ->willReturn('foobar');
  538. $granted = $userSession->loginWithCookie('foo', $token, $oldSessionId);
  539. $this->assertTrue($setUID);
  540. $this->assertTrue($granted);
  541. }
  542. public function testRememberLoginInvalidSessionToken() {
  543. $session = $this->getMockBuilder(Memory::class)->setConstructorArgs([''])->getMock();
  544. $managerMethods = get_class_methods(Manager::class);
  545. //keep following methods intact in order to ensure hooks are working
  546. $mockedManagerMethods = array_diff($managerMethods, ['__construct', 'emit', 'listen']);
  547. $manager = $this->getMockBuilder(Manager::class)
  548. ->setMethods($mockedManagerMethods)
  549. ->setConstructorArgs([
  550. $this->config,
  551. $this->createMock(EventDispatcherInterface::class),
  552. $this->createMock(ICacheFactory::class),
  553. $this->createMock(IEventDispatcher::class),
  554. ])
  555. ->getMock();
  556. $userSession = $this->getMockBuilder(Session::class)
  557. //override, otherwise tests will fail because of setcookie()
  558. ->setMethods(['setMagicInCookie'])
  559. ->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random, $this->lockdownManager, $this->logger, $this->dispatcher])
  560. ->getMock();
  561. $user = $this->createMock(IUser::class);
  562. $token = 'goodToken';
  563. $oldSessionId = 'sess321';
  564. $sessionId = 'sess123';
  565. $session->expects($this->once())
  566. ->method('regenerateId');
  567. $manager->expects($this->once())
  568. ->method('get')
  569. ->with('foo')
  570. ->willReturn($user);
  571. $this->config->expects($this->once())
  572. ->method('getUserKeys')
  573. ->with('foo', 'login_token')
  574. ->willReturn([$token]);
  575. $this->config->expects($this->once())
  576. ->method('deleteUserValue')
  577. ->with('foo', 'login_token', $token);
  578. $this->config->expects($this->once())
  579. ->method('setUserValue'); // TODO: mock new random value
  580. $session->expects($this->once())
  581. ->method('getId')
  582. ->willReturn($sessionId);
  583. $this->tokenProvider->expects($this->once())
  584. ->method('renewSessionToken')
  585. ->with($oldSessionId, $sessionId)
  586. ->will($this->throwException(new InvalidTokenException()));
  587. $user->expects($this->never())
  588. ->method('getUID')
  589. ->willReturn('foo');
  590. $userSession->expects($this->never())
  591. ->method('setMagicInCookie');
  592. $user->expects($this->never())
  593. ->method('updateLastLoginTimestamp');
  594. $session->expects($this->never())
  595. ->method('set')
  596. ->with('user_id', 'foo');
  597. $granted = $userSession->loginWithCookie('foo', $token, $oldSessionId);
  598. $this->assertFalse($granted);
  599. }
  600. public function testRememberLoginInvalidToken() {
  601. $session = $this->getMockBuilder(Memory::class)->setConstructorArgs([''])->getMock();
  602. $managerMethods = get_class_methods(Manager::class);
  603. //keep following methods intact in order to ensure hooks are working
  604. $mockedManagerMethods = array_diff($managerMethods, ['__construct', 'emit', 'listen']);
  605. $manager = $this->getMockBuilder(Manager::class)
  606. ->setMethods($mockedManagerMethods)
  607. ->setConstructorArgs([
  608. $this->config,
  609. $this->createMock(EventDispatcherInterface::class),
  610. $this->createMock(ICacheFactory::class),
  611. $this->createMock(IEventDispatcher::class),
  612. ])
  613. ->getMock();
  614. $userSession = $this->getMockBuilder(Session::class)
  615. //override, otherwise tests will fail because of setcookie()
  616. ->setMethods(['setMagicInCookie'])
  617. ->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random, $this->lockdownManager, $this->logger, $this->dispatcher])
  618. ->getMock();
  619. $user = $this->createMock(IUser::class);
  620. $token = 'goodToken';
  621. $oldSessionId = 'sess321';
  622. $session->expects($this->once())
  623. ->method('regenerateId');
  624. $manager->expects($this->once())
  625. ->method('get')
  626. ->with('foo')
  627. ->willReturn($user);
  628. $this->config->expects($this->once())
  629. ->method('getUserKeys')
  630. ->with('foo', 'login_token')
  631. ->willReturn(['anothertoken']);
  632. $this->config->expects($this->never())
  633. ->method('deleteUserValue')
  634. ->with('foo', 'login_token', $token);
  635. $this->tokenProvider->expects($this->never())
  636. ->method('renewSessionToken');
  637. $userSession->expects($this->never())
  638. ->method('setMagicInCookie');
  639. $user->expects($this->never())
  640. ->method('updateLastLoginTimestamp');
  641. $session->expects($this->never())
  642. ->method('set')
  643. ->with('user_id', 'foo');
  644. $granted = $userSession->loginWithCookie('foo', $token, $oldSessionId);
  645. $this->assertFalse($granted);
  646. }
  647. public function testRememberLoginInvalidUser() {
  648. $session = $this->getMockBuilder(Memory::class)->setConstructorArgs([''])->getMock();
  649. $managerMethods = get_class_methods(Manager::class);
  650. //keep following methods intact in order to ensure hooks are working
  651. $mockedManagerMethods = array_diff($managerMethods, ['__construct', 'emit', 'listen']);
  652. $manager = $this->getMockBuilder(Manager::class)
  653. ->setMethods($mockedManagerMethods)
  654. ->setConstructorArgs([
  655. $this->config,
  656. $this->createMock(EventDispatcherInterface::class),
  657. $this->createMock(ICacheFactory::class),
  658. $this->createMock(IEventDispatcher::class),
  659. ])
  660. ->getMock();
  661. $userSession = $this->getMockBuilder(Session::class)
  662. //override, otherwise tests will fail because of setcookie()
  663. ->setMethods(['setMagicInCookie'])
  664. ->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random, $this->lockdownManager, $this->logger, $this->dispatcher])
  665. ->getMock();
  666. $token = 'goodToken';
  667. $oldSessionId = 'sess321';
  668. $session->expects($this->once())
  669. ->method('regenerateId');
  670. $manager->expects($this->once())
  671. ->method('get')
  672. ->with('foo')
  673. ->willReturn(null);
  674. $this->config->expects($this->never())
  675. ->method('getUserKeys')
  676. ->with('foo', 'login_token')
  677. ->willReturn(['anothertoken']);
  678. $this->tokenProvider->expects($this->never())
  679. ->method('renewSessionToken');
  680. $userSession->expects($this->never())
  681. ->method('setMagicInCookie');
  682. $session->expects($this->never())
  683. ->method('set')
  684. ->with('user_id', 'foo');
  685. $granted = $userSession->loginWithCookie('foo', $token, $oldSessionId);
  686. $this->assertFalse($granted);
  687. }
  688. public function testActiveUserAfterSetSession() {
  689. $users = [
  690. 'foo' => new User('foo', null, $this->createMock(EventDispatcherInterface::class)),
  691. 'bar' => new User('bar', null, $this->createMock(EventDispatcherInterface::class))
  692. ];
  693. $manager = $this->getMockBuilder(Manager::class)
  694. ->disableOriginalConstructor()
  695. ->getMock();
  696. $manager->expects($this->any())
  697. ->method('get')
  698. ->willReturnCallback(function ($uid) use ($users) {
  699. return $users[$uid];
  700. });
  701. $session = new Memory('');
  702. $session->set('user_id', 'foo');
  703. $userSession = $this->getMockBuilder(Session::class)
  704. ->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random, $this->lockdownManager, $this->logger, $this->dispatcher])
  705. ->setMethods([
  706. 'validateSession'
  707. ])
  708. ->getMock();
  709. $userSession->expects($this->any())
  710. ->method('validateSession');
  711. $this->assertEquals($users['foo'], $userSession->getUser());
  712. $session2 = new Memory('');
  713. $session2->set('user_id', 'bar');
  714. $userSession->setSession($session2);
  715. $this->assertEquals($users['bar'], $userSession->getUser());
  716. }
  717. public function testCreateSessionToken() {
  718. $manager = $this->createMock(Manager::class);
  719. $session = $this->createMock(ISession::class);
  720. $user = $this->createMock(IUser::class);
  721. $userSession = new Session($manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random, $this->lockdownManager, $this->logger, $this->dispatcher);
  722. $requestId = $this->createMock(IRequestId::class);
  723. $config = $this->createMock(IConfig::class);
  724. $csrf = $this->getMockBuilder(CsrfTokenManager::class)
  725. ->disableOriginalConstructor()
  726. ->getMock();
  727. $request = new Request([
  728. 'server' => [
  729. 'HTTP_USER_AGENT' => 'Firefox',
  730. ]
  731. ], $requestId, $config, $csrf);
  732. $uid = 'user123';
  733. $loginName = 'User123';
  734. $password = 'passme';
  735. $sessionId = 'abcxyz';
  736. $manager->expects($this->once())
  737. ->method('get')
  738. ->with($uid)
  739. ->willReturn($user);
  740. $session->expects($this->once())
  741. ->method('getId')
  742. ->willReturn($sessionId);
  743. $this->tokenProvider->expects($this->once())
  744. ->method('getToken')
  745. ->with($password)
  746. ->will($this->throwException(new InvalidTokenException()));
  747. $this->tokenProvider->expects($this->once())
  748. ->method('generateToken')
  749. ->with($sessionId, $uid, $loginName, $password, 'Firefox', IToken::TEMPORARY_TOKEN, IToken::DO_NOT_REMEMBER);
  750. $this->assertTrue($userSession->createSessionToken($request, $uid, $loginName, $password));
  751. }
  752. public function testCreateRememberedSessionToken() {
  753. $manager = $this->createMock(Manager::class);
  754. $session = $this->createMock(ISession::class);
  755. $user = $this->createMock(IUser::class);
  756. $userSession = new Session($manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random, $this->lockdownManager, $this->logger, $this->dispatcher);
  757. $requestId = $this->createMock(IRequestId::class);
  758. $config = $this->createMock(IConfig::class);
  759. $csrf = $this->getMockBuilder(CsrfTokenManager::class)
  760. ->disableOriginalConstructor()
  761. ->getMock();
  762. $request = new Request([
  763. 'server' => [
  764. 'HTTP_USER_AGENT' => 'Firefox',
  765. ]
  766. ], $requestId, $config, $csrf);
  767. $uid = 'user123';
  768. $loginName = 'User123';
  769. $password = 'passme';
  770. $sessionId = 'abcxyz';
  771. $manager->expects($this->once())
  772. ->method('get')
  773. ->with($uid)
  774. ->willReturn($user);
  775. $session->expects($this->once())
  776. ->method('getId')
  777. ->willReturn($sessionId);
  778. $this->tokenProvider->expects($this->once())
  779. ->method('getToken')
  780. ->with($password)
  781. ->will($this->throwException(new InvalidTokenException()));
  782. $this->tokenProvider->expects($this->once())
  783. ->method('generateToken')
  784. ->with($sessionId, $uid, $loginName, $password, 'Firefox', IToken::TEMPORARY_TOKEN, IToken::REMEMBER);
  785. $this->assertTrue($userSession->createSessionToken($request, $uid, $loginName, $password, true));
  786. }
  787. public function testCreateSessionTokenWithTokenPassword() {
  788. $manager = $this->getMockBuilder(Manager::class)
  789. ->disableOriginalConstructor()
  790. ->getMock();
  791. $session = $this->createMock(ISession::class);
  792. $token = $this->createMock(IToken::class);
  793. $user = $this->createMock(IUser::class);
  794. $userSession = new Session($manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random, $this->lockdownManager, $this->logger, $this->dispatcher);
  795. $requestId = $this->createMock(IRequestId::class);
  796. $config = $this->createMock(IConfig::class);
  797. $csrf = $this->getMockBuilder(CsrfTokenManager::class)
  798. ->disableOriginalConstructor()
  799. ->getMock();
  800. $request = new Request([
  801. 'server' => [
  802. 'HTTP_USER_AGENT' => 'Firefox',
  803. ]
  804. ], $requestId, $config, $csrf);
  805. $uid = 'user123';
  806. $loginName = 'User123';
  807. $password = 'iamatoken';
  808. $realPassword = 'passme';
  809. $sessionId = 'abcxyz';
  810. $manager->expects($this->once())
  811. ->method('get')
  812. ->with($uid)
  813. ->willReturn($user);
  814. $session->expects($this->once())
  815. ->method('getId')
  816. ->willReturn($sessionId);
  817. $this->tokenProvider->expects($this->once())
  818. ->method('getToken')
  819. ->with($password)
  820. ->willReturn($token);
  821. $this->tokenProvider->expects($this->once())
  822. ->method('getPassword')
  823. ->with($token, $password)
  824. ->willReturn($realPassword);
  825. $this->tokenProvider->expects($this->once())
  826. ->method('generateToken')
  827. ->with($sessionId, $uid, $loginName, $realPassword, 'Firefox', IToken::TEMPORARY_TOKEN, IToken::DO_NOT_REMEMBER);
  828. $this->assertTrue($userSession->createSessionToken($request, $uid, $loginName, $password));
  829. }
  830. public function testCreateSessionTokenWithNonExistentUser() {
  831. $manager = $this->getMockBuilder(Manager::class)
  832. ->disableOriginalConstructor()
  833. ->getMock();
  834. $session = $this->createMock(ISession::class);
  835. $userSession = new Session($manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random, $this->lockdownManager, $this->logger, $this->dispatcher);
  836. $request = $this->createMock(IRequest::class);
  837. $uid = 'user123';
  838. $loginName = 'User123';
  839. $password = 'passme';
  840. $manager->expects($this->once())
  841. ->method('get')
  842. ->with($uid)
  843. ->willReturn(null);
  844. $this->assertFalse($userSession->createSessionToken($request, $uid, $loginName, $password));
  845. }
  846. public function testCreateRememberMeToken() {
  847. $user = $this->createMock(IUser::class);
  848. $user
  849. ->expects($this->exactly(2))
  850. ->method('getUID')
  851. ->willReturn('UserUid');
  852. $this->random
  853. ->expects($this->once())
  854. ->method('generate')
  855. ->with(32)
  856. ->willReturn('LongRandomToken');
  857. $this->config
  858. ->expects($this->once())
  859. ->method('setUserValue')
  860. ->with('UserUid', 'login_token', 'LongRandomToken', 10000);
  861. $this->userSession
  862. ->expects($this->once())
  863. ->method('setMagicInCookie')
  864. ->with('UserUid', 'LongRandomToken');
  865. $this->userSession->createRememberMeToken($user);
  866. }
  867. public function testTryBasicAuthLoginValid() {
  868. $request = $this->createMock(Request::class);
  869. $request->method('__get')
  870. ->willReturn([
  871. 'PHP_AUTH_USER' => 'username',
  872. 'PHP_AUTH_PW' => 'password',
  873. ]);
  874. $request->method('__isset')
  875. ->with('server')
  876. ->willReturn(true);
  877. $davAuthenticatedSet = false;
  878. $lastPasswordConfirmSet = false;
  879. $this->session
  880. ->method('set')
  881. ->willReturnCallback(function ($k, $v) use (&$davAuthenticatedSet, &$lastPasswordConfirmSet) {
  882. switch ($k) {
  883. case Auth::DAV_AUTHENTICATED:
  884. $davAuthenticatedSet = $v;
  885. return;
  886. case 'last-password-confirm':
  887. $lastPasswordConfirmSet = 1000;
  888. return;
  889. default:
  890. throw new \Exception();
  891. }
  892. });
  893. $userSession = $this->getMockBuilder(Session::class)
  894. ->setConstructorArgs([
  895. $this->manager,
  896. $this->session,
  897. $this->timeFactory,
  898. $this->tokenProvider,
  899. $this->config,
  900. $this->random,
  901. $this->lockdownManager,
  902. $this->logger,
  903. $this->dispatcher
  904. ])
  905. ->setMethods([
  906. 'logClientIn',
  907. 'getUser',
  908. ])
  909. ->getMock();
  910. /** @var Session|MockObject */
  911. $userSession->expects($this->once())
  912. ->method('logClientIn')
  913. ->with(
  914. $this->equalTo('username'),
  915. $this->equalTo('password'),
  916. $this->equalTo($request),
  917. $this->equalTo($this->throttler)
  918. )->willReturn(true);
  919. $user = $this->createMock(IUser::class);
  920. $user->method('getUID')->willReturn('username');
  921. $userSession->expects($this->once())
  922. ->method('getUser')
  923. ->willReturn($user);
  924. $this->assertTrue($userSession->tryBasicAuthLogin($request, $this->throttler));
  925. $this->assertSame('username', $davAuthenticatedSet);
  926. $this->assertSame(1000, $lastPasswordConfirmSet);
  927. }
  928. public function testTryBasicAuthLoginNoLogin() {
  929. $request = $this->createMock(Request::class);
  930. $request->method('__get')
  931. ->willReturn([]);
  932. $request->method('__isset')
  933. ->with('server')
  934. ->willReturn(true);
  935. $this->session->expects($this->never())
  936. ->method($this->anything());
  937. $userSession = $this->getMockBuilder(Session::class)
  938. ->setConstructorArgs([
  939. $this->manager,
  940. $this->session,
  941. $this->timeFactory,
  942. $this->tokenProvider,
  943. $this->config,
  944. $this->random,
  945. $this->lockdownManager,
  946. $this->logger,
  947. $this->dispatcher
  948. ])
  949. ->setMethods([
  950. 'logClientIn',
  951. ])
  952. ->getMock();
  953. /** @var Session|MockObject */
  954. $userSession->expects($this->never())
  955. ->method('logClientIn');
  956. $this->assertFalse($userSession->tryBasicAuthLogin($request, $this->throttler));
  957. }
  958. public function testUpdateTokens() {
  959. $this->tokenProvider->expects($this->once())
  960. ->method('updatePasswords')
  961. ->with('uid', 'pass');
  962. $this->userSession->updateTokens('uid', 'pass');
  963. }
  964. public function testLogClientInThrottlerUsername() {
  965. $manager = $this->createMock(Manager::class);
  966. $session = $this->createMock(ISession::class);
  967. $request = $this->createMock(IRequest::class);
  968. /** @var Session $userSession */
  969. $userSession = $this->getMockBuilder(Session::class)
  970. ->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random, $this->lockdownManager, $this->logger, $this->dispatcher])
  971. ->setMethods(['isTokenPassword', 'login', 'supportsCookies', 'createSessionToken', 'getUser'])
  972. ->getMock();
  973. $userSession->expects($this->once())
  974. ->method('isTokenPassword')
  975. ->willReturn(true);
  976. $userSession->expects($this->once())
  977. ->method('login')
  978. ->with('john', 'I-AM-AN-PASSWORD')
  979. ->willReturn(false);
  980. $session->expects($this->never())
  981. ->method('set');
  982. $request
  983. ->method('getRemoteAddress')
  984. ->willReturn('192.168.0.1');
  985. $this->throttler
  986. ->expects($this->exactly(2))
  987. ->method('sleepDelayOrThrowOnMax')
  988. ->with('192.168.0.1');
  989. $this->throttler
  990. ->expects($this->any())
  991. ->method('getDelay')
  992. ->with('192.168.0.1')
  993. ->willReturn(0);
  994. $this->throttler
  995. ->expects($this->once())
  996. ->method('registerAttempt')
  997. ->with('login', '192.168.0.1', ['user' => 'john']);
  998. $this->dispatcher
  999. ->expects($this->once())
  1000. ->method('dispatchTyped')
  1001. ->with(new LoginFailed('john', 'I-AM-AN-PASSWORD'));
  1002. $this->assertFalse($userSession->logClientIn('john', 'I-AM-AN-PASSWORD', $request, $this->throttler));
  1003. }
  1004. public function testLogClientInThrottlerEmail() {
  1005. $manager = $this->createMock(Manager::class);
  1006. $session = $this->createMock(ISession::class);
  1007. $request = $this->createMock(IRequest::class);
  1008. /** @var Session $userSession */
  1009. $userSession = $this->getMockBuilder(Session::class)
  1010. ->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random, $this->lockdownManager, $this->logger, $this->dispatcher])
  1011. ->setMethods(['isTokenPassword', 'login', 'supportsCookies', 'createSessionToken', 'getUser'])
  1012. ->getMock();
  1013. $userSession->expects($this->once())
  1014. ->method('isTokenPassword')
  1015. ->willReturn(false);
  1016. $userSession->expects($this->once())
  1017. ->method('login')
  1018. ->with('john@foo.bar', 'I-AM-AN-PASSWORD')
  1019. ->willReturn(false);
  1020. $manager
  1021. ->method('getByEmail')
  1022. ->with('john@foo.bar')
  1023. ->willReturn([]);
  1024. $session->expects($this->never())
  1025. ->method('set');
  1026. $request
  1027. ->method('getRemoteAddress')
  1028. ->willReturn('192.168.0.1');
  1029. $this->throttler
  1030. ->expects($this->exactly(2))
  1031. ->method('sleepDelayOrThrowOnMax')
  1032. ->with('192.168.0.1');
  1033. $this->throttler
  1034. ->expects($this->any())
  1035. ->method('getDelay')
  1036. ->with('192.168.0.1')
  1037. ->willReturn(0);
  1038. $this->throttler
  1039. ->expects($this->once())
  1040. ->method('registerAttempt')
  1041. ->with('login', '192.168.0.1', ['user' => 'john@foo.bar']);
  1042. $this->dispatcher
  1043. ->expects($this->once())
  1044. ->method('dispatchTyped')
  1045. ->with(new LoginFailed('john@foo.bar', 'I-AM-AN-PASSWORD'));
  1046. $this->assertFalse($userSession->logClientIn('john@foo.bar', 'I-AM-AN-PASSWORD', $request, $this->throttler));
  1047. }
  1048. }