1
0

Auth.php 7.5 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272
  1. <?php
  2. /**
  3. * @copyright Copyright (c) 2016 Christoph Wurst <christoph@winzerhof-wurst.at>
  4. *
  5. * @author Christoph Wurst <christoph@winzerhof-wurst.at>
  6. * @author Daniel Kesselberg <mail@danielkesselberg.de>
  7. * @author Joas Schilling <coding@schilljs.com>
  8. * @author Lukas Reschke <lukas@statuscode.ch>
  9. * @author Phil Davis <phil.davis@inf.org>
  10. * @author Robin Appelman <robin@icewind.nl>
  11. *
  12. * @license GNU AGPL version 3 or any later version
  13. *
  14. * This program is free software: you can redistribute it and/or modify
  15. * it under the terms of the GNU Affero General Public License as
  16. * published by the Free Software Foundation, either version 3 of the
  17. * License, or (at your option) any later version.
  18. *
  19. * This program is distributed in the hope that it will be useful,
  20. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  21. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  22. * GNU Affero General Public License for more details.
  23. *
  24. * You should have received a copy of the GNU Affero General Public License
  25. * along with this program. If not, see <http://www.gnu.org/licenses/>.
  26. *
  27. */
  28. use GuzzleHttp\Client;
  29. use GuzzleHttp\Exception\ClientException;
  30. use GuzzleHttp\Exception\ServerException;
  31. use GuzzleHttp\Cookie\CookieJar;
  32. require __DIR__ . '/../../vendor/autoload.php';
  33. trait Auth {
  34. /** @var string */
  35. private $unrestrictedClientToken;
  36. /** @var string */
  37. private $restrictedClientToken;
  38. /** @var Client */
  39. private $client;
  40. /** @var string */
  41. private $responseXml;
  42. /** @BeforeScenario */
  43. public function setUpScenario() {
  44. $this->client = new Client();
  45. $this->responseXml = '';
  46. $this->cookieJar = new CookieJar();
  47. }
  48. /**
  49. * @When requesting :url with :method
  50. */
  51. public function requestingWith($url, $method) {
  52. $this->sendRequest($url, $method);
  53. }
  54. private function sendRequest($url, $method, $authHeader = null, $useCookies = false) {
  55. $fullUrl = substr($this->baseUrl, 0, -5) . $url;
  56. try {
  57. if ($useCookies) {
  58. $options = [
  59. 'cookies' => $this->cookieJar,
  60. ];
  61. } else {
  62. $options = [];
  63. }
  64. if ($authHeader) {
  65. $options['headers'] = [
  66. 'Authorization' => $authHeader
  67. ];
  68. }
  69. $options['headers']['OCS_APIREQUEST'] = 'true';
  70. $options['headers']['requesttoken'] = $this->requestToken;
  71. $this->response = $this->client->request($method, $fullUrl, $options);
  72. } catch (ClientException $ex) {
  73. $this->response = $ex->getResponse();
  74. } catch (ServerException $ex) {
  75. $this->response = $ex->getResponse();
  76. }
  77. }
  78. /**
  79. * @When the CSRF token is extracted from the previous response
  80. */
  81. public function theCsrfTokenIsExtractedFromThePreviousResponse() {
  82. $this->requestToken = substr(preg_replace('/(.*)data-requesttoken="(.*)">(.*)/sm', '\2', $this->response->getBody()->getContents()), 0, 89);
  83. }
  84. /**
  85. * @param bool $loginViaWeb
  86. * @return object
  87. */
  88. private function createClientToken($loginViaWeb = true) {
  89. if ($loginViaWeb) {
  90. $this->loggingInUsingWebAs('user0');
  91. }
  92. $fullUrl = substr($this->baseUrl, 0, -5) . '/index.php/settings/personal/authtokens';
  93. $client = new Client();
  94. $options = [
  95. 'auth' => [
  96. 'user0',
  97. $loginViaWeb ? '123456' : $this->restrictedClientToken,
  98. ],
  99. 'form_params' => [
  100. 'requesttoken' => $this->requestToken,
  101. 'name' => md5(microtime()),
  102. ],
  103. 'cookies' => $this->cookieJar,
  104. ];
  105. try {
  106. $this->response = $client->request('POST', $fullUrl, $options);
  107. } catch (\GuzzleHttp\Exception\ServerException $e) {
  108. $this->response = $e->getResponse();
  109. }
  110. return json_decode($this->response->getBody()->getContents());
  111. }
  112. /**
  113. * @Given a new restricted client token is added
  114. */
  115. public function aNewRestrictedClientTokenIsAdded() {
  116. $tokenObj = $this->createClientToken();
  117. $newCreatedTokenId = $tokenObj->deviceToken->id;
  118. $fullUrl = substr($this->baseUrl, 0, -5) . '/index.php/settings/personal/authtokens/' . $newCreatedTokenId;
  119. $client = new Client();
  120. $options = [
  121. 'auth' => ['user0', '123456'],
  122. 'headers' => [
  123. 'requesttoken' => $this->requestToken,
  124. ],
  125. 'json' => [
  126. 'name' => md5(microtime()),
  127. 'scope' => [
  128. 'filesystem' => false,
  129. ],
  130. ],
  131. 'cookies' => $this->cookieJar,
  132. ];
  133. $this->response = $client->request('PUT', $fullUrl, $options);
  134. $this->restrictedClientToken = $tokenObj->token;
  135. }
  136. /**
  137. * @Given a new unrestricted client token is added
  138. */
  139. public function aNewUnrestrictedClientTokenIsAdded() {
  140. $this->unrestrictedClientToken = $this->createClientToken()->token;
  141. }
  142. /**
  143. * @When a new unrestricted client token is added using restricted basic token auth
  144. */
  145. public function aNewUnrestrictedClientTokenIsAddedUsingRestrictedBasicTokenAuth() {
  146. $this->createClientToken(false);
  147. }
  148. /**
  149. * @When requesting :url with :method using basic auth
  150. *
  151. * @param string $url
  152. * @param string $method
  153. */
  154. public function requestingWithBasicAuth($url, $method) {
  155. $this->sendRequest($url, $method, 'basic ' . base64_encode('user0:123456'));
  156. }
  157. /**
  158. * @When requesting :url with :method using unrestricted basic token auth
  159. *
  160. * @param string $url
  161. * @param string $method
  162. */
  163. public function requestingWithUnrestrictedBasicTokenAuth($url, $method) {
  164. $this->sendRequest($url, $method, 'basic ' . base64_encode('user0:' . $this->unrestrictedClientToken), true);
  165. }
  166. /**
  167. * @When requesting :url with :method using restricted basic token auth
  168. *
  169. * @param string $url
  170. * @param string $method
  171. */
  172. public function requestingWithRestrictedBasicTokenAuth($url, $method) {
  173. $this->sendRequest($url, $method, 'basic ' . base64_encode('user0:' . $this->restrictedClientToken), true);
  174. }
  175. /**
  176. * @When requesting :url with :method using an unrestricted client token
  177. *
  178. * @param string $url
  179. * @param string $method
  180. */
  181. public function requestingWithUsingAnUnrestrictedClientToken($url, $method) {
  182. $this->sendRequest($url, $method, 'Bearer ' . $this->unrestrictedClientToken);
  183. }
  184. /**
  185. * @When requesting :url with :method using a restricted client token
  186. *
  187. * @param string $url
  188. * @param string $method
  189. */
  190. public function requestingWithUsingARestrictedClientToken($url, $method) {
  191. $this->sendRequest($url, $method, 'Bearer ' . $this->restrictedClientToken);
  192. }
  193. /**
  194. * @When requesting :url with :method using browser session
  195. *
  196. * @param string $url
  197. * @param string $method
  198. */
  199. public function requestingWithBrowserSession($url, $method) {
  200. $this->sendRequest($url, $method, null, true);
  201. }
  202. /**
  203. * @Given a new browser session is started
  204. *
  205. * @param bool $remember
  206. */
  207. public function aNewBrowserSessionIsStarted($remember = false) {
  208. $loginUrl = substr($this->baseUrl, 0, -5) . '/login';
  209. // Request a new session and extract CSRF token
  210. $client = new Client();
  211. $response = $client->get($loginUrl, [
  212. 'cookies' => $this->cookieJar,
  213. ]);
  214. $this->extracRequestTokenFromResponse($response);
  215. // Login and extract new token
  216. $client = new Client();
  217. $response = $client->post(
  218. $loginUrl, [
  219. 'form_params' => [
  220. 'user' => 'user0',
  221. 'password' => '123456',
  222. 'remember_login' => $remember ? '1' : '0',
  223. 'requesttoken' => $this->requestToken,
  224. ],
  225. 'cookies' => $this->cookieJar,
  226. ]
  227. );
  228. $this->extracRequestTokenFromResponse($response);
  229. }
  230. /**
  231. * @Given a new remembered browser session is started
  232. */
  233. public function aNewRememberedBrowserSessionIsStarted() {
  234. $this->aNewBrowserSessionIsStarted(true);
  235. }
  236. /**
  237. * @Given the cookie jar is reset
  238. */
  239. public function theCookieJarIsReset() {
  240. $this->cookieJar = new CookieJar();
  241. }
  242. /**
  243. * @When the session cookie expires
  244. */
  245. public function whenTheSessionCookieExpires() {
  246. $this->cookieJar->clearSessionCookies();
  247. }
  248. }