PublicKeyTokenProviderTest.php 20 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634
  1. <?php
  2. declare(strict_types=1);
  3. /**
  4. * SPDX-FileCopyrightText: 2018 Nextcloud GmbH and Nextcloud contributors
  5. * SPDX-License-Identifier: AGPL-3.0-or-later
  6. */
  7. namespace Test\Authentication\Token;
  8. use OC\Authentication\Exceptions\ExpiredTokenException;
  9. use OC\Authentication\Exceptions\InvalidTokenException;
  10. use OC\Authentication\Exceptions\PasswordlessTokenException;
  11. use OC\Authentication\Token\PublicKeyToken;
  12. use OC\Authentication\Token\PublicKeyTokenMapper;
  13. use OC\Authentication\Token\PublicKeyTokenProvider;
  14. use OCP\AppFramework\Db\DoesNotExistException;
  15. use OCP\AppFramework\Utility\ITimeFactory;
  16. use OCP\Authentication\Token\IToken;
  17. use OCP\ICacheFactory;
  18. use OCP\IConfig;
  19. use OCP\IDBConnection;
  20. use OCP\Security\ICrypto;
  21. use OCP\Security\IHasher;
  22. use PHPUnit\Framework\MockObject\MockObject;
  23. use Psr\Log\LoggerInterface;
  24. use Test\TestCase;
  25. class PublicKeyTokenProviderTest extends TestCase {
  26. /** @var PublicKeyTokenProvider|\PHPUnit\Framework\MockObject\MockObject */
  27. private $tokenProvider;
  28. /** @var PublicKeyTokenMapper|\PHPUnit\Framework\MockObject\MockObject */
  29. private $mapper;
  30. /** @var IHasher|\PHPUnit\Framework\MockObject\MockObject */
  31. private $hasher;
  32. /** @var ICrypto */
  33. private $crypto;
  34. /** @var IConfig|\PHPUnit\Framework\MockObject\MockObject */
  35. private $config;
  36. /** @var IDBConnection|MockObject */
  37. private IDBConnection $db;
  38. /** @var LoggerInterface|\PHPUnit\Framework\MockObject\MockObject */
  39. private $logger;
  40. /** @var ITimeFactory|\PHPUnit\Framework\MockObject\MockObject */
  41. private $timeFactory;
  42. /** @var ICacheFactory|\PHPUnit\Framework\MockObject\MockObject */
  43. private $cacheFactory;
  44. /** @var int */
  45. private $time;
  46. protected function setUp(): void {
  47. parent::setUp();
  48. $this->mapper = $this->createMock(PublicKeyTokenMapper::class);
  49. $this->hasher = \OC::$server->get(IHasher::class);
  50. $this->crypto = \OC::$server->getCrypto();
  51. $this->config = $this->createMock(IConfig::class);
  52. $this->config->method('getSystemValueInt')
  53. ->willReturnMap([
  54. ['session_lifetime', 60 * 60 * 24, 150],
  55. ['remember_login_cookie_lifetime', 60 * 60 * 24 * 15, 300],
  56. ['token_auth_activity_update', 60, 60],
  57. ]);
  58. $this->config->method('getSystemValue')
  59. ->willReturnMap([
  60. ['openssl', [], []],
  61. ]);
  62. $this->config->method('getSystemValueString')
  63. ->willReturnMap([
  64. ['secret', '', '1f4h9s'],
  65. ]);
  66. $this->db = $this->createMock(IDBConnection::class);
  67. $this->logger = $this->createMock(LoggerInterface::class);
  68. $this->timeFactory = $this->createMock(ITimeFactory::class);
  69. $this->time = 1313131;
  70. $this->timeFactory->method('getTime')
  71. ->willReturn($this->time);
  72. $this->cacheFactory = $this->createMock(ICacheFactory::class);
  73. $this->tokenProvider = new PublicKeyTokenProvider(
  74. $this->mapper,
  75. $this->crypto,
  76. $this->config,
  77. $this->db,
  78. $this->logger,
  79. $this->timeFactory,
  80. $this->hasher,
  81. $this->cacheFactory,
  82. );
  83. }
  84. public function testGenerateToken() {
  85. $token = 'tokentokentokentokentoken';
  86. $uid = 'user';
  87. $user = 'User';
  88. $password = 'passme';
  89. $name = 'User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12';
  90. $type = IToken::PERMANENT_TOKEN;
  91. $this->config->method('getSystemValueBool')
  92. ->willReturnMap([
  93. ['auth.storeCryptedPassword', true, true],
  94. ]);
  95. $actual = $this->tokenProvider->generateToken($token, $uid, $user, $password, $name, $type, IToken::DO_NOT_REMEMBER);
  96. $this->assertInstanceOf(PublicKeyToken::class, $actual);
  97. $this->assertSame($uid, $actual->getUID());
  98. $this->assertSame($user, $actual->getLoginName());
  99. $this->assertSame($name, $actual->getName());
  100. $this->assertSame(IToken::DO_NOT_REMEMBER, $actual->getRemember());
  101. $this->assertSame($password, $this->tokenProvider->getPassword($actual, $token));
  102. }
  103. public function testGenerateTokenNoPassword(): void {
  104. $token = 'tokentokentokentokentoken';
  105. $uid = 'user';
  106. $user = 'User';
  107. $password = 'passme';
  108. $name = 'User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12';
  109. $type = IToken::PERMANENT_TOKEN;
  110. $this->config->method('getSystemValueBool')
  111. ->willReturnMap([
  112. ['auth.storeCryptedPassword', true, false],
  113. ]);
  114. $this->expectException(PasswordlessTokenException::class);
  115. $actual = $this->tokenProvider->generateToken($token, $uid, $user, $password, $name, $type, IToken::DO_NOT_REMEMBER);
  116. $this->assertInstanceOf(PublicKeyToken::class, $actual);
  117. $this->assertSame($uid, $actual->getUID());
  118. $this->assertSame($user, $actual->getLoginName());
  119. $this->assertSame($name, $actual->getName());
  120. $this->assertSame(IToken::DO_NOT_REMEMBER, $actual->getRemember());
  121. $this->tokenProvider->getPassword($actual, $token);
  122. }
  123. public function testGenerateTokenLongPassword() {
  124. $token = 'tokentokentokentokentoken';
  125. $uid = 'user';
  126. $user = 'User';
  127. $password = '';
  128. for ($i = 0; $i < 500; $i++) {
  129. $password .= 'e';
  130. }
  131. $name = 'User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12';
  132. $type = IToken::PERMANENT_TOKEN;
  133. $this->config->method('getSystemValueBool')
  134. ->willReturnMap([
  135. ['auth.storeCryptedPassword', true, true],
  136. ]);
  137. $this->expectException(\RuntimeException::class);
  138. $actual = $this->tokenProvider->generateToken($token, $uid, $user, $password, $name, $type, IToken::DO_NOT_REMEMBER);
  139. }
  140. public function testGenerateTokenInvalidName() {
  141. $token = 'tokentokentokentokentoken';
  142. $uid = 'user';
  143. $user = 'User';
  144. $password = 'passme';
  145. $name = 'User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12'
  146. . 'User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12'
  147. . 'User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12'
  148. . 'User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12';
  149. $type = IToken::PERMANENT_TOKEN;
  150. $this->config->method('getSystemValueBool')
  151. ->willReturnMap([
  152. ['auth.storeCryptedPassword', true, true],
  153. ]);
  154. $actual = $this->tokenProvider->generateToken($token, $uid, $user, $password, $name, $type, IToken::DO_NOT_REMEMBER);
  155. $this->assertInstanceOf(PublicKeyToken::class, $actual);
  156. $this->assertSame($uid, $actual->getUID());
  157. $this->assertSame($user, $actual->getLoginName());
  158. $this->assertSame('User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12User-Agent: Mozill…', $actual->getName());
  159. $this->assertSame(IToken::DO_NOT_REMEMBER, $actual->getRemember());
  160. $this->assertSame($password, $this->tokenProvider->getPassword($actual, $token));
  161. }
  162. public function testUpdateToken() {
  163. $tk = new PublicKeyToken();
  164. $this->mapper->expects($this->once())
  165. ->method('updateActivity')
  166. ->with($tk, $this->time);
  167. $tk->setLastActivity($this->time - 200);
  168. $this->config->method('getSystemValueBool')
  169. ->willReturnMap([
  170. ['auth.storeCryptedPassword', true, true],
  171. ]);
  172. $this->tokenProvider->updateTokenActivity($tk);
  173. $this->assertEquals($this->time, $tk->getLastActivity());
  174. }
  175. public function testUpdateTokenDebounce() {
  176. $tk = new PublicKeyToken();
  177. $this->config->method('getSystemValueInt')
  178. ->willReturnCallback(function ($value, $default) {
  179. return $default;
  180. });
  181. $tk->setLastActivity($this->time - 30);
  182. $this->mapper->expects($this->never())
  183. ->method('updateActivity')
  184. ->with($tk, $this->time);
  185. $this->tokenProvider->updateTokenActivity($tk);
  186. }
  187. public function testGetTokenByUser() {
  188. $this->mapper->expects($this->once())
  189. ->method('getTokenByUser')
  190. ->with('uid')
  191. ->willReturn(['token']);
  192. $this->assertEquals(['token'], $this->tokenProvider->getTokenByUser('uid'));
  193. }
  194. public function testGetPassword() {
  195. $token = 'tokentokentokentokentoken';
  196. $uid = 'user';
  197. $user = 'User';
  198. $password = 'passme';
  199. $name = 'User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12';
  200. $type = IToken::PERMANENT_TOKEN;
  201. $this->config->method('getSystemValueBool')
  202. ->willReturnMap([
  203. ['auth.storeCryptedPassword', true, true],
  204. ]);
  205. $actual = $this->tokenProvider->generateToken($token, $uid, $user, $password, $name, $type, IToken::DO_NOT_REMEMBER);
  206. $this->assertSame($password, $this->tokenProvider->getPassword($actual, $token));
  207. }
  208. public function testGetPasswordPasswordLessToken() {
  209. $this->expectException(\OC\Authentication\Exceptions\PasswordlessTokenException::class);
  210. $token = 'token1234';
  211. $tk = new PublicKeyToken();
  212. $tk->setPassword(null);
  213. $this->tokenProvider->getPassword($tk, $token);
  214. }
  215. public function testGetPasswordInvalidToken() {
  216. $this->expectException(\OC\Authentication\Exceptions\InvalidTokenException::class);
  217. $token = 'tokentokentokentokentoken';
  218. $uid = 'user';
  219. $user = 'User';
  220. $password = 'passme';
  221. $name = 'User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12';
  222. $type = IToken::PERMANENT_TOKEN;
  223. $this->config->method('getSystemValueBool')
  224. ->willReturnMap([
  225. ['auth.storeCryptedPassword', true, true],
  226. ]);
  227. $actual = $this->tokenProvider->generateToken($token, $uid, $user, $password, $name, $type, IToken::DO_NOT_REMEMBER);
  228. $this->tokenProvider->getPassword($actual, 'wrongtoken');
  229. }
  230. public function testSetPassword() {
  231. $token = 'tokentokentokentokentoken';
  232. $uid = 'user';
  233. $user = 'User';
  234. $password = 'passme';
  235. $name = 'User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12';
  236. $type = IToken::PERMANENT_TOKEN;
  237. $this->config->method('getSystemValueBool')
  238. ->willReturnMap([
  239. ['auth.storeCryptedPassword', true, true],
  240. ]);
  241. $actual = $this->tokenProvider->generateToken($token, $uid, $user, $password, $name, $type, IToken::DO_NOT_REMEMBER);
  242. $this->mapper->method('getTokenByUser')
  243. ->with('user')
  244. ->willReturn([$actual]);
  245. $newpass = 'newpass';
  246. $this->mapper->expects($this->once())
  247. ->method('update')
  248. ->with($this->callback(function ($token) use ($newpass) {
  249. return $newpass === $this->tokenProvider->getPassword($token, 'tokentokentokentokentoken');
  250. }));
  251. $this->tokenProvider->setPassword($actual, $token, $newpass);
  252. $this->assertSame($newpass, $this->tokenProvider->getPassword($actual, 'tokentokentokentokentoken'));
  253. }
  254. public function testSetPasswordInvalidToken() {
  255. $this->expectException(\OC\Authentication\Exceptions\InvalidTokenException::class);
  256. $token = $this->createMock(IToken::class);
  257. $tokenId = 'token123';
  258. $password = '123456';
  259. $this->tokenProvider->setPassword($token, $tokenId, $password);
  260. }
  261. public function testInvalidateToken() {
  262. $this->mapper->expects($this->exactly(2))
  263. ->method('invalidate')
  264. ->withConsecutive(
  265. [hash('sha512', 'token7'.'1f4h9s')],
  266. [hash('sha512', 'token7')]
  267. );
  268. $this->tokenProvider->invalidateToken('token7');
  269. }
  270. public function testInvalidateTokenById() {
  271. $id = 123;
  272. $this->mapper->expects($this->once())
  273. ->method('getTokenById')
  274. ->with($id);
  275. $this->tokenProvider->invalidateTokenById('uid', $id);
  276. }
  277. public function testInvalidateOldTokens() {
  278. $defaultSessionLifetime = 60 * 60 * 24;
  279. $defaultRememberMeLifetime = 60 * 60 * 24 * 15;
  280. $this->config->expects($this->exactly(2))
  281. ->method('getSystemValueInt')
  282. ->willReturnMap([
  283. ['session_lifetime', $defaultSessionLifetime, 150],
  284. ['remember_login_cookie_lifetime', $defaultRememberMeLifetime, 300],
  285. ]);
  286. $this->mapper->expects($this->exactly(2))
  287. ->method('invalidateOld')
  288. ->withConsecutive(
  289. [$this->time - 150],
  290. [$this->time - 300]
  291. );
  292. $this->tokenProvider->invalidateOldTokens();
  293. }
  294. public function testInvalidateLastUsedBefore() {
  295. $this->mapper->expects($this->once())
  296. ->method('invalidateLastUsedBefore')
  297. ->with('user', 946684800);
  298. $this->tokenProvider->invalidateLastUsedBefore('user', 946684800);
  299. }
  300. public function testRenewSessionTokenWithoutPassword() {
  301. $token = 'oldIdtokentokentokentoken';
  302. $uid = 'user';
  303. $user = 'User';
  304. $password = null;
  305. $name = 'User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12';
  306. $type = IToken::PERMANENT_TOKEN;
  307. $oldToken = $this->tokenProvider->generateToken($token, $uid, $user, $password, $name, $type, IToken::DO_NOT_REMEMBER);
  308. $this->mapper
  309. ->expects($this->once())
  310. ->method('getToken')
  311. ->with(hash('sha512', 'oldIdtokentokentokentoken' . '1f4h9s'))
  312. ->willReturn($oldToken);
  313. $this->mapper
  314. ->expects($this->once())
  315. ->method('insert')
  316. ->with($this->callback(function (PublicKeyToken $token) use ($user, $uid, $name) {
  317. return $token->getUID() === $uid &&
  318. $token->getLoginName() === $user &&
  319. $token->getName() === $name &&
  320. $token->getType() === IToken::DO_NOT_REMEMBER &&
  321. $token->getLastActivity() === $this->time &&
  322. $token->getPassword() === null;
  323. }));
  324. $this->mapper
  325. ->expects($this->once())
  326. ->method('delete')
  327. ->with($this->callback(function ($token) use ($oldToken) {
  328. return $token === $oldToken;
  329. }));
  330. $this->tokenProvider->renewSessionToken('oldIdtokentokentokentoken', 'newIdtokentokentokentoken');
  331. }
  332. public function testRenewSessionTokenWithPassword(): void {
  333. $token = 'oldIdtokentokentokentoken';
  334. $uid = 'user';
  335. $user = 'User';
  336. $password = 'password';
  337. $name = 'User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12';
  338. $type = IToken::PERMANENT_TOKEN;
  339. $this->config->method('getSystemValueBool')
  340. ->willReturnMap([
  341. ['auth.storeCryptedPassword', true, true],
  342. ]);
  343. $oldToken = $this->tokenProvider->generateToken($token, $uid, $user, $password, $name, $type, IToken::DO_NOT_REMEMBER);
  344. $this->mapper
  345. ->expects($this->once())
  346. ->method('getToken')
  347. ->with(hash('sha512', 'oldIdtokentokentokentoken' . '1f4h9s'))
  348. ->willReturn($oldToken);
  349. $this->mapper
  350. ->expects($this->once())
  351. ->method('insert')
  352. ->with($this->callback(function (PublicKeyToken $token) use ($user, $uid, $name): bool {
  353. return $token->getUID() === $uid &&
  354. $token->getLoginName() === $user &&
  355. $token->getName() === $name &&
  356. $token->getType() === IToken::DO_NOT_REMEMBER &&
  357. $token->getLastActivity() === $this->time &&
  358. $token->getPassword() !== null &&
  359. $this->tokenProvider->getPassword($token, 'newIdtokentokentokentoken') === 'password';
  360. }));
  361. $this->mapper
  362. ->expects($this->once())
  363. ->method('delete')
  364. ->with($this->callback(function ($token) use ($oldToken): bool {
  365. return $token === $oldToken;
  366. }));
  367. $this->tokenProvider->renewSessionToken('oldIdtokentokentokentoken', 'newIdtokentokentokentoken');
  368. }
  369. public function testGetToken(): void {
  370. $token = new PublicKeyToken();
  371. $this->config->method('getSystemValue')
  372. ->with('secret')
  373. ->willReturn('mysecret');
  374. $this->mapper->method('getToken')
  375. ->with(
  376. $this->callback(function (string $token) {
  377. return hash('sha512', 'unhashedTokentokentokentokentoken'.'1f4h9s') === $token;
  378. })
  379. )->willReturn($token);
  380. $this->assertSame($token, $this->tokenProvider->getToken('unhashedTokentokentokentokentoken'));
  381. }
  382. public function testGetInvalidToken() {
  383. $this->expectException(InvalidTokenException::class);
  384. $this->mapper->expects($this->exactly(2))
  385. ->method('getToken')
  386. ->withConsecutive(
  387. [$this->callback(function (string $token): bool {
  388. return hash('sha512', 'unhashedTokentokentokentokentoken'.'1f4h9s') === $token;
  389. })],
  390. [$this->callback(function (string $token): bool {
  391. return hash('sha512', 'unhashedTokentokentokentokentoken') === $token;
  392. })]
  393. )->willThrowException(new DoesNotExistException('nope'));
  394. $this->tokenProvider->getToken('unhashedTokentokentokentokentoken');
  395. }
  396. public function testGetExpiredToken() {
  397. $token = 'tokentokentokentokentoken';
  398. $uid = 'user';
  399. $user = 'User';
  400. $password = 'passme';
  401. $name = 'User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12';
  402. $type = IToken::PERMANENT_TOKEN;
  403. $actual = $this->tokenProvider->generateToken($token, $uid, $user, $password, $name, $type, IToken::DO_NOT_REMEMBER);
  404. $actual->setExpires(42);
  405. $this->mapper->method('getToken')
  406. ->with(
  407. $this->callback(function (string $token) {
  408. return hash('sha512', 'tokentokentokentokentoken'.'1f4h9s') === $token;
  409. })
  410. )->willReturn($actual);
  411. try {
  412. $this->tokenProvider->getToken('tokentokentokentokentoken');
  413. $this->fail();
  414. } catch (ExpiredTokenException $e) {
  415. $this->assertSame($actual, $e->getToken());
  416. }
  417. }
  418. public function testGetTokenById() {
  419. $token = $this->createMock(PublicKeyToken::class);
  420. $this->mapper->expects($this->once())
  421. ->method('getTokenById')
  422. ->with($this->equalTo(42))
  423. ->willReturn($token);
  424. $this->assertSame($token, $this->tokenProvider->getTokenById(42));
  425. }
  426. public function testGetInvalidTokenById() {
  427. $this->expectException(InvalidTokenException::class);
  428. $this->mapper->expects($this->once())
  429. ->method('getTokenById')
  430. ->with($this->equalTo(42))
  431. ->willThrowException(new DoesNotExistException('nope'));
  432. $this->tokenProvider->getTokenById(42);
  433. }
  434. public function testGetExpiredTokenById() {
  435. $token = new PublicKeyToken();
  436. $token->setExpires(42);
  437. $this->mapper->expects($this->once())
  438. ->method('getTokenById')
  439. ->with($this->equalTo(42))
  440. ->willReturn($token);
  441. try {
  442. $this->tokenProvider->getTokenById(42);
  443. $this->fail();
  444. } catch (ExpiredTokenException $e) {
  445. $this->assertSame($token, $e->getToken());
  446. }
  447. }
  448. public function testRotate() {
  449. $token = 'oldtokentokentokentokentoken';
  450. $uid = 'user';
  451. $user = 'User';
  452. $password = 'password';
  453. $name = 'User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12';
  454. $type = IToken::PERMANENT_TOKEN;
  455. $this->config->method('getSystemValueBool')
  456. ->willReturnMap([
  457. ['auth.storeCryptedPassword', true, true],
  458. ]);
  459. $actual = $this->tokenProvider->generateToken($token, $uid, $user, $password, $name, $type, IToken::DO_NOT_REMEMBER);
  460. $new = $this->tokenProvider->rotate($actual, 'oldtokentokentokentokentoken', 'newtokentokentokentokentoken');
  461. $this->assertSame('password', $this->tokenProvider->getPassword($new, 'newtokentokentokentokentoken'));
  462. }
  463. public function testRotateNoPassword() {
  464. $token = 'oldtokentokentokentokentoken';
  465. $uid = 'user';
  466. $user = 'User';
  467. $password = null;
  468. $name = 'User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12';
  469. $type = IToken::PERMANENT_TOKEN;
  470. $actual = $this->tokenProvider->generateToken($token, $uid, $user, $password, $name, $type, IToken::DO_NOT_REMEMBER);
  471. $oldPrivate = $actual->getPrivateKey();
  472. $new = $this->tokenProvider->rotate($actual, 'oldtokentokentokentokentoken', 'newtokentokentokentokentoken');
  473. $newPrivate = $new->getPrivateKey();
  474. $this->assertNotSame($newPrivate, $oldPrivate);
  475. $this->assertNull($new->getPassword());
  476. }
  477. public function testMarkPasswordInvalidInvalidToken() {
  478. $token = $this->createMock(IToken::class);
  479. $this->expectException(InvalidTokenException::class);
  480. $this->tokenProvider->markPasswordInvalid($token, 'tokenId');
  481. }
  482. public function testMarkPasswordInvalid() {
  483. $token = $this->createMock(PublicKeyToken::class);
  484. $token->expects($this->once())
  485. ->method('setPasswordInvalid')
  486. ->with(true);
  487. $this->mapper->expects($this->once())
  488. ->method('update')
  489. ->with($token);
  490. $this->tokenProvider->markPasswordInvalid($token, 'tokenId');
  491. }
  492. public function testUpdatePasswords() {
  493. $uid = 'myUID';
  494. $token1 = $this->tokenProvider->generateToken(
  495. 'foobetokentokentokentoken',
  496. $uid,
  497. $uid,
  498. 'bar',
  499. 'random1',
  500. IToken::PERMANENT_TOKEN,
  501. IToken::REMEMBER);
  502. $token2 = $this->tokenProvider->generateToken(
  503. 'foobartokentokentokentoken',
  504. $uid,
  505. $uid,
  506. 'bar',
  507. 'random2',
  508. IToken::PERMANENT_TOKEN,
  509. IToken::REMEMBER);
  510. $this->config->method('getSystemValueBool')
  511. ->willReturnMap([
  512. ['auth.storeCryptedPassword', true, true],
  513. ]);
  514. $this->mapper->method('hasExpiredTokens')
  515. ->with($uid)
  516. ->willReturn(true);
  517. $this->mapper->expects($this->once())
  518. ->method('getTokenByUser')
  519. ->with($uid)
  520. ->willReturn([$token1, $token2]);
  521. $this->mapper->expects($this->exactly(2))
  522. ->method('update')
  523. ->with($this->callback(function (PublicKeyToken $t) use ($token1, $token2) {
  524. return $t === $token1 || $t === $token2;
  525. }));
  526. $this->tokenProvider->updatePasswords($uid, 'bar2');
  527. }
  528. }