OCSAuthAPIControllerTest.php 6.1 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201
  1. <?php
  2. /**
  3. * @copyright Copyright (c) 2016, ownCloud, Inc.
  4. *
  5. * @author Bjoern Schiessle <bjoern@schiessle.org>
  6. * @author Björn Schießle <bjoern@schiessle.org>
  7. * @author Christoph Wurst <christoph@winzerhof-wurst.at>
  8. * @author Morris Jobke <hey@morrisjobke.de>
  9. * @author Robin Appelman <robin@icewind.nl>
  10. * @author Roeland Jago Douma <roeland@famdouma.nl>
  11. *
  12. * @license AGPL-3.0
  13. *
  14. * This code is free software: you can redistribute it and/or modify
  15. * it under the terms of the GNU Affero General Public License, version 3,
  16. * as published by the Free Software Foundation.
  17. *
  18. * This program is distributed in the hope that it will be useful,
  19. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  20. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  21. * GNU Affero General Public License for more details.
  22. *
  23. * You should have received a copy of the GNU Affero General Public License, version 3,
  24. * along with this program. If not, see <http://www.gnu.org/licenses/>
  25. *
  26. */
  27. namespace OCA\Federation\Tests\Controller;
  28. use OC\BackgroundJob\JobList;
  29. use OCA\Federation\Controller\OCSAuthAPIController;
  30. use OCA\Federation\DbHandler;
  31. use OCA\Federation\TrustedServers;
  32. use OCP\AppFramework\OCS\OCSForbiddenException;
  33. use OCP\AppFramework\Utility\ITimeFactory;
  34. use OCP\IRequest;
  35. use OCP\Security\Bruteforce\IThrottler;
  36. use OCP\Security\ISecureRandom;
  37. use Psr\Log\LoggerInterface;
  38. use Test\TestCase;
  39. class OCSAuthAPIControllerTest extends TestCase {
  40. /** @var \PHPUnit\Framework\MockObject\MockObject|IRequest */
  41. private $request;
  42. /** @var \PHPUnit\Framework\MockObject\MockObject|ISecureRandom */
  43. private $secureRandom;
  44. /** @var \PHPUnit\Framework\MockObject\MockObject|JobList */
  45. private $jobList;
  46. /** @var \PHPUnit\Framework\MockObject\MockObject|TrustedServers */
  47. private $trustedServers;
  48. /** @var \PHPUnit\Framework\MockObject\MockObject|DbHandler */
  49. private $dbHandler;
  50. /** @var \PHPUnit\Framework\MockObject\MockObject|LoggerInterface */
  51. private $logger;
  52. /** @var \PHPUnit\Framework\MockObject\MockObject|ITimeFactory */
  53. private $timeFactory;
  54. /** @var \PHPUnit\Framework\MockObject\MockObject|IThrottler */
  55. private $throttler;
  56. private OCSAuthAPIController $ocsAuthApi;
  57. /** @var int simulated timestamp */
  58. private int $currentTime = 1234567;
  59. protected function setUp(): void {
  60. parent::setUp();
  61. $this->request = $this->createMock(IRequest::class);
  62. $this->secureRandom = $this->createMock(ISecureRandom::class);
  63. $this->trustedServers = $this->createMock(TrustedServers::class);
  64. $this->dbHandler = $this->createMock(DbHandler::class);
  65. $this->jobList = $this->createMock(JobList::class);
  66. $this->logger = $this->createMock(LoggerInterface::class);
  67. $this->timeFactory = $this->createMock(ITimeFactory::class);
  68. $this->throttler = $this->createMock(IThrottler::class);
  69. $this->ocsAuthApi = new OCSAuthAPIController(
  70. 'federation',
  71. $this->request,
  72. $this->secureRandom,
  73. $this->jobList,
  74. $this->trustedServers,
  75. $this->dbHandler,
  76. $this->logger,
  77. $this->timeFactory,
  78. $this->throttler
  79. );
  80. $this->timeFactory->method('getTime')
  81. ->willReturn($this->currentTime);
  82. }
  83. /**
  84. * @dataProvider dataTestRequestSharedSecret
  85. */
  86. public function testRequestSharedSecret(string $token, string $localToken, bool $isTrustedServer, bool $ok): void {
  87. $url = 'url';
  88. $this->trustedServers
  89. ->expects($this->once())
  90. ->method('isTrustedServer')->with($url)->willReturn($isTrustedServer);
  91. $this->dbHandler->expects($this->any())
  92. ->method('getToken')->with($url)->willReturn($localToken);
  93. if ($ok) {
  94. $this->jobList->expects($this->once())->method('add')
  95. ->with('OCA\Federation\BackgroundJob\GetSharedSecret', ['url' => $url, 'token' => $token, 'created' => $this->currentTime]);
  96. } else {
  97. $this->jobList->expects($this->never())->method('add');
  98. $this->jobList->expects($this->never())->method('remove');
  99. if (!$isTrustedServer) {
  100. $this->throttler->expects($this->once())
  101. ->method('registerAttempt')
  102. ->with('federationSharedSecret');
  103. }
  104. }
  105. try {
  106. $this->ocsAuthApi->requestSharedSecret($url, $token);
  107. $this->assertTrue($ok);
  108. } catch (OCSForbiddenException $e) {
  109. $this->assertFalse($ok);
  110. }
  111. }
  112. public function dataTestRequestSharedSecret() {
  113. return [
  114. ['token2', 'token1', true, true],
  115. ['token1', 'token2', false, false],
  116. ['token1', 'token2', true, false],
  117. ];
  118. }
  119. /**
  120. * @dataProvider dataTestGetSharedSecret
  121. */
  122. public function testGetSharedSecret(bool $isTrustedServer, bool $isValidToken, bool $ok): void {
  123. $url = 'url';
  124. $token = 'token';
  125. /** @var OCSAuthAPIController | \PHPUnit\Framework\MockObject\MockObject $ocsAuthApi */
  126. $ocsAuthApi = $this->getMockBuilder('OCA\Federation\Controller\OCSAuthAPIController')
  127. ->setConstructorArgs(
  128. [
  129. 'federation',
  130. $this->request,
  131. $this->secureRandom,
  132. $this->jobList,
  133. $this->trustedServers,
  134. $this->dbHandler,
  135. $this->logger,
  136. $this->timeFactory,
  137. $this->throttler
  138. ]
  139. )->setMethods(['isValidToken'])->getMock();
  140. $this->trustedServers
  141. ->expects($this->any())
  142. ->method('isTrustedServer')->with($url)->willReturn($isTrustedServer);
  143. $ocsAuthApi->expects($this->any())
  144. ->method('isValidToken')->with($url, $token)->willReturn($isValidToken);
  145. if ($ok) {
  146. $this->secureRandom->expects($this->once())->method('generate')->with(32)
  147. ->willReturn('secret');
  148. $this->trustedServers->expects($this->once())
  149. ->method('addSharedSecret')->with($url, 'secret');
  150. } else {
  151. $this->secureRandom->expects($this->never())->method('generate');
  152. $this->trustedServers->expects($this->never())->method('addSharedSecret');
  153. $this->throttler->expects($this->once())
  154. ->method('registerAttempt')
  155. ->with('federationSharedSecret');
  156. }
  157. try {
  158. $result = $ocsAuthApi->getSharedSecret($url, $token);
  159. $this->assertTrue($ok);
  160. $data = $result->getData();
  161. $this->assertSame('secret', $data['sharedSecret']);
  162. } catch (OCSForbiddenException $e) {
  163. $this->assertFalse($ok);
  164. }
  165. }
  166. public function dataTestGetSharedSecret() {
  167. return [
  168. [true, true, true],
  169. [false, true, false],
  170. [true, false, false],
  171. [false, false, false],
  172. ];
  173. }
  174. }