1
0

CsrfTokenManagerTest.php 4.6 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156
  1. <?php
  2. /**
  3. * @author Lukas Reschke <lukas@owncloud.com>
  4. *
  5. * @copyright Copyright (c) 2016, ownCloud, Inc.
  6. * @license AGPL-3.0
  7. *
  8. * This code is free software: you can redistribute it and/or modify
  9. * it under the terms of the GNU Affero General Public License, version 3,
  10. * as published by the Free Software Foundation.
  11. *
  12. * This program is distributed in the hope that it will be useful,
  13. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  14. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  15. * GNU Affero General Public License for more details.
  16. *
  17. * You should have received a copy of the GNU Affero General Public License, version 3,
  18. * along with this program. If not, see <http://www.gnu.org/licenses/>
  19. *
  20. */
  21. namespace Test\Security\CSRF;
  22. class CsrfTokenManagerTest extends \Test\TestCase {
  23. /** @var \OC\Security\CSRF\CsrfTokenManager */
  24. private $csrfTokenManager;
  25. /** @var \OC\Security\CSRF\CsrfTokenGenerator */
  26. private $tokenGenerator;
  27. /** @var \OC\Security\CSRF\TokenStorage\SessionStorage */
  28. private $storageInterface;
  29. public function setUp() {
  30. parent::setUp();
  31. $this->tokenGenerator = $this->getMockBuilder('\OC\Security\CSRF\CsrfTokenGenerator')
  32. ->disableOriginalConstructor()->getMock();
  33. $this->storageInterface = $this->getMockBuilder('\OC\Security\CSRF\TokenStorage\SessionStorage')
  34. ->disableOriginalConstructor()->getMock();
  35. $this->csrfTokenManager = new \OC\Security\CSRF\CsrfTokenManager(
  36. $this->tokenGenerator,
  37. $this->storageInterface
  38. );
  39. }
  40. public function testGetTokenWithExistingToken() {
  41. $this->storageInterface
  42. ->expects($this->once())
  43. ->method('hasToken')
  44. ->willReturn(true);
  45. $this->storageInterface
  46. ->expects($this->once())
  47. ->method('getToken')
  48. ->willReturn('MyExistingToken');
  49. $expected = new \OC\Security\CSRF\CsrfToken('MyExistingToken');
  50. $this->assertEquals($expected, $this->csrfTokenManager->getToken());
  51. }
  52. public function testGetTokenWithExistingTokenKeepsOnSecondRequest() {
  53. $this->storageInterface
  54. ->expects($this->once())
  55. ->method('hasToken')
  56. ->willReturn(true);
  57. $this->storageInterface
  58. ->expects($this->once())
  59. ->method('getToken')
  60. ->willReturn('MyExistingToken');
  61. $expected = new \OC\Security\CSRF\CsrfToken('MyExistingToken');
  62. $token = $this->csrfTokenManager->getToken();
  63. $this->assertSame($token, $this->csrfTokenManager->getToken());
  64. $this->assertSame($token, $this->csrfTokenManager->getToken());
  65. }
  66. public function testGetTokenWithoutExistingToken() {
  67. $this->storageInterface
  68. ->expects($this->once())
  69. ->method('hasToken')
  70. ->willReturn(false);
  71. $this->tokenGenerator
  72. ->expects($this->once())
  73. ->method('generateToken')
  74. ->willReturn('MyNewToken');
  75. $this->storageInterface
  76. ->expects($this->once())
  77. ->method('setToken')
  78. ->with('MyNewToken');
  79. $expected = new \OC\Security\CSRF\CsrfToken('MyNewToken');
  80. $this->assertEquals($expected, $this->csrfTokenManager->getToken());
  81. }
  82. public function testRefreshToken() {
  83. $this->tokenGenerator
  84. ->expects($this->once())
  85. ->method('generateToken')
  86. ->willReturn('MyNewToken');
  87. $this->storageInterface
  88. ->expects($this->once())
  89. ->method('setToken')
  90. ->with('MyNewToken');
  91. $expected = new \OC\Security\CSRF\CsrfToken('MyNewToken');
  92. $this->assertEquals($expected, $this->csrfTokenManager->refreshToken());
  93. }
  94. public function testRemoveToken() {
  95. $this->storageInterface
  96. ->expects($this->once())
  97. ->method('removeToken');
  98. $this->csrfTokenManager->removeToken();
  99. }
  100. public function testIsTokenValidWithoutToken() {
  101. $this->storageInterface
  102. ->expects($this->once())
  103. ->method('hasToken')
  104. ->willReturn(false);
  105. $token = new \OC\Security\CSRF\CsrfToken('Token');
  106. $this->assertSame(false, $this->csrfTokenManager->isTokenValid($token));
  107. }
  108. public function testIsTokenValidWithWrongToken() {
  109. $this->storageInterface
  110. ->expects($this->once())
  111. ->method('hasToken')
  112. ->willReturn(true);
  113. $token = new \OC\Security\CSRF\CsrfToken('Token');
  114. $this->storageInterface
  115. ->expects($this->once())
  116. ->method('getToken')
  117. ->willReturn('MyToken');
  118. $this->assertSame(false, $this->csrfTokenManager->isTokenValid($token));
  119. }
  120. public function testIsTokenValidWithValidToken() {
  121. $a = 'abc';
  122. $b = 'def';
  123. $xorB64 = 'BQcF';
  124. $tokenVal = sprintf('%s:%s', $xorB64, base64_encode($a));
  125. $this->storageInterface
  126. ->expects($this->once())
  127. ->method('hasToken')
  128. ->willReturn(true);
  129. $token = new \OC\Security\CSRF\CsrfToken($tokenVal);
  130. $this->storageInterface
  131. ->expects($this->once())
  132. ->method('getToken')
  133. ->willReturn($b);
  134. $this->assertSame(true, $this->csrfTokenManager->isTokenValid($token));
  135. }
  136. }