123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668 |
- <?php
- /**
- * @copyright Copyright (c) 2017 Lukas Reschke <lukas@statuscode.ch>
- *
- * @license GNU AGPL version 3 or any later version
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as
- * published by the Free Software Foundation, either version 3 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program. If not, see <http://www.gnu.org/licenses/>.
- *
- */
- namespace Tests\Core\Controller;
- use OC\Authentication\Exceptions\InvalidTokenException;
- use OC\Authentication\Exceptions\PasswordlessTokenException;
- use OC\Authentication\Token\IProvider;
- use OC\Authentication\Token\IToken;
- use OC\Core\Controller\ClientFlowLoginController;
- use OCA\OAuth2\Db\AccessTokenMapper;
- use OCA\OAuth2\Db\Client;
- use OCA\OAuth2\Db\ClientMapper;
- use OCP\AppFramework\Http;
- use OCP\AppFramework\Http\TemplateResponse;
- use OCP\Defaults;
- use OCP\IL10N;
- use OCP\IRequest;
- use OCP\ISession;
- use OCP\IURLGenerator;
- use OCP\IUser;
- use OCP\IUserSession;
- use OCP\Security\ICrypto;
- use OCP\Security\ISecureRandom;
- use OCP\Session\Exceptions\SessionNotAvailableException;
- use Test\TestCase;
- class ClientFlowLoginControllerTest extends TestCase {
- /** @var IRequest|\PHPUnit_Framework_MockObject_MockObject */
- private $request;
- /** @var IUserSession|\PHPUnit_Framework_MockObject_MockObject */
- private $userSession;
- /** @var IL10N|\PHPUnit_Framework_MockObject_MockObject */
- private $l10n;
- /** @var Defaults|\PHPUnit_Framework_MockObject_MockObject */
- private $defaults;
- /** @var ISession|\PHPUnit_Framework_MockObject_MockObject */
- private $session;
- /** @var IProvider|\PHPUnit_Framework_MockObject_MockObject */
- private $tokenProvider;
- /** @var ISecureRandom|\PHPUnit_Framework_MockObject_MockObject */
- private $random;
- /** @var IURLGenerator|\PHPUnit_Framework_MockObject_MockObject */
- private $urlGenerator;
- /** @var ClientMapper|\PHPUnit_Framework_MockObject_MockObject */
- private $clientMapper;
- /** @var AccessTokenMapper|\PHPUnit_Framework_MockObject_MockObject */
- private $accessTokenMapper;
- /** @var ICrypto|\PHPUnit_Framework_MockObject_MockObject */
- private $crypto;
- /** @var ClientFlowLoginController */
- private $clientFlowLoginController;
- public function setUp() {
- parent::setUp();
- $this->request = $this->createMock(IRequest::class);
- $this->userSession = $this->createMock(IUserSession::class);
- $this->l10n = $this->createMock(IL10N::class);
- $this->l10n
- ->expects($this->any())
- ->method('t')
- ->will($this->returnCallback(function($text, $parameters = array()) {
- return vsprintf($text, $parameters);
- }));
- $this->defaults = $this->createMock(Defaults::class);
- $this->session = $this->createMock(ISession::class);
- $this->tokenProvider = $this->createMock(IProvider::class);
- $this->random = $this->createMock(ISecureRandom::class);
- $this->urlGenerator = $this->createMock(IURLGenerator::class);
- $this->clientMapper = $this->createMock(ClientMapper::class);
- $this->accessTokenMapper = $this->createMock(AccessTokenMapper::class);
- $this->crypto = $this->createMock(ICrypto::class);
- $this->clientFlowLoginController = new ClientFlowLoginController(
- 'core',
- $this->request,
- $this->userSession,
- $this->l10n,
- $this->defaults,
- $this->session,
- $this->tokenProvider,
- $this->random,
- $this->urlGenerator,
- $this->clientMapper,
- $this->accessTokenMapper,
- $this->crypto
- );
- }
- public function testShowAuthPickerPageNoClientOrOauthRequest() {
- $expected = new TemplateResponse(
- 'core',
- 'error',
- [
- 'errors' =>
- [
- [
- 'error' => 'Access Forbidden',
- 'hint' => 'Invalid request',
- ],
- ],
- ],
- 'guest'
- );
- $this->assertEquals($expected, $this->clientFlowLoginController->showAuthPickerPage());
- }
- public function testShowAuthPickerPageWithOcsHeader() {
- $this->request
- ->expects($this->at(0))
- ->method('getHeader')
- ->with('USER_AGENT')
- ->willReturn('Mac OS X Sync Client');
- $this->request
- ->expects($this->at(1))
- ->method('getHeader')
- ->with('OCS-APIREQUEST')
- ->willReturn('true');
- $this->random
- ->expects($this->once())
- ->method('generate')
- ->with(
- 64,
- ISecureRandom::CHAR_LOWER.ISecureRandom::CHAR_UPPER.ISecureRandom::CHAR_DIGITS
- )
- ->willReturn('StateToken');
- $this->session
- ->expects($this->once())
- ->method('set')
- ->with('client.flow.state.token', 'StateToken');
- $this->session
- ->expects($this->once())
- ->method('get')
- ->with('oauth.state')
- ->willReturn('OauthStateToken');
- $this->defaults
- ->expects($this->once())
- ->method('getName')
- ->willReturn('ExampleCloud');
- $this->request
- ->expects($this->once())
- ->method('getServerHost')
- ->willReturn('example.com');
- $this->request
- ->method('getServerProtocol')
- ->willReturn('https');
- $expected = new TemplateResponse(
- 'core',
- 'loginflow/authpicker',
- [
- 'client' => 'Mac OS X Sync Client',
- 'clientIdentifier' => '',
- 'instanceName' => 'ExampleCloud',
- 'urlGenerator' => $this->urlGenerator,
- 'stateToken' => 'StateToken',
- 'serverHost' => 'https://example.com',
- 'oauthState' => 'OauthStateToken',
- ],
- 'guest'
- );
- $this->assertEquals($expected, $this->clientFlowLoginController->showAuthPickerPage());
- }
- public function testShowAuthPickerPageWithOauth() {
- $this->request
- ->expects($this->at(0))
- ->method('getHeader')
- ->with('USER_AGENT')
- ->willReturn('Mac OS X Sync Client');
- $client = new Client();
- $client->setName('My external service');
- $this->clientMapper
- ->expects($this->once())
- ->method('getByIdentifier')
- ->with('MyClientIdentifier')
- ->willReturn($client);
- $this->random
- ->expects($this->once())
- ->method('generate')
- ->with(
- 64,
- ISecureRandom::CHAR_LOWER.ISecureRandom::CHAR_UPPER.ISecureRandom::CHAR_DIGITS
- )
- ->willReturn('StateToken');
- $this->session
- ->expects($this->once())
- ->method('set')
- ->with('client.flow.state.token', 'StateToken');
- $this->session
- ->expects($this->once())
- ->method('get')
- ->with('oauth.state')
- ->willReturn('OauthStateToken');
- $this->defaults
- ->expects($this->once())
- ->method('getName')
- ->willReturn('ExampleCloud');
- $this->request
- ->expects($this->once())
- ->method('getServerHost')
- ->willReturn('example.com');
- $this->request
- ->method('getServerProtocol')
- ->willReturn('https');
- $expected = new TemplateResponse(
- 'core',
- 'loginflow/authpicker',
- [
- 'client' => 'My external service',
- 'clientIdentifier' => 'MyClientIdentifier',
- 'instanceName' => 'ExampleCloud',
- 'urlGenerator' => $this->urlGenerator,
- 'stateToken' => 'StateToken',
- 'serverHost' => 'https://example.com',
- 'oauthState' => 'OauthStateToken',
- ],
- 'guest'
- );
- $this->assertEquals($expected, $this->clientFlowLoginController->showAuthPickerPage('MyClientIdentifier'));
- }
- public function testGenerateAppPasswordWithInvalidToken() {
- $this->session
- ->expects($this->once())
- ->method('get')
- ->with('client.flow.state.token')
- ->willReturn('OtherToken');
- $this->session
- ->expects($this->once())
- ->method('remove')
- ->with('client.flow.state.token');
- $expected = new TemplateResponse(
- 'core',
- '403',
- [
- 'message' => 'State token does not match',
- ],
- 'guest'
- );
- $expected->setStatus(Http::STATUS_FORBIDDEN);
- $this->assertEquals($expected, $this->clientFlowLoginController->generateAppPassword('MyStateToken'));
- }
- public function testGenerateAppPasswordWithSessionNotAvailableException() {
- $this->session
- ->expects($this->once())
- ->method('get')
- ->with('client.flow.state.token')
- ->willReturn('MyStateToken');
- $this->session
- ->expects($this->once())
- ->method('remove')
- ->with('client.flow.state.token');
- $this->session
- ->expects($this->once())
- ->method('getId')
- ->willThrowException(new SessionNotAvailableException());
- $expected = new Http\Response();
- $expected->setStatus(Http::STATUS_FORBIDDEN);
- $this->assertEquals($expected, $this->clientFlowLoginController->generateAppPassword('MyStateToken'));
- }
- public function testGenerateAppPasswordWithInvalidTokenException() {
- $this->session
- ->expects($this->once())
- ->method('get')
- ->with('client.flow.state.token')
- ->willReturn('MyStateToken');
- $this->session
- ->expects($this->once())
- ->method('remove')
- ->with('client.flow.state.token');
- $this->session
- ->expects($this->once())
- ->method('getId')
- ->willReturn('SessionId');
- $this->tokenProvider
- ->expects($this->once())
- ->method('getToken')
- ->with('SessionId')
- ->willThrowException(new InvalidTokenException());
- $expected = new Http\Response();
- $expected->setStatus(Http::STATUS_FORBIDDEN);
- $this->assertEquals($expected, $this->clientFlowLoginController->generateAppPassword('MyStateToken'));
- }
- public function testGeneratePasswordWithPassword() {
- $this->session
- ->expects($this->once())
- ->method('get')
- ->with('client.flow.state.token')
- ->willReturn('MyStateToken');
- $this->session
- ->expects($this->once())
- ->method('remove')
- ->with('client.flow.state.token');
- $this->session
- ->expects($this->once())
- ->method('getId')
- ->willReturn('SessionId');
- $myToken = $this->createMock(IToken::class);
- $myToken
- ->expects($this->once())
- ->method('getLoginName')
- ->willReturn('MyLoginName');
- $this->tokenProvider
- ->expects($this->once())
- ->method('getToken')
- ->with('SessionId')
- ->willReturn($myToken);
- $this->tokenProvider
- ->expects($this->once())
- ->method('getPassword')
- ->with($myToken, 'SessionId')
- ->willReturn('MyPassword');
- $this->random
- ->expects($this->once())
- ->method('generate')
- ->with(72)
- ->willReturn('MyGeneratedToken');
- $user = $this->createMock(IUser::class);
- $user
- ->expects($this->once())
- ->method('getUID')
- ->willReturn('MyUid');
- $this->userSession
- ->expects($this->once())
- ->method('getUser')
- ->willReturn($user);
- $this->tokenProvider
- ->expects($this->once())
- ->method('generateToken')
- ->with(
- 'MyGeneratedToken',
- 'MyUid',
- 'MyLoginName',
- 'MyPassword',
- 'unknown',
- IToken::PERMANENT_TOKEN,
- IToken::DO_NOT_REMEMBER
- );
- $this->request
- ->expects($this->once())
- ->method('getServerProtocol')
- ->willReturn('http');
- $this->request
- ->expects($this->once())
- ->method('getServerHost')
- ->willReturn('example.com');
- $this->request
- ->expects($this->any())
- ->method('getHeader')
- ->willReturn('');
- $expected = new Http\RedirectResponse('nc://login/server:http://example.com&user:MyLoginName&password:MyGeneratedToken');
- $this->assertEquals($expected, $this->clientFlowLoginController->generateAppPassword('MyStateToken'));
- }
- public function testGeneratePasswordWithPasswordForOauthClient() {
- $this->session
- ->expects($this->at(0))
- ->method('get')
- ->with('client.flow.state.token')
- ->willReturn('MyStateToken');
- $this->session
- ->expects($this->at(1))
- ->method('remove')
- ->with('client.flow.state.token');
- $this->session
- ->expects($this->at(3))
- ->method('get')
- ->with('oauth.state')
- ->willReturn('MyOauthState');
- $this->session
- ->expects($this->at(4))
- ->method('remove')
- ->with('oauth.state');
- $this->session
- ->expects($this->once())
- ->method('getId')
- ->willReturn('SessionId');
- $myToken = $this->createMock(IToken::class);
- $myToken
- ->expects($this->once())
- ->method('getLoginName')
- ->willReturn('MyLoginName');
- $this->tokenProvider
- ->expects($this->once())
- ->method('getToken')
- ->with('SessionId')
- ->willReturn($myToken);
- $this->tokenProvider
- ->expects($this->once())
- ->method('getPassword')
- ->with($myToken, 'SessionId')
- ->willReturn('MyPassword');
- $this->random
- ->expects($this->at(0))
- ->method('generate')
- ->with(72)
- ->willReturn('MyGeneratedToken');
- $this->random
- ->expects($this->at(1))
- ->method('generate')
- ->with(128)
- ->willReturn('MyAccessCode');
- $user = $this->createMock(IUser::class);
- $user
- ->expects($this->once())
- ->method('getUID')
- ->willReturn('MyUid');
- $this->userSession
- ->expects($this->once())
- ->method('getUser')
- ->willReturn($user);
- $token = $this->createMock(IToken::class);
- $this->tokenProvider
- ->expects($this->once())
- ->method('generateToken')
- ->with(
- 'MyGeneratedToken',
- 'MyUid',
- 'MyLoginName',
- 'MyPassword',
- 'My OAuth client',
- IToken::PERMANENT_TOKEN,
- IToken::DO_NOT_REMEMBER
- )
- ->willReturn($token);
- $client = new Client();
- $client->setName('My OAuth client');
- $client->setRedirectUri('https://example.com/redirect.php');
- $this->clientMapper
- ->expects($this->once())
- ->method('getByIdentifier')
- ->with('MyClientIdentifier')
- ->willReturn($client);
- $expected = new Http\RedirectResponse('https://example.com/redirect.php?state=MyOauthState&code=MyAccessCode');
- $this->assertEquals($expected, $this->clientFlowLoginController->generateAppPassword('MyStateToken', 'MyClientIdentifier'));
- }
- public function testGeneratePasswordWithoutPassword() {
- $this->session
- ->expects($this->once())
- ->method('get')
- ->with('client.flow.state.token')
- ->willReturn('MyStateToken');
- $this->session
- ->expects($this->once())
- ->method('remove')
- ->with('client.flow.state.token');
- $this->session
- ->expects($this->once())
- ->method('getId')
- ->willReturn('SessionId');
- $myToken = $this->createMock(IToken::class);
- $myToken
- ->expects($this->once())
- ->method('getLoginName')
- ->willReturn('MyLoginName');
- $this->tokenProvider
- ->expects($this->once())
- ->method('getToken')
- ->with('SessionId')
- ->willReturn($myToken);
- $this->tokenProvider
- ->expects($this->once())
- ->method('getPassword')
- ->with($myToken, 'SessionId')
- ->willThrowException(new PasswordlessTokenException());
- $this->random
- ->expects($this->once())
- ->method('generate')
- ->with(72)
- ->willReturn('MyGeneratedToken');
- $user = $this->createMock(IUser::class);
- $user
- ->expects($this->once())
- ->method('getUID')
- ->willReturn('MyUid');
- $this->userSession
- ->expects($this->once())
- ->method('getUser')
- ->willReturn($user);
- $this->tokenProvider
- ->expects($this->once())
- ->method('generateToken')
- ->with(
- 'MyGeneratedToken',
- 'MyUid',
- 'MyLoginName',
- null,
- 'unknown',
- IToken::PERMANENT_TOKEN,
- IToken::DO_NOT_REMEMBER
- );
- $this->request
- ->expects($this->once())
- ->method('getServerProtocol')
- ->willReturn('http');
- $this->request
- ->expects($this->once())
- ->method('getServerHost')
- ->willReturn('example.com');
- $this->request
- ->expects($this->any())
- ->method('getHeader')
- ->willReturn('');
- $expected = new Http\RedirectResponse('nc://login/server:http://example.com&user:MyLoginName&password:MyGeneratedToken');
- $this->assertEquals($expected, $this->clientFlowLoginController->generateAppPassword('MyStateToken'));
- }
- public function dataGeneratePasswordWithHttpsProxy() {
- return [
- [
- [
- ['X-Forwarded-Proto', 'http'],
- ['X-Forwarded-Ssl', 'off'],
- ['USER_AGENT', ''],
- ],
- 'http',
- 'http',
- ],
- [
- [
- ['X-Forwarded-Proto', 'http'],
- ['X-Forwarded-Ssl', 'off'],
- ['USER_AGENT', ''],
- ],
- 'https',
- 'https',
- ],
- [
- [
- ['X-Forwarded-Proto', 'https'],
- ['X-Forwarded-Ssl', 'off'],
- ['USER_AGENT', ''],
- ],
- 'http',
- 'https',
- ],
- [
- [
- ['X-Forwarded-Proto', 'https'],
- ['X-Forwarded-Ssl', 'on'],
- ['USER_AGENT', ''],
- ],
- 'http',
- 'https',
- ],
- [
- [
- ['X-Forwarded-Proto', 'http'],
- ['X-Forwarded-Ssl', 'on'],
- ['USER_AGENT', ''],
- ],
- 'http',
- 'https',
- ],
- ];
- }
- /**
- * @dataProvider dataGeneratePasswordWithHttpsProxy
- * @param array $headers
- * @param string $protocol
- * @param string $expected
- */
- public function testGeneratePasswordWithHttpsProxy(array $headers, $protocol, $expected) {
- $this->session
- ->expects($this->once())
- ->method('get')
- ->with('client.flow.state.token')
- ->willReturn('MyStateToken');
- $this->session
- ->expects($this->once())
- ->method('remove')
- ->with('client.flow.state.token');
- $this->session
- ->expects($this->once())
- ->method('getId')
- ->willReturn('SessionId');
- $myToken = $this->createMock(IToken::class);
- $myToken
- ->expects($this->once())
- ->method('getLoginName')
- ->willReturn('MyLoginName');
- $this->tokenProvider
- ->expects($this->once())
- ->method('getToken')
- ->with('SessionId')
- ->willReturn($myToken);
- $this->tokenProvider
- ->expects($this->once())
- ->method('getPassword')
- ->with($myToken, 'SessionId')
- ->willReturn('MyPassword');
- $this->random
- ->expects($this->once())
- ->method('generate')
- ->with(72)
- ->willReturn('MyGeneratedToken');
- $user = $this->createMock(IUser::class);
- $user
- ->expects($this->once())
- ->method('getUID')
- ->willReturn('MyUid');
- $this->userSession
- ->expects($this->once())
- ->method('getUser')
- ->willReturn($user);
- $this->tokenProvider
- ->expects($this->once())
- ->method('generateToken')
- ->with(
- 'MyGeneratedToken',
- 'MyUid',
- 'MyLoginName',
- 'MyPassword',
- 'unknown',
- IToken::PERMANENT_TOKEN,
- IToken::DO_NOT_REMEMBER
- );
- $this->request
- ->expects($this->once())
- ->method('getServerProtocol')
- ->willReturn($protocol);
- $this->request
- ->expects($this->once())
- ->method('getServerHost')
- ->willReturn('example.com');
- $this->request
- ->expects($this->atLeastOnce())
- ->method('getHeader')
- ->willReturnMap($headers);
- $expected = new Http\RedirectResponse('nc://login/server:' . $expected . '://example.com&user:MyLoginName&password:MyGeneratedToken');
- $this->assertEquals($expected, $this->clientFlowLoginController->generateAppPassword('MyStateToken'));
- }
- }
|