123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218121912201221122212231224122512261227122812291230123112321233123412351236123712381239124012411242124312441245124612471248124912501251125212531254125512561257125812591260126112621263126412651266126712681269127012711272127312741275127612771278127912801281128212831284128512861287128812891290129112921293129412951296129712981299130013011302130313041305130613071308130913101311131213131314131513161317131813191320132113221323132413251326132713281329133013311332133313341335133613371338133913401341134213431344134513461347134813491350135113521353135413551356135713581359136013611362136313641365136613671368136913701371137213731374137513761377137813791380138113821383138413851386138713881389139013911392139313941395139613971398139914001401140214031404140514061407140814091410141114121413141414151416141714181419142014211422142314241425142614271428142914301431143214331434143514361437143814391440144114421443144414451446144714481449145014511452145314541455145614571458145914601461146214631464146514661467146814691470147114721473147414751476147714781479148014811482148314841485148614871488148914901491149214931494149514961497149814991500150115021503150415051506150715081509151015111512151315141515151615171518151915201521152215231524152515261527152815291530153115321533153415351536153715381539154015411542154315441545154615471548154915501551155215531554155515561557155815591560156115621563156415651566156715681569157015711572157315741575157615771578157915801581158215831584158515861587158815891590159115921593159415951596159715981599160016011602160316041605160616071608160916101611161216131614161516161617161816191620162116221623162416251626162716281629163016311632163316341635163616371638163916401641164216431644164516461647164816491650165116521653165416551656165716581659166016611662166316641665166616671668166916701671167216731674167516761677167816791680168116821683168416851686168716881689169016911692169316941695169616971698169917001701170217031704170517061707170817091710171117121713171417151716171717181719172017211722172317241725172617271728172917301731173217331734173517361737173817391740174117421743174417451746174717481749175017511752175317541755175617571758175917601761176217631764176517661767176817691770177117721773177417751776177717781779178017811782178317841785178617871788178917901791179217931794179517961797179817991800180118021803180418051806180718081809181018111812181318141815181618171818181918201821182218231824182518261827182818291830183118321833183418351836183718381839184018411842184318441845184618471848184918501851185218531854185518561857185818591860186118621863186418651866186718681869187018711872187318741875187618771878187918801881188218831884188518861887188818891890189118921893189418951896189718981899 |
- <?php
- /**
- * @copyright 2013 Thomas Tanghus (thomas@tanghus.net)
- * @copyright 2016 Lukas Reschke lukas@owncloud.com
- *
- * This file is licensed under the Affero General Public License version 3 or
- * later.
- * See the COPYING-README file.
- */
- namespace Test\AppFramework\Http;
- use OC\AppFramework\Http\Request;
- use OC\Security\CSRF\CsrfToken;
- use OC\Security\CSRF\CsrfTokenManager;
- use OCP\Security\ISecureRandom;
- use OCP\IConfig;
- /**
- * Class RequestTest
- *
- * @package OC\AppFramework\Http
- */
- class RequestTest extends \Test\TestCase {
- /** @var string */
- protected $stream = 'fakeinput://data';
- /** @var ISecureRandom */
- protected $secureRandom;
- /** @var IConfig */
- protected $config;
- /** @var CsrfTokenManager */
- protected $csrfTokenManager;
- protected function setUp() {
- parent::setUp();
- if (in_array('fakeinput', stream_get_wrappers())) {
- stream_wrapper_unregister('fakeinput');
- }
- stream_wrapper_register('fakeinput', 'Test\AppFramework\Http\RequestStream');
- $this->secureRandom = $this->getMockBuilder('\OCP\Security\ISecureRandom')->getMock();
- $this->config = $this->getMockBuilder(IConfig::class)->getMock();
- $this->csrfTokenManager = $this->getMockBuilder('\OC\Security\CSRF\CsrfTokenManager')
- ->disableOriginalConstructor()->getMock();
- }
- protected function tearDown() {
- stream_wrapper_unregister('fakeinput');
- parent::tearDown();
- }
- public function testRequestAccessors() {
- $vars = array(
- 'get' => array('name' => 'John Q. Public', 'nickname' => 'Joey'),
- 'method' => 'GET',
- );
- $request = new Request(
- $vars,
- $this->secureRandom,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- );
- // Countable
- $this->assertSame(2, count($request));
- // Array access
- $this->assertSame('Joey', $request['nickname']);
- // "Magic" accessors
- $this->assertSame('Joey', $request->{'nickname'});
- $this->assertTrue(isset($request['nickname']));
- $this->assertTrue(isset($request->{'nickname'}));
- $this->assertFalse(isset($request->{'flickname'}));
- // Only testing 'get', but same approach for post, files etc.
- $this->assertSame('Joey', $request->get['nickname']);
- // Always returns null if variable not set.
- $this->assertSame(null, $request->{'flickname'});
- }
- // urlParams has precedence over POST which has precedence over GET
- public function testPrecedence() {
- $vars = array(
- 'get' => array('name' => 'John Q. Public', 'nickname' => 'Joey'),
- 'post' => array('name' => 'Jane Doe', 'nickname' => 'Janey'),
- 'urlParams' => array('user' => 'jw', 'name' => 'Johnny Weissmüller'),
- 'method' => 'GET'
- );
- $request = new Request(
- $vars,
- $this->secureRandom,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- );
- $this->assertSame(3, count($request));
- $this->assertSame('Janey', $request->{'nickname'});
- $this->assertSame('Johnny Weissmüller', $request->{'name'});
- }
- /**
- * @expectedException \RuntimeException
- */
- public function testImmutableArrayAccess() {
- $vars = array(
- 'get' => array('name' => 'John Q. Public', 'nickname' => 'Joey'),
- 'method' => 'GET'
- );
- $request = new Request(
- $vars,
- $this->secureRandom,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- );
- $request['nickname'] = 'Janey';
- }
- /**
- * @expectedException \RuntimeException
- */
- public function testImmutableMagicAccess() {
- $vars = array(
- 'get' => array('name' => 'John Q. Public', 'nickname' => 'Joey'),
- 'method' => 'GET'
- );
- $request = new Request(
- $vars,
- $this->secureRandom,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- );
- $request->{'nickname'} = 'Janey';
- }
- /**
- * @expectedException \LogicException
- */
- public function testGetTheMethodRight() {
- $vars = array(
- 'get' => array('name' => 'John Q. Public', 'nickname' => 'Joey'),
- 'method' => 'GET',
- );
- $request = new Request(
- $vars,
- $this->secureRandom,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- );
- $request->post;
- }
- public function testTheMethodIsRight() {
- $vars = array(
- 'get' => array('name' => 'John Q. Public', 'nickname' => 'Joey'),
- 'method' => 'GET',
- );
- $request = new Request(
- $vars,
- $this->secureRandom,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- );
- $this->assertSame('GET', $request->method);
- $result = $request->get;
- $this->assertSame('John Q. Public', $result['name']);
- $this->assertSame('Joey', $result['nickname']);
- }
- public function testJsonPost() {
- global $data;
- $data = '{"name": "John Q. Public", "nickname": "Joey"}';
- $vars = array(
- 'method' => 'POST',
- 'server' => array('CONTENT_TYPE' => 'application/json; utf-8')
- );
- $request = new Request(
- $vars,
- $this->secureRandom,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- );
- $this->assertSame('POST', $request->method);
- $result = $request->post;
- $this->assertSame('John Q. Public', $result['name']);
- $this->assertSame('Joey', $result['nickname']);
- $this->assertSame('Joey', $request->params['nickname']);
- $this->assertSame('Joey', $request['nickname']);
- }
- public function testNotJsonPost() {
- global $data;
- $data = 'this is not valid json';
- $vars = array(
- 'method' => 'POST',
- 'server' => array('CONTENT_TYPE' => 'application/json; utf-8')
- );
- $request = new Request(
- $vars,
- $this->secureRandom,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- );
- $this->assertEquals('POST', $request->method);
- $result = $request->post;
- // ensure there's no error attempting to decode the content
- }
- public function testPatch() {
- global $data;
- $data = http_build_query(array('name' => 'John Q. Public', 'nickname' => 'Joey'), '', '&');
- $vars = array(
- 'method' => 'PATCH',
- 'server' => array('CONTENT_TYPE' => 'application/x-www-form-urlencoded'),
- );
- $request = new Request(
- $vars,
- $this->secureRandom,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- );
- $this->assertSame('PATCH', $request->method);
- $result = $request->patch;
- $this->assertSame('John Q. Public', $result['name']);
- $this->assertSame('Joey', $result['nickname']);
- }
- public function testJsonPatchAndPut() {
- global $data;
- // PUT content
- $data = '{"name": "John Q. Public", "nickname": "Joey"}';
- $vars = array(
- 'method' => 'PUT',
- 'server' => array('CONTENT_TYPE' => 'application/json; utf-8'),
- );
- $request = new Request(
- $vars,
- $this->secureRandom,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- );
- $this->assertSame('PUT', $request->method);
- $result = $request->put;
- $this->assertSame('John Q. Public', $result['name']);
- $this->assertSame('Joey', $result['nickname']);
- // PATCH content
- $data = '{"name": "John Q. Public", "nickname": null}';
- $vars = array(
- 'method' => 'PATCH',
- 'server' => array('CONTENT_TYPE' => 'application/json; utf-8'),
- );
- $request = new Request(
- $vars,
- $this->secureRandom,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- );
- $this->assertSame('PATCH', $request->method);
- $result = $request->patch;
- $this->assertSame('John Q. Public', $result['name']);
- $this->assertSame(null, $result['nickname']);
- }
- public function testPutStream() {
- global $data;
- $data = file_get_contents(__DIR__ . '/../../../data/testimage.png');
- $vars = array(
- 'put' => $data,
- 'method' => 'PUT',
- 'server' => [
- 'CONTENT_TYPE' => 'image/png',
- 'CONTENT_LENGTH' => (string)strlen($data)
- ],
- );
- $request = new Request(
- $vars,
- $this->secureRandom,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- );
- $this->assertSame('PUT', $request->method);
- $resource = $request->put;
- $contents = stream_get_contents($resource);
- $this->assertSame($data, $contents);
- try {
- $resource = $request->put;
- } catch(\LogicException $e) {
- return;
- }
- $this->fail('Expected LogicException.');
- }
- public function testSetUrlParameters() {
- $vars = array(
- 'post' => array(),
- 'method' => 'POST',
- 'urlParams' => array('id' => '2'),
- );
- $request = new Request(
- $vars,
- $this->secureRandom,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- );
- $newParams = array('id' => '3', 'test' => 'test2');
- $request->setUrlParameters($newParams);
- $this->assertSame('test2', $request->getParam('test'));
- $this->assertEquals('3', $request->getParam('id'));
- $this->assertEquals('3', $request->getParams()['id']);
- }
- public function testGetIdWithModUnique() {
- $vars = [
- 'server' => [
- 'UNIQUE_ID' => 'GeneratedUniqueIdByModUnique'
- ],
- ];
- $request = new Request(
- $vars,
- $this->secureRandom,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- );
- $this->assertSame('GeneratedUniqueIdByModUnique', $request->getId());
- }
- public function testGetIdWithoutModUnique() {
- $this->secureRandom->expects($this->once())
- ->method('generate')
- ->with('20')
- ->will($this->returnValue('GeneratedByOwnCloudItself'));
- $request = new Request(
- [],
- $this->secureRandom,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- );
- $this->assertSame('GeneratedByOwnCloudItself', $request->getId());
- }
- public function testGetIdWithoutModUniqueStable() {
- $request = new Request(
- [],
- \OC::$server->getSecureRandom(),
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- );
- $firstId = $request->getId();
- $secondId = $request->getId();
- $this->assertSame($firstId, $secondId);
- }
- public function testGetRemoteAddressWithoutTrustedRemote() {
- $this->config
- ->expects($this->once())
- ->method('getSystemValue')
- ->with('trusted_proxies')
- ->will($this->returnValue([]));
- $request = new Request(
- [
- 'server' => [
- 'REMOTE_ADDR' => '10.0.0.2',
- 'HTTP_X_FORWARDED' => '10.4.0.5, 10.4.0.4',
- 'HTTP_X_FORWARDED_FOR' => '192.168.0.233'
- ],
- ],
- $this->secureRandom,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- );
- $this->assertSame('10.0.0.2', $request->getRemoteAddress());
- }
- public function testGetRemoteAddressWithNoTrustedHeader() {
- $this->config
- ->expects($this->at(0))
- ->method('getSystemValue')
- ->with('trusted_proxies')
- ->will($this->returnValue(['10.0.0.2']));
- $this->config
- ->expects($this->at(1))
- ->method('getSystemValue')
- ->with('forwarded_for_headers')
- ->will($this->returnValue([]));
- $request = new Request(
- [
- 'server' => [
- 'REMOTE_ADDR' => '10.0.0.2',
- 'HTTP_X_FORWARDED' => '10.4.0.5, 10.4.0.4',
- 'HTTP_X_FORWARDED_FOR' => '192.168.0.233'
- ],
- ],
- $this->secureRandom,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- );
- $this->assertSame('10.0.0.2', $request->getRemoteAddress());
- }
- public function testGetRemoteAddressWithSingleTrustedRemote() {
- $this->config
- ->expects($this->at(0))
- ->method('getSystemValue')
- ->with('trusted_proxies')
- ->will($this->returnValue(['10.0.0.2']));
- $this->config
- ->expects($this->at(1))
- ->method('getSystemValue')
- ->with('forwarded_for_headers')
- ->will($this->returnValue(['HTTP_X_FORWARDED']));
- $request = new Request(
- [
- 'server' => [
- 'REMOTE_ADDR' => '10.0.0.2',
- 'HTTP_X_FORWARDED' => '10.4.0.5, 10.4.0.4',
- 'HTTP_X_FORWARDED_FOR' => '192.168.0.233'
- ],
- ],
- $this->secureRandom,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- );
- $this->assertSame('10.4.0.5', $request->getRemoteAddress());
- }
- public function testGetRemoteAddressVerifyPriorityHeader() {
- $this->config
- ->expects($this->at(0))
- ->method('getSystemValue')
- ->with('trusted_proxies')
- ->will($this->returnValue(['10.0.0.2']));
- $this->config
- ->expects($this->at(1))
- ->method('getSystemValue')
- ->with('forwarded_for_headers')
- ->will($this->returnValue([
- 'HTTP_CLIENT_IP',
- 'HTTP_X_FORWARDED_FOR',
- 'HTTP_X_FORWARDED'
- ]));
- $request = new Request(
- [
- 'server' => [
- 'REMOTE_ADDR' => '10.0.0.2',
- 'HTTP_X_FORWARDED' => '10.4.0.5, 10.4.0.4',
- 'HTTP_X_FORWARDED_FOR' => '192.168.0.233'
- ],
- ],
- $this->secureRandom,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- );
- $this->assertSame('192.168.0.233', $request->getRemoteAddress());
- }
- /**
- * @return array
- */
- public function httpProtocolProvider() {
- return [
- // Valid HTTP 1.0
- ['HTTP/1.0', 'HTTP/1.0'],
- ['http/1.0', 'HTTP/1.0'],
- ['HTTp/1.0', 'HTTP/1.0'],
- // Valid HTTP 1.1
- ['HTTP/1.1', 'HTTP/1.1'],
- ['http/1.1', 'HTTP/1.1'],
- ['HTTp/1.1', 'HTTP/1.1'],
- // Valid HTTP 2.0
- ['HTTP/2', 'HTTP/2'],
- ['http/2', 'HTTP/2'],
- ['HTTp/2', 'HTTP/2'],
- // Invalid
- ['HTTp/394', 'HTTP/1.1'],
- ['InvalidProvider/1.1', 'HTTP/1.1'],
- [null, 'HTTP/1.1'],
- ['', 'HTTP/1.1'],
- ];
- }
- /**
- * @dataProvider httpProtocolProvider
- *
- * @param mixed $input
- * @param string $expected
- */
- public function testGetHttpProtocol($input, $expected) {
- $request = new Request(
- [
- 'server' => [
- 'SERVER_PROTOCOL' => $input,
- ],
- ],
- $this->secureRandom,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- );
- $this->assertSame($expected, $request->getHttpProtocol());
- }
- public function testGetServerProtocolWithOverride() {
- $this->config
- ->expects($this->at(0))
- ->method('getSystemValue')
- ->with('overwriteprotocol')
- ->will($this->returnValue('customProtocol'));
- $this->config
- ->expects($this->at(1))
- ->method('getSystemValue')
- ->with('overwritecondaddr')
- ->will($this->returnValue(''));
- $this->config
- ->expects($this->at(2))
- ->method('getSystemValue')
- ->with('overwriteprotocol')
- ->will($this->returnValue('customProtocol'));
- $request = new Request(
- [],
- $this->secureRandom,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- );
- $this->assertSame('customProtocol', $request->getServerProtocol());
- }
- public function testGetServerProtocolWithProtoValid() {
- $this->config
- ->expects($this->exactly(2))
- ->method('getSystemValue')
- ->with('overwriteprotocol')
- ->will($this->returnValue(''));
- $requestHttps = new Request(
- [
- 'server' => [
- 'HTTP_X_FORWARDED_PROTO' => 'HtTpS'
- ],
- ],
- $this->secureRandom,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- );
- $requestHttp = new Request(
- [
- 'server' => [
- 'HTTP_X_FORWARDED_PROTO' => 'HTTp'
- ],
- ],
- $this->secureRandom,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- );
- $this->assertSame('https', $requestHttps->getServerProtocol());
- $this->assertSame('http', $requestHttp->getServerProtocol());
- }
- public function testGetServerProtocolWithHttpsServerValueOn() {
- $this->config
- ->expects($this->once())
- ->method('getSystemValue')
- ->with('overwriteprotocol')
- ->will($this->returnValue(''));
- $request = new Request(
- [
- 'server' => [
- 'HTTPS' => 'on'
- ],
- ],
- $this->secureRandom,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- );
- $this->assertSame('https', $request->getServerProtocol());
- }
- public function testGetServerProtocolWithHttpsServerValueOff() {
- $this->config
- ->expects($this->once())
- ->method('getSystemValue')
- ->with('overwriteprotocol')
- ->will($this->returnValue(''));
- $request = new Request(
- [
- 'server' => [
- 'HTTPS' => 'off'
- ],
- ],
- $this->secureRandom,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- );
- $this->assertSame('http', $request->getServerProtocol());
- }
- public function testGetServerProtocolWithHttpsServerValueEmpty() {
- $this->config
- ->expects($this->once())
- ->method('getSystemValue')
- ->with('overwriteprotocol')
- ->will($this->returnValue(''));
- $request = new Request(
- [
- 'server' => [
- 'HTTPS' => ''
- ],
- ],
- $this->secureRandom,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- );
- $this->assertSame('http', $request->getServerProtocol());
- }
- public function testGetServerProtocolDefault() {
- $this->config
- ->expects($this->once())
- ->method('getSystemValue')
- ->with('overwriteprotocol')
- ->will($this->returnValue(''));
- $request = new Request(
- [],
- $this->secureRandom,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- );
- $this->assertSame('http', $request->getServerProtocol());
- }
- public function testGetServerProtocolBehindLoadBalancers() {
- $this->config
- ->expects($this->once())
- ->method('getSystemValue')
- ->with('overwriteprotocol')
- ->will($this->returnValue(''));
- $request = new Request(
- [
- 'server' => [
- 'HTTP_X_FORWARDED_PROTO' => 'https,http,http'
- ],
- ],
- $this->secureRandom,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- );
- $this->assertSame('https', $request->getServerProtocol());
- }
- /**
- * @dataProvider userAgentProvider
- * @param string $testAgent
- * @param array $userAgent
- * @param bool $matches
- */
- public function testUserAgent($testAgent, $userAgent, $matches) {
- $request = new Request(
- [
- 'server' => [
- 'HTTP_USER_AGENT' => $testAgent,
- ]
- ],
- $this->secureRandom,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- );
- $this->assertSame($matches, $request->isUserAgent($userAgent));
- }
- /**
- * @dataProvider userAgentProvider
- * @param string $testAgent
- * @param array $userAgent
- * @param bool $matches
- */
- public function testUndefinedUserAgent($testAgent, $userAgent, $matches) {
- $request = new Request(
- [],
- $this->secureRandom,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- );
- $this->assertFalse($request->isUserAgent($userAgent));
- }
- /**
- * @return array
- */
- function userAgentProvider() {
- return [
- [
- 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)',
- [
- Request::USER_AGENT_IE
- ],
- true,
- ],
- [
- 'Mozilla/5.0 (X11; Linux i686; rv:24.0) Gecko/20100101 Firefox/24.0',
- [
- Request::USER_AGENT_IE
- ],
- false,
- ],
- [
- 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36',
- [
- Request::USER_AGENT_CHROME
- ],
- true,
- ],
- [
- 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/53.0.2785.143 Chrome/53.0.2785.143 Safari/537.36',
- [
- Request::USER_AGENT_CHROME
- ],
- true,
- ],
- [
- 'Mozilla/5.0 (Linux; Android 4.4; Nexus 4 Build/KRT16S) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.59 Mobile Safari/537.36',
- [
- Request::USER_AGENT_ANDROID_MOBILE_CHROME
- ],
- true,
- ],
- [
- 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)',
- [
- Request::USER_AGENT_ANDROID_MOBILE_CHROME
- ],
- false,
- ],
- [
- 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)',
- [
- Request::USER_AGENT_IE,
- Request::USER_AGENT_ANDROID_MOBILE_CHROME,
- ],
- true,
- ],
- [
- 'Mozilla/5.0 (Linux; Android 4.4; Nexus 4 Build/KRT16S) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.59 Mobile Safari/537.36',
- [
- Request::USER_AGENT_IE,
- Request::USER_AGENT_ANDROID_MOBILE_CHROME,
- ],
- true,
- ],
- [
- 'Mozilla/5.0 (X11; Linux i686; rv:24.0) Gecko/20100101 Firefox/24.0',
- [
- Request::USER_AGENT_FREEBOX
- ],
- false,
- ],
- [
- 'Mozilla/5.0',
- [
- Request::USER_AGENT_FREEBOX
- ],
- true,
- ],
- [
- 'Fake Mozilla/5.0',
- [
- Request::USER_AGENT_FREEBOX
- ],
- false,
- ],
- [
- 'Mozilla/5.0 (Android) ownCloud-android/2.0.0',
- [
- Request::USER_AGENT_CLIENT_ANDROID
- ],
- true,
- ],
- [
- 'Mozilla/5.0 (Android) Nextcloud-android/2.0.0',
- [
- Request::USER_AGENT_CLIENT_ANDROID
- ],
- true,
- ],
- ];
- }
- public function testInsecureServerHostServerNameHeader() {
- $request = new Request(
- [
- 'server' => [
- 'SERVER_NAME' => 'from.server.name:8080',
- ]
- ],
- $this->secureRandom,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- );
- $this->assertSame('from.server.name:8080', $request->getInsecureServerHost());
- }
- public function testInsecureServerHostHttpHostHeader() {
- $request = new Request(
- [
- 'server' => [
- 'SERVER_NAME' => 'from.server.name:8080',
- 'HTTP_HOST' => 'from.host.header:8080',
- ]
- ],
- $this->secureRandom,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- );
- $this->assertSame('from.host.header:8080', $request->getInsecureServerHost());
- }
- public function testInsecureServerHostHttpFromForwardedHeaderSingle() {
- $request = new Request(
- [
- 'server' => [
- 'SERVER_NAME' => 'from.server.name:8080',
- 'HTTP_HOST' => 'from.host.header:8080',
- 'HTTP_X_FORWARDED_HOST' => 'from.forwarded.host:8080',
- ]
- ],
- $this->secureRandom,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- );
- $this->assertSame('from.forwarded.host:8080', $request->getInsecureServerHost());
- }
- public function testInsecureServerHostHttpFromForwardedHeaderStacked() {
- $request = new Request(
- [
- 'server' => [
- 'SERVER_NAME' => 'from.server.name:8080',
- 'HTTP_HOST' => 'from.host.header:8080',
- 'HTTP_X_FORWARDED_HOST' => 'from.forwarded.host2:8080,another.one:9000',
- ]
- ],
- $this->secureRandom,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- );
- $this->assertSame('from.forwarded.host2:8080', $request->getInsecureServerHost());
- }
- public function testGetServerHostWithOverwriteHost() {
- $this->config
- ->expects($this->at(0))
- ->method('getSystemValue')
- ->with('overwritehost')
- ->will($this->returnValue('my.overwritten.host'));
- $this->config
- ->expects($this->at(1))
- ->method('getSystemValue')
- ->with('overwritecondaddr')
- ->will($this->returnValue(''));
- $this->config
- ->expects($this->at(2))
- ->method('getSystemValue')
- ->with('overwritehost')
- ->will($this->returnValue('my.overwritten.host'));
- $request = new Request(
- [],
- $this->secureRandom,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- );
- $this->assertSame('my.overwritten.host', $request->getServerHost());
- }
- public function testGetServerHostWithTrustedDomain() {
- $this->config
- ->expects($this->at(3))
- ->method('getSystemValue')
- ->with('trusted_domains')
- ->will($this->returnValue(['my.trusted.host']));
- $request = new Request(
- [
- 'server' => [
- 'HTTP_X_FORWARDED_HOST' => 'my.trusted.host',
- ],
- ],
- $this->secureRandom,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- );
- $this->assertSame('my.trusted.host', $request->getServerHost());
- }
- public function testGetServerHostWithUntrustedDomain() {
- $this->config
- ->expects($this->at(3))
- ->method('getSystemValue')
- ->with('trusted_domains')
- ->will($this->returnValue(['my.trusted.host']));
- $this->config
- ->expects($this->at(4))
- ->method('getSystemValue')
- ->with('trusted_domains')
- ->will($this->returnValue(['my.trusted.host']));
- $request = new Request(
- [
- 'server' => [
- 'HTTP_X_FORWARDED_HOST' => 'my.untrusted.host',
- ],
- ],
- $this->secureRandom,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- );
- $this->assertSame('my.trusted.host', $request->getServerHost());
- }
- public function testGetServerHostWithNoTrustedDomain() {
- $this->config
- ->expects($this->at(3))
- ->method('getSystemValue')
- ->with('trusted_domains')
- ->will($this->returnValue([]));
- $this->config
- ->expects($this->at(4))
- ->method('getSystemValue')
- ->with('trusted_domains')
- ->will($this->returnValue([]));
- $request = new Request(
- [
- 'server' => [
- 'HTTP_X_FORWARDED_HOST' => 'my.untrusted.host',
- ],
- ],
- $this->secureRandom,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- );
- $this->assertSame('', $request->getServerHost());
- }
- public function testGetOverwriteHostDefaultNull() {
- $this->config
- ->expects($this->once())
- ->method('getSystemValue')
- ->with('overwritehost')
- ->will($this->returnValue(''));
- $request = new Request(
- [],
- $this->secureRandom,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- );
- $this->assertNull(self::invokePrivate($request, 'getOverwriteHost'));
- }
- public function testGetOverwriteHostWithOverwrite() {
- $this->config
- ->expects($this->at(0))
- ->method('getSystemValue')
- ->with('overwritehost')
- ->will($this->returnValue('www.owncloud.org'));
- $this->config
- ->expects($this->at(1))
- ->method('getSystemValue')
- ->with('overwritecondaddr')
- ->will($this->returnValue(''));
- $this->config
- ->expects($this->at(2))
- ->method('getSystemValue')
- ->with('overwritehost')
- ->will($this->returnValue('www.owncloud.org'));
- $request = new Request(
- [],
- $this->secureRandom,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- );
- $this->assertSame('www.owncloud.org', self::invokePrivate($request, 'getOverwriteHost'));
- }
- /**
- * @expectedException \Exception
- * @expectedExceptionMessage The requested uri(/foo.php) cannot be processed by the script '/var/www/index.php')
- */
- public function testGetPathInfoNotProcessible() {
- $request = new Request(
- [
- 'server' => [
- 'REQUEST_URI' => '/foo.php',
- 'SCRIPT_NAME' => '/var/www/index.php',
- ]
- ],
- $this->secureRandom,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- );
- $request->getPathInfo();
- }
- /**
- * @expectedException \Exception
- * @expectedExceptionMessage The requested uri(/foo.php) cannot be processed by the script '/var/www/index.php')
- */
- public function testGetRawPathInfoNotProcessible() {
- $request = new Request(
- [
- 'server' => [
- 'REQUEST_URI' => '/foo.php',
- 'SCRIPT_NAME' => '/var/www/index.php',
- ]
- ],
- $this->secureRandom,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- );
- $request->getRawPathInfo();
- }
- /**
- * @dataProvider genericPathInfoProvider
- * @param string $requestUri
- * @param string $scriptName
- * @param string $expected
- */
- public function testGetPathInfoWithoutSetEnvGeneric($requestUri, $scriptName, $expected) {
- $request = new Request(
- [
- 'server' => [
- 'REQUEST_URI' => $requestUri,
- 'SCRIPT_NAME' => $scriptName,
- ]
- ],
- $this->secureRandom,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- );
- $this->assertSame($expected, $request->getPathInfo());
- }
- /**
- * @dataProvider genericPathInfoProvider
- * @param string $requestUri
- * @param string $scriptName
- * @param string $expected
- */
- public function testGetRawPathInfoWithoutSetEnvGeneric($requestUri, $scriptName, $expected) {
- $request = new Request(
- [
- 'server' => [
- 'REQUEST_URI' => $requestUri,
- 'SCRIPT_NAME' => $scriptName,
- ]
- ],
- $this->secureRandom,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- );
- $this->assertSame($expected, $request->getRawPathInfo());
- }
- /**
- * @dataProvider rawPathInfoProvider
- * @param string $requestUri
- * @param string $scriptName
- * @param string $expected
- */
- public function testGetRawPathInfoWithoutSetEnv($requestUri, $scriptName, $expected) {
- $request = new Request(
- [
- 'server' => [
- 'REQUEST_URI' => $requestUri,
- 'SCRIPT_NAME' => $scriptName,
- ]
- ],
- $this->secureRandom,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- );
- $this->assertSame($expected, $request->getRawPathInfo());
- }
- /**
- * @dataProvider pathInfoProvider
- * @param string $requestUri
- * @param string $scriptName
- * @param string $expected
- */
- public function testGetPathInfoWithoutSetEnv($requestUri, $scriptName, $expected) {
- $request = new Request(
- [
- 'server' => [
- 'REQUEST_URI' => $requestUri,
- 'SCRIPT_NAME' => $scriptName,
- ]
- ],
- $this->secureRandom,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- );
- $this->assertSame($expected, $request->getPathInfo());
- }
- /**
- * @return array
- */
- public function genericPathInfoProvider() {
- return [
- ['/core/index.php?XDEBUG_SESSION_START=14600', '/core/index.php', ''],
- ['/index.php/apps/files/', 'index.php', '/apps/files/'],
- ['/index.php/apps/files/../&/&?someQueryParameter=QueryParam', 'index.php', '/apps/files/../&/&'],
- ['/remote.php/漢字編碼方法 / 汉字编码方法', 'remote.php', '/漢字編碼方法 / 汉字编码方法'],
- ['///removeTrailin//gSlashes///', 'remote.php', '/removeTrailin/gSlashes/'],
- ['/', '/', ''],
- ['', '', ''],
- ];
- }
- /**
- * @return array
- */
- public function rawPathInfoProvider() {
- return [
- ['/foo%2Fbar/subfolder', '', 'foo%2Fbar/subfolder'],
- ];
- }
- /**
- * @return array
- */
- public function pathInfoProvider() {
- return [
- ['/foo%2Fbar/subfolder', '', 'foo/bar/subfolder'],
- ];
- }
- public function testGetRequestUriWithoutOverwrite() {
- $this->config
- ->expects($this->once())
- ->method('getSystemValue')
- ->with('overwritewebroot')
- ->will($this->returnValue(''));
- $request = new Request(
- [
- 'server' => [
- 'REQUEST_URI' => '/test.php'
- ]
- ],
- $this->secureRandom,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- );
- $this->assertSame('/test.php', $request->getRequestUri());
- }
- public function providesGetRequestUriWithOverwriteData() {
- return [
- ['/scriptname.php/some/PathInfo', '/owncloud/', ''],
- ['/scriptname.php/some/PathInfo', '/owncloud/', '123'],
- ];
- }
- /**
- * @dataProvider providesGetRequestUriWithOverwriteData
- */
- public function testGetRequestUriWithOverwrite($expectedUri, $overwriteWebRoot, $overwriteCondAddr) {
- $this->config
- ->expects($this->at(0))
- ->method('getSystemValue')
- ->with('overwritewebroot')
- ->will($this->returnValue($overwriteWebRoot));
- $this->config
- ->expects($this->at(1))
- ->method('getSystemValue')
- ->with('overwritecondaddr')
- ->will($this->returnValue($overwriteCondAddr));
- $request = $this->getMockBuilder('\OC\AppFramework\Http\Request')
- ->setMethods(['getScriptName'])
- ->setConstructorArgs([
- [
- 'server' => [
- 'REQUEST_URI' => '/test.php/some/PathInfo',
- 'SCRIPT_NAME' => '/test.php',
- ]
- ],
- $this->secureRandom,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- ])
- ->getMock();
- $request
- ->expects($this->once())
- ->method('getScriptName')
- ->will($this->returnValue('/scriptname.php'));
- $this->assertSame($expectedUri, $request->getRequestUri());
- }
- public function testPassesCSRFCheckWithGet() {
- /** @var Request $request */
- $request = $this->getMockBuilder('\OC\AppFramework\Http\Request')
- ->setMethods(['getScriptName'])
- ->setConstructorArgs([
- [
- 'get' => [
- 'requesttoken' => 'AAAHGxsTCTc3BgMQESAcNR0OAR0=:MyTotalSecretShareds',
- ],
- 'cookies' => [
- 'nc_sameSiteCookiestrict' => 'true',
- 'nc_sameSiteCookielax' => 'true',
- ],
- ],
- $this->secureRandom,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- ])
- ->getMock();
- $token = new CsrfToken('AAAHGxsTCTc3BgMQESAcNR0OAR0=:MyTotalSecretShareds');
- $this->csrfTokenManager
- ->expects($this->once())
- ->method('isTokenValid')
- ->with($token)
- ->willReturn(true);
- $this->assertTrue($request->passesCSRFCheck());
- }
- public function testPassesCSRFCheckWithPost() {
- /** @var Request $request */
- $request = $this->getMockBuilder('\OC\AppFramework\Http\Request')
- ->setMethods(['getScriptName'])
- ->setConstructorArgs([
- [
- 'post' => [
- 'requesttoken' => 'AAAHGxsTCTc3BgMQESAcNR0OAR0=:MyTotalSecretShareds',
- ],
- 'cookies' => [
- 'nc_sameSiteCookiestrict' => 'true',
- 'nc_sameSiteCookielax' => 'true',
- ],
- ],
- $this->secureRandom,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- ])
- ->getMock();
- $token = new CsrfToken('AAAHGxsTCTc3BgMQESAcNR0OAR0=:MyTotalSecretShareds');
- $this->csrfTokenManager
- ->expects($this->once())
- ->method('isTokenValid')
- ->with($token)
- ->willReturn(true);
- $this->assertTrue($request->passesCSRFCheck());
- }
- public function testPassesCSRFCheckWithHeader() {
- /** @var Request $request */
- $request = $this->getMockBuilder('\OC\AppFramework\Http\Request')
- ->setMethods(['getScriptName'])
- ->setConstructorArgs([
- [
- 'server' => [
- 'HTTP_REQUESTTOKEN' => 'AAAHGxsTCTc3BgMQESAcNR0OAR0=:MyTotalSecretShareds',
- ],
- 'cookies' => [
- 'nc_sameSiteCookiestrict' => 'true',
- 'nc_sameSiteCookielax' => 'true',
- ],
- ],
- $this->secureRandom,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- ])
- ->getMock();
- $token = new CsrfToken('AAAHGxsTCTc3BgMQESAcNR0OAR0=:MyTotalSecretShareds');
- $this->csrfTokenManager
- ->expects($this->once())
- ->method('isTokenValid')
- ->with($token)
- ->willReturn(true);
- $this->assertTrue($request->passesCSRFCheck());
- }
- public function testPassesCSRFCheckWithGetAndWithoutCookies() {
- /** @var Request $request */
- $request = $this->getMockBuilder('\OC\AppFramework\Http\Request')
- ->setMethods(['getScriptName'])
- ->setConstructorArgs([
- [
- 'get' => [
- 'requesttoken' => 'AAAHGxsTCTc3BgMQESAcNR0OAR0=:MyTotalSecretShareds',
- ],
- ],
- $this->secureRandom,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- ])
- ->getMock();
- $this->csrfTokenManager
- ->expects($this->once())
- ->method('isTokenValid')
- ->willReturn(true);
- $this->assertTrue($request->passesCSRFCheck());
- }
- public function testPassesCSRFCheckWithPostAndWithoutCookies() {
- /** @var Request $request */
- $request = $this->getMockBuilder('\OC\AppFramework\Http\Request')
- ->setMethods(['getScriptName'])
- ->setConstructorArgs([
- [
- 'post' => [
- 'requesttoken' => 'AAAHGxsTCTc3BgMQESAcNR0OAR0=:MyTotalSecretShareds',
- ],
- ],
- $this->secureRandom,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- ])
- ->getMock();
- $this->csrfTokenManager
- ->expects($this->once())
- ->method('isTokenValid')
- ->willReturn(true);
- $this->assertTrue($request->passesCSRFCheck());
- }
- public function testPassesCSRFCheckWithHeaderAndWithoutCookies() {
- /** @var Request $request */
- $request = $this->getMockBuilder('\OC\AppFramework\Http\Request')
- ->setMethods(['getScriptName'])
- ->setConstructorArgs([
- [
- 'server' => [
- 'HTTP_REQUESTTOKEN' => 'AAAHGxsTCTc3BgMQESAcNR0OAR0=:MyTotalSecretShareds',
- ],
- ],
- $this->secureRandom,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- ])
- ->getMock();
- $this->csrfTokenManager
- ->expects($this->once())
- ->method('isTokenValid')
- ->willReturn(true);
- $this->assertTrue($request->passesCSRFCheck());
- }
- public function testFailsCSRFCheckWithHeaderAndNotAllChecksPassing() {
- /** @var Request $request */
- $request = $this->getMockBuilder('\OC\AppFramework\Http\Request')
- ->setMethods(['getScriptName'])
- ->setConstructorArgs([
- [
- 'server' => [
- 'HTTP_REQUESTTOKEN' => 'AAAHGxsTCTc3BgMQESAcNR0OAR0=:MyTotalSecretShareds',
- ],
- 'cookies' => [
- session_name() => 'asdf',
- 'nc_sameSiteCookiestrict' => 'true',
- ],
- ],
- $this->secureRandom,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- ])
- ->getMock();
- $this->csrfTokenManager
- ->expects($this->never())
- ->method('isTokenValid');
- $this->assertFalse($request->passesCSRFCheck());
- }
- public function testPassesStrictCookieCheckWithAllCookiesAndStrict() {
- /** @var Request $request */
- $request = $this->getMockBuilder('\OC\AppFramework\Http\Request')
- ->setMethods(['getScriptName', 'getCookieParams'])
- ->setConstructorArgs([
- [
- 'server' => [
- 'HTTP_REQUESTTOKEN' => 'AAAHGxsTCTc3BgMQESAcNR0OAR0=:MyTotalSecretShareds',
- ],
- 'cookies' => [
- session_name() => 'asdf',
- '__Host-nc_sameSiteCookiestrict' => 'true',
- '__Host-nc_sameSiteCookielax' => 'true',
- ],
- ],
- $this->secureRandom,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- ])
- ->getMock();
- $request
- ->expects($this->any())
- ->method('getCookieParams')
- ->willReturn([
- 'secure' => true,
- 'path' => '/',
- ]);
- $this->assertTrue($request->passesStrictCookieCheck());
- }
- public function testFailsStrictCookieCheckWithAllCookiesAndMissingStrict() {
- /** @var Request $request */
- $request = $this->getMockBuilder('\OC\AppFramework\Http\Request')
- ->setMethods(['getScriptName', 'getCookieParams'])
- ->setConstructorArgs([
- [
- 'server' => [
- 'HTTP_REQUESTTOKEN' => 'AAAHGxsTCTc3BgMQESAcNR0OAR0=:MyTotalSecretShareds',
- ],
- 'cookies' => [
- session_name() => 'asdf',
- 'nc_sameSiteCookiestrict' => 'true',
- 'nc_sameSiteCookielax' => 'true',
- ],
- ],
- $this->secureRandom,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- ])
- ->getMock();
- $request
- ->expects($this->any())
- ->method('getCookieParams')
- ->willReturn([
- 'secure' => true,
- 'path' => '/',
- ]);
- $this->assertFalse($request->passesStrictCookieCheck());
- }
- public function testGetCookieParams() {
- /** @var Request $request */
- $request = $this->getMockBuilder(Request::class)
- ->setMethods(['getScriptName'])
- ->setConstructorArgs([
- [],
- $this->secureRandom,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- ])
- ->getMock();
- $actual = $request->getCookieParams();
- $this->assertSame(session_get_cookie_params(), $actual);
- }
- public function testPassesStrictCookieCheckWithAllCookies() {
- /** @var Request $request */
- $request = $this->getMockBuilder('\OC\AppFramework\Http\Request')
- ->setMethods(['getScriptName'])
- ->setConstructorArgs([
- [
- 'server' => [
- 'HTTP_REQUESTTOKEN' => 'AAAHGxsTCTc3BgMQESAcNR0OAR0=:MyTotalSecretShareds',
- ],
- 'cookies' => [
- session_name() => 'asdf',
- 'nc_sameSiteCookiestrict' => 'true',
- 'nc_sameSiteCookielax' => 'true',
- ],
- ],
- $this->secureRandom,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- ])
- ->getMock();
- $this->assertTrue($request->passesStrictCookieCheck());
- }
- public function testPassesStrictCookieCheckWithRandomCookies() {
- /** @var Request $request */
- $request = $this->getMockBuilder('\OC\AppFramework\Http\Request')
- ->setMethods(['getScriptName'])
- ->setConstructorArgs([
- [
- 'server' => [
- 'HTTP_REQUESTTOKEN' => 'AAAHGxsTCTc3BgMQESAcNR0OAR0=:MyTotalSecretShareds',
- ],
- 'cookies' => [
- 'RandomCookie' => 'asdf',
- ],
- ],
- $this->secureRandom,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- ])
- ->getMock();
- $this->assertTrue($request->passesStrictCookieCheck());
- }
- public function testFailsStrictCookieCheckWithSessionCookie() {
- /** @var Request $request */
- $request = $this->getMockBuilder('\OC\AppFramework\Http\Request')
- ->setMethods(['getScriptName'])
- ->setConstructorArgs([
- [
- 'server' => [
- 'HTTP_REQUESTTOKEN' => 'AAAHGxsTCTc3BgMQESAcNR0OAR0=:MyTotalSecretShareds',
- ],
- 'cookies' => [
- session_name() => 'asdf',
- ],
- ],
- $this->secureRandom,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- ])
- ->getMock();
- $this->assertFalse($request->passesStrictCookieCheck());
- }
- public function testFailsStrictCookieCheckWithRememberMeCookie() {
- /** @var Request $request */
- $request = $this->getMockBuilder('\OC\AppFramework\Http\Request')
- ->setMethods(['getScriptName'])
- ->setConstructorArgs([
- [
- 'server' => [
- 'HTTP_REQUESTTOKEN' => 'AAAHGxsTCTc3BgMQESAcNR0OAR0=:MyTotalSecretShareds',
- ],
- 'cookies' => [
- 'nc_token' => 'asdf',
- ],
- ],
- $this->secureRandom,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- ])
- ->getMock();
- $this->assertFalse($request->passesStrictCookieCheck());
- }
- public function testFailsCSRFCheckWithPostAndWithCookies() {
- /** @var Request $request */
- $request = $this->getMockBuilder('\OC\AppFramework\Http\Request')
- ->setMethods(['getScriptName'])
- ->setConstructorArgs([
- [
- 'post' => [
- 'requesttoken' => 'AAAHGxsTCTc3BgMQESAcNR0OAR0=:MyTotalSecretShareds',
- ],
- 'cookies' => [
- session_name() => 'asdf',
- 'foo' => 'bar',
- ],
- ],
- $this->secureRandom,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- ])
- ->getMock();
- $this->csrfTokenManager
- ->expects($this->never())
- ->method('isTokenValid');
- $this->assertFalse($request->passesCSRFCheck());
- }
- public function testFailStrictCookieCheckWithOnlyLaxCookie() {
- /** @var Request $request */
- $request = $this->getMockBuilder('\OC\AppFramework\Http\Request')
- ->setMethods(['getScriptName'])
- ->setConstructorArgs([
- [
- 'server' => [
- 'HTTP_REQUESTTOKEN' => 'AAAHGxsTCTc3BgMQESAcNR0OAR0=:MyTotalSecretShareds',
- ],
- 'cookies' => [
- session_name() => 'asdf',
- 'nc_sameSiteCookielax' => 'true',
- ],
- ],
- $this->secureRandom,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- ])
- ->getMock();
- $this->assertFalse($request->passesStrictCookieCheck());
- }
- public function testFailStrictCookieCheckWithOnlyStrictCookie() {
- /** @var Request $request */
- $request = $this->getMockBuilder('\OC\AppFramework\Http\Request')
- ->setMethods(['getScriptName'])
- ->setConstructorArgs([
- [
- 'server' => [
- 'HTTP_REQUESTTOKEN' => 'AAAHGxsTCTc3BgMQESAcNR0OAR0=:MyTotalSecretShareds',
- ],
- 'cookies' => [
- session_name() => 'asdf',
- 'nc_sameSiteCookiestrict' => 'true',
- ],
- ],
- $this->secureRandom,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- ])
- ->getMock();
- $this->assertFalse($request->passesStrictCookieCheck());
- }
- public function testPassesLaxCookieCheck() {
- /** @var Request $request */
- $request = $this->getMockBuilder('\OC\AppFramework\Http\Request')
- ->setMethods(['getScriptName'])
- ->setConstructorArgs([
- [
- 'server' => [
- 'HTTP_REQUESTTOKEN' => 'AAAHGxsTCTc3BgMQESAcNR0OAR0=:MyTotalSecretShareds',
- ],
- 'cookies' => [
- session_name() => 'asdf',
- 'nc_sameSiteCookielax' => 'true',
- ],
- ],
- $this->secureRandom,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- ])
- ->getMock();
- $this->assertTrue($request->passesLaxCookieCheck());
- }
- public function testFailsLaxCookieCheckWithOnlyStrictCookie() {
- /** @var Request $request */
- $request = $this->getMockBuilder('\OC\AppFramework\Http\Request')
- ->setMethods(['getScriptName'])
- ->setConstructorArgs([
- [
- 'server' => [
- 'HTTP_REQUESTTOKEN' => 'AAAHGxsTCTc3BgMQESAcNR0OAR0=:MyTotalSecretShareds',
- ],
- 'cookies' => [
- session_name() => 'asdf',
- 'nc_sameSiteCookiestrict' => 'true',
- ],
- ],
- $this->secureRandom,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- ])
- ->getMock();
- $this->assertFalse($request->passesLaxCookieCheck());
- }
- public function testSkipCookieCheckForOCSRequests() {
- /** @var Request $request */
- $request = $this->getMockBuilder('\OC\AppFramework\Http\Request')
- ->setMethods(['getScriptName'])
- ->setConstructorArgs([
- [
- 'server' => [
- 'HTTP_REQUESTTOKEN' => 'AAAHGxsTCTc3BgMQESAcNR0OAR0=:MyTotalSecretShareds',
- 'HTTP_OCS_APIREQUEST' => 'true',
- ],
- 'cookies' => [
- session_name() => 'asdf',
- 'nc_sameSiteCookiestrict' => 'false',
- ],
- ],
- $this->secureRandom,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- ])
- ->getMock();
- $this->assertTrue($request->passesStrictCookieCheck());
- }
- /**
- * @return array
- */
- public function invalidTokenDataProvider() {
- return [
- ['InvalidSentToken'],
- ['InvalidSentToken:InvalidSecret'],
- [''],
- ];
- }
- /**
- * @dataProvider invalidTokenDataProvider
- * @param string $invalidToken
- */
- public function testPassesCSRFCheckWithInvalidToken($invalidToken) {
- /** @var Request $request */
- $request = $this->getMockBuilder('\OC\AppFramework\Http\Request')
- ->setMethods(['getScriptName'])
- ->setConstructorArgs([
- [
- 'server' => [
- 'HTTP_REQUESTTOKEN' => $invalidToken,
- ],
- ],
- $this->secureRandom,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- ])
- ->getMock();
- $token = new CsrfToken($invalidToken);
- $this->csrfTokenManager
- ->expects($this->any())
- ->method('isTokenValid')
- ->with($token)
- ->willReturn(false);
- $this->assertFalse($request->passesCSRFCheck());
- }
- public function testPassesCSRFCheckWithoutTokenFail() {
- /** @var Request $request */
- $request = $this->getMockBuilder('\OC\AppFramework\Http\Request')
- ->setMethods(['getScriptName'])
- ->setConstructorArgs([
- [],
- $this->secureRandom,
- $this->config,
- $this->csrfTokenManager,
- $this->stream
- ])
- ->getMock();
- $this->assertFalse($request->passesCSRFCheck());
- }
- }
|