SessionTest.php 44 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218121912201221122212231224122512261227122812291230123112321233123412351236123712381239124012411242124312441245124612471248124912501251125212531254125512561257125812591260126112621263126412651266126712681269127012711272127312741275127612771278127912801281128212831284128512861287128812891290129112921293129412951296129712981299130013011302130313041305130613071308130913101311131213131314131513161317131813191320132113221323132413251326132713281329133013311332133313341335
  1. <?php
  2. /**
  3. * Copyright (c) 2013 Robin Appelman <icewind@owncloud.com>
  4. * This file is licensed under the Affero General Public License version 3 or
  5. * later.
  6. * See the COPYING-README file.
  7. */
  8. namespace Test\User;
  9. use OC\AppFramework\Http\Request;
  10. use OC\Authentication\Token\DefaultTokenMapper;
  11. use OC\Authentication\Token\DefaultTokenProvider;
  12. use OC\Authentication\Token\IProvider;
  13. use OC\Authentication\Token\IToken;
  14. use OC\Security\Bruteforce\Throttler;
  15. use OC\Session\Memory;
  16. use OC\User\Manager;
  17. use OC\User\Session;
  18. use OC\User\User;
  19. use OCA\DAV\Connector\Sabre\Auth;
  20. use OCP\AppFramework\Utility\ITimeFactory;
  21. use OCP\IConfig;
  22. use OCP\ILogger;
  23. use OCP\IRequest;
  24. use OCP\ISession;
  25. use OCP\IUser;
  26. use OCP\IUserManager;
  27. use OCP\Security\ICrypto;
  28. use OCP\Security\ISecureRandom;
  29. /**
  30. * @group DB
  31. * @package Test\User
  32. */
  33. class SessionTest extends \Test\TestCase {
  34. /** @var ITimeFactory|\PHPUnit_Framework_MockObject_MockObject */
  35. private $timeFactory;
  36. /** @var DefaultTokenProvider|\PHPUnit_Framework_MockObject_MockObject */
  37. protected $tokenProvider;
  38. /** @var IConfig|\PHPUnit_Framework_MockObject_MockObject */
  39. private $config;
  40. /** @var Throttler|\PHPUnit_Framework_MockObject_MockObject */
  41. private $throttler;
  42. /** @var ISecureRandom|\PHPUnit_Framework_MockObject_MockObject */
  43. private $random;
  44. /** @var IUserManager|\PHPUnit_Framework_MockObject_MockObject */
  45. private $manager;
  46. /** @var ISession|\PHPUnit_Framework_MockObject_MockObject */
  47. private $session;
  48. /** @var Session|\PHPUnit_Framework_MockObject_MockObject */
  49. private $userSession;
  50. protected function setUp() {
  51. parent::setUp();
  52. $this->timeFactory = $this->createMock(ITimeFactory::class);
  53. $this->timeFactory->expects($this->any())
  54. ->method('getTime')
  55. ->will($this->returnValue(10000));
  56. $this->tokenProvider = $this->createMock(IProvider::class);
  57. $this->config = $this->createMock(IConfig::class);
  58. $this->throttler = $this->createMock(Throttler::class);
  59. $this->random = $this->createMock(ISecureRandom::class);
  60. $this->manager = $this->createMock(IUserManager::class);
  61. $this->session = $this->createMock(ISession::class);
  62. $this->userSession = $this->getMockBuilder(Session::class)
  63. ->setConstructorArgs([
  64. $this->manager,
  65. $this->session,
  66. $this->timeFactory,
  67. $this->tokenProvider,
  68. $this->config,
  69. $this->random,
  70. ])
  71. ->setMethods([
  72. 'setMagicInCookie',
  73. ])
  74. ->getMock();
  75. \OC_User::setIncognitoMode(false);
  76. }
  77. public function testGetUser() {
  78. $token = new \OC\Authentication\Token\DefaultToken();
  79. $token->setLoginName('User123');
  80. $token->setLastCheck(200);
  81. $expectedUser = $this->createMock(IUser::class);
  82. $expectedUser->expects($this->any())
  83. ->method('getUID')
  84. ->will($this->returnValue('user123'));
  85. $session = $this->getMockBuilder(Memory::class)->setConstructorArgs([''])->getMock();
  86. $session->expects($this->at(0))
  87. ->method('get')
  88. ->with('user_id')
  89. ->will($this->returnValue($expectedUser->getUID()));
  90. $sessionId = 'abcdef12345';
  91. $manager = $this->getMockBuilder('\OC\User\Manager')
  92. ->disableOriginalConstructor()
  93. ->getMock();
  94. $session->expects($this->at(1))
  95. ->method('get')
  96. ->with('app_password')
  97. ->will($this->returnValue(null)); // No password set -> browser session
  98. $session->expects($this->once())
  99. ->method('getId')
  100. ->will($this->returnValue($sessionId));
  101. $this->tokenProvider->expects($this->once())
  102. ->method('getToken')
  103. ->with($sessionId)
  104. ->will($this->returnValue($token));
  105. $this->tokenProvider->expects($this->once())
  106. ->method('getPassword')
  107. ->with($token, $sessionId)
  108. ->will($this->returnValue('passme'));
  109. $manager->expects($this->once())
  110. ->method('checkPassword')
  111. ->with('User123', 'passme')
  112. ->will($this->returnValue(true));
  113. $expectedUser->expects($this->once())
  114. ->method('isEnabled')
  115. ->will($this->returnValue(true));
  116. $this->tokenProvider->expects($this->once())
  117. ->method('updateTokenActivity')
  118. ->with($token);
  119. $manager->expects($this->once())
  120. ->method('get')
  121. ->with($expectedUser->getUID())
  122. ->will($this->returnValue($expectedUser));
  123. $userSession = new \OC\User\Session($manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random);
  124. $user = $userSession->getUser();
  125. $this->assertSame($expectedUser, $user);
  126. $this->assertSame(10000, $token->getLastCheck());
  127. }
  128. public function isLoggedInData() {
  129. return [
  130. [true],
  131. [false],
  132. ];
  133. }
  134. /**
  135. * @dataProvider isLoggedInData
  136. */
  137. public function testIsLoggedIn($isLoggedIn) {
  138. $session = $this->getMockBuilder(Memory::class)->setConstructorArgs([''])->getMock();
  139. $manager = $this->createMock(Manager::class);
  140. $userSession = $this->getMockBuilder(Session::class)
  141. ->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random])
  142. ->setMethods([
  143. 'getUser'
  144. ])
  145. ->getMock();
  146. $user = new User('sepp', null);
  147. $userSession->expects($this->once())
  148. ->method('getUser')
  149. ->will($this->returnValue($isLoggedIn ? $user : null));
  150. $this->assertEquals($isLoggedIn, $userSession->isLoggedIn());
  151. }
  152. public function testSetUser() {
  153. $session = $this->getMockBuilder(Memory::class)->setConstructorArgs([''])->getMock();
  154. $session->expects($this->once())
  155. ->method('set')
  156. ->with('user_id', 'foo');
  157. $manager = $this->createMock(Manager::class);
  158. $backend = $this->createMock(\Test\Util\User\Dummy::class);
  159. $user = $this->getMockBuilder(User::class)->setConstructorArgs(['foo', $backend])->getMock();
  160. $user->expects($this->once())
  161. ->method('getUID')
  162. ->will($this->returnValue('foo'));
  163. $userSession = new \OC\User\Session($manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random);
  164. $userSession->setUser($user);
  165. }
  166. public function testLoginValidPasswordEnabled() {
  167. $session = $this->getMockBuilder(Memory::class)->setConstructorArgs([''])->getMock();
  168. $session->expects($this->once())
  169. ->method('regenerateId');
  170. $this->tokenProvider->expects($this->once())
  171. ->method('getToken')
  172. ->with('bar')
  173. ->will($this->throwException(new \OC\Authentication\Exceptions\InvalidTokenException()));
  174. $session->expects($this->exactly(2))
  175. ->method('set')
  176. ->with($this->callback(function ($key) {
  177. switch ($key) {
  178. case 'user_id':
  179. case 'loginname':
  180. return true;
  181. break;
  182. default:
  183. return false;
  184. break;
  185. }
  186. }, 'foo'));
  187. $managerMethods = get_class_methods(Manager::class);
  188. //keep following methods intact in order to ensure hooks are working
  189. $mockedManagerMethods = array_diff($managerMethods, ['__construct', 'emit', 'listen']);
  190. $manager = $this->getMockBuilder(Manager::class)
  191. ->setMethods($mockedManagerMethods)
  192. ->setConstructorArgs([$this->config])
  193. ->getMock();
  194. $backend = $this->createMock(\Test\Util\User\Dummy::class);
  195. $user = $this->getMockBuilder(User::class)->setConstructorArgs(['foo', $backend])->getMock();
  196. $user->expects($this->any())
  197. ->method('isEnabled')
  198. ->will($this->returnValue(true));
  199. $user->expects($this->any())
  200. ->method('getUID')
  201. ->will($this->returnValue('foo'));
  202. $user->expects($this->once())
  203. ->method('updateLastLoginTimestamp');
  204. $manager->expects($this->once())
  205. ->method('checkPassword')
  206. ->with('foo', 'bar')
  207. ->will($this->returnValue($user));
  208. $userSession = $this->getMockBuilder(Session::class)
  209. ->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random])
  210. ->setMethods([
  211. 'prepareUserLogin'
  212. ])
  213. ->getMock();
  214. $userSession->expects($this->once())
  215. ->method('prepareUserLogin');
  216. $userSession->login('foo', 'bar');
  217. $this->assertEquals($user, $userSession->getUser());
  218. }
  219. /**
  220. * @expectedException \OC\User\LoginException
  221. */
  222. public function testLoginValidPasswordDisabled() {
  223. $session = $this->getMockBuilder(Memory::class)->setConstructorArgs([''])->getMock();
  224. $session->expects($this->never())
  225. ->method('set');
  226. $session->expects($this->once())
  227. ->method('regenerateId');
  228. $this->tokenProvider->expects($this->once())
  229. ->method('getToken')
  230. ->with('bar')
  231. ->will($this->throwException(new \OC\Authentication\Exceptions\InvalidTokenException()));
  232. $managerMethods = get_class_methods(\OC\User\Manager::class);
  233. //keep following methods intact in order to ensure hooks are working
  234. $mockedManagerMethods = array_diff($managerMethods, ['__construct', 'emit', 'listen']);
  235. $manager = $this->getMockBuilder(Manager::class)
  236. ->setMethods($mockedManagerMethods)
  237. ->setConstructorArgs([$this->config])
  238. ->getMock();
  239. $backend = $this->createMock(\Test\Util\User\Dummy::class);
  240. $user = $this->getMockBuilder(User::class)->setConstructorArgs(['foo', $backend])->getMock();
  241. $user->expects($this->any())
  242. ->method('isEnabled')
  243. ->will($this->returnValue(false));
  244. $user->expects($this->never())
  245. ->method('updateLastLoginTimestamp');
  246. $manager->expects($this->once())
  247. ->method('checkPassword')
  248. ->with('foo', 'bar')
  249. ->will($this->returnValue($user));
  250. $userSession = new \OC\User\Session($manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random);
  251. $userSession->login('foo', 'bar');
  252. }
  253. public function testLoginInvalidPassword() {
  254. $session = $this->getMockBuilder(Memory::class)->setConstructorArgs([''])->getMock();
  255. $managerMethods = get_class_methods(\OC\User\Manager::class);
  256. //keep following methods intact in order to ensure hooks are working
  257. $mockedManagerMethods = array_diff($managerMethods, ['__construct', 'emit', 'listen']);
  258. $manager = $this->getMockBuilder(Manager::class)
  259. ->setMethods($mockedManagerMethods)
  260. ->setConstructorArgs([$this->config])
  261. ->getMock();
  262. $backend = $this->createMock(\Test\Util\User\Dummy::class);
  263. $userSession = new \OC\User\Session($manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random);
  264. $user = $this->getMockBuilder(User::class)->setConstructorArgs(['foo', $backend])->getMock();
  265. $session->expects($this->never())
  266. ->method('set');
  267. $session->expects($this->once())
  268. ->method('regenerateId');
  269. $this->tokenProvider->expects($this->once())
  270. ->method('getToken')
  271. ->with('bar')
  272. ->will($this->throwException(new \OC\Authentication\Exceptions\InvalidTokenException()));
  273. $user->expects($this->never())
  274. ->method('isEnabled');
  275. $user->expects($this->never())
  276. ->method('updateLastLoginTimestamp');
  277. $manager->expects($this->once())
  278. ->method('checkPassword')
  279. ->with('foo', 'bar')
  280. ->will($this->returnValue(false));
  281. $userSession->login('foo', 'bar');
  282. }
  283. public function testLoginNonExisting() {
  284. $session = $this->getMockBuilder(Memory::class)->setConstructorArgs([''])->getMock();
  285. $manager = $this->createMock(Manager::class);
  286. $userSession = new \OC\User\Session($manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random);
  287. $session->expects($this->never())
  288. ->method('set');
  289. $session->expects($this->once())
  290. ->method('regenerateId');
  291. $this->tokenProvider->expects($this->once())
  292. ->method('getToken')
  293. ->with('bar')
  294. ->will($this->throwException(new \OC\Authentication\Exceptions\InvalidTokenException()));
  295. $manager->expects($this->once())
  296. ->method('checkPassword')
  297. ->with('foo', 'bar')
  298. ->will($this->returnValue(false));
  299. $userSession->login('foo', 'bar');
  300. }
  301. /**
  302. * When using a device token, the loginname must match the one that was used
  303. * when generating the token on the browser.
  304. */
  305. public function testLoginWithDifferentTokenLoginName() {
  306. $session = $this->getMockBuilder(Memory::class)->setConstructorArgs([''])->getMock();
  307. $manager = $this->createMock(Manager::class);
  308. $userSession = new \OC\User\Session($manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random);
  309. $username = 'user123';
  310. $token = new \OC\Authentication\Token\DefaultToken();
  311. $token->setLoginName($username);
  312. $session->expects($this->never())
  313. ->method('set');
  314. $session->expects($this->once())
  315. ->method('regenerateId');
  316. $this->tokenProvider->expects($this->once())
  317. ->method('getToken')
  318. ->with('bar')
  319. ->will($this->returnValue($token));
  320. $manager->expects($this->once())
  321. ->method('checkPassword')
  322. ->with('foo', 'bar')
  323. ->will($this->returnValue(false));
  324. $userSession->login('foo', 'bar');
  325. }
  326. /**
  327. * @expectedException \OC\Authentication\Exceptions\PasswordLoginForbiddenException
  328. */
  329. public function testLogClientInNoTokenPasswordWith2fa() {
  330. $manager = $this->createMock(Manager::class);
  331. $session = $this->createMock(ISession::class);
  332. $request = $this->createMock(IRequest::class);
  333. /** @var \OC\User\Session $userSession */
  334. $userSession = $this->getMockBuilder(Session::class)
  335. ->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random])
  336. ->setMethods(['login', 'supportsCookies', 'createSessionToken', 'getUser'])
  337. ->getMock();
  338. $this->tokenProvider->expects($this->once())
  339. ->method('getToken')
  340. ->with('doe')
  341. ->will($this->throwException(new \OC\Authentication\Exceptions\InvalidTokenException()));
  342. $this->config->expects($this->once())
  343. ->method('getSystemValue')
  344. ->with('token_auth_enforced', false)
  345. ->will($this->returnValue(true));
  346. $request
  347. ->expects($this->any())
  348. ->method('getRemoteAddress')
  349. ->willReturn('192.168.0.1');
  350. $this->throttler
  351. ->expects($this->once())
  352. ->method('sleepDelay')
  353. ->with('192.168.0.1');
  354. $this->throttler
  355. ->expects($this->any())
  356. ->method('getDelay')
  357. ->with('192.168.0.1')
  358. ->willReturn(0);
  359. $userSession->logClientIn('john', 'doe', $request, $this->throttler);
  360. }
  361. public function testLogClientInUnexist() {
  362. $manager = $this->createMock(Manager::class);
  363. $session = $this->createMock(ISession::class);
  364. $request = $this->createMock(IRequest::class);
  365. /** @var Session $userSession */
  366. $userSession = $this->getMockBuilder(Session::class)
  367. ->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random])
  368. ->setMethods(['login', 'supportsCookies', 'createSessionToken', 'getUser'])
  369. ->getMock();
  370. $this->tokenProvider->expects($this->once())
  371. ->method('getToken')
  372. ->with('doe')
  373. ->will($this->throwException(new \OC\Authentication\Exceptions\InvalidTokenException()));
  374. $this->config->expects($this->once())
  375. ->method('getSystemValue')
  376. ->with('token_auth_enforced', false)
  377. ->will($this->returnValue(false));
  378. $this->assertFalse($userSession->logClientIn('unexist', 'doe', $request, $this->throttler));
  379. }
  380. public function testLogClientInWithTokenPassword() {
  381. $manager = $this->createMock(Manager::class);
  382. $session = $this->createMock(ISession::class);
  383. $request = $this->createMock(IRequest::class);
  384. /** @var \OC\User\Session $userSession */
  385. $userSession = $this->getMockBuilder(Session::class)
  386. ->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random])
  387. ->setMethods(['isTokenPassword', 'login', 'supportsCookies', 'createSessionToken', 'getUser'])
  388. ->getMock();
  389. $userSession->expects($this->once())
  390. ->method('isTokenPassword')
  391. ->will($this->returnValue(true));
  392. $userSession->expects($this->once())
  393. ->method('login')
  394. ->with('john', 'I-AM-AN-APP-PASSWORD')
  395. ->will($this->returnValue(true));
  396. $session->expects($this->once())
  397. ->method('set')
  398. ->with('app_password', 'I-AM-AN-APP-PASSWORD');
  399. $request
  400. ->expects($this->any())
  401. ->method('getRemoteAddress')
  402. ->willReturn('192.168.0.1');
  403. $this->throttler
  404. ->expects($this->once())
  405. ->method('sleepDelay')
  406. ->with('192.168.0.1');
  407. $this->throttler
  408. ->expects($this->any())
  409. ->method('getDelay')
  410. ->with('192.168.0.1')
  411. ->willReturn(0);
  412. $this->assertTrue($userSession->logClientIn('john', 'I-AM-AN-APP-PASSWORD', $request, $this->throttler));
  413. }
  414. /**
  415. * @expectedException \OC\Authentication\Exceptions\PasswordLoginForbiddenException
  416. */
  417. public function testLogClientInNoTokenPasswordNo2fa() {
  418. $manager = $this->createMock(Manager::class);
  419. $session = $this->createMock(ISession::class);
  420. $request = $this->createMock(IRequest::class);
  421. /** @var \OC\User\Session $userSession */
  422. $userSession = $this->getMockBuilder(Session::class)
  423. ->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random])
  424. ->setMethods(['login', 'isTwoFactorEnforced'])
  425. ->getMock();
  426. $this->tokenProvider->expects($this->once())
  427. ->method('getToken')
  428. ->with('doe')
  429. ->will($this->throwException(new \OC\Authentication\Exceptions\InvalidTokenException()));
  430. $this->config->expects($this->once())
  431. ->method('getSystemValue')
  432. ->with('token_auth_enforced', false)
  433. ->will($this->returnValue(false));
  434. $userSession->expects($this->once())
  435. ->method('isTwoFactorEnforced')
  436. ->with('john')
  437. ->will($this->returnValue(true));
  438. $request
  439. ->expects($this->any())
  440. ->method('getRemoteAddress')
  441. ->willReturn('192.168.0.1');
  442. $this->throttler
  443. ->expects($this->once())
  444. ->method('sleepDelay')
  445. ->with('192.168.0.1');
  446. $this->throttler
  447. ->expects($this->any())
  448. ->method('getDelay')
  449. ->with('192.168.0.1')
  450. ->willReturn(0);
  451. $userSession->logClientIn('john', 'doe', $request, $this->throttler);
  452. }
  453. public function testRememberLoginValidToken() {
  454. $session = $this->getMockBuilder(Memory::class)->setConstructorArgs([''])->getMock();
  455. $managerMethods = get_class_methods(\OC\User\Manager::class);
  456. //keep following methods intact in order to ensure hooks are working
  457. $mockedManagerMethods = array_diff($managerMethods, ['__construct', 'emit', 'listen']);
  458. $manager = $this->getMockBuilder(Manager::class)
  459. ->setMethods($mockedManagerMethods)
  460. ->setConstructorArgs([$this->config])
  461. ->getMock();
  462. $userSession = $this->getMockBuilder(Session::class)
  463. //override, otherwise tests will fail because of setcookie()
  464. ->setMethods(['setMagicInCookie', 'setLoginName'])
  465. ->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random])
  466. ->getMock();
  467. $user = $this->createMock(IUser::class);
  468. $token = 'goodToken';
  469. $oldSessionId = 'sess321';
  470. $sessionId = 'sess123';
  471. $session->expects($this->once())
  472. ->method('regenerateId');
  473. $manager->expects($this->once())
  474. ->method('get')
  475. ->with('foo')
  476. ->will($this->returnValue($user));
  477. $this->config->expects($this->once())
  478. ->method('getUserKeys')
  479. ->with('foo', 'login_token')
  480. ->will($this->returnValue([$token]));
  481. $this->config->expects($this->once())
  482. ->method('deleteUserValue')
  483. ->with('foo', 'login_token', $token);
  484. $this->random->expects($this->once())
  485. ->method('generate')
  486. ->with(32)
  487. ->will($this->returnValue('abcdefg123456'));
  488. $this->config->expects($this->once())
  489. ->method('setUserValue')
  490. ->with('foo', 'login_token', 'abcdefg123456', 10000);
  491. $session->expects($this->once())
  492. ->method('getId')
  493. ->will($this->returnValue($sessionId));
  494. $this->tokenProvider->expects($this->once())
  495. ->method('renewSessionToken')
  496. ->with($oldSessionId, $sessionId)
  497. ->will($this->returnValue(true));
  498. $tokenObject = $this->createMock(IToken::class);
  499. $tokenObject->expects($this->once())
  500. ->method('getLoginName')
  501. ->willReturn('foobar');
  502. $this->tokenProvider->expects($this->once())
  503. ->method('getToken')
  504. ->with($sessionId)
  505. ->willReturn($tokenObject);
  506. $user->expects($this->any())
  507. ->method('getUID')
  508. ->will($this->returnValue('foo'));
  509. $userSession->expects($this->once())
  510. ->method('setMagicInCookie');
  511. $user->expects($this->once())
  512. ->method('updateLastLoginTimestamp');
  513. $session->expects($this->once())
  514. ->method('set')
  515. ->with('user_id', 'foo');
  516. $userSession->expects($this->once())
  517. ->method('setLoginName')
  518. ->willReturn('foobar');
  519. $granted = $userSession->loginWithCookie('foo', $token, $oldSessionId);
  520. $this->assertTrue($granted);
  521. }
  522. public function testRememberLoginInvalidSessionToken() {
  523. $session = $this->getMockBuilder(Memory::class)->setConstructorArgs([''])->getMock();
  524. $managerMethods = get_class_methods(\OC\User\Manager::class);
  525. //keep following methods intact in order to ensure hooks are working
  526. $mockedManagerMethods = array_diff($managerMethods, ['__construct', 'emit', 'listen']);
  527. $manager = $this->getMockBuilder(Manager::class)
  528. ->setMethods($mockedManagerMethods)
  529. ->setConstructorArgs([$this->config])
  530. ->getMock();
  531. $userSession = $this->getMockBuilder(Session::class)
  532. //override, otherwise tests will fail because of setcookie()
  533. ->setMethods(['setMagicInCookie'])
  534. ->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random])
  535. ->getMock();
  536. $user = $this->createMock(IUser::class);
  537. $token = 'goodToken';
  538. $oldSessionId = 'sess321';
  539. $sessionId = 'sess123';
  540. $session->expects($this->once())
  541. ->method('regenerateId');
  542. $manager->expects($this->once())
  543. ->method('get')
  544. ->with('foo')
  545. ->will($this->returnValue($user));
  546. $this->config->expects($this->once())
  547. ->method('getUserKeys')
  548. ->with('foo', 'login_token')
  549. ->will($this->returnValue([$token]));
  550. $this->config->expects($this->once())
  551. ->method('deleteUserValue')
  552. ->with('foo', 'login_token', $token);
  553. $this->config->expects($this->once())
  554. ->method('setUserValue'); // TODO: mock new random value
  555. $session->expects($this->once())
  556. ->method('getId')
  557. ->will($this->returnValue($sessionId));
  558. $this->tokenProvider->expects($this->once())
  559. ->method('renewSessionToken')
  560. ->with($oldSessionId, $sessionId)
  561. ->will($this->throwException(new \OC\Authentication\Exceptions\InvalidTokenException()));
  562. $user->expects($this->never())
  563. ->method('getUID')
  564. ->will($this->returnValue('foo'));
  565. $userSession->expects($this->never())
  566. ->method('setMagicInCookie');
  567. $user->expects($this->never())
  568. ->method('updateLastLoginTimestamp');
  569. $session->expects($this->never())
  570. ->method('set')
  571. ->with('user_id', 'foo');
  572. $granted = $userSession->loginWithCookie('foo', $token, $oldSessionId);
  573. $this->assertFalse($granted);
  574. }
  575. public function testRememberLoginInvalidToken() {
  576. $session = $this->getMockBuilder(Memory::class)->setConstructorArgs([''])->getMock();
  577. $managerMethods = get_class_methods(\OC\User\Manager::class);
  578. //keep following methods intact in order to ensure hooks are working
  579. $mockedManagerMethods = array_diff($managerMethods, ['__construct', 'emit', 'listen']);
  580. $manager = $this->getMockBuilder(Manager::class)
  581. ->setMethods($mockedManagerMethods)
  582. ->setConstructorArgs([$this->config])
  583. ->getMock();
  584. $userSession = $this->getMockBuilder(Session::class)
  585. //override, otherwise tests will fail because of setcookie()
  586. ->setMethods(['setMagicInCookie'])
  587. ->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random])
  588. ->getMock();
  589. $user = $this->createMock(IUser::class);
  590. $token = 'goodToken';
  591. $oldSessionId = 'sess321';
  592. $session->expects($this->once())
  593. ->method('regenerateId');
  594. $manager->expects($this->once())
  595. ->method('get')
  596. ->with('foo')
  597. ->will($this->returnValue($user));
  598. $this->config->expects($this->once())
  599. ->method('getUserKeys')
  600. ->with('foo', 'login_token')
  601. ->will($this->returnValue(['anothertoken']));
  602. $this->config->expects($this->never())
  603. ->method('deleteUserValue')
  604. ->with('foo', 'login_token', $token);
  605. $this->tokenProvider->expects($this->never())
  606. ->method('renewSessionToken');
  607. $userSession->expects($this->never())
  608. ->method('setMagicInCookie');
  609. $user->expects($this->never())
  610. ->method('updateLastLoginTimestamp');
  611. $session->expects($this->never())
  612. ->method('set')
  613. ->with('user_id', 'foo');
  614. $granted = $userSession->loginWithCookie('foo', $token, $oldSessionId);
  615. $this->assertFalse($granted);
  616. }
  617. public function testRememberLoginInvalidUser() {
  618. $session = $this->getMockBuilder(Memory::class)->setConstructorArgs([''])->getMock();
  619. $managerMethods = get_class_methods(\OC\User\Manager::class);
  620. //keep following methods intact in order to ensure hooks are working
  621. $mockedManagerMethods = array_diff($managerMethods, ['__construct', 'emit', 'listen']);
  622. $manager = $this->getMockBuilder(Manager::class)
  623. ->setMethods($mockedManagerMethods)
  624. ->setConstructorArgs([$this->config])
  625. ->getMock();
  626. $userSession = $this->getMockBuilder(Session::class)
  627. //override, otherwise tests will fail because of setcookie()
  628. ->setMethods(['setMagicInCookie'])
  629. ->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random])
  630. ->getMock();
  631. $token = 'goodToken';
  632. $oldSessionId = 'sess321';
  633. $session->expects($this->once())
  634. ->method('regenerateId');
  635. $manager->expects($this->once())
  636. ->method('get')
  637. ->with('foo')
  638. ->will($this->returnValue(null));
  639. $this->config->expects($this->never())
  640. ->method('getUserKeys')
  641. ->with('foo', 'login_token')
  642. ->will($this->returnValue(['anothertoken']));
  643. $this->tokenProvider->expects($this->never())
  644. ->method('renewSessionToken');
  645. $userSession->expects($this->never())
  646. ->method('setMagicInCookie');
  647. $session->expects($this->never())
  648. ->method('set')
  649. ->with('user_id', 'foo');
  650. $granted = $userSession->loginWithCookie('foo', $token, $oldSessionId);
  651. $this->assertFalse($granted);
  652. }
  653. public function testActiveUserAfterSetSession() {
  654. $users = array(
  655. 'foo' => new User('foo', null),
  656. 'bar' => new User('bar', null)
  657. );
  658. $manager = $this->getMockBuilder('\OC\User\Manager')
  659. ->disableOriginalConstructor()
  660. ->getMock();
  661. $manager->expects($this->any())
  662. ->method('get')
  663. ->will($this->returnCallback(function ($uid) use ($users) {
  664. return $users[$uid];
  665. }));
  666. $session = new Memory('');
  667. $session->set('user_id', 'foo');
  668. $userSession = $this->getMockBuilder('\OC\User\Session')
  669. ->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random])
  670. ->setMethods([
  671. 'validateSession'
  672. ])
  673. ->getMock();
  674. $userSession->expects($this->any())
  675. ->method('validateSession');
  676. $this->assertEquals($users['foo'], $userSession->getUser());
  677. $session2 = new Memory('');
  678. $session2->set('user_id', 'bar');
  679. $userSession->setSession($session2);
  680. $this->assertEquals($users['bar'], $userSession->getUser());
  681. }
  682. public function testCreateSessionToken() {
  683. $manager = $this->createMock(Manager::class);
  684. $session = $this->createMock(ISession::class);
  685. $user = $this->createMock(IUser::class);
  686. $userSession = new \OC\User\Session($manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random);
  687. $random = $this->createMock(ISecureRandom::class);
  688. $config = $this->createMock(IConfig::class);
  689. $csrf = $this->getMockBuilder('\OC\Security\CSRF\CsrfTokenManager')
  690. ->disableOriginalConstructor()
  691. ->getMock();
  692. $request = new \OC\AppFramework\Http\Request([
  693. 'server' => [
  694. 'HTTP_USER_AGENT' => 'Firefox',
  695. ]
  696. ], $random, $config, $csrf);
  697. $uid = 'user123';
  698. $loginName = 'User123';
  699. $password = 'passme';
  700. $sessionId = 'abcxyz';
  701. $manager->expects($this->once())
  702. ->method('get')
  703. ->with($uid)
  704. ->will($this->returnValue($user));
  705. $session->expects($this->once())
  706. ->method('getId')
  707. ->will($this->returnValue($sessionId));
  708. $this->tokenProvider->expects($this->once())
  709. ->method('getToken')
  710. ->with($password)
  711. ->will($this->throwException(new \OC\Authentication\Exceptions\InvalidTokenException()));
  712. $this->tokenProvider->expects($this->once())
  713. ->method('generateToken')
  714. ->with($sessionId, $uid, $loginName, $password, 'Firefox', IToken::TEMPORARY_TOKEN, IToken::DO_NOT_REMEMBER);
  715. $this->assertTrue($userSession->createSessionToken($request, $uid, $loginName, $password));
  716. }
  717. public function testCreateRememberedSessionToken() {
  718. $manager = $this->createMock(Manager::class);
  719. $session = $this->createMock(ISession::class);
  720. $user = $this->createMock(IUser::class);
  721. $userSession = new \OC\User\Session($manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random);
  722. $random = $this->createMock(ISecureRandom::class);
  723. $config = $this->createMock(IConfig::class);
  724. $csrf = $this->getMockBuilder('\OC\Security\CSRF\CsrfTokenManager')
  725. ->disableOriginalConstructor()
  726. ->getMock();
  727. $request = new \OC\AppFramework\Http\Request([
  728. 'server' => [
  729. 'HTTP_USER_AGENT' => 'Firefox',
  730. ]
  731. ], $random, $config, $csrf);
  732. $uid = 'user123';
  733. $loginName = 'User123';
  734. $password = 'passme';
  735. $sessionId = 'abcxyz';
  736. $manager->expects($this->once())
  737. ->method('get')
  738. ->with($uid)
  739. ->will($this->returnValue($user));
  740. $session->expects($this->once())
  741. ->method('getId')
  742. ->will($this->returnValue($sessionId));
  743. $this->tokenProvider->expects($this->once())
  744. ->method('getToken')
  745. ->with($password)
  746. ->will($this->throwException(new \OC\Authentication\Exceptions\InvalidTokenException()));
  747. $this->tokenProvider->expects($this->once())
  748. ->method('generateToken')
  749. ->with($sessionId, $uid, $loginName, $password, 'Firefox', IToken::TEMPORARY_TOKEN, IToken::REMEMBER);
  750. $this->assertTrue($userSession->createSessionToken($request, $uid, $loginName, $password, true));
  751. }
  752. public function testCreateSessionTokenWithTokenPassword() {
  753. $manager = $this->getMockBuilder('\OC\User\Manager')
  754. ->disableOriginalConstructor()
  755. ->getMock();
  756. $session = $this->createMock(ISession::class);
  757. $token = $this->createMock(IToken::class);
  758. $user = $this->createMock(IUser::class);
  759. $userSession = new \OC\User\Session($manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random);
  760. $random = $this->createMock(ISecureRandom::class);
  761. $config = $this->createMock(IConfig::class);
  762. $csrf = $this->getMockBuilder('\OC\Security\CSRF\CsrfTokenManager')
  763. ->disableOriginalConstructor()
  764. ->getMock();
  765. $request = new \OC\AppFramework\Http\Request([
  766. 'server' => [
  767. 'HTTP_USER_AGENT' => 'Firefox',
  768. ]
  769. ], $random, $config, $csrf);
  770. $uid = 'user123';
  771. $loginName = 'User123';
  772. $password = 'iamatoken';
  773. $realPassword = 'passme';
  774. $sessionId = 'abcxyz';
  775. $manager->expects($this->once())
  776. ->method('get')
  777. ->with($uid)
  778. ->will($this->returnValue($user));
  779. $session->expects($this->once())
  780. ->method('getId')
  781. ->will($this->returnValue($sessionId));
  782. $this->tokenProvider->expects($this->once())
  783. ->method('getToken')
  784. ->with($password)
  785. ->will($this->returnValue($token));
  786. $this->tokenProvider->expects($this->once())
  787. ->method('getPassword')
  788. ->with($token, $password)
  789. ->will($this->returnValue($realPassword));
  790. $this->tokenProvider->expects($this->once())
  791. ->method('generateToken')
  792. ->with($sessionId, $uid, $loginName, $realPassword, 'Firefox', IToken::TEMPORARY_TOKEN, IToken::DO_NOT_REMEMBER);
  793. $this->assertTrue($userSession->createSessionToken($request, $uid, $loginName, $password));
  794. }
  795. public function testCreateSessionTokenWithNonExistentUser() {
  796. $manager = $this->getMockBuilder('\OC\User\Manager')
  797. ->disableOriginalConstructor()
  798. ->getMock();
  799. $session = $this->createMock(ISession::class);
  800. $userSession = new \OC\User\Session($manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random);
  801. $request = $this->createMock(IRequest::class);
  802. $uid = 'user123';
  803. $loginName = 'User123';
  804. $password = 'passme';
  805. $manager->expects($this->once())
  806. ->method('get')
  807. ->with($uid)
  808. ->will($this->returnValue(null));
  809. $this->assertFalse($userSession->createSessionToken($request, $uid, $loginName, $password));
  810. }
  811. /**
  812. * @expectedException \OC\User\LoginException
  813. */
  814. public function testTryTokenLoginWithDisabledUser() {
  815. $manager = $this->getMockBuilder('\OC\User\Manager')
  816. ->disableOriginalConstructor()
  817. ->getMock();
  818. $session = new Memory('');
  819. $token = new \OC\Authentication\Token\DefaultToken();
  820. $token->setLoginName('fritz');
  821. $token->setUid('fritz0');
  822. $token->setLastCheck(100); // Needs check
  823. $user = $this->createMock(IUser::class);
  824. $userSession = $this->getMockBuilder('\OC\User\Session')
  825. ->setMethods(['logout'])
  826. ->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random])
  827. ->getMock();
  828. $request = $this->createMock(IRequest::class);
  829. $request->expects($this->once())
  830. ->method('getHeader')
  831. ->with('Authorization')
  832. ->will($this->returnValue('token xxxxx'));
  833. $this->tokenProvider->expects($this->once())
  834. ->method('getToken')
  835. ->with('xxxxx')
  836. ->will($this->returnValue($token));
  837. $manager->expects($this->once())
  838. ->method('get')
  839. ->with('fritz0')
  840. ->will($this->returnValue($user));
  841. $user->expects($this->once())
  842. ->method('isEnabled')
  843. ->will($this->returnValue(false));
  844. $userSession->tryTokenLogin($request);
  845. }
  846. public function testValidateSessionDisabledUser() {
  847. $userManager = $this->createMock(IUserManager::class);
  848. $session = $this->createMock(ISession::class);
  849. $timeFactory = $this->createMock(ITimeFactory::class);
  850. $tokenProvider = $this->createMock(IProvider::class);
  851. $userSession = $this->getMockBuilder('\OC\User\Session')
  852. ->setConstructorArgs([$userManager, $session, $timeFactory, $tokenProvider, $this->config, $this->random])
  853. ->setMethods(['logout'])
  854. ->getMock();
  855. $user = $this->createMock(IUser::class);
  856. $token = new \OC\Authentication\Token\DefaultToken();
  857. $token->setLoginName('susan');
  858. $token->setLastCheck(20);
  859. $session->expects($this->once())
  860. ->method('get')
  861. ->with('app_password')
  862. ->will($this->returnValue('APP-PASSWORD'));
  863. $tokenProvider->expects($this->once())
  864. ->method('getToken')
  865. ->with('APP-PASSWORD')
  866. ->will($this->returnValue($token));
  867. $timeFactory->expects($this->once())
  868. ->method('getTime')
  869. ->will($this->returnValue(1000)); // more than 5min since last check
  870. $tokenProvider->expects($this->once())
  871. ->method('getPassword')
  872. ->with($token, 'APP-PASSWORD')
  873. ->will($this->returnValue('123456'));
  874. $userManager->expects($this->once())
  875. ->method('checkPassword')
  876. ->with('susan', '123456')
  877. ->will($this->returnValue(true));
  878. $user->expects($this->once())
  879. ->method('isEnabled')
  880. ->will($this->returnValue(false));
  881. $tokenProvider->expects($this->once())
  882. ->method('invalidateToken')
  883. ->with('APP-PASSWORD');
  884. $userSession->expects($this->once())
  885. ->method('logout');
  886. $userSession->setUser($user);
  887. $this->invokePrivate($userSession, 'validateSession');
  888. }
  889. public function testValidateSessionNoPassword() {
  890. $userManager = $this->createMock(IUserManager::class);
  891. $session = $this->createMock(ISession::class);
  892. $timeFactory = $this->createMock(ITimeFactory::class);
  893. $tokenProvider = $this->createMock(IProvider::class);
  894. $userSession = $this->getMockBuilder('\OC\User\Session')
  895. ->setConstructorArgs([$userManager, $session, $timeFactory, $tokenProvider, $this->config, $this->random])
  896. ->setMethods(['logout'])
  897. ->getMock();
  898. $user = $this->createMock(IUser::class);
  899. $token = new \OC\Authentication\Token\DefaultToken();
  900. $token->setLastCheck(20);
  901. $session->expects($this->once())
  902. ->method('get')
  903. ->with('app_password')
  904. ->will($this->returnValue('APP-PASSWORD'));
  905. $tokenProvider->expects($this->once())
  906. ->method('getToken')
  907. ->with('APP-PASSWORD')
  908. ->will($this->returnValue($token));
  909. $timeFactory->expects($this->once())
  910. ->method('getTime')
  911. ->will($this->returnValue(1000)); // more than 5min since last check
  912. $tokenProvider->expects($this->once())
  913. ->method('getPassword')
  914. ->with($token, 'APP-PASSWORD')
  915. ->will($this->throwException(new \OC\Authentication\Exceptions\PasswordlessTokenException()));
  916. $this->invokePrivate($userSession, 'validateSession', [$user]);
  917. $this->assertEquals(1000, $token->getLastCheck());
  918. }
  919. public function testUpdateSessionTokenPassword() {
  920. $userManager = $this->createMock(IUserManager::class);
  921. $session = $this->createMock(ISession::class);
  922. $timeFactory = $this->createMock(ITimeFactory::class);
  923. $tokenProvider = $this->createMock(IProvider::class);
  924. $userSession = new \OC\User\Session($userManager, $session, $timeFactory, $tokenProvider, $this->config, $this->random);
  925. $password = '123456';
  926. $sessionId = 'session1234';
  927. $token = new \OC\Authentication\Token\DefaultToken();
  928. $session->expects($this->once())
  929. ->method('getId')
  930. ->will($this->returnValue($sessionId));
  931. $tokenProvider->expects($this->once())
  932. ->method('getToken')
  933. ->with($sessionId)
  934. ->will($this->returnValue($token));
  935. $tokenProvider->expects($this->once())
  936. ->method('setPassword')
  937. ->with($token, $sessionId, $password);
  938. $userSession->updateSessionTokenPassword($password);
  939. }
  940. public function testUpdateSessionTokenPasswordNoSessionAvailable() {
  941. $userManager = $this->createMock(IUserManager::class);
  942. $session = $this->createMock(ISession::class);
  943. $timeFactory = $this->createMock(ITimeFactory::class);
  944. $tokenProvider = $this->createMock(IProvider::class);
  945. $userSession = new \OC\User\Session($userManager, $session, $timeFactory, $tokenProvider, $this->config, $this->random);
  946. $session->expects($this->once())
  947. ->method('getId')
  948. ->will($this->throwException(new \OCP\Session\Exceptions\SessionNotAvailableException()));
  949. $userSession->updateSessionTokenPassword('1234');
  950. }
  951. public function testUpdateSessionTokenPasswordInvalidTokenException() {
  952. $userManager = $this->createMock(IUserManager::class);
  953. $session = $this->createMock(ISession::class);
  954. $timeFactory = $this->createMock(ITimeFactory::class);
  955. $tokenProvider = $this->createMock(IProvider::class);
  956. $userSession = new \OC\User\Session($userManager, $session, $timeFactory, $tokenProvider, $this->config, $this->random);
  957. $password = '123456';
  958. $sessionId = 'session1234';
  959. $token = new \OC\Authentication\Token\DefaultToken();
  960. $session->expects($this->once())
  961. ->method('getId')
  962. ->will($this->returnValue($sessionId));
  963. $tokenProvider->expects($this->once())
  964. ->method('getToken')
  965. ->with($sessionId)
  966. ->will($this->returnValue($token));
  967. $tokenProvider->expects($this->once())
  968. ->method('setPassword')
  969. ->with($token, $sessionId, $password)
  970. ->will($this->throwException(new \OC\Authentication\Exceptions\InvalidTokenException()));
  971. $userSession->updateSessionTokenPassword($password);
  972. }
  973. public function testUpdateAuthTokenLastCheck() {
  974. $manager = $this->createMock(Manager::class);
  975. $session = $this->createMock(ISession::class);
  976. $request = $this->createMock(IRequest::class);
  977. $token = new \OC\Authentication\Token\DefaultToken();
  978. $token->setUid('john');
  979. $token->setLoginName('john');
  980. $token->setLastActivity(100);
  981. $token->setLastCheck(100);
  982. $mapper = $this->getMockBuilder(DefaultTokenMapper::class)
  983. ->disableOriginalConstructor()
  984. ->getMock();
  985. $crypto = $this->createMock(ICrypto::class);
  986. $logger = $this->createMock(ILogger::class);
  987. $tokenProvider = new DefaultTokenProvider($mapper, $crypto, $this->config, $logger, $this->timeFactory);
  988. /** @var \OC\User\Session $userSession */
  989. $userSession = new Session($manager, $session, $this->timeFactory, $tokenProvider, $this->config, $this->random);
  990. $mapper->expects($this->any())
  991. ->method('getToken')
  992. ->will($this->returnValue($token));
  993. $mapper->expects($this->once())
  994. ->method('update');
  995. $request
  996. ->expects($this->any())
  997. ->method('getRemoteAddress')
  998. ->willReturn('192.168.0.1');
  999. $this->throttler
  1000. ->expects($this->once())
  1001. ->method('sleepDelay')
  1002. ->with('192.168.0.1');
  1003. $this->throttler
  1004. ->expects($this->any())
  1005. ->method('getDelay')
  1006. ->with('192.168.0.1')
  1007. ->willReturn(0);
  1008. $this->timeFactory
  1009. ->expects($this->any())
  1010. ->method('getTime')
  1011. ->will($this->returnValue(100));
  1012. $userSession->logClientIn('john', 'doe', $request, $this->throttler);
  1013. $this->assertEquals(10000, $token->getLastActivity());
  1014. $this->assertEquals(10000, $token->getLastCheck());
  1015. }
  1016. public function testNoUpdateAuthTokenLastCheckRecent() {
  1017. $manager = $this->createMock(Manager::class);
  1018. $session = $this->createMock(ISession::class);
  1019. $request = $this->createMock(IRequest::class);
  1020. $token = new \OC\Authentication\Token\DefaultToken();
  1021. $token->setUid('john');
  1022. $token->setLoginName('john');
  1023. $token->setLastActivity(10000);
  1024. $token->setLastCheck(100);
  1025. $mapper = $this->getMockBuilder(DefaultTokenMapper::class)
  1026. ->disableOriginalConstructor()
  1027. ->getMock();
  1028. $crypto = $this->createMock(ICrypto::class);
  1029. $logger = $this->createMock(ILogger::class);
  1030. $tokenProvider = new DefaultTokenProvider($mapper, $crypto, $this->config, $logger, $this->timeFactory);
  1031. /** @var \OC\User\Session $userSession */
  1032. $userSession = new Session($manager, $session, $this->timeFactory, $tokenProvider, $this->config, $this->random);
  1033. $mapper->expects($this->any())
  1034. ->method('getToken')
  1035. ->will($this->returnValue($token));
  1036. $mapper->expects($this->never())
  1037. ->method('update');
  1038. $request
  1039. ->expects($this->any())
  1040. ->method('getRemoteAddress')
  1041. ->willReturn('192.168.0.1');
  1042. $this->throttler
  1043. ->expects($this->once())
  1044. ->method('sleepDelay')
  1045. ->with('192.168.0.1');
  1046. $this->throttler
  1047. ->expects($this->any())
  1048. ->method('getDelay')
  1049. ->with('192.168.0.1')
  1050. ->willReturn(0);
  1051. $this->timeFactory
  1052. ->expects($this->any())
  1053. ->method('getTime')
  1054. ->will($this->returnValue(100));
  1055. $userSession->logClientIn('john', 'doe', $request, $this->throttler);
  1056. }
  1057. public function testCreateRememberMeToken() {
  1058. $user = $this->createMock(IUser::class);
  1059. $user
  1060. ->expects($this->exactly(2))
  1061. ->method('getUID')
  1062. ->willReturn('UserUid');
  1063. $this->random
  1064. ->expects($this->once())
  1065. ->method('generate')
  1066. ->with(32)
  1067. ->willReturn('LongRandomToken');
  1068. $this->config
  1069. ->expects($this->once())
  1070. ->method('setUserValue')
  1071. ->with('UserUid', 'login_token', 'LongRandomToken', 10000);
  1072. $this->userSession
  1073. ->expects($this->once())
  1074. ->method('setMagicInCookie')
  1075. ->with('UserUid', 'LongRandomToken');
  1076. $this->userSession->createRememberMeToken($user);
  1077. }
  1078. public function testTryBasicAuthLoginValid() {
  1079. $request = $this->createMock(Request::class);
  1080. $request->method('__get')
  1081. ->willReturn([
  1082. 'PHP_AUTH_USER' => 'username',
  1083. 'PHP_AUTH_PW' => 'password',
  1084. ]);
  1085. $request->method('__isset')
  1086. ->with('server')
  1087. ->willReturn(true);
  1088. $davAuthenticatedSet = false;
  1089. $lastPasswordConfirmSet = false;
  1090. $this->session
  1091. ->method('set')
  1092. ->will($this->returnCallback(function($k, $v) use (&$davAuthenticatedSet, &$lastPasswordConfirmSet) {
  1093. switch ($k) {
  1094. case Auth::DAV_AUTHENTICATED:
  1095. $davAuthenticatedSet = $v;
  1096. return;
  1097. case 'last-password-confirm':
  1098. $lastPasswordConfirmSet = 1000;
  1099. return;
  1100. default:
  1101. throw new \Exception();
  1102. }
  1103. }));
  1104. $userSession = $this->getMockBuilder(Session::class)
  1105. ->setConstructorArgs([
  1106. $this->manager,
  1107. $this->session,
  1108. $this->timeFactory,
  1109. $this->tokenProvider,
  1110. $this->config,
  1111. $this->random,
  1112. ])
  1113. ->setMethods([
  1114. 'logClientIn',
  1115. 'getUser',
  1116. ])
  1117. ->getMock();
  1118. /** @var Session|\PHPUnit_Framework_MockObject_MockObject */
  1119. $userSession->expects($this->once())
  1120. ->method('logClientIn')
  1121. ->with(
  1122. $this->equalTo('username'),
  1123. $this->equalTo('password'),
  1124. $this->equalTo($request),
  1125. $this->equalTo($this->throttler)
  1126. )->willReturn(true);
  1127. $user = $this->createMock(IUser::class);
  1128. $user->method('getUID')->willReturn('username');
  1129. $userSession->expects($this->once())
  1130. ->method('getUser')
  1131. ->willReturn($user);
  1132. $this->assertTrue($userSession->tryBasicAuthLogin($request, $this->throttler));
  1133. $this->assertSame('username', $davAuthenticatedSet);
  1134. $this->assertSame(1000, $lastPasswordConfirmSet);
  1135. }
  1136. public function testTryBasicAuthLoginNoLogin() {
  1137. $request = $this->createMock(Request::class);
  1138. $request->method('__get')
  1139. ->willReturn([]);
  1140. $request->method('__isset')
  1141. ->with('server')
  1142. ->willReturn(true);
  1143. $this->session->expects($this->never())
  1144. ->method($this->anything());
  1145. $userSession = $this->getMockBuilder(Session::class)
  1146. ->setConstructorArgs([
  1147. $this->manager,
  1148. $this->session,
  1149. $this->timeFactory,
  1150. $this->tokenProvider,
  1151. $this->config,
  1152. $this->random,
  1153. ])
  1154. ->setMethods([
  1155. 'logClientIn',
  1156. ])
  1157. ->getMock();
  1158. /** @var Session|\PHPUnit_Framework_MockObject_MockObject */
  1159. $userSession->expects($this->never())
  1160. ->method('logClientIn');
  1161. $this->assertFalse($userSession->tryBasicAuthLogin($request, $this->throttler));
  1162. }
  1163. }