1
0

AuthSettingsControllerTest.php 13 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458
  1. <?php
  2. /**
  3. * SPDX-FileCopyrightText: 2019-2024 Nextcloud GmbH and Nextcloud contributors
  4. * SPDX-FileCopyrightText: 2016 ownCloud, Inc.
  5. * SPDX-License-Identifier: AGPL-3.0-only
  6. */
  7. namespace Test\Settings\Controller;
  8. use OC\AppFramework\Http;
  9. use OC\Authentication\Exceptions\ExpiredTokenException;
  10. use OC\Authentication\Exceptions\InvalidTokenException;
  11. use OC\Authentication\Token\IProvider;
  12. use OC\Authentication\Token\IToken;
  13. use OC\Authentication\Token\IWipeableToken;
  14. use OC\Authentication\Token\PublicKeyToken;
  15. use OC\Authentication\Token\RemoteWipe;
  16. use OCA\Settings\Controller\AuthSettingsController;
  17. use OCP\Activity\IEvent;
  18. use OCP\Activity\IManager;
  19. use OCP\AppFramework\Http\JSONResponse;
  20. use OCP\IRequest;
  21. use OCP\ISession;
  22. use OCP\IUserSession;
  23. use OCP\Security\ISecureRandom;
  24. use OCP\Session\Exceptions\SessionNotAvailableException;
  25. use PHPUnit\Framework\MockObject\MockObject;
  26. use Psr\Log\LoggerInterface;
  27. use Test\TestCase;
  28. class AuthSettingsControllerTest extends TestCase {
  29. /** @var AuthSettingsController */
  30. private $controller;
  31. /** @var IRequest|MockObject */
  32. private $request;
  33. /** @var IProvider|MockObject */
  34. private $tokenProvider;
  35. /** @var ISession|MockObject */
  36. private $session;
  37. /**@var IUserSession|MockObject */
  38. private $userSession;
  39. /** @var ISecureRandom|MockObject */
  40. private $secureRandom;
  41. /** @var IManager|MockObject */
  42. private $activityManager;
  43. /** @var RemoteWipe|MockObject */
  44. private $remoteWipe;
  45. private $uid = 'jane';
  46. protected function setUp(): void {
  47. parent::setUp();
  48. $this->request = $this->createMock(IRequest::class);
  49. $this->tokenProvider = $this->createMock(IProvider::class);
  50. $this->session = $this->createMock(ISession::class);
  51. $this->userSession = $this->createMock(IUserSession::class);
  52. $this->secureRandom = $this->createMock(ISecureRandom::class);
  53. $this->activityManager = $this->createMock(IManager::class);
  54. $this->remoteWipe = $this->createMock(RemoteWipe::class);
  55. /** @var LoggerInterface|MockObject $logger */
  56. $logger = $this->createMock(LoggerInterface::class);
  57. $this->controller = new AuthSettingsController(
  58. 'core',
  59. $this->request,
  60. $this->tokenProvider,
  61. $this->session,
  62. $this->secureRandom,
  63. $this->uid,
  64. $this->userSession,
  65. $this->activityManager,
  66. $this->remoteWipe,
  67. $logger
  68. );
  69. }
  70. public function testCreate() {
  71. $name = 'Nexus 4';
  72. $sessionToken = $this->createMock(IToken::class);
  73. $deviceToken = $this->createMock(IToken::class);
  74. $password = '123456';
  75. $this->session->expects($this->once())
  76. ->method('getId')
  77. ->willReturn('sessionid');
  78. $this->tokenProvider->expects($this->once())
  79. ->method('getToken')
  80. ->with('sessionid')
  81. ->willReturn($sessionToken);
  82. $this->tokenProvider->expects($this->once())
  83. ->method('getPassword')
  84. ->with($sessionToken, 'sessionid')
  85. ->willReturn($password);
  86. $sessionToken->expects($this->once())
  87. ->method('getLoginName')
  88. ->willReturn('User13');
  89. $this->secureRandom->expects($this->exactly(5))
  90. ->method('generate')
  91. ->with(5, ISecureRandom::CHAR_HUMAN_READABLE)
  92. ->willReturn('XXXXX');
  93. $newToken = 'XXXXX-XXXXX-XXXXX-XXXXX-XXXXX';
  94. $this->tokenProvider->expects($this->once())
  95. ->method('generateToken')
  96. ->with($newToken, $this->uid, 'User13', $password, $name, IToken::PERMANENT_TOKEN)
  97. ->willReturn($deviceToken);
  98. $deviceToken->expects($this->once())
  99. ->method('jsonSerialize')
  100. ->willReturn(['dummy' => 'dummy', 'canDelete' => true]);
  101. $this->mockActivityManager();
  102. $expected = [
  103. 'token' => $newToken,
  104. 'deviceToken' => ['dummy' => 'dummy', 'canDelete' => true, 'canRename' => true],
  105. 'loginName' => 'User13',
  106. ];
  107. $response = $this->controller->create($name);
  108. $this->assertInstanceOf(JSONResponse::class, $response);
  109. $this->assertEquals($expected, $response->getData());
  110. }
  111. public function testCreateSessionNotAvailable() {
  112. $name = 'personal phone';
  113. $this->session->expects($this->once())
  114. ->method('getId')
  115. ->will($this->throwException(new SessionNotAvailableException()));
  116. $expected = new JSONResponse();
  117. $expected->setStatus(Http::STATUS_SERVICE_UNAVAILABLE);
  118. $this->assertEquals($expected, $this->controller->create($name));
  119. }
  120. public function testCreateInvalidToken() {
  121. $name = 'Company IPhone';
  122. $this->session->expects($this->once())
  123. ->method('getId')
  124. ->willReturn('sessionid');
  125. $this->tokenProvider->expects($this->once())
  126. ->method('getToken')
  127. ->with('sessionid')
  128. ->will($this->throwException(new InvalidTokenException()));
  129. $expected = new JSONResponse();
  130. $expected->setStatus(Http::STATUS_SERVICE_UNAVAILABLE);
  131. $this->assertEquals($expected, $this->controller->create($name));
  132. }
  133. public function testDestroy() {
  134. $tokenId = 124;
  135. $token = $this->createMock(PublicKeyToken::class);
  136. $this->mockGetTokenById($tokenId, $token);
  137. $this->mockActivityManager();
  138. $token->expects($this->exactly(2))
  139. ->method('getId')
  140. ->willReturn($tokenId);
  141. $token->expects($this->once())
  142. ->method('getUID')
  143. ->willReturn('jane');
  144. $this->tokenProvider->expects($this->once())
  145. ->method('invalidateTokenById')
  146. ->with($this->uid, $tokenId);
  147. $this->assertEquals([], $this->controller->destroy($tokenId));
  148. }
  149. public function testDestroyExpired() {
  150. $tokenId = 124;
  151. $token = $this->createMock(PublicKeyToken::class);
  152. $token->expects($this->exactly(2))
  153. ->method('getId')
  154. ->willReturn($tokenId);
  155. $token->expects($this->once())
  156. ->method('getUID')
  157. ->willReturn($this->uid);
  158. $this->tokenProvider->expects($this->once())
  159. ->method('getTokenById')
  160. ->with($this->equalTo($tokenId))
  161. ->willThrowException(new ExpiredTokenException($token));
  162. $this->tokenProvider->expects($this->once())
  163. ->method('invalidateTokenById')
  164. ->with($this->uid, $tokenId);
  165. $this->assertSame([], $this->controller->destroy($tokenId));
  166. }
  167. public function testDestroyWrongUser() {
  168. $tokenId = 124;
  169. $token = $this->createMock(PublicKeyToken::class);
  170. $this->mockGetTokenById($tokenId, $token);
  171. $token->expects($this->once())
  172. ->method('getUID')
  173. ->willReturn('foobar');
  174. $response = $this->controller->destroy($tokenId);
  175. $this->assertSame([], $response->getData());
  176. $this->assertSame(\OCP\AppFramework\Http::STATUS_NOT_FOUND, $response->getStatus());
  177. }
  178. public function dataRenameToken(): array {
  179. return [
  180. 'App password => Other token name' => ['App password', 'Other token name'],
  181. 'Other token name => App password' => ['Other token name', 'App password'],
  182. ];
  183. }
  184. /**
  185. * @dataProvider dataRenameToken
  186. *
  187. * @param string $name
  188. * @param string $newName
  189. */
  190. public function testUpdateRename(string $name, string $newName): void {
  191. $tokenId = 42;
  192. $token = $this->createMock(PublicKeyToken::class);
  193. $this->mockGetTokenById($tokenId, $token);
  194. $this->mockActivityManager();
  195. $token->expects($this->once())
  196. ->method('getUID')
  197. ->willReturn('jane');
  198. $token->expects($this->once())
  199. ->method('getName')
  200. ->willReturn($name);
  201. $token->expects($this->once())
  202. ->method('getScopeAsArray')
  203. ->willReturn([IToken::SCOPE_FILESYSTEM => true]);
  204. $token->expects($this->once())
  205. ->method('setName')
  206. ->with($this->equalTo($newName));
  207. $this->tokenProvider->expects($this->once())
  208. ->method('updateToken')
  209. ->with($this->equalTo($token));
  210. $this->assertSame([], $this->controller->update($tokenId, [IToken::SCOPE_FILESYSTEM => true], $newName));
  211. }
  212. public function dataUpdateFilesystemScope(): array {
  213. return [
  214. 'Grant filesystem access' => [false, true],
  215. 'Revoke filesystem access' => [true, false],
  216. ];
  217. }
  218. /**
  219. * @dataProvider dataUpdateFilesystemScope
  220. *
  221. * @param bool $filesystem
  222. * @param bool $newFilesystem
  223. */
  224. public function testUpdateFilesystemScope(bool $filesystem, bool $newFilesystem): void {
  225. $tokenId = 42;
  226. $token = $this->createMock(PublicKeyToken::class);
  227. $this->mockGetTokenById($tokenId, $token);
  228. $this->mockActivityManager();
  229. $token->expects($this->once())
  230. ->method('getUID')
  231. ->willReturn('jane');
  232. $token->expects($this->once())
  233. ->method('getName')
  234. ->willReturn('App password');
  235. $token->expects($this->once())
  236. ->method('getScopeAsArray')
  237. ->willReturn([IToken::SCOPE_FILESYSTEM => $filesystem]);
  238. $token->expects($this->once())
  239. ->method('setScope')
  240. ->with($this->equalTo([IToken::SCOPE_FILESYSTEM => $newFilesystem]));
  241. $this->tokenProvider->expects($this->once())
  242. ->method('updateToken')
  243. ->with($this->equalTo($token));
  244. $this->assertSame([], $this->controller->update($tokenId, [IToken::SCOPE_FILESYSTEM => $newFilesystem], 'App password'));
  245. }
  246. public function testUpdateNoChange(): void {
  247. $tokenId = 42;
  248. $token = $this->createMock(PublicKeyToken::class);
  249. $this->mockGetTokenById($tokenId, $token);
  250. $token->expects($this->once())
  251. ->method('getUID')
  252. ->willReturn('jane');
  253. $token->expects($this->once())
  254. ->method('getName')
  255. ->willReturn('App password');
  256. $token->expects($this->once())
  257. ->method('getScopeAsArray')
  258. ->willReturn([IToken::SCOPE_FILESYSTEM => true]);
  259. $token->expects($this->never())
  260. ->method('setName');
  261. $token->expects($this->never())
  262. ->method('setScope');
  263. $this->tokenProvider->expects($this->once())
  264. ->method('updateToken')
  265. ->with($this->equalTo($token));
  266. $this->assertSame([], $this->controller->update($tokenId, [IToken::SCOPE_FILESYSTEM => true], 'App password'));
  267. }
  268. public function testUpdateExpired() {
  269. $tokenId = 42;
  270. $token = $this->createMock(PublicKeyToken::class);
  271. $token->expects($this->once())
  272. ->method('getUID')
  273. ->willReturn($this->uid);
  274. $this->tokenProvider->expects($this->once())
  275. ->method('getTokenById')
  276. ->with($this->equalTo($tokenId))
  277. ->willThrowException(new ExpiredTokenException($token));
  278. $this->tokenProvider->expects($this->once())
  279. ->method('updateToken')
  280. ->with($this->equalTo($token));
  281. $this->assertSame([], $this->controller->update($tokenId, [IToken::SCOPE_FILESYSTEM => true], 'App password'));
  282. }
  283. public function testUpdateTokenWrongUser() {
  284. $tokenId = 42;
  285. $token = $this->createMock(PublicKeyToken::class);
  286. $this->mockGetTokenById($tokenId, $token);
  287. $token->expects($this->once())
  288. ->method('getUID')
  289. ->willReturn('foobar');
  290. $token->expects($this->never())
  291. ->method('setScope');
  292. $this->tokenProvider->expects($this->never())
  293. ->method('updateToken');
  294. $response = $this->controller->update($tokenId, [IToken::SCOPE_FILESYSTEM => true], 'App password');
  295. $this->assertSame([], $response->getData());
  296. $this->assertSame(\OCP\AppFramework\Http::STATUS_NOT_FOUND, $response->getStatus());
  297. }
  298. public function testUpdateTokenNonExisting() {
  299. $this->tokenProvider->expects($this->once())
  300. ->method('getTokenById')
  301. ->with($this->equalTo(42))
  302. ->willThrowException(new InvalidTokenException('Token does not exist'));
  303. $this->tokenProvider->expects($this->never())
  304. ->method('updateToken');
  305. $response = $this->controller->update(42, [IToken::SCOPE_FILESYSTEM => true], 'App password');
  306. $this->assertSame([], $response->getData());
  307. $this->assertSame(\OCP\AppFramework\Http::STATUS_NOT_FOUND, $response->getStatus());
  308. }
  309. private function mockActivityManager(): void {
  310. $this->activityManager->expects($this->once())
  311. ->method('generateEvent')
  312. ->willReturn($this->createMock(IEvent::class));
  313. $this->activityManager->expects($this->once())
  314. ->method('publish');
  315. }
  316. /**
  317. * @param int $tokenId
  318. * @param $token
  319. */
  320. private function mockGetTokenById(int $tokenId, $token): void {
  321. $this->tokenProvider->expects($this->once())
  322. ->method('getTokenById')
  323. ->with($this->equalTo($tokenId))
  324. ->willReturn($token);
  325. }
  326. public function testRemoteWipeNotSuccessful(): void {
  327. $token = $this->createMock(IToken::class);
  328. $token->expects($this->once())
  329. ->method('getUID')
  330. ->willReturn($this->uid);
  331. $this->mockGetTokenById(123, $token);
  332. $this->remoteWipe->expects($this->once())
  333. ->method('markTokenForWipe')
  334. ->with($token)
  335. ->willReturn(false);
  336. $response = $this->controller->wipe(123);
  337. $expected = new JSONResponse([], Http::STATUS_BAD_REQUEST);
  338. $this->assertEquals($expected, $response);
  339. }
  340. public function testRemoteWipeWrongUser(): void {
  341. $token = $this->createMock(IToken::class);
  342. $token->expects($this->once())
  343. ->method('getUID')
  344. ->willReturn('definetly-not-' . $this->uid);
  345. $this->mockGetTokenById(123, $token);
  346. $this->remoteWipe->expects($this->never())
  347. ->method('markTokenForWipe');
  348. $response = $this->controller->wipe(123);
  349. $expected = new JSONResponse([], Http::STATUS_NOT_FOUND);
  350. $this->assertEquals($expected, $response);
  351. }
  352. public function testRemoteWipeSuccessful(): void {
  353. $token = $this->createMock(IWipeableToken::class);
  354. $token->expects($this->once())
  355. ->method('getUID')
  356. ->willReturn($this->uid);
  357. $this->mockGetTokenById(123, $token);
  358. $this->remoteWipe->expects($this->once())
  359. ->method('markTokenForWipe')
  360. ->with($token)
  361. ->willReturn(true);
  362. $response = $this->controller->wipe(123);
  363. $expected = new JSONResponse([]);
  364. $this->assertEquals($expected, $response);
  365. }
  366. }