ContentSecurityPolicyNonceManagerTest.php 2.3 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081
  1. <?php
  2. declare(strict_types=1);
  3. /**
  4. * @copyright Copyright (c) 2016 Lukas Reschke <lukas@statuscode.ch>
  5. *
  6. * @license GNU AGPL version 3 or any later version
  7. *
  8. * This program is free software: you can redistribute it and/or modify
  9. * it under the terms of the GNU Affero General Public License as
  10. * published by the Free Software Foundation, either version 3 of the
  11. * License, or (at your option) any later version.
  12. *
  13. * This program is distributed in the hope that it will be useful,
  14. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  15. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  16. * GNU Affero General Public License for more details.
  17. *
  18. * You should have received a copy of the GNU Affero General Public License
  19. * along with this program. If not, see <http://www.gnu.org/licenses/>.
  20. *
  21. */
  22. namespace Test\Security\CSP;
  23. use OC\AppFramework\Http\Request;
  24. use OC\Security\CSP\ContentSecurityPolicyNonceManager;
  25. use OC\Security\CSRF\CsrfToken;
  26. use OC\Security\CSRF\CsrfTokenManager;
  27. use Test\TestCase;
  28. class ContentSecurityPolicyNonceManagerTest extends TestCase {
  29. /** @var CsrfTokenManager */
  30. private $csrfTokenManager;
  31. /** @var Request */
  32. private $request;
  33. /** @var ContentSecurityPolicyNonceManager */
  34. private $nonceManager;
  35. protected function setUp(): void {
  36. $this->csrfTokenManager = $this->createMock(CsrfTokenManager::class);
  37. $this->request = $this->createMock(Request::class);
  38. $this->nonceManager = new ContentSecurityPolicyNonceManager(
  39. $this->csrfTokenManager,
  40. $this->request
  41. );
  42. }
  43. public function testGetNonce() {
  44. $token = $this->createMock(CsrfToken::class);
  45. $token
  46. ->expects($this->once())
  47. ->method('getEncryptedValue')
  48. ->willReturn('MyToken');
  49. $this->csrfTokenManager
  50. ->expects($this->once())
  51. ->method('getToken')
  52. ->willReturn($token);
  53. $this->assertSame('TXlUb2tlbg==', $this->nonceManager->getNonce());
  54. $this->assertSame('TXlUb2tlbg==', $this->nonceManager->getNonce());
  55. }
  56. public function testGetNonceServerVar() {
  57. $token = 'SERVERNONCE';
  58. $this->request
  59. ->method('__isset')
  60. ->with('server')
  61. ->willReturn(true);
  62. $this->request
  63. ->method('__get')
  64. ->with('server')
  65. ->willReturn(['CSP_NONCE' => $token]);
  66. $this->assertSame($token, $this->nonceManager->getNonce());
  67. $this->assertSame($token, $this->nonceManager->getNonce());
  68. }
  69. }