123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407 |
- <?php
- /**
- * @author Konrad Abicht <hi@inspirito.de>
- *
- * @copyright Copyright (c) 2021, Konrad Abicht <hi@inspirito.de>
- * @license AGPL-3.0
- *
- * This code is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License, version 3,
- * as published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License, version 3,
- * along with this program. If not, see <http://www.gnu.org/licenses/>
- *
- */
- namespace Tests\Core\Data;
- use Exception;
- use OC\Authentication\Exceptions\InvalidTokenException;
- use OC\Authentication\Token\IProvider;
- use OC\Authentication\Token\IToken;
- use OC\Core\Data\LoginFlowV2Credentials;
- use OC\Core\Data\LoginFlowV2Tokens;
- use OC\Core\Db\LoginFlowV2Mapper;
- use OC\Core\Db\LoginFlowV2;
- use OC\Core\Exception\LoginFlowV2NotFoundException;
- use OC\Core\Service\LoginFlowV2Service;
- use OCP\AppFramework\Db\DoesNotExistException;
- use OCP\AppFramework\Utility\ITimeFactory;
- use OCP\IConfig;
- use OCP\Security\ICrypto;
- use OCP\Security\ISecureRandom;
- use PHPUnit\Framework\MockObject\MockObject;
- use Psr\Log\LoggerInterface;
- use Test\TestCase;
- /**
- * Unit tests for \OC\Core\Service\LoginFlowV2Service
- */
- class LoginFlowV2ServiceUnitTest extends TestCase {
- /** @var \OCP\IConfig */
- private $config;
- /** @var \OCP\Security\ICrypto */
- private $crypto;
- /** @var LoggerInterface|MockObject */
- private $logger;
- /** @var \OC\Core\Db\LoginFlowV2Mapper */
- private $mapper;
- /** @var \OCP\Security\ISecureRandom */
- private $secureRandom;
- /** @var \OC\Core\Service\LoginFlowV2Service */
- private $subjectUnderTest;
- /** @var \OCP\AppFramework\Utility\ITimeFactory */
- private $timeFactory;
- /** @var \OC\Authentication\Token\IProvider */
- private $tokenProvider;
- public function setUp(): void {
- parent::setUp();
- $this->setupSubjectUnderTest();
- }
- /**
- * Setup subject under test with mocked constructor arguments.
- *
- * Code was moved to separate function to keep setUp function small and clear.
- */
- private function setupSubjectUnderTest(): void {
- $this->config = $this->getMockBuilder(IConfig::class)
- ->disableOriginalConstructor()->getMock();
- $this->crypto = $this->getMockBuilder(ICrypto::class)
- ->disableOriginalConstructor()->getMock();
- $this->mapper = $this->getMockBuilder(LoginFlowV2Mapper::class)
- ->disableOriginalConstructor()->getMock();
- $this->logger = $this->getMockBuilder(LoggerInterface::class)
- ->disableOriginalConstructor()->getMock();
- $this->tokenProvider = $this->getMockBuilder(IProvider::class)
- ->disableOriginalConstructor()->getMock();
- $this->secureRandom = $this->getMockBuilder(ISecureRandom::class)
- ->disableOriginalConstructor()->getMock();
- $this->timeFactory = $this->getMockBuilder(ITimeFactory::class)
- ->disableOriginalConstructor()->getMock();
- $this->subjectUnderTest = new LoginFlowV2Service(
- $this->mapper,
- $this->secureRandom,
- $this->timeFactory,
- $this->config,
- $this->crypto,
- $this->logger,
- $this->tokenProvider
- );
- }
- /**
- * Generates for a given password required OpenSSL parts.
- *
- * @return array Array contains encrypted password, private key and public key.
- */
- private function getOpenSSLEncryptedPublicAndPrivateKey(string $appPassword): array {
- // Create the private and public key
- $res = openssl_pkey_new([
- 'digest_alg' => 'md5', // take fast algorithm for testing purposes
- 'private_key_bits' => 512,
- 'private_key_type' => OPENSSL_KEYTYPE_RSA,
- ]);
- // Extract the private key from $res
- openssl_pkey_export($res, $privateKey);
- // Extract the public key from $res
- $publicKey = openssl_pkey_get_details($res);
- $publicKey = $publicKey['key'];
- // Encrypt the data to $encrypted using the public key
- openssl_public_encrypt($appPassword, $encrypted, $publicKey, OPENSSL_PKCS1_OAEP_PADDING);
- return [$encrypted, $privateKey, $publicKey];
- }
- /*
- * Tests for poll
- */
- public function testPollApptokenCouldNotBeDecrypted() {
- $this->expectException(LoginFlowV2NotFoundException::class);
- $this->expectExceptionMessage('Apptoken could not be decrypted');
- /*
- * Cannot be mocked, because functions like getLoginName are magic functions.
- * To be able to set internal properties, we have to use the real class here.
- */
- $loginFlowV2 = new LoginFlowV2();
- $loginFlowV2->setLoginName('test');
- $loginFlowV2->setServer('test');
- $loginFlowV2->setAppPassword('test');
- $loginFlowV2->setPrivateKey('test');
- $this->mapper->expects($this->once())
- ->method('getByPollToken')
- ->willReturn($loginFlowV2);
- $this->subjectUnderTest->poll('');
- }
- public function testPollInvalidToken() {
- $this->expectException(LoginFlowV2NotFoundException::class);
- $this->expectExceptionMessage('Invalid token');
- $this->mapper->expects($this->once())
- ->method('getByPollToken')
- ->willThrowException(new DoesNotExistException(''));
- $this->subjectUnderTest->poll('');
- }
- public function testPollTokenNotYetReady() {
- $this->expectException(LoginFlowV2NotFoundException::class);
- $this->expectExceptionMessage('Token not yet ready');
- $this->subjectUnderTest->poll('');
- }
- public function testPollRemoveDataFromDb() {
- [$encrypted, $privateKey] = $this->getOpenSSLEncryptedPublicAndPrivateKey('test_pass');
- $this->crypto->expects($this->once())
- ->method('decrypt')
- ->willReturn($privateKey);
- /*
- * Cannot be mocked, because functions like getLoginName are magic functions.
- * To be able to set internal properties, we have to use the real class here.
- */
- $loginFlowV2 = new LoginFlowV2();
- $loginFlowV2->setLoginName('test_login');
- $loginFlowV2->setServer('test_server');
- $loginFlowV2->setAppPassword(base64_encode($encrypted));
- $loginFlowV2->setPrivateKey($privateKey);
- $this->mapper->expects($this->once())
- ->method('delete')
- ->with($this->equalTo($loginFlowV2));
- $this->mapper->expects($this->once())
- ->method('getByPollToken')
- ->willReturn($loginFlowV2);
- $credentials = $this->subjectUnderTest->poll('');
- $this->assertTrue($credentials instanceof LoginFlowV2Credentials);
- $this->assertEquals(
- [
- 'server' => 'test_server',
- 'loginName' => 'test_login',
- 'appPassword' => 'test_pass',
- ],
- $credentials->jsonSerialize()
- );
- }
- /*
- * Tests for getByLoginToken
- */
- public function testGetByLoginToken() {
- $loginFlowV2 = new LoginFlowV2();
- $loginFlowV2->setLoginName('test_login');
- $loginFlowV2->setServer('test_server');
- $loginFlowV2->setAppPassword('test');
- $this->mapper->expects($this->once())
- ->method('getByLoginToken')
- ->willReturn($loginFlowV2);
- $result = $this->subjectUnderTest->getByLoginToken('test_token');
- $this->assertTrue($result instanceof LoginFlowV2);
- $this->assertEquals('test_server', $result->getServer());
- $this->assertEquals('test_login', $result->getLoginName());
- $this->assertEquals('test', $result->getAppPassword());
- }
- public function testGetByLoginTokenLoginTokenInvalid() {
- $this->expectException(LoginFlowV2NotFoundException::class);
- $this->expectExceptionMessage('Login token invalid');
- $this->mapper->expects($this->once())
- ->method('getByLoginToken')
- ->willThrowException(new DoesNotExistException(''));
- $this->subjectUnderTest->getByLoginToken('test_token');
- }
- /*
- * Tests for startLoginFlow
- */
- public function testStartLoginFlow() {
- $loginFlowV2 = new LoginFlowV2();
- $this->mapper->expects($this->once())
- ->method('getByLoginToken')
- ->willReturn($loginFlowV2);
- $this->mapper->expects($this->once())
- ->method('update');
- $this->assertTrue($this->subjectUnderTest->startLoginFlow('test_token'));
- }
- public function testStartLoginFlowDoesNotExistException() {
- $this->mapper->expects($this->once())
- ->method('getByLoginToken')
- ->willThrowException(new DoesNotExistException(''));
- $this->assertFalse($this->subjectUnderTest->startLoginFlow('test_token'));
- }
- /**
- * If an exception not of type DoesNotExistException is thrown,
- * it is expected that it is not being handled by startLoginFlow.
- */
- public function testStartLoginFlowException() {
- $this->expectException(Exception::class);
- $this->mapper->expects($this->once())
- ->method('getByLoginToken')
- ->willThrowException(new Exception(''));
- $this->subjectUnderTest->startLoginFlow('test_token');
- }
- /*
- * Tests for flowDone
- */
- public function testFlowDone() {
- [,, $publicKey] = $this->getOpenSSLEncryptedPublicAndPrivateKey('test_pass');
- $loginFlowV2 = new LoginFlowV2();
- $loginFlowV2->setPublicKey($publicKey);
- $loginFlowV2->setClientName('client_name');
- $this->mapper->expects($this->once())
- ->method('getByLoginToken')
- ->willReturn($loginFlowV2);
- $this->mapper->expects($this->once())
- ->method('update');
- $this->secureRandom->expects($this->once())
- ->method('generate')
- ->with(72, ISecureRandom::CHAR_UPPER.ISecureRandom::CHAR_LOWER.ISecureRandom::CHAR_DIGITS)
- ->willReturn('test_pass');
- // session token
- $sessionToken = $this->getMockBuilder(IToken::class)->disableOriginalConstructor()->getMock();
- $sessionToken->expects($this->once())
- ->method('getLoginName')
- ->willReturn('login_name');
- $this->tokenProvider->expects($this->once())
- ->method('getPassword')
- ->willReturn('test_pass');
- $this->tokenProvider->expects($this->once())
- ->method('getToken')
- ->willReturn($sessionToken);
- $this->tokenProvider->expects($this->once())
- ->method('generateToken')
- ->with(
- 'test_pass',
- 'user_id',
- 'login_name',
- 'test_pass',
- 'client_name',
- IToken::PERMANENT_TOKEN,
- IToken::DO_NOT_REMEMBER
- );
- $result = $this->subjectUnderTest->flowDone(
- 'login_token',
- 'session_id',
- 'server',
- 'user_id'
- );
- $this->assertTrue($result);
- // app password is encrypted and must look like:
- // ZACZOOzxTpKz4+KXL5kZ/gCK0xvkaVi/8yzupAn6Ui6+5qCSKvfPKGgeDRKs0sivvSLzk/XSp811SZCZmH0Y3g==
- $this->assertRegExp('/[a-zA-Z\/0-9+=]+/', $loginFlowV2->getAppPassword());
- $this->assertEquals('server', $loginFlowV2->getServer());
- }
- public function testFlowDoneDoesNotExistException() {
- $this->mapper->expects($this->once())
- ->method('getByLoginToken')
- ->willThrowException(new DoesNotExistException(''));
- $result = $this->subjectUnderTest->flowDone(
- 'login_token',
- 'session_id',
- 'server',
- 'user_id'
- );
- $this->assertFalse($result);
- }
- public function testFlowDonePasswordlessTokenException() {
- $this->tokenProvider->expects($this->once())
- ->method('getToken')
- ->willThrowException(new InvalidTokenException(''));
- $result = $this->subjectUnderTest->flowDone(
- 'login_token',
- 'session_id',
- 'server',
- 'user_id'
- );
- $this->assertFalse($result);
- }
- /*
- * Tests for createTokens
- */
- public function testCreateTokens() {
- $this->config->expects($this->exactly(2))
- ->method('getSystemValue')
- ->willReturn($this->returnCallback(function ($key) {
- // Note: \OCP\IConfig::getSystemValue returns either an array or string.
- return 'openssl' == $key ? [] : '';
- }));
- $this->mapper->expects($this->once())
- ->method('insert');
- $this->secureRandom->expects($this->exactly(2))
- ->method('generate');
- $token = $this->subjectUnderTest->createTokens('user_agent');
- $this->assertTrue($token instanceof LoginFlowV2Tokens);
- }
- }
|