ClientFlowLoginV2ControllerTest.php 9.7 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340
  1. <?php
  2. declare(strict_types=1);
  3. /**
  4. * @copyright Copyright (c) 2019, Roeland Jago Douma <roeland@famdouma.nl>
  5. *
  6. * @author Roeland Jago Douma <roeland@famdouma.nl>
  7. *
  8. * @license GNU AGPL version 3 or any later version
  9. *
  10. * This program is free software: you can redistribute it and/or modify
  11. * it under the terms of the GNU Affero General Public License as
  12. * published by the Free Software Foundation, either version 3 of the
  13. * License, or (at your option) any later version.
  14. *
  15. * This program is distributed in the hope that it will be useful,
  16. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  17. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  18. * GNU Affero General Public License for more details.
  19. *
  20. * You should have received a copy of the GNU Affero General Public License
  21. * along with this program. If not, see <http://www.gnu.org/licenses/>.
  22. *
  23. */
  24. namespace Test\Core\Controller;
  25. use OC\Core\Controller\ClientFlowLoginV2Controller;
  26. use OC\Core\Data\LoginFlowV2Credentials;
  27. use OC\Core\Db\LoginFlowV2;
  28. use OC\Core\Exception\LoginFlowV2NotFoundException;
  29. use OC\Core\Service\LoginFlowV2Service;
  30. use OCP\AppFramework\Http;
  31. use OCP\Defaults;
  32. use OCP\IL10N;
  33. use OCP\IRequest;
  34. use OCP\ISession;
  35. use OCP\IURLGenerator;
  36. use OCP\IUser;
  37. use OCP\IUserSession;
  38. use OCP\Security\ISecureRandom;
  39. use PHPUnit\Framework\MockObject\MockObject;
  40. use Test\TestCase;
  41. class ClientFlowLoginV2ControllerTest extends TestCase {
  42. /** @var IRequest|MockObject */
  43. private $request;
  44. /** @var LoginFlowV2Service|MockObject */
  45. private $loginFlowV2Service;
  46. /** @var IURLGenerator|MockObject */
  47. private $urlGenerator;
  48. /** @var ISession|MockObject */
  49. private $session;
  50. /** @var IUserSession|MockObject */
  51. private $userSession;
  52. /** @var ISecureRandom|MockObject */
  53. private $random;
  54. /** @var Defaults|MockObject */
  55. private $defaults;
  56. /** @var IL10N|MockObject */
  57. private $l;
  58. /** @var ClientFlowLoginV2Controller */
  59. private $controller;
  60. protected function setUp(): void {
  61. parent::setUp();
  62. $this->request = $this->createMock(IRequest::class);
  63. $this->loginFlowV2Service = $this->createMock(LoginFlowV2Service::class);
  64. $this->urlGenerator = $this->createMock(IURLGenerator::class);
  65. $this->session = $this->createMock(ISession::class);
  66. $this->userSession = $this->createMock(IUserSession::class);
  67. $this->random = $this->createMock(ISecureRandom::class);
  68. $this->defaults = $this->createMock(Defaults::class);
  69. $this->l = $this->createMock(IL10N::class);
  70. $this->controller = new ClientFlowLoginV2Controller(
  71. 'core',
  72. $this->request,
  73. $this->loginFlowV2Service,
  74. $this->urlGenerator,
  75. $this->session,
  76. $this->userSession,
  77. $this->random,
  78. $this->defaults,
  79. 'user',
  80. $this->l
  81. );
  82. }
  83. public function testPollInvalid() {
  84. $this->loginFlowV2Service->method('poll')
  85. ->with('token')
  86. ->willThrowException(new LoginFlowV2NotFoundException());
  87. $result = $this->controller->poll('token');
  88. $this->assertSame([], $result->getData());
  89. $this->assertSame(Http::STATUS_NOT_FOUND, $result->getStatus());
  90. }
  91. public function testPollValid() {
  92. $creds = new LoginFlowV2Credentials('server', 'login', 'pass');
  93. $this->loginFlowV2Service->method('poll')
  94. ->with('token')
  95. ->willReturn($creds);
  96. $result = $this->controller->poll('token');
  97. $this->assertSame($creds, $result->getData());
  98. $this->assertSame(Http::STATUS_OK, $result->getStatus());
  99. }
  100. public function testLandingInvalid() {
  101. $this->session->expects($this->never())
  102. ->method($this->anything());
  103. $this->loginFlowV2Service->method('startLoginFlow')
  104. ->with('token')
  105. ->willReturn(false);
  106. $result = $this->controller->landing('token');
  107. $this->assertSame(Http::STATUS_FORBIDDEN, $result->getStatus());
  108. $this->assertInstanceOf(Http\StandaloneTemplateResponse::class, $result);
  109. }
  110. public function testLandingValid() {
  111. $this->session->expects($this->once())
  112. ->method('set')
  113. ->with('client.flow.v2.login.token', 'token');
  114. $this->loginFlowV2Service->method('startLoginFlow')
  115. ->with('token')
  116. ->willReturn(true);
  117. $this->urlGenerator->method('linkToRouteAbsolute')
  118. ->with('core.ClientFlowLoginV2.showAuthPickerPage')
  119. ->willReturn('https://server/path');
  120. $result = $this->controller->landing('token');
  121. $this->assertInstanceOf(Http\RedirectResponse::class, $result);
  122. $this->assertSame(Http::STATUS_SEE_OTHER, $result->getStatus());
  123. $this->assertSame('https://server/path', $result->getRedirectURL());
  124. }
  125. public function testShowAuthPickerNoLoginToken() {
  126. $this->session->method('get')
  127. ->willReturn(null);
  128. $result = $this->controller->showAuthPickerPage();
  129. $this->assertSame(Http::STATUS_FORBIDDEN, $result->getStatus());
  130. }
  131. public function testShowAuthPickerInvalidLoginToken() {
  132. $this->session->method('get')
  133. ->with('client.flow.v2.login.token')
  134. ->willReturn('loginToken');
  135. $this->loginFlowV2Service->method('getByLoginToken')
  136. ->with('loginToken')
  137. ->willThrowException(new LoginFlowV2NotFoundException());
  138. $result = $this->controller->showAuthPickerPage();
  139. $this->assertSame(Http::STATUS_FORBIDDEN, $result->getStatus());
  140. }
  141. public function testShowAuthPickerValidLoginToken() {
  142. $this->session->method('get')
  143. ->with('client.flow.v2.login.token')
  144. ->willReturn('loginToken');
  145. $flow = new LoginFlowV2();
  146. $this->loginFlowV2Service->method('getByLoginToken')
  147. ->with('loginToken')
  148. ->willReturn($flow);
  149. $this->random->method('generate')
  150. ->with(64, ISecureRandom::CHAR_LOWER.ISecureRandom::CHAR_UPPER.ISecureRandom::CHAR_DIGITS)
  151. ->willReturn('random');
  152. $this->session->expects($this->once())
  153. ->method('set')
  154. ->with('client.flow.v2.state.token', 'random');
  155. $this->controller->showAuthPickerPage();
  156. }
  157. public function testGrantPageNoStateToken(): void {
  158. $result = $this->controller->grantPage(null);
  159. $this->assertSame(Http::STATUS_FORBIDDEN, $result->getStatus());
  160. }
  161. public function testGrantPageInvalidStateToken() {
  162. $this->session->method('get')
  163. ->willReturnCallback(function ($name) {
  164. return null;
  165. });
  166. $result = $this->controller->grantPage('stateToken');
  167. $this->assertSame(Http::STATUS_FORBIDDEN, $result->getStatus());
  168. }
  169. public function testGrantPageInvalidLoginToken() {
  170. $this->session->method('get')
  171. ->willReturnCallback(function ($name) {
  172. if ($name === 'client.flow.v2.state.token') {
  173. return 'stateToken';
  174. }
  175. if ($name === 'client.flow.v2.login.token') {
  176. return 'loginToken';
  177. }
  178. return null;
  179. });
  180. $this->loginFlowV2Service->method('getByLoginToken')
  181. ->with('loginToken')
  182. ->willThrowException(new LoginFlowV2NotFoundException());
  183. $result = $this->controller->grantPage('stateToken');
  184. $this->assertSame(Http::STATUS_FORBIDDEN, $result->getStatus());
  185. }
  186. public function testGrantPageValid() {
  187. $this->session->method('get')
  188. ->willReturnCallback(function ($name) {
  189. if ($name === 'client.flow.v2.state.token') {
  190. return 'stateToken';
  191. }
  192. if ($name === 'client.flow.v2.login.token') {
  193. return 'loginToken';
  194. }
  195. return null;
  196. });
  197. $user = $this->createMock(IUser::class);
  198. $user->method('getUID')
  199. ->willReturn('uid');
  200. $user->method('getDisplayName')
  201. ->willReturn('display name');
  202. $this->userSession->method('getUser')
  203. ->willReturn($user);
  204. $flow = new LoginFlowV2();
  205. $this->loginFlowV2Service->method('getByLoginToken')
  206. ->with('loginToken')
  207. ->willReturn($flow);
  208. $result = $this->controller->grantPage('stateToken');
  209. $this->assertSame(Http::STATUS_OK, $result->getStatus());
  210. }
  211. public function testGenerateAppPasswordInvalidStateToken() {
  212. $this->session->method('get')
  213. ->willReturnCallback(function ($name) {
  214. return null;
  215. });
  216. $result = $this->controller->generateAppPassword('stateToken');
  217. $this->assertSame(Http::STATUS_FORBIDDEN, $result->getStatus());
  218. }
  219. public function testGenerateAppPassworInvalidLoginToken() {
  220. $this->session->method('get')
  221. ->willReturnCallback(function ($name) {
  222. if ($name === 'client.flow.v2.state.token') {
  223. return 'stateToken';
  224. }
  225. if ($name === 'client.flow.v2.login.token') {
  226. return 'loginToken';
  227. }
  228. return null;
  229. });
  230. $this->loginFlowV2Service->method('getByLoginToken')
  231. ->with('loginToken')
  232. ->willThrowException(new LoginFlowV2NotFoundException());
  233. $result = $this->controller->generateAppPassword('stateToken');
  234. $this->assertSame(Http::STATUS_FORBIDDEN, $result->getStatus());
  235. }
  236. public function testGenerateAppPassworValid() {
  237. $this->session->method('get')
  238. ->willReturnCallback(function ($name) {
  239. if ($name === 'client.flow.v2.state.token') {
  240. return 'stateToken';
  241. }
  242. if ($name === 'client.flow.v2.login.token') {
  243. return 'loginToken';
  244. }
  245. return null;
  246. });
  247. $flow = new LoginFlowV2();
  248. $this->loginFlowV2Service->method('getByLoginToken')
  249. ->with('loginToken')
  250. ->willReturn($flow);
  251. $clearedState = false;
  252. $clearedLogin = false;
  253. $this->session->method('remove')
  254. ->willReturnCallback(function ($name) use (&$clearedLogin, &$clearedState) {
  255. if ($name === 'client.flow.v2.state.token') {
  256. $clearedState = true;
  257. }
  258. if ($name === 'client.flow.v2.login.token') {
  259. $clearedLogin = true;
  260. }
  261. });
  262. $this->session->method('getId')
  263. ->willReturn('sessionId');
  264. $this->loginFlowV2Service->expects($this->once())
  265. ->method('flowDone')
  266. ->with(
  267. 'loginToken',
  268. 'sessionId',
  269. 'https://server',
  270. 'user'
  271. )->willReturn(true);
  272. $this->request->method('getServerProtocol')
  273. ->willReturn('https');
  274. $this->request->method('getRequestUri')
  275. ->willReturn('/login/v2');
  276. $this->request->method('getServerHost')
  277. ->willReturn('server');
  278. $result = $this->controller->generateAppPassword('stateToken');
  279. $this->assertSame(Http::STATUS_OK, $result->getStatus());
  280. $this->assertTrue($clearedLogin);
  281. $this->assertTrue($clearedState);
  282. }
  283. }