1
0

SettingsControllerTest.php 5.6 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186
  1. <?php
  2. /**
  3. * SPDX-FileCopyrightText: 2017 Nextcloud GmbH and Nextcloud contributors
  4. * SPDX-License-Identifier: AGPL-3.0-or-later
  5. */
  6. namespace OCA\OAuth2\Tests\Controller;
  7. use OCA\OAuth2\Controller\SettingsController;
  8. use OCA\OAuth2\Db\AccessTokenMapper;
  9. use OCA\OAuth2\Db\Client;
  10. use OCA\OAuth2\Db\ClientMapper;
  11. use OCP\AppFramework\Http;
  12. use OCP\AppFramework\Http\JSONResponse;
  13. use OCP\Authentication\Token\IProvider as IAuthTokenProvider;
  14. use OCP\IL10N;
  15. use OCP\IRequest;
  16. use OCP\IUser;
  17. use OCP\IUserManager;
  18. use OCP\Security\ICrypto;
  19. use OCP\Security\ISecureRandom;
  20. use Test\TestCase;
  21. /**
  22. * @group DB
  23. */
  24. class SettingsControllerTest extends TestCase {
  25. /** @var IRequest|\PHPUnit\Framework\MockObject\MockObject */
  26. private $request;
  27. /** @var ClientMapper|\PHPUnit\Framework\MockObject\MockObject */
  28. private $clientMapper;
  29. /** @var ISecureRandom|\PHPUnit\Framework\MockObject\MockObject */
  30. private $secureRandom;
  31. /** @var AccessTokenMapper|\PHPUnit\Framework\MockObject\MockObject */
  32. private $accessTokenMapper;
  33. /** @var IAuthTokenProvider|\PHPUnit\Framework\MockObject\MockObject */
  34. private $authTokenProvider;
  35. /** @var IUserManager|\PHPUnit\Framework\MockObject\MockObject */
  36. private $userManager;
  37. /** @var SettingsController */
  38. private $settingsController;
  39. /** @var IL10N|\PHPUnit\Framework\MockObject\MockObject */
  40. private $l;
  41. /** @var ICrypto|\PHPUnit\Framework\MockObject\MockObject */
  42. private $crypto;
  43. protected function setUp(): void {
  44. parent::setUp();
  45. $this->request = $this->createMock(IRequest::class);
  46. $this->clientMapper = $this->createMock(ClientMapper::class);
  47. $this->secureRandom = $this->createMock(ISecureRandom::class);
  48. $this->accessTokenMapper = $this->createMock(AccessTokenMapper::class);
  49. $this->authTokenProvider = $this->createMock(IAuthTokenProvider::class);
  50. $this->userManager = $this->createMock(IUserManager::class);
  51. $this->crypto = $this->createMock(ICrypto::class);
  52. $this->l = $this->createMock(IL10N::class);
  53. $this->l->method('t')
  54. ->willReturnArgument(0);
  55. $this->settingsController = new SettingsController(
  56. 'oauth2',
  57. $this->request,
  58. $this->clientMapper,
  59. $this->secureRandom,
  60. $this->accessTokenMapper,
  61. $this->l,
  62. $this->authTokenProvider,
  63. $this->userManager,
  64. $this->crypto
  65. );
  66. }
  67. public function testAddClient(): void {
  68. $this->secureRandom
  69. ->expects($this->exactly(2))
  70. ->method('generate')
  71. ->with(64, 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789')
  72. ->willReturnOnConsecutiveCalls(
  73. 'MySecret',
  74. 'MyClientIdentifier');
  75. $this->crypto
  76. ->expects($this->once())
  77. ->method('calculateHMAC')
  78. ->willReturn('MyHashedSecret');
  79. $client = new Client();
  80. $client->setName('My Client Name');
  81. $client->setRedirectUri('https://example.com/');
  82. $client->setSecret(bin2hex('MyHashedSecret'));
  83. $client->setClientIdentifier('MyClientIdentifier');
  84. $this->clientMapper
  85. ->expects($this->once())
  86. ->method('insert')
  87. ->with($this->callback(function (Client $c) {
  88. return $c->getName() === 'My Client Name' &&
  89. $c->getRedirectUri() === 'https://example.com/' &&
  90. $c->getSecret() === bin2hex('MyHashedSecret') &&
  91. $c->getClientIdentifier() === 'MyClientIdentifier';
  92. }))->willReturnCallback(function (Client $c) {
  93. $c->setId(42);
  94. return $c;
  95. });
  96. $result = $this->settingsController->addClient('My Client Name', 'https://example.com/');
  97. $this->assertInstanceOf(JSONResponse::class, $result);
  98. $data = $result->getData();
  99. $this->assertEquals([
  100. 'id' => 42,
  101. 'name' => 'My Client Name',
  102. 'redirectUri' => 'https://example.com/',
  103. 'clientId' => 'MyClientIdentifier',
  104. 'clientSecret' => 'MySecret',
  105. ], $data);
  106. }
  107. public function testDeleteClient(): void {
  108. $userManager = \OC::$server->getUserManager();
  109. // count other users in the db before adding our own
  110. $count = 0;
  111. $function = function (IUser $user) use (&$count): void {
  112. if ($user->getLastLogin() > 0) {
  113. $count++;
  114. }
  115. };
  116. $userManager->callForAllUsers($function);
  117. $user1 = $userManager->createUser('test101', 'test101');
  118. $user1->updateLastLoginTimestamp();
  119. $tokenProviderMock = $this->getMockBuilder(IAuthTokenProvider::class)->getMock();
  120. // expect one call per user and ensure the correct client name
  121. $tokenProviderMock
  122. ->expects($this->exactly($count + 1))
  123. ->method('invalidateTokensOfUser')
  124. ->with($this->isType('string'), 'My Client Name');
  125. $client = new Client();
  126. $client->setId(123);
  127. $client->setName('My Client Name');
  128. $client->setRedirectUri('https://example.com/');
  129. $client->setSecret(bin2hex('MyHashedSecret'));
  130. $client->setClientIdentifier('MyClientIdentifier');
  131. $this->clientMapper
  132. ->method('getByUid')
  133. ->with(123)
  134. ->willReturn($client);
  135. $this->accessTokenMapper
  136. ->expects($this->once())
  137. ->method('deleteByClientId')
  138. ->with(123);
  139. $this->clientMapper
  140. ->expects($this->once())
  141. ->method('delete')
  142. ->with($client);
  143. $settingsController = new SettingsController(
  144. 'oauth2',
  145. $this->request,
  146. $this->clientMapper,
  147. $this->secureRandom,
  148. $this->accessTokenMapper,
  149. $this->l,
  150. $tokenProviderMock,
  151. $userManager,
  152. $this->crypto
  153. );
  154. $result = $settingsController->deleteClient(123);
  155. $this->assertInstanceOf(JSONResponse::class, $result);
  156. $this->assertEquals([], $result->getData());
  157. $user1->delete();
  158. }
  159. public function testInvalidRedirectUri(): void {
  160. $result = $this->settingsController->addClient('test', 'invalidurl');
  161. $this->assertEquals(Http::STATUS_BAD_REQUEST, $result->getStatus());
  162. $this->assertSame(['message' => 'Your redirect URL needs to be a full URL for example: https://yourdomain.com/path'], $result->getData());
  163. }
  164. }