SessionTest.php 46 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196119711981199120012011202120312041205120612071208120912101211121212131214121512161217121812191220122112221223122412251226122712281229123012311232123312341235123612371238123912401241124212431244124512461247124812491250125112521253125412551256125712581259126012611262126312641265126612671268126912701271127212731274127512761277127812791280128112821283128412851286128712881289129012911292129312941295129612971298129913001301130213031304130513061307130813091310131113121313131413151316131713181319132013211322132313241325132613271328132913301331133213331334133513361337133813391340134113421343134413451346134713481349135013511352135313541355135613571358135913601361136213631364136513661367
  1. <?php
  2. /**
  3. * Copyright (c) 2013 Robin Appelman <icewind@owncloud.com>
  4. * This file is licensed under the Affero General Public License version 3 or
  5. * later.
  6. * See the COPYING-README file.
  7. */
  8. namespace Test\User;
  9. use OC\AppFramework\Http\Request;
  10. use OC\Authentication\Token\DefaultTokenMapper;
  11. use OC\Authentication\Token\DefaultTokenProvider;
  12. use OC\Authentication\Token\IProvider;
  13. use OC\Authentication\Token\IToken;
  14. use OC\Security\Bruteforce\Throttler;
  15. use OC\Session\Memory;
  16. use OC\User\Manager;
  17. use OC\User\Session;
  18. use OC\User\User;
  19. use OCA\DAV\Connector\Sabre\Auth;
  20. use OCP\AppFramework\Utility\ITimeFactory;
  21. use OCP\IConfig;
  22. use OCP\ILogger;
  23. use OCP\IRequest;
  24. use OCP\ISession;
  25. use OCP\IUser;
  26. use OCP\Lockdown\ILockdownManager;
  27. use OCP\Security\ICrypto;
  28. use OCP\Security\ISecureRandom;
  29. /**
  30. * @group DB
  31. * @package Test\User
  32. */
  33. class SessionTest extends \Test\TestCase {
  34. /** @var ITimeFactory|\PHPUnit_Framework_MockObject_MockObject */
  35. private $timeFactory;
  36. /** @var DefaultTokenProvider|\PHPUnit_Framework_MockObject_MockObject */
  37. protected $tokenProvider;
  38. /** @var IConfig|\PHPUnit_Framework_MockObject_MockObject */
  39. private $config;
  40. /** @var Throttler|\PHPUnit_Framework_MockObject_MockObject */
  41. private $throttler;
  42. /** @var ISecureRandom|\PHPUnit_Framework_MockObject_MockObject */
  43. private $random;
  44. /** @var Manager|\PHPUnit_Framework_MockObject_MockObject */
  45. private $manager;
  46. /** @var ISession|\PHPUnit_Framework_MockObject_MockObject */
  47. private $session;
  48. /** @var Session|\PHPUnit_Framework_MockObject_MockObject */
  49. private $userSession;
  50. /** @var ILockdownManager|\PHPUnit_Framework_MockObject_MockObject */
  51. private $lockdownManager;
  52. /** @var ILogger|\PHPUnit_Framework_MockObject_MockObject */
  53. private $logger;
  54. protected function setUp() {
  55. parent::setUp();
  56. $this->timeFactory = $this->createMock(ITimeFactory::class);
  57. $this->timeFactory->expects($this->any())
  58. ->method('getTime')
  59. ->will($this->returnValue(10000));
  60. $this->tokenProvider = $this->createMock(IProvider::class);
  61. $this->config = $this->createMock(IConfig::class);
  62. $this->throttler = $this->createMock(Throttler::class);
  63. $this->random = $this->createMock(ISecureRandom::class);
  64. $this->manager = $this->createMock(Manager::class);
  65. $this->session = $this->createMock(ISession::class);
  66. $this->lockdownManager = $this->createMock(ILockdownManager::class);
  67. $this->logger = $this->createMock(ILogger::class);
  68. $this->userSession = $this->getMockBuilder(Session::class)
  69. ->setConstructorArgs([
  70. $this->manager,
  71. $this->session,
  72. $this->timeFactory,
  73. $this->tokenProvider,
  74. $this->config,
  75. $this->random,
  76. $this->lockdownManager,
  77. $this->logger,
  78. ])
  79. ->setMethods([
  80. 'setMagicInCookie',
  81. ])
  82. ->getMock();
  83. \OC_User::setIncognitoMode(false);
  84. }
  85. public function testGetUser() {
  86. $token = new \OC\Authentication\Token\DefaultToken();
  87. $token->setLoginName('User123');
  88. $token->setLastCheck(200);
  89. $expectedUser = $this->createMock(IUser::class);
  90. $expectedUser->expects($this->any())
  91. ->method('getUID')
  92. ->will($this->returnValue('user123'));
  93. $session = $this->getMockBuilder(Memory::class)->setConstructorArgs([''])->getMock();
  94. $session->expects($this->at(0))
  95. ->method('get')
  96. ->with('user_id')
  97. ->will($this->returnValue($expectedUser->getUID()));
  98. $sessionId = 'abcdef12345';
  99. $manager = $this->getMockBuilder('\OC\User\Manager')
  100. ->disableOriginalConstructor()
  101. ->getMock();
  102. $session->expects($this->at(1))
  103. ->method('get')
  104. ->with('app_password')
  105. ->will($this->returnValue(null)); // No password set -> browser session
  106. $session->expects($this->once())
  107. ->method('getId')
  108. ->will($this->returnValue($sessionId));
  109. $this->tokenProvider->expects($this->once())
  110. ->method('getToken')
  111. ->with($sessionId)
  112. ->will($this->returnValue($token));
  113. $this->tokenProvider->expects($this->once())
  114. ->method('getPassword')
  115. ->with($token, $sessionId)
  116. ->will($this->returnValue('passme'));
  117. $manager->expects($this->once())
  118. ->method('checkPassword')
  119. ->with('User123', 'passme')
  120. ->will($this->returnValue(true));
  121. $expectedUser->expects($this->once())
  122. ->method('isEnabled')
  123. ->will($this->returnValue(true));
  124. $this->tokenProvider->expects($this->once())
  125. ->method('updateTokenActivity')
  126. ->with($token);
  127. $manager->expects($this->once())
  128. ->method('get')
  129. ->with($expectedUser->getUID())
  130. ->will($this->returnValue($expectedUser));
  131. $userSession = new \OC\User\Session($manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random, $this->lockdownManager, $this->logger);
  132. $user = $userSession->getUser();
  133. $this->assertSame($expectedUser, $user);
  134. $this->assertSame(10000, $token->getLastCheck());
  135. }
  136. public function isLoggedInData() {
  137. return [
  138. [true],
  139. [false],
  140. ];
  141. }
  142. /**
  143. * @dataProvider isLoggedInData
  144. */
  145. public function testIsLoggedIn($isLoggedIn) {
  146. $session = $this->getMockBuilder(Memory::class)->setConstructorArgs([''])->getMock();
  147. $manager = $this->createMock(Manager::class);
  148. $userSession = $this->getMockBuilder(Session::class)
  149. ->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random, $this->lockdownManager, $this->logger])
  150. ->setMethods([
  151. 'getUser'
  152. ])
  153. ->getMock();
  154. $user = new User('sepp', null);
  155. $userSession->expects($this->once())
  156. ->method('getUser')
  157. ->will($this->returnValue($isLoggedIn ? $user : null));
  158. $this->assertEquals($isLoggedIn, $userSession->isLoggedIn());
  159. }
  160. public function testSetUser() {
  161. $session = $this->getMockBuilder(Memory::class)->setConstructorArgs([''])->getMock();
  162. $session->expects($this->once())
  163. ->method('set')
  164. ->with('user_id', 'foo');
  165. $manager = $this->createMock(Manager::class);
  166. $backend = $this->createMock(\Test\Util\User\Dummy::class);
  167. $user = $this->getMockBuilder(User::class)->setConstructorArgs(['foo', $backend])->getMock();
  168. $user->expects($this->once())
  169. ->method('getUID')
  170. ->will($this->returnValue('foo'));
  171. $userSession = new \OC\User\Session($manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random, $this->lockdownManager, $this->logger);
  172. $userSession->setUser($user);
  173. }
  174. public function testLoginValidPasswordEnabled() {
  175. $session = $this->getMockBuilder(Memory::class)->setConstructorArgs([''])->getMock();
  176. $session->expects($this->once())
  177. ->method('regenerateId');
  178. $this->tokenProvider->expects($this->once())
  179. ->method('getToken')
  180. ->with('bar')
  181. ->will($this->throwException(new \OC\Authentication\Exceptions\InvalidTokenException()));
  182. $session->expects($this->exactly(2))
  183. ->method('set')
  184. ->with($this->callback(function ($key) {
  185. switch ($key) {
  186. case 'user_id':
  187. case 'loginname':
  188. return true;
  189. break;
  190. default:
  191. return false;
  192. break;
  193. }
  194. }, 'foo'));
  195. $managerMethods = get_class_methods(Manager::class);
  196. //keep following methods intact in order to ensure hooks are working
  197. $mockedManagerMethods = array_diff($managerMethods, ['__construct', 'emit', 'listen']);
  198. $manager = $this->getMockBuilder(Manager::class)
  199. ->setMethods($mockedManagerMethods)
  200. ->setConstructorArgs([$this->config])
  201. ->getMock();
  202. $backend = $this->createMock(\Test\Util\User\Dummy::class);
  203. $user = $this->getMockBuilder(User::class)->setConstructorArgs(['foo', $backend])->getMock();
  204. $user->expects($this->any())
  205. ->method('isEnabled')
  206. ->will($this->returnValue(true));
  207. $user->expects($this->any())
  208. ->method('getUID')
  209. ->will($this->returnValue('foo'));
  210. $user->expects($this->once())
  211. ->method('updateLastLoginTimestamp');
  212. $manager->expects($this->once())
  213. ->method('checkPasswordNoLogging')
  214. ->with('foo', 'bar')
  215. ->will($this->returnValue($user));
  216. $userSession = $this->getMockBuilder(Session::class)
  217. ->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random, $this->lockdownManager, $this->logger])
  218. ->setMethods([
  219. 'prepareUserLogin'
  220. ])
  221. ->getMock();
  222. $userSession->expects($this->once())
  223. ->method('prepareUserLogin');
  224. $userSession->login('foo', 'bar');
  225. $this->assertEquals($user, $userSession->getUser());
  226. }
  227. /**
  228. * @expectedException \OC\User\LoginException
  229. */
  230. public function testLoginValidPasswordDisabled() {
  231. $session = $this->getMockBuilder(Memory::class)->setConstructorArgs([''])->getMock();
  232. $session->expects($this->never())
  233. ->method('set');
  234. $session->expects($this->once())
  235. ->method('regenerateId');
  236. $this->tokenProvider->expects($this->once())
  237. ->method('getToken')
  238. ->with('bar')
  239. ->will($this->throwException(new \OC\Authentication\Exceptions\InvalidTokenException()));
  240. $managerMethods = get_class_methods(\OC\User\Manager::class);
  241. //keep following methods intact in order to ensure hooks are working
  242. $mockedManagerMethods = array_diff($managerMethods, ['__construct', 'emit', 'listen']);
  243. $manager = $this->getMockBuilder(Manager::class)
  244. ->setMethods($mockedManagerMethods)
  245. ->setConstructorArgs([$this->config])
  246. ->getMock();
  247. $backend = $this->createMock(\Test\Util\User\Dummy::class);
  248. $user = $this->getMockBuilder(User::class)->setConstructorArgs(['foo', $backend])->getMock();
  249. $user->expects($this->any())
  250. ->method('isEnabled')
  251. ->will($this->returnValue(false));
  252. $user->expects($this->never())
  253. ->method('updateLastLoginTimestamp');
  254. $manager->expects($this->once())
  255. ->method('checkPasswordNoLogging')
  256. ->with('foo', 'bar')
  257. ->will($this->returnValue($user));
  258. $userSession = new \OC\User\Session($manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random, $this->lockdownManager, $this->logger);
  259. $userSession->login('foo', 'bar');
  260. }
  261. public function testLoginInvalidPassword() {
  262. $session = $this->getMockBuilder(Memory::class)->setConstructorArgs([''])->getMock();
  263. $managerMethods = get_class_methods(\OC\User\Manager::class);
  264. //keep following methods intact in order to ensure hooks are working
  265. $mockedManagerMethods = array_diff($managerMethods, ['__construct', 'emit', 'listen']);
  266. $manager = $this->getMockBuilder(Manager::class)
  267. ->setMethods($mockedManagerMethods)
  268. ->setConstructorArgs([$this->config])
  269. ->getMock();
  270. $backend = $this->createMock(\Test\Util\User\Dummy::class);
  271. $userSession = new \OC\User\Session($manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random, $this->lockdownManager, $this->logger);
  272. $user = $this->getMockBuilder(User::class)->setConstructorArgs(['foo', $backend])->getMock();
  273. $session->expects($this->never())
  274. ->method('set');
  275. $session->expects($this->once())
  276. ->method('regenerateId');
  277. $this->tokenProvider->expects($this->once())
  278. ->method('getToken')
  279. ->with('bar')
  280. ->will($this->throwException(new \OC\Authentication\Exceptions\InvalidTokenException()));
  281. $user->expects($this->never())
  282. ->method('isEnabled');
  283. $user->expects($this->never())
  284. ->method('updateLastLoginTimestamp');
  285. $manager->expects($this->once())
  286. ->method('checkPasswordNoLogging')
  287. ->with('foo', 'bar')
  288. ->will($this->returnValue(false));
  289. $userSession->login('foo', 'bar');
  290. }
  291. public function testLoginNonExisting() {
  292. $session = $this->getMockBuilder(Memory::class)->setConstructorArgs([''])->getMock();
  293. $manager = $this->createMock(Manager::class);
  294. $userSession = new \OC\User\Session($manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random, $this->lockdownManager, $this->logger);
  295. $session->expects($this->never())
  296. ->method('set');
  297. $session->expects($this->once())
  298. ->method('regenerateId');
  299. $this->tokenProvider->expects($this->once())
  300. ->method('getToken')
  301. ->with('bar')
  302. ->will($this->throwException(new \OC\Authentication\Exceptions\InvalidTokenException()));
  303. $manager->expects($this->once())
  304. ->method('checkPasswordNoLogging')
  305. ->with('foo', 'bar')
  306. ->will($this->returnValue(false));
  307. $userSession->login('foo', 'bar');
  308. }
  309. /**
  310. * When using a device token, the loginname must match the one that was used
  311. * when generating the token on the browser.
  312. */
  313. public function testLoginWithDifferentTokenLoginName() {
  314. $session = $this->getMockBuilder(Memory::class)->setConstructorArgs([''])->getMock();
  315. $manager = $this->createMock(Manager::class);
  316. $userSession = new \OC\User\Session($manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random, $this->lockdownManager, $this->logger);
  317. $username = 'user123';
  318. $token = new \OC\Authentication\Token\DefaultToken();
  319. $token->setLoginName($username);
  320. $session->expects($this->never())
  321. ->method('set');
  322. $session->expects($this->once())
  323. ->method('regenerateId');
  324. $this->tokenProvider->expects($this->once())
  325. ->method('getToken')
  326. ->with('bar')
  327. ->will($this->returnValue($token));
  328. $manager->expects($this->once())
  329. ->method('checkPasswordNoLogging')
  330. ->with('foo', 'bar')
  331. ->will($this->returnValue(false));
  332. $userSession->login('foo', 'bar');
  333. }
  334. /**
  335. * @expectedException \OC\Authentication\Exceptions\PasswordLoginForbiddenException
  336. */
  337. public function testLogClientInNoTokenPasswordWith2fa() {
  338. $manager = $this->createMock(Manager::class);
  339. $session = $this->createMock(ISession::class);
  340. $request = $this->createMock(IRequest::class);
  341. /** @var \OC\User\Session $userSession */
  342. $userSession = $this->getMockBuilder(Session::class)
  343. ->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random, $this->lockdownManager, $this->logger])
  344. ->setMethods(['login', 'supportsCookies', 'createSessionToken', 'getUser'])
  345. ->getMock();
  346. $this->tokenProvider->expects($this->once())
  347. ->method('getToken')
  348. ->with('doe')
  349. ->will($this->throwException(new \OC\Authentication\Exceptions\InvalidTokenException()));
  350. $this->config->expects($this->once())
  351. ->method('getSystemValue')
  352. ->with('token_auth_enforced', false)
  353. ->will($this->returnValue(true));
  354. $request
  355. ->expects($this->any())
  356. ->method('getRemoteAddress')
  357. ->willReturn('192.168.0.1');
  358. $this->throttler
  359. ->expects($this->once())
  360. ->method('sleepDelay')
  361. ->with('192.168.0.1');
  362. $this->throttler
  363. ->expects($this->any())
  364. ->method('getDelay')
  365. ->with('192.168.0.1')
  366. ->willReturn(0);
  367. $userSession->logClientIn('john', 'doe', $request, $this->throttler);
  368. }
  369. public function testLogClientInUnexist() {
  370. $manager = $this->createMock(Manager::class);
  371. $session = $this->createMock(ISession::class);
  372. $request = $this->createMock(IRequest::class);
  373. /** @var Session $userSession */
  374. $userSession = $this->getMockBuilder(Session::class)
  375. ->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random, $this->lockdownManager, $this->logger])
  376. ->setMethods(['login', 'supportsCookies', 'createSessionToken', 'getUser'])
  377. ->getMock();
  378. $this->tokenProvider->expects($this->once())
  379. ->method('getToken')
  380. ->with('doe')
  381. ->will($this->throwException(new \OC\Authentication\Exceptions\InvalidTokenException()));
  382. $this->config->expects($this->once())
  383. ->method('getSystemValue')
  384. ->with('token_auth_enforced', false)
  385. ->will($this->returnValue(false));
  386. $manager->method('getByEmail')
  387. ->with('unexist')
  388. ->willReturn([]);
  389. $this->assertFalse($userSession->logClientIn('unexist', 'doe', $request, $this->throttler));
  390. }
  391. public function testLogClientInWithTokenPassword() {
  392. $manager = $this->createMock(Manager::class);
  393. $session = $this->createMock(ISession::class);
  394. $request = $this->createMock(IRequest::class);
  395. /** @var \OC\User\Session $userSession */
  396. $userSession = $this->getMockBuilder(Session::class)
  397. ->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random, $this->lockdownManager, $this->logger])
  398. ->setMethods(['isTokenPassword', 'login', 'supportsCookies', 'createSessionToken', 'getUser'])
  399. ->getMock();
  400. $userSession->expects($this->once())
  401. ->method('isTokenPassword')
  402. ->will($this->returnValue(true));
  403. $userSession->expects($this->once())
  404. ->method('login')
  405. ->with('john', 'I-AM-AN-APP-PASSWORD')
  406. ->will($this->returnValue(true));
  407. $session->expects($this->once())
  408. ->method('set')
  409. ->with('app_password', 'I-AM-AN-APP-PASSWORD');
  410. $request
  411. ->expects($this->any())
  412. ->method('getRemoteAddress')
  413. ->willReturn('192.168.0.1');
  414. $this->throttler
  415. ->expects($this->once())
  416. ->method('sleepDelay')
  417. ->with('192.168.0.1');
  418. $this->throttler
  419. ->expects($this->any())
  420. ->method('getDelay')
  421. ->with('192.168.0.1')
  422. ->willReturn(0);
  423. $this->assertTrue($userSession->logClientIn('john', 'I-AM-AN-APP-PASSWORD', $request, $this->throttler));
  424. }
  425. /**
  426. * @expectedException \OC\Authentication\Exceptions\PasswordLoginForbiddenException
  427. */
  428. public function testLogClientInNoTokenPasswordNo2fa() {
  429. $manager = $this->createMock(Manager::class);
  430. $session = $this->createMock(ISession::class);
  431. $request = $this->createMock(IRequest::class);
  432. /** @var \OC\User\Session $userSession */
  433. $userSession = $this->getMockBuilder(Session::class)
  434. ->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random, $this->lockdownManager, $this->logger])
  435. ->setMethods(['login', 'isTwoFactorEnforced'])
  436. ->getMock();
  437. $this->tokenProvider->expects($this->once())
  438. ->method('getToken')
  439. ->with('doe')
  440. ->will($this->throwException(new \OC\Authentication\Exceptions\InvalidTokenException()));
  441. $this->config->expects($this->once())
  442. ->method('getSystemValue')
  443. ->with('token_auth_enforced', false)
  444. ->will($this->returnValue(false));
  445. $userSession->expects($this->once())
  446. ->method('isTwoFactorEnforced')
  447. ->with('john')
  448. ->will($this->returnValue(true));
  449. $request
  450. ->expects($this->any())
  451. ->method('getRemoteAddress')
  452. ->willReturn('192.168.0.1');
  453. $this->throttler
  454. ->expects($this->once())
  455. ->method('sleepDelay')
  456. ->with('192.168.0.1');
  457. $this->throttler
  458. ->expects($this->any())
  459. ->method('getDelay')
  460. ->with('192.168.0.1')
  461. ->willReturn(0);
  462. $userSession->logClientIn('john', 'doe', $request, $this->throttler);
  463. }
  464. public function testRememberLoginValidToken() {
  465. $session = $this->getMockBuilder(Memory::class)->setConstructorArgs([''])->getMock();
  466. $managerMethods = get_class_methods(\OC\User\Manager::class);
  467. //keep following methods intact in order to ensure hooks are working
  468. $mockedManagerMethods = array_diff($managerMethods, ['__construct', 'emit', 'listen']);
  469. $manager = $this->getMockBuilder(Manager::class)
  470. ->setMethods($mockedManagerMethods)
  471. ->setConstructorArgs([$this->config])
  472. ->getMock();
  473. $userSession = $this->getMockBuilder(Session::class)
  474. //override, otherwise tests will fail because of setcookie()
  475. ->setMethods(['setMagicInCookie', 'setLoginName'])
  476. ->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random, $this->lockdownManager, $this->logger])
  477. ->getMock();
  478. $user = $this->createMock(IUser::class);
  479. $token = 'goodToken';
  480. $oldSessionId = 'sess321';
  481. $sessionId = 'sess123';
  482. $session->expects($this->once())
  483. ->method('regenerateId');
  484. $manager->expects($this->once())
  485. ->method('get')
  486. ->with('foo')
  487. ->will($this->returnValue($user));
  488. $this->config->expects($this->once())
  489. ->method('getUserKeys')
  490. ->with('foo', 'login_token')
  491. ->will($this->returnValue([$token]));
  492. $this->config->expects($this->once())
  493. ->method('deleteUserValue')
  494. ->with('foo', 'login_token', $token);
  495. $this->random->expects($this->once())
  496. ->method('generate')
  497. ->with(32)
  498. ->will($this->returnValue('abcdefg123456'));
  499. $this->config->expects($this->once())
  500. ->method('setUserValue')
  501. ->with('foo', 'login_token', 'abcdefg123456', 10000);
  502. $session->expects($this->once())
  503. ->method('getId')
  504. ->will($this->returnValue($sessionId));
  505. $this->tokenProvider->expects($this->once())
  506. ->method('renewSessionToken')
  507. ->with($oldSessionId, $sessionId)
  508. ->will($this->returnValue(true));
  509. $tokenObject = $this->createMock(IToken::class);
  510. $tokenObject->expects($this->once())
  511. ->method('getLoginName')
  512. ->willReturn('foobar');
  513. $tokenObject->method('getId')
  514. ->willReturn(42);
  515. $this->tokenProvider->expects($this->once())
  516. ->method('getToken')
  517. ->with($sessionId)
  518. ->willReturn($tokenObject);
  519. $user->expects($this->any())
  520. ->method('getUID')
  521. ->will($this->returnValue('foo'));
  522. $userSession->expects($this->once())
  523. ->method('setMagicInCookie');
  524. $user->expects($this->once())
  525. ->method('updateLastLoginTimestamp');
  526. $setUID = false;
  527. $session
  528. ->method('set')
  529. ->will($this->returnCallback(function ($k, $v) use (&$setUID) {
  530. if ($k === 'user_id' && $v === 'foo') {
  531. $setUID = true;
  532. }
  533. }));
  534. $userSession->expects($this->once())
  535. ->method('setLoginName')
  536. ->willReturn('foobar');
  537. $granted = $userSession->loginWithCookie('foo', $token, $oldSessionId);
  538. $this->assertTrue($setUID);
  539. $this->assertTrue($granted);
  540. }
  541. public function testRememberLoginInvalidSessionToken() {
  542. $session = $this->getMockBuilder(Memory::class)->setConstructorArgs([''])->getMock();
  543. $managerMethods = get_class_methods(\OC\User\Manager::class);
  544. //keep following methods intact in order to ensure hooks are working
  545. $mockedManagerMethods = array_diff($managerMethods, ['__construct', 'emit', 'listen']);
  546. $manager = $this->getMockBuilder(Manager::class)
  547. ->setMethods($mockedManagerMethods)
  548. ->setConstructorArgs([$this->config])
  549. ->getMock();
  550. $userSession = $this->getMockBuilder(Session::class)
  551. //override, otherwise tests will fail because of setcookie()
  552. ->setMethods(['setMagicInCookie'])
  553. ->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random, $this->lockdownManager, $this->logger])
  554. ->getMock();
  555. $user = $this->createMock(IUser::class);
  556. $token = 'goodToken';
  557. $oldSessionId = 'sess321';
  558. $sessionId = 'sess123';
  559. $session->expects($this->once())
  560. ->method('regenerateId');
  561. $manager->expects($this->once())
  562. ->method('get')
  563. ->with('foo')
  564. ->will($this->returnValue($user));
  565. $this->config->expects($this->once())
  566. ->method('getUserKeys')
  567. ->with('foo', 'login_token')
  568. ->will($this->returnValue([$token]));
  569. $this->config->expects($this->once())
  570. ->method('deleteUserValue')
  571. ->with('foo', 'login_token', $token);
  572. $this->config->expects($this->once())
  573. ->method('setUserValue'); // TODO: mock new random value
  574. $session->expects($this->once())
  575. ->method('getId')
  576. ->will($this->returnValue($sessionId));
  577. $this->tokenProvider->expects($this->once())
  578. ->method('renewSessionToken')
  579. ->with($oldSessionId, $sessionId)
  580. ->will($this->throwException(new \OC\Authentication\Exceptions\InvalidTokenException()));
  581. $user->expects($this->never())
  582. ->method('getUID')
  583. ->will($this->returnValue('foo'));
  584. $userSession->expects($this->never())
  585. ->method('setMagicInCookie');
  586. $user->expects($this->never())
  587. ->method('updateLastLoginTimestamp');
  588. $session->expects($this->never())
  589. ->method('set')
  590. ->with('user_id', 'foo');
  591. $granted = $userSession->loginWithCookie('foo', $token, $oldSessionId);
  592. $this->assertFalse($granted);
  593. }
  594. public function testRememberLoginInvalidToken() {
  595. $session = $this->getMockBuilder(Memory::class)->setConstructorArgs([''])->getMock();
  596. $managerMethods = get_class_methods(\OC\User\Manager::class);
  597. //keep following methods intact in order to ensure hooks are working
  598. $mockedManagerMethods = array_diff($managerMethods, ['__construct', 'emit', 'listen']);
  599. $manager = $this->getMockBuilder(Manager::class)
  600. ->setMethods($mockedManagerMethods)
  601. ->setConstructorArgs([$this->config])
  602. ->getMock();
  603. $userSession = $this->getMockBuilder(Session::class)
  604. //override, otherwise tests will fail because of setcookie()
  605. ->setMethods(['setMagicInCookie'])
  606. ->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random, $this->lockdownManager, $this->logger])
  607. ->getMock();
  608. $user = $this->createMock(IUser::class);
  609. $token = 'goodToken';
  610. $oldSessionId = 'sess321';
  611. $session->expects($this->once())
  612. ->method('regenerateId');
  613. $manager->expects($this->once())
  614. ->method('get')
  615. ->with('foo')
  616. ->will($this->returnValue($user));
  617. $this->config->expects($this->once())
  618. ->method('getUserKeys')
  619. ->with('foo', 'login_token')
  620. ->will($this->returnValue(['anothertoken']));
  621. $this->config->expects($this->never())
  622. ->method('deleteUserValue')
  623. ->with('foo', 'login_token', $token);
  624. $this->tokenProvider->expects($this->never())
  625. ->method('renewSessionToken');
  626. $userSession->expects($this->never())
  627. ->method('setMagicInCookie');
  628. $user->expects($this->never())
  629. ->method('updateLastLoginTimestamp');
  630. $session->expects($this->never())
  631. ->method('set')
  632. ->with('user_id', 'foo');
  633. $granted = $userSession->loginWithCookie('foo', $token, $oldSessionId);
  634. $this->assertFalse($granted);
  635. }
  636. public function testRememberLoginInvalidUser() {
  637. $session = $this->getMockBuilder(Memory::class)->setConstructorArgs([''])->getMock();
  638. $managerMethods = get_class_methods(\OC\User\Manager::class);
  639. //keep following methods intact in order to ensure hooks are working
  640. $mockedManagerMethods = array_diff($managerMethods, ['__construct', 'emit', 'listen']);
  641. $manager = $this->getMockBuilder(Manager::class)
  642. ->setMethods($mockedManagerMethods)
  643. ->setConstructorArgs([$this->config])
  644. ->getMock();
  645. $userSession = $this->getMockBuilder(Session::class)
  646. //override, otherwise tests will fail because of setcookie()
  647. ->setMethods(['setMagicInCookie'])
  648. ->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random, $this->lockdownManager, $this->logger])
  649. ->getMock();
  650. $token = 'goodToken';
  651. $oldSessionId = 'sess321';
  652. $session->expects($this->once())
  653. ->method('regenerateId');
  654. $manager->expects($this->once())
  655. ->method('get')
  656. ->with('foo')
  657. ->will($this->returnValue(null));
  658. $this->config->expects($this->never())
  659. ->method('getUserKeys')
  660. ->with('foo', 'login_token')
  661. ->will($this->returnValue(['anothertoken']));
  662. $this->tokenProvider->expects($this->never())
  663. ->method('renewSessionToken');
  664. $userSession->expects($this->never())
  665. ->method('setMagicInCookie');
  666. $session->expects($this->never())
  667. ->method('set')
  668. ->with('user_id', 'foo');
  669. $granted = $userSession->loginWithCookie('foo', $token, $oldSessionId);
  670. $this->assertFalse($granted);
  671. }
  672. public function testActiveUserAfterSetSession() {
  673. $users = array(
  674. 'foo' => new User('foo', null),
  675. 'bar' => new User('bar', null)
  676. );
  677. $manager = $this->getMockBuilder('\OC\User\Manager')
  678. ->disableOriginalConstructor()
  679. ->getMock();
  680. $manager->expects($this->any())
  681. ->method('get')
  682. ->will($this->returnCallback(function ($uid) use ($users) {
  683. return $users[$uid];
  684. }));
  685. $session = new Memory('');
  686. $session->set('user_id', 'foo');
  687. $userSession = $this->getMockBuilder(Session::class)
  688. ->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random, $this->lockdownManager, $this->logger])
  689. ->setMethods([
  690. 'validateSession'
  691. ])
  692. ->getMock();
  693. $userSession->expects($this->any())
  694. ->method('validateSession');
  695. $this->assertEquals($users['foo'], $userSession->getUser());
  696. $session2 = new Memory('');
  697. $session2->set('user_id', 'bar');
  698. $userSession->setSession($session2);
  699. $this->assertEquals($users['bar'], $userSession->getUser());
  700. }
  701. public function testCreateSessionToken() {
  702. $manager = $this->createMock(Manager::class);
  703. $session = $this->createMock(ISession::class);
  704. $user = $this->createMock(IUser::class);
  705. $userSession = new \OC\User\Session($manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random, $this->lockdownManager, $this->logger);
  706. $random = $this->createMock(ISecureRandom::class);
  707. $config = $this->createMock(IConfig::class);
  708. $csrf = $this->getMockBuilder('\OC\Security\CSRF\CsrfTokenManager')
  709. ->disableOriginalConstructor()
  710. ->getMock();
  711. $request = new \OC\AppFramework\Http\Request([
  712. 'server' => [
  713. 'HTTP_USER_AGENT' => 'Firefox',
  714. ]
  715. ], $random, $config, $csrf);
  716. $uid = 'user123';
  717. $loginName = 'User123';
  718. $password = 'passme';
  719. $sessionId = 'abcxyz';
  720. $manager->expects($this->once())
  721. ->method('get')
  722. ->with($uid)
  723. ->will($this->returnValue($user));
  724. $session->expects($this->once())
  725. ->method('getId')
  726. ->will($this->returnValue($sessionId));
  727. $this->tokenProvider->expects($this->once())
  728. ->method('getToken')
  729. ->with($password)
  730. ->will($this->throwException(new \OC\Authentication\Exceptions\InvalidTokenException()));
  731. $this->tokenProvider->expects($this->once())
  732. ->method('generateToken')
  733. ->with($sessionId, $uid, $loginName, $password, 'Firefox', IToken::TEMPORARY_TOKEN, IToken::DO_NOT_REMEMBER);
  734. $this->assertTrue($userSession->createSessionToken($request, $uid, $loginName, $password));
  735. }
  736. public function testCreateRememberedSessionToken() {
  737. $manager = $this->createMock(Manager::class);
  738. $session = $this->createMock(ISession::class);
  739. $user = $this->createMock(IUser::class);
  740. $userSession = new \OC\User\Session($manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random, $this->lockdownManager, $this->logger);
  741. $random = $this->createMock(ISecureRandom::class);
  742. $config = $this->createMock(IConfig::class);
  743. $csrf = $this->getMockBuilder('\OC\Security\CSRF\CsrfTokenManager')
  744. ->disableOriginalConstructor()
  745. ->getMock();
  746. $request = new \OC\AppFramework\Http\Request([
  747. 'server' => [
  748. 'HTTP_USER_AGENT' => 'Firefox',
  749. ]
  750. ], $random, $config, $csrf);
  751. $uid = 'user123';
  752. $loginName = 'User123';
  753. $password = 'passme';
  754. $sessionId = 'abcxyz';
  755. $manager->expects($this->once())
  756. ->method('get')
  757. ->with($uid)
  758. ->will($this->returnValue($user));
  759. $session->expects($this->once())
  760. ->method('getId')
  761. ->will($this->returnValue($sessionId));
  762. $this->tokenProvider->expects($this->once())
  763. ->method('getToken')
  764. ->with($password)
  765. ->will($this->throwException(new \OC\Authentication\Exceptions\InvalidTokenException()));
  766. $this->tokenProvider->expects($this->once())
  767. ->method('generateToken')
  768. ->with($sessionId, $uid, $loginName, $password, 'Firefox', IToken::TEMPORARY_TOKEN, IToken::REMEMBER);
  769. $this->assertTrue($userSession->createSessionToken($request, $uid, $loginName, $password, true));
  770. }
  771. public function testCreateSessionTokenWithTokenPassword() {
  772. $manager = $this->getMockBuilder('\OC\User\Manager')
  773. ->disableOriginalConstructor()
  774. ->getMock();
  775. $session = $this->createMock(ISession::class);
  776. $token = $this->createMock(IToken::class);
  777. $user = $this->createMock(IUser::class);
  778. $userSession = new \OC\User\Session($manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random, $this->lockdownManager, $this->logger);
  779. $random = $this->createMock(ISecureRandom::class);
  780. $config = $this->createMock(IConfig::class);
  781. $csrf = $this->getMockBuilder('\OC\Security\CSRF\CsrfTokenManager')
  782. ->disableOriginalConstructor()
  783. ->getMock();
  784. $request = new \OC\AppFramework\Http\Request([
  785. 'server' => [
  786. 'HTTP_USER_AGENT' => 'Firefox',
  787. ]
  788. ], $random, $config, $csrf);
  789. $uid = 'user123';
  790. $loginName = 'User123';
  791. $password = 'iamatoken';
  792. $realPassword = 'passme';
  793. $sessionId = 'abcxyz';
  794. $manager->expects($this->once())
  795. ->method('get')
  796. ->with($uid)
  797. ->will($this->returnValue($user));
  798. $session->expects($this->once())
  799. ->method('getId')
  800. ->will($this->returnValue($sessionId));
  801. $this->tokenProvider->expects($this->once())
  802. ->method('getToken')
  803. ->with($password)
  804. ->will($this->returnValue($token));
  805. $this->tokenProvider->expects($this->once())
  806. ->method('getPassword')
  807. ->with($token, $password)
  808. ->will($this->returnValue($realPassword));
  809. $this->tokenProvider->expects($this->once())
  810. ->method('generateToken')
  811. ->with($sessionId, $uid, $loginName, $realPassword, 'Firefox', IToken::TEMPORARY_TOKEN, IToken::DO_NOT_REMEMBER);
  812. $this->assertTrue($userSession->createSessionToken($request, $uid, $loginName, $password));
  813. }
  814. public function testCreateSessionTokenWithNonExistentUser() {
  815. $manager = $this->getMockBuilder('\OC\User\Manager')
  816. ->disableOriginalConstructor()
  817. ->getMock();
  818. $session = $this->createMock(ISession::class);
  819. $userSession = new \OC\User\Session($manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random, $this->lockdownManager, $this->logger);
  820. $request = $this->createMock(IRequest::class);
  821. $uid = 'user123';
  822. $loginName = 'User123';
  823. $password = 'passme';
  824. $manager->expects($this->once())
  825. ->method('get')
  826. ->with($uid)
  827. ->will($this->returnValue(null));
  828. $this->assertFalse($userSession->createSessionToken($request, $uid, $loginName, $password));
  829. }
  830. /**
  831. * @expectedException \OC\User\LoginException
  832. */
  833. public function testTryTokenLoginWithDisabledUser() {
  834. $manager = $this->getMockBuilder('\OC\User\Manager')
  835. ->disableOriginalConstructor()
  836. ->getMock();
  837. $session = new Memory('');
  838. $token = new \OC\Authentication\Token\DefaultToken();
  839. $token->setLoginName('fritz');
  840. $token->setUid('fritz0');
  841. $token->setLastCheck(100); // Needs check
  842. $user = $this->createMock(IUser::class);
  843. $userSession = $this->getMockBuilder(Session::class)
  844. ->setMethods(['logout'])
  845. ->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random, $this->lockdownManager, $this->logger])
  846. ->getMock();
  847. $request = $this->createMock(IRequest::class);
  848. $request->expects($this->once())
  849. ->method('getHeader')
  850. ->with('Authorization')
  851. ->will($this->returnValue('Bearer xxxxx'));
  852. $this->tokenProvider->expects($this->once())
  853. ->method('getToken')
  854. ->with('xxxxx')
  855. ->will($this->returnValue($token));
  856. $manager->expects($this->once())
  857. ->method('get')
  858. ->with('fritz0')
  859. ->will($this->returnValue($user));
  860. $user->expects($this->once())
  861. ->method('isEnabled')
  862. ->will($this->returnValue(false));
  863. $userSession->tryTokenLogin($request);
  864. }
  865. public function testValidateSessionDisabledUser() {
  866. $userManager = $this->createMock(Manager::class);
  867. $session = $this->createMock(ISession::class);
  868. $timeFactory = $this->createMock(ITimeFactory::class);
  869. $tokenProvider = $this->createMock(IProvider::class);
  870. $userSession = $this->getMockBuilder(Session::class)
  871. ->setConstructorArgs([$userManager, $session, $timeFactory, $tokenProvider, $this->config, $this->random, $this->lockdownManager, $this->logger])
  872. ->setMethods(['logout'])
  873. ->getMock();
  874. $user = $this->createMock(IUser::class);
  875. $token = new \OC\Authentication\Token\DefaultToken();
  876. $token->setLoginName('susan');
  877. $token->setLastCheck(20);
  878. $session->expects($this->once())
  879. ->method('get')
  880. ->with('app_password')
  881. ->will($this->returnValue('APP-PASSWORD'));
  882. $tokenProvider->expects($this->once())
  883. ->method('getToken')
  884. ->with('APP-PASSWORD')
  885. ->will($this->returnValue($token));
  886. $timeFactory->expects($this->once())
  887. ->method('getTime')
  888. ->will($this->returnValue(1000)); // more than 5min since last check
  889. $tokenProvider->expects($this->once())
  890. ->method('getPassword')
  891. ->with($token, 'APP-PASSWORD')
  892. ->will($this->returnValue('123456'));
  893. $userManager->expects($this->once())
  894. ->method('checkPassword')
  895. ->with('susan', '123456')
  896. ->will($this->returnValue(true));
  897. $user->expects($this->once())
  898. ->method('isEnabled')
  899. ->will($this->returnValue(false));
  900. $tokenProvider->expects($this->once())
  901. ->method('invalidateToken')
  902. ->with('APP-PASSWORD');
  903. $userSession->expects($this->once())
  904. ->method('logout');
  905. $userSession->setUser($user);
  906. $this->invokePrivate($userSession, 'validateSession');
  907. }
  908. public function testValidateSessionNoPassword() {
  909. $userManager = $this->createMock(Manager::class);
  910. $session = $this->createMock(ISession::class);
  911. $timeFactory = $this->createMock(ITimeFactory::class);
  912. $tokenProvider = $this->createMock(IProvider::class);
  913. $userSession = $this->getMockBuilder(Session::class)
  914. ->setConstructorArgs([$userManager, $session, $timeFactory, $tokenProvider, $this->config, $this->random, $this->lockdownManager, $this->logger])
  915. ->setMethods(['logout'])
  916. ->getMock();
  917. $user = $this->createMock(IUser::class);
  918. $token = new \OC\Authentication\Token\DefaultToken();
  919. $token->setLastCheck(20);
  920. $session->expects($this->once())
  921. ->method('get')
  922. ->with('app_password')
  923. ->will($this->returnValue('APP-PASSWORD'));
  924. $tokenProvider->expects($this->once())
  925. ->method('getToken')
  926. ->with('APP-PASSWORD')
  927. ->will($this->returnValue($token));
  928. $timeFactory->expects($this->once())
  929. ->method('getTime')
  930. ->will($this->returnValue(1000)); // more than 5min since last check
  931. $tokenProvider->expects($this->once())
  932. ->method('getPassword')
  933. ->with($token, 'APP-PASSWORD')
  934. ->will($this->throwException(new \OC\Authentication\Exceptions\PasswordlessTokenException()));
  935. $this->invokePrivate($userSession, 'validateSession', [$user]);
  936. $this->assertEquals(1000, $token->getLastCheck());
  937. }
  938. public function testUpdateSessionTokenPassword() {
  939. $userManager = $this->createMock(Manager::class);
  940. $session = $this->createMock(ISession::class);
  941. $timeFactory = $this->createMock(ITimeFactory::class);
  942. $tokenProvider = $this->createMock(IProvider::class);
  943. $userSession = new \OC\User\Session($userManager, $session, $timeFactory, $tokenProvider, $this->config, $this->random, $this->lockdownManager, $this->logger);
  944. $password = '123456';
  945. $sessionId = 'session1234';
  946. $token = new \OC\Authentication\Token\DefaultToken();
  947. $session->expects($this->once())
  948. ->method('getId')
  949. ->will($this->returnValue($sessionId));
  950. $tokenProvider->expects($this->once())
  951. ->method('getToken')
  952. ->with($sessionId)
  953. ->will($this->returnValue($token));
  954. $tokenProvider->expects($this->once())
  955. ->method('setPassword')
  956. ->with($token, $sessionId, $password);
  957. $userSession->updateSessionTokenPassword($password);
  958. }
  959. public function testUpdateSessionTokenPasswordNoSessionAvailable() {
  960. $userManager = $this->createMock(Manager::class);
  961. $session = $this->createMock(ISession::class);
  962. $timeFactory = $this->createMock(ITimeFactory::class);
  963. $tokenProvider = $this->createMock(IProvider::class);
  964. $userSession = new \OC\User\Session($userManager, $session, $timeFactory, $tokenProvider, $this->config, $this->random, $this->lockdownManager, $this->logger);
  965. $session->expects($this->once())
  966. ->method('getId')
  967. ->will($this->throwException(new \OCP\Session\Exceptions\SessionNotAvailableException()));
  968. $userSession->updateSessionTokenPassword('1234');
  969. }
  970. public function testUpdateSessionTokenPasswordInvalidTokenException() {
  971. $userManager = $this->createMock(Manager::class);
  972. $session = $this->createMock(ISession::class);
  973. $timeFactory = $this->createMock(ITimeFactory::class);
  974. $tokenProvider = $this->createMock(IProvider::class);
  975. $userSession = new \OC\User\Session($userManager, $session, $timeFactory, $tokenProvider, $this->config, $this->random, $this->lockdownManager, $this->logger);
  976. $password = '123456';
  977. $sessionId = 'session1234';
  978. $token = new \OC\Authentication\Token\DefaultToken();
  979. $session->expects($this->once())
  980. ->method('getId')
  981. ->will($this->returnValue($sessionId));
  982. $tokenProvider->expects($this->once())
  983. ->method('getToken')
  984. ->with($sessionId)
  985. ->will($this->returnValue($token));
  986. $tokenProvider->expects($this->once())
  987. ->method('setPassword')
  988. ->with($token, $sessionId, $password)
  989. ->will($this->throwException(new \OC\Authentication\Exceptions\InvalidTokenException()));
  990. $userSession->updateSessionTokenPassword($password);
  991. }
  992. public function testUpdateAuthTokenLastCheck() {
  993. $manager = $this->createMock(Manager::class);
  994. $session = $this->createMock(ISession::class);
  995. $request = $this->createMock(IRequest::class);
  996. $token = new \OC\Authentication\Token\DefaultToken();
  997. $token->setUid('john');
  998. $token->setLoginName('john');
  999. $token->setLastActivity(100);
  1000. $token->setLastCheck(100);
  1001. $mapper = $this->getMockBuilder(DefaultTokenMapper::class)
  1002. ->disableOriginalConstructor()
  1003. ->getMock();
  1004. $crypto = $this->createMock(ICrypto::class);
  1005. $logger = $this->createMock(ILogger::class);
  1006. $tokenProvider = new DefaultTokenProvider($mapper, $crypto, $this->config, $logger, $this->timeFactory);
  1007. /** @var \OC\User\Session $userSession */
  1008. $userSession = new Session($manager, $session, $this->timeFactory, $tokenProvider, $this->config, $this->random, $this->lockdownManager, $this->logger);
  1009. $mapper->expects($this->any())
  1010. ->method('getToken')
  1011. ->will($this->returnValue($token));
  1012. $mapper->expects($this->once())
  1013. ->method('update');
  1014. $request
  1015. ->expects($this->any())
  1016. ->method('getRemoteAddress')
  1017. ->willReturn('192.168.0.1');
  1018. $this->throttler
  1019. ->expects($this->once())
  1020. ->method('sleepDelay')
  1021. ->with('192.168.0.1');
  1022. $this->throttler
  1023. ->expects($this->any())
  1024. ->method('getDelay')
  1025. ->with('192.168.0.1')
  1026. ->willReturn(0);
  1027. $this->timeFactory
  1028. ->expects($this->any())
  1029. ->method('getTime')
  1030. ->will($this->returnValue(100));
  1031. $manager->method('getByEmail')
  1032. ->with('john')
  1033. ->willReturn([]);
  1034. $userSession->logClientIn('john', 'doe', $request, $this->throttler);
  1035. $this->assertEquals(10000, $token->getLastActivity());
  1036. $this->assertEquals(10000, $token->getLastCheck());
  1037. }
  1038. public function testNoUpdateAuthTokenLastCheckRecent() {
  1039. $manager = $this->createMock(Manager::class);
  1040. $session = $this->createMock(ISession::class);
  1041. $request = $this->createMock(IRequest::class);
  1042. $token = new \OC\Authentication\Token\DefaultToken();
  1043. $token->setUid('john');
  1044. $token->setLoginName('john');
  1045. $token->setLastActivity(10000);
  1046. $token->setLastCheck(100);
  1047. $mapper = $this->getMockBuilder(DefaultTokenMapper::class)
  1048. ->disableOriginalConstructor()
  1049. ->getMock();
  1050. $crypto = $this->createMock(ICrypto::class);
  1051. $logger = $this->createMock(ILogger::class);
  1052. $tokenProvider = new DefaultTokenProvider($mapper, $crypto, $this->config, $logger, $this->timeFactory);
  1053. /** @var \OC\User\Session $userSession */
  1054. $userSession = new Session($manager, $session, $this->timeFactory, $tokenProvider, $this->config, $this->random, $this->lockdownManager, $this->logger);
  1055. $mapper->expects($this->any())
  1056. ->method('getToken')
  1057. ->will($this->returnValue($token));
  1058. $mapper->expects($this->never())
  1059. ->method('update');
  1060. $request
  1061. ->expects($this->any())
  1062. ->method('getRemoteAddress')
  1063. ->willReturn('192.168.0.1');
  1064. $this->throttler
  1065. ->expects($this->once())
  1066. ->method('sleepDelay')
  1067. ->with('192.168.0.1');
  1068. $this->throttler
  1069. ->expects($this->any())
  1070. ->method('getDelay')
  1071. ->with('192.168.0.1')
  1072. ->willReturn(0);
  1073. $this->timeFactory
  1074. ->expects($this->any())
  1075. ->method('getTime')
  1076. ->will($this->returnValue(100));
  1077. $manager->method('getByEmail')
  1078. ->with('john')
  1079. ->willReturn([]);
  1080. $userSession->logClientIn('john', 'doe', $request, $this->throttler);
  1081. }
  1082. public function testCreateRememberMeToken() {
  1083. $user = $this->createMock(IUser::class);
  1084. $user
  1085. ->expects($this->exactly(2))
  1086. ->method('getUID')
  1087. ->willReturn('UserUid');
  1088. $this->random
  1089. ->expects($this->once())
  1090. ->method('generate')
  1091. ->with(32)
  1092. ->willReturn('LongRandomToken');
  1093. $this->config
  1094. ->expects($this->once())
  1095. ->method('setUserValue')
  1096. ->with('UserUid', 'login_token', 'LongRandomToken', 10000);
  1097. $this->userSession
  1098. ->expects($this->once())
  1099. ->method('setMagicInCookie')
  1100. ->with('UserUid', 'LongRandomToken');
  1101. $this->userSession->createRememberMeToken($user);
  1102. }
  1103. public function testTryBasicAuthLoginValid() {
  1104. $request = $this->createMock(Request::class);
  1105. $request->method('__get')
  1106. ->willReturn([
  1107. 'PHP_AUTH_USER' => 'username',
  1108. 'PHP_AUTH_PW' => 'password',
  1109. ]);
  1110. $request->method('__isset')
  1111. ->with('server')
  1112. ->willReturn(true);
  1113. $davAuthenticatedSet = false;
  1114. $lastPasswordConfirmSet = false;
  1115. $this->session
  1116. ->method('set')
  1117. ->will($this->returnCallback(function($k, $v) use (&$davAuthenticatedSet, &$lastPasswordConfirmSet) {
  1118. switch ($k) {
  1119. case Auth::DAV_AUTHENTICATED:
  1120. $davAuthenticatedSet = $v;
  1121. return;
  1122. case 'last-password-confirm':
  1123. $lastPasswordConfirmSet = 1000;
  1124. return;
  1125. default:
  1126. throw new \Exception();
  1127. }
  1128. }));
  1129. $userSession = $this->getMockBuilder(Session::class)
  1130. ->setConstructorArgs([
  1131. $this->manager,
  1132. $this->session,
  1133. $this->timeFactory,
  1134. $this->tokenProvider,
  1135. $this->config,
  1136. $this->random,
  1137. $this->lockdownManager,
  1138. $this->logger
  1139. ])
  1140. ->setMethods([
  1141. 'logClientIn',
  1142. 'getUser',
  1143. ])
  1144. ->getMock();
  1145. /** @var Session|\PHPUnit_Framework_MockObject_MockObject */
  1146. $userSession->expects($this->once())
  1147. ->method('logClientIn')
  1148. ->with(
  1149. $this->equalTo('username'),
  1150. $this->equalTo('password'),
  1151. $this->equalTo($request),
  1152. $this->equalTo($this->throttler)
  1153. )->willReturn(true);
  1154. $user = $this->createMock(IUser::class);
  1155. $user->method('getUID')->willReturn('username');
  1156. $userSession->expects($this->once())
  1157. ->method('getUser')
  1158. ->willReturn($user);
  1159. $this->assertTrue($userSession->tryBasicAuthLogin($request, $this->throttler));
  1160. $this->assertSame('username', $davAuthenticatedSet);
  1161. $this->assertSame(1000, $lastPasswordConfirmSet);
  1162. }
  1163. public function testTryBasicAuthLoginNoLogin() {
  1164. $request = $this->createMock(Request::class);
  1165. $request->method('__get')
  1166. ->willReturn([]);
  1167. $request->method('__isset')
  1168. ->with('server')
  1169. ->willReturn(true);
  1170. $this->session->expects($this->never())
  1171. ->method($this->anything());
  1172. $userSession = $this->getMockBuilder(Session::class)
  1173. ->setConstructorArgs([
  1174. $this->manager,
  1175. $this->session,
  1176. $this->timeFactory,
  1177. $this->tokenProvider,
  1178. $this->config,
  1179. $this->random,
  1180. $this->lockdownManager,
  1181. $this->logger
  1182. ])
  1183. ->setMethods([
  1184. 'logClientIn',
  1185. ])
  1186. ->getMock();
  1187. /** @var Session|\PHPUnit_Framework_MockObject_MockObject */
  1188. $userSession->expects($this->never())
  1189. ->method('logClientIn');
  1190. $this->assertFalse($userSession->tryBasicAuthLogin($request, $this->throttler));
  1191. }
  1192. }