CsrfTokenManagerTest.php 4.1 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145
  1. <?php
  2. declare(strict_types=1);
  3. /**
  4. * SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors
  5. * SPDX-FileCopyrightText: 2016 ownCloud, Inc.
  6. * SPDX-License-Identifier: AGPL-3.0-only
  7. */
  8. namespace Test\Security\CSRF;
  9. class CsrfTokenManagerTest extends \Test\TestCase {
  10. /** @var \OC\Security\CSRF\CsrfTokenManager */
  11. private $csrfTokenManager;
  12. /** @var \OC\Security\CSRF\CsrfTokenGenerator */
  13. private $tokenGenerator;
  14. /** @var \OC\Security\CSRF\TokenStorage\SessionStorage */
  15. private $storageInterface;
  16. protected function setUp(): void {
  17. parent::setUp();
  18. $this->tokenGenerator = $this->getMockBuilder('\OC\Security\CSRF\CsrfTokenGenerator')
  19. ->disableOriginalConstructor()->getMock();
  20. $this->storageInterface = $this->getMockBuilder('\OC\Security\CSRF\TokenStorage\SessionStorage')
  21. ->disableOriginalConstructor()->getMock();
  22. $this->csrfTokenManager = new \OC\Security\CSRF\CsrfTokenManager(
  23. $this->tokenGenerator,
  24. $this->storageInterface
  25. );
  26. }
  27. public function testGetTokenWithExistingToken(): void {
  28. $this->storageInterface
  29. ->expects($this->once())
  30. ->method('hasToken')
  31. ->willReturn(true);
  32. $this->storageInterface
  33. ->expects($this->once())
  34. ->method('getToken')
  35. ->willReturn('MyExistingToken');
  36. $expected = new \OC\Security\CSRF\CsrfToken('MyExistingToken');
  37. $this->assertEquals($expected, $this->csrfTokenManager->getToken());
  38. }
  39. public function testGetTokenWithExistingTokenKeepsOnSecondRequest(): void {
  40. $this->storageInterface
  41. ->expects($this->once())
  42. ->method('hasToken')
  43. ->willReturn(true);
  44. $this->storageInterface
  45. ->expects($this->once())
  46. ->method('getToken')
  47. ->willReturn('MyExistingToken');
  48. $expected = new \OC\Security\CSRF\CsrfToken('MyExistingToken');
  49. $token = $this->csrfTokenManager->getToken();
  50. $this->assertSame($token, $this->csrfTokenManager->getToken());
  51. $this->assertSame($token, $this->csrfTokenManager->getToken());
  52. }
  53. public function testGetTokenWithoutExistingToken(): void {
  54. $this->storageInterface
  55. ->expects($this->once())
  56. ->method('hasToken')
  57. ->willReturn(false);
  58. $this->tokenGenerator
  59. ->expects($this->once())
  60. ->method('generateToken')
  61. ->willReturn('MyNewToken');
  62. $this->storageInterface
  63. ->expects($this->once())
  64. ->method('setToken')
  65. ->with('MyNewToken');
  66. $expected = new \OC\Security\CSRF\CsrfToken('MyNewToken');
  67. $this->assertEquals($expected, $this->csrfTokenManager->getToken());
  68. }
  69. public function testRefreshToken(): void {
  70. $this->tokenGenerator
  71. ->expects($this->once())
  72. ->method('generateToken')
  73. ->willReturn('MyNewToken');
  74. $this->storageInterface
  75. ->expects($this->once())
  76. ->method('setToken')
  77. ->with('MyNewToken');
  78. $expected = new \OC\Security\CSRF\CsrfToken('MyNewToken');
  79. $this->assertEquals($expected, $this->csrfTokenManager->refreshToken());
  80. }
  81. public function testRemoveToken(): void {
  82. $this->storageInterface
  83. ->expects($this->once())
  84. ->method('removeToken');
  85. $this->csrfTokenManager->removeToken();
  86. }
  87. public function testIsTokenValidWithoutToken(): void {
  88. $this->storageInterface
  89. ->expects($this->once())
  90. ->method('hasToken')
  91. ->willReturn(false);
  92. $token = new \OC\Security\CSRF\CsrfToken('Token');
  93. $this->assertSame(false, $this->csrfTokenManager->isTokenValid($token));
  94. }
  95. public function testIsTokenValidWithWrongToken(): void {
  96. $this->storageInterface
  97. ->expects($this->once())
  98. ->method('hasToken')
  99. ->willReturn(true);
  100. $token = new \OC\Security\CSRF\CsrfToken('Token');
  101. $this->storageInterface
  102. ->expects($this->once())
  103. ->method('getToken')
  104. ->willReturn('MyToken');
  105. $this->assertSame(false, $this->csrfTokenManager->isTokenValid($token));
  106. }
  107. public function testIsTokenValidWithValidToken(): void {
  108. $a = 'abc';
  109. $b = 'def';
  110. $xorB64 = 'BQcF';
  111. $tokenVal = sprintf('%s:%s', $xorB64, base64_encode($a));
  112. $this->storageInterface
  113. ->expects($this->once())
  114. ->method('hasToken')
  115. ->willReturn(true);
  116. $token = new \OC\Security\CSRF\CsrfToken($tokenVal);
  117. $this->storageInterface
  118. ->expects($this->once())
  119. ->method('getToken')
  120. ->willReturn($b);
  121. $this->assertSame(true, $this->csrfTokenManager->isTokenValid($token));
  122. }
  123. }