mirror of
https://github.com/nextcloud/server.git
synced 2025-02-23 08:28:36 +00:00
aa5f037af7
Signed-off-by: Joas Schilling <coding@schilljs.com> Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
312 lines
9.6 KiB
PHP
312 lines
9.6 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
/**
|
|
* @copyright Copyright (c) 2021 Arthur Schiwon <blizzz@arthur-schiwon.de>
|
|
*
|
|
* @author Arthur Schiwon <blizzz@arthur-schiwon.de>
|
|
*
|
|
* @license GNU AGPL version 3 or any later version
|
|
*
|
|
* This program is free software: you can redistribute it and/or modify
|
|
* it under the terms of the GNU Affero General Public License as
|
|
* published by the Free Software Foundation, either version 3 of the
|
|
* License, or (at your option) any later version.
|
|
*
|
|
* This program is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU Affero General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU Affero General Public License
|
|
* along with this program. If not, see <https://www.gnu.org/licenses/>.
|
|
*
|
|
*/
|
|
|
|
namespace Test\Security\VerificationToken;
|
|
|
|
use OC\Security\VerificationToken\VerificationToken;
|
|
use OCP\AppFramework\Utility\ITimeFactory;
|
|
use OCP\BackgroundJob\IJobList;
|
|
use OCP\IConfig;
|
|
use OCP\IUser;
|
|
use OCP\Security\ICrypto;
|
|
use OCP\Security\ISecureRandom;
|
|
use OCP\Security\VerificationToken\InvalidTokenException;
|
|
use PHPUnit\Framework\MockObject\MockObject;
|
|
use Test\TestCase;
|
|
|
|
class VerificationTokenTest extends TestCase {
|
|
/** @var VerificationToken */
|
|
protected $token;
|
|
/** @var IConfig|MockObject */
|
|
protected $config;
|
|
/** @var ISecureRandom|MockObject */
|
|
protected $secureRandom;
|
|
/** @var ICrypto|MockObject */
|
|
protected $crypto;
|
|
/** @var ITimeFactory|MockObject */
|
|
protected $timeFactory;
|
|
/** @var IJobList|MockObject */
|
|
protected $jobList;
|
|
|
|
protected function setUp(): void {
|
|
parent::setUp();
|
|
|
|
$this->config = $this->createMock(IConfig::class);
|
|
$this->crypto = $this->createMock(ICrypto::class);
|
|
$this->timeFactory = $this->createMock(ITimeFactory::class);
|
|
$this->secureRandom = $this->createMock(ISecureRandom::class);
|
|
$this->jobList = $this->createMock(IJobList::class);
|
|
|
|
$this->token = new VerificationToken(
|
|
$this->config,
|
|
$this->crypto,
|
|
$this->timeFactory,
|
|
$this->secureRandom,
|
|
$this->jobList
|
|
);
|
|
}
|
|
|
|
public function testTokenUserUnknown() {
|
|
$this->expectException(InvalidTokenException::class);
|
|
$this->expectExceptionCode(InvalidTokenException::USER_UNKNOWN);
|
|
$this->token->check('encryptedToken', null, 'fingerprintToken', 'foobar');
|
|
}
|
|
|
|
public function testTokenUserUnknown2() {
|
|
$user = $this->createMock(IUser::class);
|
|
$user->expects($this->atLeastOnce())
|
|
->method('isEnabled')
|
|
->willReturn(false);
|
|
|
|
$this->expectException(InvalidTokenException::class);
|
|
$this->expectExceptionCode(InvalidTokenException::USER_UNKNOWN);
|
|
$this->token->check('encryptedToken', $user, 'fingerprintToken', 'foobar');
|
|
}
|
|
|
|
public function testTokenNotFound() {
|
|
$user = $this->createMock(IUser::class);
|
|
$user->expects($this->atLeastOnce())
|
|
->method('isEnabled')
|
|
->willReturn(true);
|
|
$user->expects($this->atLeastOnce())
|
|
->method('getUID')
|
|
->willReturn('alice');
|
|
|
|
// implicit: IConfig::getUserValue returns null by default
|
|
|
|
$this->expectException(InvalidTokenException::class);
|
|
$this->expectExceptionCode(InvalidTokenException::TOKEN_NOT_FOUND);
|
|
$this->token->check('encryptedToken', $user, 'fingerprintToken', 'foobar');
|
|
}
|
|
|
|
public function testTokenDecryptionError() {
|
|
$user = $this->createMock(IUser::class);
|
|
$user->expects($this->atLeastOnce())
|
|
->method('isEnabled')
|
|
->willReturn(true);
|
|
$user->expects($this->atLeastOnce())
|
|
->method('getUID')
|
|
->willReturn('alice');
|
|
|
|
$this->config->expects($this->atLeastOnce())
|
|
->method('getUserValue')
|
|
->with('alice', 'core', 'fingerprintToken', null)
|
|
->willReturn('encryptedToken');
|
|
$this->config->expects($this->any())
|
|
->method('getSystemValueString')
|
|
->with('secret')
|
|
->willReturn('357111317');
|
|
|
|
$this->crypto->method('decrypt')
|
|
->with('encryptedToken', 'foobar' . '357111317')
|
|
->willThrowException(new \Exception('decryption failed'));
|
|
|
|
$this->expectException(InvalidTokenException::class);
|
|
$this->expectExceptionCode(InvalidTokenException::TOKEN_DECRYPTION_ERROR);
|
|
$this->token->check('encryptedToken', $user, 'fingerprintToken', 'foobar');
|
|
}
|
|
|
|
public function testTokenInvalidFormat() {
|
|
$user = $this->createMock(IUser::class);
|
|
$user->expects($this->atLeastOnce())
|
|
->method('isEnabled')
|
|
->willReturn(true);
|
|
$user->expects($this->atLeastOnce())
|
|
->method('getUID')
|
|
->willReturn('alice');
|
|
|
|
$this->config->expects($this->atLeastOnce())
|
|
->method('getUserValue')
|
|
->with('alice', 'core', 'fingerprintToken', null)
|
|
->willReturn('encryptedToken');
|
|
$this->config->expects($this->any())
|
|
->method('getSystemValueString')
|
|
->with('secret')
|
|
->willReturn('357111317');
|
|
|
|
$this->crypto->method('decrypt')
|
|
->with('encryptedToken', 'foobar' . '357111317')
|
|
->willReturn('decrypted^nonsense');
|
|
|
|
$this->expectException(InvalidTokenException::class);
|
|
$this->expectExceptionCode(InvalidTokenException::TOKEN_INVALID_FORMAT);
|
|
$this->token->check('encryptedToken', $user, 'fingerprintToken', 'foobar');
|
|
}
|
|
|
|
public function testTokenExpired() {
|
|
$user = $this->createMock(IUser::class);
|
|
$user->expects($this->atLeastOnce())
|
|
->method('isEnabled')
|
|
->willReturn(true);
|
|
$user->expects($this->atLeastOnce())
|
|
->method('getUID')
|
|
->willReturn('alice');
|
|
$user->expects($this->any())
|
|
->method('getLastLogin')
|
|
->willReturn(604803);
|
|
|
|
$this->config->expects($this->atLeastOnce())
|
|
->method('getUserValue')
|
|
->with('alice', 'core', 'fingerprintToken', null)
|
|
->willReturn('encryptedToken');
|
|
$this->config->expects($this->any())
|
|
->method('getSystemValueString')
|
|
->with('secret')
|
|
->willReturn('357111317');
|
|
|
|
$this->crypto->method('decrypt')
|
|
->with('encryptedToken', 'foobar' . '357111317')
|
|
->willReturn('604800:mY70K3n');
|
|
|
|
$this->timeFactory->expects($this->any())
|
|
->method('getTime')
|
|
->willReturn(604800 * 3);
|
|
|
|
$this->expectException(InvalidTokenException::class);
|
|
$this->expectExceptionCode(InvalidTokenException::TOKEN_EXPIRED);
|
|
$this->token->check('encryptedToken', $user, 'fingerprintToken', 'foobar');
|
|
}
|
|
|
|
public function testTokenExpiredByLogin() {
|
|
$user = $this->createMock(IUser::class);
|
|
$user->expects($this->atLeastOnce())
|
|
->method('isEnabled')
|
|
->willReturn(true);
|
|
$user->expects($this->atLeastOnce())
|
|
->method('getUID')
|
|
->willReturn('alice');
|
|
$user->expects($this->any())
|
|
->method('getLastLogin')
|
|
->willReturn(604803);
|
|
|
|
$this->config->expects($this->atLeastOnce())
|
|
->method('getUserValue')
|
|
->with('alice', 'core', 'fingerprintToken', null)
|
|
->willReturn('encryptedToken');
|
|
$this->config->expects($this->any())
|
|
->method('getSystemValueString')
|
|
->with('secret')
|
|
->willReturn('357111317');
|
|
|
|
$this->crypto->method('decrypt')
|
|
->with('encryptedToken', 'foobar' . '357111317')
|
|
->willReturn('604800:mY70K3n');
|
|
|
|
$this->timeFactory->expects($this->any())
|
|
->method('getTime')
|
|
->willReturn(604801);
|
|
|
|
$this->expectException(InvalidTokenException::class);
|
|
$this->expectExceptionCode(InvalidTokenException::TOKEN_EXPIRED);
|
|
$this->token->check('encryptedToken', $user, 'fingerprintToken', 'foobar', true);
|
|
}
|
|
|
|
public function testTokenMismatch() {
|
|
$user = $this->createMock(IUser::class);
|
|
$user->expects($this->atLeastOnce())
|
|
->method('isEnabled')
|
|
->willReturn(true);
|
|
$user->expects($this->atLeastOnce())
|
|
->method('getUID')
|
|
->willReturn('alice');
|
|
$user->expects($this->any())
|
|
->method('getLastLogin')
|
|
->willReturn(604703);
|
|
|
|
$this->config->expects($this->atLeastOnce())
|
|
->method('getUserValue')
|
|
->with('alice', 'core', 'fingerprintToken', null)
|
|
->willReturn('encryptedToken');
|
|
$this->config->expects($this->any())
|
|
->method('getSystemValueString')
|
|
->with('secret')
|
|
->willReturn('357111317');
|
|
|
|
$this->crypto->method('decrypt')
|
|
->with('encryptedToken', 'foobar' . '357111317')
|
|
->willReturn('604802:mY70K3n');
|
|
|
|
$this->timeFactory->expects($this->any())
|
|
->method('getTime')
|
|
->willReturn(604801);
|
|
|
|
$this->expectException(InvalidTokenException::class);
|
|
$this->expectExceptionCode(InvalidTokenException::TOKEN_MISMATCH);
|
|
$this->token->check('encryptedToken', $user, 'fingerprintToken', 'foobar');
|
|
}
|
|
|
|
public function testTokenSuccess() {
|
|
$user = $this->createMock(IUser::class);
|
|
$user->expects($this->atLeastOnce())
|
|
->method('isEnabled')
|
|
->willReturn(true);
|
|
$user->expects($this->atLeastOnce())
|
|
->method('getUID')
|
|
->willReturn('alice');
|
|
$user->expects($this->any())
|
|
->method('getLastLogin')
|
|
->willReturn(604703);
|
|
|
|
$this->config->expects($this->atLeastOnce())
|
|
->method('getUserValue')
|
|
->with('alice', 'core', 'fingerprintToken', null)
|
|
->willReturn('encryptedToken');
|
|
$this->config->expects($this->any())
|
|
->method('getSystemValueString')
|
|
->with('secret')
|
|
->willReturn('357111317');
|
|
|
|
$this->crypto->method('decrypt')
|
|
->with('encryptedToken', 'foobar' . '357111317')
|
|
->willReturn('604802:barfoo');
|
|
|
|
$this->timeFactory->expects($this->any())
|
|
->method('getTime')
|
|
->willReturn(604801);
|
|
|
|
$this->token->check('barfoo', $user, 'fingerprintToken', 'foobar');
|
|
}
|
|
|
|
public function testCreate() {
|
|
$user = $this->createMock(IUser::class);
|
|
$user->expects($this->any())
|
|
->method('getUID')
|
|
->willReturn('alice');
|
|
|
|
$this->secureRandom->expects($this->atLeastOnce())
|
|
->method('generate')
|
|
->willReturn('barfoo');
|
|
$this->crypto->expects($this->atLeastOnce())
|
|
->method('encrypt')
|
|
->willReturn('encryptedToken');
|
|
$this->config->expects($this->atLeastOnce())
|
|
->method('setUserValue')
|
|
->with('alice', 'core', 'fingerprintToken', 'encryptedToken');
|
|
|
|
$vToken = $this->token->create($user, 'fingerprintToken', 'foobar');
|
|
$this->assertSame('barfoo', $vToken);
|
|
}
|
|
}
|