Mirrors
/
nextcloud-server
mirror of https://github.com/nextcloud/server
3
0
Fork 0
Code Releases Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
62599 Commits
570 Branches
1160 Tags
4.1 GiB
Tree: 7b3e2217de
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '7b3e2217de'
${ noResults }
nextcloud-server/tests/lib/Authentication/Token/PublicKeyTokenProviderTest.php

526 lines
16 KiB
Raw Normal View History

Add first tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
8 years ago
Move ExpiredTokenException to the correct namespace Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
7 years ago
Add first tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
8 years ago
Some php-cs fixes * Order the imports * No leading slash on imports * Empty line before namespace * One line per import * Empty after imports * Emmpty line at bottom of file Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
6 years ago
Add first tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
8 years ago
Use PSR logger in authentication Signed-off-by: Joas Schilling <coding@schilljs.com>
5 years ago
Add first tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
8 years ago
Change PHPDoc type hint from PHPUnit_Framework_MockObject_MockObject to \PHPUnit\Framework\MockObject\MockObject Signed-off-by: Morris Jobke <hey@morrisjobke.de>
5 years ago
Add first tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
8 years ago
Change PHPDoc type hint from PHPUnit_Framework_MockObject_MockObject to \PHPUnit\Framework\MockObject\MockObject Signed-off-by: Morris Jobke <hey@morrisjobke.de>
5 years ago
Add first tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
8 years ago
Change PHPDoc type hint from PHPUnit_Framework_MockObject_MockObject to \PHPUnit\Framework\MockObject\MockObject Signed-off-by: Morris Jobke <hey@morrisjobke.de>
5 years ago
Add first tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
8 years ago
Use PSR logger in authentication Signed-off-by: Joas Schilling <coding@schilljs.com>
5 years ago
Add first tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
8 years ago
Change PHPDoc type hint from PHPUnit_Framework_MockObject_MockObject to \PHPUnit\Framework\MockObject\MockObject Signed-off-by: Morris Jobke <hey@morrisjobke.de>
5 years ago
Add first tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
8 years ago
Make phpunit8 compatible Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
6 years ago
Add first tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
8 years ago
Use the shorter phpunit syntax for mocked return values Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
6 years ago
Add first tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
8 years ago
Add openssl to mock Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
7 years ago
Use the shorter phpunit syntax for mocked return values Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
6 years ago
Use PSR logger in authentication Signed-off-by: Joas Schilling <coding@schilljs.com>
5 years ago
Add first tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
8 years ago
Fix unit tests Signed-off-by: Joas Schilling <coding@schilljs.com>
4 years ago
Add first tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
8 years ago
Fix unit tests Signed-off-by: Joas Schilling <coding@schilljs.com>
4 years ago
Fix user agent trimming on installation Signed-off-by: Joas Schilling <coding@schilljs.com>
4 years ago
Fix unit tests Signed-off-by: Joas Schilling <coding@schilljs.com>
4 years ago
Add first tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
8 years ago
Prevent duplicate auth token activity updates The auth token activity logic works as follows * Read auth token * Compare last activity time stamp to current time * Update auth token activity if it's older than x seconds This works fine in isolation but with concurrency that means that occasionally the same token is read simultaneously by two processes and both of these processes will trigger an update of the same row. Affectively the second update doesn't add much value. It might set the time stamp to the exact same time stamp or one a few seconds later. But the last activity is no precise science, we don't need this accuracy. This patch changes the UPDATE query to include the expected value in a comparison with the current data. This results in an affected row when the data in the DB still has an old time stamp, but won't affect a row if the time stamp is (nearly) up to date. This is a micro optimization and will possibly not show any significant performance improvement. Yet in setups with a DB cluster it means that the write node has to send fewer changes to the read nodes due to the lower number of actual changes. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
4 years ago
Add first tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
8 years ago
Allow configuring the activity update interval of token On some systems with a lot of users this creates a lot of extra DB writes. Being able to increase this interval helps there. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
5 years ago
Add first tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
8 years ago
Prevent duplicate auth token activity updates The auth token activity logic works as follows * Read auth token * Compare last activity time stamp to current time * Update auth token activity if it's older than x seconds This works fine in isolation but with concurrency that means that occasionally the same token is read simultaneously by two processes and both of these processes will trigger an update of the same row. Affectively the second update doesn't add much value. It might set the time stamp to the exact same time stamp or one a few seconds later. But the last activity is no precise science, we don't need this accuracy. This patch changes the UPDATE query to include the expected value in a comparison with the current data. This results in an affected row when the data in the DB still has an old time stamp, but won't affect a row if the time stamp is (nearly) up to date. This is a micro optimization and will possibly not show any significant performance improvement. Yet in setups with a DB cluster it means that the write node has to send fewer changes to the read nodes due to the lower number of actual changes. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
4 years ago
Add first tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
8 years ago
Prevent duplicate auth token activity updates The auth token activity logic works as follows * Read auth token * Compare last activity time stamp to current time * Update auth token activity if it's older than x seconds This works fine in isolation but with concurrency that means that occasionally the same token is read simultaneously by two processes and both of these processes will trigger an update of the same row. Affectively the second update doesn't add much value. It might set the time stamp to the exact same time stamp or one a few seconds later. But the last activity is no precise science, we don't need this accuracy. This patch changes the UPDATE query to include the expected value in a comparison with the current data. This results in an affected row when the data in the DB still has an old time stamp, but won't affect a row if the time stamp is (nearly) up to date. This is a micro optimization and will possibly not show any significant performance improvement. Yet in setups with a DB cluster it means that the write node has to send fewer changes to the read nodes due to the lower number of actual changes. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
4 years ago
Add first tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
8 years ago
SetPassword on PublicKeyTokens Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
8 years ago
Use the shorter phpunit syntax for mocked return values Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
6 years ago
Add first tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
8 years ago
SetPassword on PublicKeyTokens Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
8 years ago
Add first tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
8 years ago
Fix unit tests Signed-off-by: Joas Schilling <coding@schilljs.com>
4 years ago
Add first tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
8 years ago
Change PHPDoc type hint from PHPUnit_Framework_MockObject_MockObject to \PHPUnit\Framework\MockObject\MockObject Signed-off-by: Morris Jobke <hey@morrisjobke.de>
5 years ago
Add first tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
8 years ago
Mode to modern phpunit Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
6 years ago
Add first tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
8 years ago
Change PHPDoc type hint from PHPUnit_Framework_MockObject_MockObject to \PHPUnit\Framework\MockObject\MockObject Signed-off-by: Morris Jobke <hey@morrisjobke.de>
5 years ago
Add first tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
8 years ago
Mode to modern phpunit Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
6 years ago
Add first tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
8 years ago
Fix unit tests Signed-off-by: Joas Schilling <coding@schilljs.com>
4 years ago
Add first tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
8 years ago
Fix unit tests Signed-off-by: Joas Schilling <coding@schilljs.com>
4 years ago
Add first tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
8 years ago
SetPassword on PublicKeyTokens Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
8 years ago
Add first tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
8 years ago
SetPassword on PublicKeyTokens Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
8 years ago
Add first tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
8 years ago
Change PHPDoc type hint from PHPUnit_Framework_MockObject_MockObject to \PHPUnit\Framework\MockObject\MockObject Signed-off-by: Morris Jobke <hey@morrisjobke.de>
5 years ago
Add first tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
8 years ago
Mode to modern phpunit Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
6 years ago
Add first tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
8 years ago
SetPassword on PublicKeyTokens Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
8 years ago
Add first tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
8 years ago
SetPassword on PublicKeyTokens Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
8 years ago
Add first tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
8 years ago
Use the shorter phpunit syntax for mocked return values Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
6 years ago
Add first tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
8 years ago
Use the shorter phpunit syntax for mocked return values Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
6 years ago
Fix unit tests Signed-off-by: Joas Schilling <coding@schilljs.com>
4 years ago
Add first tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
8 years ago
Fix unit tests Signed-off-by: Joas Schilling <coding@schilljs.com>
4 years ago
Add first tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
8 years ago
Fix unit tests Signed-off-by: Joas Schilling <coding@schilljs.com>
4 years ago
Add first tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
8 years ago
Fix unit tests Signed-off-by: Joas Schilling <coding@schilljs.com>
4 years ago
Add first tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
8 years ago
Fix unit tests Signed-off-by: Joas Schilling <coding@schilljs.com>
4 years ago
Add first tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
8 years ago
Fix unit tests Signed-off-by: Joas Schilling <coding@schilljs.com>
4 years ago
Add first tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
8 years ago
Unify function spacing to PSR2 recommendation Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
6 years ago
Add first tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
8 years ago
Fix unit tests Signed-off-by: Joas Schilling <coding@schilljs.com>
4 years ago
Add first tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
8 years ago
Fix unit tests Signed-off-by: Joas Schilling <coding@schilljs.com>
4 years ago
Add first tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
8 years ago
Fix unit tests Signed-off-by: Joas Schilling <coding@schilljs.com>
4 years ago
Add first tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
8 years ago
Fix unit tests Signed-off-by: Joas Schilling <coding@schilljs.com>
4 years ago
Add first tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
8 years ago
Unify function spacing to PSR2 recommendation Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
6 years ago
Add first tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
8 years ago
Add more tests * Add a lot of tests * Fixes related to those tests * Fix tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
8 years ago
Add first tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
8 years ago
Fix unit tests Signed-off-by: Joas Schilling <coding@schilljs.com>
4 years ago
Add first tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
8 years ago
Fix unit tests Signed-off-by: Joas Schilling <coding@schilljs.com>
4 years ago
Add first tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
8 years ago
Fix unit tests Signed-off-by: Joas Schilling <coding@schilljs.com>
4 years ago
Add first tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
8 years ago
Add more tests * Add a lot of tests * Fixes related to those tests * Fix tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
8 years ago
Add tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
7 years ago
More test fixing Signed-off-by: Joas Schilling <coding@schilljs.com>
4 years ago
Add tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
7 years ago
Always renew apppasswords on login Else you can end up that you renewed your password (LDAP for example). But they still don't work because you did not use them before you logged in. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
5 years ago
Add tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
7 years ago
Add first tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
8 years ago
  1. <?php
  2. /**
  3. * @copyright Copyright (c) 2018 Roeland Jago Douma <roeland@famdouma.nl>
  4. *
  5. * @author Roeland Jago Douma <roeland@famdouma.nl>
  6. *
  7. * @license GNU AGPL version 3 or any later version
  8. *
  9. * This program is free software: you can redistribute it and/or modify
  10. * it under the terms of the GNU Affero General Public License as
  11. * published by the Free Software Foundation, either version 3 of the
  12. * License, or (at your option) any later version.
  13. *
  14. * This program is distributed in the hope that it will be useful,
  15. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  16. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  17. * GNU Affero General Public License for more details.
  18. *
  19. * You should have received a copy of the GNU Affero General Public License
  20. * along with this program. If not, see <http://www.gnu.org/licenses/>.
  21. *
  22. */
  24. namespace Test\Authentication\Token;
  26. use OC\Authentication\Exceptions\ExpiredTokenException;
  27. use OC\Authentication\Exceptions\InvalidTokenException;
  28. use OC\Authentication\Token\IToken;
  29. use OC\Authentication\Token\PublicKeyToken;
  30. use OC\Authentication\Token\PublicKeyTokenMapper;
  31. use OC\Authentication\Token\PublicKeyTokenProvider;
  32. use OCP\AppFramework\Db\DoesNotExistException;
  33. use OCP\AppFramework\Utility\ITimeFactory;
  34. use OCP\IConfig;
  35. use OCP\Security\ICrypto;
  36. use Psr\Log\LoggerInterface;
  37. use Test\TestCase;
  39. class PublicKeyTokenProviderTest extends TestCase {
  40. /** @var PublicKeyTokenProvider|\PHPUnit\Framework\MockObject\MockObject */
  41. private $tokenProvider;
  42. /** @var PublicKeyTokenMapper|\PHPUnit\Framework\MockObject\MockObject */
  43. private $mapper;
  44. /** @var ICrypto */
  45. private $crypto;
  46. /** @var IConfig|\PHPUnit\Framework\MockObject\MockObject */
  47. private $config;
  48. /** @var LoggerInterface|\PHPUnit\Framework\MockObject\MockObject */
  49. private $logger;
  50. /** @var ITimeFactory|\PHPUnit\Framework\MockObject\MockObject */
  51. private $timeFactory;
  52. /** @var int */
  53. private $time;
  55. protected function setUp(): void {
  56. parent::setUp();
  58. $this->mapper = $this->createMock(PublicKeyTokenMapper::class);
  59. $this->crypto = \OC::$server->getCrypto();
  60. $this->config = $this->createMock(IConfig::class);
  61. $this->config->method('getSystemValue')
  62. ->willReturnMap([
  63. ['session_lifetime', 60 * 60 * 24, 150],
  64. ['remember_login_cookie_lifetime', 60 * 60 * 24 * 15, 300],
  65. ['secret', '', '1f4h9s'],
  66. ['openssl', [], []],
  67. ]);
  68. $this->logger = $this->createMock(LoggerInterface::class);
  69. $this->timeFactory = $this->createMock(ITimeFactory::class);
  70. $this->time = 1313131;
  71. $this->timeFactory->method('getTime')
  72. ->willReturn($this->time);
  74. $this->tokenProvider = new PublicKeyTokenProvider($this->mapper, $this->crypto, $this->config, $this->logger,
  75. $this->timeFactory);
  76. }
  78. public function testGenerateToken() {
  79. $token = 'token';
  80. $uid = 'user';
  81. $user = 'User';
  82. $password = 'passme';
  83. $name = 'User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12';
  84. $type = IToken::PERMANENT_TOKEN;
  86. $actual = $this->tokenProvider->generateToken($token, $uid, $user, $password, $name, $type, IToken::DO_NOT_REMEMBER);
  88. $this->assertInstanceOf(PublicKeyToken::class, $actual);
  89. $this->assertSame($uid, $actual->getUID());
  90. $this->assertSame($user, $actual->getLoginName());
  91. $this->assertSame($name, $actual->getName());
  92. $this->assertSame(IToken::DO_NOT_REMEMBER, $actual->getRemember());
  93. $this->assertSame($password, $this->tokenProvider->getPassword($actual, $token));
  94. }
  96. public function testGenerateTokenInvalidName() {
  97. $token = 'token';
  98. $uid = 'user';
  99. $user = 'User';
  100. $password = 'passme';
  101. $name = 'User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12'
  102. . 'User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12'
  103. . 'User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12'
  104. . 'User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12';
  105. $type = IToken::PERMANENT_TOKEN;
  107. $actual = $this->tokenProvider->generateToken($token, $uid, $user, $password, $name, $type, IToken::DO_NOT_REMEMBER);
  109. $this->assertInstanceOf(PublicKeyToken::class, $actual);
  110. $this->assertSame($uid, $actual->getUID());
  111. $this->assertSame($user, $actual->getLoginName());
  112. $this->assertSame('User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12User-Agent: Mozill…', $actual->getName());
  113. $this->assertSame(IToken::DO_NOT_REMEMBER, $actual->getRemember());
  114. $this->assertSame($password, $this->tokenProvider->getPassword($actual, $token));
  115. }
  117. public function testUpdateToken() {
  118. $tk = new PublicKeyToken();
  119. $this->mapper->expects($this->once())
  120. ->method('updateActivity')
  121. ->with($tk, $this->time);
  122. $tk->setLastActivity($this->time - 200);
  124. $this->tokenProvider->updateTokenActivity($tk);
  126. $this->assertEquals($this->time, $tk->getLastActivity());
  127. }
  129. public function testUpdateTokenDebounce() {
  130. $tk = new PublicKeyToken();
  131. $this->config->method('getSystemValueInt')
  132. ->willReturnCallback(function ($value, $default) {
  133. return $default;
  134. });
  135. $tk->setLastActivity($this->time - 30);
  137. $this->mapper->expects($this->never())
  138. ->method('updateActivity')
  139. ->with($tk, $this->time);
  141. $this->tokenProvider->updateTokenActivity($tk);
  142. }
  144. public function testGetTokenByUser() {
  145. $this->mapper->expects($this->once())
  146. ->method('getTokenByUser')
  147. ->with('uid')
  148. ->willReturn(['token']);
  150. $this->assertEquals(['token'], $this->tokenProvider->getTokenByUser('uid'));
  151. }
  153. public function testGetPassword() {
  154. $token = 'token';
  155. $uid = 'user';
  156. $user = 'User';
  157. $password = 'passme';
  158. $name = 'User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12';
  159. $type = IToken::PERMANENT_TOKEN;
  161. $actual = $this->tokenProvider->generateToken($token, $uid, $user, $password, $name, $type, IToken::DO_NOT_REMEMBER);
  163. $this->assertSame($password, $this->tokenProvider->getPassword($actual, $token));
  164. }
  167. public function testGetPasswordPasswordLessToken() {
  168. $this->expectException(\OC\Authentication\Exceptions\PasswordlessTokenException::class);
  170. $token = 'token1234';
  171. $tk = new PublicKeyToken();
  172. $tk->setPassword(null);
  174. $this->tokenProvider->getPassword($tk, $token);
  175. }
  178. public function testGetPasswordInvalidToken() {
  179. $this->expectException(\OC\Authentication\Exceptions\InvalidTokenException::class);
  181. $token = 'token';
  182. $uid = 'user';
  183. $user = 'User';
  184. $password = 'passme';
  185. $name = 'User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12';
  186. $type = IToken::PERMANENT_TOKEN;
  188. $actual = $this->tokenProvider->generateToken($token, $uid, $user, $password, $name, $type, IToken::DO_NOT_REMEMBER);
  190. $this->tokenProvider->getPassword($actual, 'wrongtoken');
  191. }
  193. public function testSetPassword() {
  194. $token = 'token';
  195. $uid = 'user';
  196. $user = 'User';
  197. $password = 'passme';
  198. $name = 'User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12';
  199. $type = IToken::PERMANENT_TOKEN;
  201. $actual = $this->tokenProvider->generateToken($token, $uid, $user, $password, $name, $type, IToken::DO_NOT_REMEMBER);
  203. $this->mapper->method('getTokenByUser')
  204. ->with('user')
  205. ->willReturn([$actual]);
  207. $newpass = 'newpass';
  208. $this->mapper->expects($this->once())
  209. ->method('update')
  210. ->with($this->callback(function ($token) use ($newpass) {
  211. return $newpass === $this->tokenProvider->getPassword($token, 'token');
  212. }));
  215. $this->tokenProvider->setPassword($actual, $token, $newpass);
  217. $this->assertSame($newpass, $this->tokenProvider->getPassword($actual, 'token'));
  218. }
  221. public function testSetPasswordInvalidToken() {
  222. $this->expectException(\OC\Authentication\Exceptions\InvalidTokenException::class);
  224. $token = $this->createMock(IToken::class);
  225. $tokenId = 'token123';
  226. $password = '123456';
  228. $this->tokenProvider->setPassword($token, $tokenId, $password);
  229. }
  231. public function testInvalidateToken() {
  232. $this->mapper->expects($this->once())
  233. ->method('invalidate')
  234. ->with(hash('sha512', 'token7'.'1f4h9s'));
  236. $this->tokenProvider->invalidateToken('token7');
  237. }
  239. public function testInvaildateTokenById() {
  240. $id = 123;
  242. $this->mapper->expects($this->once())
  243. ->method('deleteById')
  244. ->with('uid', $id);
  246. $this->tokenProvider->invalidateTokenById('uid', $id);
  247. }
  249. public function testInvalidateOldTokens() {
  250. $defaultSessionLifetime = 60 * 60 * 24;
  251. $defaultRememberMeLifetime = 60 * 60 * 24 * 15;
  252. $this->config->expects($this->exactly(2))
  253. ->method('getSystemValue')
  254. ->willReturnMap([
  255. ['session_lifetime', $defaultSessionLifetime, 150],
  256. ['remember_login_cookie_lifetime', $defaultRememberMeLifetime, 300],
  257. ]);
  258. $this->mapper->expects($this->exactly(2))
  259. ->method('invalidateOld')
  260. ->withConsecutive(
  261. [$this->time - 150],
  262. [$this->time - 300]
  263. );
  265. $this->tokenProvider->invalidateOldTokens();
  266. }
  268. public function testRenewSessionTokenWithoutPassword() {
  269. $token = 'oldId';
  270. $uid = 'user';
  271. $user = 'User';
  272. $password = null;
  273. $name = 'User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12';
  274. $type = IToken::PERMANENT_TOKEN;
  276. $oldToken = $this->tokenProvider->generateToken($token, $uid, $user, $password, $name, $type, IToken::DO_NOT_REMEMBER);
  278. $this->mapper
  279. ->expects($this->once())
  280. ->method('getToken')
  281. ->with(hash('sha512', 'oldId' . '1f4h9s'))
  282. ->willReturn($oldToken);
  283. $this->mapper
  284. ->expects($this->once())
  285. ->method('insert')
  286. ->with($this->callback(function (PublicKeyToken $token) use ($user, $uid, $name) {
  287. return $token->getUID() === $uid &&
  288. $token->getLoginName() === $user &&
  289. $token->getName() === $name &&
  290. $token->getType() === IToken::DO_NOT_REMEMBER &&
  291. $token->getLastActivity() === $this->time &&
  292. $token->getPassword() === null;
  293. }));
  294. $this->mapper
  295. ->expects($this->once())
  296. ->method('delete')
  297. ->with($this->callback(function ($token) use ($oldToken) {
  298. return $token === $oldToken;
  299. }));
  301. $this->tokenProvider->renewSessionToken('oldId', 'newId');
  302. }
  304. public function testRenewSessionTokenWithPassword() {
  305. $token = 'oldId';
  306. $uid = 'user';
  307. $user = 'User';
  308. $password = 'password';
  309. $name = 'User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12';
  310. $type = IToken::PERMANENT_TOKEN;
  312. $oldToken = $this->tokenProvider->generateToken($token, $uid, $user, $password, $name, $type, IToken::DO_NOT_REMEMBER);
  314. $this->mapper
  315. ->expects($this->once())
  316. ->method('getToken')
  317. ->with(hash('sha512', 'oldId' . '1f4h9s'))
  318. ->willReturn($oldToken);
  319. $this->mapper
  320. ->expects($this->once())
  321. ->method('insert')
  322. ->with($this->callback(function (PublicKeyToken $token) use ($user, $uid, $name) {
  323. return $token->getUID() === $uid &&
  324. $token->getLoginName() === $user &&
  325. $token->getName() === $name &&
  326. $token->getType() === IToken::DO_NOT_REMEMBER &&
  327. $token->getLastActivity() === $this->time &&
  328. $token->getPassword() !== null &&
  329. $this->tokenProvider->getPassword($token, 'newId') === 'password';
  330. }));
  331. $this->mapper
  332. ->expects($this->once())
  333. ->method('delete')
  334. ->with($this->callback(function ($token) use ($oldToken) {
  335. return $token === $oldToken;
  336. }));
  338. $this->tokenProvider->renewSessionToken('oldId', 'newId');
  339. }
  341. public function testGetToken() {
  342. $token = new PublicKeyToken();
  344. $this->config->method('getSystemValue')
  345. ->with('secret')
  346. ->willReturn('mysecret');
  348. $this->mapper->method('getToken')
  349. ->with(
  350. $this->callback(function (string $token) {
  351. return hash('sha512', 'unhashedToken'.'1f4h9s') === $token;
  352. })
  353. )->willReturn($token);
  355. $this->assertSame($token, $this->tokenProvider->getToken('unhashedToken'));
  356. }
  358. public function testGetInvalidToken() {
  359. $this->expectException(InvalidTokenException::class);
  361. $this->mapper->method('getToken')
  362. ->with(
  363. $this->callback(function (string $token) {
  364. return hash('sha512', 'unhashedToken'.'1f4h9s') === $token;
  365. })
  366. )->willThrowException(new DoesNotExistException('nope'));
  368. $this->tokenProvider->getToken('unhashedToken');
  369. }
  371. public function testGetExpiredToken() {
  372. $token = 'token';
  373. $uid = 'user';
  374. $user = 'User';
  375. $password = 'passme';
  376. $name = 'User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12';
  377. $type = IToken::PERMANENT_TOKEN;
  379. $actual = $this->tokenProvider->generateToken($token, $uid, $user, $password, $name, $type, IToken::DO_NOT_REMEMBER);
  380. $actual->setExpires(42);
  382. $this->mapper->method('getToken')
  383. ->with(
  384. $this->callback(function (string $token) {
  385. return hash('sha512', 'token'.'1f4h9s') === $token;
  386. })
  387. )->willReturn($actual);
  389. try {
  390. $this->tokenProvider->getToken('token');
  391. $this->fail();
  392. } catch (ExpiredTokenException $e) {
  393. $this->assertSame($actual, $e->getToken());
  394. }
  395. }
  397. public function testGetTokenById() {
  398. $token = $this->createMock(PublicKeyToken::class);
  400. $this->mapper->expects($this->once())
  401. ->method('getTokenById')
  402. ->with($this->equalTo(42))
  403. ->willReturn($token);
  405. $this->assertSame($token, $this->tokenProvider->getTokenById(42));
  406. }
  408. public function testGetInvalidTokenById() {
  409. $this->expectException(InvalidTokenException::class);
  411. $this->mapper->expects($this->once())
  412. ->method('getTokenById')
  413. ->with($this->equalTo(42))
  414. ->willThrowException(new DoesNotExistException('nope'));
  416. $this->tokenProvider->getTokenById(42);
  417. }
  419. public function testGetExpiredTokenById() {
  420. $token = new PublicKeyToken();
  421. $token->setExpires(42);
  423. $this->mapper->expects($this->once())
  424. ->method('getTokenById')
  425. ->with($this->equalTo(42))
  426. ->willReturn($token);
  428. try {
  429. $this->tokenProvider->getTokenById(42);
  430. $this->fail();
  431. } catch (ExpiredTokenException $e) {
  432. $this->assertSame($token, $e->getToken());
  433. }
  434. }
  436. public function testRotate() {
  437. $token = 'oldtoken';
  438. $uid = 'user';
  439. $user = 'User';
  440. $password = 'password';
  441. $name = 'User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12';
  442. $type = IToken::PERMANENT_TOKEN;
  444. $actual = $this->tokenProvider->generateToken($token, $uid, $user, $password, $name, $type, IToken::DO_NOT_REMEMBER);
  446. $new = $this->tokenProvider->rotate($actual, 'oldtoken', 'newtoken');
  448. $this->assertSame('password', $this->tokenProvider->getPassword($new, 'newtoken'));
  449. }
  451. public function testRotateNoPassword() {
  452. $token = 'oldtoken';
  453. $uid = 'user';
  454. $user = 'User';
  455. $password = null;
  456. $name = 'User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12';
  457. $type = IToken::PERMANENT_TOKEN;
  459. $actual = $this->tokenProvider->generateToken($token, $uid, $user, $password, $name, $type, IToken::DO_NOT_REMEMBER);
  461. $oldPrivate = $actual->getPrivateKey();
  463. $new = $this->tokenProvider->rotate($actual, 'oldtoken', 'newtoken');
  465. $newPrivate = $new->getPrivateKey();
  467. $this->assertNotSame($newPrivate, $oldPrivate);
  468. $this->assertNull($new->getPassword());
  469. }
  471. public function testMarkPasswordInvalidInvalidToken() {
  472. $token = $this->createMock(IToken::class);
  474. $this->expectException(InvalidTokenException::class);
  476. $this->tokenProvider->markPasswordInvalid($token, 'tokenId');
  477. }
  479. public function testMarkPasswordInvalid() {
  480. $token = $this->createMock(PublicKeyToken::class);
  482. $token->expects($this->once())
  483. ->method('setPasswordInvalid')
  484. ->with(true);
  485. $this->mapper->expects($this->once())
  486. ->method('update')
  487. ->with($token);
  489. $this->tokenProvider->markPasswordInvalid($token, 'tokenId');
  490. }
  492. public function testUpdatePasswords() {
  493. $uid = 'myUID';
  494. $token1 = $this->tokenProvider->generateToken(
  495. 'foo',
  496. $uid,
  497. $uid,
  498. 'bar',
  499. 'random1',
  500. IToken::PERMANENT_TOKEN,
  501. IToken::REMEMBER);
  502. $token2 = $this->tokenProvider->generateToken(
  503. 'foobar',
  504. $uid,
  505. $uid,
  506. 'bar',
  507. 'random2',
  508. IToken::PERMANENT_TOKEN,
  509. IToken::REMEMBER);
  511. $this->mapper->method('hasExpiredTokens')
  512. ->with($uid)
  513. ->willReturn(true);
  514. $this->mapper->expects($this->once())
  515. ->method('getTokenByUser')
  516. ->with($uid)
  517. ->willReturn([$token1, $token2]);
  518. $this->mapper->expects($this->exactly(2))
  519. ->method('update')
  520. ->with($this->callback(function (PublicKeyToken $t) use ($token1, $token2) {
  521. return $t === $token1 || $t === $token2;
  522. }));
  524. $this->tokenProvider->updatePasswords($uid, 'bar2');
  525. }
  526. }