Mirrors
/
nextcloud-server
mirror of https://github.com/nextcloud/server
3
0
Fork 0
Code Releases Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
32472 Commits
631 Branches
1167 Tags
4.0 GiB
Tree: 7b4459d28d
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '7b4459d28d'
${ noResults }
nextcloud-server/tests/lib/User/SessionTest.php

662 lines
21 KiB
Raw Normal View History

New user management classes
13 years ago
Add unit test
11 years ago
Assign DB group for unit tests
10 years ago
Move tests/ to PSR-4 (#24731) * Move a-b to PSR-4 * Move c-d to PSR-4 * Move e+g to PSR-4 * Move h-l to PSR-4 * Move m-r to PSR-4 * Move s-u to PSR-4 * Move files/ to PSR-4 * Move remaining tests to PSR-4 * Remove Test\ from old autoloader
10 years ago
New user management classes
13 years ago
PHPDoc and other minor fixes
10 years ago
Fix existing tests
10 years ago
New user management classes
13 years ago
do not allow client password logins if token auth is enforced or 2FA is enabled
10 years ago
Fix existing tests
10 years ago
New user management classes
13 years ago
PHPDoc and other minor fixes
10 years ago
Fix existing tests
10 years ago
do not allow client password logins if token auth is enforced or 2FA is enabled
10 years ago
New user management classes
13 years ago
Fix existing tests
10 years ago
when generating browser/device token, save the login name for later password checks
10 years ago
Fix existing tests
10 years ago
when generating browser/device token, save the login name for later password checks
10 years ago
add a isLoggedIn method to the usersession and deprecate the isLoggedIn method on the api
11 years ago
Fix existing tests
10 years ago
add a isLoggedIn method to the usersession and deprecate the isLoggedIn method on the api
11 years ago
Fix existing tests
10 years ago
fix PHPDoc and other minor issues
10 years ago
add a isLoggedIn method to the usersession and deprecate the isLoggedIn method on the api
11 years ago
Fix existing tests
10 years ago
fix PHPDoc and other minor issues
10 years ago
Fix existing tests
10 years ago
fix PHPDoc and other minor issues
10 years ago
Fix existing tests
10 years ago
fix PHPDoc and other minor issues
10 years ago
Fix existing tests
10 years ago
when generating browser/device token, save the login name for later password checks
10 years ago
add a isLoggedIn method to the usersession and deprecate the isLoggedIn method on the api
11 years ago
fix PHPDoc and other minor issues
10 years ago
Fix existing tests
10 years ago
PHPDoc and other minor fixes
10 years ago
add a isLoggedIn method to the usersession and deprecate the isLoggedIn method on the api
11 years ago
fix PHPDoc and other minor issues
10 years ago
Fix existing tests
10 years ago
fix PHPDoc and other minor issues
10 years ago
Fix existing tests
10 years ago
fix PHPDoc and other minor issues
10 years ago
add a isLoggedIn method to the usersession and deprecate the isLoggedIn method on the api
11 years ago
Fix existing tests
10 years ago
do not allow client password logins if token auth is enforced or 2FA is enabled
10 years ago
Fix existing tests
10 years ago
use two tests instead of one
11 years ago
add a isLoggedIn method to the usersession and deprecate the isLoggedIn method on the api
11 years ago
Fix existing tests
10 years ago
use two tests instead of one
11 years ago
Fix existing tests
10 years ago
use two tests instead of one
11 years ago
Fix existing tests
10 years ago
use two tests instead of one
11 years ago
Fix existing tests
10 years ago
do not allow client password logins if token auth is enforced or 2FA is enabled
10 years ago
Fix existing tests
10 years ago
add a isLoggedIn method to the usersession and deprecate the isLoggedIn method on the api
11 years ago
New user management classes
13 years ago
Move dummy backend to Tests namespace
10 years ago
New user management classes
13 years ago
do not allow client password logins if token auth is enforced or 2FA is enabled
10 years ago
New user management classes
13 years ago
Move regeneration of session ID into session classes There were code paths that nowadays call ISession::login directly thus bypassing the desired regeneration of the session ID. This moves the session regeneration deeper into the session handling and thus ensures that it is always called. Furthermore, I also added the session regeneration to the remember me cookie plus added some test case expectations for this.
10 years ago
adjust test
12 years ago
New user management classes
13 years ago
Add unit test
11 years ago
Fix existing tests
10 years ago
New user management classes
13 years ago
test hooks also on login
12 years ago
Add unit test
11 years ago
test hooks also on login
12 years ago
Add unit test
11 years ago
test hooks also on login
12 years ago
New user management classes
13 years ago
Move dummy backend to Tests namespace
10 years ago
New user management classes
13 years ago
fix PHPDoc and other minor issues
10 years ago
New user management classes
13 years ago
test hooks also on login
12 years ago
New user management classes
13 years ago
User: move checkPassword from User to Manager to not break API
12 years ago
New user management classes
13 years ago
Fix existing tests
10 years ago
do not allow client password logins if token auth is enforced or 2FA is enabled
10 years ago
Fix existing tests
10 years ago
New user management classes
13 years ago
fix PHPDoc and other minor issues
10 years ago
New user management classes
13 years ago
Move regeneration of session ID into session classes There were code paths that nowadays call ISession::login directly thus bypassing the desired regeneration of the session ID. This moves the session regeneration deeper into the session handling and thus ensures that it is always called. Furthermore, I also added the session regeneration to the remember me cookie plus added some test case expectations for this.
10 years ago
Fix existing tests
10 years ago
New user management classes
13 years ago
test hooks also on login
12 years ago
Add unit test
11 years ago
test hooks also on login
12 years ago
Add unit test
11 years ago
test hooks also on login
12 years ago
New user management classes
13 years ago
Move dummy backend to Tests namespace
10 years ago
New user management classes
13 years ago
fix PHPDoc and other minor issues
10 years ago
New user management classes
13 years ago
test hooks also on login
12 years ago
New user management classes
13 years ago
User: move checkPassword from User to Manager to not break API
12 years ago
New user management classes
13 years ago
do not allow client password logins if token auth is enforced or 2FA is enabled
10 years ago
New user management classes
13 years ago
Move regeneration of session ID into session classes There were code paths that nowadays call ISession::login directly thus bypassing the desired regeneration of the session ID. This moves the session regeneration deeper into the session handling and thus ensures that it is always called. Furthermore, I also added the session regeneration to the remember me cookie plus added some test case expectations for this.
10 years ago
New user management classes
13 years ago
Move regeneration of session ID into session classes There were code paths that nowadays call ISession::login directly thus bypassing the desired regeneration of the session ID. This moves the session regeneration deeper into the session handling and thus ensures that it is always called. Furthermore, I also added the session regeneration to the remember me cookie plus added some test case expectations for this.
10 years ago
Fix existing tests
10 years ago
New user management classes
13 years ago
test hooks also on login
12 years ago
Add unit test
11 years ago
test hooks also on login
12 years ago
Add unit test
11 years ago
test hooks also on login
12 years ago
New user management classes
13 years ago
Move dummy backend to Tests namespace
10 years ago
New user management classes
13 years ago
test hooks also on login
12 years ago
New user management classes
13 years ago
User: move checkPassword from User to Manager to not break API
12 years ago
New user management classes
13 years ago
do not allow client password logins if token auth is enforced or 2FA is enabled
10 years ago
New user management classes
13 years ago
Move regeneration of session ID into session classes There were code paths that nowadays call ISession::login directly thus bypassing the desired regeneration of the session ID. This moves the session regeneration deeper into the session handling and thus ensures that it is always called. Furthermore, I also added the session regeneration to the remember me cookie plus added some test case expectations for this.
10 years ago
Fix existing tests
10 years ago
New user management classes
13 years ago
Fix existing tests
10 years ago
New user management classes
13 years ago
User: move checkPassword from User to Manager to not break API
12 years ago
New user management classes
13 years ago
do not allow client password logins if token auth is enforced or 2FA is enabled
10 years ago
New user management classes
13 years ago
unit tests for loginWithCookie()
12 years ago
do not allow client password logins if token auth is enforced or 2FA is enabled
10 years ago
unit tests for loginWithCookie()
12 years ago
Add unit test
11 years ago
Fix existing tests
10 years ago
Move regeneration of session ID into session classes There were code paths that nowadays call ISession::login directly thus bypassing the desired regeneration of the session ID. This moves the session regeneration deeper into the session handling and thus ensures that it is always called. Furthermore, I also added the session regeneration to the remember me cookie plus added some test case expectations for this.
10 years ago
Fix existing tests
10 years ago
unit tests for loginWithCookie()
12 years ago
also test whether hooks work
12 years ago
Add unit test
11 years ago
also test whether hooks work
12 years ago
Add unit test
11 years ago
also test whether hooks work
12 years ago
unit tests for loginWithCookie()
12 years ago
Move dummy backend to Tests namespace
10 years ago
unit tests for loginWithCookie()
12 years ago
also test whether hooks work
12 years ago
unit tests for loginWithCookie()
12 years ago
reduce OC_Preferences, OC_Config and \OCP\Config usage * files_encryption * files_versions * files_trashbin * tests * status.php * core * server container
11 years ago
unit tests for loginWithCookie()
12 years ago
do not allow client password logins if token auth is enforced or 2FA is enabled
10 years ago
unit tests for loginWithCookie()
12 years ago
Move regeneration of session ID into session classes There were code paths that nowadays call ISession::login directly thus bypassing the desired regeneration of the session ID. This moves the session regeneration deeper into the session handling and thus ensures that it is always called. Furthermore, I also added the session regeneration to the remember me cookie plus added some test case expectations for this.
10 years ago
Fix existing tests
10 years ago
unit tests for loginWithCookie()
12 years ago
also test whether hooks work
12 years ago
Add unit test
11 years ago
also test whether hooks work
12 years ago
Add unit test
11 years ago
also test whether hooks work
12 years ago
unit tests for loginWithCookie()
12 years ago
Move dummy backend to Tests namespace
10 years ago
unit tests for loginWithCookie()
12 years ago
also test whether hooks work
12 years ago
unit tests for loginWithCookie()
12 years ago
reduce OC_Preferences, OC_Config and \OCP\Config usage * files_encryption * files_versions * files_trashbin * tests * status.php * core * server container
11 years ago
unit tests for loginWithCookie()
12 years ago
do not allow client password logins if token auth is enforced or 2FA is enabled
10 years ago
unit tests for loginWithCookie()
12 years ago
Move regeneration of session ID into session classes There were code paths that nowadays call ISession::login directly thus bypassing the desired regeneration of the session ID. This moves the session regeneration deeper into the session handling and thus ensures that it is always called. Furthermore, I also added the session regeneration to the remember me cookie plus added some test case expectations for this.
10 years ago
Fix existing tests
10 years ago
unit tests for loginWithCookie()
12 years ago
also test whether hooks work
12 years ago
Add unit test
11 years ago
also test whether hooks work
12 years ago
Add unit test
11 years ago
also test whether hooks work
12 years ago
unit tests for loginWithCookie()
12 years ago
Move dummy backend to Tests namespace
10 years ago
unit tests for loginWithCookie()
12 years ago
also test whether hooks work
12 years ago
unit tests for loginWithCookie()
12 years ago
reduce OC_Preferences, OC_Config and \OCP\Config usage * files_encryption * files_versions * files_trashbin * tests * status.php * core * server container
11 years ago
unit tests for loginWithCookie()
12 years ago
do not allow client password logins if token auth is enforced or 2FA is enabled
10 years ago
unit tests for loginWithCookie()
12 years ago
Add unit test
11 years ago
Fix existing tests
10 years ago
Add unit test
11 years ago
Fix existing tests
10 years ago
do not allow client password logins if token auth is enforced or 2FA is enabled
10 years ago
Fix existing tests
10 years ago
Add unit test
11 years ago
Fix existing tests
10 years ago
don't allow token login for disabled users
10 years ago
do not allow client password logins if token auth is enforced or 2FA is enabled
10 years ago
don't allow token login for disabled users
10 years ago
invalidate user session if the user is disabled
10 years ago
do not allow client password logins if token auth is enforced or 2FA is enabled
10 years ago
invalidate user session if the user is disabled
10 years ago
when generating browser/device token, save the login name for later password checks
10 years ago
invalidate user session if the user is disabled
10 years ago
when generating browser/device token, save the login name for later password checks
10 years ago
invalidate user session if the user is disabled
10 years ago
Create session tokens for apache auth users
10 years ago
New user management classes
13 years ago
  1. <?php
  3. /**
  4. * Copyright (c) 2013 Robin Appelman <icewind@owncloud.com>
  5. * This file is licensed under the Affero General Public License version 3 or
  6. * later.
  7. * See the COPYING-README file.
  8. */
  10. namespace Test\User;
  12. use OC\Session\Memory;
  13. use OC\User\User;
  15. /**
  16. * @group DB
  17. * @package Test\User
  18. */
  19. class SessionTest extends \Test\TestCase {
  21. /** @var \OCP\AppFramework\Utility\ITimeFactory */
  22. private $timeFactory;
  24. /** @var \OC\Authentication\Token\DefaultTokenProvider */
  25. protected $defaultProvider;
  27. /** @var \OCP\IConfig */
  28. private $config;
  30. protected function setUp() {
  31. parent::setUp();
  33. $this->timeFactory = $this->getMock('\OCP\AppFramework\Utility\ITimeFactory');
  34. $this->timeFactory->expects($this->any())
  35. ->method('getTime')
  36. ->will($this->returnValue(10000));
  37. $this->defaultProvider = $this->getMockBuilder('\OC\Authentication\Token\DefaultTokenProvider')
  38. ->disableOriginalConstructor()
  39. ->getMock();
  40. $this->config = $this->getMock('\OCP\IConfig');
  41. }
  43. public function testGetUser() {
  44. $token = new \OC\Authentication\Token\DefaultToken();
  45. $token->setLoginName('User123');
  47. $expectedUser = $this->getMock('\OCP\IUser');
  48. $expectedUser->expects($this->any())
  49. ->method('getUID')
  50. ->will($this->returnValue('user123'));
  51. $session = $this->getMock('\OC\Session\Memory', array(), array(''));
  52. $session->expects($this->at(0))
  53. ->method('get')
  54. ->with('user_id')
  55. ->will($this->returnValue($expectedUser->getUID()));
  56. $sessionId = 'abcdef12345';
  58. $manager = $this->getMockBuilder('\OC\User\Manager')
  59. ->disableOriginalConstructor()
  60. ->getMock();
  61. $session->expects($this->once())
  62. ->method('getId')
  63. ->will($this->returnValue($sessionId));
  64. $this->defaultProvider->expects($this->once())
  65. ->method('getToken')
  66. ->will($this->returnValue($token));
  67. $session->expects($this->at(2))
  68. ->method('get')
  69. ->with('last_login_check')
  70. ->will($this->returnValue(null)); // No check has been run yet
  71. $this->defaultProvider->expects($this->once())
  72. ->method('getPassword')
  73. ->with($token, $sessionId)
  74. ->will($this->returnValue('password123'));
  75. $manager->expects($this->once())
  76. ->method('checkPassword')
  77. ->with('User123', 'password123')
  78. ->will($this->returnValue(true));
  79. $expectedUser->expects($this->once())
  80. ->method('isEnabled')
  81. ->will($this->returnValue(true));
  82. $session->expects($this->at(3))
  83. ->method('set')
  84. ->with('last_login_check', 10000);
  86. $session->expects($this->at(4))
  87. ->method('get')
  88. ->with('last_token_update')
  89. ->will($this->returnValue(null)); // No check run so far
  90. $this->defaultProvider->expects($this->once())
  91. ->method('updateToken')
  92. ->with($token);
  93. $session->expects($this->at(5))
  94. ->method('set')
  95. ->with('last_token_update', $this->equalTo(10000));
  97. $manager->expects($this->any())
  98. ->method('get')
  99. ->with($expectedUser->getUID())
  100. ->will($this->returnValue($expectedUser));
  102. $userSession = new \OC\User\Session($manager, $session, $this->timeFactory, $this->defaultProvider, $this->config);
  103. $user = $userSession->getUser();
  104. $this->assertSame($expectedUser, $user);
  105. }
  107. public function isLoggedInData() {
  108. return [
  109. [true],
  110. [false],
  111. ];
  112. }
  114. /**
  115. * @dataProvider isLoggedInData
  116. */
  117. public function testIsLoggedIn($isLoggedIn) {
  118. $session = $this->getMock('\OC\Session\Memory', array(), array(''));
  120. $manager = $this->getMockBuilder('\OC\User\Manager')
  121. ->disableOriginalConstructor()
  122. ->getMock();
  124. $userSession = $this->getMockBuilder('\OC\User\Session')
  125. ->setConstructorArgs([$manager, $session, $this->timeFactory, $this->defaultProvider, $this->config])
  126. ->setMethods([
  127. 'getUser'
  128. ])
  129. ->getMock();
  130. $user = new User('sepp', null);
  131. $userSession->expects($this->once())
  132. ->method('getUser')
  133. ->will($this->returnValue($isLoggedIn ? $user : null));
  134. $this->assertEquals($isLoggedIn, $userSession->isLoggedIn());
  135. }
  137. public function testSetUser() {
  138. $session = $this->getMock('\OC\Session\Memory', array(), array(''));
  139. $session->expects($this->once())
  140. ->method('set')
  141. ->with('user_id', 'foo');
  143. $manager = $this->getMock('\OC\User\Manager');
  145. $backend = $this->getMock('\Test\Util\User\Dummy');
  147. $user = $this->getMock('\OC\User\User', array(), array('foo', $backend));
  148. $user->expects($this->once())
  149. ->method('getUID')
  150. ->will($this->returnValue('foo'));
  152. $userSession = new \OC\User\Session($manager, $session, $this->timeFactory, $this->defaultProvider, $this->config);
  153. $userSession->setUser($user);
  154. }
  156. public function testLoginValidPasswordEnabled() {
  157. $session = $this->getMock('\OC\Session\Memory', array(), array(''));
  158. $session->expects($this->once())
  159. ->method('regenerateId');
  160. $session->expects($this->exactly(2))
  161. ->method('set')
  162. ->with($this->callback(function ($key) {
  163. switch ($key) {
  164. case 'user_id':
  165. case 'loginname':
  166. return true;
  167. break;
  168. default:
  169. return false;
  170. break;
  171. }
  172. }, 'foo'));
  174. $managerMethods = get_class_methods('\OC\User\Manager');
  175. //keep following methods intact in order to ensure hooks are
  176. //working
  177. $doNotMock = array('__construct', 'emit', 'listen');
  178. foreach ($doNotMock as $methodName) {
  179. $i = array_search($methodName, $managerMethods, true);
  180. if ($i !== false) {
  181. unset($managerMethods[$i]);
  182. }
  183. }
  184. $manager = $this->getMock('\OC\User\Manager', $managerMethods, array());
  186. $backend = $this->getMock('\Test\Util\User\Dummy');
  188. $user = $this->getMock('\OC\User\User', array(), array('foo', $backend));
  189. $user->expects($this->any())
  190. ->method('isEnabled')
  191. ->will($this->returnValue(true));
  192. $user->expects($this->any())
  193. ->method('getUID')
  194. ->will($this->returnValue('foo'));
  195. $user->expects($this->once())
  196. ->method('updateLastLoginTimestamp');
  198. $manager->expects($this->once())
  199. ->method('checkPassword')
  200. ->with('foo', 'bar')
  201. ->will($this->returnValue($user));
  203. $userSession = $this->getMockBuilder('\OC\User\Session')
  204. ->setConstructorArgs([$manager, $session, $this->timeFactory, $this->defaultProvider, $this->config])
  205. ->setMethods([
  206. 'prepareUserLogin'
  207. ])
  208. ->getMock();
  209. $userSession->expects($this->once())
  210. ->method('prepareUserLogin');
  211. $userSession->login('foo', 'bar');
  212. $this->assertEquals($user, $userSession->getUser());
  213. }
  215. /**
  216. * @expectedException \OC\User\LoginException
  217. */
  218. public function testLoginValidPasswordDisabled() {
  219. $session = $this->getMock('\OC\Session\Memory', array(), array(''));
  220. $session->expects($this->never())
  221. ->method('set');
  222. $session->expects($this->once())
  223. ->method('regenerateId');
  225. $managerMethods = get_class_methods('\OC\User\Manager');
  226. //keep following methods intact in order to ensure hooks are
  227. //working
  228. $doNotMock = array('__construct', 'emit', 'listen');
  229. foreach ($doNotMock as $methodName) {
  230. $i = array_search($methodName, $managerMethods, true);
  231. if ($i !== false) {
  232. unset($managerMethods[$i]);
  233. }
  234. }
  235. $manager = $this->getMock('\OC\User\Manager', $managerMethods, array());
  237. $backend = $this->getMock('\Test\Util\User\Dummy');
  239. $user = $this->getMock('\OC\User\User', array(), array('foo', $backend));
  240. $user->expects($this->any())
  241. ->method('isEnabled')
  242. ->will($this->returnValue(false));
  243. $user->expects($this->never())
  244. ->method('updateLastLoginTimestamp');
  246. $manager->expects($this->once())
  247. ->method('checkPassword')
  248. ->with('foo', 'bar')
  249. ->will($this->returnValue($user));
  251. $userSession = new \OC\User\Session($manager, $session, $this->timeFactory, $this->defaultProvider, $this->config);
  252. $userSession->login('foo', 'bar');
  253. }
  255. public function testLoginInvalidPassword() {
  256. $session = $this->getMock('\OC\Session\Memory', array(), array(''));
  257. $session->expects($this->never())
  258. ->method('set');
  259. $session->expects($this->once())
  260. ->method('regenerateId');
  262. $managerMethods = get_class_methods('\OC\User\Manager');
  263. //keep following methods intact in order to ensure hooks are
  264. //working
  265. $doNotMock = array('__construct', 'emit', 'listen');
  266. foreach ($doNotMock as $methodName) {
  267. $i = array_search($methodName, $managerMethods, true);
  268. if ($i !== false) {
  269. unset($managerMethods[$i]);
  270. }
  271. }
  272. $manager = $this->getMock('\OC\User\Manager', $managerMethods, array());
  274. $backend = $this->getMock('\Test\Util\User\Dummy');
  276. $user = $this->getMock('\OC\User\User', array(), array('foo', $backend));
  277. $user->expects($this->never())
  278. ->method('isEnabled');
  279. $user->expects($this->never())
  280. ->method('updateLastLoginTimestamp');
  282. $manager->expects($this->once())
  283. ->method('checkPassword')
  284. ->with('foo', 'bar')
  285. ->will($this->returnValue(false));
  287. $userSession = new \OC\User\Session($manager, $session, $this->timeFactory, $this->defaultProvider, $this->config);
  288. $userSession->login('foo', 'bar');
  289. }
  291. public function testLoginNonExisting() {
  292. $session = $this->getMock('\OC\Session\Memory', array(), array(''));
  293. $session->expects($this->never())
  294. ->method('set');
  295. $session->expects($this->once())
  296. ->method('regenerateId');
  298. $manager = $this->getMock('\OC\User\Manager');
  300. $backend = $this->getMock('\Test\Util\User\Dummy');
  302. $manager->expects($this->once())
  303. ->method('checkPassword')
  304. ->with('foo', 'bar')
  305. ->will($this->returnValue(false));
  307. $userSession = new \OC\User\Session($manager, $session, $this->timeFactory, $this->defaultProvider, $this->config);
  308. $userSession->login('foo', 'bar');
  309. }
  311. public function testLogClientInNoTokenPasswordWith2fa() {
  312. $manager = $this->getMockBuilder('\OC\User\Manager')
  313. ->disableOriginalConstructor()
  314. ->getMock();
  315. $session = $this->getMock('\OCP\ISession');
  317. /** @var \OC\User\Session $userSession */
  318. $userSession = $this->getMockBuilder('\OC\User\Session')
  319. ->setConstructorArgs([$manager, $session, $this->timeFactory, $this->defaultProvider, $this->config])
  320. ->setMethods(['login'])
  321. ->getMock();
  323. $this->defaultProvider->expects($this->once())
  324. ->method('getToken')
  325. ->with('doe')
  326. ->will($this->throwException(new \OC\Authentication\Exceptions\InvalidTokenException()));
  327. $this->config->expects($this->once())
  328. ->method('getSystemValue')
  329. ->with('token_auth_enforced', false)
  330. ->will($this->returnValue(true));
  332. $this->assertFalse($userSession->logClientIn('john', 'doe'));
  333. }
  335. public function testLogClientInNoTokenPasswordNo2fa() {
  336. $manager = $this->getMockBuilder('\OC\User\Manager')
  337. ->disableOriginalConstructor()
  338. ->getMock();
  339. $session = $this->getMock('\OCP\ISession');
  340. $user = $this->getMock('\OCP\IUser');
  342. /** @var \OC\User\Session $userSession */
  343. $userSession = $this->getMockBuilder('\OC\User\Session')
  344. ->setConstructorArgs([$manager, $session, $this->timeFactory, $this->defaultProvider, $this->config])
  345. ->setMethods(['login', 'isTwoFactorEnforced'])
  346. ->getMock();
  348. $this->defaultProvider->expects($this->once())
  349. ->method('getToken')
  350. ->with('doe')
  351. ->will($this->throwException(new \OC\Authentication\Exceptions\InvalidTokenException()));
  352. $this->config->expects($this->once())
  353. ->method('getSystemValue')
  354. ->with('token_auth_enforced', false)
  355. ->will($this->returnValue(false));
  357. $userSession->expects($this->once())
  358. ->method('isTwoFactorEnforced')
  359. ->with('john')
  360. ->will($this->returnValue(true));
  362. $this->assertFalse($userSession->logClientIn('john', 'doe'));
  363. }
  365. public function testRememberLoginValidToken() {
  366. $session = $this->getMock('\OC\Session\Memory', array(), array(''));
  367. $session->expects($this->exactly(1))
  368. ->method('set')
  369. ->with($this->callback(function ($key) {
  370. switch ($key) {
  371. case 'user_id':
  372. return true;
  373. default:
  374. return false;
  375. }
  376. }, 'foo'));
  377. $session->expects($this->once())
  378. ->method('regenerateId');
  380. $managerMethods = get_class_methods('\OC\User\Manager');
  381. //keep following methods intact in order to ensure hooks are
  382. //working
  383. $doNotMock = array('__construct', 'emit', 'listen');
  384. foreach ($doNotMock as $methodName) {
  385. $i = array_search($methodName, $managerMethods, true);
  386. if ($i !== false) {
  387. unset($managerMethods[$i]);
  388. }
  389. }
  390. $manager = $this->getMock('\OC\User\Manager', $managerMethods, array());
  392. $backend = $this->getMock('\Test\Util\User\Dummy');
  394. $user = $this->getMock('\OC\User\User', array(), array('foo', $backend));
  396. $user->expects($this->any())
  397. ->method('getUID')
  398. ->will($this->returnValue('foo'));
  399. $user->expects($this->once())
  400. ->method('updateLastLoginTimestamp');
  402. $manager->expects($this->once())
  403. ->method('get')
  404. ->with('foo')
  405. ->will($this->returnValue($user));
  407. //prepare login token
  408. $token = 'goodToken';
  409. \OC::$server->getConfig()->setUserValue('foo', 'login_token', $token, time());
  411. $userSession = $this->getMock(
  412. '\OC\User\Session',
  413. //override, otherwise tests will fail because of setcookie()
  414. array('setMagicInCookie'),
  415. //there are passed as parameters to the constructor
  416. array($manager, $session, $this->timeFactory, $this->defaultProvider, $this->config));
  418. $granted = $userSession->loginWithCookie('foo', $token);
  420. $this->assertSame($granted, true);
  421. }
  423. public function testRememberLoginInvalidToken() {
  424. $session = $this->getMock('\OC\Session\Memory', array(), array(''));
  425. $session->expects($this->never())
  426. ->method('set');
  427. $session->expects($this->once())
  428. ->method('regenerateId');
  430. $managerMethods = get_class_methods('\OC\User\Manager');
  431. //keep following methods intact in order to ensure hooks are
  432. //working
  433. $doNotMock = array('__construct', 'emit', 'listen');
  434. foreach ($doNotMock as $methodName) {
  435. $i = array_search($methodName, $managerMethods, true);
  436. if ($i !== false) {
  437. unset($managerMethods[$i]);
  438. }
  439. }
  440. $manager = $this->getMock('\OC\User\Manager', $managerMethods, array());
  442. $backend = $this->getMock('\Test\Util\User\Dummy');
  444. $user = $this->getMock('\OC\User\User', array(), array('foo', $backend));
  446. $user->expects($this->any())
  447. ->method('getUID')
  448. ->will($this->returnValue('foo'));
  449. $user->expects($this->never())
  450. ->method('updateLastLoginTimestamp');
  452. $manager->expects($this->once())
  453. ->method('get')
  454. ->with('foo')
  455. ->will($this->returnValue($user));
  457. //prepare login token
  458. $token = 'goodToken';
  459. \OC::$server->getConfig()->setUserValue('foo', 'login_token', $token, time());
  461. $userSession = new \OC\User\Session($manager, $session, $this->timeFactory, $this->defaultProvider, $this->config);
  462. $granted = $userSession->loginWithCookie('foo', 'badToken');
  464. $this->assertSame($granted, false);
  465. }
  467. public function testRememberLoginInvalidUser() {
  468. $session = $this->getMock('\OC\Session\Memory', array(), array(''));
  469. $session->expects($this->never())
  470. ->method('set');
  471. $session->expects($this->once())
  472. ->method('regenerateId');
  474. $managerMethods = get_class_methods('\OC\User\Manager');
  475. //keep following methods intact in order to ensure hooks are
  476. //working
  477. $doNotMock = array('__construct', 'emit', 'listen');
  478. foreach ($doNotMock as $methodName) {
  479. $i = array_search($methodName, $managerMethods, true);
  480. if ($i !== false) {
  481. unset($managerMethods[$i]);
  482. }
  483. }
  484. $manager = $this->getMock('\OC\User\Manager', $managerMethods, array());
  486. $backend = $this->getMock('\Test\Util\User\Dummy');
  488. $user = $this->getMock('\OC\User\User', array(), array('foo', $backend));
  490. $user->expects($this->never())
  491. ->method('getUID');
  492. $user->expects($this->never())
  493. ->method('updateLastLoginTimestamp');
  495. $manager->expects($this->once())
  496. ->method('get')
  497. ->with('foo')
  498. ->will($this->returnValue(null));
  500. //prepare login token
  501. $token = 'goodToken';
  502. \OC::$server->getConfig()->setUserValue('foo', 'login_token', $token, time());
  504. $userSession = new \OC\User\Session($manager, $session, $this->timeFactory, $this->defaultProvider, $this->config);
  505. $granted = $userSession->loginWithCookie('foo', $token);
  507. $this->assertSame($granted, false);
  508. }
  510. public function testActiveUserAfterSetSession() {
  511. $users = array(
  512. 'foo' => new User('foo', null),
  513. 'bar' => new User('bar', null)
  514. );
  516. $manager = $this->getMockBuilder('\OC\User\Manager')
  517. ->disableOriginalConstructor()
  518. ->getMock();
  520. $manager->expects($this->any())
  521. ->method('get')
  522. ->will($this->returnCallback(function ($uid) use ($users) {
  523. return $users[$uid];
  524. }));
  526. $session = new Memory('');
  527. $session->set('user_id', 'foo');
  528. $userSession = $this->getMockBuilder('\OC\User\Session')
  529. ->setConstructorArgs([$manager, $session, $this->timeFactory, $this->defaultProvider, $this->config])
  530. ->setMethods([
  531. 'validateSession'
  532. ])
  533. ->getMock();
  534. $userSession->expects($this->any())
  535. ->method('validateSession');
  537. $this->assertEquals($users['foo'], $userSession->getUser());
  539. $session2 = new Memory('');
  540. $session2->set('user_id', 'bar');
  541. $userSession->setSession($session2);
  542. $this->assertEquals($users['bar'], $userSession->getUser());
  543. }
  545. public function testTryTokenLoginWithDisabledUser() {
  546. $manager = $this->getMockBuilder('\OC\User\Manager')
  547. ->disableOriginalConstructor()
  548. ->getMock();
  549. $session = new Memory('');
  550. $token = $this->getMock('\OC\Authentication\Token\IToken');
  551. $user = $this->getMock('\OCP\IUser');
  552. $userSession = new \OC\User\Session($manager, $session, $this->timeFactory, $this->defaultProvider, $this->config);
  553. $request = $this->getMock('\OCP\IRequest');
  555. $request->expects($this->once())
  556. ->method('getHeader')
  557. ->with('Authorization')
  558. ->will($this->returnValue('token xxxxx'));
  559. $this->defaultProvider->expects($this->once())
  560. ->method('validateToken')
  561. ->with('xxxxx')
  562. ->will($this->returnValue($token));
  563. $token->expects($this->once())
  564. ->method('getUID')
  565. ->will($this->returnValue('user123'));
  566. $manager->expects($this->once())
  567. ->method('get')
  568. ->with('user123')
  569. ->will($this->returnValue($user));
  570. $user->expects($this->once())
  571. ->method('isEnabled')
  572. ->will($this->returnValue(false));
  574. $this->assertFalse($userSession->tryTokenLogin($request));
  575. }
  577. public function testValidateSessionDisabledUser() {
  578. $userManager = $this->getMock('\OCP\IUserManager');
  579. $session = $this->getMock('\OCP\ISession');
  580. $timeFactory = $this->getMock('\OCP\AppFramework\Utility\ITimeFactory');
  581. $tokenProvider = $this->getMock('\OC\Authentication\Token\IProvider');
  582. $userSession = $this->getMockBuilder('\OC\User\Session')
  583. ->setConstructorArgs([$userManager, $session, $timeFactory, $tokenProvider, $this->config])
  584. ->setMethods(['logout'])
  585. ->getMock();
  587. $user = $this->getMock('\OCP\IUser');
  588. $token = $this->getMock('\OC\Authentication\Token\IToken');
  590. $session->expects($this->once())
  591. ->method('getId')
  592. ->will($this->returnValue('sessionid'));
  593. $tokenProvider->expects($this->once())
  594. ->method('getToken')
  595. ->with('sessionid')
  596. ->will($this->returnValue($token));
  597. $session->expects($this->once())
  598. ->method('get')
  599. ->with('last_login_check')
  600. ->will($this->returnValue(1000));
  601. $timeFactory->expects($this->once())
  602. ->method('getTime')
  603. ->will($this->returnValue(5000));
  604. $tokenProvider->expects($this->once())
  605. ->method('getPassword')
  606. ->with($token, 'sessionid')
  607. ->will($this->returnValue('123456'));
  608. $token->expects($this->once())
  609. ->method('getLoginName')
  610. ->will($this->returnValue('User5'));
  611. $userManager->expects($this->once())
  612. ->method('checkPassword')
  613. ->with('User5', '123456')
  614. ->will($this->returnValue(true));
  615. $user->expects($this->once())
  616. ->method('isEnabled')
  617. ->will($this->returnValue(false));
  618. $userSession->expects($this->once())
  619. ->method('logout');
  621. $this->invokePrivate($userSession, 'validateSession', [$user]);
  622. }
  624. public function testValidateSessionNoPassword() {
  625. $userManager = $this->getMock('\OCP\IUserManager');
  626. $session = $this->getMock('\OCP\ISession');
  627. $timeFactory = $this->getMock('\OCP\AppFramework\Utility\ITimeFactory');
  628. $tokenProvider = $this->getMock('\OC\Authentication\Token\IProvider');
  629. $userSession = $this->getMockBuilder('\OC\User\Session')
  630. ->setConstructorArgs([$userManager, $session, $timeFactory, $tokenProvider, $this->config])
  631. ->setMethods(['logout'])
  632. ->getMock();
  634. $user = $this->getMock('\OCP\IUser');
  635. $token = $this->getMock('\OC\Authentication\Token\IToken');
  637. $session->expects($this->once())
  638. ->method('getId')
  639. ->will($this->returnValue('sessionid'));
  640. $tokenProvider->expects($this->once())
  641. ->method('getToken')
  642. ->with('sessionid')
  643. ->will($this->returnValue($token));
  644. $session->expects($this->once())
  645. ->method('get')
  646. ->with('last_login_check')
  647. ->will($this->returnValue(1000));
  648. $timeFactory->expects($this->once())
  649. ->method('getTime')
  650. ->will($this->returnValue(5000));
  651. $tokenProvider->expects($this->once())
  652. ->method('getPassword')
  653. ->with($token, 'sessionid')
  654. ->will($this->throwException(new \OC\Authentication\Exceptions\PasswordlessTokenException()));
  655. $session->expects($this->once())
  656. ->method('set')
  657. ->with('last_login_check', 5000);
  659. $this->invokePrivate($userSession, 'validateSession', [$user]);
  660. }
  662. }