nextcloud/apps/dav/tests/unit/Connector/LegacyPublicAuthTest.php

<?php

declare(strict_types=1);
/**
 * SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors
 * SPDX-FileCopyrightText: 2016 ownCloud, Inc.
 * SPDX-License-Identifier: AGPL-3.0-only
 */
namespace OCA\DAV\Tests\unit\Connector;

use OCA\DAV\Connector\LegacyPublicAuth;
use OCP\IRequest;
use OCP\ISession;
use OCP\Security\Bruteforce\IThrottler;
use OCP\Share\Exceptions\ShareNotFound;
use OCP\Share\IManager;
use OCP\Share\IShare;
use PHPUnit\Framework\MockObject\MockObject;

/**
 * Class LegacyPublicAuthTest
 *
 * @group DB
 *
 * @package OCA\DAV\Tests\unit\Connector
 */
class LegacyPublicAuthTest extends \Test\TestCase {
	private ISession&MockObject $session;
	private IRequest&MockObject $request;
	private IManager&MockObject $shareManager;
	private IThrottler&MockObject $throttler;
	private LegacyPublicAuth $auth;
	private string|false $oldUser;

	protected function setUp(): void {
		parent::setUp();

		$this->session = $this->createMock(ISession::class);
		$this->request = $this->createMock(IRequest::class);
		$this->shareManager = $this->createMock(IManager::class);
		$this->throttler = $this->createMock(IThrottler::class);

		$this->auth = new LegacyPublicAuth(
			$this->request,
			$this->shareManager,
			$this->session,
			$this->throttler
		);

		// Store current user
		$this->oldUser = \OC_User::getUser();
	}

	protected function tearDown(): void {
		\OC_User::setIncognitoMode(false);

		// Set old user
		\OC_User::setUserId($this->oldUser);
		if ($this->oldUser !== false) {
			\OC_Util::setupFS($this->oldUser);
		}

		parent::tearDown();
	}

	public function testNoShare(): void {
		$this->shareManager->expects($this->once())
			->method('getShareByToken')
			->willThrowException(new ShareNotFound());

		$result = $this->invokePrivate($this->auth, 'validateUserPass', ['username', 'password']);

		$this->assertFalse($result);
	}

	public function testShareNoPassword(): void {
		$share = $this->createMock(IShare::class);
		$share->method('getPassword')->willReturn(null);

		$this->shareManager->expects($this->once())
			->method('getShareByToken')
			->willReturn($share);

		$result = $this->invokePrivate($this->auth, 'validateUserPass', ['username', 'password']);

		$this->assertTrue($result);
	}

	public function testSharePasswordFancyShareType(): void {
		$share = $this->createMock(IShare::class);
		$share->method('getPassword')->willReturn('password');
		$share->method('getShareType')->willReturn(42);

		$this->shareManager->expects($this->once())
			->method('getShareByToken')
			->willReturn($share);

		$result = $this->invokePrivate($this->auth, 'validateUserPass', ['username', 'password']);

		$this->assertFalse($result);
	}


	public function testSharePasswordRemote(): void {
		$share = $this->createMock(IShare::class);
		$share->method('getPassword')->willReturn('password');
		$share->method('getShareType')->willReturn(IShare::TYPE_REMOTE);

		$this->shareManager->expects($this->once())
			->method('getShareByToken')
			->willReturn($share);

		$result = $this->invokePrivate($this->auth, 'validateUserPass', ['username', 'password']);

		$this->assertTrue($result);
	}

	public function testSharePasswordLinkValidPassword(): void {
		$share = $this->createMock(IShare::class);
		$share->method('getPassword')->willReturn('password');
		$share->method('getShareType')->willReturn(IShare::TYPE_LINK);

		$this->shareManager->expects($this->once())
			->method('getShareByToken')
			->willReturn($share);

		$this->shareManager->expects($this->once())
			->method('checkPassword')->with(
				$this->equalTo($share),
				$this->equalTo('password')
			)->willReturn(true);

		$result = $this->invokePrivate($this->auth, 'validateUserPass', ['username', 'password']);

		$this->assertTrue($result);
	}

	public function testSharePasswordMailValidPassword(): void {
		$share = $this->createMock(IShare::class);
		$share->method('getPassword')->willReturn('password');
		$share->method('getShareType')->willReturn(IShare::TYPE_EMAIL);

		$this->shareManager->expects($this->once())
			->method('getShareByToken')
			->willReturn($share);

		$this->shareManager->expects($this->once())
			->method('checkPassword')->with(
				$this->equalTo($share),
				$this->equalTo('password')
			)->willReturn(true);

		$result = $this->invokePrivate($this->auth, 'validateUserPass', ['username', 'password']);

		$this->assertTrue($result);
	}

	public function testInvalidSharePasswordLinkValidSession(): void {
		$share = $this->createMock(IShare::class);
		$share->method('getPassword')->willReturn('password');
		$share->method('getShareType')->willReturn(IShare::TYPE_LINK);
		$share->method('getId')->willReturn('42');

		$this->shareManager->expects($this->once())
			->method('getShareByToken')
			->willReturn($share);

		$this->shareManager->method('checkPassword')
			->with(
				$this->equalTo($share),
				$this->equalTo('password')
			)->willReturn(false);

		$this->session->method('exists')->with('public_link_authenticated')->willReturn(true);
		$this->session->method('get')->with('public_link_authenticated')->willReturn('42');

		$result = $this->invokePrivate($this->auth, 'validateUserPass', ['username', 'password']);

		$this->assertTrue($result);
	}

	public function testSharePasswordLinkInvalidSession(): void {
		$share = $this->createMock(IShare::class);
		$share->method('getPassword')->willReturn('password');
		$share->method('getShareType')->willReturn(IShare::TYPE_LINK);
		$share->method('getId')->willReturn('42');

		$this->shareManager->expects($this->once())
			->method('getShareByToken')
			->willReturn($share);

		$this->shareManager->method('checkPassword')
			->with(
				$this->equalTo($share),
				$this->equalTo('password')
			)->willReturn(false);

		$this->session->method('exists')->with('public_link_authenticated')->willReturn(true);
		$this->session->method('get')->with('public_link_authenticated')->willReturn('43');

		$result = $this->invokePrivate($this->auth, 'validateUserPass', ['username', 'password']);

		$this->assertFalse($result);
	}


	public function testSharePasswordMailInvalidSession(): void {
		$share = $this->createMock(IShare::class);
		$share->method('getPassword')->willReturn('password');
		$share->method('getShareType')->willReturn(IShare::TYPE_EMAIL);
		$share->method('getId')->willReturn('42');

		$this->shareManager->expects($this->once())
			->method('getShareByToken')
			->willReturn($share);

		$this->shareManager->method('checkPassword')
			->with(
				$this->equalTo($share),
				$this->equalTo('password')
			)->willReturn(false);

		$this->session->method('exists')->with('public_link_authenticated')->willReturn(true);
		$this->session->method('get')->with('public_link_authenticated')->willReturn('43');

		$result = $this->invokePrivate($this->auth, 'validateUserPass', ['username', 'password']);

		$this->assertFalse($result);
	}
}
Add unit tests for public auth webdav 2016-04-01 11:35:37 -04:00			`<?php`
chore: Add SPDX header Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de> 2024-05-28 06:34:11 -04:00
test: Migrate remaining DAV tests to PHPUnit 10 Signed-off-by: Joas Schilling <coding@schilljs.com> 2025-05-27 17:36:08 -04:00			`declare(strict_types=1);`
Update license headers 2016-05-26 13:56:05 -04:00			`/**`
chore: Add SPDX header Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de> 2024-05-28 06:34:11 -04:00			`* SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors`
			`* SPDX-FileCopyrightText: 2016 ownCloud, Inc.`
			`* SPDX-License-Identifier: AGPL-3.0-only`
Update license headers 2016-05-26 13:56:05 -04:00			`*/`
Update DAV unit tests to PSR-4 2016-05-25 10:04:15 -04:00			`namespace OCA\DAV\Tests\unit\Connector;`
Add unit tests for public auth webdav 2016-04-01 11:35:37 -04:00
chore(apps): Apply new rector configuration to autouse classes Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com> 2024-10-10 06:40:31 -04:00			`use OCA\DAV\Connector\LegacyPublicAuth;`
Add unit tests for public auth webdav 2016-04-01 11:35:37 -04:00			`use OCP\IRequest;`
			`use OCP\ISession;`
techdebt(DI): Use public IThrottler interface which exists since Nextcloud 25 Signed-off-by: Joas Schilling <coding@schilljs.com> 2023-08-28 09:50:45 -04:00			`use OCP\Security\Bruteforce\IThrottler;`
Add unit tests for public auth webdav 2016-04-01 11:35:37 -04:00			`use OCP\Share\Exceptions\ShareNotFound;`
			`use OCP\Share\IManager;`
Use ::class in test mocks of dav app Signed-off-by: Morris Jobke <hey@morrisjobke.de> 2017-10-24 18:03:28 -04:00			`use OCP\Share\IShare;`
test: Migrate remaining DAV tests to PHPUnit 10 Signed-off-by: Joas Schilling <coding@schilljs.com> 2025-05-27 17:36:08 -04:00			`use PHPUnit\Framework\MockObject\MockObject;`
Add unit tests for public auth webdav 2016-04-01 11:35:37 -04:00
Birthday calendar should never have write acl - fixes #24154 2016-04-21 07:36:52 -04:00			`/**`
fix: public dav and files_sharing testing fixes Signed-off-by: John Molakvoæ <skjnldsv@protonmail.com> 2022-10-28 09:05:07 -04:00			`* Class LegacyPublicAuthTest`
Birthday calendar should never have write acl - fixes #24154 2016-04-21 07:36:52 -04:00			`*`
			`* @group DB`
check password for mail shares as well Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org> 2017-05-04 05:20:20 -04:00			`*`
Update DAV unit tests to PSR-4 2016-05-25 10:04:15 -04:00			`* @package OCA\DAV\Tests\unit\Connector`
Birthday calendar should never have write acl - fixes #24154 2016-04-21 07:36:52 -04:00			`*/`
fix: public dav and files_sharing testing fixes Signed-off-by: John Molakvoæ <skjnldsv@protonmail.com> 2022-10-28 09:05:07 -04:00			`class LegacyPublicAuthTest extends \Test\TestCase {`
test: Migrate remaining DAV tests to PHPUnit 10 Signed-off-by: Joas Schilling <coding@schilljs.com> 2025-05-27 17:36:08 -04:00			`private ISession&MockObject $session;`
			`private IRequest&MockObject $request;`
			`private IManager&MockObject $shareManager;`
			`private IThrottler&MockObject $throttler;`
			`private LegacyPublicAuth $auth;`
			`private string\|false $oldUser;`
Add unit tests for public auth webdav 2016-04-01 11:35:37 -04:00
Make phpunit8 compatible Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2019-11-21 10:40:38 -05:00			`protected function setUp(): void {`
Add unit tests for public auth webdav 2016-04-01 11:35:37 -04:00			`parent::setUp();`

test: Migrate remaining DAV tests to PHPUnit 10 Signed-off-by: Joas Schilling <coding@schilljs.com> 2025-05-27 17:36:08 -04:00			`$this->session = $this->createMock(ISession::class);`
			`$this->request = $this->createMock(IRequest::class);`
			`$this->shareManager = $this->createMock(IManager::class);`
			`$this->throttler = $this->createMock(IThrottler::class);`
Add unit tests for public auth webdav 2016-04-01 11:35:37 -04:00
chore(apps): Apply new rector configuration to autouse classes Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com> 2024-10-10 06:40:31 -04:00			`$this->auth = new LegacyPublicAuth(`
Add unit tests for public auth webdav 2016-04-01 11:35:37 -04:00			`$this->request,`
			`$this->shareManager,`
Throttle on public DAV endpoint We should throttle whenever an invalid request is sent to the public WebDAV endpoint. Signed-off-by: Lukas Reschke <lukas@statuscode.ch> 2021-06-22 13:54:13 -04:00			`$this->session,`
			`$this->throttler`
Add unit tests for public auth webdav 2016-04-01 11:35:37 -04:00			`);`

			`// Store current user`
			`$this->oldUser = \OC_User::getUser();`
			`}`

Make phpunit8 compatible Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2019-11-21 10:40:38 -05:00			`protected function tearDown(): void {`
Add unit tests for public auth webdav 2016-04-01 11:35:37 -04:00			`\OC_User::setIncognitoMode(false);`

			`// Set old user`
			`\OC_User::setUserId($this->oldUser);`
test: Migrate remaining DAV tests to PHPUnit 10 Signed-off-by: Joas Schilling <coding@schilljs.com> 2025-05-27 17:36:08 -04:00			`if ($this->oldUser !== false) {`
			`\OC_Util::setupFS($this->oldUser);`
			`}`
Add unit tests for public auth webdav 2016-04-01 11:35:37 -04:00
			`parent::tearDown();`
			`}`

chore(dav): Add void return type to test methods Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at> 2023-01-20 02:38:43 -05:00			`public function testNoShare(): void {`
Add unit tests for public auth webdav 2016-04-01 11:35:37 -04:00			`$this->shareManager->expects($this->once())`
			`->method('getShareByToken')`
			`->willThrowException(new ShareNotFound());`

			`$result = $this->invokePrivate($this->auth, 'validateUserPass', ['username', 'password']);`

			`$this->assertFalse($result);`
			`}`

chore(dav): Add void return type to test methods Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at> 2023-01-20 02:38:43 -05:00			`public function testShareNoPassword(): void {`
test: Migrate remaining DAV tests to PHPUnit 10 Signed-off-by: Joas Schilling <coding@schilljs.com> 2025-05-27 17:36:08 -04:00			`$share = $this->createMock(IShare::class);`
Add unit tests for public auth webdav 2016-04-01 11:35:37 -04:00			`$share->method('getPassword')->willReturn(null);`

			`$this->shareManager->expects($this->once())`
			`->method('getShareByToken')`
			`->willReturn($share);`

			`$result = $this->invokePrivate($this->auth, 'validateUserPass', ['username', 'password']);`

			`$this->assertTrue($result);`
			`}`

chore(dav): Add void return type to test methods Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at> 2023-01-20 02:38:43 -05:00			`public function testSharePasswordFancyShareType(): void {`
test: Migrate remaining DAV tests to PHPUnit 10 Signed-off-by: Joas Schilling <coding@schilljs.com> 2025-05-27 17:36:08 -04:00			`$share = $this->createMock(IShare::class);`
Add unit tests for public auth webdav 2016-04-01 11:35:37 -04:00			`$share->method('getPassword')->willReturn('password');`
			`$share->method('getShareType')->willReturn(42);`

			`$this->shareManager->expects($this->once())`
			`->method('getShareByToken')`
			`->willReturn($share);`

			`$result = $this->invokePrivate($this->auth, 'validateUserPass', ['username', 'password']);`

			`$this->assertFalse($result);`
			`}`


chore(dav): Add void return type to test methods Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at> 2023-01-20 02:38:43 -05:00			`public function testSharePasswordRemote(): void {`
test: Migrate remaining DAV tests to PHPUnit 10 Signed-off-by: Joas Schilling <coding@schilljs.com> 2025-05-27 17:36:08 -04:00			`$share = $this->createMock(IShare::class);`
Add unit tests for public auth webdav 2016-04-01 11:35:37 -04:00			`$share->method('getPassword')->willReturn('password');`
Update share type constant usage Signed-off-by: Joas Schilling <coding@schilljs.com> 2020-06-24 10:49:16 -04:00			`$share->method('getShareType')->willReturn(IShare::TYPE_REMOTE);`
Add unit tests for public auth webdav 2016-04-01 11:35:37 -04:00
			`$this->shareManager->expects($this->once())`
			`->method('getShareByToken')`
			`->willReturn($share);`

			`$result = $this->invokePrivate($this->auth, 'validateUserPass', ['username', 'password']);`

			`$this->assertTrue($result);`
			`}`

chore(dav): Add void return type to test methods Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at> 2023-01-20 02:38:43 -05:00			`public function testSharePasswordLinkValidPassword(): void {`
test: Migrate remaining DAV tests to PHPUnit 10 Signed-off-by: Joas Schilling <coding@schilljs.com> 2025-05-27 17:36:08 -04:00			`$share = $this->createMock(IShare::class);`
Add unit tests for public auth webdav 2016-04-01 11:35:37 -04:00			`$share->method('getPassword')->willReturn('password');`
Update share type constant usage Signed-off-by: Joas Schilling <coding@schilljs.com> 2020-06-24 10:49:16 -04:00			`$share->method('getShareType')->willReturn(IShare::TYPE_LINK);`
Add unit tests for public auth webdav 2016-04-01 11:35:37 -04:00
			`$this->shareManager->expects($this->once())`
			`->method('getShareByToken')`
			`->willReturn($share);`

			`$this->shareManager->expects($this->once())`
			`->method('checkPassword')->with(`
			`$this->equalTo($share),`
			`$this->equalTo('password')`
			`)->willReturn(true);`

			`$result = $this->invokePrivate($this->auth, 'validateUserPass', ['username', 'password']);`

			`$this->assertTrue($result);`
			`}`

chore(dav): Add void return type to test methods Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at> 2023-01-20 02:38:43 -05:00			`public function testSharePasswordMailValidPassword(): void {`
test: Migrate remaining DAV tests to PHPUnit 10 Signed-off-by: Joas Schilling <coding@schilljs.com> 2025-05-27 17:36:08 -04:00			`$share = $this->createMock(IShare::class);`
check password for mail shares as well Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org> 2017-05-04 05:20:20 -04:00			`$share->method('getPassword')->willReturn('password');`
Update share type constant usage Signed-off-by: Joas Schilling <coding@schilljs.com> 2020-06-24 10:49:16 -04:00			`$share->method('getShareType')->willReturn(IShare::TYPE_EMAIL);`
check password for mail shares as well Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org> 2017-05-04 05:20:20 -04:00
			`$this->shareManager->expects($this->once())`
			`->method('getShareByToken')`
			`->willReturn($share);`

			`$this->shareManager->expects($this->once())`
			`->method('checkPassword')->with(`
			`$this->equalTo($share),`
			`$this->equalTo('password')`
			`)->willReturn(true);`

			`$result = $this->invokePrivate($this->auth, 'validateUserPass', ['username', 'password']);`

			`$this->assertTrue($result);`
			`}`

fix: public dav and files_sharing testing fixes Signed-off-by: John Molakvoæ <skjnldsv@protonmail.com> 2022-10-28 09:05:07 -04:00			`public function testInvalidSharePasswordLinkValidSession(): void {`
test: Migrate remaining DAV tests to PHPUnit 10 Signed-off-by: Joas Schilling <coding@schilljs.com> 2025-05-27 17:36:08 -04:00			`$share = $this->createMock(IShare::class);`
Add unit tests for public auth webdav 2016-04-01 11:35:37 -04:00			`$share->method('getPassword')->willReturn('password');`
Update share type constant usage Signed-off-by: Joas Schilling <coding@schilljs.com> 2020-06-24 10:49:16 -04:00			`$share->method('getShareType')->willReturn(IShare::TYPE_LINK);`
Add unit tests for public auth webdav 2016-04-01 11:35:37 -04:00			`$share->method('getId')->willReturn('42');`

			`$this->shareManager->expects($this->once())`
			`->method('getShareByToken')`
			`->willReturn($share);`

			`$this->shareManager->method('checkPassword')`
			`->with(`
			`$this->equalTo($share),`
			`$this->equalTo('password')`
			`)->willReturn(false);`

			`$this->session->method('exists')->with('public_link_authenticated')->willReturn(true);`
			`$this->session->method('get')->with('public_link_authenticated')->willReturn('42');`

			`$result = $this->invokePrivate($this->auth, 'validateUserPass', ['username', 'password']);`

			`$this->assertTrue($result);`
			`}`

chore(dav): Add void return type to test methods Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at> 2023-01-20 02:38:43 -05:00			`public function testSharePasswordLinkInvalidSession(): void {`
test: Migrate remaining DAV tests to PHPUnit 10 Signed-off-by: Joas Schilling <coding@schilljs.com> 2025-05-27 17:36:08 -04:00			`$share = $this->createMock(IShare::class);`
Add unit tests for public auth webdav 2016-04-01 11:35:37 -04:00			`$share->method('getPassword')->willReturn('password');`
Update share type constant usage Signed-off-by: Joas Schilling <coding@schilljs.com> 2020-06-24 10:49:16 -04:00			`$share->method('getShareType')->willReturn(IShare::TYPE_LINK);`
Add unit tests for public auth webdav 2016-04-01 11:35:37 -04:00			`$share->method('getId')->willReturn('42');`

			`$this->shareManager->expects($this->once())`
			`->method('getShareByToken')`
			`->willReturn($share);`

			`$this->shareManager->method('checkPassword')`
			`->with(`
			`$this->equalTo($share),`
			`$this->equalTo('password')`
			`)->willReturn(false);`

			`$this->session->method('exists')->with('public_link_authenticated')->willReturn(true);`
			`$this->session->method('get')->with('public_link_authenticated')->willReturn('43');`

			`$result = $this->invokePrivate($this->auth, 'validateUserPass', ['username', 'password']);`

			`$this->assertFalse($result);`
			`}`
check password for mail shares as well Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org> 2017-05-04 05:20:20 -04:00

chore(dav): Add void return type to test methods Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at> 2023-01-20 02:38:43 -05:00			`public function testSharePasswordMailInvalidSession(): void {`
test: Migrate remaining DAV tests to PHPUnit 10 Signed-off-by: Joas Schilling <coding@schilljs.com> 2025-05-27 17:36:08 -04:00			`$share = $this->createMock(IShare::class);`
check password for mail shares as well Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org> 2017-05-04 05:20:20 -04:00			`$share->method('getPassword')->willReturn('password');`
Update share type constant usage Signed-off-by: Joas Schilling <coding@schilljs.com> 2020-06-24 10:49:16 -04:00			`$share->method('getShareType')->willReturn(IShare::TYPE_EMAIL);`
check password for mail shares as well Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org> 2017-05-04 05:20:20 -04:00			`$share->method('getId')->willReturn('42');`

			`$this->shareManager->expects($this->once())`
			`->method('getShareByToken')`
			`->willReturn($share);`

			`$this->shareManager->method('checkPassword')`
			`->with(`
			`$this->equalTo($share),`
			`$this->equalTo('password')`
			`)->willReturn(false);`

			`$this->session->method('exists')->with('public_link_authenticated')->willReturn(true);`
			`$this->session->method('get')->with('public_link_authenticated')->willReturn('43');`

			`$result = $this->invokePrivate($this->auth, 'validateUserPass', ['username', 'password']);`

			`$this->assertFalse($result);`
			`}`
Add unit tests for public auth webdav 2016-04-01 11:35:37 -04:00			`}`