nextcloud/apps/federation/tests/Controller/OCSAuthAPIControllerTest.php

<?php

/**
 * SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors
 * SPDX-FileCopyrightText: 2016 ownCloud, Inc.
 * SPDX-License-Identifier: AGPL-3.0-only
 */
namespace OCA\Federation\Tests\Controller;

use OC\BackgroundJob\JobList;
use OCA\Federation\Controller\OCSAuthAPIController;
use OCA\Federation\DbHandler;
use OCA\Federation\TrustedServers;
use OCP\AppFramework\OCS\OCSForbiddenException;
use OCP\AppFramework\Utility\ITimeFactory;
use OCP\IRequest;
use OCP\Security\Bruteforce\IThrottler;
use OCP\Security\ISecureRandom;
use Psr\Log\LoggerInterface;
use Test\TestCase;

class OCSAuthAPIControllerTest extends TestCase {
	/** @var \PHPUnit\Framework\MockObject\MockObject|IRequest */
	private $request;

	/** @var \PHPUnit\Framework\MockObject\MockObject|ISecureRandom */
	private $secureRandom;

	/** @var \PHPUnit\Framework\MockObject\MockObject|JobList */
	private $jobList;

	/** @var \PHPUnit\Framework\MockObject\MockObject|TrustedServers */
	private $trustedServers;

	/** @var \PHPUnit\Framework\MockObject\MockObject|DbHandler */
	private $dbHandler;

	/** @var \PHPUnit\Framework\MockObject\MockObject|LoggerInterface */
	private $logger;

	/** @var \PHPUnit\Framework\MockObject\MockObject|ITimeFactory */
	private $timeFactory;

	/** @var \PHPUnit\Framework\MockObject\MockObject|IThrottler */
	private $throttler;

	private OCSAuthAPIController $ocsAuthApi;

	/** @var int simulated timestamp */
	private int $currentTime = 1234567;

	protected function setUp(): void {
		parent::setUp();

		$this->request = $this->createMock(IRequest::class);
		$this->secureRandom = $this->createMock(ISecureRandom::class);
		$this->trustedServers = $this->createMock(TrustedServers::class);
		$this->dbHandler = $this->createMock(DbHandler::class);
		$this->jobList = $this->createMock(JobList::class);
		$this->logger = $this->createMock(LoggerInterface::class);
		$this->timeFactory = $this->createMock(ITimeFactory::class);
		$this->throttler = $this->createMock(IThrottler::class);

		$this->ocsAuthApi = new OCSAuthAPIController(
			'federation',
			$this->request,
			$this->secureRandom,
			$this->jobList,
			$this->trustedServers,
			$this->dbHandler,
			$this->logger,
			$this->timeFactory,
			$this->throttler
		);

		$this->timeFactory->method('getTime')
			->willReturn($this->currentTime);
	}

	/**
	 * @dataProvider dataTestRequestSharedSecret
	 */
	public function testRequestSharedSecret(string $token, string $localToken, bool $isTrustedServer, bool $ok): void {
		$url = 'url';

		$this->trustedServers
			->expects($this->once())
			->method('isTrustedServer')->with($url)->willReturn($isTrustedServer);
		$this->dbHandler->expects($this->any())
			->method('getToken')->with($url)->willReturn($localToken);

		if ($ok) {
			$this->jobList->expects($this->once())->method('add')
				->with('OCA\Federation\BackgroundJob\GetSharedSecret', ['url' => $url, 'token' => $token, 'created' => $this->currentTime]);
		} else {
			$this->jobList->expects($this->never())->method('add');
			$this->jobList->expects($this->never())->method('remove');
			if (!$isTrustedServer) {
				$this->throttler->expects($this->once())
					->method('registerAttempt')
					->with('federationSharedSecret');
			}
		}


		try {
			$this->ocsAuthApi->requestSharedSecret($url, $token);
			$this->assertTrue($ok);
		} catch (OCSForbiddenException $e) {
			$this->assertFalse($ok);
		}
	}

	public function dataTestRequestSharedSecret() {
		return [
			['token2', 'token1', true, true],
			['token1', 'token2', false, false],
			['token1', 'token2', true, false],
		];
	}

	/**
	 * @dataProvider dataTestGetSharedSecret
	 */
	public function testGetSharedSecret(bool $isTrustedServer, bool $isValidToken, bool $ok): void {
		$url = 'url';
		$token = 'token';

		$ocsAuthApi = new OCSAuthAPIController(
			'federation',
			$this->request,
			$this->secureRandom,
			$this->jobList,
			$this->trustedServers,
			$this->dbHandler,
			$this->logger,
			$this->timeFactory,
			$this->throttler,
		);

		$this->trustedServers
			->expects($this->any())
			->method('isTrustedServer')->with($url)->willReturn($isTrustedServer);
		$this->dbHandler->method('getToken')
			->with($url)
			->willReturn($isValidToken ? $token : 'not $token');

		if ($ok) {
			$this->secureRandom->expects($this->once())->method('generate')->with(32)
				->willReturn('secret');
			$this->trustedServers->expects($this->once())
				->method('addSharedSecret')->with($url, 'secret');
		} else {
			$this->secureRandom->expects($this->never())->method('generate');
			$this->trustedServers->expects($this->never())->method('addSharedSecret');
			$this->throttler->expects($this->once())
				->method('registerAttempt')
				->with('federationSharedSecret');
		}

		try {
			$result = $ocsAuthApi->getSharedSecret($url, $token);
			$this->assertTrue($ok);
			$data = $result->getData();
			$this->assertSame('secret', $data['sharedSecret']);
		} catch (OCSForbiddenException $e) {
			$this->assertFalse($ok);
		}
	}

	public function dataTestGetSharedSecret() {
		return [
			[true, true, true],
			[false, true, false],
			[true, false, false],
			[false, false, false],
		];
	}
}
exchange shared secret 2015-11-10 04:50:59 -05:00			`<?php`
chore: Add SPDX header Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de> 2024-05-28 10:42:42 -04:00
exchange shared secret 2015-11-10 04:50:59 -05:00			`/**`
chore: Add SPDX header Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de> 2024-05-28 10:42:42 -04:00			`* SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors`
			`* SPDX-FileCopyrightText: 2016 ownCloud, Inc.`
			`* SPDX-License-Identifier: AGPL-3.0-only`
exchange shared secret 2015-11-10 04:50:59 -05:00			`*/`
Move OCSAuthAPI to AppFramework * Convert class * Convert routes * Convert tests 2016-08-19 08:25:59 -04:00			`namespace OCA\Federation\Tests\Controller;`
exchange shared secret 2015-11-10 04:50:59 -05:00
			`use OC\BackgroundJob\JobList;`
Move OCSAuthAPI to AppFramework * Convert class * Convert routes * Convert tests 2016-08-19 08:25:59 -04:00			`use OCA\Federation\Controller\OCSAuthAPIController;`
exchange shared secret 2015-11-10 04:50:59 -05:00			`use OCA\Federation\DbHandler;`
			`use OCA\Federation\TrustedServers;`
Move OCSAuthAPI to AppFramework * Convert class * Convert routes * Convert tests 2016-08-19 08:25:59 -04:00			`use OCP\AppFramework\OCS\OCSForbiddenException;`
Use ITimeFactory * Inject the timefacotry so we can mock it properly in the tests. * Extended unit tests to cover the new paths Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2017-08-01 05:23:40 -04:00			`use OCP\AppFramework\Utility\ITimeFactory;`
exchange shared secret 2015-11-10 04:50:59 -05:00			`use OCP\IRequest;`
fix: Add bruteforce protection to federation endpoint Signed-off-by: Joas Schilling <coding@schilljs.com> 2024-02-02 10:38:10 -05:00			`use OCP\Security\Bruteforce\IThrottler;`
exchange shared secret 2015-11-10 04:50:59 -05:00			`use OCP\Security\ISecureRandom;`
Fix many issues with the tests - Return type were not correct - willReturn and with confusion Signed-off-by: Carl Schwan <carl@carlschwan.eu> 2022-06-28 05:26:30 -04:00			`use Psr\Log\LoggerInterface;`
exchange shared secret 2015-11-10 04:50:59 -05:00			`use Test\TestCase;`

Move OCSAuthAPI to AppFramework * Convert class * Convert routes * Convert tests 2016-08-19 08:25:59 -04:00			`class OCSAuthAPIControllerTest extends TestCase {`
Change PHPDoc type hint from PHPUnit_Framework_MockObject_MockObject to \PHPUnit\Framework\MockObject\MockObject Signed-off-by: Morris Jobke <hey@morrisjobke.de> 2020-08-11 15:32:18 -04:00			`/** @var \PHPUnit\Framework\MockObject\MockObject\|IRequest */`
exchange shared secret 2015-11-10 04:50:59 -05:00			`private $request;`

style: update codestyle for coding-standard 1.2.3 Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de> 2024-08-23 09:10:27 -04:00			`/** @var \PHPUnit\Framework\MockObject\MockObject\|ISecureRandom */`
exchange shared secret 2015-11-10 04:50:59 -05:00			`private $secureRandom;`

Change PHPDoc type hint from PHPUnit_Framework_MockObject_MockObject to \PHPUnit\Framework\MockObject\MockObject Signed-off-by: Morris Jobke <hey@morrisjobke.de> 2020-08-11 15:32:18 -04:00			`/** @var \PHPUnit\Framework\MockObject\MockObject\|JobList */`
exchange shared secret 2015-11-10 04:50:59 -05:00			`private $jobList;`

Change PHPDoc type hint from PHPUnit_Framework_MockObject_MockObject to \PHPUnit\Framework\MockObject\MockObject Signed-off-by: Morris Jobke <hey@morrisjobke.de> 2020-08-11 15:32:18 -04:00			`/** @var \PHPUnit\Framework\MockObject\MockObject\|TrustedServers */`
exchange shared secret 2015-11-10 04:50:59 -05:00			`private $trustedServers;`

Change PHPDoc type hint from PHPUnit_Framework_MockObject_MockObject to \PHPUnit\Framework\MockObject\MockObject Signed-off-by: Morris Jobke <hey@morrisjobke.de> 2020-08-11 15:32:18 -04:00			`/** @var \PHPUnit\Framework\MockObject\MockObject\|DbHandler */`
exchange shared secret 2015-11-10 04:50:59 -05:00			`private $dbHandler;`

Migrate applications away from deprecated ILogger Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com> 2023-09-19 10:06:40 -04:00			`/** @var \PHPUnit\Framework\MockObject\MockObject\|LoggerInterface */`
Add error logging to federated sharing handshake 2015-12-21 09:48:02 -05:00			`private $logger;`

Change PHPDoc type hint from PHPUnit_Framework_MockObject_MockObject to \PHPUnit\Framework\MockObject\MockObject Signed-off-by: Morris Jobke <hey@morrisjobke.de> 2020-08-11 15:32:18 -04:00			`/** @var \PHPUnit\Framework\MockObject\MockObject\|ITimeFactory */`
Use ITimeFactory * Inject the timefacotry so we can mock it properly in the tests. * Extended unit tests to cover the new paths Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2017-08-01 05:23:40 -04:00			`private $timeFactory;`

fix: Add bruteforce protection to federation endpoint Signed-off-by: Joas Schilling <coding@schilljs.com> 2024-02-02 10:38:10 -05:00			`/** @var \PHPUnit\Framework\MockObject\MockObject\|IThrottler */`
			`private $throttler;`

Fix many issues with the tests - Return type were not correct - willReturn and with confusion Signed-off-by: Carl Schwan <carl@carlschwan.eu> 2022-06-28 05:26:30 -04:00			`private OCSAuthAPIController $ocsAuthApi;`
exchange shared secret 2015-11-10 04:50:59 -05:00
expire getShareadSecret job after 30 days Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org> 2017-07-28 08:43:35 -04:00			`/** @var int simulated timestamp */`
Fix many issues with the tests - Return type were not correct - willReturn and with confusion Signed-off-by: Carl Schwan <carl@carlschwan.eu> 2022-06-28 05:26:30 -04:00			`private int $currentTime = 1234567;`
expire getShareadSecret job after 30 days Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org> 2017-07-28 08:43:35 -04:00
Mode to modern phpunit Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2019-11-27 09:27:18 -05:00			`protected function setUp(): void {`
exchange shared secret 2015-11-10 04:50:59 -05:00			`parent::setUp();`

Use ITimeFactory * Inject the timefacotry so we can mock it properly in the tests. * Extended unit tests to cover the new paths Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2017-08-01 05:23:40 -04:00			`$this->request = $this->createMock(IRequest::class);`
			`$this->secureRandom = $this->createMock(ISecureRandom::class);`
			`$this->trustedServers = $this->createMock(TrustedServers::class);`
			`$this->dbHandler = $this->createMock(DbHandler::class);`
			`$this->jobList = $this->createMock(JobList::class);`
Fix many issues with the tests - Return type were not correct - willReturn and with confusion Signed-off-by: Carl Schwan <carl@carlschwan.eu> 2022-06-28 05:26:30 -04:00			`$this->logger = $this->createMock(LoggerInterface::class);`
Use ITimeFactory * Inject the timefacotry so we can mock it properly in the tests. * Extended unit tests to cover the new paths Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2017-08-01 05:23:40 -04:00			`$this->timeFactory = $this->createMock(ITimeFactory::class);`
fix: Add bruteforce protection to federation endpoint Signed-off-by: Joas Schilling <coding@schilljs.com> 2024-02-02 10:38:10 -05:00			`$this->throttler = $this->createMock(IThrottler::class);`
Use ITimeFactory * Inject the timefacotry so we can mock it properly in the tests. * Extended unit tests to cover the new paths Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2017-08-01 05:23:40 -04:00
			`$this->ocsAuthApi = new OCSAuthAPIController(`
			`'federation',`
			`$this->request,`
			`$this->secureRandom,`
			`$this->jobList,`
			`$this->trustedServers,`
			`$this->dbHandler,`
			`$this->logger,`
fix: Add bruteforce protection to federation endpoint Signed-off-by: Joas Schilling <coding@schilljs.com> 2024-02-02 10:38:10 -05:00			`$this->timeFactory,`
			`$this->throttler`
Use ITimeFactory * Inject the timefacotry so we can mock it properly in the tests. * Extended unit tests to cover the new paths Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2017-08-01 05:23:40 -04:00			`);`

			`$this->timeFactory->method('getTime')`
			`->willReturn($this->currentTime);`
exchange shared secret 2015-11-10 04:50:59 -05:00			`}`

			`/**`
			`* @dataProvider dataTestRequestSharedSecret`
			`*/`
Fix many issues with the tests - Return type were not correct - willReturn and with confusion Signed-off-by: Carl Schwan <carl@carlschwan.eu> 2022-06-28 05:26:30 -04:00			`public function testRequestSharedSecret(string $token, string $localToken, bool $isTrustedServer, bool $ok): void {`
exchange shared secret 2015-11-10 04:50:59 -05:00			`$url = 'url';`

			`$this->trustedServers`
			`->expects($this->once())`
			`->method('isTrustedServer')->with($url)->willReturn($isTrustedServer);`
			`$this->dbHandler->expects($this->any())`
			`->method('getToken')->with($url)->willReturn($localToken);`

Move OCSAuthAPI to AppFramework * Convert class * Convert routes * Convert tests 2016-08-19 08:25:59 -04:00			`if ($ok) {`
exchange shared secret 2015-11-10 04:50:59 -05:00			`$this->jobList->expects($this->once())->method('add')`
expire getShareadSecret job after 30 days Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org> 2017-07-28 08:43:35 -04:00			`->with('OCA\Federation\BackgroundJob\GetSharedSecret', ['url' => $url, 'token' => $token, 'created' => $this->currentTime]);`
exchange shared secret 2015-11-10 04:50:59 -05:00			`} else {`
			`$this->jobList->expects($this->never())->method('add');`
Remove background job if the server accepted to ask for the shared secret If we don't remove it the server will later ask the remote server to ask for the shared secret which will result in a error log message on the remote server and in some circumstances maybe even to a failure 2016-02-15 10:24:21 -05:00			`$this->jobList->expects($this->never())->method('remove');`
fix: Add bruteforce protection to federation endpoint Signed-off-by: Joas Schilling <coding@schilljs.com> 2024-02-02 10:38:10 -05:00			`if (!$isTrustedServer) {`
			`$this->throttler->expects($this->once())`
			`->method('registerAttempt')`
			`->with('federationSharedSecret');`
			`}`
exchange shared secret 2015-11-10 04:50:59 -05:00			`}`

fix: Add bruteforce protection to federation endpoint Signed-off-by: Joas Schilling <coding@schilljs.com> 2024-02-02 10:38:10 -05:00
Move OCSAuthAPI to AppFramework * Convert class * Convert routes * Convert tests 2016-08-19 08:25:59 -04:00			`try {`
Use function parameters 2016-08-19 15:41:55 -04:00			`$this->ocsAuthApi->requestSharedSecret($url, $token);`
Move OCSAuthAPI to AppFramework * Convert class * Convert routes * Convert tests 2016-08-19 08:25:59 -04:00			`$this->assertTrue($ok);`
			`} catch (OCSForbiddenException $e) {`
			`$this->assertFalse($ok);`
			`}`
exchange shared secret 2015-11-10 04:50:59 -05:00			`}`

			`public function dataTestRequestSharedSecret() {`
			`return [`
Move OCSAuthAPI to AppFramework * Convert class * Convert routes * Convert tests 2016-08-19 08:25:59 -04:00			`['token2', 'token1', true, true],`
			`['token1', 'token2', false, false],`
			`['token1', 'token2', true, false],`
exchange shared secret 2015-11-10 04:50:59 -05:00			`];`
			`}`

			`/**`
			`* @dataProvider dataTestGetSharedSecret`
			`*/`
Fix many issues with the tests - Return type were not correct - willReturn and with confusion Signed-off-by: Carl Schwan <carl@carlschwan.eu> 2022-06-28 05:26:30 -04:00			`public function testGetSharedSecret(bool $isTrustedServer, bool $isValidToken, bool $ok): void {`
exchange shared secret 2015-11-10 04:50:59 -05:00			`$url = 'url';`
			`$token = 'token';`

fix(federation): Don't ask the database for an empty url Signed-off-by: Joas Schilling <coding@schilljs.com> 2026-02-03 01:46:28 -05:00			`$ocsAuthApi = new OCSAuthAPIController(`
			`'federation',`
			`$this->request,`
			`$this->secureRandom,`
			`$this->jobList,`
			`$this->trustedServers,`
			`$this->dbHandler,`
			`$this->logger,`
			`$this->timeFactory,`
			`$this->throttler,`
			`);`
exchange shared secret 2015-11-10 04:50:59 -05:00
			`$this->trustedServers`
			`->expects($this->any())`
			`->method('isTrustedServer')->with($url)->willReturn($isTrustedServer);`
fix(federation): Don't ask the database for an empty url Signed-off-by: Joas Schilling <coding@schilljs.com> 2026-02-03 01:46:28 -05:00			`$this->dbHandler->method('getToken')`
			`->with($url)`
			`->willReturn($isValidToken ? $token : 'not $token');`
exchange shared secret 2015-11-10 04:50:59 -05:00
Format control structures, classes, methods and function To continue this formatting madness, here's a tiny patch that adds unified formatting for control structures like if and loops as well as classes, their methods and anonymous functions. This basically forces the constructs to start on the same line. This is not exactly what PSR2 wants, but I think we can have a few exceptions with "our" style. The starting of braces on the same line is pracrically standard for our code. This also removes and empty lines from method/function bodies at the beginning and end. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at> 2020-04-10 08:19:56 -04:00			`if ($ok) {`
exchange shared secret 2015-11-10 04:50:59 -05:00			`$this->secureRandom->expects($this->once())->method('generate')->with(32)`
			`->willReturn('secret');`
			`$this->trustedServers->expects($this->once())`
Fix many issues with the tests - Return type were not correct - willReturn and with confusion Signed-off-by: Carl Schwan <carl@carlschwan.eu> 2022-06-28 05:26:30 -04:00			`->method('addSharedSecret')->with($url, 'secret');`
exchange shared secret 2015-11-10 04:50:59 -05:00			`} else {`
			`$this->secureRandom->expects($this->never())->method('generate');`
			`$this->trustedServers->expects($this->never())->method('addSharedSecret');`
fix: Add bruteforce protection to federation endpoint Signed-off-by: Joas Schilling <coding@schilljs.com> 2024-02-02 10:38:10 -05:00			`$this->throttler->expects($this->once())`
			`->method('registerAttempt')`
			`->with('federationSharedSecret');`
exchange shared secret 2015-11-10 04:50:59 -05:00			`}`

Move OCSAuthAPI to AppFramework * Convert class * Convert routes * Convert tests 2016-08-19 08:25:59 -04:00			`try {`
Use function parameters 2016-08-19 15:41:55 -04:00			`$result = $ocsAuthApi->getSharedSecret($url, $token);`
Move OCSAuthAPI to AppFramework * Convert class * Convert routes * Convert tests 2016-08-19 08:25:59 -04:00			`$this->assertTrue($ok);`
Format code to a single space around binary operators Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at> 2020-10-05 09:12:57 -04:00			`$data = $result->getData();`
exchange shared secret 2015-11-10 04:50:59 -05:00			`$this->assertSame('secret', $data['sharedSecret']);`
Move OCSAuthAPI to AppFramework * Convert class * Convert routes * Convert tests 2016-08-19 08:25:59 -04:00			`} catch (OCSForbiddenException $e) {`
			`$this->assertFalse($ok);`
exchange shared secret 2015-11-10 04:50:59 -05:00			`}`
			`}`

			`public function dataTestGetSharedSecret() {`
			`return [`
Move OCSAuthAPI to AppFramework * Convert class * Convert routes * Convert tests 2016-08-19 08:25:59 -04:00			`[true, true, true],`
			`[false, true, false],`
			`[true, false, false],`
			`[false, false, false],`
exchange shared secret 2015-11-10 04:50:59 -05:00			`];`
			`}`
			`}`