wbrawner/server
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
server/apps/dav/tests/unit/connector/sabre/auth.php

418 lines
13 KiB
PHP
Raw Normal View History

Add tests for Sabre Auth plugin + make getCurrentUser compatible
2015-10-23 15:26:54 +00:00
<?php
/**
* @author Lukas Reschke <lukas@owncloud.com>
*
* @copyright Copyright (c) 2015, ownCloud, Inc.
* @license AGPL-3.0
*
* This code is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License, version 3,
* as published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License, version 3,
* along with this program. If not, see <http://www.gnu.org/licenses/>
*
*/
Introducing CardDAV into core
2015-10-30 15:05:25 +00:00
namespace OCA\DAV\Tests\Unit\Connector\Sabre;
Add tests for Sabre Auth plugin + make getCurrentUser compatible
2015-10-23 15:26:54 +00:00
use Test\TestCase;
use OCP\ISession;
use OCP\IUserSession;
/**
* Class Auth
*
* @package OCA\DAV\Connector\Sabre
*/
class Auth extends TestCase {
/** @var ISession */
private $session;
/** @var \OCA\DAV\Connector\Sabre\Auth */
private $auth;
/** @var IUserSession */
private $userSession;
public function setUp() {
parent::setUp();
$this->session = $this->getMockBuilder('\OCP\ISession')
->disableOriginalConstructor()->getMock();
$this->userSession = $this->getMockBuilder('\OCP\IUserSession')
->disableOriginalConstructor()->getMock();
$this->auth = new \OCA\DAV\Connector\Sabre\Auth($this->session, $this->userSession);
}
public function testIsDavAuthenticatedWithoutDavSession() {
$this->session
->expects($this->once())
->method('get')
->with('AUTHENTICATED_TO_DAV_BACKEND')
->will($this->returnValue(null));
$this->assertFalse($this->invokePrivate($this->auth, 'isDavAuthenticated', ['MyTestUser']));
}
public function testIsDavAuthenticatedWithWrongDavSession() {
$this->session
->expects($this->exactly(2))
->method('get')
->with('AUTHENTICATED_TO_DAV_BACKEND')
->will($this->returnValue('AnotherUser'));
$this->assertFalse($this->invokePrivate($this->auth, 'isDavAuthenticated', ['MyTestUser']));
}
public function testIsDavAuthenticatedWithCorrectDavSession() {
$this->session
->expects($this->exactly(2))
->method('get')
->with('AUTHENTICATED_TO_DAV_BACKEND')
->will($this->returnValue('MyTestUser'));
$this->assertTrue($this->invokePrivate($this->auth, 'isDavAuthenticated', ['MyTestUser']));
}
public function testValidateUserPassOfAlreadyDAVAuthenticatedUser() {
$user = $this->getMockBuilder('\OCP\IUser')
->disableOriginalConstructor()
->getMock();
$user->expects($this->exactly(2))
->method('getUID')
->will($this->returnValue('MyTestUser'));
$this->userSession
->expects($this->once())
->method('isLoggedIn')
->will($this->returnValue(true));
$this->userSession
->expects($this->exactly(2))
->method('getUser')
->will($this->returnValue($user));
$this->session
->expects($this->exactly(2))
->method('get')
->with('AUTHENTICATED_TO_DAV_BACKEND')
->will($this->returnValue('MyTestUser'));
$this->session
->expects($this->once())
->method('close');
$this->assertTrue($this->invokePrivate($this->auth, 'validateUserPass', ['MyTestUser', 'MyTestPassword']));
}
public function testValidateUserPassOfInvalidDAVAuthenticatedUser() {
$user = $this->getMockBuilder('\OCP\IUser')
->disableOriginalConstructor()
->getMock();
$user->expects($this->once())
->method('getUID')
->will($this->returnValue('MyTestUser'));
$this->userSession
->expects($this->once())
->method('isLoggedIn')
->will($this->returnValue(true));
$this->userSession
->expects($this->once())
->method('getUser')
->will($this->returnValue($user));
$this->session
->expects($this->exactly(2))
->method('get')
->with('AUTHENTICATED_TO_DAV_BACKEND')
->will($this->returnValue('AnotherUser'));
$this->session
->expects($this->once())
->method('close');
$this->assertFalse($this->invokePrivate($this->auth, 'validateUserPass', ['MyTestUser', 'MyTestPassword']));
}
public function testValidateUserPassOfInvalidDAVAuthenticatedUserWithValidPassword() {
$user = $this->getMockBuilder('\OCP\IUser')
->disableOriginalConstructor()
->getMock();
$user->expects($this->exactly(3))
->method('getUID')
->will($this->returnValue('MyTestUser'));
$this->userSession
->expects($this->once())
->method('isLoggedIn')
->will($this->returnValue(true));
$this->userSession
->expects($this->exactly(3))
->method('getUser')
->will($this->returnValue($user));
$this->session
->expects($this->exactly(2))
->method('get')
->with('AUTHENTICATED_TO_DAV_BACKEND')
->will($this->returnValue('AnotherUser'));
$this->userSession
->expects($this->once())
->method('login')
->with('MyTestUser', 'MyTestPassword')
->will($this->returnValue(true));
$this->session
->expects($this->once())
->method('set')
->with('AUTHENTICATED_TO_DAV_BACKEND', 'MyTestUser');
$this->session
->expects($this->once())
->method('close');
$this->assertTrue($this->invokePrivate($this->auth, 'validateUserPass', ['MyTestUser', 'MyTestPassword']));
}
public function testValidateUserPassWithInvalidPassword() {
$this->userSession
->expects($this->once())
->method('isLoggedIn')
->will($this->returnValue(false));
$this->userSession
->expects($this->once())
->method('login')
->with('MyTestUser', 'MyTestPassword')
->will($this->returnValue(false));
$this->session
->expects($this->once())
->method('close');
$this->assertFalse($this->invokePrivate($this->auth, 'validateUserPass', ['MyTestUser', 'MyTestPassword']));
}
public function testGetCurrentUserWithoutBeingLoggedIn() {
$this->assertSame(null, $this->auth->getCurrentUser());
}
public function testGetCurrentUserWithValidDAVLogin() {
$user = $this->getMockBuilder('\OCP\IUser')
->disableOriginalConstructor()
->getMock();
$user->expects($this->once())
->method('getUID')
->will($this->returnValue('MyTestUser'));
$this->userSession
->expects($this->exactly(2))
->method('getUser')
->will($this->returnValue($user));
$this->session
->expects($this->exactly(2))
->method('get')
->with('AUTHENTICATED_TO_DAV_BACKEND')
->will($this->returnValue('MyTestUser'));
$this->assertSame('MyTestUser', $this->auth->getCurrentUser());
}
public function testGetCurrentUserWithoutAnyDAVLogin() {
$user = $this->getMockBuilder('\OCP\IUser')
->disableOriginalConstructor()
->getMock();
$user->expects($this->once())
->method('getUID')
->will($this->returnValue('MyTestUser'));
$this->userSession
->expects($this->exactly(2))
->method('getUser')
->will($this->returnValue($user));
$this->session
->expects($this->exactly(2))
->method('get')
->with('AUTHENTICATED_TO_DAV_BACKEND')
->will($this->returnValue(null));
$this->assertSame('MyTestUser', $this->auth->getCurrentUser());
}
public function testGetCurrentUserWithWrongDAVUser() {
$user = $this->getMockBuilder('\OCP\IUser')
->disableOriginalConstructor()
->getMock();
$user->expects($this->once())
->method('getUID')
->will($this->returnValue('MyWrongDavUser'));
$this->userSession
->expects($this->exactly(2))
->method('getUser')
->will($this->returnValue($user));
$this->session
->expects($this->exactly(3))
->method('get')
->with('AUTHENTICATED_TO_DAV_BACKEND')
->will($this->returnValue('AnotherUser'));
$this->assertSame(null, $this->auth->getCurrentUser());
}
public function testAuthenticateAlreadyLoggedIn() {
Adjust sabre changes in core
2015-11-20 12:35:23 +00:00
$request = $this->getMockBuilder('Sabre\HTTP\RequestInterface')
->disableOriginalConstructor()
->getMock();
$response = $this->getMockBuilder('Sabre\HTTP\ResponseInterface')
->disableOriginalConstructor()
->getMock();
Add tests for Sabre Auth plugin + make getCurrentUser compatible
2015-10-23 15:26:54 +00:00
$this->userSession
->expects($this->once())
->method('isLoggedIn')
->will($this->returnValue(true));
$this->session
->expects($this->once())
->method('get')
->with('AUTHENTICATED_TO_DAV_BACKEND')
->will($this->returnValue(null));
$user = $this->getMockBuilder('\OCP\IUser')
->disableOriginalConstructor()
->getMock();
$user->expects($this->once())
->method('getUID')
->will($this->returnValue('MyWrongDavUser'));
$this->userSession
->expects($this->once())
->method('getUser')
->will($this->returnValue($user));
$this->session
->expects($this->once())
->method('close');
Adjust sabre changes in core
2015-11-20 12:35:23 +00:00
$response = $this->auth->check($request, $response);
Users are available under it's own principal resource named 'principals/users' this will allow us to introduce e.g. groups as principals (one day) and system specific principals (needed for federation)
2015-11-24 10:15:31 +00:00
$this->assertEquals([true, 'principals/users/MyWrongDavUser'], $response);
Add tests for Sabre Auth plugin + make getCurrentUser compatible
2015-10-23 15:26:54 +00:00
}
public function testAuthenticateNoBasicAuthenticateHeadersProvided() {
$server = $this->getMockBuilder('\Sabre\DAV\Server')
->disableOriginalConstructor()
->getMock();
$server->httpRequest = $this->getMockBuilder('\Sabre\HTTP\RequestInterface')
->disableOriginalConstructor()
->getMock();
$server->httpResponse = $this->getMockBuilder('\Sabre\HTTP\ResponseInterface')
->disableOriginalConstructor()
->getMock();
Adjust sabre changes in core
2015-11-20 12:35:23 +00:00
$response = $this->auth->check($server->httpRequest, $server->httpResponse);
$this->assertEquals([false, 'No \'Authorization: Basic\' header found. Either the client didn\'t send one, or the server is mis-configured'], $response);
Add tests for Sabre Auth plugin + make getCurrentUser compatible
2015-10-23 15:26:54 +00:00
}
Do not authenticate over ajax This makes sure that whenever a Webdav call is done through Ajax, if the session has expired, it will not send back a challenge but a simple 401 response. Without this fix, the default code would send back a challenge and trigger the browser's basic auth dialog.
2015-11-19 13:18:27 +00:00
/**
* @expectedException \Sabre\DAV\Exception\NotAuthenticated
* @expectedExceptionMessage Cannot authenticate over ajax calls
*/
public function testAuthenticateNoBasicAuthenticateHeadersProvidedWithAjax() {
Adjust sabre changes in core
2015-11-20 12:35:23 +00:00
/** @var \Sabre\HTTP\RequestInterface $httpRequest */
$httpRequest = $this->getMockBuilder('\Sabre\HTTP\RequestInterface')
Add tests for Sabre Auth plugin + make getCurrentUser compatible
2015-10-23 15:26:54 +00:00
->disableOriginalConstructor()
->getMock();
Adjust sabre changes in core
2015-11-20 12:35:23 +00:00
/** @var \Sabre\HTTP\ResponseInterface $httpResponse */
$httpResponse = $this->getMockBuilder('\Sabre\HTTP\ResponseInterface')
Add tests for Sabre Auth plugin + make getCurrentUser compatible
2015-10-23 15:26:54 +00:00
->disableOriginalConstructor()
->getMock();
Only reject ajax auth if user is really logged out
2015-11-26 15:14:49 +00:00
$this->userSession
->expects($this->any())
->method('isLoggedIn')
->will($this->returnValue(false));
Adjust sabre changes in core
2015-11-20 12:35:23 +00:00
$httpRequest
Add tests for Sabre Auth plugin + make getCurrentUser compatible
2015-10-23 15:26:54 +00:00
->expects($this->once())
->method('getHeader')
Do not authenticate over ajax This makes sure that whenever a Webdav call is done through Ajax, if the session has expired, it will not send back a challenge but a simple 401 response. Without this fix, the default code would send back a challenge and trigger the browser's basic auth dialog.
2015-11-19 13:18:27 +00:00
->with('X-Requested-With')
->will($this->returnValue('XMLHttpRequest'));
Adjust sabre changes in core
2015-11-20 12:35:23 +00:00
$this->auth->check($httpRequest, $httpResponse);
Do not authenticate over ajax This makes sure that whenever a Webdav call is done through Ajax, if the session has expired, it will not send back a challenge but a simple 401 response. Without this fix, the default code would send back a challenge and trigger the browser's basic auth dialog.
2015-11-19 13:18:27 +00:00
}
Only reject ajax auth if user is really logged out
2015-11-26 15:14:49 +00:00
public function testAuthenticateNoBasicAuthenticateHeadersProvidedWithAjaxButUserIsStillLoggedIn() {
/** @var \Sabre\HTTP\RequestInterface $httpRequest */
$httpRequest = $this->getMockBuilder('\Sabre\HTTP\RequestInterface')
->disableOriginalConstructor()
->getMock();
/** @var \Sabre\HTTP\ResponseInterface $httpResponse */
$httpResponse = $this->getMockBuilder('\Sabre\HTTP\ResponseInterface')
->disableOriginalConstructor()
->getMock();
$this->userSession
->expects($this->any())
->method('isLoggedIn')
->will($this->returnValue(true));
$this->session
->expects($this->once())
->method('get')
->with('AUTHENTICATED_TO_DAV_BACKEND')
->will($this->returnValue('MyTestUser'));
$httpRequest
->expects($this->once())
->method('getHeader')
->with('Authorization')
->will($this->returnValue(null));
$this->auth->check($httpRequest, $httpResponse);
}
Do not authenticate over ajax This makes sure that whenever a Webdav call is done through Ajax, if the session has expired, it will not send back a challenge but a simple 401 response. Without this fix, the default code would send back a challenge and trigger the browser's basic auth dialog.
2015-11-19 13:18:27 +00:00
public function testAuthenticateValidCredentials() {
$server = $this->getMockBuilder('\Sabre\DAV\Server')
->disableOriginalConstructor()
->getMock();
$server->httpRequest = $this->getMockBuilder('\Sabre\HTTP\RequestInterface')
->disableOriginalConstructor()
->getMock();
$server->httpRequest
->expects($this->at(0))
->method('getHeader')
->with('X-Requested-With')
->will($this->returnValue(null));
$server->httpRequest
->expects($this->at(1))
->method('getHeader')
Add tests for Sabre Auth plugin + make getCurrentUser compatible
2015-10-23 15:26:54 +00:00
->with('Authorization')
->will($this->returnValue('basic dXNlcm5hbWU6cGFzc3dvcmQ='));
$server->httpResponse = $this->getMockBuilder('\Sabre\HTTP\ResponseInterface')
->disableOriginalConstructor()
->getMock();
$this->userSession
->expects($this->once())
->method('login')
->with('username', 'password')
->will($this->returnValue(true));
$user = $this->getMockBuilder('\OCP\IUser')
->disableOriginalConstructor()
->getMock();
$user->expects($this->exactly(2))
->method('getUID')
->will($this->returnValue('MyTestUser'));
$this->userSession
->expects($this->exactly(2))
->method('getUser')
->will($this->returnValue($user));
Adjust sabre changes in core
2015-11-20 12:35:23 +00:00
$response = $this->auth->check($server->httpRequest, $server->httpResponse);
Users are available under it's own principal resource named 'principals/users' this will allow us to introduce e.g. groups as principals (one day) and system specific principals (needed for federation)
2015-11-24 10:15:31 +00:00
$this->assertEquals([true, 'principals/users/username'], $response);
Add tests for Sabre Auth plugin + make getCurrentUser compatible
2015-10-23 15:26:54 +00:00
}
public function testAuthenticateInvalidCredentials() {
$server = $this->getMockBuilder('\Sabre\DAV\Server')
->disableOriginalConstructor()
->getMock();
$server->httpRequest = $this->getMockBuilder('\Sabre\HTTP\RequestInterface')
->disableOriginalConstructor()
->getMock();
$server->httpRequest
Do not authenticate over ajax This makes sure that whenever a Webdav call is done through Ajax, if the session has expired, it will not send back a challenge but a simple 401 response. Without this fix, the default code would send back a challenge and trigger the browser's basic auth dialog.
2015-11-19 13:18:27 +00:00
->expects($this->at(0))
->method('getHeader')
->with('X-Requested-With')
->will($this->returnValue(null));
$server->httpRequest
->expects($this->at(1))
Add tests for Sabre Auth plugin + make getCurrentUser compatible
2015-10-23 15:26:54 +00:00
->method('getHeader')
->with('Authorization')
->will($this->returnValue('basic dXNlcm5hbWU6cGFzc3dvcmQ='));
$server->httpResponse = $this->getMockBuilder('\Sabre\HTTP\ResponseInterface')
->disableOriginalConstructor()
->getMock();
$this->userSession
->expects($this->once())
->method('login')
->with('username', 'password')
->will($this->returnValue(false));
Adjust sabre changes in core
2015-11-20 12:35:23 +00:00
$response = $this->auth->check($server->httpRequest, $server->httpResponse);
$this->assertEquals([false, 'Username or password was incorrect'], $response);
Add tests for Sabre Auth plugin + make getCurrentUser compatible
2015-10-23 15:26:54 +00:00
}
}
Reference in a new issue Copy permalink