Fix updating and deleting authtokens (#17397)
Fix updating and deleting authtokens
This commit is contained in:
commit
37dbe821e3
2 changed files with 51 additions and 2 deletions
|
@ -29,6 +29,7 @@ namespace OCA\Settings\Controller;
|
|||
|
||||
use BadMethodCallException;
|
||||
use OC\Authentication\Exceptions\InvalidTokenException;
|
||||
use OC\Authentication\Exceptions\ExpiredTokenException;
|
||||
use OC\Authentication\Exceptions\PasswordlessTokenException;
|
||||
use OC\Authentication\Exceptions\WipeTokenException;
|
||||
use OC\Authentication\Token\INamedToken;
|
||||
|
@ -259,10 +260,13 @@ class AuthSettingsController extends Controller {
|
|||
* @param int $id
|
||||
* @return IToken
|
||||
* @throws InvalidTokenException
|
||||
* @throws \OC\Authentication\Exceptions\ExpiredTokenException
|
||||
*/
|
||||
private function findTokenByIdAndUser(int $id): IToken {
|
||||
try {
|
||||
$token = $this->tokenProvider->getTokenById($id);
|
||||
} catch (ExpiredTokenException $e) {
|
||||
$token = $e->getToken();
|
||||
}
|
||||
if ($token->getUID() !== $this->uid) {
|
||||
throw new InvalidTokenException('This token does not belong to you!');
|
||||
}
|
||||
|
|
|
@ -23,6 +23,7 @@ namespace Test\Settings\Controller;
|
|||
|
||||
use OC\AppFramework\Http;
|
||||
use OC\Authentication\Exceptions\InvalidTokenException;
|
||||
use OC\Authentication\Exceptions\ExpiredTokenException;
|
||||
use OC\Authentication\Token\DefaultToken;
|
||||
use OC\Authentication\Token\IProvider;
|
||||
use OC\Authentication\Token\IToken;
|
||||
|
@ -188,6 +189,30 @@ class AuthSettingsControllerTest extends TestCase {
|
|||
$this->assertEquals([], $this->controller->destroy($tokenId));
|
||||
}
|
||||
|
||||
public function testDestroyExpired() {
|
||||
$tokenId = 124;
|
||||
$token = $this->createMock(DefaultToken::class);
|
||||
|
||||
$token->expects($this->exactly(2))
|
||||
->method('getId')
|
||||
->willReturn($tokenId);
|
||||
|
||||
$token->expects($this->once())
|
||||
->method('getUID')
|
||||
->willReturn($this->uid);
|
||||
|
||||
$this->tokenProvider->expects($this->once())
|
||||
->method('getTokenById')
|
||||
->with($this->equalTo($tokenId))
|
||||
->willThrowException(new ExpiredTokenException($token));
|
||||
|
||||
$this->tokenProvider->expects($this->once())
|
||||
->method('invalidateTokenById')
|
||||
->with($this->uid, $tokenId);
|
||||
|
||||
$this->assertSame([], $this->controller->destroy($tokenId));
|
||||
}
|
||||
|
||||
public function testDestroyWrongUser() {
|
||||
$tokenId = 124;
|
||||
$token = $this->createMock(DefaultToken::class);
|
||||
|
@ -320,6 +345,26 @@ class AuthSettingsControllerTest extends TestCase {
|
|||
$this->assertSame([], $this->controller->update($tokenId, ['filesystem' => true], 'App password'));
|
||||
}
|
||||
|
||||
public function testUpdateExpired() {
|
||||
$tokenId = 42;
|
||||
$token = $this->createMock(DefaultToken::class);
|
||||
|
||||
$token->expects($this->once())
|
||||
->method('getUID')
|
||||
->willReturn($this->uid);
|
||||
|
||||
$this->tokenProvider->expects($this->once())
|
||||
->method('getTokenById')
|
||||
->with($this->equalTo($tokenId))
|
||||
->willThrowException(new ExpiredTokenException($token));
|
||||
|
||||
$this->tokenProvider->expects($this->once())
|
||||
->method('updateToken')
|
||||
->with($this->equalTo($token));
|
||||
|
||||
$this->assertSame([], $this->controller->update($tokenId, ['filesystem' => true], 'App password'));
|
||||
}
|
||||
|
||||
public function testUpdateTokenWrongUser() {
|
||||
$tokenId = 42;
|
||||
$token = $this->createMock(DefaultToken::class);
|
||||
|
|
Loading…
Reference in a new issue