fix updating and deleting authtokens

Signed-off-by: Sergej Nikolaev <kinolaev@gmail.com>
This commit is contained in:
Sergej Nikolaev 2019-10-04 03:28:48 +03:00 committed by Backportbot
parent b5ad2f9cb5
commit 5c5d658b0e
2 changed files with 51 additions and 2 deletions

View file

@ -29,6 +29,7 @@ namespace OC\Settings\Controller;
use BadMethodCallException;
use OC\Authentication\Exceptions\InvalidTokenException;
use OC\Authentication\Exceptions\ExpiredTokenException;
use OC\Authentication\Exceptions\PasswordlessTokenException;
use OC\Authentication\Exceptions\WipeTokenException;
use OC\Authentication\Token\INamedToken;
@ -248,10 +249,13 @@ class AuthSettingsController extends Controller {
* @param int $id
* @return IToken
* @throws InvalidTokenException
* @throws \OC\Authentication\Exceptions\ExpiredTokenException
*/
private function findTokenByIdAndUser(int $id): IToken {
$token = $this->tokenProvider->getTokenById($id);
try {
$token = $this->tokenProvider->getTokenById($id);
} catch (ExpiredTokenException $e) {
$token = $e->getToken();
}
if ($token->getUID() !== $this->uid) {
throw new InvalidTokenException('This token does not belong to you!');
}

View file

@ -23,6 +23,7 @@ namespace Test\Settings\Controller;
use OC\AppFramework\Http;
use OC\Authentication\Exceptions\InvalidTokenException;
use OC\Authentication\Exceptions\ExpiredTokenException;
use OC\Authentication\Token\DefaultToken;
use OC\Authentication\Token\IProvider;
use OC\Authentication\Token\IToken;
@ -183,6 +184,30 @@ class AuthSettingsControllerTest extends TestCase {
$this->assertEquals([], $this->controller->destroy($tokenId));
}
public function testDestroyExpired() {
$tokenId = 124;
$token = $this->createMock(DefaultToken::class);
$token->expects($this->exactly(2))
->method('getId')
->willReturn($tokenId);
$token->expects($this->once())
->method('getUID')
->willReturn($this->uid);
$this->tokenProvider->expects($this->once())
->method('getTokenById')
->with($this->equalTo($tokenId))
->willThrowException(new ExpiredTokenException($token));
$this->tokenProvider->expects($this->once())
->method('invalidateTokenById')
->with($this->uid, $tokenId);
$this->assertSame([], $this->controller->destroy($tokenId));
}
public function testDestroyWrongUser() {
$tokenId = 124;
$token = $this->createMock(DefaultToken::class);
@ -315,6 +340,26 @@ class AuthSettingsControllerTest extends TestCase {
$this->assertSame([], $this->controller->update($tokenId, ['filesystem' => true], 'App password'));
}
public function testUpdateExpired() {
$tokenId = 42;
$token = $this->createMock(DefaultToken::class);
$token->expects($this->once())
->method('getUID')
->willReturn($this->uid);
$this->tokenProvider->expects($this->once())
->method('getTokenById')
->with($this->equalTo($tokenId))
->willThrowException(new ExpiredTokenException($token));
$this->tokenProvider->expects($this->once())
->method('updateToken')
->with($this->equalTo($token));
$this->assertSame([], $this->controller->update($tokenId, ['filesystem' => true], 'App password'));
}
public function testUpdateTokenWrongUser() {
$tokenId = 42;
$token = $this->createMock(DefaultToken::class);