server/tests/lib/avatar.php
Lukas Reschke 34d0e610cc Filter potential dangerous filenames for avatars
We don't want to have users misusing this API resulting in a potential file disclosure of "avatar.(jpg|png)" files.
2015-04-28 16:57:23 +02:00

89 lines
2.2 KiB
PHP

<?php
/**
* Copyright (c) 2013 Christopher Schäpers <christopher@schaepers.it>
* This file is licensed under the Affero General Public License version 3 or
* later.
* See the COPYING-README file.
*/
use OC\Avatar;
class Test_Avatar extends \Test\TestCase {
private static $trashBinStatus;
/** @var @var string */
private $user;
protected function setUp() {
parent::setUp();
$this->user = $this->getUniqueID();
$storage = new \OC\Files\Storage\Temporary(array());
\OC\Files\Filesystem::mount($storage, array(), '/' . $this->user . '/');
}
public static function setUpBeforeClass() {
self::$trashBinStatus = \OC_App::isEnabled('files_trashbin');
\OC_App::disable('files_trashbin');
}
public static function tearDownAfterClass() {
if (self::$trashBinStatus) {
\OC_App::enable('files_trashbin');
}
}
/**
* @return array
*/
public function traversalProvider() {
return [
['Pot\..\entiallyDangerousUsername'],
['Pot/..\entiallyDangerousUsername'],
['PotentiallyDangerousUsername/..'],
['PotentiallyDangerousUsername\../'],
['/../PotentiallyDangerousUsername'],
];
}
/**
* @dataProvider traversalProvider
* @expectedException \Exception
* @expectedExceptionMessage Username may not contain slashes
* @param string $dangerousUsername
*/
public function testAvatarTraversal($dangerousUsername) {
new Avatar($dangerousUsername);
}
public function testAvatar() {
$avatar = new Avatar($this->user);
$this->assertEquals(false, $avatar->get());
$expected = new OC_Image(\OC::$SERVERROOT . '/tests/data/testavatar.png');
$expected->resize(64);
$avatar->set($expected->data());
$this->assertEquals($expected->data(), $avatar->get()->data());
$avatar->remove();
$this->assertEquals(false, $avatar->get());
}
public function testAvatarApi() {
$avatarManager = \OC::$server->getAvatarManager();
$avatar = $avatarManager->getAvatar($this->user);
$this->assertEquals(false, $avatar->get());
$expected = new OC_Image(\OC::$SERVERROOT . '/tests/data/testavatar.png');
$expected->resize(64);
$avatar->set($expected->data());
$this->assertEquals($expected->data(), $avatar->get()->data());
$avatar->remove();
$this->assertEquals(false, $avatar->get());
}
}