Merge pull request #3526 from nextcloud/token-save-scope

Save the scope of an auth token in the session
This commit is contained in:
Roeland Jago Douma 2017-04-05 22:05:11 +02:00 committed by GitHub
commit 56797fd695
7 changed files with 276 additions and 92 deletions

View File

@ -2,11 +2,11 @@ Feature: auth
Background: Background:
Given user "user0" exists Given user "user0" exists
Given a new client token is used Given a new restricted client token is added
Given a new unrestricted client token is added
Given the cookie jar is reset
# FILES APP # FILES APP
Scenario: access files app anonymously Scenario: access files app anonymously
When requesting "/index.php/apps/files" with "GET" When requesting "/index.php/apps/files" with "GET"
Then the HTTP status code should be "401" Then the HTTP status code should be "401"
@ -15,12 +15,20 @@ Feature: auth
When requesting "/index.php/apps/files" with "GET" using basic auth When requesting "/index.php/apps/files" with "GET" using basic auth
Then the HTTP status code should be "200" Then the HTTP status code should be "200"
Scenario: access files app with basic token auth Scenario: access files app with unrestricted basic token auth
When requesting "/index.php/apps/files" with "GET" using basic token auth When requesting "/index.php/apps/files" with "GET" using unrestricted basic token auth
Then the HTTP status code should be "200"
Then requesting "/remote.php/files/welcome.txt" with "GET" using browser session
Then the HTTP status code should be "200" Then the HTTP status code should be "200"
Scenario: access files app with a client token Scenario: access files app with restricted basic token auth
When requesting "/index.php/apps/files" with "GET" using a client token When requesting "/index.php/apps/files" with "GET" using restricted basic token auth
Then the HTTP status code should be "200"
Then requesting "/remote.php/files/welcome.txt" with "GET" using browser session
Then the HTTP status code should be "404"
Scenario: access files app with an unrestricted client token
When requesting "/index.php/apps/files" with "GET" using an unrestricted client token
Then the HTTP status code should be "200" Then the HTTP status code should be "200"
Scenario: access files app with browser session Scenario: access files app with browser session
@ -28,9 +36,7 @@ Feature: auth
When requesting "/index.php/apps/files" with "GET" using browser session When requesting "/index.php/apps/files" with "GET" using browser session
Then the HTTP status code should be "200" Then the HTTP status code should be "200"
# WebDAV # WebDAV
Scenario: using WebDAV anonymously Scenario: using WebDAV anonymously
When requesting "/remote.php/webdav" with "PROPFIND" When requesting "/remote.php/webdav" with "PROPFIND"
Then the HTTP status code should be "401" Then the HTTP status code should be "401"
@ -39,23 +45,20 @@ Feature: auth
When requesting "/remote.php/webdav" with "PROPFIND" using basic auth When requesting "/remote.php/webdav" with "PROPFIND" using basic auth
Then the HTTP status code should be "207" Then the HTTP status code should be "207"
Scenario: using WebDAV with token auth Scenario: using WebDAV with unrestricted basic token auth
When requesting "/remote.php/webdav" with "PROPFIND" using basic token auth When requesting "/remote.php/webdav" with "PROPFIND" using unrestricted basic token auth
Then the HTTP status code should be "207" Then the HTTP status code should be "207"
# DAV token auth is not possible yet Scenario: using WebDAV with restricted basic token auth
#Scenario: using WebDAV with a client token When requesting "/remote.php/webdav" with "PROPFIND" using restricted basic token auth
# When requesting "/remote.php/webdav" with "PROPFIND" using a client token Then the HTTP status code should be "207"
# Then the HTTP status code should be "207"
Scenario: using WebDAV with browser session Scenario: using WebDAV with browser session
Given a new browser session is started Given a new browser session is started
When requesting "/remote.php/webdav" with "PROPFIND" using browser session When requesting "/remote.php/webdav" with "PROPFIND" using browser session
Then the HTTP status code should be "207" Then the HTTP status code should be "207"
# OCS # OCS
Scenario: using OCS anonymously Scenario: using OCS anonymously
When requesting "/ocs/v1.php/apps/files_sharing/api/v1/remote_shares" with "GET" When requesting "/ocs/v1.php/apps/files_sharing/api/v1/remote_shares" with "GET"
Then the OCS status code should be "997" Then the OCS status code should be "997"
@ -65,11 +68,11 @@ Feature: auth
Then the OCS status code should be "100" Then the OCS status code should be "100"
Scenario: using OCS with token auth Scenario: using OCS with token auth
When requesting "/ocs/v1.php/apps/files_sharing/api/v1/remote_shares" with "GET" using basic token auth When requesting "/ocs/v1.php/apps/files_sharing/api/v1/remote_shares" with "GET" using unrestricted basic token auth
Then the OCS status code should be "100" Then the OCS status code should be "100"
Scenario: using OCS with client token Scenario: using OCS with an unrestricted client token
When requesting "/ocs/v1.php/apps/files_sharing/api/v1/remote_shares" with "GET" using a client token When requesting "/ocs/v1.php/apps/files_sharing/api/v1/remote_shares" with "GET" using an unrestricted client token
Then the OCS status code should be "100" Then the OCS status code should be "100"
Scenario: using OCS with browser session Scenario: using OCS with browser session
@ -84,3 +87,19 @@ Feature: auth
And requesting "/index.php/apps/files" with "GET" using browser session And requesting "/index.php/apps/files" with "GET" using browser session
Then the HTTP status code should be "200" Then the HTTP status code should be "200"
# AUTH TOKENS
Scenario: Creating an auth token with regular auth token should not work
When requesting "/index.php/apps/files" with "GET" using restricted basic token auth
Then the HTTP status code should be "200"
When the CSRF token is extracted from the previous response
When a new unrestricted client token is added using restricted basic token auth
Then the HTTP status code should be "503"
Scenario: Creating a restricted auth token with regular login should work
When a new restricted client token is added
Then the HTTP status code should be "200"
Scenario: Creating an unrestricted auth token with regular login should work
When a new unrestricted client token is added
Then the HTTP status code should be "200"

View File

@ -1,7 +1,5 @@
<?php <?php
/** /**
* *
* @author Christoph Wurst <christoph@owncloud.com> * @author Christoph Wurst <christoph@owncloud.com>
* *
@ -21,19 +19,28 @@
* along with this program. If not, see <http://www.gnu.org/licenses/>. * along with this program. If not, see <http://www.gnu.org/licenses/>.
* *
*/ */
use GuzzleHttp\Client; use GuzzleHttp\Client;
use GuzzleHttp\Exception\ClientException; use GuzzleHttp\Exception\ClientException;
use GuzzleHttp\Cookie\CookieJar;
require __DIR__ . '/../../vendor/autoload.php'; require __DIR__ . '/../../vendor/autoload.php';
trait Auth { trait Auth {
/** @var string */
private $clientToken; private $unrestrictedClientToken;
/** @var string */
private $restrictedClientToken;
/** @var Client */
private $client;
/** @var string */
private $responseXml;
/** @BeforeScenario */ /** @BeforeScenario */
public function setUpScenario() { public function setUpScenario() {
$this->client = new Client(); $this->client = new Client();
$this->responseXml = ''; $this->responseXml = '';
$this->cookieJar = new CookieJar();
} }
/** /**
@ -65,15 +72,28 @@ trait Auth {
} }
/** /**
* @Given a new client token is used * @When the CSRF token is extracted from the previous response
*/ */
public function aNewClientTokenIsUsed() { public function theCsrfTokenIsExtractedFromThePreviousResponse() {
$this->loggingInUsingWebAs('user0'); $this->requestToken = substr(preg_replace('/(.*)data-requesttoken="(.*)">(.*)/sm', '\2', $this->response->getBody()->getContents()), 0, 89);
}
/**
* @param bool $loginViaWeb
* @return object
*/
private function createClientToken($loginViaWeb = true) {
if($loginViaWeb) {
$this->loggingInUsingWebAs('user0');
}
$fullUrl = substr($this->baseUrl, 0, -5) . '/index.php/settings/personal/authtokens'; $fullUrl = substr($this->baseUrl, 0, -5) . '/index.php/settings/personal/authtokens';
$client = new Client(); $client = new Client();
$options = [ $options = [
'auth' => ['user0', '123456'], 'auth' => [
'user0',
$loginViaWeb ? '123456' : $this->restrictedClientToken,
],
'body' => [ 'body' => [
'requesttoken' => $this->requestToken, 'requesttoken' => $this->requestToken,
'name' => md5(microtime()), 'name' => md5(microtime()),
@ -81,34 +101,107 @@ trait Auth {
'cookies' => $this->cookieJar, 'cookies' => $this->cookieJar,
]; ];
$resp = $client->send($client->createRequest('POST', $fullUrl, $options)); try {
$this->response = $client->send($client->createRequest('POST', $fullUrl, $options));
} catch (\GuzzleHttp\Exception\ServerException $e) {
$this->response = $e->getResponse();
}
return json_decode($this->response->getBody()->getContents());
}
$this->clientToken = json_decode($resp->getBody()->getContents())->token; /**
* @Given a new restricted client token is added
*/
public function aNewRestrictedClientTokenIsAdded() {
$tokenObj = $this->createClientToken();
$newCreatedTokenId = $tokenObj->deviceToken->id;
$fullUrl = substr($this->baseUrl, 0, -5) . '/index.php/settings/personal/authtokens/' . $newCreatedTokenId;
$client = new Client();
$options = [
'auth' => ['user0', '123456'],
'headers' => [
'requesttoken' => $this->requestToken,
],
'json' => [
'scope' => [
'filesystem' => false,
],
],
'cookies' => $this->cookieJar,
];
$this->response = $client->send($client->createRequest('PUT', $fullUrl, $options));
$this->restrictedClientToken = $tokenObj->token;
}
/**
* @Given a new unrestricted client token is added
*/
public function aNewUnrestrictedClientTokenIsAdded() {
$this->unrestrictedClientToken = $this->createClientToken()->token;
}
/**
* @When a new unrestricted client token is added using restricted basic token auth
*/
public function aNewUnrestrictedClientTokenIsAddedUsingRestrictedBasicTokenAuth() {
$this->createClientToken(false);
} }
/** /**
* @When requesting :url with :method using basic auth * @When requesting :url with :method using basic auth
*
* @param string $url
* @param string $method
*/ */
public function requestingWithBasicAuth($url, $method) { public function requestingWithBasicAuth($url, $method) {
$this->sendRequest($url, $method, 'basic ' . base64_encode('user0:123456')); $this->sendRequest($url, $method, 'basic ' . base64_encode('user0:123456'));
} }
/** /**
* @When requesting :url with :method using basic token auth * @When requesting :url with :method using unrestricted basic token auth
*
* @param string $url
* @param string $method
*/ */
public function requestingWithBasicTokenAuth($url, $method) { public function requestingWithUnrestrictedBasicTokenAuth($url, $method) {
$this->sendRequest($url, $method, 'basic ' . base64_encode('user0:' . $this->clientToken)); $this->sendRequest($url, $method, 'basic ' . base64_encode('user0:' . $this->unrestrictedClientToken), true);
} }
/** /**
* @When requesting :url with :method using a client token * @When requesting :url with :method using restricted basic token auth
*
* @param string $url
* @param string $method
*/ */
public function requestingWithUsingAClientToken($url, $method) { public function requestingWithRestrictedBasicTokenAuth($url, $method) {
$this->sendRequest($url, $method, 'token ' . $this->clientToken); $this->sendRequest($url, $method, 'basic ' . base64_encode('user0:' . $this->restrictedClientToken), true);
}
/**
* @When requesting :url with :method using an unrestricted client token
*
* @param string $url
* @param string $method
*/
public function requestingWithUsingAnUnrestrictedClientToken($url, $method) {
$this->sendRequest($url, $method, 'token ' . $this->unrestrictedClientToken);
}
/**
* @When requesting :url with :method using a restricted client token
*
* @param string $url
* @param string $method
*/
public function requestingWithUsingARestrictedClientToken($url, $method) {
$this->sendRequest($url, $method, 'token ' . $this->restrictedClientToken);
} }
/** /**
* @When requesting :url with :method using browser session * @When requesting :url with :method using browser session
*
* @param string $url
* @param string $method
*/ */
public function requestingWithBrowserSession($url, $method) { public function requestingWithBrowserSession($url, $method) {
$this->sendRequest($url, $method, null, true); $this->sendRequest($url, $method, null, true);
@ -116,6 +209,8 @@ trait Auth {
/** /**
* @Given a new browser session is started * @Given a new browser session is started
*
* @param bool $remember
*/ */
public function aNewBrowserSessionIsStarted($remember = false) { public function aNewBrowserSessionIsStarted($remember = false) {
$loginUrl = substr($this->baseUrl, 0, -5) . '/login'; $loginUrl = substr($this->baseUrl, 0, -5) . '/login';
@ -149,6 +244,14 @@ trait Auth {
$this->aNewBrowserSessionIsStarted(true); $this->aNewBrowserSessionIsStarted(true);
} }
/**
* @Given the cookie jar is reset
*/
public function theCookieJarIsReset() {
$this->cookieJar = new CookieJar();
}
/** /**
* @When the session cookie expires * @When the session cookie expires
*/ */

View File

@ -20,27 +20,60 @@
namespace OC\Lockdown; namespace OC\Lockdown;
use OC\Authentication\Token\IToken; use OC\Authentication\Token\IToken;
use OCP\ISession;
use OCP\Lockdown\ILockdownManager; use OCP\Lockdown\ILockdownManager;
class LockdownManager implements ILockdownManager { class LockdownManager implements ILockdownManager {
/** @var ISession */
private $sessionCallback;
private $enabled = false; private $enabled = false;
/** @var array|null */ /** @var array|null */
private $scope; private $scope;
/**
* LockdownManager constructor.
*
* @param callable $sessionCallback we need to inject the session lazily to avoid dependency loops
*/
public function __construct(callable $sessionCallback) {
$this->sessionCallback = $sessionCallback;
}
public function enable() { public function enable() {
$this->enabled = true; $this->enabled = true;
} }
/**
* @return ISession
*/
private function getSession() {
$callback = $this->sessionCallback;
return $callback();
}
private function getScopeAsArray() {
if (!$this->scope) {
$session = $this->getSession();
$sessionScope = $session->get('token_scope');
if ($sessionScope) {
$this->scope = $sessionScope;
}
}
return $this->scope;
}
public function setToken(IToken $token) { public function setToken(IToken $token) {
$this->scope = $token->getScopeAsArray(); $this->scope = $token->getScopeAsArray();
$session = $this->getSession();
$session->set('token_scope', $this->scope);
$this->enable(); $this->enable();
} }
public function canAccessFilesystem() { public function canAccessFilesystem() {
if (!$this->enabled) { $scope = $this->getScopeAsArray();
return true; return !$scope || $scope['filesystem'];
}
return !$this->scope || $this->scope['filesystem'];
} }
} }

View File

@ -307,7 +307,7 @@ class Server extends ServerContainer implements IServerContainer {
$defaultTokenProvider = null; $defaultTokenProvider = null;
} }
$userSession = new \OC\User\Session($manager, $session, $timeFactory, $defaultTokenProvider, $c->getConfig(), $c->getSecureRandom()); $userSession = new \OC\User\Session($manager, $session, $timeFactory, $defaultTokenProvider, $c->getConfig(), $c->getSecureRandom(), $c->getLockdownManager());
$userSession->listen('\OC\User', 'preCreateUser', function ($uid, $password) { $userSession->listen('\OC\User', 'preCreateUser', function ($uid, $password) {
\OC_Hook::emit('OC_User', 'pre_createUser', array('run' => true, 'uid' => $uid, 'password' => $password)); \OC_Hook::emit('OC_User', 'pre_createUser', array('run' => true, 'uid' => $uid, 'password' => $password));
}); });
@ -930,7 +930,9 @@ class Server extends ServerContainer implements IServerContainer {
}); });
$this->registerService('LockdownManager', function (Server $c) { $this->registerService('LockdownManager', function (Server $c) {
return new LockdownManager(); return new LockdownManager(function() use ($c) {
return $c->getSession();
});
}); });
$this->registerService(ICloudIdManager::class, function (Server $c) { $this->registerService(ICloudIdManager::class, function (Server $c) {

View File

@ -51,6 +51,7 @@ use OCP\ISession;
use OCP\IUser; use OCP\IUser;
use OCP\IUserManager; use OCP\IUserManager;
use OCP\IUserSession; use OCP\IUserSession;
use OCP\Lockdown\ILockdownManager;
use OCP\Security\ISecureRandom; use OCP\Security\ISecureRandom;
use OCP\Session\Exceptions\SessionNotAvailableException; use OCP\Session\Exceptions\SessionNotAvailableException;
use OCP\Util; use OCP\Util;
@ -84,7 +85,7 @@ class Session implements IUserSession, Emitter {
private $session; private $session;
/** @var ITimeFactory */ /** @var ITimeFactory */
private $timeFacory; private $timeFactory;
/** @var IProvider */ /** @var IProvider */
private $tokenProvider; private $tokenProvider;
@ -98,26 +99,33 @@ class Session implements IUserSession, Emitter {
/** @var ISecureRandom */ /** @var ISecureRandom */
private $random; private $random;
/** @var ILockdownManager */
private $lockdownManager;
/** /**
* @param IUserManager $manager * @param IUserManager $manager
* @param ISession $session * @param ISession $session
* @param ITimeFactory $timeFacory * @param ITimeFactory $timeFactory
* @param IProvider $tokenProvider * @param IProvider $tokenProvider
* @param IConfig $config * @param IConfig $config
* @param ISecureRandom $random * @param ISecureRandom $random
* @param ILockdownManager $lockdownManager
*/ */
public function __construct(IUserManager $manager, public function __construct(IUserManager $manager,
ISession $session, ISession $session,
ITimeFactory $timeFacory, ITimeFactory $timeFactory,
$tokenProvider, $tokenProvider,
IConfig $config, IConfig $config,
ISecureRandom $random) { ISecureRandom $random,
ILockdownManager $lockdownManager
) {
$this->manager = $manager; $this->manager = $manager;
$this->session = $session; $this->session = $session;
$this->timeFacory = $timeFacory; $this->timeFactory = $timeFactory;
$this->tokenProvider = $tokenProvider; $this->tokenProvider = $tokenProvider;
$this->config = $config; $this->config = $config;
$this->random = $random; $this->random = $random;
$this->lockdownManager = $lockdownManager;
} }
/** /**
@ -374,7 +382,7 @@ class Session implements IUserSession, Emitter {
if (!is_null($request->getCookie('cookie_test'))) { if (!is_null($request->getCookie('cookie_test'))) {
return true; return true;
} }
setcookie('cookie_test', 'test', $this->timeFacory->getTime() + 3600); setcookie('cookie_test', 'test', $this->timeFactory->getTime() + 3600);
return false; return false;
} }
@ -464,7 +472,7 @@ class Session implements IUserSession, Emitter {
); );
// Set the last-password-confirm session to make the sudo mode work // Set the last-password-confirm session to make the sudo mode work
$this->session->set('last-password-confirm', $this->timeFacory->getTime()); $this->session->set('last-password-confirm', $this->timeFactory->getTime());
return true; return true;
} }
@ -550,7 +558,7 @@ class Session implements IUserSession, Emitter {
$this->setUser($user); $this->setUser($user);
$this->setLoginName($dbToken->getLoginName()); $this->setLoginName($dbToken->getLoginName());
$this->setToken($dbToken->getId()); $this->setToken($dbToken->getId());
\OC::$server->getLockdownManager()->setToken($dbToken); $this->lockdownManager->setToken($dbToken);
$this->manager->emit('\OC\User', 'postLogin', array($user, $password)); $this->manager->emit('\OC\User', 'postLogin', array($user, $password));
if ($this->isLoggedIn()) { if ($this->isLoggedIn()) {
@ -626,7 +634,7 @@ class Session implements IUserSession, Emitter {
// Check whether login credentials are still valid and the user was not disabled // Check whether login credentials are still valid and the user was not disabled
// This check is performed each 5 minutes // This check is performed each 5 minutes
$lastCheck = $dbToken->getLastCheck() ? : 0; $lastCheck = $dbToken->getLastCheck() ? : 0;
$now = $this->timeFacory->getTime(); $now = $this->timeFactory->getTime();
if ($lastCheck > ($now - 60 * 5)) { if ($lastCheck > ($now - 60 * 5)) {
// Checked performed recently, nothing to do now // Checked performed recently, nothing to do now
return true; return true;
@ -747,7 +755,7 @@ class Session implements IUserSession, Emitter {
// replace successfully used token with a new one // replace successfully used token with a new one
$this->config->deleteUserValue($uid, 'login_token', $currentToken); $this->config->deleteUserValue($uid, 'login_token', $currentToken);
$newToken = $this->random->generate(32); $newToken = $this->random->generate(32);
$this->config->setUserValue($uid, 'login_token', $newToken, $this->timeFacory->getTime()); $this->config->setUserValue($uid, 'login_token', $newToken, $this->timeFactory->getTime());
try { try {
$sessionId = $this->session->getId(); $sessionId = $this->session->getId();
@ -766,6 +774,7 @@ class Session implements IUserSession, Emitter {
$this->setUser($user); $this->setUser($user);
$this->setLoginName($token->getLoginName()); $this->setLoginName($token->getLoginName());
$this->setToken($token->getId()); $this->setToken($token->getId());
$this->lockdownManager->setToken($token);
$user->updateLastLoginTimestamp(); $user->updateLastLoginTimestamp();
$this->manager->emit('\OC\User', 'postRememberedLogin', [$user]); $this->manager->emit('\OC\User', 'postRememberedLogin', [$user]);
return true; return true;
@ -776,7 +785,7 @@ class Session implements IUserSession, Emitter {
*/ */
public function createRememberMeToken(IUser $user) { public function createRememberMeToken(IUser $user) {
$token = $this->random->generate(32); $token = $this->random->generate(32);
$this->config->setUserValue($user->getUID(), 'login_token', $token, $this->timeFacory->getTime()); $this->config->setUserValue($user->getUID(), 'login_token', $token, $this->timeFactory->getTime());
$this->setMagicInCookie($user->getUID(), $token); $this->setMagicInCookie($user->getUID(), $token);
} }
@ -814,7 +823,7 @@ class Session implements IUserSession, Emitter {
$webRoot = '/'; $webRoot = '/';
} }
$expires = $this->timeFacory->getTime() + $this->config->getSystemValue('remember_login_cookie_lifetime', 60 * 60 * 24 * 15); $expires = $this->timeFactory->getTime() + $this->config->getSystemValue('remember_login_cookie_lifetime', 60 * 60 * 24 * 15);
setcookie('nc_username', $username, $expires, $webRoot, '', $secureCookie, true); setcookie('nc_username', $username, $expires, $webRoot, '', $secureCookie, true);
setcookie('nc_token', $token, $expires, $webRoot, '', $secureCookie, true); setcookie('nc_token', $token, $expires, $webRoot, '', $secureCookie, true);
try { try {
@ -834,14 +843,14 @@ class Session implements IUserSession, Emitter {
unset($_COOKIE['nc_username']); //TODO: DI unset($_COOKIE['nc_username']); //TODO: DI
unset($_COOKIE['nc_token']); unset($_COOKIE['nc_token']);
unset($_COOKIE['nc_session_id']); unset($_COOKIE['nc_session_id']);
setcookie('nc_username', '', $this->timeFacory->getTime() - 3600, OC::$WEBROOT, '', $secureCookie, true); setcookie('nc_username', '', $this->timeFactory->getTime() - 3600, OC::$WEBROOT, '', $secureCookie, true);
setcookie('nc_token', '', $this->timeFacory->getTime() - 3600, OC::$WEBROOT, '', $secureCookie, true); setcookie('nc_token', '', $this->timeFactory->getTime() - 3600, OC::$WEBROOT, '', $secureCookie, true);
setcookie('nc_session_id', '', $this->timeFacory->getTime() - 3600, OC::$WEBROOT, '', $secureCookie, true); setcookie('nc_session_id', '', $this->timeFactory->getTime() - 3600, OC::$WEBROOT, '', $secureCookie, true);
// old cookies might be stored under /webroot/ instead of /webroot // old cookies might be stored under /webroot/ instead of /webroot
// and Firefox doesn't like it! // and Firefox doesn't like it!
setcookie('nc_username', '', $this->timeFacory->getTime() - 3600, OC::$WEBROOT . '/', '', $secureCookie, true); setcookie('nc_username', '', $this->timeFactory->getTime() - 3600, OC::$WEBROOT . '/', '', $secureCookie, true);
setcookie('nc_token', '', $this->timeFacory->getTime() - 3600, OC::$WEBROOT . '/', '', $secureCookie, true); setcookie('nc_token', '', $this->timeFactory->getTime() - 3600, OC::$WEBROOT . '/', '', $secureCookie, true);
setcookie('nc_session_id', '', $this->timeFacory->getTime() - 3600, OC::$WEBROOT . '/', '', $secureCookie, true); setcookie('nc_session_id', '', $this->timeFactory->getTime() - 3600, OC::$WEBROOT . '/', '', $secureCookie, true);
} }
/** /**

View File

@ -23,18 +23,29 @@ namespace Test\Lockdown;
use OC\Authentication\Token\DefaultToken; use OC\Authentication\Token\DefaultToken;
use OC\Lockdown\LockdownManager; use OC\Lockdown\LockdownManager;
use OCP\ISession;
use Test\TestCase; use Test\TestCase;
class LockdownManagerTest extends TestCase { class LockdownManagerTest extends TestCase {
private $sessionCallback;
public function setUp() {
parent::setUp();
$this->sessionCallback = function() {
return $this->createMock(ISession::class);
};
}
public function testCanAccessFilesystemDisabled() { public function testCanAccessFilesystemDisabled() {
$manager = new LockdownManager(); $manager = new LockdownManager($this->sessionCallback);
$this->assertTrue($manager->canAccessFilesystem()); $this->assertTrue($manager->canAccessFilesystem());
} }
public function testCanAccessFilesystemAllowed() { public function testCanAccessFilesystemAllowed() {
$token = new DefaultToken(); $token = new DefaultToken();
$token->setScope(['filesystem' => true]); $token->setScope(['filesystem' => true]);
$manager = new LockdownManager(); $manager = new LockdownManager($this->sessionCallback);
$manager->setToken($token); $manager->setToken($token);
$this->assertTrue($manager->canAccessFilesystem()); $this->assertTrue($manager->canAccessFilesystem());
} }
@ -42,7 +53,7 @@ class LockdownManagerTest extends TestCase {
public function testCanAccessFilesystemNotAllowed() { public function testCanAccessFilesystemNotAllowed() {
$token = new DefaultToken(); $token = new DefaultToken();
$token->setScope(['filesystem' => false]); $token->setScope(['filesystem' => false]);
$manager = new LockdownManager(); $manager = new LockdownManager($this->sessionCallback);
$manager->setToken($token); $manager->setToken($token);
$this->assertFalse($manager->canAccessFilesystem()); $this->assertFalse($manager->canAccessFilesystem());
} }

View File

@ -26,6 +26,7 @@ use OCP\IRequest;
use OCP\ISession; use OCP\ISession;
use OCP\IUser; use OCP\IUser;
use OCP\IUserManager; use OCP\IUserManager;
use OCP\Lockdown\ILockdownManager;
use OCP\Security\ICrypto; use OCP\Security\ICrypto;
use OCP\Security\ISecureRandom; use OCP\Security\ISecureRandom;
@ -50,6 +51,8 @@ class SessionTest extends \Test\TestCase {
private $session; private $session;
/** @var Session|\PHPUnit_Framework_MockObject_MockObject */ /** @var Session|\PHPUnit_Framework_MockObject_MockObject */
private $userSession; private $userSession;
/** @var ILockdownManager|\PHPUnit_Framework_MockObject_MockObject */
private $lockdownManager;
protected function setUp() { protected function setUp() {
parent::setUp(); parent::setUp();
@ -64,6 +67,7 @@ class SessionTest extends \Test\TestCase {
$this->random = $this->createMock(ISecureRandom::class); $this->random = $this->createMock(ISecureRandom::class);
$this->manager = $this->createMock(IUserManager::class); $this->manager = $this->createMock(IUserManager::class);
$this->session = $this->createMock(ISession::class); $this->session = $this->createMock(ISession::class);
$this->lockdownManager = $this->createMock(ILockdownManager::class);
$this->userSession = $this->getMockBuilder(Session::class) $this->userSession = $this->getMockBuilder(Session::class)
->setConstructorArgs([ ->setConstructorArgs([
$this->manager, $this->manager,
@ -72,6 +76,7 @@ class SessionTest extends \Test\TestCase {
$this->tokenProvider, $this->tokenProvider,
$this->config, $this->config,
$this->random, $this->random,
$this->lockdownManager
]) ])
->setMethods([ ->setMethods([
'setMagicInCookie', 'setMagicInCookie',
@ -132,7 +137,7 @@ class SessionTest extends \Test\TestCase {
->with($expectedUser->getUID()) ->with($expectedUser->getUID())
->will($this->returnValue($expectedUser)); ->will($this->returnValue($expectedUser));
$userSession = new \OC\User\Session($manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random); $userSession = new \OC\User\Session($manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random, $this->lockdownManager);
$user = $userSession->getUser(); $user = $userSession->getUser();
$this->assertSame($expectedUser, $user); $this->assertSame($expectedUser, $user);
$this->assertSame(10000, $token->getLastCheck()); $this->assertSame(10000, $token->getLastCheck());
@ -154,7 +159,7 @@ class SessionTest extends \Test\TestCase {
$manager = $this->createMock(Manager::class); $manager = $this->createMock(Manager::class);
$userSession = $this->getMockBuilder(Session::class) $userSession = $this->getMockBuilder(Session::class)
->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random]) ->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random, $this->lockdownManager])
->setMethods([ ->setMethods([
'getUser' 'getUser'
]) ])
@ -181,7 +186,7 @@ class SessionTest extends \Test\TestCase {
->method('getUID') ->method('getUID')
->will($this->returnValue('foo')); ->will($this->returnValue('foo'));
$userSession = new \OC\User\Session($manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random); $userSession = new \OC\User\Session($manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random, $this->lockdownManager);
$userSession->setUser($user); $userSession->setUser($user);
} }
@ -233,7 +238,7 @@ class SessionTest extends \Test\TestCase {
->will($this->returnValue($user)); ->will($this->returnValue($user));
$userSession = $this->getMockBuilder(Session::class) $userSession = $this->getMockBuilder(Session::class)
->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random]) ->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random, $this->lockdownManager])
->setMethods([ ->setMethods([
'prepareUserLogin' 'prepareUserLogin'
]) ])
@ -280,7 +285,7 @@ class SessionTest extends \Test\TestCase {
->with('foo', 'bar') ->with('foo', 'bar')
->will($this->returnValue($user)); ->will($this->returnValue($user));
$userSession = new \OC\User\Session($manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random); $userSession = new \OC\User\Session($manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random, $this->lockdownManager);
$userSession->login('foo', 'bar'); $userSession->login('foo', 'bar');
} }
@ -294,7 +299,7 @@ class SessionTest extends \Test\TestCase {
->setConstructorArgs([$this->config]) ->setConstructorArgs([$this->config])
->getMock(); ->getMock();
$backend = $this->createMock(\Test\Util\User\Dummy::class); $backend = $this->createMock(\Test\Util\User\Dummy::class);
$userSession = new \OC\User\Session($manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random); $userSession = new \OC\User\Session($manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random, $this->lockdownManager);
$user = $this->getMockBuilder(User::class)->setConstructorArgs(['foo', $backend])->getMock(); $user = $this->getMockBuilder(User::class)->setConstructorArgs(['foo', $backend])->getMock();
@ -323,7 +328,7 @@ class SessionTest extends \Test\TestCase {
public function testLoginNonExisting() { public function testLoginNonExisting() {
$session = $this->getMockBuilder(Memory::class)->setConstructorArgs([''])->getMock(); $session = $this->getMockBuilder(Memory::class)->setConstructorArgs([''])->getMock();
$manager = $this->createMock(Manager::class); $manager = $this->createMock(Manager::class);
$userSession = new \OC\User\Session($manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random); $userSession = new \OC\User\Session($manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random, $this->lockdownManager);
$session->expects($this->never()) $session->expects($this->never())
->method('set'); ->method('set');
@ -349,7 +354,7 @@ class SessionTest extends \Test\TestCase {
public function testLoginWithDifferentTokenLoginName() { public function testLoginWithDifferentTokenLoginName() {
$session = $this->getMockBuilder(Memory::class)->setConstructorArgs([''])->getMock(); $session = $this->getMockBuilder(Memory::class)->setConstructorArgs([''])->getMock();
$manager = $this->createMock(Manager::class); $manager = $this->createMock(Manager::class);
$userSession = new \OC\User\Session($manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random); $userSession = new \OC\User\Session($manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random, $this->lockdownManager);
$username = 'user123'; $username = 'user123';
$token = new \OC\Authentication\Token\DefaultToken(); $token = new \OC\Authentication\Token\DefaultToken();
$token->setLoginName($username); $token->setLoginName($username);
@ -381,7 +386,7 @@ class SessionTest extends \Test\TestCase {
/** @var \OC\User\Session $userSession */ /** @var \OC\User\Session $userSession */
$userSession = $this->getMockBuilder(Session::class) $userSession = $this->getMockBuilder(Session::class)
->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random]) ->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random, $this->lockdownManager])
->setMethods(['login', 'supportsCookies', 'createSessionToken', 'getUser']) ->setMethods(['login', 'supportsCookies', 'createSessionToken', 'getUser'])
->getMock(); ->getMock();
@ -417,7 +422,7 @@ class SessionTest extends \Test\TestCase {
/** @var Session $userSession */ /** @var Session $userSession */
$userSession = $this->getMockBuilder(Session::class) $userSession = $this->getMockBuilder(Session::class)
->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random]) ->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random, $this->lockdownManager])
->setMethods(['login', 'supportsCookies', 'createSessionToken', 'getUser']) ->setMethods(['login', 'supportsCookies', 'createSessionToken', 'getUser'])
->getMock(); ->getMock();
@ -440,7 +445,7 @@ class SessionTest extends \Test\TestCase {
/** @var \OC\User\Session $userSession */ /** @var \OC\User\Session $userSession */
$userSession = $this->getMockBuilder(Session::class) $userSession = $this->getMockBuilder(Session::class)
->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random]) ->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random, $this->lockdownManager])
->setMethods(['isTokenPassword', 'login', 'supportsCookies', 'createSessionToken', 'getUser']) ->setMethods(['isTokenPassword', 'login', 'supportsCookies', 'createSessionToken', 'getUser'])
->getMock(); ->getMock();
@ -482,7 +487,7 @@ class SessionTest extends \Test\TestCase {
/** @var \OC\User\Session $userSession */ /** @var \OC\User\Session $userSession */
$userSession = $this->getMockBuilder(Session::class) $userSession = $this->getMockBuilder(Session::class)
->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random]) ->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random, $this->lockdownManager])
->setMethods(['login', 'isTwoFactorEnforced']) ->setMethods(['login', 'isTwoFactorEnforced'])
->getMock(); ->getMock();
@ -529,7 +534,7 @@ class SessionTest extends \Test\TestCase {
$userSession = $this->getMockBuilder(Session::class) $userSession = $this->getMockBuilder(Session::class)
//override, otherwise tests will fail because of setcookie() //override, otherwise tests will fail because of setcookie()
->setMethods(['setMagicInCookie', 'setLoginName']) ->setMethods(['setMagicInCookie', 'setLoginName'])
->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random]) ->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random, $this->lockdownManager])
->getMock(); ->getMock();
$user = $this->createMock(IUser::class); $user = $this->createMock(IUser::class);
@ -606,7 +611,7 @@ class SessionTest extends \Test\TestCase {
$userSession = $this->getMockBuilder(Session::class) $userSession = $this->getMockBuilder(Session::class)
//override, otherwise tests will fail because of setcookie() //override, otherwise tests will fail because of setcookie()
->setMethods(['setMagicInCookie']) ->setMethods(['setMagicInCookie'])
->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random]) ->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random, $this->lockdownManager])
->getMock(); ->getMock();
$user = $this->createMock(IUser::class); $user = $this->createMock(IUser::class);
@ -666,7 +671,7 @@ class SessionTest extends \Test\TestCase {
$userSession = $this->getMockBuilder(Session::class) $userSession = $this->getMockBuilder(Session::class)
//override, otherwise tests will fail because of setcookie() //override, otherwise tests will fail because of setcookie()
->setMethods(['setMagicInCookie']) ->setMethods(['setMagicInCookie'])
->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random]) ->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random, $this->lockdownManager])
->getMock(); ->getMock();
$user = $this->createMock(IUser::class); $user = $this->createMock(IUser::class);
@ -714,7 +719,7 @@ class SessionTest extends \Test\TestCase {
$userSession = $this->getMockBuilder(Session::class) $userSession = $this->getMockBuilder(Session::class)
//override, otherwise tests will fail because of setcookie() //override, otherwise tests will fail because of setcookie()
->setMethods(['setMagicInCookie']) ->setMethods(['setMagicInCookie'])
->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random]) ->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random, $this->lockdownManager])
->getMock(); ->getMock();
$token = 'goodToken'; $token = 'goodToken';
$oldSessionId = 'sess321'; $oldSessionId = 'sess321';
@ -762,7 +767,7 @@ class SessionTest extends \Test\TestCase {
$session = new Memory(''); $session = new Memory('');
$session->set('user_id', 'foo'); $session->set('user_id', 'foo');
$userSession = $this->getMockBuilder('\OC\User\Session') $userSession = $this->getMockBuilder('\OC\User\Session')
->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random]) ->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random, $this->lockdownManager])
->setMethods([ ->setMethods([
'validateSession' 'validateSession'
]) ])
@ -782,7 +787,7 @@ class SessionTest extends \Test\TestCase {
$manager = $this->createMock(Manager::class); $manager = $this->createMock(Manager::class);
$session = $this->createMock(ISession::class); $session = $this->createMock(ISession::class);
$user = $this->createMock(IUser::class); $user = $this->createMock(IUser::class);
$userSession = new \OC\User\Session($manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random); $userSession = new \OC\User\Session($manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random, $this->lockdownManager);
$random = $this->createMock(ISecureRandom::class); $random = $this->createMock(ISecureRandom::class);
$config = $this->createMock(IConfig::class); $config = $this->createMock(IConfig::class);
@ -823,7 +828,7 @@ class SessionTest extends \Test\TestCase {
$manager = $this->createMock(Manager::class); $manager = $this->createMock(Manager::class);
$session = $this->createMock(ISession::class); $session = $this->createMock(ISession::class);
$user = $this->createMock(IUser::class); $user = $this->createMock(IUser::class);
$userSession = new \OC\User\Session($manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random); $userSession = new \OC\User\Session($manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random, $this->lockdownManager);
$random = $this->createMock(ISecureRandom::class); $random = $this->createMock(ISecureRandom::class);
$config = $this->createMock(IConfig::class); $config = $this->createMock(IConfig::class);
@ -867,7 +872,7 @@ class SessionTest extends \Test\TestCase {
$session = $this->createMock(ISession::class); $session = $this->createMock(ISession::class);
$token = $this->createMock(IToken::class); $token = $this->createMock(IToken::class);
$user = $this->createMock(IUser::class); $user = $this->createMock(IUser::class);
$userSession = new \OC\User\Session($manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random); $userSession = new \OC\User\Session($manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random, $this->lockdownManager);
$random = $this->createMock(ISecureRandom::class); $random = $this->createMock(ISecureRandom::class);
$config = $this->createMock(IConfig::class); $config = $this->createMock(IConfig::class);
@ -914,7 +919,7 @@ class SessionTest extends \Test\TestCase {
->disableOriginalConstructor() ->disableOriginalConstructor()
->getMock(); ->getMock();
$session = $this->createMock(ISession::class); $session = $this->createMock(ISession::class);
$userSession = new \OC\User\Session($manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random); $userSession = new \OC\User\Session($manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random, $this->lockdownManager);
$request = $this->createMock(IRequest::class); $request = $this->createMock(IRequest::class);
$uid = 'user123'; $uid = 'user123';
@ -944,7 +949,7 @@ class SessionTest extends \Test\TestCase {
$user = $this->createMock(IUser::class); $user = $this->createMock(IUser::class);
$userSession = $this->getMockBuilder('\OC\User\Session') $userSession = $this->getMockBuilder('\OC\User\Session')
->setMethods(['logout']) ->setMethods(['logout'])
->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random]) ->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config, $this->random, $this->lockdownManager])
->getMock(); ->getMock();
$request = $this->createMock(IRequest::class); $request = $this->createMock(IRequest::class);
@ -973,7 +978,7 @@ class SessionTest extends \Test\TestCase {
$timeFactory = $this->createMock(ITimeFactory::class); $timeFactory = $this->createMock(ITimeFactory::class);
$tokenProvider = $this->createMock(IProvider::class); $tokenProvider = $this->createMock(IProvider::class);
$userSession = $this->getMockBuilder('\OC\User\Session') $userSession = $this->getMockBuilder('\OC\User\Session')
->setConstructorArgs([$userManager, $session, $timeFactory, $tokenProvider, $this->config, $this->random]) ->setConstructorArgs([$userManager, $session, $timeFactory, $tokenProvider, $this->config, $this->random, $this->lockdownManager])
->setMethods(['logout']) ->setMethods(['logout'])
->getMock(); ->getMock();
@ -1020,7 +1025,7 @@ class SessionTest extends \Test\TestCase {
$timeFactory = $this->createMock(ITimeFactory::class); $timeFactory = $this->createMock(ITimeFactory::class);
$tokenProvider = $this->createMock(IProvider::class); $tokenProvider = $this->createMock(IProvider::class);
$userSession = $this->getMockBuilder('\OC\User\Session') $userSession = $this->getMockBuilder('\OC\User\Session')
->setConstructorArgs([$userManager, $session, $timeFactory, $tokenProvider, $this->config, $this->random]) ->setConstructorArgs([$userManager, $session, $timeFactory, $tokenProvider, $this->config, $this->random, $this->lockdownManager])
->setMethods(['logout']) ->setMethods(['logout'])
->getMock(); ->getMock();
@ -1054,7 +1059,7 @@ class SessionTest extends \Test\TestCase {
$session = $this->createMock(ISession::class); $session = $this->createMock(ISession::class);
$timeFactory = $this->createMock(ITimeFactory::class); $timeFactory = $this->createMock(ITimeFactory::class);
$tokenProvider = $this->createMock(IProvider::class); $tokenProvider = $this->createMock(IProvider::class);
$userSession = new \OC\User\Session($userManager, $session, $timeFactory, $tokenProvider, $this->config, $this->random); $userSession = new \OC\User\Session($userManager, $session, $timeFactory, $tokenProvider, $this->config, $this->random, $this->lockdownManager);
$password = '123456'; $password = '123456';
$sessionId = 'session1234'; $sessionId = 'session1234';
@ -1079,7 +1084,7 @@ class SessionTest extends \Test\TestCase {
$session = $this->createMock(ISession::class); $session = $this->createMock(ISession::class);
$timeFactory = $this->createMock(ITimeFactory::class); $timeFactory = $this->createMock(ITimeFactory::class);
$tokenProvider = $this->createMock(IProvider::class); $tokenProvider = $this->createMock(IProvider::class);
$userSession = new \OC\User\Session($userManager, $session, $timeFactory, $tokenProvider, $this->config, $this->random); $userSession = new \OC\User\Session($userManager, $session, $timeFactory, $tokenProvider, $this->config, $this->random, $this->lockdownManager);
$session->expects($this->once()) $session->expects($this->once())
->method('getId') ->method('getId')
@ -1093,7 +1098,7 @@ class SessionTest extends \Test\TestCase {
$session = $this->createMock(ISession::class); $session = $this->createMock(ISession::class);
$timeFactory = $this->createMock(ITimeFactory::class); $timeFactory = $this->createMock(ITimeFactory::class);
$tokenProvider = $this->createMock(IProvider::class); $tokenProvider = $this->createMock(IProvider::class);
$userSession = new \OC\User\Session($userManager, $session, $timeFactory, $tokenProvider, $this->config, $this->random); $userSession = new \OC\User\Session($userManager, $session, $timeFactory, $tokenProvider, $this->config, $this->random, $this->lockdownManager);
$password = '123456'; $password = '123456';
$sessionId = 'session1234'; $sessionId = 'session1234';
@ -1133,7 +1138,7 @@ class SessionTest extends \Test\TestCase {
$tokenProvider = new DefaultTokenProvider($mapper, $crypto, $this->config, $logger, $this->timeFactory); $tokenProvider = new DefaultTokenProvider($mapper, $crypto, $this->config, $logger, $this->timeFactory);
/** @var \OC\User\Session $userSession */ /** @var \OC\User\Session $userSession */
$userSession = new Session($manager, $session, $this->timeFactory, $tokenProvider, $this->config, $this->random); $userSession = new Session($manager, $session, $this->timeFactory, $tokenProvider, $this->config, $this->random, $this->lockdownManager);
$mapper->expects($this->any()) $mapper->expects($this->any())
->method('getToken') ->method('getToken')
@ -1183,7 +1188,7 @@ class SessionTest extends \Test\TestCase {
$tokenProvider = new DefaultTokenProvider($mapper, $crypto, $this->config, $logger, $this->timeFactory); $tokenProvider = new DefaultTokenProvider($mapper, $crypto, $this->config, $logger, $this->timeFactory);
/** @var \OC\User\Session $userSession */ /** @var \OC\User\Session $userSession */
$userSession = new Session($manager, $session, $this->timeFactory, $tokenProvider, $this->config, $this->random); $userSession = new Session($manager, $session, $this->timeFactory, $tokenProvider, $this->config, $this->random, $this->lockdownManager);
$mapper->expects($this->any()) $mapper->expects($this->any())
->method('getToken') ->method('getToken')
@ -1271,6 +1276,7 @@ class SessionTest extends \Test\TestCase {
$this->tokenProvider, $this->tokenProvider,
$this->config, $this->config,
$this->random, $this->random,
$this->lockdownManager
]) ])
->setMethods([ ->setMethods([
'logClientIn', 'logClientIn',
@ -1320,6 +1326,7 @@ class SessionTest extends \Test\TestCase {
$this->tokenProvider, $this->tokenProvider,
$this->config, $this->config,
$this->random, $this->random,
$this->lockdownManager
]) ])
->setMethods([ ->setMethods([
'logClientIn', 'logClientIn',