Check the user on remote wipe

Signed-off-by: Joas Schilling <coding@schilljs.com>
This commit is contained in:
Joas Schilling 2020-03-16 08:52:46 +01:00
parent f85747f74c
commit 9935c71ec3
No known key found for this signature in database
GPG Key ID: 7076EA9751AACDDA
4 changed files with 44 additions and 23 deletions

View File

@ -289,7 +289,13 @@ class AuthSettingsController extends Controller {
* @throws \OC\Authentication\Exceptions\ExpiredTokenException
*/
public function wipe(int $id): JSONResponse {
if (!$this->remoteWipe->markTokenForWipe($id)) {
try {
$token = $this->findTokenByIdAndUser($id);
} catch (InvalidTokenException $e) {
return new JSONResponse([], Http::STATUS_NOT_FOUND);
}
if (!$this->remoteWipe->markTokenForWipe($token)) {
return new JSONResponse([], Http::STATUS_BAD_REQUEST);
}

View File

@ -36,6 +36,7 @@ use OC\Authentication\Exceptions\InvalidTokenException;
use OC\Authentication\Token\DefaultToken;
use OC\Authentication\Token\IProvider;
use OC\Authentication\Token\IToken;
use OC\Authentication\Token\IWipeableToken;
use OC\Authentication\Token\RemoteWipe;
use OCA\Settings\Controller\AuthSettingsController;
use OCP\Activity\IEvent;
@ -428,9 +429,15 @@ class AuthSettingsControllerTest extends TestCase {
}
public function testRemoteWipeNotSuccessful(): void {
$token = $this->createMock(IToken::class);
$token->expects($this->once())
->method('getUID')
->willReturn($this->uid);
$this->mockGetTokenById(123, $token);
$this->remoteWipe->expects($this->once())
->method('markTokenForWipe')
->with(123)
->with($token)
->willReturn(false);
$response = $this->controller->wipe(123);
@ -439,10 +446,32 @@ class AuthSettingsControllerTest extends TestCase {
$this->assertEquals($expected, $response);
}
public function testRemoteWipeWrongUser(): void {
$token = $this->createMock(IToken::class);
$token->expects($this->once())
->method('getUID')
->willReturn('definetly-not-' . $this->uid);
$this->mockGetTokenById(123, $token);
$this->remoteWipe->expects($this->never())
->method('markTokenForWipe');
$response = $this->controller->wipe(123);
$expected = new JSONResponse([], Http::STATUS_NOT_FOUND);
$this->assertEquals($expected, $response);
}
public function testRemoteWipeSuccessful(): void {
$token = $this->createMock(IWipeableToken::class);
$token->expects($this->once())
->method('getUID')
->willReturn($this->uid);
$this->mockGetTokenById(123, $token);
$this->remoteWipe->expects($this->once())
->method('markTokenForWipe')
->with(123)
->with($token)
->willReturn(true);
$response = $this->controller->wipe(123);

View File

@ -57,18 +57,14 @@ class RemoteWipe {
}
/**
* @param int $id
*
* @param IToken $token
* @return bool
*
* @throws InvalidTokenException
* @throws WipeTokenException
* @throws ExpiredTokenException
*/
public function markTokenForWipe(int $id): bool {
$token = $this->tokenProvider->getTokenById($id);
if (!($token instanceof IWipeableToken)) {
public function markTokenForWipe(IToken $token): bool {
if (!$token instanceof IWipeableToken) {
return false;
}

View File

@ -67,30 +67,20 @@ class RemoteWipeTest extends TestCase {
public function testMarkNonWipableTokenForWipe(): void {
$token = $this->createMock(IToken::class);
$this->tokenProvider->expects($this->once())
->method('getTokenById')
->with(123)
->willReturn($token);
$result = $this->remoteWipe->markTokenForWipe(123);
$result = $this->remoteWipe->markTokenForWipe($token);
$this->assertFalse($result);
}
public function testMarkTokenForWipe(): void {
$token = $this->createMock(IWipeableToken::class);
$this->tokenProvider->expects($this->once())
->method('getTokenById')
->with(123)
->willReturn($token);
$token->expects($this->once())
->method('wipe');
$this->tokenProvider->expects($this->once())
->method('updateToken')
->with($token);
$result = $this->remoteWipe->markTokenForWipe(123);
$result = $this->remoteWipe->markTokenForWipe($token);
$this->assertTrue($result);
}