mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Check the user on remote wipe 

Signed-off-by: Joas Schilling <coding@schilljs.com>
This commit is contained in:
Joas Schilling 2020-03-16 08:52:46 +01:00
parent f85747f74c
commit 9935c71ec3
No known key found for this signature in database
GPG Key ID: 7076EA9751AACDDA
4 changed files with 44 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
apps/settings/lib/Controller/AuthSettingsController.php
View File

@ -289,7 +289,13 @@ class AuthSettingsController extends Controller {
* @throws \OC\Authentication\Exceptions\ExpiredTokenException * @throws \OC\Authentication\Exceptions\ExpiredTokenException
*/ */
public function wipe(int $id): JSONResponse { public function wipe(int $id): JSONResponse {
if (!$this->remoteWipe->markTokenForWipe($id)) { try {
$token = $this->findTokenByIdAndUser($id);
} catch (InvalidTokenException $e) {
return new JSONResponse([], Http::STATUS_NOT_FOUND);
}
if (!$this->remoteWipe->markTokenForWipe($token)) {
return new JSONResponse([], Http::STATUS_BAD_REQUEST); return new JSONResponse([], Http::STATUS_BAD_REQUEST);
} }

33
apps/settings/tests/Controller/AuthSettingsControllerTest.php
View File

@ -36,6 +36,7 @@ use OC\Authentication\Exceptions\InvalidTokenException;
use OC\Authentication\Token\DefaultToken; use OC\Authentication\Token\DefaultToken;
use OC\Authentication\Token\IProvider; use OC\Authentication\Token\IProvider;
use OC\Authentication\Token\IToken; use OC\Authentication\Token\IToken;
use OC\Authentication\Token\IWipeableToken;
use OC\Authentication\Token\RemoteWipe; use OC\Authentication\Token\RemoteWipe;
use OCA\Settings\Controller\AuthSettingsController; use OCA\Settings\Controller\AuthSettingsController;
use OCP\Activity\IEvent; use OCP\Activity\IEvent;
@ -428,9 +429,15 @@ class AuthSettingsControllerTest extends TestCase {
} }
public function testRemoteWipeNotSuccessful(): void { public function testRemoteWipeNotSuccessful(): void {
$token = $this->createMock(IToken::class);
$token->expects($this->once())
->method('getUID')
->willReturn($this->uid);
$this->mockGetTokenById(123, $token);
$this->remoteWipe->expects($this->once()) $this->remoteWipe->expects($this->once())
->method('markTokenForWipe') ->method('markTokenForWipe')
->with(123) ->with($token)
->willReturn(false); ->willReturn(false);
$response = $this->controller->wipe(123); $response = $this->controller->wipe(123);
@ -439,10 +446,32 @@ class AuthSettingsControllerTest extends TestCase {
$this->assertEquals($expected, $response); $this->assertEquals($expected, $response);
} }
public function testRemoteWipeWrongUser(): void {
$token = $this->createMock(IToken::class);
$token->expects($this->once())
->method('getUID')
->willReturn('definetly-not-' . $this->uid);
$this->mockGetTokenById(123, $token);
$this->remoteWipe->expects($this->never())
->method('markTokenForWipe');
$response = $this->controller->wipe(123);
$expected = new JSONResponse([], Http::STATUS_NOT_FOUND);
$this->assertEquals($expected, $response);
}
public function testRemoteWipeSuccessful(): void { public function testRemoteWipeSuccessful(): void {
$token = $this->createMock(IWipeableToken::class);
$token->expects($this->once())
->method('getUID')
->willReturn($this->uid);
$this->mockGetTokenById(123, $token);
$this->remoteWipe->expects($this->once()) $this->remoteWipe->expects($this->once())
->method('markTokenForWipe') ->method('markTokenForWipe')
->with(123) ->with($token)
->willReturn(true); ->willReturn(true);
$response = $this->controller->wipe(123); $response = $this->controller->wipe(123);

10
lib/private/Authentication/Token/RemoteWipe.php
View File

@ -57,18 +57,14 @@ class RemoteWipe {
} }
/** /**
* @param int $id * @param IToken $token
*
* @return bool * @return bool
* *
* @throws InvalidTokenException * @throws InvalidTokenException
* @throws WipeTokenException * @throws WipeTokenException
* @throws ExpiredTokenException
*/ */
public function markTokenForWipe(int $id): bool { public function markTokenForWipe(IToken $token): bool {
$token = $this->tokenProvider->getTokenById($id); if (!$token instanceof IWipeableToken) {
if (!($token instanceof IWipeableToken)) {
return false; return false;
} }

16
tests/lib/Authentication/Token/RemoteWipeTest.php
View File

@ -67,30 +67,20 @@ class RemoteWipeTest extends TestCase {
public function testMarkNonWipableTokenForWipe(): void { public function testMarkNonWipableTokenForWipe(): void {
$token = $this->createMock(IToken::class); $token = $this->createMock(IToken::class);
$this->tokenProvider->expects($this->once()) $result = $this->remoteWipe->markTokenForWipe($token);
->method('getTokenById')
->with(123)
->willReturn($token);
$result = $this->remoteWipe->markTokenForWipe(123);
$this->assertFalse($result); $this->assertFalse($result);
} }
public function testMarkTokenForWipe(): void { public function testMarkTokenForWipe(): void {
$token = $this->createMock(IWipeableToken::class); $token = $this->createMock(IWipeableToken::class);
$this->tokenProvider->expects($this->once())
->method('getTokenById')
->with(123)
->willReturn($token);
$token->expects($this->once()) $token->expects($this->once())
->method('wipe'); ->method('wipe');
$this->tokenProvider->expects($this->once()) $this->tokenProvider->expects($this->once())
->method('updateToken') ->method('updateToken')
->with($token); ->with($token);
$result = $this->remoteWipe->markTokenForWipe(123); $result = $this->remoteWipe->markTokenForWipe($token);
$this->assertTrue($result); $this->assertTrue($result);
} }