Properly catch InvalidTokenException for better error response

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
This commit is contained in:
Morris Jobke 2018-01-09 11:41:08 +01:00
parent a0499e0258
commit 9cda3206ff
No known key found for this signature in database
GPG Key ID: FE03C3A163FEDE68
2 changed files with 50 additions and 2 deletions

View File

@ -197,10 +197,18 @@ class AuthSettingsController extends Controller {
* *
* @param int $id * @param int $id
* @param array $scope * @param array $scope
* @return array * @return array|JSONResponse
*/ */
public function update($id, array $scope) { public function update($id, array $scope) {
$token = $this->tokenProvider->getTokenById((string)$id); try {
$token = $this->tokenProvider->getTokenById((string)$id);
if ($token->getUID() !== $this->uid) {
throw new InvalidTokenException('User mismatch');
}
} catch (InvalidTokenException $e) {
return new JSONResponse([], Http::STATUS_NOT_FOUND);
}
$token->setScope([ $token->setScope([
'filesystem' => $scope['filesystem'] 'filesystem' => $scope['filesystem']
]); ]);

View File

@ -211,6 +211,10 @@ class AuthSettingsControllerTest extends TestCase {
->with($this->equalTo(42)) ->with($this->equalTo(42))
->willReturn($token); ->willReturn($token);
$token->expects($this->once())
->method('getUID')
->willReturn('jane');
$token->expects($this->once()) $token->expects($this->once())
->method('setScope') ->method('setScope')
->with($this->equalTo([ ->with($this->equalTo([
@ -224,4 +228,40 @@ class AuthSettingsControllerTest extends TestCase {
$this->assertSame([], $this->controller->update(42, ['filesystem' => true])); $this->assertSame([], $this->controller->update(42, ['filesystem' => true]));
} }
public function testUpdateTokenWrongUser() {
$token = $this->createMock(DefaultToken::class);
$this->tokenProvider->expects($this->once())
->method('getTokenById')
->with($this->equalTo(42))
->willReturn($token);
$token->expects($this->once())
->method('getUID')
->willReturn('foobar');
$token->expects($this->never())
->method('setScope');
$this->tokenProvider->expects($this->never())
->method('updateToken');
$response = $this->controller->update(42, ['filesystem' => true]);
$this->assertSame([], $response->getData());
$this->assertSame(\OCP\AppFramework\Http::STATUS_NOT_FOUND, $response->getStatus());
}
public function testUpdateTokenNonExisting() {
$this->tokenProvider->expects($this->once())
->method('getTokenById')
->with($this->equalTo(42))
->willThrowException(new InvalidTokenException('Token does not exist'));
$this->tokenProvider->expects($this->never())
->method('updateToken');
$response = $this->controller->update(42, ['filesystem' => true]);
$this->assertSame([], $response->getData());
$this->assertSame(\OCP\AppFramework\Http::STATUS_NOT_FOUND, $response->getStatus());
}
} }