Properly catch InvalidTokenException for better error response
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
This commit is contained in:
parent
a0499e0258
commit
9cda3206ff
|
@ -197,10 +197,18 @@ class AuthSettingsController extends Controller {
|
||||||
*
|
*
|
||||||
* @param int $id
|
* @param int $id
|
||||||
* @param array $scope
|
* @param array $scope
|
||||||
* @return array
|
* @return array|JSONResponse
|
||||||
*/
|
*/
|
||||||
public function update($id, array $scope) {
|
public function update($id, array $scope) {
|
||||||
$token = $this->tokenProvider->getTokenById((string)$id);
|
try {
|
||||||
|
$token = $this->tokenProvider->getTokenById((string)$id);
|
||||||
|
if ($token->getUID() !== $this->uid) {
|
||||||
|
throw new InvalidTokenException('User mismatch');
|
||||||
|
}
|
||||||
|
} catch (InvalidTokenException $e) {
|
||||||
|
return new JSONResponse([], Http::STATUS_NOT_FOUND);
|
||||||
|
}
|
||||||
|
|
||||||
$token->setScope([
|
$token->setScope([
|
||||||
'filesystem' => $scope['filesystem']
|
'filesystem' => $scope['filesystem']
|
||||||
]);
|
]);
|
||||||
|
|
|
@ -211,6 +211,10 @@ class AuthSettingsControllerTest extends TestCase {
|
||||||
->with($this->equalTo(42))
|
->with($this->equalTo(42))
|
||||||
->willReturn($token);
|
->willReturn($token);
|
||||||
|
|
||||||
|
$token->expects($this->once())
|
||||||
|
->method('getUID')
|
||||||
|
->willReturn('jane');
|
||||||
|
|
||||||
$token->expects($this->once())
|
$token->expects($this->once())
|
||||||
->method('setScope')
|
->method('setScope')
|
||||||
->with($this->equalTo([
|
->with($this->equalTo([
|
||||||
|
@ -224,4 +228,40 @@ class AuthSettingsControllerTest extends TestCase {
|
||||||
$this->assertSame([], $this->controller->update(42, ['filesystem' => true]));
|
$this->assertSame([], $this->controller->update(42, ['filesystem' => true]));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function testUpdateTokenWrongUser() {
|
||||||
|
$token = $this->createMock(DefaultToken::class);
|
||||||
|
|
||||||
|
$this->tokenProvider->expects($this->once())
|
||||||
|
->method('getTokenById')
|
||||||
|
->with($this->equalTo(42))
|
||||||
|
->willReturn($token);
|
||||||
|
|
||||||
|
$token->expects($this->once())
|
||||||
|
->method('getUID')
|
||||||
|
->willReturn('foobar');
|
||||||
|
|
||||||
|
$token->expects($this->never())
|
||||||
|
->method('setScope');
|
||||||
|
$this->tokenProvider->expects($this->never())
|
||||||
|
->method('updateToken');
|
||||||
|
|
||||||
|
$response = $this->controller->update(42, ['filesystem' => true]);
|
||||||
|
$this->assertSame([], $response->getData());
|
||||||
|
$this->assertSame(\OCP\AppFramework\Http::STATUS_NOT_FOUND, $response->getStatus());
|
||||||
|
}
|
||||||
|
|
||||||
|
public function testUpdateTokenNonExisting() {
|
||||||
|
$this->tokenProvider->expects($this->once())
|
||||||
|
->method('getTokenById')
|
||||||
|
->with($this->equalTo(42))
|
||||||
|
->willThrowException(new InvalidTokenException('Token does not exist'));
|
||||||
|
|
||||||
|
$this->tokenProvider->expects($this->never())
|
||||||
|
->method('updateToken');
|
||||||
|
|
||||||
|
$response = $this->controller->update(42, ['filesystem' => true]);
|
||||||
|
$this->assertSame([], $response->getData());
|
||||||
|
$this->assertSame(\OCP\AppFramework\Http::STATUS_NOT_FOUND, $response->getStatus());
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue