Move to dedicated MiddleWare
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
This commit is contained in:
parent
a05471eb43
commit
a1ae5275f9
|
@ -40,6 +40,7 @@ use OC\AppFramework\Http\Output;
|
|||
use OC\AppFramework\Middleware\MiddlewareDispatcher;
|
||||
use OC\AppFramework\Middleware\Security\CORSMiddleware;
|
||||
use OC\AppFramework\Middleware\OCSMiddleware;
|
||||
use OC\AppFramework\Middleware\Security\RateLimitingMiddleware;
|
||||
use OC\AppFramework\Middleware\Security\SecurityMiddleware;
|
||||
use OC\AppFramework\Middleware\SessionMiddleware;
|
||||
use OC\AppFramework\Utility\SimpleContainer;
|
||||
|
@ -219,17 +220,28 @@ class DIContainer extends SimpleContainer implements IAppContainer {
|
|||
$server->getLogger(),
|
||||
$server->getSession(),
|
||||
$c['AppName'],
|
||||
$server->getUserSession(),
|
||||
$app->isLoggedIn(),
|
||||
$app->isAdminUser(),
|
||||
$server->getContentSecurityPolicyManager(),
|
||||
$server->getCsrfTokenManager(),
|
||||
$server->getContentSecurityPolicyNonceManager(),
|
||||
$server->getBruteForceThrottler(),
|
||||
$c->query(OC\Security\RateLimiting\Limiter::class)
|
||||
$server->getBruteForceThrottler()
|
||||
);
|
||||
|
||||
});
|
||||
|
||||
$this->registerService('RateLimitingMiddleware', function($c) use ($app) {
|
||||
/** @var \OC\Server $server */
|
||||
$server = $app->getServer();
|
||||
|
||||
return new RateLimitingMiddleware(
|
||||
$server->getRequest(),
|
||||
$server->getUserSession(),
|
||||
$c['ControllerMethodReflector'],
|
||||
$c->query(OC\Security\RateLimiting\Limiter::class)
|
||||
);
|
||||
});
|
||||
|
||||
$this->registerService('CORSMiddleware', function($c) {
|
||||
return new CORSMiddleware(
|
||||
$c['Request'],
|
||||
|
@ -270,6 +282,7 @@ class DIContainer extends SimpleContainer implements IAppContainer {
|
|||
$dispatcher->registerMiddleware($c['OCSMiddleware']);
|
||||
$dispatcher->registerMiddleware($c['SecurityMiddleware']);
|
||||
$dispatcher->registerMiddleWare($c['TwoFactorMiddleware']);
|
||||
$dispatcher->registerMiddleware($c['RateLimitingMiddleware']);
|
||||
|
||||
foreach($middleWares as $middleWare) {
|
||||
$dispatcher->registerMiddleware($c[$middleWare]);
|
||||
|
|
|
@ -0,0 +1,134 @@
|
|||
<?php
|
||||
/**
|
||||
* @copyright Copyright (c) 2017 Lukas Reschke <lukas@statuscode.ch>
|
||||
*
|
||||
* @license GNU AGPL version 3 or any later version
|
||||
*
|
||||
* This program is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU Affero General Public License as
|
||||
* published by the Free Software Foundation, either version 3 of the
|
||||
* License, or (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU Affero General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Affero General Public License
|
||||
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*
|
||||
*/
|
||||
|
||||
namespace OC\AppFramework\Middleware\Security;
|
||||
|
||||
use OC\AppFramework\Utility\ControllerMethodReflector;
|
||||
use OC\Security\RateLimiting\Exception\RateLimitExceededException;
|
||||
use OC\Security\RateLimiting\Limiter;
|
||||
use OCP\AppFramework\Http\JSONResponse;
|
||||
use OCP\AppFramework\Http\Response;
|
||||
use OCP\AppFramework\Http\TemplateResponse;
|
||||
use OCP\AppFramework\Middleware;
|
||||
use OCP\IRequest;
|
||||
use OCP\IUserSession;
|
||||
|
||||
/**
|
||||
* Class RateLimitingMiddleware is the middleware responsible for implementing the
|
||||
* ratelimiting in Nextcloud.
|
||||
*
|
||||
* It parses annotations such as:
|
||||
*
|
||||
* @UserRateThrottle(limit=5, period=100)
|
||||
* @AnonRateThrottle(limit=1, period=100)
|
||||
*
|
||||
* Those annotations above would mean that logged-in users can access the page 5
|
||||
* times within 100 seconds, and anonymous users 1 time within 100 seconds. If
|
||||
* only an AnonRateThrottle is specified that one will also be applied to logged-in
|
||||
* users.
|
||||
*
|
||||
* @package OC\AppFramework\Middleware\Security
|
||||
*/
|
||||
class RateLimitingMiddleware extends Middleware {
|
||||
/** @var IRequest $request */
|
||||
private $request;
|
||||
/** @var IUserSession */
|
||||
private $userSession;
|
||||
/** @var ControllerMethodReflector */
|
||||
private $reflector;
|
||||
/** @var Limiter */
|
||||
private $limiter;
|
||||
|
||||
/**
|
||||
* @param IRequest $request
|
||||
* @param IUserSession $userSession
|
||||
* @param ControllerMethodReflector $reflector
|
||||
* @param Limiter $limiter
|
||||
*/
|
||||
public function __construct(IRequest $request,
|
||||
IUserSession $userSession,
|
||||
ControllerMethodReflector $reflector,
|
||||
Limiter $limiter) {
|
||||
$this->request = $request;
|
||||
$this->userSession = $userSession;
|
||||
$this->reflector = $reflector;
|
||||
$this->limiter = $limiter;
|
||||
}
|
||||
|
||||
/**
|
||||
* {@inheritDoc}
|
||||
* @throws RateLimitExceededException
|
||||
*/
|
||||
public function beforeController($controller, $methodName) {
|
||||
parent::beforeController($controller, $methodName);
|
||||
|
||||
$anonLimit = $this->reflector->getAnnotationParameter('AnonRateThrottle', 'limit');
|
||||
$anonPeriod = $this->reflector->getAnnotationParameter('AnonRateThrottle', 'period');
|
||||
$userLimit = $this->reflector->getAnnotationParameter('UserRateThrottle', 'limit');
|
||||
$userPeriod = $this->reflector->getAnnotationParameter('UserRateThrottle', 'period');
|
||||
$rateLimitIdentifier = get_class($controller) . '::' . $methodName;
|
||||
if($userLimit !== '' && $userPeriod !== '' && $this->userSession->isLoggedIn()) {
|
||||
$this->limiter->registerUserRequest(
|
||||
$rateLimitIdentifier,
|
||||
$userLimit,
|
||||
$userPeriod,
|
||||
$this->userSession->getUser()
|
||||
);
|
||||
} elseif ($anonLimit !== '' && $anonPeriod !== '') {
|
||||
$this->limiter->registerAnonRequest(
|
||||
$rateLimitIdentifier,
|
||||
$anonLimit,
|
||||
$anonPeriod,
|
||||
$this->request->getRemoteAddress()
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* {@inheritDoc}
|
||||
*/
|
||||
public function afterException($controller, $methodName, \Exception $exception) {
|
||||
if($exception instanceof RateLimitExceededException) {
|
||||
if (stripos($this->request->getHeader('Accept'),'html') === false) {
|
||||
$response = new JSONResponse(
|
||||
[
|
||||
'message' => $exception->getMessage(),
|
||||
],
|
||||
$exception->getCode()
|
||||
);
|
||||
} else {
|
||||
$response = new TemplateResponse(
|
||||
'core',
|
||||
'403',
|
||||
[
|
||||
'file' => $exception->getMessage()
|
||||
],
|
||||
'guest'
|
||||
);
|
||||
$response->setStatus($exception->getCode());
|
||||
}
|
||||
|
||||
return $response;
|
||||
}
|
||||
|
||||
throw $exception;
|
||||
}
|
||||
}
|
|
@ -26,6 +26,7 @@
|
|||
*
|
||||
*/
|
||||
|
||||
|
||||
namespace OC\AppFramework\Middleware\Security;
|
||||
|
||||
use OC\AppFramework\Middleware\Security\Exceptions\AppNotEnabledException;
|
||||
|
@ -39,7 +40,6 @@ use OC\Security\Bruteforce\Throttler;
|
|||
use OC\Security\CSP\ContentSecurityPolicyManager;
|
||||
use OC\Security\CSP\ContentSecurityPolicyNonceManager;
|
||||
use OC\Security\CSRF\CsrfTokenManager;
|
||||
use OC\Security\RateLimiting\Limiter;
|
||||
use OCP\AppFramework\Http\ContentSecurityPolicy;
|
||||
use OCP\AppFramework\Http\EmptyContentSecurityPolicy;
|
||||
use OCP\AppFramework\Http\RedirectResponse;
|
||||
|
@ -54,7 +54,6 @@ use OCP\IURLGenerator;
|
|||
use OCP\IRequest;
|
||||
use OCP\ILogger;
|
||||
use OCP\AppFramework\Controller;
|
||||
use OCP\IUserSession;
|
||||
use OCP\Util;
|
||||
use OC\AppFramework\Middleware\Security\Exceptions\SecurityException;
|
||||
|
||||
|
@ -79,8 +78,8 @@ class SecurityMiddleware extends Middleware {
|
|||
private $logger;
|
||||
/** @var ISession */
|
||||
private $session;
|
||||
/** @var IUserSession */
|
||||
private $userSession;
|
||||
/** @var bool */
|
||||
private $isLoggedIn;
|
||||
/** @var bool */
|
||||
private $isAdminUser;
|
||||
/** @var ContentSecurityPolicyManager */
|
||||
|
@ -91,8 +90,6 @@ class SecurityMiddleware extends Middleware {
|
|||
private $cspNonceManager;
|
||||
/** @var Throttler */
|
||||
private $throttler;
|
||||
/** @var Limiter */
|
||||
private $limiter;
|
||||
|
||||
/**
|
||||
* @param IRequest $request
|
||||
|
@ -102,13 +99,12 @@ class SecurityMiddleware extends Middleware {
|
|||
* @param ILogger $logger
|
||||
* @param ISession $session
|
||||
* @param string $appName
|
||||
* @param IUserSession $userSession
|
||||
* @param bool $isLoggedIn
|
||||
* @param bool $isAdminUser
|
||||
* @param ContentSecurityPolicyManager $contentSecurityPolicyManager
|
||||
* @param CSRFTokenManager $csrfTokenManager
|
||||
* @param ContentSecurityPolicyNonceManager $cspNonceManager
|
||||
* @param Throttler $throttler
|
||||
* @param Limiter $limiter
|
||||
*/
|
||||
public function __construct(IRequest $request,
|
||||
ControllerMethodReflector $reflector,
|
||||
|
@ -117,13 +113,12 @@ class SecurityMiddleware extends Middleware {
|
|||
ILogger $logger,
|
||||
ISession $session,
|
||||
$appName,
|
||||
IUserSession $userSession,
|
||||
$isLoggedIn,
|
||||
$isAdminUser,
|
||||
ContentSecurityPolicyManager $contentSecurityPolicyManager,
|
||||
CsrfTokenManager $csrfTokenManager,
|
||||
ContentSecurityPolicyNonceManager $cspNonceManager,
|
||||
Throttler $throttler,
|
||||
Limiter $limiter) {
|
||||
Throttler $throttler) {
|
||||
$this->navigationManager = $navigationManager;
|
||||
$this->request = $request;
|
||||
$this->reflector = $reflector;
|
||||
|
@ -131,15 +126,15 @@ class SecurityMiddleware extends Middleware {
|
|||
$this->urlGenerator = $urlGenerator;
|
||||
$this->logger = $logger;
|
||||
$this->session = $session;
|
||||
$this->userSession = $userSession;
|
||||
$this->isLoggedIn = $isLoggedIn;
|
||||
$this->isAdminUser = $isAdminUser;
|
||||
$this->contentSecurityPolicyManager = $contentSecurityPolicyManager;
|
||||
$this->csrfTokenManager = $csrfTokenManager;
|
||||
$this->cspNonceManager = $cspNonceManager;
|
||||
$this->throttler = $throttler;
|
||||
$this->limiter = $limiter;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* This runs all the security checks before a method call. The
|
||||
* security checks are determined by inspecting the controller method
|
||||
|
@ -157,7 +152,7 @@ class SecurityMiddleware extends Middleware {
|
|||
// security checks
|
||||
$isPublicPage = $this->reflector->hasAnnotation('PublicPage');
|
||||
if(!$isPublicPage) {
|
||||
if(!$this->userSession->isLoggedIn()) {
|
||||
if(!$this->isLoggedIn) {
|
||||
throw new NotLoggedInException();
|
||||
}
|
||||
|
||||
|
@ -196,27 +191,6 @@ class SecurityMiddleware extends Middleware {
|
|||
}
|
||||
}
|
||||
|
||||
$anonLimit = $this->reflector->getAnnotationParameter('AnonRateThrottle', 'limit');
|
||||
$anonPeriod = $this->reflector->getAnnotationParameter('AnonRateThrottle', 'period');
|
||||
$userLimit = $this->reflector->getAnnotationParameter('UserRateThrottle', 'limit');
|
||||
$userPeriod = $this->reflector->getAnnotationParameter('UserRateThrottle', 'period');
|
||||
$rateLimitIdentifier = get_class($controller) . '::' . $methodName;
|
||||
if($userLimit !== '' && $userPeriod !== '' && $this->userSession->isLoggedIn()) {
|
||||
$this->limiter->registerUserRequest(
|
||||
$rateLimitIdentifier,
|
||||
$userLimit,
|
||||
$userPeriod,
|
||||
$this->userSession->getUser()
|
||||
);
|
||||
} elseif ($anonLimit !== '' && $anonPeriod !== '') {
|
||||
$this->limiter->registerAnonRequest(
|
||||
$rateLimitIdentifier,
|
||||
$anonLimit,
|
||||
$anonPeriod,
|
||||
$this->request->getRemoteAddress()
|
||||
);
|
||||
}
|
||||
|
||||
if($this->reflector->hasAnnotation('BruteForceProtection')) {
|
||||
$action = $this->reflector->getAnnotationParameter('BruteForceProtection', 'action');
|
||||
$this->throttler->sleepDelay($this->request->getRemoteAddress(), $action);
|
||||
|
@ -232,6 +206,7 @@ class SecurityMiddleware extends Middleware {
|
|||
if(\OC_App::getAppPath($this->appName) !== false && !\OC_App::isEnabled($this->appName)) {
|
||||
throw new AppNotEnabledException();
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
@ -0,0 +1,283 @@
|
|||
<?php
|
||||
/**
|
||||
* @copyright Copyright (c) 2017 Lukas Reschke <lukas@statuscode.ch>
|
||||
*
|
||||
* @license GNU AGPL version 3 or any later version
|
||||
*
|
||||
* This program is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU Affero General Public License as
|
||||
* published by the Free Software Foundation, either version 3 of the
|
||||
* License, or (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU Affero General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Affero General Public License
|
||||
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*
|
||||
*/
|
||||
|
||||
namespace Test\AppFramework\Middleware\Security;
|
||||
|
||||
use OC\AppFramework\Middleware\Security\RateLimitingMiddleware;
|
||||
use OC\AppFramework\Utility\ControllerMethodReflector;
|
||||
use OC\Security\RateLimiting\Exception\RateLimitExceededException;
|
||||
use OC\Security\RateLimiting\Limiter;
|
||||
use OCP\AppFramework\Controller;
|
||||
use OCP\AppFramework\Http\JSONResponse;
|
||||
use OCP\AppFramework\Http\TemplateResponse;
|
||||
use OCP\IRequest;
|
||||
use OCP\IUser;
|
||||
use OCP\IUserSession;
|
||||
use Test\TestCase;
|
||||
|
||||
class RateLimitingMiddlewareTest extends TestCase {
|
||||
/** @var IRequest|\PHPUnit_Framework_MockObject_MockObject */
|
||||
private $request;
|
||||
/** @var IUserSession|\PHPUnit_Framework_MockObject_MockObject */
|
||||
private $userSession;
|
||||
/** @var ControllerMethodReflector|\PHPUnit_Framework_MockObject_MockObject */
|
||||
private $reflector;
|
||||
/** @var Limiter|\PHPUnit_Framework_MockObject_MockObject */
|
||||
private $limiter;
|
||||
/** @var RateLimitingMiddleware */
|
||||
private $rateLimitingMiddleware;
|
||||
|
||||
public function setUp() {
|
||||
parent::setUp();
|
||||
|
||||
$this->request = $this->createMock(IRequest::class);
|
||||
$this->userSession = $this->createMock(IUserSession::class);
|
||||
$this->reflector = $this->createMock(ControllerMethodReflector::class);
|
||||
$this->limiter = $this->createMock(Limiter::class);
|
||||
|
||||
$this->rateLimitingMiddleware = new RateLimitingMiddleware(
|
||||
$this->request,
|
||||
$this->userSession,
|
||||
$this->reflector,
|
||||
$this->limiter
|
||||
);
|
||||
}
|
||||
|
||||
public function testBeforeControllerWithoutAnnotation() {
|
||||
$this->reflector
|
||||
->expects($this->at(0))
|
||||
->method('getAnnotationParameter')
|
||||
->with('AnonRateThrottle', 'limit')
|
||||
->willReturn('');
|
||||
$this->reflector
|
||||
->expects($this->at(1))
|
||||
->method('getAnnotationParameter')
|
||||
->with('AnonRateThrottle', 'period')
|
||||
->willReturn('');
|
||||
$this->reflector
|
||||
->expects($this->at(2))
|
||||
->method('getAnnotationParameter')
|
||||
->with('UserRateThrottle', 'limit')
|
||||
->willReturn('');
|
||||
$this->reflector
|
||||
->expects($this->at(3))
|
||||
->method('getAnnotationParameter')
|
||||
->with('UserRateThrottle', 'period')
|
||||
->willReturn('');
|
||||
|
||||
$this->limiter
|
||||
->expects($this->never())
|
||||
->method('registerUserRequest');
|
||||
$this->limiter
|
||||
->expects($this->never())
|
||||
->method('registerAnonRequest');
|
||||
|
||||
/** @var Controller|\PHPUnit_Framework_MockObject_MockObject $controller */
|
||||
$controller = $this->createMock(Controller::class);
|
||||
$this->rateLimitingMiddleware->beforeController($controller, 'testMethod');
|
||||
}
|
||||
|
||||
public function testBeforeControllerForAnon() {
|
||||
/** @var Controller|\PHPUnit_Framework_MockObject_MockObject $controller */
|
||||
$controller = $this->createMock(Controller::class);
|
||||
$this->request
|
||||
->expects($this->once())
|
||||
->method('getRemoteAddress')
|
||||
->willReturn('127.0.0.1');
|
||||
|
||||
$this->reflector
|
||||
->expects($this->at(0))
|
||||
->method('getAnnotationParameter')
|
||||
->with('AnonRateThrottle', 'limit')
|
||||
->willReturn('100');
|
||||
$this->reflector
|
||||
->expects($this->at(1))
|
||||
->method('getAnnotationParameter')
|
||||
->with('AnonRateThrottle', 'period')
|
||||
->willReturn('10');
|
||||
$this->reflector
|
||||
->expects($this->at(2))
|
||||
->method('getAnnotationParameter')
|
||||
->with('UserRateThrottle', 'limit')
|
||||
->willReturn('');
|
||||
$this->reflector
|
||||
->expects($this->at(3))
|
||||
->method('getAnnotationParameter')
|
||||
->with('UserRateThrottle', 'period')
|
||||
->willReturn('');
|
||||
|
||||
$this->limiter
|
||||
->expects($this->never())
|
||||
->method('registerUserRequest');
|
||||
$this->limiter
|
||||
->expects($this->once())
|
||||
->method('registerAnonRequest')
|
||||
->with(get_class($controller) . '::testMethod', '100', '10', '127.0.0.1');
|
||||
|
||||
|
||||
$this->rateLimitingMiddleware->beforeController($controller, 'testMethod');
|
||||
}
|
||||
|
||||
public function testBeforeControllerForLoggedIn() {
|
||||
/** @var Controller|\PHPUnit_Framework_MockObject_MockObject $controller */
|
||||
$controller = $this->createMock(Controller::class);
|
||||
/** @var IUser|\PHPUnit_Framework_MockObject_MockObject $user */
|
||||
$user = $this->createMock(IUser::class);
|
||||
|
||||
$this->userSession
|
||||
->expects($this->once())
|
||||
->method('isLoggedIn')
|
||||
->willReturn(true);
|
||||
$this->userSession
|
||||
->expects($this->once())
|
||||
->method('getUser')
|
||||
->willReturn($user);
|
||||
|
||||
$this->reflector
|
||||
->expects($this->at(0))
|
||||
->method('getAnnotationParameter')
|
||||
->with('AnonRateThrottle', 'limit')
|
||||
->willReturn('');
|
||||
$this->reflector
|
||||
->expects($this->at(1))
|
||||
->method('getAnnotationParameter')
|
||||
->with('AnonRateThrottle', 'period')
|
||||
->willReturn('');
|
||||
$this->reflector
|
||||
->expects($this->at(2))
|
||||
->method('getAnnotationParameter')
|
||||
->with('UserRateThrottle', 'limit')
|
||||
->willReturn('100');
|
||||
$this->reflector
|
||||
->expects($this->at(3))
|
||||
->method('getAnnotationParameter')
|
||||
->with('UserRateThrottle', 'period')
|
||||
->willReturn('10');
|
||||
|
||||
$this->limiter
|
||||
->expects($this->never())
|
||||
->method('registerAnonRequest');
|
||||
$this->limiter
|
||||
->expects($this->once())
|
||||
->method('registerUserRequest')
|
||||
->with(get_class($controller) . '::testMethod', '100', '10', $user);
|
||||
|
||||
|
||||
$this->rateLimitingMiddleware->beforeController($controller, 'testMethod');
|
||||
}
|
||||
|
||||
public function testBeforeControllerAnonWithFallback() {
|
||||
/** @var Controller|\PHPUnit_Framework_MockObject_MockObject $controller */
|
||||
$controller = $this->createMock(Controller::class);
|
||||
$this->request
|
||||
->expects($this->once())
|
||||
->method('getRemoteAddress')
|
||||
->willReturn('127.0.0.1');
|
||||
|
||||
$this->userSession
|
||||
->expects($this->once())
|
||||
->method('isLoggedIn')
|
||||
->willReturn(false);
|
||||
|
||||
$this->reflector
|
||||
->expects($this->at(0))
|
||||
->method('getAnnotationParameter')
|
||||
->with('AnonRateThrottle', 'limit')
|
||||
->willReturn('200');
|
||||
$this->reflector
|
||||
->expects($this->at(1))
|
||||
->method('getAnnotationParameter')
|
||||
->with('AnonRateThrottle', 'period')
|
||||
->willReturn('20');
|
||||
$this->reflector
|
||||
->expects($this->at(2))
|
||||
->method('getAnnotationParameter')
|
||||
->with('UserRateThrottle', 'limit')
|
||||
->willReturn('100');
|
||||
$this->reflector
|
||||
->expects($this->at(3))
|
||||
->method('getAnnotationParameter')
|
||||
->with('UserRateThrottle', 'period')
|
||||
->willReturn('10');
|
||||
|
||||
$this->limiter
|
||||
->expects($this->never())
|
||||
->method('registerUserRequest');
|
||||
$this->limiter
|
||||
->expects($this->once())
|
||||
->method('registerAnonRequest')
|
||||
->with(get_class($controller) . '::testMethod', '200', '20', '127.0.0.1');
|
||||
|
||||
$this->rateLimitingMiddleware->beforeController($controller, 'testMethod');
|
||||
}
|
||||
|
||||
/**
|
||||
* @expectedException \Exception
|
||||
* @expectedExceptionMessage My test exception
|
||||
*/
|
||||
public function testAfterExceptionWithOtherException() {
|
||||
/** @var Controller|\PHPUnit_Framework_MockObject_MockObject $controller */
|
||||
$controller = $this->createMock(Controller::class);
|
||||
|
||||
$this->rateLimitingMiddleware->afterException($controller, 'testMethod', new \Exception('My test exception'));
|
||||
}
|
||||
|
||||
public function testAfterExceptionWithJsonBody() {
|
||||
/** @var Controller|\PHPUnit_Framework_MockObject_MockObject $controller */
|
||||
$controller = $this->createMock(Controller::class);
|
||||
$this->request
|
||||
->expects($this->once())
|
||||
->method('getHeader')
|
||||
->with('Accept')
|
||||
->willReturn('JSON');
|
||||
|
||||
$result = $this->rateLimitingMiddleware->afterException($controller, 'testMethod', new RateLimitExceededException());
|
||||
$expected = new JSONResponse(
|
||||
[
|
||||
'message' => 'Rate limit exceeded',
|
||||
],
|
||||
429
|
||||
);
|
||||
$this->assertEquals($expected, $result);
|
||||
}
|
||||
|
||||
public function testAfterExceptionWithHtmlBody() {
|
||||
/** @var Controller|\PHPUnit_Framework_MockObject_MockObject $controller */
|
||||
$controller = $this->createMock(Controller::class);
|
||||
$this->request
|
||||
->expects($this->once())
|
||||
->method('getHeader')
|
||||
->with('Accept')
|
||||
->willReturn('html');
|
||||
|
||||
$result = $this->rateLimitingMiddleware->afterException($controller, 'testMethod', new RateLimitExceededException());
|
||||
$expected = new TemplateResponse(
|
||||
'core',
|
||||
'403',
|
||||
[
|
||||
'file' => 'Rate limit exceeded',
|
||||
],
|
||||
'guest'
|
||||
);
|
||||
$expected->setStatus(429);
|
||||
$this->assertEquals($expected, $result);
|
||||
}
|
||||
}
|
|
@ -40,7 +40,6 @@ use OC\Security\CSP\ContentSecurityPolicyManager;
|
|||
use OC\Security\CSP\ContentSecurityPolicyNonceManager;
|
||||
use OC\Security\CSRF\CsrfToken;
|
||||
use OC\Security\CSRF\CsrfTokenManager;
|
||||
use OC\Security\RateLimiting\Limiter;
|
||||
use OCP\AppFramework\Controller;
|
||||
use OCP\AppFramework\Http\EmptyContentSecurityPolicy;
|
||||
use OCP\AppFramework\Http\RedirectResponse;
|
||||
|
@ -53,7 +52,6 @@ use OCP\INavigationManager;
|
|||
use OCP\IRequest;
|
||||
use OCP\ISession;
|
||||
use OCP\IURLGenerator;
|
||||
use OCP\IUserSession;
|
||||
use OCP\Security\ISecureRandom;
|
||||
|
||||
|
||||
|
@ -85,10 +83,6 @@ class SecurityMiddlewareTest extends \Test\TestCase {
|
|||
private $csrfTokenManager;
|
||||
/** @var ContentSecurityPolicyNonceManager|\PHPUnit_Framework_MockObject_MockObject */
|
||||
private $cspNonceManager;
|
||||
/** @var IUserSession|\PHPUnit_Framework_MockObject_MockObject */
|
||||
private $userSession;
|
||||
/** @var Limiter|\PHPUnit_Framework_MockObject_MockObject */
|
||||
private $limiter;
|
||||
/** @var Throttler|\PHPUnit_Framework_MockObject_MockObject */
|
||||
private $bruteForceThrottler;
|
||||
|
||||
|
@ -99,8 +93,6 @@ class SecurityMiddlewareTest extends \Test\TestCase {
|
|||
$this->reader = new ControllerMethodReflector();
|
||||
$this->logger = $this->createMock(ILogger::class);
|
||||
$this->navigationManager = $this->createMock(INavigationManager::class);
|
||||
$this->userSession = $this->createMock(IUserSession::class);
|
||||
$this->limiter = $this->createMock(Limiter::class);
|
||||
$this->urlGenerator = $this->createMock(IURLGenerator::class);
|
||||
$this->session = $this->createMock(ISession::class);
|
||||
$this->request = $this->createMock(IRequest::class);
|
||||
|
@ -119,11 +111,6 @@ class SecurityMiddlewareTest extends \Test\TestCase {
|
|||
* @return SecurityMiddleware
|
||||
*/
|
||||
private function getMiddleware($isLoggedIn, $isAdminUser) {
|
||||
$this->userSession
|
||||
->expects($this->any())
|
||||
->method('isLoggedIn')
|
||||
->willReturn($isLoggedIn);
|
||||
|
||||
return new SecurityMiddleware(
|
||||
$this->request,
|
||||
$this->reader,
|
||||
|
@ -132,13 +119,12 @@ class SecurityMiddlewareTest extends \Test\TestCase {
|
|||
$this->logger,
|
||||
$this->session,
|
||||
'files',
|
||||
$this->userSession,
|
||||
$isLoggedIn,
|
||||
$isAdminUser,
|
||||
$this->contentSecurityPolicyManager,
|
||||
$this->csrfTokenManager,
|
||||
$this->cspNonceManager,
|
||||
$this->bruteForceThrottler,
|
||||
$this->limiter
|
||||
$this->bruteForceThrottler
|
||||
);
|
||||
}
|
||||
|
||||
|
@ -687,36 +673,14 @@ class SecurityMiddlewareTest extends \Test\TestCase {
|
|||
$this->logger,
|
||||
$this->session,
|
||||
'files',
|
||||
$this->userSession,
|
||||
false,
|
||||
false,
|
||||
$this->contentSecurityPolicyManager,
|
||||
$this->csrfTokenManager,
|
||||
$this->cspNonceManager,
|
||||
$this->bruteForceThrottler,
|
||||
$this->limiter
|
||||
$this->bruteForceThrottler
|
||||
);
|
||||
|
||||
$reader
|
||||
->expects($this->at(0))
|
||||
->method('getAnnotationParameter')
|
||||
->with('AnonRateThrottle', 'limit')
|
||||
->willReturn('');
|
||||
$reader
|
||||
->expects($this->at(1))
|
||||
->method('getAnnotationParameter')
|
||||
->with('AnonRateThrottle', 'period')
|
||||
->willReturn('');
|
||||
$reader
|
||||
->expects($this->at(2))
|
||||
->method('getAnnotationParameter')
|
||||
->with('UserRateThrottle', 'limit')
|
||||
->willReturn('');
|
||||
$reader
|
||||
->expects($this->at(3))
|
||||
->method('getAnnotationParameter')
|
||||
->with('UserRateThrottle', 'period')
|
||||
->willReturn('');
|
||||
|
||||
$reader->expects($this->any())->method('hasAnnotation')
|
||||
->willReturnCallback(
|
||||
function($annotation) use ($bruteForceProtectionEnabled) {
|
||||
|
|
Loading…
Reference in New Issue