Properly catch InvalidTokenException for better error response
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
This commit is contained in:
parent
ab070daeb7
commit
b8322c3aee
|
@ -190,9 +190,18 @@ class AuthSettingsController extends Controller {
|
|||
*
|
||||
* @param int $id
|
||||
* @param array $scope
|
||||
* @return array|JSONResponse
|
||||
*/
|
||||
public function update($id, array $scope) {
|
||||
$token = $this->tokenProvider->getTokenById($id);
|
||||
try {
|
||||
$token = $this->tokenProvider->getTokenById((string)$id);
|
||||
if ($token->getUID() !== $this->uid) {
|
||||
throw new InvalidTokenException('User mismatch');
|
||||
}
|
||||
} catch (InvalidTokenException $e) {
|
||||
return new JSONResponse([], Http::STATUS_NOT_FOUND);
|
||||
}
|
||||
|
||||
$token->setScope([
|
||||
'filesystem' => $scope['filesystem']
|
||||
]);
|
||||
|
|
|
@ -211,6 +211,10 @@ class AuthSettingsControllerTest extends TestCase {
|
|||
->with($this->equalTo(42))
|
||||
->willReturn($token);
|
||||
|
||||
$token->expects($this->once())
|
||||
->method('getUID')
|
||||
->willReturn('jane');
|
||||
|
||||
$token->expects($this->once())
|
||||
->method('setScope')
|
||||
->with($this->equalTo([
|
||||
|
@ -224,4 +228,40 @@ class AuthSettingsControllerTest extends TestCase {
|
|||
$this->assertSame([], $this->controller->update(42, ['filesystem' => true]));
|
||||
}
|
||||
|
||||
public function testUpdateTokenWrongUser() {
|
||||
$token = $this->createMock(DefaultToken::class);
|
||||
|
||||
$this->tokenProvider->expects($this->once())
|
||||
->method('getTokenById')
|
||||
->with($this->equalTo(42))
|
||||
->willReturn($token);
|
||||
|
||||
$token->expects($this->once())
|
||||
->method('getUID')
|
||||
->willReturn('foobar');
|
||||
|
||||
$token->expects($this->never())
|
||||
->method('setScope');
|
||||
$this->tokenProvider->expects($this->never())
|
||||
->method('updateToken');
|
||||
|
||||
$response = $this->controller->update(42, ['filesystem' => true]);
|
||||
$this->assertSame([], $response->getData());
|
||||
$this->assertSame(\OCP\AppFramework\Http::STATUS_NOT_FOUND, $response->getStatus());
|
||||
}
|
||||
|
||||
public function testUpdateTokenNonExisting() {
|
||||
$this->tokenProvider->expects($this->once())
|
||||
->method('getTokenById')
|
||||
->with($this->equalTo(42))
|
||||
->willThrowException(new InvalidTokenException('Token does not exist'));
|
||||
|
||||
$this->tokenProvider->expects($this->never())
|
||||
->method('updateToken');
|
||||
|
||||
$response = $this->controller->update(42, ['filesystem' => true]);
|
||||
$this->assertSame([], $response->getData());
|
||||
$this->assertSame(\OCP\AppFramework\Http::STATUS_NOT_FOUND, $response->getStatus());
|
||||
}
|
||||
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue