Properly catch InvalidTokenException for better error response

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
This commit is contained in:
Morris Jobke 2018-01-09 11:41:08 +01:00
parent ab070daeb7
commit b8322c3aee
No known key found for this signature in database
GPG Key ID: FE03C3A163FEDE68
2 changed files with 50 additions and 1 deletions

View File

@ -190,9 +190,18 @@ class AuthSettingsController extends Controller {
*
* @param int $id
* @param array $scope
* @return array|JSONResponse
*/
public function update($id, array $scope) {
$token = $this->tokenProvider->getTokenById($id);
try {
$token = $this->tokenProvider->getTokenById((string)$id);
if ($token->getUID() !== $this->uid) {
throw new InvalidTokenException('User mismatch');
}
} catch (InvalidTokenException $e) {
return new JSONResponse([], Http::STATUS_NOT_FOUND);
}
$token->setScope([
'filesystem' => $scope['filesystem']
]);

View File

@ -211,6 +211,10 @@ class AuthSettingsControllerTest extends TestCase {
->with($this->equalTo(42))
->willReturn($token);
$token->expects($this->once())
->method('getUID')
->willReturn('jane');
$token->expects($this->once())
->method('setScope')
->with($this->equalTo([
@ -224,4 +228,40 @@ class AuthSettingsControllerTest extends TestCase {
$this->assertSame([], $this->controller->update(42, ['filesystem' => true]));
}
public function testUpdateTokenWrongUser() {
$token = $this->createMock(DefaultToken::class);
$this->tokenProvider->expects($this->once())
->method('getTokenById')
->with($this->equalTo(42))
->willReturn($token);
$token->expects($this->once())
->method('getUID')
->willReturn('foobar');
$token->expects($this->never())
->method('setScope');
$this->tokenProvider->expects($this->never())
->method('updateToken');
$response = $this->controller->update(42, ['filesystem' => true]);
$this->assertSame([], $response->getData());
$this->assertSame(\OCP\AppFramework\Http::STATUS_NOT_FOUND, $response->getStatus());
}
public function testUpdateTokenNonExisting() {
$this->tokenProvider->expects($this->once())
->method('getTokenById')
->with($this->equalTo(42))
->willThrowException(new InvalidTokenException('Token does not exist'));
$this->tokenProvider->expects($this->never())
->method('updateToken');
$response = $this->controller->update(42, ['filesystem' => true]);
$this->assertSame([], $response->getData());
$this->assertSame(\OCP\AppFramework\Http::STATUS_NOT_FOUND, $response->getStatus());
}
}