mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Properly catch InvalidTokenException for better error response 

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
This commit is contained in:
Morris Jobke 2018-01-09 11:41:08 +01:00
parent ab070daeb7
commit b8322c3aee
No known key found for this signature in database
GPG Key ID: FE03C3A163FEDE68
2 changed files with 50 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
settings/Controller/AuthSettingsController.php
View File

@ -190,9 +190,18 @@ class AuthSettingsController extends Controller {
* *
* @param int $id * @param int $id
* @param array $scope * @param array $scope
* @return array|JSONResponse
*/ */
public function update($id, array $scope) { public function update($id, array $scope) {
$token = $this->tokenProvider->getTokenById($id); try {
$token = $this->tokenProvider->getTokenById((string)$id);
if ($token->getUID() !== $this->uid) {
throw new InvalidTokenException('User mismatch');
}
} catch (InvalidTokenException $e) {
return new JSONResponse([], Http::STATUS_NOT_FOUND);
}
$token->setScope([ $token->setScope([
'filesystem' => $scope['filesystem'] 'filesystem' => $scope['filesystem']
]); ]);

40
tests/Settings/Controller/AuthSettingsControllerTest.php
View File

@ -211,6 +211,10 @@ class AuthSettingsControllerTest extends TestCase {
->with($this->equalTo(42)) ->with($this->equalTo(42))
->willReturn($token); ->willReturn($token);
$token->expects($this->once())
->method('getUID')
->willReturn('jane');
$token->expects($this->once()) $token->expects($this->once())
->method('setScope') ->method('setScope')
->with($this->equalTo([ ->with($this->equalTo([
@ -224,4 +228,40 @@ class AuthSettingsControllerTest extends TestCase {
$this->assertSame([], $this->controller->update(42, ['filesystem' => true])); $this->assertSame([], $this->controller->update(42, ['filesystem' => true]));
} }
public function testUpdateTokenWrongUser() {
$token = $this->createMock(DefaultToken::class);
$this->tokenProvider->expects($this->once())
->method('getTokenById')
->with($this->equalTo(42))
->willReturn($token);
$token->expects($this->once())
->method('getUID')
->willReturn('foobar');
$token->expects($this->never())
->method('setScope');
$this->tokenProvider->expects($this->never())
->method('updateToken');
$response = $this->controller->update(42, ['filesystem' => true]);
$this->assertSame([], $response->getData());
$this->assertSame(\OCP\AppFramework\Http::STATUS_NOT_FOUND, $response->getStatus());
}
public function testUpdateTokenNonExisting() {
$this->tokenProvider->expects($this->once())
->method('getTokenById')
->with($this->equalTo(42))
->willThrowException(new InvalidTokenException('Token does not exist'));
$this->tokenProvider->expects($this->never())
->method('updateToken');
$response = $this->controller->update(42, ['filesystem' => true]);
$this->assertSame([], $response->getData());
$this->assertSame(\OCP\AppFramework\Http::STATUS_NOT_FOUND, $response->getStatus());
}
} }