Merge pull request #17416 from nextcloud/backport/17397/stable16
[stable16] Fix updating and deleting authtokens
This commit is contained in:
Roeland Jago Douma
GitHub
commit
ba25fe84e0
|
|
@ -30,6 +30,7 @@ namespace OC\Settings\Controller;
|
|||
use BadMethodCallException;
|
||||
use OC\AppFramework\Http;
|
||||
use OC\Authentication\Exceptions\InvalidTokenException;
|
||||
use OC\Authentication\Exceptions\ExpiredTokenException;
|
||||
use OC\Authentication\Exceptions\PasswordlessTokenException;
|
||||
use OC\Authentication\Token\INamedToken;
|
||||
use OC\Authentication\Token\IProvider;
|
||||
|
|
@ -237,10 +238,13 @@ class AuthSettingsController extends Controller {
|
|||
* @param int $id
|
||||
* @return IToken
|
||||
* @throws InvalidTokenException
|
||||
* @throws \OC\Authentication\Exceptions\ExpiredTokenException
|
||||
*/
|
||||
private function findTokenByIdAndUser(int $id): IToken {
|
||||
try {
|
||||
$token = $this->tokenProvider->getTokenById($id);
|
||||
} catch (ExpiredTokenException $e) {
|
||||
$token = $e->getToken();
|
||||
}
|
||||
if ($token->getUID() !== $this->uid) {
|
||||
throw new InvalidTokenException('This token does not belong to you!');
|
||||
}
|
||||
|
|
|
|||
|
|
@ -23,6 +23,7 @@ namespace Test\Settings\Controller;
|
|||
|
||||
use OC\AppFramework\Http;
|
||||
use OC\Authentication\Exceptions\InvalidTokenException;
|
||||
use OC\Authentication\Exceptions\ExpiredTokenException;
|
||||
use OC\Authentication\Token\DefaultToken;
|
||||
use OC\Authentication\Token\IProvider;
|
||||
use OC\Authentication\Token\IToken;
|
||||
|
|
@ -177,6 +178,30 @@ class AuthSettingsControllerTest extends TestCase {
|
|||
$this->assertEquals([], $this->controller->destroy($tokenId));
|
||||
}
|
||||
|
||||
public function testDestroyExpired() {
|
||||
$tokenId = 124;
|
||||
$token = $this->createMock(DefaultToken::class);
|
||||
|
||||
$token->expects($this->exactly(2))
|
||||
->method('getId')
|
||||
->willReturn($tokenId);
|
||||
|
||||
$token->expects($this->once())
|
||||
->method('getUID')
|
||||
->willReturn($this->uid);
|
||||
|
||||
$this->tokenProvider->expects($this->once())
|
||||
->method('getTokenById')
|
||||
->with($this->equalTo($tokenId))
|
||||
->willThrowException(new ExpiredTokenException($token));
|
||||
|
||||
$this->tokenProvider->expects($this->once())
|
||||
->method('invalidateTokenById')
|
||||
->with($this->uid, $tokenId);
|
||||
|
||||
$this->assertSame([], $this->controller->destroy($tokenId));
|
||||
}
|
||||
|
||||
public function testDestroyWrongUser() {
|
||||
$tokenId = 124;
|
||||
$token = $this->createMock(DefaultToken::class);
|
||||
|
|
@ -307,6 +332,26 @@ class AuthSettingsControllerTest extends TestCase {
|
|||
$this->assertSame([], $this->controller->update($tokenId, ['filesystem' => true], 'App password'));
|
||||
}
|
||||
|
||||
public function testUpdateExpired() {
|
||||
$tokenId = 42;
|
||||
$token = $this->createMock(DefaultToken::class);
|
||||
|
||||
$token->expects($this->once())
|
||||
->method('getUID')
|
||||
->willReturn($this->uid);
|
||||
|
||||
$this->tokenProvider->expects($this->once())
|
||||
->method('getTokenById')
|
||||
->with($this->equalTo($tokenId))
|
||||
->willThrowException(new ExpiredTokenException($token));
|
||||
|
||||
$this->tokenProvider->expects($this->once())
|
||||
->method('updateToken')
|
||||
->with($this->equalTo($token));
|
||||
|
||||
$this->assertSame([], $this->controller->update($tokenId, ['filesystem' => true], 'App password'));
|
||||
}
|
||||
|
||||
public function testUpdateTokenWrongUser() {
|
||||
$tokenId = 42;
|
||||
$token = $this->createMock(DefaultToken::class);
|
||||
|
|
|
|||
Loading…
Reference in New Issue