From 521bb30541277f6f5e6d939bf75328a9ce8322a9 Mon Sep 17 00:00:00 2001 From: Joas Schilling Date: Thu, 15 Apr 2021 13:02:59 +0200 Subject: [PATCH 1/3] Throw "401 Unauthenticated" when authentication is provided but invalid E.g. with an AppToken that has been revoked Signed-off-by: Joas Schilling --- lib/private/User/Session.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lib/private/User/Session.php b/lib/private/User/Session.php index c33d79b83c..5e6501f904 100644 --- a/lib/private/User/Session.php +++ b/lib/private/User/Session.php @@ -599,6 +599,8 @@ class Session implements IUserSession, Emitter { return true; } + // If credentials were provided, they need to be valid, otherwise we do boom + throw new LoginException(); } catch (PasswordLoginForbiddenException $ex) { // Nothing to do } From 4ed296db9f452985bc129409147594a155c96818 Mon Sep 17 00:00:00 2001 From: Joas Schilling Date: Thu, 22 Apr 2021 15:36:34 +0200 Subject: [PATCH 2/3] Fix Authentication test Signed-off-by: Joas Schilling --- .../Authentication/TwoFactorAuth/ProviderLoaderTest.php | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/tests/lib/Authentication/TwoFactorAuth/ProviderLoaderTest.php b/tests/lib/Authentication/TwoFactorAuth/ProviderLoaderTest.php index 1b813b5f36..d9c565a3f6 100644 --- a/tests/lib/Authentication/TwoFactorAuth/ProviderLoaderTest.php +++ b/tests/lib/Authentication/TwoFactorAuth/ProviderLoaderTest.php @@ -32,15 +32,16 @@ use OC\AppFramework\Bootstrap\ServiceRegistration; use OC\Authentication\TwoFactorAuth\ProviderLoader; use OCP\App\IAppManager; use OCP\Authentication\TwoFactorAuth\IProvider; +use OCP\IUser; use PHPUnit\Framework\MockObject\MockObject; use Test\TestCase; class ProviderLoaderTest extends TestCase { - /** @var IAppManager|\PHPUnit\Framework\MockObject\MockObject */ + /** @var IAppManager|MockObject */ private $appManager; - /** @var \OCP\IUser|\PHPUnit\Framework\MockObject\MockObject */ + /** @var IUser|MockObject */ private $user; /** @var RegistrationContext|MockObject */ @@ -53,7 +54,7 @@ class ProviderLoaderTest extends TestCase { parent::setUp(); $this->appManager = $this->createMock(IAppManager::class); - $this->user = $this->createMock(\OCP\IUser::class); + $this->user = $this->createMock(IUser::class); $this->registrationContext = $this->createMock(RegistrationContext::class); $coordinator = $this->createMock(Coordinator::class); @@ -123,7 +124,7 @@ class ProviderLoaderTest extends TestCase { ->with($this->user) ->willReturn([]); - $this->registrationContext->method('getTwoFactorProvider') + $this->registrationContext->method('getTwoFactorProviders') ->willReturn([ new ServiceRegistration('twofactor_test', '\\OCA\\TwoFactorTest\\Provider') ]); From 83e10b7a736f7cfa9c933d0476b4784a062bb222 Mon Sep 17 00:00:00 2001 From: Joas Schilling Date: Thu, 22 Apr 2021 15:43:57 +0200 Subject: [PATCH 3/3] Adjust integration test Signed-off-by: Joas Schilling --- build/integration/features/bootstrap/RemoteContext.php | 8 +++++++- build/integration/remoteapi_features/remote.feature | 3 ++- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/build/integration/features/bootstrap/RemoteContext.php b/build/integration/features/bootstrap/RemoteContext.php index 38f3ab7648..69ebad4320 100644 --- a/build/integration/features/bootstrap/RemoteContext.php +++ b/build/integration/features/bootstrap/RemoteContext.php @@ -138,7 +138,13 @@ class RemoteContext implements Context { * @param string $value */ public function hasCapability($key, $value) { - $capabilities = $this->getApiClient()->getCapabilities(); + try { + $capabilities = $this->getApiClient()->getCapabilities(); + } catch (\Exception $e) { + Assert::assertInstanceOf($value, $e); + $this->lastException = $e; + return; + } $current = $capabilities; $parts = explode('.', $key); foreach ($parts as $part) { diff --git a/build/integration/remoteapi_features/remote.feature b/build/integration/remoteapi_features/remote.feature index 72daf8226c..62fd95e013 100644 --- a/build/integration/remoteapi_features/remote.feature +++ b/build/integration/remoteapi_features/remote.feature @@ -34,4 +34,5 @@ Feature: remote Given using remote server "REMOTE" And user "user0" exists And using credentials "user0", "invalid" - Then the capability "theming.name" is "Nextcloud" + Then the capability "theming.name" is "OC\ForbiddenException" + Then the request should throw a "OC\ForbiddenException"