Merge pull request #17415 from nextcloud/backport/17397/stable17

[stable17] Fix updating and deleting authtokens
This commit is contained in:
Roeland Jago Douma 2019-10-05 14:14:48 +02:00 committed by GitHub
commit cf0376f81d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 51 additions and 2 deletions

View File

@ -29,6 +29,7 @@ namespace OC\Settings\Controller;
use BadMethodCallException;
use OC\Authentication\Exceptions\InvalidTokenException;
use OC\Authentication\Exceptions\ExpiredTokenException;
use OC\Authentication\Exceptions\PasswordlessTokenException;
use OC\Authentication\Exceptions\WipeTokenException;
use OC\Authentication\Token\INamedToken;
@ -248,10 +249,13 @@ class AuthSettingsController extends Controller {
* @param int $id
* @return IToken
* @throws InvalidTokenException
* @throws \OC\Authentication\Exceptions\ExpiredTokenException
*/
private function findTokenByIdAndUser(int $id): IToken {
$token = $this->tokenProvider->getTokenById($id);
try {
$token = $this->tokenProvider->getTokenById($id);
} catch (ExpiredTokenException $e) {
$token = $e->getToken();
}
if ($token->getUID() !== $this->uid) {
throw new InvalidTokenException('This token does not belong to you!');
}

View File

@ -23,6 +23,7 @@ namespace Test\Settings\Controller;
use OC\AppFramework\Http;
use OC\Authentication\Exceptions\InvalidTokenException;
use OC\Authentication\Exceptions\ExpiredTokenException;
use OC\Authentication\Token\DefaultToken;
use OC\Authentication\Token\IProvider;
use OC\Authentication\Token\IToken;
@ -183,6 +184,30 @@ class AuthSettingsControllerTest extends TestCase {
$this->assertEquals([], $this->controller->destroy($tokenId));
}
public function testDestroyExpired() {
$tokenId = 124;
$token = $this->createMock(DefaultToken::class);
$token->expects($this->exactly(2))
->method('getId')
->willReturn($tokenId);
$token->expects($this->once())
->method('getUID')
->willReturn($this->uid);
$this->tokenProvider->expects($this->once())
->method('getTokenById')
->with($this->equalTo($tokenId))
->willThrowException(new ExpiredTokenException($token));
$this->tokenProvider->expects($this->once())
->method('invalidateTokenById')
->with($this->uid, $tokenId);
$this->assertSame([], $this->controller->destroy($tokenId));
}
public function testDestroyWrongUser() {
$tokenId = 124;
$token = $this->createMock(DefaultToken::class);
@ -315,6 +340,26 @@ class AuthSettingsControllerTest extends TestCase {
$this->assertSame([], $this->controller->update($tokenId, ['filesystem' => true], 'App password'));
}
public function testUpdateExpired() {
$tokenId = 42;
$token = $this->createMock(DefaultToken::class);
$token->expects($this->once())
->method('getUID')
->willReturn($this->uid);
$this->tokenProvider->expects($this->once())
->method('getTokenById')
->with($this->equalTo($tokenId))
->willThrowException(new ExpiredTokenException($token));
$this->tokenProvider->expects($this->once())
->method('updateToken')
->with($this->equalTo($token));
$this->assertSame([], $this->controller->update($tokenId, ['filesystem' => true], 'App password'));
}
public function testUpdateTokenWrongUser() {
$tokenId = 42;
$token = $this->createMock(DefaultToken::class);