Merge pull request #17415 from nextcloud/backport/17397/stable17
[stable17] Fix updating and deleting authtokens
This commit is contained in:
commit
cf0376f81d
|
@ -29,6 +29,7 @@ namespace OC\Settings\Controller;
|
||||||
|
|
||||||
use BadMethodCallException;
|
use BadMethodCallException;
|
||||||
use OC\Authentication\Exceptions\InvalidTokenException;
|
use OC\Authentication\Exceptions\InvalidTokenException;
|
||||||
|
use OC\Authentication\Exceptions\ExpiredTokenException;
|
||||||
use OC\Authentication\Exceptions\PasswordlessTokenException;
|
use OC\Authentication\Exceptions\PasswordlessTokenException;
|
||||||
use OC\Authentication\Exceptions\WipeTokenException;
|
use OC\Authentication\Exceptions\WipeTokenException;
|
||||||
use OC\Authentication\Token\INamedToken;
|
use OC\Authentication\Token\INamedToken;
|
||||||
|
@ -248,10 +249,13 @@ class AuthSettingsController extends Controller {
|
||||||
* @param int $id
|
* @param int $id
|
||||||
* @return IToken
|
* @return IToken
|
||||||
* @throws InvalidTokenException
|
* @throws InvalidTokenException
|
||||||
* @throws \OC\Authentication\Exceptions\ExpiredTokenException
|
|
||||||
*/
|
*/
|
||||||
private function findTokenByIdAndUser(int $id): IToken {
|
private function findTokenByIdAndUser(int $id): IToken {
|
||||||
|
try {
|
||||||
$token = $this->tokenProvider->getTokenById($id);
|
$token = $this->tokenProvider->getTokenById($id);
|
||||||
|
} catch (ExpiredTokenException $e) {
|
||||||
|
$token = $e->getToken();
|
||||||
|
}
|
||||||
if ($token->getUID() !== $this->uid) {
|
if ($token->getUID() !== $this->uid) {
|
||||||
throw new InvalidTokenException('This token does not belong to you!');
|
throw new InvalidTokenException('This token does not belong to you!');
|
||||||
}
|
}
|
||||||
|
|
|
@ -23,6 +23,7 @@ namespace Test\Settings\Controller;
|
||||||
|
|
||||||
use OC\AppFramework\Http;
|
use OC\AppFramework\Http;
|
||||||
use OC\Authentication\Exceptions\InvalidTokenException;
|
use OC\Authentication\Exceptions\InvalidTokenException;
|
||||||
|
use OC\Authentication\Exceptions\ExpiredTokenException;
|
||||||
use OC\Authentication\Token\DefaultToken;
|
use OC\Authentication\Token\DefaultToken;
|
||||||
use OC\Authentication\Token\IProvider;
|
use OC\Authentication\Token\IProvider;
|
||||||
use OC\Authentication\Token\IToken;
|
use OC\Authentication\Token\IToken;
|
||||||
|
@ -183,6 +184,30 @@ class AuthSettingsControllerTest extends TestCase {
|
||||||
$this->assertEquals([], $this->controller->destroy($tokenId));
|
$this->assertEquals([], $this->controller->destroy($tokenId));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function testDestroyExpired() {
|
||||||
|
$tokenId = 124;
|
||||||
|
$token = $this->createMock(DefaultToken::class);
|
||||||
|
|
||||||
|
$token->expects($this->exactly(2))
|
||||||
|
->method('getId')
|
||||||
|
->willReturn($tokenId);
|
||||||
|
|
||||||
|
$token->expects($this->once())
|
||||||
|
->method('getUID')
|
||||||
|
->willReturn($this->uid);
|
||||||
|
|
||||||
|
$this->tokenProvider->expects($this->once())
|
||||||
|
->method('getTokenById')
|
||||||
|
->with($this->equalTo($tokenId))
|
||||||
|
->willThrowException(new ExpiredTokenException($token));
|
||||||
|
|
||||||
|
$this->tokenProvider->expects($this->once())
|
||||||
|
->method('invalidateTokenById')
|
||||||
|
->with($this->uid, $tokenId);
|
||||||
|
|
||||||
|
$this->assertSame([], $this->controller->destroy($tokenId));
|
||||||
|
}
|
||||||
|
|
||||||
public function testDestroyWrongUser() {
|
public function testDestroyWrongUser() {
|
||||||
$tokenId = 124;
|
$tokenId = 124;
|
||||||
$token = $this->createMock(DefaultToken::class);
|
$token = $this->createMock(DefaultToken::class);
|
||||||
|
@ -315,6 +340,26 @@ class AuthSettingsControllerTest extends TestCase {
|
||||||
$this->assertSame([], $this->controller->update($tokenId, ['filesystem' => true], 'App password'));
|
$this->assertSame([], $this->controller->update($tokenId, ['filesystem' => true], 'App password'));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function testUpdateExpired() {
|
||||||
|
$tokenId = 42;
|
||||||
|
$token = $this->createMock(DefaultToken::class);
|
||||||
|
|
||||||
|
$token->expects($this->once())
|
||||||
|
->method('getUID')
|
||||||
|
->willReturn($this->uid);
|
||||||
|
|
||||||
|
$this->tokenProvider->expects($this->once())
|
||||||
|
->method('getTokenById')
|
||||||
|
->with($this->equalTo($tokenId))
|
||||||
|
->willThrowException(new ExpiredTokenException($token));
|
||||||
|
|
||||||
|
$this->tokenProvider->expects($this->once())
|
||||||
|
->method('updateToken')
|
||||||
|
->with($this->equalTo($token));
|
||||||
|
|
||||||
|
$this->assertSame([], $this->controller->update($tokenId, ['filesystem' => true], 'App password'));
|
||||||
|
}
|
||||||
|
|
||||||
public function testUpdateTokenWrongUser() {
|
public function testUpdateTokenWrongUser() {
|
||||||
$tokenId = 42;
|
$tokenId = 42;
|
||||||
$token = $this->createMock(DefaultToken::class);
|
$token = $this->createMock(DefaultToken::class);
|
||||||
|
|
Loading…
Reference in New Issue