mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge pull request #19954 from owncloud/remote-unrequired-dependencies 

Use IRequest's `getScriptName` functionality instead of $_SERVER
This commit is contained in:
Thomas Müller 2015-10-21 20:51:22 +02:00
parent 0245cfb9d2 23e22c52b0
commit e0516c215c
16 changed files with 35 additions and 128 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
lib/base.php
View File

@ -133,7 +133,18 @@ class OC {
OC_Config::$object = new \OC\Config(self::$configDir);
OC::$SUBURI = str_replace("\\", "/", substr(realpath($_SERVER["SCRIPT_FILENAME"]), strlen(OC::$SERVERROOT)));
$scriptName = $_SERVER['SCRIPT_NAME'];
/**
* FIXME: The following lines are required because we can't yet instantiiate
* \OC::$server->getRequest() since \OC::$server does not yet exist.
*/
$params = [
'server' => [
'SCRIPT_NAME' => $_SERVER['SCRIPT_NAME'],
'SCRIPT_FILENAME' => $_SERVER['SCRIPT_FILENAME'],
],
];
$fakeRequest = new \OC\AppFramework\Http\Request($params, null, new \OC\AllConfig(new \OC\SystemConfig()));
$scriptName = $fakeRequest->getScriptName();
if (substr($scriptName, -1) == '/') {
$scriptName .= 'index.php';
//make sure suburi follows the same rules as scriptName
@ -145,6 +156,7 @@ class OC {
}
}
if (OC::$CLI) {
OC::$WEBROOT = OC_Config::getValue('overwritewebroot', '');
} else {

15
lib/private/appframework/http/request.php
View File

@ -88,20 +88,17 @@ class Request implements \ArrayAccess, \Countable, IRequest {
* - string 'method' the request method (GET, POST etc)
* - string|false 'requesttoken' the requesttoken or false when not available
* @param ISecureRandom $secureRandom
* @param ICrypto $crypto
* @param IConfig $config
* @param string $stream
* @see http://www.php.net/manual/en/reserved.variables.php
*/
public function __construct(array $vars=array(),
ISecureRandom $secureRandom = null,
ICrypto $crypto,
IConfig $config,
$stream='php://input') {
$this->inputStream = $stream;
$this->items['params'] = array();
$this->secureRandom = $secureRandom;
$this->crypto = $crypto;
$this->config = $config;
if(!array_key_exists('method', $vars)) {
@ -439,22 +436,18 @@ class Request implements \ArrayAccess, \Countable, IRequest {
return false;
}
// Decrypt token to prevent BREACH like attacks
// Deobfuscate token to prevent BREACH like attacks
$token = explode(':', $token);
if (count($token) !== 2) {
return false;
}
$encryptedToken = $token[0];
$obfuscatedToken = $token[0];
$secret = $token[1];
try {
$decryptedToken = $this->crypto->decrypt($encryptedToken, $secret);
} catch (\Exception $e) {
return false;
}
$deobfuscatedToken = base64_decode($obfuscatedToken) ^ $secret;
// Check if the token is valid
if(\OCP\Security\StringUtils::equals($decryptedToken, $this->items['requesttoken'])) {
if(\OCP\Security\StringUtils::equals($deobfuscatedToken, $this->items['requesttoken'])) {
return true;
} else {
return false;

2
lib/private/server.php
View File

@ -438,7 +438,6 @@ class Server extends SimpleContainer implements IServerContainer {
'requesttoken' => $requestToken,
],
$this->getSecureRandom(),
$this->getCrypto(),
$this->getConfig(),
$stream
);
@ -512,7 +511,6 @@ class Server extends SimpleContainer implements IServerContainer {
: null,
],
new SecureRandom(),
$c->getCrypto(),
$c->getConfig()
);

19
lib/private/util.php
View File

@ -1093,7 +1093,7 @@ class OC_Util {
return $id;
}
protected static $encryptedToken;
protected static $obfuscatedToken;
/**
* Register an get/post call. Important to prevent CSRF attacks.
*
@ -1107,24 +1107,27 @@ class OC_Util {
*/
public static function callRegister() {
// Use existing token if function has already been called
if(isset(self::$encryptedToken)) {
return self::$encryptedToken;
if(isset(self::$obfuscatedToken)) {
return self::$obfuscatedToken;
}
$tokenLength = 30;
// Check if a token exists
if (!\OC::$server->getSession()->exists('requesttoken')) {
// No valid token found, generate a new one.
$requestToken = \OC::$server->getSecureRandom()->getMediumStrengthGenerator()->generate(30);
$requestToken = \OC::$server->getSecureRandom()->getMediumStrengthGenerator()->generate($tokenLength);
\OC::$server->getSession()->set('requesttoken', $requestToken);
} else {
// Valid token already exists, send it
$requestToken = \OC::$server->getSession()->get('requesttoken');
}
// Encrypt the token to mitigate breach-like attacks
$sharedSecret = \OC::$server->getSecureRandom()->getMediumStrengthGenerator()->generate(10);
self::$encryptedToken = \OC::$server->getCrypto()->encrypt($requestToken, $sharedSecret) . ':' . $sharedSecret;
return self::$encryptedToken;
// XOR the token to mitigate breach-like attacks
$sharedSecret = \OC::$server->getSecureRandom()->getMediumStrengthGenerator()->generate($tokenLength);
self::$obfuscatedToken = base64_encode($requestToken ^ $sharedSecret) .':'.$sharedSecret;
return self::$obfuscatedToken;
}
/**

1
tests/lib/appframework/controller/ApiControllerTest.php
View File

@ -38,7 +38,6 @@ class ApiControllerTest extends \Test\TestCase {
$request = new Request(
['server' => ['HTTP_ORIGIN' => 'test']],
$this->getMock('\OCP\Security\ISecureRandom'),
$this->getMock('\OCP\Security\ICrypto'),
$this->getMock('\OCP\IConfig')
);
$this->controller = new ChildApiController('app', $request, 'verbs',

1
tests/lib/appframework/controller/ControllerTest.php
View File

@ -76,7 +76,6 @@ class ControllerTest extends \Test\TestCase {
'method' => 'hi',
],
$this->getMock('\OCP\Security\ISecureRandom'),
$this->getMock('\OCP\Security\ICrypto'),
$this->getMock('\OCP\IConfig')
);

4
tests/lib/appframework/controller/OCSControllerTest.php
View File

@ -43,7 +43,6 @@ class OCSControllerTest extends \Test\TestCase {
],
],
$this->getMock('\OCP\Security\ISecureRandom'),
$this->getMock('\OCP\Security\ICrypto'),
$this->getMock('\OCP\IConfig')
);
$controller = new ChildOCSController('app', $request, 'verbs',
@ -65,7 +64,6 @@ class OCSControllerTest extends \Test\TestCase {
$controller = new ChildOCSController('app', new Request(
[],
$this->getMock('\OCP\Security\ISecureRandom'),
$this->getMock('\OCP\Security\ICrypto'),
$this->getMock('\OCP\IConfig')
));
$expected = "<?xml version=\"1.0\"?>\n" .
@ -98,7 +96,6 @@ class OCSControllerTest extends \Test\TestCase {
$controller = new ChildOCSController('app', new Request(
[],
$this->getMock('\OCP\Security\ISecureRandom'),
$this->getMock('\OCP\Security\ICrypto'),
$this->getMock('\OCP\IConfig')
));
$expected = "<?xml version=\"1.0\"?>\n" .
@ -131,7 +128,6 @@ class OCSControllerTest extends \Test\TestCase {
$controller = new ChildOCSController('app', new Request(
[],
$this->getMock('\OCP\Security\ISecureRandom'),
$this->getMock('\OCP\Security\ICrypto'),
$this->getMock('\OCP\IConfig')
));
$expected = '{"ocs":{"meta":{"status":"failure","statuscode":400,"message":"OK",' .

1
tests/lib/appframework/dependencyinjection/DIContainerTest.php
View File

@ -74,7 +74,6 @@ class DIContainerTest extends \Test\TestCase {
$this->container['Request'] = new Request(
['method' => 'GET'],
$this->getMock('\OCP\Security\ISecureRandom'),
$this->getMock('\OCP\Security\ICrypto'),
$this->getMock('\OCP\IConfig')
);
$security = $this->container['SecurityMiddleware'];

6
tests/lib/appframework/http/DispatcherTest.php
View File

@ -295,7 +295,6 @@ class DispatcherTest extends \Test\TestCase {
'method' => 'POST'
],
$this->getMock('\OCP\Security\ISecureRandom'),
$this->getMock('\OCP\Security\ICrypto'),
$this->getMock('\OCP\IConfig')
);
$this->dispatcher = new Dispatcher(
@ -323,7 +322,6 @@ class DispatcherTest extends \Test\TestCase {
'method' => 'POST',
],
$this->getMock('\OCP\Security\ISecureRandom'),
$this->getMock('\OCP\Security\ICrypto'),
$this->getMock('\OCP\IConfig')
);
$this->dispatcher = new Dispatcher(
@ -354,7 +352,6 @@ class DispatcherTest extends \Test\TestCase {
'method' => 'GET'
],
$this->getMock('\OCP\Security\ISecureRandom'),
$this->getMock('\OCP\Security\ICrypto'),
$this->getMock('\OCP\IConfig')
);
$this->dispatcher = new Dispatcher(
@ -384,7 +381,6 @@ class DispatcherTest extends \Test\TestCase {
'method' => 'GET'
],
$this->getMock('\OCP\Security\ISecureRandom'),
$this->getMock('\OCP\Security\ICrypto'),
$this->getMock('\OCP\IConfig')
);
$this->dispatcher = new Dispatcher(
@ -415,7 +411,6 @@ class DispatcherTest extends \Test\TestCase {
'method' => 'PUT'
],
$this->getMock('\OCP\Security\ISecureRandom'),
$this->getMock('\OCP\Security\ICrypto'),
$this->getMock('\OCP\IConfig')
);
$this->dispatcher = new Dispatcher(
@ -448,7 +443,6 @@ class DispatcherTest extends \Test\TestCase {
'method' => 'POST'
],
$this->getMock('\OCP\Security\ISecureRandom'),
$this->getMock('\OCP\Security\ICrypto'),
$this->getMock('\OCP\IConfig')
);
$this->dispatcher = new Dispatcher(

84
tests/lib/appframework/http/RequestTest.php
View File

@ -54,7 +54,6 @@ class RequestTest extends \Test\TestCase {
$request = new Request(
$vars,
$this->secureRandom,
$this->getMock('\OCP\Security\ICrypto'),
$this->config,
$this->stream
);
@ -87,7 +86,6 @@ class RequestTest extends \Test\TestCase {
$request = new Request(
$vars,
$this->secureRandom,
$this->getMock('\OCP\Security\ICrypto'),
$this->config,
$this->stream
);
@ -110,7 +108,6 @@ class RequestTest extends \Test\TestCase {
$request = new Request(
$vars,
$this->secureRandom,
$this->getMock('\OCP\Security\ICrypto'),
$this->config,
$this->stream
);
@ -130,7 +127,6 @@ class RequestTest extends \Test\TestCase {
$request = new Request(
$vars,
$this->secureRandom,
$this->getMock('\OCP\Security\ICrypto'),
$this->config,
$this->stream
);
@ -150,7 +146,6 @@ class RequestTest extends \Test\TestCase {
$request = new Request(
$vars,
$this->secureRandom,
$this->getMock('\OCP\Security\ICrypto'),
$this->config,
$this->stream
);
@ -167,7 +162,6 @@ class RequestTest extends \Test\TestCase {
$request = new Request(
$vars,
$this->secureRandom,
$this->getMock('\OCP\Security\ICrypto'),
$this->config,
$this->stream
);
@ -189,7 +183,6 @@ class RequestTest extends \Test\TestCase {
$request = new Request(
$vars,
$this->secureRandom,
$this->getMock('\OCP\Security\ICrypto'),
$this->config,
$this->stream
);
@ -213,7 +206,6 @@ class RequestTest extends \Test\TestCase {
$request = new Request(
$vars,
$this->secureRandom,
$this->getMock('\OCP\Security\ICrypto'),
$this->config,
$this->stream
);
@ -235,7 +227,6 @@ class RequestTest extends \Test\TestCase {
$request = new Request(
$vars,
$this->secureRandom,
$this->getMock('\OCP\Security\ICrypto'),
$this->config,
$this->stream
);
@ -260,7 +251,6 @@ class RequestTest extends \Test\TestCase {
$request = new Request(
$vars,
$this->secureRandom,
$this->getMock('\OCP\Security\ICrypto'),
$this->config,
$this->stream
);
@ -281,7 +271,6 @@ class RequestTest extends \Test\TestCase {
$request = new Request(
$vars,
$this->secureRandom,
$this->getMock('\OCP\Security\ICrypto'),
$this->config,
$this->stream
);
@ -306,7 +295,6 @@ class RequestTest extends \Test\TestCase {
$request = new Request(
$vars,
$this->secureRandom,
$this->getMock('\OCP\Security\ICrypto'),
$this->config,
$this->stream
);
@ -336,7 +324,6 @@ class RequestTest extends \Test\TestCase {
$request = new Request(
$vars,
$this->secureRandom,
$this->getMock('\OCP\Security\ICrypto'),
$this->config,
$this->stream
);
@ -358,7 +345,6 @@ class RequestTest extends \Test\TestCase {
$request = new Request(
$vars,
$this->secureRandom,
$this->getMock('\OCP\Security\ICrypto'),
$this->config,
$this->stream
);
@ -382,7 +368,6 @@ class RequestTest extends \Test\TestCase {
$request = new Request(
[],
$this->secureRandom,
$this->getMock('\OCP\Security\ICrypto'),
$this->config,
$this->stream
);
@ -394,7 +379,6 @@ class RequestTest extends \Test\TestCase {
$request = new Request(
[],
\OC::$server->getSecureRandom(),
$this->getMock('\OCP\Security\ICrypto'),
$this->config,
$this->stream
);
@ -419,7 +403,6 @@ class RequestTest extends \Test\TestCase {
],
],
$this->secureRandom,
$this->getMock('\OCP\Security\ICrypto'),
$this->config,
$this->stream
);
@ -448,7 +431,6 @@ class RequestTest extends \Test\TestCase {
],
],
$this->secureRandom,
$this->getMock('\OCP\Security\ICrypto'),
$this->config,
$this->stream
);
@ -477,7 +459,6 @@ class RequestTest extends \Test\TestCase {
],
],
$this->secureRandom,
$this->getMock('\OCP\Security\ICrypto'),
$this->config,
$this->stream
);
@ -510,7 +491,6 @@ class RequestTest extends \Test\TestCase {
],
],
$this->secureRandom,
$this->getMock('\OCP\Security\ICrypto'),
$this->config,
$this->stream
);
@ -561,7 +541,6 @@ class RequestTest extends \Test\TestCase {
],
],
$this->secureRandom,
$this->getMock('\OCP\Security\ICrypto'),
$this->config,
$this->stream
);
@ -589,7 +568,6 @@ class RequestTest extends \Test\TestCase {
$request = new Request(
[],
$this->secureRandom,
$this->getMock('\OCP\Security\ICrypto'),
$this->config,
$this->stream
);
@ -611,7 +589,6 @@ class RequestTest extends \Test\TestCase {
],
],
$this->secureRandom,
$this->getMock('\OCP\Security\ICrypto'),
$this->config,
$this->stream
);
@ -622,7 +599,6 @@ class RequestTest extends \Test\TestCase {
],
],
$this->secureRandom,
$this->getMock('\OCP\Security\ICrypto'),
$this->config,
$this->stream
);
@ -646,7 +622,6 @@ class RequestTest extends \Test\TestCase {
],
],
$this->secureRandom,
$this->getMock('\OCP\Security\ICrypto'),
$this->config,
$this->stream
);
@ -667,7 +642,6 @@ class RequestTest extends \Test\TestCase {
],
],
$this->secureRandom,
$this->getMock('\OCP\Security\ICrypto'),
$this->config,
$this->stream
);
@ -684,7 +658,6 @@ class RequestTest extends \Test\TestCase {
$request = new Request(
[],
$this->secureRandom,
$this->getMock('\OCP\Security\ICrypto'),
$this->config,
$this->stream
);
@ -705,7 +678,6 @@ class RequestTest extends \Test\TestCase {
],
],
$this->secureRandom,
$this->getMock('\OCP\Security\ICrypto'),
$this->config,
$this->stream
);
@ -727,7 +699,6 @@ class RequestTest extends \Test\TestCase {
]
],
$this->secureRandom,
$this->getMock('\OCP\Security\ICrypto'),
$this->config,
$this->stream
);
@ -816,7 +787,6 @@ class RequestTest extends \Test\TestCase {
]
],
$this->secureRandom,
$this->getMock('\OCP\Security\ICrypto'),
$this->config,
$this->stream
);
@ -833,7 +803,6 @@ class RequestTest extends \Test\TestCase {
]
],
$this->secureRandom,
$this->getMock('\OCP\Security\ICrypto'),
$this->config,
$this->stream
);
@ -851,7 +820,6 @@ class RequestTest extends \Test\TestCase {
]
],
$this->secureRandom,
$this->getMock('\OCP\Security\ICrypto'),
$this->config,
$this->stream
);
@ -869,7 +837,6 @@ class RequestTest extends \Test\TestCase {
]
],
$this->secureRandom,
$this->getMock('\OCP\Security\ICrypto'),
$this->config,
$this->stream
);
@ -897,7 +864,6 @@ class RequestTest extends \Test\TestCase {
$request = new Request(
[],
$this->secureRandom,
$this->getMock('\OCP\Security\ICrypto'),
$this->config,
$this->stream
);
@ -919,7 +885,6 @@ class RequestTest extends \Test\TestCase {
],
],
$this->secureRandom,
$this->getMock('\OCP\Security\ICrypto'),
$this->config,
$this->stream
);
@ -946,7 +911,6 @@ class RequestTest extends \Test\TestCase {
],
],
$this->secureRandom,
$this->getMock('\OCP\Security\ICrypto'),
$this->config,
$this->stream
);
@ -973,7 +937,6 @@ class RequestTest extends \Test\TestCase {
],
],
$this->secureRandom,
$this->getMock('\OCP\Security\ICrypto'),
$this->config,
$this->stream
);
@ -990,7 +953,6 @@ class RequestTest extends \Test\TestCase {
$request = new Request(
[],
$this->secureRandom,
$this->getMock('\OCP\Security\ICrypto'),
$this->config,
$this->stream
);
@ -1018,7 +980,6 @@ class RequestTest extends \Test\TestCase {
$request = new Request(
[],
$this->secureRandom,
$this->getMock('\OCP\Security\ICrypto'),
$this->config,
$this->stream
);
@ -1034,7 +995,6 @@ class RequestTest extends \Test\TestCase {
]
],
$this->secureRandom,
$this->getMock('\OCP\Security\ICrypto'),
$this->config,
$this->stream
);
@ -1055,7 +1015,6 @@ class RequestTest extends \Test\TestCase {
]
],
$this->secureRandom,
$this->getMock('\OCP\Security\ICrypto'),
$this->config,
$this->stream
);
@ -1076,7 +1035,6 @@ class RequestTest extends \Test\TestCase {
]
],
$this->secureRandom,
$this->getMock('\OCP\Security\ICrypto'),
$this->config,
$this->stream
);
@ -1099,7 +1057,6 @@ class RequestTest extends \Test\TestCase {
]
],
$this->secureRandom,
$this->getMock('\OCP\Security\ICrypto'),
$this->config,
$this->stream
);
@ -1122,7 +1079,6 @@ class RequestTest extends \Test\TestCase {
]
],
$this->secureRandom,
$this->getMock('\OCP\Security\ICrypto'),
$this->config,
$this->stream
);
@ -1145,7 +1101,6 @@ class RequestTest extends \Test\TestCase {
]
],
$this->secureRandom,
$this->getMock('\OCP\Security\ICrypto'),
$this->config,
$this->stream
);
@ -1168,7 +1123,6 @@ class RequestTest extends \Test\TestCase {
]
],
$this->secureRandom,
$this->getMock('\OCP\Security\ICrypto'),
$this->config,
$this->stream
);
@ -1223,7 +1177,6 @@ class RequestTest extends \Test\TestCase {
]
],
$this->secureRandom,
$this->getMock('\OCP\Security\ICrypto'),
$this->config,
$this->stream
);
@ -1263,7 +1216,6 @@ class RequestTest extends \Test\TestCase {
]
],
$this->secureRandom,
$this->getMock('\OCP\Security\ICrypto'),
$this->config,
$this->stream
])
@ -1277,25 +1229,17 @@ class RequestTest extends \Test\TestCase {
}
public function testPassesCSRFCheckWithGet() {
$crypto = $this->getMock('\OCP\Security\ICrypto');
$crypto
->expects($this->once())
->method('decrypt')
->with('1c637c4147e40a8a8f09428ec2059cebea3480c27b402b4e793c69710a731513|wlXxNUaFqHuQnZr5|e6ab49c9e0e20c8d3607e02f1d8e6ec17ad6020ae10b7d64ab4b0a6318c0875940943a6aa303dc090fea0b4cd5b9fb8bcbecac4308a2bd15d9f369cdc22121a4', 'secret')
->will($this->returnValue('MyStoredRequestToken'));
/** @var Request $request */
$request = $this->getMockBuilder('\OC\AppFramework\Http\Request')
->setMethods(['getScriptName'])
->setConstructorArgs([
[
'get' => [
'requesttoken' => '1c637c4147e40a8a8f09428ec2059cebea3480c27b402b4e793c69710a731513|wlXxNUaFqHuQnZr5|e6ab49c9e0e20c8d3607e02f1d8e6ec17ad6020ae10b7d64ab4b0a6318c0875940943a6aa303dc090fea0b4cd5b9fb8bcbecac4308a2bd15d9f369cdc22121a4:secret',
'requesttoken' => 'AAAHGxsTCTc3BgMQESAcNR0OAR0=:MyTotalSecretShareds',
],
'requesttoken' => 'MyStoredRequestToken',
],
$this->secureRandom,
$crypto,
$this->config,
$this->stream
])
@ -1305,25 +1249,17 @@ class RequestTest extends \Test\TestCase {
}
public function testPassesCSRFCheckWithPost() {
$crypto = $this->getMock('\OCP\Security\ICrypto');
$crypto
->expects($this->once())
->method('decrypt')
->with('1c637c4147e40a8a8f09428ec2059cebea3480c27b402b4e793c69710a731513|wlXxNUaFqHuQnZr5|e6ab49c9e0e20c8d3607e02f1d8e6ec17ad6020ae10b7d64ab4b0a6318c0875940943a6aa303dc090fea0b4cd5b9fb8bcbecac4308a2bd15d9f369cdc22121a4', 'secret')
->will($this->returnValue('MyStoredRequestToken'));
/** @var Request $request */
$request = $this->getMockBuilder('\OC\AppFramework\Http\Request')
->setMethods(['getScriptName'])
->setConstructorArgs([
[
'post' => [
'requesttoken' => '1c637c4147e40a8a8f09428ec2059cebea3480c27b402b4e793c69710a731513|wlXxNUaFqHuQnZr5|e6ab49c9e0e20c8d3607e02f1d8e6ec17ad6020ae10b7d64ab4b0a6318c0875940943a6aa303dc090fea0b4cd5b9fb8bcbecac4308a2bd15d9f369cdc22121a4:secret',
'requesttoken' => 'AAAHGxsTCTc3BgMQESAcNR0OAR0=:MyTotalSecretShareds',
],
'requesttoken' => 'MyStoredRequestToken',
],
$this->secureRandom,
$crypto,
$this->config,
$this->stream
])
@ -1333,24 +1269,17 @@ class RequestTest extends \Test\TestCase {
}
public function testPassesCSRFCheckWithHeader() {
$crypto = $this->getMock('\OCP\Security\ICrypto');
$crypto
->expects($this->once())
->method('decrypt')
->with('1c637c4147e40a8a8f09428ec2059cebea3480c27b402b4e793c69710a731513|wlXxNUaFqHuQnZr5|e6ab49c9e0e20c8d3607e02f1d8e6ec17ad6020ae10b7d64ab4b0a6318c0875940943a6aa303dc090fea0b4cd5b9fb8bcbecac4308a2bd15d9f369cdc22121a4', 'secret')
->will($this->returnValue('MyStoredRequestToken'));
/** @var Request $request */
$request = $this->getMockBuilder('\OC\AppFramework\Http\Request')
->setMethods(['getScriptName'])
->setConstructorArgs([
[
'server' => [
'HTTP_REQUESTTOKEN' => '1c637c4147e40a8a8f09428ec2059cebea3480c27b402b4e793c69710a731513|wlXxNUaFqHuQnZr5|e6ab49c9e0e20c8d3607e02f1d8e6ec17ad6020ae10b7d64ab4b0a6318c0875940943a6aa303dc090fea0b4cd5b9fb8bcbecac4308a2bd15d9f369cdc22121a4:secret',
'HTTP_REQUESTTOKEN' => 'AAAHGxsTCTc3BgMQESAcNR0OAR0=:MyTotalSecretShareds',
],
'requesttoken' => 'MyStoredRequestToken',
],
$this->secureRandom,
$crypto,
$this->config,
$this->stream
])
@ -1359,6 +1288,9 @@ class RequestTest extends \Test\TestCase {
$this->assertTrue($request->passesCSRFCheck());
}
/**
* @return array
*/
public function invalidTokenDataProvider() {
return [
['InvalidSentToken'],
@ -1373,8 +1305,6 @@ class RequestTest extends \Test\TestCase {
* @param string $invalidToken
*/
public function testPassesCSRFCheckWithInvalidToken($invalidToken) {
$crypto = new Crypto($this->config, $this->secureRandom);
/** @var Request $request */
$request = $this->getMockBuilder('\OC\AppFramework\Http\Request')
->setMethods(['getScriptName'])
@ -1386,7 +1316,6 @@ class RequestTest extends \Test\TestCase {
'requesttoken' => 'MyStoredRequestToken',
],
$this->secureRandom,
$crypto,
$this->config,
$this->stream
])
@ -1402,7 +1331,6 @@ class RequestTest extends \Test\TestCase {
->setConstructorArgs([
[],
$this->secureRandom,
$this->getMock('\OCP\Security\ICrypto'),
$this->config,
$this->stream
])

1
tests/lib/appframework/middleware/MiddlewareDispatcherTest.php
View File

@ -133,7 +133,6 @@ class MiddlewareDispatcherTest extends \Test\TestCase {
new Request(
['method' => 'GET'],
$this->getMock('\OCP\Security\ISecureRandom'),
$this->getMock('\OCP\Security\ICrypto'),
$this->getMock('\OCP\IConfig')
)
]

1
tests/lib/appframework/middleware/MiddlewareTest.php
View File

@ -61,7 +61,6 @@ class MiddlewareTest extends \Test\TestCase {
new Request(
[],
$this->getMock('\OCP\Security\ISecureRandom'),
$this->getMock('\OCP\Security\ICrypto'),
$this->getMock('\OCP\IConfig')
)
]

10
tests/lib/appframework/middleware/security/CORSMiddlewareTest.php
View File

@ -42,7 +42,6 @@ class CORSMiddlewareTest extends \Test\TestCase {
]
],
$this->getMock('\OCP\Security\ISecureRandom'),
$this->getMock('\OCP\Security\ICrypto'),
$this->getMock('\OCP\IConfig')
);
$this->reflector->reflect($this, __FUNCTION__);
@ -62,7 +61,6 @@ class CORSMiddlewareTest extends \Test\TestCase {
]
],
$this->getMock('\OCP\Security\ISecureRandom'),
$this->getMock('\OCP\Security\ICrypto'),
$this->getMock('\OCP\IConfig')
);
$middleware = new CORSMiddleware($request, $this->reflector, $this->session);
@ -80,7 +78,6 @@ class CORSMiddlewareTest extends \Test\TestCase {
$request = new Request(
[],
$this->getMock('\OCP\Security\ISecureRandom'),
$this->getMock('\OCP\Security\ICrypto'),
$this->getMock('\OCP\IConfig')
);
$this->reflector->reflect($this, __FUNCTION__);
@ -104,7 +101,6 @@ class CORSMiddlewareTest extends \Test\TestCase {
]
],
$this->getMock('\OCP\Security\ISecureRandom'),
$this->getMock('\OCP\Security\ICrypto'),
$this->getMock('\OCP\IConfig')
);
$this->reflector->reflect($this, __FUNCTION__);
@ -123,7 +119,6 @@ class CORSMiddlewareTest extends \Test\TestCase {
$request = new Request(
[],
$this->getMock('\OCP\Security\ISecureRandom'),
$this->getMock('\OCP\Security\ICrypto'),
$this->getMock('\OCP\IConfig')
);
$this->reflector->reflect($this, __FUNCTION__);
@ -149,7 +144,6 @@ class CORSMiddlewareTest extends \Test\TestCase {
'PHP_AUTH_PW' => 'pass'
]],
$this->getMock('\OCP\Security\ISecureRandom'),
$this->getMock('\OCP\Security\ICrypto'),
$this->getMock('\OCP\IConfig')
);
$this->session->expects($this->once())
@ -175,7 +169,6 @@ class CORSMiddlewareTest extends \Test\TestCase {
'PHP_AUTH_PW' => 'pass'
]],
$this->getMock('\OCP\Security\ISecureRandom'),
$this->getMock('\OCP\Security\ICrypto'),
$this->getMock('\OCP\IConfig')
);
$this->session->expects($this->once())
@ -197,7 +190,6 @@ class CORSMiddlewareTest extends \Test\TestCase {
'PHP_AUTH_PW' => 'pass'
]],
$this->getMock('\OCP\Security\ISecureRandom'),
$this->getMock('\OCP\Security\ICrypto'),
$this->getMock('\OCP\IConfig')
);
$middleware = new CORSMiddleware($request, $this->reflector, $this->session);
@ -214,7 +206,6 @@ class CORSMiddlewareTest extends \Test\TestCase {
'PHP_AUTH_PW' => 'pass'
]],
$this->getMock('\OCP\Security\ISecureRandom'),
$this->getMock('\OCP\Security\ICrypto'),
$this->getMock('\OCP\IConfig')
);
$middleware = new CORSMiddleware($request, $this->reflector, $this->session);
@ -235,7 +226,6 @@ class CORSMiddlewareTest extends \Test\TestCase {
'PHP_AUTH_PW' => 'pass'
]],
$this->getMock('\OCP\Security\ISecureRandom'),
$this->getMock('\OCP\Security\ICrypto'),
$this->getMock('\OCP\IConfig')
);
$middleware = new CORSMiddleware($request, $this->reflector, $this->session);

1
tests/lib/appframework/middleware/security/SecurityMiddlewareTest.php
View File

@ -322,7 +322,6 @@ class SecurityMiddlewareTest extends \Test\TestCase {
]
],
$this->getMock('\OCP\Security\ISecureRandom'),
$this->getMock('\OCP\Security\ICrypto'),
$this->getMock('\OCP\IConfig')
);
$this->middleware = $this->getMiddleware(true, true);

1
tests/lib/appframework/middleware/sessionmiddlewaretest.php
View File

@ -36,7 +36,6 @@ class SessionMiddlewareTest extends \Test\TestCase {
$this->request = new Request(
[],
$this->getMockBuilder('\OCP\Security\ISecureRandom')->getMock(),
$this->getMock('\OCP\Security\ICrypto'),
$this->getMock('\OCP\IConfig')
);
$this->reflector = new ControllerMethodReflector();

2
tests/lib/util.php
View File

@ -91,7 +91,7 @@ class Test_Util extends \Test\TestCase {
function testCallRegister() {
$result = strlen(OC_Util::callRegister());
$this->assertEquals(221, $result);
$this->assertEquals(71, $result);
}
function testSanitizeHTML() {