Finished credential mapper tests

Fixed some security flaws on the credential update method in the credential mapper class

1 files changed, 157 insertions, 6 deletions

diff --git a/tests/unit/lib/Db/CredentialMapperTest.php b/tests/unit/lib/Db/CredentialMapperTest.php
index e9f95634..b87487ab 100644
--- a/tests/unit/lib/Db/CredentialMapperTest.php
+++ b/tests/unit/lib/Db/CredentialMapperTest.php
@@ -116,10 +116,161 @@ class CredentialMapperTest extends DatabaseHelperTest {
 		$this->assertEquals($expired, $data);
 	}
 
-//	/**
-//	 * @covers ::getCredentialById
-//	 */
-//	public function testGetCredentialById() {
-//
-//	}
+	/**
+	 * @covers ::getCredentialById
+	 */
+	public function testGetCredentialById() {
+		$expected = Credential::fromRow($this->dataset->getRow(0));
+
+		$data = $this->mapper->getCredentialById($expected->getId());
+		$this->assertInstanceOf(Credential::class, $data);
+		$this->assertEquals($expected, $data);
+
+		$data = $this->mapper->getCredentialById($expected->getId(), $expected->getUserId());
+		$this->assertInstanceOf(Credential::class, $data);
+		$this->assertEquals($expected, $data);
+
+		$this->expectException(\OCP\AppFramework\Db\DoesNotExistException::class);
+		$this->mapper->getCredentialById(PHP_INT_MAX);
+	}
+
+	/**
+	 * @covers ::getCredentialLabelById
+	 */
+	public function testGetCredentialLabelById() {
+		$expected = $this->dataset->getRow(0);
+
+		$data = $this->mapper->getCredentialLabelById($expected['id']);
+		$this->assertInstanceOf(Credential::class, $data);
+		$this->assertSame(intval($expected['id']), $data->getId());
+		$this->assertSame($expected['label'], $data->getLabel());
+
+		$this->expectException(\OCP\AppFramework\Db\DoesNotExistException::class);
+		$this->mapper->getCredentialLabelById(PHP_INT_MAX);
+	}
+
+	/**
+	 * @covers ::getCredentialByGUID
+	 */
+	public function testGetCredentialByGUID() {
+		$data = Credential::fromRow($this->dataset->getRow(0));
+		$result = $this->mapper->getCredentialByGUID($data->getGuid());
+		$this->assertInstanceOf(Credential::class, $result);
+		$this->assertEquals($data, $result);
+
+		$result = $this->mapper->getCredentialByGUID($data->getGuid(), $data->getUserId());
+		$this->assertInstanceOf(Credential::class, $result);
+		$this->assertEquals($data, $result);
+
+		$this->expectException(\OCP\AppFramework\Db\DoesNotExistException::class);
+		$this->mapper->getCredentialByGUID("ASDF");
+	}
+
+	/**
+	 * @covers ::create
+	 */
+	public function testCreate() {
+		$raw_credential = [
+			'vault_id'			=> 5,
+			'user_id'			=> 'WolFi',
+			'label'				=> "some label",
+			'description'		=> "Some description",
+			'tags'				=> "tag, tag, tags",
+			'email'				=> "someone@example.com",
+			'username'			=> "some_user",
+			'password'			=> "some st0ng p4\$\$word",
+			'url'				=> "www.example.com/login",
+			'favicon'			=> "",
+			'renew_interval'	=> 4,
+			'expire_time'		=> Utils::getTime()+100,
+			'delete_time'		=> null,
+			'files'				=> "{some_file}",
+			'custom_fields'		=> "{custom_fields}",
+			'otp'				=> "otp_code",
+			'hidden'			=> false,
+			'shared_key'		=> null
+		];
+
+		$result = $this->mapper->create($raw_credential);
+		$this->assertInstanceOf(Credential::class, $result);
+		$this->assertNotNull($result->getId());
+
+		$expected = Credential::fromRow($raw_credential);
+		$expected->setId($result->getId());
+		$expected->setCreated($result->getCreated());
+		$expected->setChanged($result->getChanged());
+		$expected->setGuid($result->getGuid());
+
+		$this->assertEquals($expected->jsonSerialize(), $result->jsonSerialize());
+
+		$data = $this->mapper->getCredentialById($expected->getId());
+		$this->assertEquals($expected->jsonSerialize(), $data->jsonSerialize());
+	}
+
+	/**
+	 * @covers ::updateCredential
+	 */
+	public function testUpdateCredential() {
+		$original_row = $this->dataset->getRow(0);
+		$raw_credential = [
+			'guid'				=> $original_row['guid'],
+			'label'				=> $original_row['label'] . "asdf",
+			'description'		=> $original_row['description'] . 'fdsa',
+			'tags'				=> $original_row['tags'] . ' TAG!',
+			'email'				=> $original_row['email'] . 'RAWR!',
+			'username'			=> $original_row['username'] . "roof",
+			'password'			=> $original_row['password'] . ' NOOO, not giving my pw',
+			'url'				=> $original_row['url'] . '/some/path',
+			'favicon'			=> $original_row['favicon'] . "ttt",
+			'renew_interval'	=> $original_row['renew_interval'] + 100,
+			'expire_time'		=> $original_row['expire_time'] +500,
+			'files'				=> $original_row['files'] . " files",
+			'custom_fields'		=> $original_row['custom_fields'] . "custom",
+			'otp'				=> $original_row['otp'] . "asdf",
+			'hidden'			=> !boolval($original_row['hidden']),
+			'delete_time'		=> $original_row['delete_time'] + 1500,
+			'shared_key'		=> $original_row['shared_key'] . "asdf"
+		];
+
+		$updated = $this->mapper->updateCredential($raw_credential);
+		foreach ($raw_credential as $key => $value) {
+			if ($key === 'guid') continue;
+			$method = 'get' . str_replace('_', '', ucwords($key, '_'));
+			$this->assertEquals($value, $updated->$method());
+		}
+
+		$real = $this->mapper->getCredentialByGUID($updated->getGuid());
+		foreach ($raw_credential as $key => $value) {
+			if ($key === 'guid') continue;
+			$method = 'get' . str_replace('_', '', ucwords($key, '_'));
+			$this->assertEquals($value, $real->$method());
+			$this->assertNotEquals($original_row[$key], $real->$method());
+		}
+	}
+
+	/**
+	 * @covers ::deleteCredential
+	 */
+	public function testDeleteCredential() {
+		$row = Credential::fromRow($this->dataset->getRow(0));
+
+		$this->assertEquals($row, $this->mapper->deleteCredential($row));
+
+		$this->expectException(\OCP\AppFramework\Db\DoesNotExistException::class);
+		$this->mapper->getCredentialByGUID($row->getGuid());
+	}
+
+	/**
+	 * @covers ::upd
+	 */
+	public function testUpd() {
+		$cred = $this->mapper->getCredentialById($this->dataset->getRow(0)['id']);
+		$cred->setUrl("ASDF");
+		$this->mapper->upd($cred);
+
+		$this->assertEquals(
+			$cred->jsonSerialize(),
+			$this->mapper->getCredentialById($cred->getId())->jsonSerialize()
+		);
+	}
 }
\ No newline at end of file