diff options
| -rw-r--r-- | apps/settings/lib/Controller/AuthSettingsController.php | 8 | ||||
| -rw-r--r-- | core/Controller/ClientFlowLoginController.php | 17 | ||||
| -rw-r--r-- | core/templates/loginflow/authpicker.php | 5 | ||||
| -rw-r--r-- | core/templates/loginflow/grant.php | 15 | ||||
| -rw-r--r-- | lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php | 3 | ||||
| -rw-r--r-- | lib/private/Authentication/Token/IProvider.php | 2 | ||||
| -rw-r--r-- | lib/private/Authentication/Token/Manager.php | 6 | ||||
| -rw-r--r-- | lib/private/Authentication/Token/PublicKeyTokenProvider.php | 4 | ||||
| -rw-r--r-- | lib/private/Files/ObjectStore/S3.php | 1 | ||||
| -rw-r--r-- | lib/private/Files/ObjectStore/S3ConnectionTrait.php | 13 | ||||
| -rw-r--r-- | lib/private/Security/CertificateManager.php | 18 | ||||
| -rw-r--r-- | tests/Core/Controller/ClientFlowLoginControllerTest.php | 2 | ||||
| -rw-r--r-- | tests/lib/Authentication/Token/ManagerTest.php | 31 | ||||
| -rw-r--r-- | tests/lib/Authentication/Token/PublicKeyTokenProviderTest.php | 83 | ||||
| -rw-r--r-- | tests/lib/Authentication/TwoFactorAuth/ManagerTest.php | 48 |
15 files changed, 155 insertions, 101 deletions
diff --git a/apps/settings/lib/Controller/AuthSettingsController.php b/apps/settings/lib/Controller/AuthSettingsController.php index 3255fcce56e..38db7be1e91 100644 --- a/apps/settings/lib/Controller/AuthSettingsController.php +++ b/apps/settings/lib/Controller/AuthSettingsController.php @@ -145,6 +145,10 @@ class AuthSettingsController extends Controller { return $this->getServiceNotAvailableResponse(); } + if (mb_strlen($name) > 128) { + $name = mb_substr($name, 0, 120) . '…'; + } + $token = $this->generateRandomDeviceToken(); $deviceToken = $this->tokenProvider->generateToken($token, $this->uid, $loginName, $password, $name, IToken::PERMANENT_TOKEN); $tokenData = $deviceToken->jsonSerialize(); @@ -241,6 +245,10 @@ class AuthSettingsController extends Controller { $this->publishActivity($scope['filesystem'] ? Provider::APP_TOKEN_FILESYSTEM_GRANTED : Provider::APP_TOKEN_FILESYSTEM_REVOKED, $token->getId(), ['name' => $currentName]); } + if (mb_strlen($name) > 128) { + $name = mb_substr($name, 0, 120) . '…'; + } + if ($token instanceof INamedToken && $name !== $currentName) { $token->setName($name); $this->publishActivity(Provider::APP_TOKEN_RENAMED, $token->getId(), ['name' => $currentName, 'newName' => $name]); diff --git a/core/Controller/ClientFlowLoginController.php b/core/Controller/ClientFlowLoginController.php index 2ba26deb0e7..d67a065a14e 100644 --- a/core/Controller/ClientFlowLoginController.php +++ b/core/Controller/ClientFlowLoginController.php @@ -162,12 +162,8 @@ class ClientFlowLoginController extends Controller { * @PublicPage * @NoCSRFRequired * @UseSession - * - * @param string $clientIdentifier - * - * @return StandaloneTemplateResponse */ - public function showAuthPickerPage($clientIdentifier = '') { + public function showAuthPickerPage(string $clientIdentifier = '', int $direct = 0): StandaloneTemplateResponse { $clientName = $this->getClientName(); $client = null; if ($clientIdentifier !== '') { @@ -218,6 +214,7 @@ class ClientFlowLoginController extends Controller { 'stateToken' => $stateToken, 'serverHost' => $this->getServerPath(), 'oauthState' => $this->session->get('oauth.state'), + 'direct' => $direct, ], 'guest' ); @@ -231,13 +228,10 @@ class ClientFlowLoginController extends Controller { * @NoCSRFRequired * @NoSameSiteCookieRequired * @UseSession - * - * @param string $stateToken - * @param string $clientIdentifier - * @return StandaloneTemplateResponse */ - public function grantPage($stateToken = '', - $clientIdentifier = '') { + public function grantPage(string $stateToken = '', + string $clientIdentifier = '', + int $direct = 0): StandaloneTemplateResponse { if (!$this->isValidToken($stateToken)) { return $this->stateTokenForbiddenResponse(); } @@ -267,6 +261,7 @@ class ClientFlowLoginController extends Controller { 'stateToken' => $stateToken, 'serverHost' => $this->getServerPath(), 'oauthState' => $this->session->get('oauth.state'), + 'direct' => $direct, ], 'guest' ); diff --git a/core/templates/loginflow/authpicker.php b/core/templates/loginflow/authpicker.php index 02b4b9cc003..4c4c8fd6d53 100644 --- a/core/templates/loginflow/authpicker.php +++ b/core/templates/loginflow/authpicker.php @@ -46,7 +46,7 @@ $urlGenerator = $_['urlGenerator']; <br/> <p id="redirect-link"> - <a href="<?php p($urlGenerator->linkToRoute('core.ClientFlowLogin.grantPage', ['stateToken' => $_['stateToken'], 'clientIdentifier' => $_['clientIdentifier'], 'oauthState' => $_['oauthState']])) ?>"> + <a href="<?php p($urlGenerator->linkToRoute('core.ClientFlowLogin.grantPage', ['stateToken' => $_['stateToken'], 'clientIdentifier' => $_['clientIdentifier'], 'oauthState' => $_['oauthState'], 'direct' => $_['direct']])) ?>"> <input type="submit" class="login primary icon-confirm-white" value="<?php p($l->t('Log in')) ?>"> </a> </p> @@ -62,6 +62,9 @@ $urlGenerator = $_['urlGenerator']; </p> <input type="hidden" name="stateToken" value="<?php p($_['stateToken']) ?>" /> <input type="hidden" name="requesttoken" value="<?php p($_['requesttoken']) ?>"> + <?php if ($_['direct'] !== 0) { ?> + <input type="hidden" name="direct" value="<?php p($_['direct']) ?>"> + <?php } ?> <input id="submit-app-token-login" type="submit" class="login primary icon-confirm-white" value="<?php p($l->t('Grant access')) ?>"> </form> </div> diff --git a/core/templates/loginflow/grant.php b/core/templates/loginflow/grant.php index 0f1b9235a89..c537c47ea64 100644 --- a/core/templates/loginflow/grant.php +++ b/core/templates/loginflow/grant.php @@ -39,14 +39,17 @@ $urlGenerator = $_['urlGenerator']; <br/> <p id="redirect-link"> - <form method="POST" action="<?php p($urlGenerator->linkToRouteAbsolute('core.ClientFlowLogin.generateAppPassword')) ?>"> - <input type="hidden" name="clientIdentifier" value="<?php p($_['clientIdentifier']) ?>" /> - <input type="hidden" name="requesttoken" value="<?php p($_['requesttoken']) ?>" /> - <input type="hidden" name="stateToken" value="<?php p($_['stateToken']) ?>" /> - <input type="hidden" name="oauthState" value="<?php p($_['oauthState']) ?>" /> + <form method="POST" action="<?php p($urlGenerator->linkToRouteAbsolute('core.ClientFlowLogin.generateAppPassword')) ?>"> + <input type="hidden" name="clientIdentifier" value="<?php p($_['clientIdentifier']) ?>" /> + <input type="hidden" name="requesttoken" value="<?php p($_['requesttoken']) ?>" /> + <input type="hidden" name="stateToken" value="<?php p($_['stateToken']) ?>" /> + <input type="hidden" name="oauthState" value="<?php p($_['oauthState']) ?>" /> + <?php if (p($_['direct'])) { ?> + <input type="hidden" name="direct" value="1" /> + <?php } ?> <div id="submit-wrapper"> <input type="submit" class="login primary icon-confirm-white" title="" value="<?php p($l->t('Grant access')); ?>" /> - </div> + </div> </form> </p> </div> diff --git a/lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php b/lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php index 3fdbe8de1e1..b98d4a99fb5 100644 --- a/lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php +++ b/lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php @@ -223,6 +223,9 @@ class SecurityMiddleware extends Middleware { if (isset($this->request->server['REQUEST_URI'])) { $params['redirect_url'] = $this->request->server['REQUEST_URI']; } + if ($this->request->getParam('direct')) { + $params['direct'] = 1; + } $url = $this->urlGenerator->linkToRoute('core.login.showLoginForm', $params); $response = new RedirectResponse($url); } else { diff --git a/lib/private/Authentication/Token/IProvider.php b/lib/private/Authentication/Token/IProvider.php index b37fc2c8cf4..a39cf95f141 100644 --- a/lib/private/Authentication/Token/IProvider.php +++ b/lib/private/Authentication/Token/IProvider.php @@ -44,7 +44,7 @@ interface IProvider { * @param string $uid * @param string $loginName * @param string|null $password - * @param string $name + * @param string $name Name will be trimmed to 120 chars when longer * @param int $type token type * @param int $remember whether the session token should be used for remember-me * @return IToken diff --git a/lib/private/Authentication/Token/Manager.php b/lib/private/Authentication/Token/Manager.php index b718ce73ea4..cadc5f408e4 100644 --- a/lib/private/Authentication/Token/Manager.php +++ b/lib/private/Authentication/Token/Manager.php @@ -53,7 +53,7 @@ class Manager implements IProvider { * @param string $uid * @param string $loginName * @param string|null $password - * @param string $name + * @param string $name Name will be trimmed to 120 chars when longer * @param int $type token type * @param int $remember whether the session token should be used for remember-me * @return IToken @@ -65,6 +65,10 @@ class Manager implements IProvider { string $name, int $type = IToken::TEMPORARY_TOKEN, int $remember = IToken::DO_NOT_REMEMBER): IToken { + if (mb_strlen($name) > 128) { + $name = mb_substr($name, 0, 120) . '…'; + } + try { return $this->publicKeyTokenProvider->generateToken( $token, diff --git a/lib/private/Authentication/Token/PublicKeyTokenProvider.php b/lib/private/Authentication/Token/PublicKeyTokenProvider.php index 00139b14166..ebda3bac499 100644 --- a/lib/private/Authentication/Token/PublicKeyTokenProvider.php +++ b/lib/private/Authentication/Token/PublicKeyTokenProvider.php @@ -84,6 +84,10 @@ class PublicKeyTokenProvider implements IProvider { string $name, int $type = IToken::TEMPORARY_TOKEN, int $remember = IToken::DO_NOT_REMEMBER): IToken { + if (mb_strlen($name) > 128) { + throw new InvalidTokenException('The given name is too long'); + } + $dbToken = $this->newToken($token, $uid, $loginName, $password, $name, $type, $remember); $this->mapper->insert($dbToken); diff --git a/lib/private/Files/ObjectStore/S3.php b/lib/private/Files/ObjectStore/S3.php index 074f3a1df91..6492145fb63 100644 --- a/lib/private/Files/ObjectStore/S3.php +++ b/lib/private/Files/ObjectStore/S3.php @@ -30,6 +30,7 @@ class S3 implements IObjectStore { use S3ObjectTrait; public function __construct($parameters) { + $parameters['primary_storage'] = true; $this->parseParams($parameters); } diff --git a/lib/private/Files/ObjectStore/S3ConnectionTrait.php b/lib/private/Files/ObjectStore/S3ConnectionTrait.php index 47c20d96d53..888497d03bb 100644 --- a/lib/private/Files/ObjectStore/S3ConnectionTrait.php +++ b/lib/private/Files/ObjectStore/S3ConnectionTrait.php @@ -39,6 +39,7 @@ use Aws\S3\Exception\S3Exception; use Aws\S3\S3Client; use GuzzleHttp\Promise; use GuzzleHttp\Promise\RejectedPromise; +use OCP\ICertificateManager; use OCP\ILogger; trait S3ConnectionTrait { @@ -121,6 +122,15 @@ trait S3ConnectionTrait { ) ); + // since we store the certificate bundles on the primary storage, we can't get the bundle while setting up the primary storage + if (!isset($this->params['primary_storage'])) { + /** @var ICertificateManager $certManager */ + $certManager = \OC::$server->get(ICertificateManager::class); + $certPath = $certManager->getAbsoluteBundlePath(); + } else { + $certPath = \OC::$SERVERROOT . '/resources/config/ca-bundle.crt'; + } + $options = [ 'version' => isset($this->params['version']) ? $this->params['version'] : 'latest', 'credentials' => $provider, @@ -130,9 +140,10 @@ trait S3ConnectionTrait { 'signature_provider' => \Aws\or_chain([self::class, 'legacySignatureProvider'], ClientResolver::_default_signature_provider()), 'csm' => false, 'use_arn_region' => false, + 'http' => ['verify' => $certPath], ]; if ($this->getProxy()) { - $options['http'] = [ 'proxy' => $this->getProxy() ]; + $options['http']['proxy'] = $this->getProxy(); } if (isset($this->params['legacy_auth']) && $this->params['legacy_auth']) { $options['signature_version'] = 'v2'; diff --git a/lib/private/Security/CertificateManager.php b/lib/private/Security/CertificateManager.php index 0c6791163c2..6f3b01e23b9 100644 --- a/lib/private/Security/CertificateManager.php +++ b/lib/private/Security/CertificateManager.php @@ -240,15 +240,19 @@ class CertificateManager implements ICertificateManager { * @return string */ public function getAbsoluteBundlePath(): string { - if (!$this->hasCertificates()) { - return \OC::$SERVERROOT . '/resources/config/ca-bundle.crt'; - } + try { + if (!$this->hasCertificates()) { + return \OC::$SERVERROOT . '/resources/config/ca-bundle.crt'; + } - if ($this->needsRebundling()) { - $this->createCertificateBundle(); - } + if ($this->needsRebundling()) { + $this->createCertificateBundle(); + } - return $this->view->getLocalFile($this->getCertificateBundle()); + return $this->view->getLocalFile($this->getCertificateBundle()); + } catch (\Exception $e) { + return \OC::$SERVERROOT . '/resources/config/ca-bundle.crt'; + } } /** diff --git a/tests/Core/Controller/ClientFlowLoginControllerTest.php b/tests/Core/Controller/ClientFlowLoginControllerTest.php index 51a17743c93..c60c89407bd 100644 --- a/tests/Core/Controller/ClientFlowLoginControllerTest.php +++ b/tests/Core/Controller/ClientFlowLoginControllerTest.php @@ -183,6 +183,7 @@ class ClientFlowLoginControllerTest extends TestCase { 'stateToken' => 'StateToken', 'serverHost' => 'https://example.com', 'oauthState' => 'OauthStateToken', + 'direct' => 0, ], 'guest' ); @@ -246,6 +247,7 @@ class ClientFlowLoginControllerTest extends TestCase { 'stateToken' => 'StateToken', 'serverHost' => 'https://example.com', 'oauthState' => 'OauthStateToken', + 'direct' => 0, ], 'guest' ); diff --git a/tests/lib/Authentication/Token/ManagerTest.php b/tests/lib/Authentication/Token/ManagerTest.php index fb92b3e5018..ee2b3cdc768 100644 --- a/tests/lib/Authentication/Token/ManagerTest.php +++ b/tests/lib/Authentication/Token/ManagerTest.php @@ -127,6 +127,37 @@ class ManagerTest extends TestCase { $this->assertSame($token, $actual); } + public function testGenerateTokenTooLongName() { + $token = $this->createMock(IToken::class); + $token->method('getName') + ->willReturn(str_repeat('a', 120) . '…'); + + + $this->publicKeyTokenProvider->expects($this->once()) + ->method('generateToken') + ->with( + 'token', + 'uid', + 'loginName', + 'password', + str_repeat('a', 120) . '…', + IToken::TEMPORARY_TOKEN, + IToken::REMEMBER + )->willReturn($token); + + $actual = $this->manager->generateToken( + 'token', + 'uid', + 'loginName', + 'password', + str_repeat('a', 200), + IToken::TEMPORARY_TOKEN, + IToken::REMEMBER + ); + + $this->assertSame(121, mb_strlen($actual->getName())); + } + public function tokenData(): array { return [ [new DefaultToken()], diff --git a/tests/lib/Authentication/Token/PublicKeyTokenProviderTest.php b/tests/lib/Authentication/Token/PublicKeyTokenProviderTest.php index 486660f17c6..767e7897c58 100644 --- a/tests/lib/Authentication/Token/PublicKeyTokenProviderTest.php +++ b/tests/lib/Authentication/Token/PublicKeyTokenProviderTest.php @@ -82,10 +82,7 @@ class PublicKeyTokenProviderTest extends TestCase { $uid = 'user'; $user = 'User'; $password = 'passme'; - $name = 'User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12' - . 'User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12' - . 'User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12' - . 'User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12'; + $name = 'User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12'; $type = IToken::PERMANENT_TOKEN; $actual = $this->tokenProvider->generateToken($token, $uid, $user, $password, $name, $type, IToken::DO_NOT_REMEMBER); @@ -98,6 +95,22 @@ class PublicKeyTokenProviderTest extends TestCase { $this->assertSame($password, $this->tokenProvider->getPassword($actual, $token)); } + public function testGenerateTokenInvalidName() { + $this->expectException(\OC\Authentication\Exceptions\InvalidTokenException::class); + + $token = 'token'; + $uid = 'user'; + $user = 'User'; + $password = 'passme'; + $name = 'User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12' + . 'User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12' + . 'User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12' + . 'User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12'; + $type = IToken::PERMANENT_TOKEN; + + $actual = $this->tokenProvider->generateToken($token, $uid, $user, $password, $name, $type, IToken::DO_NOT_REMEMBER); + } + public function testUpdateToken() { $tk = new PublicKeyToken(); $this->mapper->expects($this->once()) @@ -139,10 +152,7 @@ class PublicKeyTokenProviderTest extends TestCase { $uid = 'user'; $user = 'User'; $password = 'passme'; - $name = 'User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12' - . 'User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12' - . 'User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12' - . 'User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12'; + $name = 'User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12'; $type = IToken::PERMANENT_TOKEN; $actual = $this->tokenProvider->generateToken($token, $uid, $user, $password, $name, $type, IToken::DO_NOT_REMEMBER); @@ -169,10 +179,7 @@ class PublicKeyTokenProviderTest extends TestCase { $uid = 'user'; $user = 'User'; $password = 'passme'; - $name = 'User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12' - . 'User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12' - . 'User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12' - . 'User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12'; + $name = 'User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12'; $type = IToken::PERMANENT_TOKEN; $actual = $this->tokenProvider->generateToken($token, $uid, $user, $password, $name, $type, IToken::DO_NOT_REMEMBER); @@ -185,10 +192,7 @@ class PublicKeyTokenProviderTest extends TestCase { $uid = 'user'; $user = 'User'; $password = 'passme'; - $name = 'User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12' - . 'User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12' - . 'User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12' - . 'User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12'; + $name = 'User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12'; $type = IToken::PERMANENT_TOKEN; $actual = $this->tokenProvider->generateToken($token, $uid, $user, $password, $name, $type, IToken::DO_NOT_REMEMBER); @@ -248,12 +252,12 @@ class PublicKeyTokenProviderTest extends TestCase { ['session_lifetime', $defaultSessionLifetime, 150], ['remember_login_cookie_lifetime', $defaultRememberMeLifetime, 300], ]); - $this->mapper->expects($this->at(0)) - ->method('invalidateOld') - ->with($this->time - 150); - $this->mapper->expects($this->at(1)) + $this->mapper->expects($this->exactly(2)) ->method('invalidateOld') - ->with($this->time - 300); + ->withConsecutive( + [$this->time - 150], + [$this->time - 300] + ); $this->tokenProvider->invalidateOldTokens(); } @@ -263,21 +267,18 @@ class PublicKeyTokenProviderTest extends TestCase { $uid = 'user'; $user = 'User'; $password = null; - $name = 'User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12' - . 'User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12' - . 'User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12' - . 'User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12'; + $name = 'User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12'; $type = IToken::PERMANENT_TOKEN; $oldToken = $this->tokenProvider->generateToken($token, $uid, $user, $password, $name, $type, IToken::DO_NOT_REMEMBER); $this->mapper - ->expects($this->at(0)) + ->expects($this->once()) ->method('getToken') ->with(hash('sha512', 'oldId' . '1f4h9s')) ->willReturn($oldToken); $this->mapper - ->expects($this->at(1)) + ->expects($this->once()) ->method('insert') ->with($this->callback(function (PublicKeyToken $token) use ($user, $uid, $name) { return $token->getUID() === $uid && @@ -288,7 +289,7 @@ class PublicKeyTokenProviderTest extends TestCase { $token->getPassword() === null; })); $this->mapper - ->expects($this->at(2)) + ->expects($this->once()) ->method('delete') ->with($this->callback(function ($token) use ($oldToken) { return $token === $oldToken; @@ -302,21 +303,18 @@ class PublicKeyTokenProviderTest extends TestCase { $uid = 'user'; $user = 'User'; $password = 'password'; - $name = 'User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12' - . 'User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12' - . 'User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12' - . 'User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12'; + $name = 'User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12'; $type = IToken::PERMANENT_TOKEN; $oldToken = $this->tokenProvider->generateToken($token, $uid, $user, $password, $name, $type, IToken::DO_NOT_REMEMBER); $this->mapper - ->expects($this->at(0)) + ->expects($this->once()) ->method('getToken') ->with(hash('sha512', 'oldId' . '1f4h9s')) ->willReturn($oldToken); $this->mapper - ->expects($this->at(1)) + ->expects($this->once()) ->method('insert') ->with($this->callback(function (PublicKeyToken $token) use ($user, $uid, $name) { return $token->getUID() === $uid && @@ -328,7 +326,7 @@ class PublicKeyTokenProviderTest extends TestCase { $this->tokenProvider->getPassword($token, 'newId') === 'password'; })); $this->mapper - ->expects($this->at(2)) + ->expects($this->once()) ->method('delete') ->with($this->callback(function ($token) use ($oldToken) { return $token === $oldToken; @@ -372,10 +370,7 @@ class PublicKeyTokenProviderTest extends TestCase { $uid = 'user'; $user = 'User'; $password = 'passme'; - $name = 'User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12' - . 'User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12' - . 'User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12' - . 'User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12'; + $name = 'User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12'; $type = IToken::PERMANENT_TOKEN; $actual = $this->tokenProvider->generateToken($token, $uid, $user, $password, $name, $type, IToken::DO_NOT_REMEMBER); @@ -440,10 +435,7 @@ class PublicKeyTokenProviderTest extends TestCase { $uid = 'user'; $user = 'User'; $password = 'password'; - $name = 'User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12' - . 'User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12' - . 'User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12' - . 'User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12'; + $name = 'User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12'; $type = IToken::PERMANENT_TOKEN; $actual = $this->tokenProvider->generateToken($token, $uid, $user, $password, $name, $type, IToken::DO_NOT_REMEMBER); @@ -458,10 +450,7 @@ class PublicKeyTokenProviderTest extends TestCase { $uid = 'user'; $user = 'User'; $password = null; - $name = 'User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12' - . 'User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12' - . 'User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12' - . 'User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12'; + $name = 'User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12'; $type = IToken::PERMANENT_TOKEN; $actual = $this->tokenProvider->generateToken($token, $uid, $user, $password, $name, $type, IToken::DO_NOT_REMEMBER); diff --git a/tests/lib/Authentication/TwoFactorAuth/ManagerTest.php b/tests/lib/Authentication/TwoFactorAuth/ManagerTest.php index fc921b8016b..ae6fadc790c 100644 --- a/tests/lib/Authentication/TwoFactorAuth/ManagerTest.php +++ b/tests/lib/Authentication/TwoFactorAuth/ManagerTest.php @@ -376,13 +376,13 @@ class ManagerTest extends TestCase { ->method('get') ->with('two_factor_remember_login') ->willReturn(false); - $this->session->expects($this->at(1)) + $this->session->expects($this->exactly(2)) ->method('remove') - ->with('two_factor_auth_uid'); - $this->session->expects($this->at(2)) - ->method('remove') - ->with('two_factor_remember_login'); - $this->session->expects($this->at(3)) + ->withConsecutive( + ['two_factor_auth_uid'], + ['two_factor_remember_login'] + ); + $this->session->expects($this->once()) ->method('set') ->with(Manager::SESSION_UID_DONE, 'jos'); $this->session->method('getId') @@ -494,17 +494,13 @@ class ManagerTest extends TestCase { public function testNeedsSecondFactor() { $user = $this->createMock(IUser::class); - $this->session->expects($this->at(0)) - ->method('exists') - ->with('app_password') - ->willReturn(false); - $this->session->expects($this->at(1)) + $this->session->expects($this->exactly(3)) ->method('exists') - ->with('two_factor_auth_uid') - ->willReturn(false); - $this->session->expects($this->at(2)) - ->method('exists') - ->with(Manager::SESSION_UID_DONE) + ->withConsecutive( + ['app_password'], + ['two_factor_auth_uid'], + [Manager::SESSION_UID_DONE], + ) ->willReturn(false); $this->session->method('getId') @@ -575,12 +571,12 @@ class ManagerTest extends TestCase { $this->user->method('getUID') ->willReturn('ferdinand'); - $this->session->expects($this->at(0)) - ->method('set') - ->with('two_factor_auth_uid', 'ferdinand'); - $this->session->expects($this->at(1)) + $this->session->expects($this->exactly(2)) ->method('set') - ->with('two_factor_remember_login', true); + ->withConsecutive( + ['two_factor_auth_uid', 'ferdinand'], + ['two_factor_remember_login', true] + ); $this->session->method('getId') ->willReturn('mysessionid'); @@ -605,12 +601,12 @@ class ManagerTest extends TestCase { $this->user->method('getUID') ->willReturn('ferdinand'); - $this->session->expects($this->at(0)) - ->method('set') - ->with('two_factor_auth_uid', 'ferdinand'); - $this->session->expects($this->at(1)) + $this->session->expects($this->exactly(2)) ->method('set') - ->with('two_factor_remember_login', false); + ->withConsecutive( + ['two_factor_auth_uid', 'ferdinand'], + ['two_factor_remember_login', false] + ); $this->session->method('getId') ->willReturn('mysessionid'); |