1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
|
/*
* This software is in the public domain, furnished "as is", without technical
* support, and with no warranty, express or implied, as to its usefulness for
* any purpose.
*
*/
#include <QtTest/QtTest>
#include <QDesktopServices>
#include "libsync/creds/oauth.h"
#include "testutils/syncenginetestutils.h"
#include "theme.h"
#include "common/asserts.h"
using namespace OCC;
class DesktopServiceHook : public QObject
{
Q_OBJECT
signals:
void hooked(const QUrl &);
public:
DesktopServiceHook() { QDesktopServices::setUrlHandler("oauthtest", this, "hooked"); }
};
static const QUrl sOAuthTestServer("oauthtest://someserver/owncloud");
class FakePostReply : public QNetworkReply
{
Q_OBJECT
public:
std::unique_ptr<QIODevice> payload;
bool aborted = false;
FakePostReply(QNetworkAccessManager::Operation op, const QNetworkRequest &request,
std::unique_ptr<QIODevice> payload_, QObject *parent)
: QNetworkReply{parent}, payload{std::move(payload_)}
{
setRequest(request);
setUrl(request.url());
setOperation(op);
open(QIODevice::ReadOnly);
payload->open(QIODevice::ReadOnly);
QMetaObject::invokeMethod(this, "respond", Qt::QueuedConnection);
}
Q_INVOKABLE virtual void respond() {
if (aborted) {
setError(OperationCanceledError, "Operation Canceled");
emit metaDataChanged();
emit finished();
return;
}
setHeader(QNetworkRequest::ContentLengthHeader, payload->size());
setAttribute(QNetworkRequest::HttpStatusCodeAttribute, 200);
emit metaDataChanged();
if (bytesAvailable())
emit readyRead();
emit finished();
}
void abort() override {
aborted = true;
}
qint64 bytesAvailable() const override {
if (aborted)
return 0;
return payload->bytesAvailable();
}
qint64 readData(char *data, qint64 maxlen) override {
return payload->read(data, maxlen);
}
};
// Reply with a small delay
class SlowFakePostReply : public FakePostReply {
Q_OBJECT
public:
using FakePostReply::FakePostReply;
void respond() override {
// override of FakePostReply::respond, will call the real one with a delay.
QTimer::singleShot(100, this, [this] { this->FakePostReply::respond(); });
}
};
class OAuthTestCase : public QObject
{
Q_OBJECT
DesktopServiceHook desktopServiceHook;
public:
enum State { StartState,
StatusPhpState,
BrowserOpened,
TokenAsked,
CustomState } state = StartState;
Q_ENUM(State);
// for oauth2 we use localhost, for oidc we use 127.0.0.1
QString localHost = QStringLiteral("localhost");
bool replyToBrowserOk = false;
bool gotAuthOk = false;
virtual bool done() const { return replyToBrowserOk && gotAuthOk; }
FakeQNAM *fakeQnam = nullptr;
QNetworkAccessManager realQNAM;
QPointer<QNetworkReply> browserReply = nullptr;
QString code = generateEtag();
OCC::AccountPtr account;
QScopedPointer<OAuth> oauth;
virtual void test() {
fakeQnam = new FakeQNAM({});
account = OCC::Account::create();
account->setUrl(sOAuthTestServer);
account->setCredentials(new FakeCredentials{fakeQnam});
fakeQnam->setParent(this);
fakeQnam->setOverride([this](QNetworkAccessManager::Operation op, const QNetworkRequest &req, QIODevice *device) {
if (req.url().path().endsWith(".well-known/openid-configuration")) {
return this->wellKnownReply(op, req);
} else if (req.url().path().endsWith("status.php")) {
return this->statusPhpReply(op, req);
}
OC_ASSERT(device);
OC_ASSERT(device->bytesAvailable() > 0); // OAuth2 always sends around POST data.
return this->tokenReply(op, req);
});
QObject::connect(&desktopServiceHook, &DesktopServiceHook::hooked,
this, &OAuthTestCase::openBrowserHook);
oauth.reset(new OAuth(account.data(), nullptr));
QObject::connect(oauth.data(), &OAuth::result, this, &OAuthTestCase::oauthResult);
oauth->startAuthentication();
QTRY_VERIFY(done());
}
virtual void openBrowserHook(const QUrl &url) {
QCOMPARE(state, StatusPhpState);
state = BrowserOpened;
QCOMPARE(url.path(), sOAuthTestServer.path() + QStringLiteral("/index.php/apps/oauth2/authorize"));
QVERIFY(url.toString().startsWith(sOAuthTestServer.toString()));
QUrlQuery query(url);
QCOMPARE(query.queryItemValue(QStringLiteral("response_type")), QLatin1String("code"));
QCOMPARE(query.queryItemValue(QStringLiteral("client_id")), Theme::instance()->oauthClientId());
QUrl redirectUri(query.queryItemValue(QStringLiteral("redirect_uri")));
QCOMPARE(redirectUri.host(), localHost);
redirectUri.setQuery(QStringLiteral("code=%1&state=%2").arg(code, query.queryItemValue(QStringLiteral("state"))));
createBrowserReply(QNetworkRequest(redirectUri));
}
virtual QNetworkReply *createBrowserReply(const QNetworkRequest &request) {
browserReply = realQNAM.get(request);
QObject::connect(browserReply, &QNetworkReply::finished, this, &OAuthTestCase::browserReplyFinished);
return browserReply;
}
virtual void browserReplyFinished() {
QCOMPARE(sender(), browserReply.data());
QCOMPARE(state, TokenAsked);
browserReply->deleteLater();
QCOMPARE(QNetworkReply::NoError, browserReply->error());
QCOMPARE(browserReply->rawHeader("Location"), QByteArray("owncloud://success"));
replyToBrowserOk = true;
}
virtual QNetworkReply *tokenReply(QNetworkAccessManager::Operation op, const QNetworkRequest &req)
{
OC_ASSERT(state == BrowserOpened);
state = TokenAsked;
OC_ASSERT(op == QNetworkAccessManager::PostOperation);
OC_ASSERT(req.url().toString().startsWith(sOAuthTestServer.toString()));
OC_ASSERT(req.url().path() == sOAuthTestServer.path() + "/index.php/apps/oauth2/api/v1/token");
auto payload = std::make_unique<QBuffer>();
payload->setData(tokenReplyPayload());
return new FakePostReply(op, req, std::move(payload), fakeQnam);
}
virtual QNetworkReply *statusPhpReply(QNetworkAccessManager::Operation op, const QNetworkRequest &req)
{
OC_ASSERT(state == StartState);
state = StatusPhpState;
OC_ASSERT(op == QNetworkAccessManager::GetOperation);
OC_ASSERT(req.url().toString().startsWith(sOAuthTestServer.toString()));
OC_ASSERT(req.url().path() == sOAuthTestServer.path() + "/status.php");
auto payload = std::make_unique<QBuffer>();
payload->setData(statusPhpPayload());
return new FakePostReply(op, req, std::move(payload), fakeQnam);
}
virtual QNetworkReply *wellKnownReply(QNetworkAccessManager::Operation op, const QNetworkRequest &req)
{
return new FakeErrorReply(op, req, fakeQnam, 404);
}
virtual QByteArray tokenReplyPayload() const {
// the dummy server provides the user admin
QJsonDocument jsondata(QJsonObject{
{ "access_token", "123" },
{ "refresh_token" , "456" },
{ "message_url", "owncloud://success"},
{ "user_id", "admin" },
{ "token_type", "Bearer" }
});
return jsondata.toJson();
}
virtual QByteArray statusPhpPayload() const
{
QJsonDocument jsondata(QJsonObject {
{ "installed", true },
{ "maintenance", false },
{ "needsDbUpgrade", false },
{ "version", "10.5.0.10" },
{ "versionstring", "10.5.0" },
{ "edition", "Enterprise" },
{ "productname", "ownCloud" } });
return jsondata.toJson();
}
virtual void oauthResult(OAuth::Result result, const QString &user, const QString &token , const QString &refreshToken) {
QCOMPARE(state, TokenAsked);
QCOMPARE(result, OAuth::LoggedIn);
QCOMPARE(user, QString("admin"));
QCOMPARE(token, QString("123"));
QCOMPARE(refreshToken, QString("456"));
gotAuthOk = true;
}
};
class TestOAuth: public QObject
{
Q_OBJECT
private slots:
void testBasic()
{
OAuthTestCase test;
test.test();
}
void testWrongUser()
{
struct Test : OAuthTestCase {
QByteArray tokenReplyPayload() const override {
// the dummy server provides the user admin
QJsonDocument jsondata(QJsonObject{
{ "access_token", "123" },
{ "refresh_token" , "456" },
{ "message_url", "owncloud://success"},
{ "user_id", "wrong_user" },
{ "token_type", "Bearer" }
});
return jsondata.toJson();
}
void browserReplyFinished() override {
QCOMPARE(sender(), browserReply.data());
QCOMPARE(state, TokenAsked);
browserReply->deleteLater();
QCOMPARE(QNetworkReply::AuthenticationRequiredError, browserReply->error());
}
bool done() const override{
return true;
}
};
Test test;
test.test();
}
// Test for https://github.com/owncloud/client/pull/6057
void testCloseBrowserDontCrash()
{
struct Test : OAuthTestCase {
QNetworkReply *tokenReply(QNetworkAccessManager::Operation op, const QNetworkRequest & req) override
{
OC_ASSERT(browserReply);
// simulate the fact that the browser is closing the connection
browserReply->abort();
// don't process network events, as it messes up the execution order and
// causes an Qt internal crash
QCoreApplication::processEvents(QEventLoop::ExcludeSocketNotifiers);
OC_ASSERT(state == BrowserOpened);
state = TokenAsked;
auto payload = std::make_unique<QBuffer>();
payload->setData(tokenReplyPayload());
return new SlowFakePostReply(op, req, std::move(payload), fakeQnam);
}
void browserReplyFinished() override
{
QCOMPARE(sender(), browserReply.data());
QCOMPARE(browserReply->error(), QNetworkReply::OperationCanceledError);
replyToBrowserOk = true;
}
} test;
test.test();
}
void testRandomConnections()
{
// Test that we can send random garbage to the litening socket and it does not prevent the connection
struct Test : OAuthTestCase {
QNetworkReply *createBrowserReply(const QNetworkRequest &request) override {
QTimer::singleShot(0, this, [this, request] {
auto port = request.url().port();
state = CustomState;
const QVector<QByteArray> payloads = {
"GET FOFOFO HTTP 1/1\n\n",
"GET /?code=invalie HTTP 1/1\n\n",
"GET /?code=xxxxx&bar=fff",
QByteArray("\0\0\0", 3),
QByteArray("GET \0\0\0 \n\n\n\n\n\0", 14),
QByteArray("GET /?code=éléphant\xa5 HTTP\n"),
QByteArray("\n\n\n\n"),
};
for (const auto &x : payloads) {
auto socket = new QTcpSocket(this);
socket->connectToHost("localhost", port);
QVERIFY(socket->waitForConnected());
socket->write(x);
}
// Do the actual request a bit later
QTimer::singleShot(100, this, [this, request] {
QCOMPARE(state, CustomState);
state = BrowserOpened;
this->OAuthTestCase::createBrowserReply(request);
});
});
return nullptr;
}
QNetworkReply *tokenReply(QNetworkAccessManager::Operation op, const QNetworkRequest &req) override
{
if (state == CustomState)
return new FakeErrorReply{op, req, this, 500};
return OAuthTestCase::tokenReply(op, req);
}
void oauthResult(OAuth::Result result, const QString &user, const QString &token ,
const QString &refreshToken) override {
if (state != CustomState)
return OAuthTestCase::oauthResult(result, user, token, refreshToken);
QCOMPARE(result, OAuth::Error);
}
} test;
test.test();
}
void testWellKnown() {
struct Test : OAuthTestCase {
Test()
{
localHost = QLatin1String("127.0.0.1");
}
QNetworkReply * wellKnownReply(QNetworkAccessManager::Operation op, const QNetworkRequest & req) override {
OC_ASSERT(op == QNetworkAccessManager::GetOperation);
QJsonDocument jsondata(QJsonObject{
{ "authorization_endpoint", QJsonValue(
"oauthtest://openidserver" + sOAuthTestServer.path() + "/index.php/apps/oauth2/authorize") },
{ "token_endpoint" , "oauthtest://openidserver/token_endpoint" }
});
return new FakePayloadReply(op, req, jsondata.toJson(), fakeQnam);
}
void openBrowserHook(const QUrl & url) override {
OC_ASSERT(url.host() == "openidserver");
QUrl url2 = url;
url2.setHost(sOAuthTestServer.host());
OAuthTestCase::openBrowserHook(url2);
}
QNetworkReply *tokenReply(QNetworkAccessManager::Operation op, const QNetworkRequest & request) override
{
OC_ASSERT(browserReply);
OC_ASSERT(request.url().toString().startsWith("oauthtest://openidserver/token_endpoint"));
auto req = request;
req.setUrl(request.url().toString().replace("oauthtest://openidserver/token_endpoint",
sOAuthTestServer.toString() + "/index.php/apps/oauth2/api/v1/token"));
return OAuthTestCase::tokenReply(op, req);
}
} test;
test.test();
}
void testTimeout()
{
struct Test : OAuthTestCase
{
QScopedValueRollback<int> rollback;
Test()
: rollback(AbstractNetworkJob::httpTimeout, 1)
{
localHost = QLatin1String("127.0.0.1");
}
QNetworkReply *statusPhpReply(QNetworkAccessManager::Operation op, const QNetworkRequest &req) override
{
OC_ASSERT(op == QNetworkAccessManager::GetOperation);
return new FakeHangingReply(op, req, fakeQnam);
}
void oauthResult(OAuth::Result result, const QString &user, const QString &token, const QString &refreshToken) override
{
Q_UNUSED(user);
Q_UNUSED(token);
QCOMPARE(state, StartState);
QCOMPARE(result, OAuth::Error);
gotAuthOk = true;
replyToBrowserOk = true;
}
} test;
test.test();
}
};
QTEST_GUILESS_MAIN(TestOAuth)
#include "testoauth.moc"
|
