owncloud /
core
| @@ 1248-1266 (lines=19) @@ | ||
| 1245 | $this->assertSame($expectedUri, $request->getRequestUri()); |
|
| 1246 | } |
|
| 1247 | ||
| 1248 | public function testPassesCSRFCheckWithGet() { |
|
| 1249 | /** @var Request $request */ |
|
| 1250 | $request = $this->getMockBuilder('\OC\AppFramework\Http\Request') |
|
| 1251 | ->setMethods(['getScriptName']) |
|
| 1252 | ->setConstructorArgs([ |
|
| 1253 | [ |
|
| 1254 | 'get' => [ |
|
| 1255 | 'requesttoken' => 'AAAHGxsTCTc3BgMQESAcNR0OAR0=:MyTotalSecretShareds', |
|
| 1256 | ], |
|
| 1257 | 'requesttoken' => 'MyStoredRequestToken', |
|
| 1258 | ], |
|
| 1259 | $this->secureRandom, |
|
| 1260 | $this->config, |
|
| 1261 | $this->stream |
|
| 1262 | ]) |
|
| 1263 | ->getMock(); |
|
| 1264 | ||
| 1265 | $this->assertTrue($request->passesCSRFCheck()); |
|
| 1266 | } |
|
| 1267 | ||
| 1268 | public function testPassesCSRFCheckWithPost() { |
|
| 1269 | /** @var Request $request */ |
|
| @@ 1268-1286 (lines=19) @@ | ||
| 1265 | $this->assertTrue($request->passesCSRFCheck()); |
|
| 1266 | } |
|
| 1267 | ||
| 1268 | public function testPassesCSRFCheckWithPost() { |
|
| 1269 | /** @var Request $request */ |
|
| 1270 | $request = $this->getMockBuilder('\OC\AppFramework\Http\Request') |
|
| 1271 | ->setMethods(['getScriptName']) |
|
| 1272 | ->setConstructorArgs([ |
|
| 1273 | [ |
|
| 1274 | 'post' => [ |
|
| 1275 | 'requesttoken' => 'AAAHGxsTCTc3BgMQESAcNR0OAR0=:MyTotalSecretShareds', |
|
| 1276 | ], |
|
| 1277 | 'requesttoken' => 'MyStoredRequestToken', |
|
| 1278 | ], |
|
| 1279 | $this->secureRandom, |
|
| 1280 | $this->config, |
|
| 1281 | $this->stream |
|
| 1282 | ]) |
|
| 1283 | ->getMock(); |
|
| 1284 | ||
| 1285 | $this->assertTrue($request->passesCSRFCheck()); |
|
| 1286 | } |
|
| 1287 | ||
| 1288 | public function testPassesCSRFCheckWithHeader() { |
|
| 1289 | /** @var Request $request */ |
|
| @@ 1288-1306 (lines=19) @@ | ||
| 1285 | $this->assertTrue($request->passesCSRFCheck()); |
|
| 1286 | } |
|
| 1287 | ||
| 1288 | public function testPassesCSRFCheckWithHeader() { |
|
| 1289 | /** @var Request $request */ |
|
| 1290 | $request = $this->getMockBuilder('\OC\AppFramework\Http\Request') |
|
| 1291 | ->setMethods(['getScriptName']) |
|
| 1292 | ->setConstructorArgs([ |
|
| 1293 | [ |
|
| 1294 | 'server' => [ |
|
| 1295 | 'HTTP_REQUESTTOKEN' => 'AAAHGxsTCTc3BgMQESAcNR0OAR0=:MyTotalSecretShareds', |
|
| 1296 | ], |
|
| 1297 | 'requesttoken' => 'MyStoredRequestToken', |
|
| 1298 | ], |
|
| 1299 | $this->secureRandom, |
|
| 1300 | $this->config, |
|
| 1301 | $this->stream |
|
| 1302 | ]) |
|
| 1303 | ->getMock(); |
|
| 1304 | ||
| 1305 | $this->assertTrue($request->passesCSRFCheck()); |
|
| 1306 | } |
|
| 1307 | ||
| 1308 | /** |
|
| 1309 | * @return array |
|
| @@ 1324-1342 (lines=19) @@ | ||
| 1321 | * @dataProvider invalidTokenDataProvider |
|
| 1322 | * @param string $invalidToken |
|
| 1323 | */ |
|
| 1324 | public function testPassesCSRFCheckWithInvalidToken($invalidToken) { |
|
| 1325 | /** @var Request $request */ |
|
| 1326 | $request = $this->getMockBuilder('\OC\AppFramework\Http\Request') |
|
| 1327 | ->setMethods(['getScriptName']) |
|
| 1328 | ->setConstructorArgs([ |
|
| 1329 | [ |
|
| 1330 | 'server' => [ |
|
| 1331 | 'HTTP_REQUESTTOKEN' => $invalidToken, |
|
| 1332 | ], |
|
| 1333 | 'requesttoken' => 'MyStoredRequestToken', |
|
| 1334 | ], |
|
| 1335 | $this->secureRandom, |
|
| 1336 | $this->config, |
|
| 1337 | $this->stream |
|
| 1338 | ]) |
|
| 1339 | ->getMock(); |
|
| 1340 | ||
| 1341 | $this->assertFalse($request->passesCSRFCheck()); |
|
| 1342 | } |
|
| 1343 | ||
| 1344 | public function testPassesCSRFCheckWithoutTokenFail() { |
|
| 1345 | /** @var Request $request */ |
|
