DefaultTokenProviderTest.php 12 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413
  1. <?php
  2. /**
  3. * @author Christoph Wurst <christoph@owncloud.com>
  4. *
  5. * @copyright Copyright (c) 2016, Lukas Reschke <lukas@statuscode.ch>
  6. * @copyright Copyright (c) 2016, ownCloud, Inc.
  7. * @license AGPL-3.0
  8. *
  9. * This code is free software: you can redistribute it and/or modify
  10. * it under the terms of the GNU Affero General Public License, version 3,
  11. * as published by the Free Software Foundation.
  12. *
  13. * This program is distributed in the hope that it will be useful,
  14. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  15. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  16. * GNU Affero General Public License for more details.
  17. *
  18. * You should have received a copy of the GNU Affero General Public License, version 3,
  19. * along with this program. If not, see <http://www.gnu.org/licenses/>
  20. *
  21. */
  22. namespace Test\Authentication\Token;
  23. use OC\Authentication\Exceptions\InvalidTokenException;
  24. use OC\Authentication\Token\DefaultToken;
  25. use OC\Authentication\Token\DefaultTokenProvider;
  26. use OC\Authentication\Token\IToken;
  27. use OCP\AppFramework\Db\DoesNotExistException;
  28. use OCP\AppFramework\Db\Mapper;
  29. use OCP\AppFramework\Utility\ITimeFactory;
  30. use OCP\IConfig;
  31. use OCP\ILogger;
  32. use OCP\IUser;
  33. use OCP\Security\ICrypto;
  34. use Test\TestCase;
  35. class DefaultTokenProviderTest extends TestCase {
  36. /** @var DefaultTokenProvider|\PHPUnit_Framework_MockObject_MockObject */
  37. private $tokenProvider;
  38. /** @var Mapper|\PHPUnit_Framework_MockObject_MockObject */
  39. private $mapper;
  40. /** @var ICrypto|\PHPUnit_Framework_MockObject_MockObject */
  41. private $crypto;
  42. /** @var IConfig|\PHPUnit_Framework_MockObject_MockObject */
  43. private $config;
  44. /** @var ILogger|\PHPUnit_Framework_MockObject_MockObject */
  45. private $logger;
  46. /** @var ITimeFactory|\PHPUnit_Framework_MockObject_MockObject */
  47. private $timeFactory;
  48. /** @var int */
  49. private $time;
  50. protected function setUp() {
  51. parent::setUp();
  52. $this->mapper = $this->getMockBuilder('\OC\Authentication\Token\DefaultTokenMapper')
  53. ->disableOriginalConstructor()
  54. ->getMock();
  55. $this->crypto = $this->createMock(ICrypto::class);
  56. $this->config = $this->createMock(IConfig::class);
  57. $this->logger = $this->createMock(ILogger::class);
  58. $this->timeFactory = $this->createMock(ITimeFactory::class);
  59. $this->time = 1313131;
  60. $this->timeFactory->expects($this->any())
  61. ->method('getTime')
  62. ->will($this->returnValue($this->time));
  63. $this->tokenProvider = new DefaultTokenProvider($this->mapper, $this->crypto, $this->config, $this->logger,
  64. $this->timeFactory);
  65. }
  66. public function testGenerateToken() {
  67. $token = 'token';
  68. $uid = 'user';
  69. $user = 'User';
  70. $password = 'passme';
  71. $name = 'User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12'
  72. . 'User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12'
  73. . 'User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12'
  74. . 'User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12';
  75. $type = IToken::PERMANENT_TOKEN;
  76. $toInsert = new DefaultToken();
  77. $toInsert->setUid($uid);
  78. $toInsert->setLoginName($user);
  79. $toInsert->setPassword('encryptedpassword');
  80. $toInsert->setName($name);
  81. $toInsert->setToken(hash('sha512', $token . '1f4h9s'));
  82. $toInsert->setType($type);
  83. $toInsert->setRemember(IToken::DO_NOT_REMEMBER);
  84. $toInsert->setLastActivity($this->time);
  85. $this->config->expects($this->any())
  86. ->method('getSystemValue')
  87. ->with('secret')
  88. ->will($this->returnValue('1f4h9s'));
  89. $this->crypto->expects($this->once())
  90. ->method('encrypt')
  91. ->with($password, $token . '1f4h9s')
  92. ->will($this->returnValue('encryptedpassword'));
  93. $this->mapper->expects($this->once())
  94. ->method('insert')
  95. ->with($this->equalTo($toInsert));
  96. $actual = $this->tokenProvider->generateToken($token, $uid, $user, $password, $name, $type, IToken::DO_NOT_REMEMBER);
  97. $this->assertEquals($toInsert, $actual);
  98. }
  99. public function testUpdateToken() {
  100. $tk = new DefaultToken();
  101. $tk->setLastActivity($this->time - 200);
  102. $this->mapper->expects($this->once())
  103. ->method('update')
  104. ->with($tk);
  105. $this->tokenProvider->updateTokenActivity($tk);
  106. $this->assertEquals($this->time, $tk->getLastActivity());
  107. }
  108. public function testUpdateTokenDebounce() {
  109. $tk = new DefaultToken();
  110. $tk->setLastActivity($this->time - 30);
  111. $this->mapper->expects($this->never())
  112. ->method('update')
  113. ->with($tk);
  114. $this->tokenProvider->updateTokenActivity($tk);
  115. }
  116. public function testGetTokenByUser() {
  117. $user = $this->createMock(IUser::class);
  118. $this->mapper->expects($this->once())
  119. ->method('getTokenByUser')
  120. ->with($user)
  121. ->will($this->returnValue(['token']));
  122. $this->assertEquals(['token'], $this->tokenProvider->getTokenByUser($user));
  123. }
  124. public function testGetPassword() {
  125. $token = 'token1234';
  126. $tk = new DefaultToken();
  127. $tk->setPassword('someencryptedvalue');
  128. $this->config->expects($this->once())
  129. ->method('getSystemValue')
  130. ->with('secret')
  131. ->will($this->returnValue('1f4h9s'));
  132. $this->crypto->expects($this->once())
  133. ->method('decrypt')
  134. ->with('someencryptedvalue', $token . '1f4h9s')
  135. ->will($this->returnValue('passme'));
  136. $actual = $this->tokenProvider->getPassword($tk, $token);
  137. $this->assertEquals('passme', $actual);
  138. }
  139. /**
  140. * @expectedException \OC\Authentication\Exceptions\PasswordlessTokenException
  141. */
  142. public function testGetPasswordPasswordLessToken() {
  143. $token = 'token1234';
  144. $tk = new DefaultToken();
  145. $tk->setPassword(null);
  146. $this->tokenProvider->getPassword($tk, $token);
  147. }
  148. /**
  149. * @expectedException \OC\Authentication\Exceptions\InvalidTokenException
  150. */
  151. public function testGetPasswordDeletesInvalidToken() {
  152. $token = 'token1234';
  153. $tk = new DefaultToken();
  154. $tk->setPassword('someencryptedvalue');
  155. /* @var $tokenProvider DefaultTokenProvider */
  156. $tokenProvider = $this->getMockBuilder('\OC\Authentication\Token\DefaultTokenProvider')
  157. ->setMethods([
  158. 'invalidateToken'
  159. ])
  160. ->setConstructorArgs([$this->mapper, $this->crypto, $this->config, $this->logger,
  161. $this->timeFactory])
  162. ->getMock();
  163. $this->config->expects($this->once())
  164. ->method('getSystemValue')
  165. ->with('secret')
  166. ->will($this->returnValue('1f4h9s'));
  167. $this->crypto->expects($this->once())
  168. ->method('decrypt')
  169. ->with('someencryptedvalue', $token . '1f4h9s')
  170. ->will($this->throwException(new \Exception('some crypto error occurred')));
  171. $tokenProvider->expects($this->once())
  172. ->method('invalidateToken')
  173. ->with($token);
  174. $tokenProvider->getPassword($tk, $token);
  175. }
  176. public function testSetPassword() {
  177. $token = new DefaultToken();
  178. $tokenId = 'token123';
  179. $password = '123456';
  180. $this->config->expects($this->once())
  181. ->method('getSystemValue')
  182. ->with('secret')
  183. ->will($this->returnValue('ocsecret'));
  184. $this->crypto->expects($this->once())
  185. ->method('encrypt')
  186. ->with($password, $tokenId . 'ocsecret')
  187. ->will($this->returnValue('encryptedpassword'));
  188. $this->mapper->expects($this->once())
  189. ->method('update')
  190. ->with($token);
  191. $this->tokenProvider->setPassword($token, $tokenId, $password);
  192. $this->assertEquals('encryptedpassword', $token->getPassword());
  193. }
  194. /**
  195. * @expectedException \OC\Authentication\Exceptions\InvalidTokenException
  196. */
  197. public function testSetPasswordInvalidToken() {
  198. $token = $this->createMock(IToken::class);
  199. $tokenId = 'token123';
  200. $password = '123456';
  201. $this->tokenProvider->setPassword($token, $tokenId, $password);
  202. }
  203. public function testInvalidateToken() {
  204. $this->mapper->expects($this->once())
  205. ->method('invalidate')
  206. ->with(hash('sha512', 'token7'));
  207. $this->tokenProvider->invalidateToken('token7');
  208. }
  209. public function testInvaildateTokenById() {
  210. $id = 123;
  211. $user = $this->createMock(IUser::class);
  212. $this->mapper->expects($this->once())
  213. ->method('deleteById')
  214. ->with($user, $id);
  215. $this->tokenProvider->invalidateTokenById($user, $id);
  216. }
  217. public function testInvalidateOldTokens() {
  218. $defaultSessionLifetime = 60 * 60 * 24;
  219. $defaultRememberMeLifetime = 60 * 60 * 24 * 15;
  220. $this->config->expects($this->exactly(2))
  221. ->method('getSystemValue')
  222. ->will($this->returnValueMap([
  223. ['session_lifetime', $defaultSessionLifetime, 150],
  224. ['remember_login_cookie_lifetime', $defaultRememberMeLifetime, 300],
  225. ]));
  226. $this->mapper->expects($this->at(0))
  227. ->method('invalidateOld')
  228. ->with($this->time - 150);
  229. $this->mapper->expects($this->at(1))
  230. ->method('invalidateOld')
  231. ->with($this->time - 300);
  232. $this->tokenProvider->invalidateOldTokens();
  233. }
  234. public function testRenewSessionTokenWithoutPassword() {
  235. $token = $this->getMockBuilder(DefaultToken::class)
  236. ->disableOriginalConstructor()
  237. ->setMethods(['getUID', 'getLoginName', 'getPassword', 'getName'])
  238. ->getMock();
  239. $token
  240. ->expects($this->at(0))
  241. ->method('getUID')
  242. ->willReturn('UserUid');
  243. $token
  244. ->expects($this->at(1))
  245. ->method('getLoginName')
  246. ->willReturn('UserLoginName');
  247. $token
  248. ->expects($this->at(2))
  249. ->method('getPassword')
  250. ->willReturn(null);
  251. $token
  252. ->expects($this->at(3))
  253. ->method('getName')
  254. ->willReturn('MyTokenName');
  255. $token
  256. ->expects($this->at(3))
  257. ->method('getRemember')
  258. ->willReturn(IToken::DO_NOT_REMEMBER);
  259. $this->config
  260. ->expects($this->exactly(2))
  261. ->method('getSystemValue')
  262. ->with('secret')
  263. ->willReturn('MyInstanceSecret');
  264. $this->mapper
  265. ->expects($this->at(0))
  266. ->method('getToken')
  267. ->with(hash('sha512', 'oldId' . 'MyInstanceSecret'))
  268. ->willReturn($token);
  269. $newToken = new DefaultToken();
  270. $newToken->setUid('UserUid');
  271. $newToken->setLoginName('UserLoginName');
  272. $newToken->setName('MyTokenName');
  273. $newToken->setToken(hash('sha512', 'newId' . 'MyInstanceSecret'));
  274. $newToken->setType(IToken::TEMPORARY_TOKEN);
  275. $newToken->setRemember(IToken::DO_NOT_REMEMBER);
  276. $newToken->setLastActivity(1313131);
  277. $this->mapper
  278. ->expects($this->at(1))
  279. ->method('insert')
  280. ->with($newToken);
  281. $this->tokenProvider->renewSessionToken('oldId', 'newId');
  282. }
  283. public function testRenewSessionTokenWithPassword() {
  284. $token = $this->getMockBuilder(DefaultToken::class)
  285. ->disableOriginalConstructor()
  286. ->setMethods(['getUID', 'getLoginName', 'getPassword', 'getName'])
  287. ->getMock();
  288. $token
  289. ->expects($this->at(0))
  290. ->method('getUID')
  291. ->willReturn('UserUid');
  292. $token
  293. ->expects($this->at(1))
  294. ->method('getLoginName')
  295. ->willReturn('UserLoginName');
  296. $token
  297. ->expects($this->at(2))
  298. ->method('getPassword')
  299. ->willReturn('EncryptedPassword');
  300. $token
  301. ->expects($this->at(3))
  302. ->method('getPassword')
  303. ->willReturn('EncryptedPassword');
  304. $token
  305. ->expects($this->at(4))
  306. ->method('getName')
  307. ->willReturn('MyTokenName');
  308. $token
  309. ->expects($this->at(3))
  310. ->method('getRemember')
  311. ->willReturn(IToken::REMEMBER);
  312. $this->crypto
  313. ->expects($this->any(0))
  314. ->method('decrypt')
  315. ->with('EncryptedPassword', 'oldIdMyInstanceSecret')
  316. ->willReturn('ClearTextPassword');
  317. $this->crypto
  318. ->expects($this->any(1))
  319. ->method('encrypt')
  320. ->with('ClearTextPassword', 'newIdMyInstanceSecret')
  321. ->willReturn('EncryptedPassword');
  322. $this->config
  323. ->expects($this->exactly(4))
  324. ->method('getSystemValue')
  325. ->with('secret')
  326. ->willReturn('MyInstanceSecret');
  327. $this->mapper
  328. ->expects($this->at(0))
  329. ->method('getToken')
  330. ->with(hash('sha512', 'oldId' . 'MyInstanceSecret'))
  331. ->willReturn($token);
  332. $newToken = new DefaultToken();
  333. $newToken->setUid('UserUid');
  334. $newToken->setLoginName('UserLoginName');
  335. $newToken->setName('MyTokenName');
  336. $newToken->setToken(hash('sha512', 'newId' . 'MyInstanceSecret'));
  337. $newToken->setType(IToken::TEMPORARY_TOKEN);
  338. $newToken->setRemember(IToken::REMEMBER);
  339. $newToken->setLastActivity(1313131);
  340. $newToken->setPassword('EncryptedPassword');
  341. $this->mapper
  342. ->expects($this->at(1))
  343. ->method('insert')
  344. ->with($this->equalTo($newToken));
  345. $this->tokenProvider->renewSessionToken('oldId', 'newId');
  346. }
  347. public function testGetTokenById() {
  348. $token = $this->createMock(DefaultToken::class);
  349. $this->mapper->expects($this->once())
  350. ->method('getTokenById')
  351. ->with($this->equalTo(42))
  352. ->willReturn($token);
  353. $this->assertSame($token, $this->tokenProvider->getTokenById(42));
  354. }
  355. public function testGetInvalidTokenById() {
  356. $this->expectException(InvalidTokenException::class);
  357. $this->mapper->expects($this->once())
  358. ->method('getTokenById')
  359. ->with($this->equalTo(42))
  360. ->willThrowException(new DoesNotExistException('nope'));
  361. $this->tokenProvider->getTokenById(42);
  362. }
  363. }