Skip to content

Commit 66b78c5

Browse files
kesselbkesselb
committed
fixup! feat: move csrf validation out of request
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
1 parent b85c1d1 commit 66b78c5

1 file changed

Lines changed: 17 additions & 13 deletions

File tree

apps/dav/tests/unit/Connector/Sabre/AuthTest.php

Lines changed: 17 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -31,6 +31,7 @@
3131

3232
use OC\Authentication\TwoFactorAuth\Manager;
3333
use OC\Security\Bruteforce\Throttler;
34+
use OC\Security\CSRF\CsrfValidator;
3435
use OC\User\Session;
3536
use OCP\IRequest;
3637
use OCP\ISession;
@@ -59,6 +60,7 @@ class AuthTest extends TestCase {
5960
private $twoFactorManager;
6061
/** @var Throttler */
6162
private $throttler;
63+
private CsrfValidator $csrfValidator;
6264

6365
protected function setUp(): void {
6466
parent::setUp();
@@ -74,12 +76,14 @@ protected function setUp(): void {
7476
$this->throttler = $this->getMockBuilder(Throttler::class)
7577
->disableOriginalConstructor()
7678
->getMock();
79+
$this->csrfValidator = $this->createMock(CsrfValidator::class);
7780
$this->auth = new \OCA\DAV\Connector\Sabre\Auth(
7881
$this->session,
7982
$this->userSession,
8083
$this->request,
8184
$this->twoFactorManager,
82-
$this->throttler
85+
$this->throttler,
86+
$this->csrfValidator,
8387
);
8488
}
8589

@@ -270,9 +274,9 @@ public function testAuthenticateAlreadyLoggedInWithoutCsrfTokenForNonGet(): void
270274
->expects($this->any())
271275
->method('getUser')
272276
->willReturn($user);
273-
$this->request
277+
$this->csrfValidator
274278
->expects($this->once())
275-
->method('passesCSRFCheck')
279+
->method('validate')
276280
->willReturn(false);
277281

278282
$expectedResponse = [
@@ -322,9 +326,9 @@ public function testAuthenticateAlreadyLoggedInWithoutCsrfTokenAndCorrectlyDavAu
322326
->expects($this->any())
323327
->method('getUser')
324328
->willReturn($user);
325-
$this->request
329+
$this->csrfValidator
326330
->expects($this->once())
327-
->method('passesCSRFCheck')
331+
->method('validate')
328332
->willReturn(false);
329333
$this->auth->check($request, $response);
330334
}
@@ -372,9 +376,9 @@ public function testAuthenticateAlreadyLoggedInWithoutTwoFactorChallengePassed()
372376
->expects($this->any())
373377
->method('getUser')
374378
->willReturn($user);
375-
$this->request
379+
$this->csrfValidator
376380
->expects($this->once())
377-
->method('passesCSRFCheck')
381+
->method('validate')
378382
->willReturn(true);
379383
$this->twoFactorManager->expects($this->once())
380384
->method('needsSecondFactor')
@@ -426,9 +430,9 @@ public function testAuthenticateAlreadyLoggedInWithoutCsrfTokenAndIncorrectlyDav
426430
->expects($this->any())
427431
->method('getUser')
428432
->willReturn($user);
429-
$this->request
433+
$this->csrfValidator
430434
->expects($this->once())
431-
->method('passesCSRFCheck')
435+
->method('validate')
432436
->willReturn(false);
433437
$this->auth->check($request, $response);
434438
}
@@ -472,9 +476,9 @@ public function testAuthenticateAlreadyLoggedInWithoutCsrfTokenForNonGetAndDeskt
472476
->expects($this->any())
473477
->method('getUser')
474478
->willReturn($user);
475-
$this->request
479+
$this->csrfValidator
476480
->expects($this->once())
477-
->method('passesCSRFCheck')
481+
->method('validate')
478482
->willReturn(false);
479483

480484
$this->auth->check($request, $response);
@@ -541,9 +545,9 @@ public function testAuthenticateAlreadyLoggedInWithCsrfTokenForGet(): void {
541545
->expects($this->any())
542546
->method('getUser')
543547
->willReturn($user);
544-
$this->request
548+
$this->csrfValidator
545549
->expects($this->once())
546-
->method('passesCSRFCheck')
550+
->method('validate')
547551
->willReturn(true);
548552

549553
$response = $this->auth->check($request, $response);

0 commit comments

Comments
 (0)