Skip to content

Do not override stored credentials when login in with SAML #37717

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
artonge merged 2 commits into from
Apr 24, 2023
Merged

Do not override stored credentials when login in with SAML #37717

Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
fec8ad8
Do not override stored credentials when login in with SAML
artonge Apr 13, 2023
d5e7682
Test StorePasswordListener
artonge Apr 19, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Test StorePasswordListener 
Signed-off-by: Louis Chemineau <[email protected]>
  • Loading branch information
@artonge
artonge committed Apr 19, 2023
commit d5e7682b6b4897412a970f745da4859ead28896e
175 changes: 175 additions & 0 deletions apps/files_external/tests/Listener/StorePasswordListenerTest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,175 @@
<?php

declare(strict_types=1);

/**
* @copyright Copyright (c) 2023, Louis Chmn <[email protected]>
*
* @author Louis Chmn <[email protected]>
*
* @license GNU AGPL version 3 or any later version
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation, either version 3 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
*/

namespace OCA\Files_External\Tests\Listener;

use OCA\Files_External\Lib\Auth\Password\LoginCredentials;
use OCA\Files_External\Listener\StorePasswordListener;
use OCP\IUser;
use OCP\Security\ICredentialsManager;
use OCP\User\Events\PasswordUpdatedEvent;
use OCP\User\Events\UserLoggedInEvent;
use Test\TestCase;
use PHPUnit\Framework\MockObject\MockObject;

/**
* @group DB
*/
class StorePasswordListenerTest extends TestCase {
/** @var MockObject|IUser */
protected $mockedUser;

protected function setUp(): void {
parent::setUp();
$this->mockedUser = $this->createMock(IUser::class);
$this->mockedUser
->expects($this->any())
->method('getUID')
->willReturn('test');
}

/**
* @param array|false|null $initialCredentials
* @param UserLoggedInEvent|PasswordUpdatedEvent $event
* @param array|null $expectedCredentials
*/
public function getMockedCredentialManager($initialCredentials, $event, $expectedCredentials) {
$mockedCredentialsManager = $this->createMock(ICredentialsManager::class);

if ($initialCredentials !== null) {
$mockedCredentialsManager
->expects($this->once())
->method('retrieve')
->with(
$this->equalTo('test'),
$this->equalTo(LoginCredentials::CREDENTIALS_IDENTIFIER),
)
->willReturn($initialCredentials);
} else {
$mockedCredentialsManager
->expects($this->never())
->method('retrieve');
}

if ($expectedCredentials !== null) {
$mockedCredentialsManager
->expects($this->once())
->method('store')
->with(
$this->equalTo('test'),
$this->equalTo(LoginCredentials::CREDENTIALS_IDENTIFIER),
$this->equalTo($expectedCredentials),
);
} else {
$mockedCredentialsManager
->expects($this->never())
->method('store');
}

$storePasswordListener = new StorePasswordListener($mockedCredentialsManager);
$storePasswordListener->handle($event);
}

public function testClassicLoginSameCredentials() {
$this->getMockedCredentialManager(
[
'user' => 'test',
'password' => 'password',
],
new UserLoggedInEvent($this->mockedUser, 'test', 'password', false),
null,
);
}

public function testClassicLoginNewPassword() {
$this->getMockedCredentialManager(
[
'user' => 'test',
'password' => 'password',
],
new UserLoggedInEvent($this->mockedUser, 'test', 'password2', false),
[
'user' => 'test',
'password' => 'password2',
],
);
}

public function testClassicLoginNewUser() {
$this->getMockedCredentialManager(
[
'user' => 'test',
'password' => 'password',
],
new UserLoggedInEvent($this->mockedUser, 'test2', 'password', false),
[
'user' => 'test2',
'password' => 'password',
],
);
}

public function testSSOLogin() {
$this->getMockedCredentialManager(
[
'user' => 'test',
'password' => 'password',
],
new UserLoggedInEvent($this->mockedUser, 'test', null, false),
null,
);
}

public function testPasswordUpdated() {
$this->getMockedCredentialManager(
[
'user' => 'test',
'password' => 'password',
],
new PasswordUpdatedEvent($this->mockedUser, 'password2'),
[
'user' => 'test',
'password' => 'password2',
],
);
}

public function testUserLoginWithToken() {
$this->getMockedCredentialManager(
null,
new UserLoggedInEvent($this->mockedUser, 'test', 'password', true),
null,
);
}

public function testNoInitialCredentials() {
$this->getMockedCredentialManager(
false,
new PasswordUpdatedEvent($this->mockedUser, 'test', 'password'),
null,
);
}
}