Skip to content

Commit 3b26bfe

Browse files
rullzerrullzer
authored
Merge pull request #20127 from nextcloud/bugfix/noid/check-user-on-remote-wipe
Check the user on remote wipe
2 parents 3e338c9 + 9935c71 commit 3b26bfe

4 files changed

Lines changed: 44 additions & 23 deletions

File tree

apps/settings/lib/Controller/AuthSettingsController.php

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -289,7 +289,13 @@ private function findTokenByIdAndUser(int $id): IToken {
289289
* @throws \OC\Authentication\Exceptions\ExpiredTokenException
290290
*/
291291
public function wipe(int $id): JSONResponse {
292-
if (!$this->remoteWipe->markTokenForWipe($id)) {
292+
try {
293+
$token = $this->findTokenByIdAndUser($id);
294+
} catch (InvalidTokenException $e) {
295+
return new JSONResponse([], Http::STATUS_NOT_FOUND);
296+
}
297+
298+
if (!$this->remoteWipe->markTokenForWipe($token)) {
293299
return new JSONResponse([], Http::STATUS_BAD_REQUEST);
294300
}
295301

apps/settings/tests/Controller/AuthSettingsControllerTest.php

Lines changed: 31 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -36,6 +36,7 @@
3636
use OC\Authentication\Token\DefaultToken;
3737
use OC\Authentication\Token\IProvider;
3838
use OC\Authentication\Token\IToken;
39+
use OC\Authentication\Token\IWipeableToken;
3940
use OC\Authentication\Token\RemoteWipe;
4041
use OCA\Settings\Controller\AuthSettingsController;
4142
use OCP\Activity\IEvent;
@@ -428,9 +429,15 @@ private function mockGetTokenById(int $tokenId, $token): void {
428429
}
429430

430431
public function testRemoteWipeNotSuccessful(): void {
432+
$token = $this->createMock(IToken::class);
433+
$token->expects($this->once())
434+
->method('getUID')
435+
->willReturn($this->uid);
436+
$this->mockGetTokenById(123, $token);
437+
431438
$this->remoteWipe->expects($this->once())
432439
->method('markTokenForWipe')
433-
->with(123)
440+
->with($token)
434441
->willReturn(false);
435442

436443
$response = $this->controller->wipe(123);
@@ -439,10 +446,32 @@ public function testRemoteWipeNotSuccessful(): void {
439446
$this->assertEquals($expected, $response);
440447
}
441448

449+
public function testRemoteWipeWrongUser(): void {
450+
$token = $this->createMock(IToken::class);
451+
$token->expects($this->once())
452+
->method('getUID')
453+
->willReturn('definetly-not-' . $this->uid);
454+
$this->mockGetTokenById(123, $token);
455+
456+
$this->remoteWipe->expects($this->never())
457+
->method('markTokenForWipe');
458+
459+
$response = $this->controller->wipe(123);
460+
461+
$expected = new JSONResponse([], Http::STATUS_NOT_FOUND);
462+
$this->assertEquals($expected, $response);
463+
}
464+
442465
public function testRemoteWipeSuccessful(): void {
466+
$token = $this->createMock(IWipeableToken::class);
467+
$token->expects($this->once())
468+
->method('getUID')
469+
->willReturn($this->uid);
470+
$this->mockGetTokenById(123, $token);
471+
443472
$this->remoteWipe->expects($this->once())
444473
->method('markTokenForWipe')
445-
->with(123)
474+
->with($token)
446475
->willReturn(true);
447476

448477
$response = $this->controller->wipe(123);

lib/private/Authentication/Token/RemoteWipe.php

Lines changed: 3 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -57,18 +57,14 @@ public function __construct(IProvider $tokenProvider,
5757
}
5858

5959
/**
60-
* @param int $id
61-
*
60+
* @param IToken $token
6261
* @return bool
6362
*
6463
* @throws InvalidTokenException
6564
* @throws WipeTokenException
66-
* @throws ExpiredTokenException
6765
*/
68-
public function markTokenForWipe(int $id): bool {
69-
$token = $this->tokenProvider->getTokenById($id);
70-
71-
if (!($token instanceof IWipeableToken)) {
66+
public function markTokenForWipe(IToken $token): bool {
67+
if (!$token instanceof IWipeableToken) {
7268
return false;
7369
}
7470

tests/lib/Authentication/Token/RemoteWipeTest.php

Lines changed: 3 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -67,30 +67,20 @@ protected function setUp(): void {
6767

6868
public function testMarkNonWipableTokenForWipe(): void {
6969
$token = $this->createMock(IToken::class);
70-
$this->tokenProvider->expects($this->once())
71-
->method('getTokenById')
72-
->with(123)
73-
->willReturn($token);
74-
75-
$result = $this->remoteWipe->markTokenForWipe(123);
76-
70+
$result = $this->remoteWipe->markTokenForWipe($token);
7771
$this->assertFalse($result);
7872
}
7973

8074
public function testMarkTokenForWipe(): void {
8175
$token = $this->createMock(IWipeableToken::class);
82-
$this->tokenProvider->expects($this->once())
83-
->method('getTokenById')
84-
->with(123)
85-
->willReturn($token);
8676
$token->expects($this->once())
8777
->method('wipe');
78+
8879
$this->tokenProvider->expects($this->once())
8980
->method('updateToken')
9081
->with($token);
9182

92-
$result = $this->remoteWipe->markTokenForWipe(123);
93-
83+
$result = $this->remoteWipe->markTokenForWipe($token);
9484
$this->assertTrue($result);
9585
}
9686

0 commit comments

Comments
 (0)