fixup! feat: move csrf validation out of request

Signed-off-by: Daniel Kesselberg <[email protected]>
nextcloud · May 24, 2023 · 66b78c5 · 66b78c5
1 parent b85c1d1
commit 66b78c5
Showing 1 changed file with 17 additions and 13 deletions.
diff --git a/apps/dav/tests/unit/Connector/Sabre/AuthTest.php b/apps/dav/tests/unit/Connector/Sabre/AuthTest.php
@@ -31,6 +31,7 @@
 
 use OC\Authentication\TwoFactorAuth\Manager;
 use OC\Security\Bruteforce\Throttler;
+use OC\Security\CSRF\CsrfValidator;
 use OC\User\Session;
 use OCP\IRequest;
 use OCP\ISession;
@@ -59,6 +60,7 @@ class AuthTest extends TestCase {
 	private $twoFactorManager;
 	/** @var Throttler */
 	private $throttler;
+	private CsrfValidator $csrfValidator;
 
 	protected function setUp(): void {
 		parent::setUp();
@@ -74,12 +76,14 @@ protected function setUp(): void {
 		$this->throttler = $this->getMockBuilder(Throttler::class)
 			->disableOriginalConstructor()
 			->getMock();
+		$this->csrfValidator = $this->createMock(CsrfValidator::class);
 		$this->auth = new \OCA\DAV\Connector\Sabre\Auth(
 			$this->session,
 			$this->userSession,
 			$this->request,
 			$this->twoFactorManager,
-			$this->throttler
+			$this->throttler,
+			$this->csrfValidator,
 		);
 	}
 
@@ -270,9 +274,9 @@ public function testAuthenticateAlreadyLoggedInWithoutCsrfTokenForNonGet(): void
 			->expects($this->any())
 			->method('getUser')
 			->willReturn($user);
-		$this->request
+		$this->csrfValidator
 			->expects($this->once())
-			->method('passesCSRFCheck')
+			->method('validate')
 			->willReturn(false);
 
 		$expectedResponse = [
@@ -322,9 +326,9 @@ public function testAuthenticateAlreadyLoggedInWithoutCsrfTokenAndCorrectlyDavAu
 			->expects($this->any())
 			->method('getUser')
 			->willReturn($user);
-		$this->request
+		$this->csrfValidator
 			->expects($this->once())
-			->method('passesCSRFCheck')
+			->method('validate')
 			->willReturn(false);
 		$this->auth->check($request, $response);
 	}
@@ -372,9 +376,9 @@ public function testAuthenticateAlreadyLoggedInWithoutTwoFactorChallengePassed()
 			->expects($this->any())
 			->method('getUser')
 			->willReturn($user);
-		$this->request
+		$this->csrfValidator
 			->expects($this->once())
-			->method('passesCSRFCheck')
+			->method('validate')
 			->willReturn(true);
 		$this->twoFactorManager->expects($this->once())
 			->method('needsSecondFactor')
@@ -426,9 +430,9 @@ public function testAuthenticateAlreadyLoggedInWithoutCsrfTokenAndIncorrectlyDav
 			->expects($this->any())
 			->method('getUser')
 			->willReturn($user);
-		$this->request
+		$this->csrfValidator
 			->expects($this->once())
-			->method('passesCSRFCheck')
+			->method('validate')
 			->willReturn(false);
 		$this->auth->check($request, $response);
 	}
@@ -472,9 +476,9 @@ public function testAuthenticateAlreadyLoggedInWithoutCsrfTokenForNonGetAndDeskt
 			->expects($this->any())
 			->method('getUser')
 			->willReturn($user);
-		$this->request
+		$this->csrfValidator
 			->expects($this->once())
-			->method('passesCSRFCheck')
+			->method('validate')
 			->willReturn(false);
 
 		$this->auth->check($request, $response);
@@ -541,9 +545,9 @@ public function testAuthenticateAlreadyLoggedInWithCsrfTokenForGet(): void {
 			->expects($this->any())
 			->method('getUser')
 			->willReturn($user);
-		$this->request
+		$this->csrfValidator
 			->expects($this->once())
-			->method('passesCSRFCheck')
+			->method('validate')
 			->willReturn(true);
 
 		$response = $this->auth->check($request, $response);