|
|
|
|
@ -21,23 +21,26 @@
|
|
|
|
|
|
|
|
|
|
namespace Test\Security\CSP;
|
|
|
|
|
|
|
|
|
|
use OC\AppFramework\Http\Request;
|
|
|
|
|
use OC\Security\CSP\ContentSecurityPolicyNonceManager;
|
|
|
|
|
use OC\Security\CSRF\CsrfToken;
|
|
|
|
|
use OC\Security\CSRF\CsrfTokenManager;
|
|
|
|
|
use OCP\IRequest;
|
|
|
|
|
use Test\TestCase;
|
|
|
|
|
|
|
|
|
|
class ContentSecurityPolicyNonceManagerTest extends TestCase {
|
|
|
|
|
/** @var CsrfTokenManager */
|
|
|
|
|
private $csrfTokenManager;
|
|
|
|
|
/** @var Request */
|
|
|
|
|
private $request;
|
|
|
|
|
/** @var ContentSecurityPolicyNonceManager */
|
|
|
|
|
private $nonceManager;
|
|
|
|
|
|
|
|
|
|
public function setUp() {
|
|
|
|
|
$this->csrfTokenManager = $this->createMock(CsrfTokenManager::class);
|
|
|
|
|
$this->request = $this->createMock(Request::class);
|
|
|
|
|
$this->nonceManager = new ContentSecurityPolicyNonceManager(
|
|
|
|
|
$this->csrfTokenManager,
|
|
|
|
|
$this->createMock(IRequest::class)
|
|
|
|
|
$this->request
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
@ -56,4 +59,20 @@ class ContentSecurityPolicyNonceManagerTest extends TestCase {
|
|
|
|
|
$this->assertSame('TXlUb2tlbg==', $this->nonceManager->getNonce());
|
|
|
|
|
$this->assertSame('TXlUb2tlbg==', $this->nonceManager->getNonce());
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function testGetNonceServerVar() {
|
|
|
|
|
$token = 'SERVERNONCE';
|
|
|
|
|
$this->request
|
|
|
|
|
->method('__isset')
|
|
|
|
|
->with('server')
|
|
|
|
|
->willReturn(true);
|
|
|
|
|
|
|
|
|
|
$this->request
|
|
|
|
|
->method('__get')
|
|
|
|
|
->with('server')
|
|
|
|
|
->willReturn(['CSP_NONCE' => $token]);
|
|
|
|
|
|
|
|
|
|
$this->assertSame($token, $this->nonceManager->getNonce());
|
|
|
|
|
$this->assertSame($token, $this->nonceManager->getNonce());
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
Roeland Jago Douma
GitHub