Skip to content

Commit

Permalink
Migrate tests of forwarded for headers check
Browse files Browse the repository at this point in the history 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
  • Loading branch information
@come-nc
come-nc committed Nov 20, 2023
1 parent 0107c7e commit 0ebd44a
Show file tree
Hide file tree
Showing 2 changed files with 142 additions and 88 deletions.
90 changes: 2 additions & 88 deletions apps/settings/tests/Controller/CheckSetupControllerTest.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -204,87 +204,6 @@ public function removeTestDirectories() {
$this->dirsToRemove = [];
}

/**
* @dataProvider dataForwardedForHeadersWorking
*
* @param array $trustedProxies
* @param string $remoteAddrNotForwarded
* @param string $remoteAddr
* @param bool $result
*/
public function testForwardedForHeadersWorking(array $trustedProxies, string $remoteAddrNotForwarded, string $remoteAddr, bool $result): void {
$this->config->expects($this->once())
->method('getSystemValue')
->with('trusted_proxies', [])
->willReturn($trustedProxies);
$this->request->expects($this->atLeastOnce())
->method('getHeader')
->willReturnMap([
['REMOTE_ADDR', $remoteAddrNotForwarded],
['X-Forwarded-Host', '']
]);
$this->request->expects($this->any())
->method('getRemoteAddress')
->willReturn($remoteAddr);

$this->assertEquals(
$result,
self::invokePrivate($this->checkSetupController, 'forwardedForHeadersWorking')
);
}

public function dataForwardedForHeadersWorking(): array {
return [
// description => trusted proxies, getHeader('REMOTE_ADDR'), getRemoteAddr, expected result
'no trusted proxies' => [[], '2.2.2.2', '2.2.2.2', true],
'trusted proxy, remote addr not trusted proxy' => [['1.1.1.1'], '2.2.2.2', '2.2.2.2', true],
'trusted proxy, remote addr is trusted proxy, x-forwarded-for working' => [['1.1.1.1'], '1.1.1.1', '2.2.2.2', true],
'trusted proxy, remote addr is trusted proxy, x-forwarded-for not set' => [['1.1.1.1'], '1.1.1.1', '1.1.1.1', false],
];
}

public function testForwardedHostPresentButTrustedProxiesNotAnArray(): void {
$this->config->expects($this->once())
->method('getSystemValue')
->with('trusted_proxies', [])
->willReturn('1.1.1.1');
$this->request->expects($this->atLeastOnce())
->method('getHeader')
->willReturnMap([
['REMOTE_ADDR', '1.1.1.1'],
['X-Forwarded-Host', 'nextcloud.test']
]);
$this->request->expects($this->any())
->method('getRemoteAddress')
->willReturn('1.1.1.1');

$this->assertEquals(
false,
self::invokePrivate($this->checkSetupController, 'forwardedForHeadersWorking')
);
}

public function testForwardedHostPresentButTrustedProxiesEmpty(): void {
$this->config->expects($this->once())
->method('getSystemValue')
->with('trusted_proxies', [])
->willReturn([]);
$this->request->expects($this->atLeastOnce())
->method('getHeader')
->willReturnMap([
['REMOTE_ADDR', '1.1.1.1'],
['X-Forwarded-Host', 'nextcloud.test']
]);
$this->request->expects($this->any())
->method('getRemoteAddress')
->willReturn('1.1.1.1');

$this->assertEquals(
false,
self::invokePrivate($this->checkSetupController, 'forwardedForHeadersWorking')
);
}

public function testCheck() {
$this->config->expects($this->any())
->method('getAppValue')
Expand All @@ -302,13 +221,8 @@ public function testCheck() {
['appstoreenabled', true, false],
]);

$this->request->expects($this->atLeastOnce())
->method('getHeader')
->willReturnMap([
['REMOTE_ADDR', '4.3.2.1'],
['X-Forwarded-Host', '']
]);

$this->request->expects($this->never())
->method('getHeader');
$this->clientService->expects($this->never())
->method('newClient');
$this->checkSetupController
Expand Down
140 changes: 140 additions & 0 deletions apps/settings/tests/SetupChecks/ForwardedForHeadersTest.php
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,140 @@
<?php

declare(strict_types=1);

/**
* @copyright Copyright (c) 2021 Morris Jobke <hey@morrisjobke.de>
*
* @author Morris Jobke <hey@morrisjobke.de>
* @author Côme Chilliet <come.chilliet@nextcloud.com>
*
* @license GNU AGPL version 3 or any later version
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation, either version 3 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
*/
namespace OCA\Settings\Tests;

use OCA\Settings\SetupChecks\ForwardedForHeaders;
use OCP\IConfig;
use OCP\IL10N;
use OCP\IRequest;
use OCP\IURLGenerator;
use OCP\SetupCheck\SetupResult;
use Test\TestCase;

class ForwardedForHeadersTest extends TestCase {
private IL10N $l10n;
private IConfig $config;
private IURLGenerator $urlGenerator;
private IRequest $request;
private ForwardedForHeaders $check;

protected function setUp(): void {
parent::setUp();

$this->l10n = $this->getMockBuilder(IL10N::class)
->disableOriginalConstructor()->getMock();
$this->l10n->expects($this->any())
->method('t')
->willReturnCallback(function ($message, array $replace) {
return vsprintf($message, $replace);
});
$this->config = $this->getMockBuilder(IConfig::class)->getMock();
$this->urlGenerator = $this->getMockBuilder(IURLGenerator::class)->getMock();
$this->request = $this->getMockBuilder(IRequest::class)->getMock();
$this->check = new ForwardedForHeaders(
$this->l10n,
$this->config,
$this->urlGenerator,
$this->request,
);
}

/**
* @dataProvider dataForwardedForHeadersWorking
*/
public function testForwardedForHeadersWorking(array $trustedProxies, string $remoteAddrNotForwarded, string $remoteAddr, string $result): void {
$this->config->expects($this->once())
->method('getSystemValue')
->with('trusted_proxies', [])
->willReturn($trustedProxies);
$this->request->expects($this->atLeastOnce())
->method('getHeader')
->willReturnMap([
['REMOTE_ADDR', $remoteAddrNotForwarded],
['X-Forwarded-Host', '']
]);
$this->request->expects($this->any())
->method('getRemoteAddress')
->willReturn($remoteAddr);

$this->assertEquals(
$result,
$this->check->run()->getSeverity()
);
}

public function dataForwardedForHeadersWorking(): array {
return [
// description => trusted proxies, getHeader('REMOTE_ADDR'), getRemoteAddr, expected result
'no trusted proxies' => [[], '2.2.2.2', '2.2.2.2', SetupResult::SUCCESS],
'trusted proxy, remote addr not trusted proxy' => [['1.1.1.1'], '2.2.2.2', '2.2.2.2', SetupResult::SUCCESS],
'trusted proxy, remote addr is trusted proxy, x-forwarded-for working' => [['1.1.1.1'], '1.1.1.1', '2.2.2.2', SetupResult::SUCCESS],
'trusted proxy, remote addr is trusted proxy, x-forwarded-for not set' => [['1.1.1.1'], '1.1.1.1', '1.1.1.1', SetupResult::WARNING],
];
}

public function testForwardedHostPresentButTrustedProxiesNotAnArray(): void {
$this->config->expects($this->once())
->method('getSystemValue')
->with('trusted_proxies', [])
->willReturn('1.1.1.1');
$this->request->expects($this->atLeastOnce())
->method('getHeader')
->willReturnMap([
['REMOTE_ADDR', '1.1.1.1'],
['X-Forwarded-Host', 'nextcloud.test']
]);
$this->request->expects($this->any())
->method('getRemoteAddress')
->willReturn('1.1.1.1');

$this->assertEquals(
SetupResult::ERROR,
$this->check->run()->getSeverity()
);
}

public function testForwardedHostPresentButTrustedProxiesEmpty(): void {
$this->config->expects($this->once())
->method('getSystemValue')
->with('trusted_proxies', [])
->willReturn([]);
$this->request->expects($this->atLeastOnce())
->method('getHeader')
->willReturnMap([
['REMOTE_ADDR', '1.1.1.1'],
['X-Forwarded-Host', 'nextcloud.test']
]);
$this->request->expects($this->any())
->method('getRemoteAddress')
->willReturn('1.1.1.1');

$this->assertEquals(
SetupResult::WARNING,
$this->check->run()->getSeverity()
);
}
}

0 comments on commit 0ebd44a

Please sign in to comment.