diff --git a/lib/Controller/SettingsController.php b/lib/Controller/SettingsController.php index b277f5b1..2a6cc36b 100644 --- a/lib/Controller/SettingsController.php +++ b/lib/Controller/SettingsController.php @@ -105,7 +105,7 @@ public function createProvider(string $identifier, string $clientId, string $cli return new JSONResponse(array_merge($provider->jsonSerialize(), ['settings' => $providerSettings])); } - public function updateProvider(int $providerId, string $identifier, string $clientId, string $discoveryEndpoint, ?string $clientSecret = null, string $bearerSecret = null, + public function updateProvider(int $providerId, string $identifier, string $clientId, string $discoveryEndpoint, ?string $clientSecret = null, ?string $bearerSecret = null, array $settings = [], string $scope = 'openid email profile', ?string $endSessionEndpoint = null): JSONResponse { $provider = $this->providerMapper->getProvider($providerId); diff --git a/lib/Db/ProviderMapper.php b/lib/Db/ProviderMapper.php index dfd86efd..dad1fa1f 100644 --- a/lib/Db/ProviderMapper.php +++ b/lib/Db/ProviderMapper.php @@ -91,7 +91,7 @@ public function getProviders() { */ public function createOrUpdateProvider(string $identifier, ?string $clientid = null, ?string $clientsecret = null, ?string $discoveryuri = null, string $scope = 'openid email profile', - ?string $endsessionendpointuri = null, string $bearersecret = null) { + ?string $endsessionendpointuri = null, ?string $bearersecret = null) { try { $provider = $this->findProviderByIdentifier($identifier); } catch (DoesNotExistException $eNotExist) { diff --git a/lib/Migration/Version010304Date20230902125945.php b/lib/Migration/Version010304Date20230902125945.php index 9d817df8..bbc04849 100644 --- a/lib/Migration/Version010304Date20230902125945.php +++ b/lib/Migration/Version010304Date20230902125945.php @@ -46,7 +46,7 @@ class Version010304Date20230902125945 extends SimpleMigrationStep { public function __construct( IDBConnection $connection, - ICrypto $crypto + ICrypto $crypto, ) { $this->connection = $connection; $this->crypto = $crypto; @@ -75,14 +75,14 @@ public function postSchemaChange(IOutput $output, Closure $schemaClosure, array // update secrets in user_oidc_providers and user_oidc_id4me $qbUpdate = $this->connection->getQueryBuilder(); $qbUpdate->update($tableName) - ->set('bearer_secret', $qbUpdate->createParameter('updateSecret')) - ->where( - $qbUpdate->expr()->eq('id', $qbUpdate->createParameter('updateId')) - ); + ->set('bearer_secret', $qbUpdate->createParameter('updateSecret')) + ->where( + $qbUpdate->expr()->eq('id', $qbUpdate->createParameter('updateId')) + ); $qbSelect = $this->connection->getQueryBuilder(); $qbSelect->select('id', 'bearer_secret') - ->from($tableName); + ->from($tableName); $req = $qbSelect->executeQuery(); while ($row = $req->fetch()) { $id = $row['id']; diff --git a/tests/unit/MagentaCloud/BearerSettingsTest.php b/tests/unit/MagentaCloud/BearerSettingsTest.php index 8ac57376..eb142675 100644 --- a/tests/unit/MagentaCloud/BearerSettingsTest.php +++ b/tests/unit/MagentaCloud/BearerSettingsTest.php @@ -23,22 +23,22 @@ declare(strict_types=1); -use OCP\IRequest; -use OCP\IConfig; - use OCA\UserOIDC\AppInfo\Application; +use OCA\UserOIDC\Command\UpsertProvider; -use OCA\UserOIDC\Service\ProviderService; use OCA\UserOIDC\Db\Provider; + use OCA\UserOIDC\Db\ProviderMapper; +use OCA\UserOIDC\Service\ProviderService; +use OCP\IConfig; -use OCP\Security\ICrypto; +use OCP\IRequest; -use OCA\UserOIDC\Command\UpsertProvider; -use Symfony\Component\Console\Tester\CommandTester; +use OCP\Security\ICrypto; +use PHPUnit\Framework\TestCase; -use PHPUnit\Framework\TestCase; +use Symfony\Component\Console\Tester\CommandTester; class BearerSettingsTest extends TestCase { /** @@ -70,93 +70,93 @@ public function setUp(): void { ->willReturn($providers); $this->providerService = $this->getMockBuilder(ProviderService::class) - ->setConstructorArgs([ $this->config, $this->providerMapper]) - ->onlyMethods(['getProviderByIdentifier']) - ->getMock(); + ->setConstructorArgs([ $this->config, $this->providerMapper]) + ->onlyMethods(['getProviderByIdentifier']) + ->getMock(); $this->crypto = $app->getContainer()->get(ICrypto::class); } protected function mockCreateUpdate( string $providername, - string|null $clientid, - string|null $clientsecret, - string|null $discovery, + ?string $clientid, + ?string $clientsecret, + ?string $discovery, string $scope, - string|null $bearersecret, + ?string $bearersecret, array $options, - int $id = 2 + int $id = 2, ) { $provider = $this->getMockBuilder(Provider::class) - ->addMethods(['getIdentifier', 'getId']) - ->getMock(); + ->addMethods(['getIdentifier', 'getId']) + ->getMock(); $provider->expects($this->any()) - ->method('getIdentifier') - ->willReturn($providername); + ->method('getIdentifier') + ->willReturn($providername); $provider->expects($this->any()) - ->method('getId') - ->willReturn($id); + ->method('getId') + ->willReturn($id); $this->providerMapper->expects($this->once()) - ->method('createOrUpdateProvider') - ->with( - $this->equalTo($providername), - $this->equalTo($clientid), - $this->anything(), - $this->equalTo($discovery), - $this->equalTo($scope), - $this->anything() - ) - ->willReturnCallback(function ($id, $clientid, $secret, $discovery, $scope, $bsecret) use ($clientsecret, $bearersecret, $provider) { - if ($secret !== null) { - $this->assertEquals($clientsecret, $this->crypto->decrypt($secret)); - } else { - $this->assertNull($secret); - } - if ($bsecret !== null) { - $this->assertEquals($bearersecret, \Base64Url\Base64Url::decode($this->crypto->decrypt($bsecret))); - } else { - $this->assertNull($bsecret); - } - return $provider; - }); + ->method('createOrUpdateProvider') + ->with( + $this->equalTo($providername), + $this->equalTo($clientid), + $this->anything(), + $this->equalTo($discovery), + $this->equalTo($scope), + $this->anything() + ) + ->willReturnCallback(function ($id, $clientid, $secret, $discovery, $scope, $bsecret) use ($clientsecret, $bearersecret, $provider) { + if ($secret !== null) { + $this->assertEquals($clientsecret, $this->crypto->decrypt($secret)); + } else { + $this->assertNull($secret); + } + if ($bsecret !== null) { + $this->assertEquals($bearersecret, \Base64Url\Base64Url::decode($this->crypto->decrypt($bsecret))); + } else { + $this->assertNull($bsecret); + } + return $provider; + }); $this->config->expects($this->any()) - ->method('setAppValue') - ->with($this->equalTo(Application::APP_ID), $this->anything(), $this->anything()) - ->willReturnCallback(function ($appid, $key, $value) use ($options) { - if (array_key_exists($key, $options)) { - $this->assertEquals($options[$key], $value); - } - return ''; - }); + ->method('setAppValue') + ->with($this->equalTo(Application::APP_ID), $this->anything(), $this->anything()) + ->willReturnCallback(function ($appid, $key, $value) use ($options) { + if (array_key_exists($key, $options)) { + $this->assertEquals($options[$key], $value); + } + return ''; + }); } public function testCommandAddProvider() { $this->providerService->expects($this->once()) - ->method('getProviderByIdentifier') - ->with($this->equalTo('Telekom')) - ->willReturn(null); + ->method('getProviderByIdentifier') + ->with($this->equalTo('Telekom')) + ->willReturn(null); $this->mockCreateUpdate('Telekom', - '10TVL0SAM30000004901NEXTMAGENTACLOUDTEST', - 'clientsecret***', - 'https://accounts.login00.idm.ver.sul.t-online.de/.well-known/openid-configuration', - 'openid email profile', - 'bearersecret***', - [ - 'provider-2-' . ProviderService::SETTING_UNIQUE_UID => '0', - 'provider-2-' . ProviderService::SETTING_MAPPING_DISPLAYNAME => 'urn:telekom.com:displayname', - 'provider-2-' . ProviderService::SETTING_MAPPING_EMAIL => 'urn:telekom.com:mainEmail', - 'provider-2-' . ProviderService::SETTING_MAPPING_QUOTA => 'quota', - 'provider-2-' . ProviderService::SETTING_MAPPING_UID => 'sub' - ]); + '10TVL0SAM30000004901NEXTMAGENTACLOUDTEST', + 'clientsecret***', + 'https://accounts.login00.idm.ver.sul.t-online.de/.well-known/openid-configuration', + 'openid email profile', + 'bearersecret***', + [ + 'provider-2-' . ProviderService::SETTING_UNIQUE_UID => '0', + 'provider-2-' . ProviderService::SETTING_MAPPING_DISPLAYNAME => 'urn:telekom.com:displayname', + 'provider-2-' . ProviderService::SETTING_MAPPING_EMAIL => 'urn:telekom.com:mainEmail', + 'provider-2-' . ProviderService::SETTING_MAPPING_QUOTA => 'quota', + 'provider-2-' . ProviderService::SETTING_MAPPING_UID => 'sub' + ]); $command = new UpsertProvider($this->providerService, $this->providerMapper, $this->crypto); $commandTester = new CommandTester($command); - $commandTester->execute(array( + $commandTester->execute([ 'identifier' => 'Telekom', '--clientid' => '10TVL0SAM30000004901NEXTMAGENTACLOUDTEST', '--clientsecret' => 'clientsecret***', @@ -168,7 +168,7 @@ public function testCommandAddProvider() { '--mapping-email' => 'urn:telekom.com:mainEmail', '--mapping-quota' => 'quota', '--mapping-uid' => 'sub', - )); + ]); //$output = $commandTester->getOutput(); @@ -176,49 +176,49 @@ public function testCommandAddProvider() { } protected function mockProvider(string $providername, - string $clientid, - string $clientsecret, - string $discovery, - string $scope, - string $bearersecret, - int $id = 2) : Provider { + string $clientid, + string $clientsecret, + string $discovery, + string $scope, + string $bearersecret, + int $id = 2) : Provider { $provider = $this->getMockBuilder(Provider::class) - ->addMethods(['getIdentifier', 'getClientId', 'getClientSecret', 'getBearerSecret', 'getDiscoveryEndpoint']) - ->setMethods(['getScope', 'getId']) - ->getMock(); + ->addMethods(['getIdentifier', 'getClientId', 'getClientSecret', 'getBearerSecret', 'getDiscoveryEndpoint']) + ->setMethods(['getScope', 'getId']) + ->getMock(); $provider->expects($this->any()) - ->method('getIdentifier') - ->willReturn($providername); + ->method('getIdentifier') + ->willReturn($providername); $provider->expects($this->any()) - ->method('getId') - ->willReturn(2); + ->method('getId') + ->willReturn(2); $provider->expects($this->any()) - ->method('getClientId') - ->willReturn($clientid); + ->method('getClientId') + ->willReturn($clientid); $provider->expects($this->any()) - ->method('getClientSecret') - ->willReturn($clientsecret); + ->method('getClientSecret') + ->willReturn($clientsecret); $provider->expects($this->any()) - ->method('getBearerSecret') - ->willReturn(\Base64Url\Base64Url::encode($bearersecret)); + ->method('getBearerSecret') + ->willReturn(\Base64Url\Base64Url::encode($bearersecret)); $provider->expects($this->any()) - ->method('getDiscoveryEndpoint') - ->willReturn($discovery); + ->method('getDiscoveryEndpoint') + ->willReturn($discovery); $provider->expects($this->any()) - ->method('getScope') - ->willReturn($scope); + ->method('getScope') + ->willReturn($scope); return $provider; } public function testCommandUpdateFull() { $provider = $this->getMockBuilder(Provider::class) - ->addMethods(['getIdentifier', 'getClientId', 'getClientSecret', 'getBearerSecret', 'getDiscoveryEndpoint']) - ->setMethods(['getScope']) - ->getMock(); + ->addMethods(['getIdentifier', 'getClientId', 'getClientSecret', 'getBearerSecret', 'getDiscoveryEndpoint']) + ->setMethods(['getScope']) + ->getMock(); $provider->expects($this->any()) - ->method('getIdentifier') - ->willReturn('Telekom'); + ->method('getIdentifier') + ->willReturn('Telekom'); $provider->expects($this->never())->method('getClientId'); $provider->expects($this->never())->method('getClientSecret'); $provider->expects($this->never())->method('getBearerSecret'); @@ -226,26 +226,26 @@ public function testCommandUpdateFull() { $provider->expects($this->never())->method('getScope'); $this->providerService->expects($this->once()) - ->method('getProviderByIdentifier') - ->with($this->equalTo('Telekom')) - ->willReturn(null); + ->method('getProviderByIdentifier') + ->with($this->equalTo('Telekom')) + ->willReturn(null); $this->mockCreateUpdate('Telekom', - '10TVL0SAM30000004902NEXTMAGENTACLOUDTEST', - 'client*secret***', - 'https://accounts.login00.idm.ver.sul.t-online.de/.well-unknown/openid-configuration', - 'openid profile', - 'bearer*secret***', - [ - 'provider-2-' . ProviderService::SETTING_UNIQUE_UID => '1', - 'provider-2-' . ProviderService::SETTING_MAPPING_DISPLAYNAME => 'urn:telekom.com:displaykrame', - 'provider-2-' . ProviderService::SETTING_MAPPING_EMAIL => 'urn:telekom.com:mainDemail', - 'provider-2-' . ProviderService::SETTING_MAPPING_QUOTA => 'quotas', - 'provider-2-' . ProviderService::SETTING_MAPPING_UID => 'flop' - ]); + '10TVL0SAM30000004902NEXTMAGENTACLOUDTEST', + 'client*secret***', + 'https://accounts.login00.idm.ver.sul.t-online.de/.well-unknown/openid-configuration', + 'openid profile', + 'bearer*secret***', + [ + 'provider-2-' . ProviderService::SETTING_UNIQUE_UID => '1', + 'provider-2-' . ProviderService::SETTING_MAPPING_DISPLAYNAME => 'urn:telekom.com:displaykrame', + 'provider-2-' . ProviderService::SETTING_MAPPING_EMAIL => 'urn:telekom.com:mainDemail', + 'provider-2-' . ProviderService::SETTING_MAPPING_QUOTA => 'quotas', + 'provider-2-' . ProviderService::SETTING_MAPPING_UID => 'flop' + ]); $command = new UpsertProvider($this->providerService, $this->providerMapper, $this->crypto); $commandTester = new CommandTester($command); - $commandTester->execute(array( + $commandTester->execute([ 'identifier' => 'Telekom', '--clientid' => '10TVL0SAM30000004902NEXTMAGENTACLOUDTEST', '--clientsecret' => 'client*secret***', @@ -257,17 +257,17 @@ public function testCommandUpdateFull() { '--mapping-quota' => 'quotas', '--mapping-uid' => 'flop', '--unique-uid' => '1' - )); + ]); } public function testCommandUpdateSingleClientId() { $provider = $this->mockProvider('Telekom', '10TVL0SAM30000004901NEXTMAGENTACLOUDTEST', 'clientsecret***', - 'https://accounts.login00.idm.ver.sul.t-online.de/.well-known/openid-configuration', - 'openid email profile', 'bearersecret***'); + 'https://accounts.login00.idm.ver.sul.t-online.de/.well-known/openid-configuration', + 'openid email profile', 'bearersecret***'); $this->providerService->expects($this->once()) - ->method('getProviderByIdentifier') - ->with($this->equalTo('Telekom')) - ->willReturn($provider); + ->method('getProviderByIdentifier') + ->with($this->equalTo('Telekom')) + ->willReturn($provider); $this->mockCreateUpdate( 'Telekom', '10TVL0SAM30000004903NEXTMAGENTACLOUDTEST', @@ -280,21 +280,21 @@ public function testCommandUpdateSingleClientId() { $command = new UpsertProvider($this->providerService, $this->providerMapper, $this->crypto); $commandTester = new CommandTester($command); - $commandTester->execute(array( + $commandTester->execute([ 'identifier' => 'Telekom', '--clientid' => '10TVL0SAM30000004903NEXTMAGENTACLOUDTEST', - )); + ]); } public function testCommandUpdateSingleClientSecret() { $provider = $this->mockProvider('Telekom', '10TVL0SAM30000004901NEXTMAGENTACLOUDTEST', 'clientsecret***', - 'https://accounts.login00.idm.ver.sul.t-online.de/.well-known/openid-configuration', - 'openid email profile', 'bearersecret***'); + 'https://accounts.login00.idm.ver.sul.t-online.de/.well-known/openid-configuration', + 'openid email profile', 'bearersecret***'); $this->providerService->expects($this->once()) - ->method('getProviderByIdentifier') - ->with($this->equalTo('Telekom')) - ->willReturn($provider); + ->method('getProviderByIdentifier') + ->with($this->equalTo('Telekom')) + ->willReturn($provider); $this->mockCreateUpdate( 'Telekom', null, @@ -307,20 +307,20 @@ public function testCommandUpdateSingleClientSecret() { $command = new UpsertProvider($this->providerService, $this->providerMapper, $this->crypto); $commandTester = new CommandTester($command); - $commandTester->execute(array( + $commandTester->execute([ 'identifier' => 'Telekom', '--clientsecret' => '***clientsecret***', - )); + ]); } public function testCommandUpdateSingleBearerSecret() { $provider = $this->mockProvider('Telekom', '10TVL0SAM30000004901NEXTMAGENTACLOUDTEST', 'clientsecret***', - 'https://accounts.login00.idm.ver.sul.t-online.de/.well-known/openid-configuration', - 'openid email profile', 'bearersecret***'); + 'https://accounts.login00.idm.ver.sul.t-online.de/.well-known/openid-configuration', + 'openid email profile', 'bearersecret***'); $this->providerService->expects($this->once()) - ->method('getProviderByIdentifier') - ->with($this->equalTo('Telekom')) - ->willReturn($provider); + ->method('getProviderByIdentifier') + ->with($this->equalTo('Telekom')) + ->willReturn($provider); $this->mockCreateUpdate( 'Telekom', null, @@ -334,45 +334,45 @@ public function testCommandUpdateSingleBearerSecret() { $command = new UpsertProvider($this->providerService, $this->providerMapper, $this->crypto); $commandTester = new CommandTester($command); - $commandTester->execute(array( + $commandTester->execute([ 'identifier' => 'Telekom', '--bearersecret' => '***bearersecret***', - )); + ]); } public function testCommandUpdateSingleDiscoveryEndpoint() { $provider = $this->mockProvider('Telekom', '10TVL0SAM30000004901NEXTMAGENTACLOUDTEST', 'clientsecret***', - 'https://accounts.login00.idm.ver.sul.t-online.de/.well-known/openid-configuration', - 'openid email profile', 'bearersecret***'); + 'https://accounts.login00.idm.ver.sul.t-online.de/.well-known/openid-configuration', + 'openid email profile', 'bearersecret***'); $this->providerService->expects($this->once()) - ->method('getProviderByIdentifier') - ->with($this->equalTo('Telekom')) - ->willReturn($provider); + ->method('getProviderByIdentifier') + ->with($this->equalTo('Telekom')) + ->willReturn($provider); $this->mockCreateUpdate( - 'Telekom', - null, - null, - 'https://accounts.login00.idm.ver.sul.t-online.de/.well-unknown/openid-configuration', - 'openid email profile', - null, []); + 'Telekom', + null, + null, + 'https://accounts.login00.idm.ver.sul.t-online.de/.well-unknown/openid-configuration', + 'openid email profile', + null, []); $command = new UpsertProvider($this->providerService, $this->providerMapper, $this->crypto); $commandTester = new CommandTester($command); - $commandTester->execute(array( + $commandTester->execute([ 'identifier' => 'Telekom', '--discoveryuri' => 'https://accounts.login00.idm.ver.sul.t-online.de/.well-unknown/openid-configuration', - )); + ]); } public function testCommandUpdateSingleScope() { $provider = $this->mockProvider('Telekom', '10TVL0SAM30000004901NEXTMAGENTACLOUDTEST', 'clientsecret***', - 'https://accounts.login00.idm.ver.sul.t-online.de/.well-known/openid-configuration', - 'openid email profile', 'bearersecret***'); + 'https://accounts.login00.idm.ver.sul.t-online.de/.well-known/openid-configuration', + 'openid email profile', 'bearersecret***'); $this->providerService->expects($this->once()) - ->method('getProviderByIdentifier') - ->with($this->equalTo('Telekom')) - ->willReturn($provider); + ->method('getProviderByIdentifier') + ->with($this->equalTo('Telekom')) + ->willReturn($provider); $this->mockCreateUpdate( 'Telekom', null, @@ -386,20 +386,20 @@ public function testCommandUpdateSingleScope() { $command = new UpsertProvider($this->providerService, $this->providerMapper, $this->crypto); $commandTester = new CommandTester($command); - $commandTester->execute(array( + $commandTester->execute([ 'identifier' => 'Telekom', '--scope' => 'openid profile', - )); + ]); } public function testCommandUpdateSingleUniqueUid() { $provider = $this->mockProvider('Telekom', '10TVL0SAM30000004901NEXTMAGENTACLOUDTEST', 'clientsecret***', - 'https://accounts.login00.idm.ver.sul.t-online.de/.well-known/openid-configuration', - 'openid email profile', 'bearersecret***'); + 'https://accounts.login00.idm.ver.sul.t-online.de/.well-known/openid-configuration', + 'openid email profile', 'bearersecret***'); $this->providerService->expects($this->once()) - ->method('getProviderByIdentifier') - ->with($this->equalTo('Telekom')) - ->willReturn($provider); + ->method('getProviderByIdentifier') + ->with($this->equalTo('Telekom')) + ->willReturn($provider); $this->mockCreateUpdate( 'Telekom', null, @@ -412,9 +412,9 @@ public function testCommandUpdateSingleUniqueUid() { $command = new UpsertProvider($this->providerService, $this->providerMapper, $this->crypto); $commandTester = new CommandTester($command); - $commandTester->execute(array( + $commandTester->execute([ 'identifier' => 'Telekom', '--unique-uid' => '1', - )); + ]); } }