[Pkg-owncloud-commits] [owncloud] 05/55: Added unit tests for serverHost and other related functions

Wed Apr 23 19:51:57 UTC 2014

This is an automated email from the git hooks/post-receive script.

taffit pushed a commit to annotated tag v5.0.16RC1
in repository owncloud.

commit 6a07f9fc559a74ccf37accd50c876493aeb53fe2
Author: Vincent Petry <pvince81 at owncloud.com>
Date:   Wed Mar 5 17:04:15 2014 +0100

    Added unit tests for serverHost and other related functions
    
    Backport of 98ff74a from stable6
---
 tests/lib/request.php | 136 ++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 136 insertions(+)

diff --git a/tests/lib/request.php b/tests/lib/request.php
index 090cebc..2c4cee4 100644
--- a/tests/lib/request.php
+++ b/tests/lib/request.php
@@ -70,4 +70,140 @@ class Test_Request extends PHPUnit_Framework_TestCase {
 			array('/oc/core1', '/oc/core/index.php'),
 		);
 	}
+	public function testInsecureServerHost() {
+		unset($_SERVER['HTTP_X_FORWARDED_HOST']);
+		unset($_SERVER['HTTP_HOST']);
+		unset($_SERVER['SERVER_NAME']);
+		$_SERVER['SERVER_NAME'] = 'from.server.name:8080';
+		$host = OC_Request::insecureServerHost();
+		$this->assertEquals('from.server.name:8080', $host);
+
+		$_SERVER['HTTP_HOST'] = 'from.host.header:8080';
+		$host = OC_Request::insecureServerHost();
+		$this->assertEquals('from.host.header:8080', $host);
+
+		$_SERVER['HTTP_X_FORWARDED_HOST'] = 'from.forwarded.host:8080';
+		$host = OC_Request::insecureServerHost();
+		$this->assertEquals('from.forwarded.host:8080', $host);
+
+		$_SERVER['HTTP_X_FORWARDED_HOST'] = 'from.forwarded.host2:8080,another.one:9000';
+		$host = OC_Request::insecureServerHost();
+		$this->assertEquals('from.forwarded.host2:8080', $host);
+
+		// clean up
+		unset($_SERVER['HTTP_X_FORWARDED_HOST']);
+		unset($_SERVER['HTTP_HOST']);
+		unset($_SERVER['SERVER_NAME']);
+	}
+
+	public function testGetOverwriteHost() {
+		unset($_SERVER['REMOTE_ADDR']);
+		OC_Config::deleteKey('overwritecondaddr');
+		OC_Config::deleteKey('overwritehost');
+		$host = OC_Request::getOverwriteHost();
+		$this->assertNull($host);
+
+		OC_Config::setValue('overwritehost', '');
+		$host = OC_Request::getOverwriteHost();
+		$this->assertNull($host);
+
+		OC_Config::setValue('overwritehost', 'host.one.test:8080');
+		$host = OC_Request::getOverwriteHost();
+		$this->assertEquals('host.one.test:8080', $host);
+
+		$_SERVER['REMOTE_ADDR'] = 'somehost.test:8080';
+		OC_Config::setValue('overwritecondaddr', '^somehost\..*$');
+		$host = OC_Request::getOverwriteHost();
+		$this->assertEquals('host.one.test:8080', $host);
+
+		OC_Config::setValue('overwritecondaddr', '^somethingelse.*$');
+		$host = OC_Request::getOverwriteHost();
+		$this->assertNull($host);
+
+		// clean up
+		unset($_SERVER['REMOTE_ADDR']);
+		OC_Config::deleteKey('overwritecondaddr');
+		OC_Config::deleteKey('overwritehost');
+	}
+
+	/**
+	 * @dataProvider trustedDomainDataProvider
+	 */
+	public function testIsTrustedDomain($trustedDomains, $testDomain, $result) {
+		OC_Config::deleteKey('trusted_domains');
+		if ($trustedDomains !== null) {
+			OC_Config::setValue('trusted_domains', $trustedDomains);
+		}
+
+		$this->assertEquals($result, OC_Request::isTrustedDomain($testDomain));
+
+		// clean up
+		OC_Config::deleteKey('trusted_domains');
+	}
+
+	public function trustedDomainDataProvider() {
+		$trustedHostTestList = array('host.one.test:8080', 'host.two.test:8080');
+		return array(
+			// empty defaults to true
+			array(null, 'host.one.test:8080', true),
+			array('', 'host.one.test:8080', true),
+			array(array(), 'host.one.test:8080', true),
+
+			// trust list when defined
+			array($trustedHostTestList, 'host.two.test:8080', true),
+			array($trustedHostTestList, 'host.two.test:9999', false),
+			array($trustedHostTestList, 'host.three.test:8080', false),
+
+			// trust localhost regardless of trust list
+			array($trustedHostTestList, 'localhost', true),
+			array($trustedHostTestList, 'localhost:8080', true),
+			array($trustedHostTestList, '127.0.0.1', true),
+			array($trustedHostTestList, '127.0.0.1:8080', true),
+
+			// do not trust invalid localhosts
+			array($trustedHostTestList, 'localhost:1:2', false),
+			array($trustedHostTestList, 'localhost: evil.host', false),
+		);
+	}
+
+	public function testServerHost() {
+		OC_Config::deleteKey('overwritecondaddr');
+		OC_Config::setValue('overwritehost', 'overwritten.host:8080');
+		OC_Config::setValue(
+			'trusted_domains',
+			array(
+				'trusted.host:8080',
+				'second.trusted.host:8080'
+			)
+		);
+		$_SERVER['HTTP_HOST'] = 'trusted.host:8080';
+
+		// CLI always gives localhost
+		$oldCLI = OC::$CLI;
+		OC::$CLI = true;
+		$host = OC_Request::serverHost();
+		$this->assertEquals('localhost', $host);
+		OC::$CLI = false;
+
+		// overwritehost overrides trusted domain
+		$host = OC_Request::serverHost();
+		$this->assertEquals('overwritten.host:8080', $host);
+
+		// trusted domain returned when used
+		OC_Config::deleteKey('overwritehost');
+		$host = OC_Request::serverHost();
+		$this->assertEquals('trusted.host:8080', $host);
+
+		// trusted domain returned when untrusted one in header
+		$_SERVER['HTTP_HOST'] = 'untrusted.host:8080';
+		OC_Config::deleteKey('overwritehost');
+		$host = OC_Request::serverHost();
+		$this->assertEquals('trusted.host:8080', $host);
+
+		// clean up
+		OC_Config::deleteKey('overwritecondaddr');
+		OC_Config::deleteKey('overwritehost');
+		unset($_SERVER['HTTP_HOST']);
+		OC::$CLI = $oldCLI;
+	}
 }

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-owncloud/owncloud.git

