From b9929a3c604db9739734ac6cbd1e1da213f4ed2b Mon Sep 17 00:00:00 2001 From: sualko Date: Wed, 17 Jun 2020 15:09:20 +0200 Subject: [PATCH] fix: trim user supplied displayname --- lib/Controller/JoinController.php | 1 + tests/Unit/Controller/JoinControllerTest.php | 131 +++++++++++++++++-- 2 files changed, 123 insertions(+), 9 deletions(-) diff --git a/lib/Controller/JoinController.php b/lib/Controller/JoinController.php index 2cafa92..8b2f02c 100644 --- a/lib/Controller/JoinController.php +++ b/lib/Controller/JoinController.php @@ -89,6 +89,7 @@ class JoinController extends Controller throw new NotFoundException(); } + $displayname = trim($displayname); $userId = null; $presentation = null; diff --git a/tests/Unit/Controller/JoinControllerTest.php b/tests/Unit/Controller/JoinControllerTest.php index a29309e..43fb439 100644 --- a/tests/Unit/Controller/JoinControllerTest.php +++ b/tests/Unit/Controller/JoinControllerTest.php @@ -16,6 +16,8 @@ use OCA\BigBlueButton\BigBlueButton\API; use OCA\BigBlueButton\NotFoundException; use OCA\BigBlueButton\Db\Room; use OCA\BigBlueButton\Permission; +use OCP\AppFramework\Http; +use OCP\AppFramework\Http\TemplateResponse; class JoinControllerTest extends TestCase { @@ -104,6 +106,7 @@ class JoinControllerTest extends TestCase $this->api ->expects($this->once()) ->method('createJoinUrl') + ->with($this->room, 12345, 'User Bar', 'user_bar') ->willReturn($url); $result = $this->controller->index(null); @@ -112,23 +115,133 @@ class JoinControllerTest extends TestCase $this->assertEquals($url, $result->getRedirectURL()); } - public function testUserNeedsToAuthenticate() + public function testUserNeedsToAuthenticateForInternal() { - $this->markTestIncomplete(); + $this->room->setAccess(Room::ACCESS_INTERNAL); + + $this->controller->setToken($this->room->uid); + $this->service + ->expects($this->once()) + ->method('findByUID') + ->willReturn($this->room); + + $this->userSession + ->expects($this->once()) + ->method('isLoggedIn') + ->willReturn(false); + + $this->urlGenerator + ->expects($this->exactly(2)) + ->method('linkToRoute') + ->will($this->returnValueMap([ + ['core.login.showLoginForm', ['redirect_url' => 'https://join'], 'https://login'], + ['bbb.join.index', ['token' => $this->room->uid], 'https://join'], + ])); + + $result = $this->controller->index(null); + + $this->assertInstanceOf(RedirectResponse::class, $result); + $this->assertEquals(Http::STATUS_SEE_OTHER, $result->getStatus()); } - public function testInvalidDisplayname() + public function testUserNeedsToAuthenticateForInternalRestricted() { - $this->markTestIncomplete(); + $this->room->setAccess(Room::ACCESS_INTERNAL_RESTRICTED); + + $this->controller->setToken($this->room->uid); + $this->service + ->expects($this->once()) + ->method('findByUID') + ->willReturn($this->room); + + $this->userSession + ->expects($this->once()) + ->method('isLoggedIn') + ->willReturn(false); + + $this->urlGenerator + ->expects($this->exactly(2)) + ->method('linkToRoute') + ->will($this->returnValueMap([ + ['core.login.showLoginForm', ['redirect_url' => 'https://join'], 'https://login'], + ['bbb.join.index', ['token' => $this->room->uid], 'https://join'], + ])); + + $result = $this->controller->index(null); + + $this->assertInstanceOf(RedirectResponse::class, $result); + $this->assertEquals(Http::STATUS_SEE_OTHER, $result->getStatus()); + } + + public function testDisplaynames() + { + $this->controller->setToken($this->room->uid); + $this->service + ->expects($this->once()) + ->method('findByUID') + ->willReturn($this->room); + + $this->api + ->expects($this->once()) + ->method('createMeeting') + ->willReturn(12345); + + $url = 'https://foobar'; + $this->api + ->expects($this->once()) + ->method('createJoinUrl') + ->with($this->room, 12345, 'Foo Bar', null) + ->willReturn($url); + + $this->invalidDisplayname('a'); + $this->invalidDisplayname(' a'); + $this->invalidDisplayname('aa'); + + $response = $this->controller->index('Foo Bar'); + + $this->assertInstanceOf(RedirectResponse::class, $response); + } + + private function invalidDisplayname($displayname) + { + $response = $this->controller->index($displayname); + + $this->assertInstanceOf(TemplateResponse::class, $response); + $this->assertEquals('join', $response->getTemplateName()); + $this->assertTrue($response->getParams()['wrongdisplayname']); } public function testPasswordRequired() { - $this->markTestIncomplete(); - } + $this->room->setAccess(Room::ACCESS_PASSWORD); + $this->room->setPassword('asdf'); - public function testFormActionAllowed() - { - $this->markTestIncomplete(); + $this->controller->setToken($this->room->uid); + $this->service + ->method('findByUID') + ->willReturn($this->room); + + $this->api + ->expects($this->once()) + ->method('createMeeting') + ->willReturn(12345); + + $url = 'https://foobar'; + $this->api + ->expects($this->once()) + ->method('createJoinUrl') + ->willReturn($url); + + $response = $this->controller->index('Foo Bar', '', '', 'qwert'); + + $this->assertInstanceOf(TemplateResponse::class, $response); + $this->assertEquals('join', $response->getTemplateName()); + $this->assertTrue($response->getParams()['passwordRequired']); + $this->assertTrue($response->getParams()['wrongPassword']); + + $response = $this->controller->index('Foo Bar', '', '', 'asdf'); + + $this->assertInstanceOf(RedirectResponse::class, $response); + $this->assertEquals($url, $response->getRedirectURL()); } }