fix: trim user supplied displayname

pull/63/head
sualko 2020-06-17 15:09:20 +02:00
parent 494394d058
commit b9929a3c60
2 changed files with 123 additions and 9 deletions

View File

@ -89,6 +89,7 @@ class JoinController extends Controller
throw new NotFoundException(); throw new NotFoundException();
} }
$displayname = trim($displayname);
$userId = null; $userId = null;
$presentation = null; $presentation = null;

View File

@ -16,6 +16,8 @@ use OCA\BigBlueButton\BigBlueButton\API;
use OCA\BigBlueButton\NotFoundException; use OCA\BigBlueButton\NotFoundException;
use OCA\BigBlueButton\Db\Room; use OCA\BigBlueButton\Db\Room;
use OCA\BigBlueButton\Permission; use OCA\BigBlueButton\Permission;
use OCP\AppFramework\Http;
use OCP\AppFramework\Http\TemplateResponse;
class JoinControllerTest extends TestCase class JoinControllerTest extends TestCase
{ {
@ -104,6 +106,7 @@ class JoinControllerTest extends TestCase
$this->api $this->api
->expects($this->once()) ->expects($this->once())
->method('createJoinUrl') ->method('createJoinUrl')
->with($this->room, 12345, 'User Bar', 'user_bar')
->willReturn($url); ->willReturn($url);
$result = $this->controller->index(null); $result = $this->controller->index(null);
@ -112,23 +115,133 @@ class JoinControllerTest extends TestCase
$this->assertEquals($url, $result->getRedirectURL()); $this->assertEquals($url, $result->getRedirectURL());
} }
public function testUserNeedsToAuthenticate() public function testUserNeedsToAuthenticateForInternal()
{ {
$this->markTestIncomplete(); $this->room->setAccess(Room::ACCESS_INTERNAL);
$this->controller->setToken($this->room->uid);
$this->service
->expects($this->once())
->method('findByUID')
->willReturn($this->room);
$this->userSession
->expects($this->once())
->method('isLoggedIn')
->willReturn(false);
$this->urlGenerator
->expects($this->exactly(2))
->method('linkToRoute')
->will($this->returnValueMap([
['core.login.showLoginForm', ['redirect_url' => 'https://join'], 'https://login'],
['bbb.join.index', ['token' => $this->room->uid], 'https://join'],
]));
$result = $this->controller->index(null);
$this->assertInstanceOf(RedirectResponse::class, $result);
$this->assertEquals(Http::STATUS_SEE_OTHER, $result->getStatus());
} }
public function testInvalidDisplayname() public function testUserNeedsToAuthenticateForInternalRestricted()
{ {
$this->markTestIncomplete(); $this->room->setAccess(Room::ACCESS_INTERNAL_RESTRICTED);
$this->controller->setToken($this->room->uid);
$this->service
->expects($this->once())
->method('findByUID')
->willReturn($this->room);
$this->userSession
->expects($this->once())
->method('isLoggedIn')
->willReturn(false);
$this->urlGenerator
->expects($this->exactly(2))
->method('linkToRoute')
->will($this->returnValueMap([
['core.login.showLoginForm', ['redirect_url' => 'https://join'], 'https://login'],
['bbb.join.index', ['token' => $this->room->uid], 'https://join'],
]));
$result = $this->controller->index(null);
$this->assertInstanceOf(RedirectResponse::class, $result);
$this->assertEquals(Http::STATUS_SEE_OTHER, $result->getStatus());
}
public function testDisplaynames()
{
$this->controller->setToken($this->room->uid);
$this->service
->expects($this->once())
->method('findByUID')
->willReturn($this->room);
$this->api
->expects($this->once())
->method('createMeeting')
->willReturn(12345);
$url = 'https://foobar';
$this->api
->expects($this->once())
->method('createJoinUrl')
->with($this->room, 12345, 'Foo Bar', null)
->willReturn($url);
$this->invalidDisplayname('a');
$this->invalidDisplayname(' a');
$this->invalidDisplayname('aa');
$response = $this->controller->index('Foo Bar');
$this->assertInstanceOf(RedirectResponse::class, $response);
}
private function invalidDisplayname($displayname)
{
$response = $this->controller->index($displayname);
$this->assertInstanceOf(TemplateResponse::class, $response);
$this->assertEquals('join', $response->getTemplateName());
$this->assertTrue($response->getParams()['wrongdisplayname']);
} }
public function testPasswordRequired() public function testPasswordRequired()
{ {
$this->markTestIncomplete(); $this->room->setAccess(Room::ACCESS_PASSWORD);
} $this->room->setPassword('asdf');
public function testFormActionAllowed() $this->controller->setToken($this->room->uid);
{ $this->service
$this->markTestIncomplete(); ->method('findByUID')
->willReturn($this->room);
$this->api
->expects($this->once())
->method('createMeeting')
->willReturn(12345);
$url = 'https://foobar';
$this->api
->expects($this->once())
->method('createJoinUrl')
->willReturn($url);
$response = $this->controller->index('Foo Bar', '', '', 'qwert');
$this->assertInstanceOf(TemplateResponse::class, $response);
$this->assertEquals('join', $response->getTemplateName());
$this->assertTrue($response->getParams()['passwordRequired']);
$this->assertTrue($response->getParams()['wrongPassword']);
$response = $this->controller->index('Foo Bar', '', '', 'asdf');
$this->assertInstanceOf(RedirectResponse::class, $response);
$this->assertEquals($url, $response->getRedirectURL());
} }
} }