From c7637e8c95353e5b37232035d016e0a8781ef018 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?C=C3=B4me=20Chilliet?= <come.chilliet@nextcloud.com>
Date: Mon, 13 Nov 2023 17:25:21 +0100
Subject: [PATCH] Migrate tests of forwarded for headers check
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
---
 .../Controller/CheckSetupControllerTest.php   |  90 +----------
 .../SetupChecks/ForwardedForHeadersTest.php   | 140 ++++++++++++++++++
 2 files changed, 142 insertions(+), 88 deletions(-)
 create mode 100644 apps/settings/tests/SetupChecks/ForwardedForHeadersTest.php

diff --git a/apps/settings/tests/Controller/CheckSetupControllerTest.php b/apps/settings/tests/Controller/CheckSetupControllerTest.php
index 2df86a7b49c6b..fb2aa1a975dd4 100644
--- a/apps/settings/tests/Controller/CheckSetupControllerTest.php
+++ b/apps/settings/tests/Controller/CheckSetupControllerTest.php
@@ -204,87 +204,6 @@ public function removeTestDirectories() {
 		$this->dirsToRemove = [];
 	}
 
-	/**
-	 * @dataProvider dataForwardedForHeadersWorking
-	 *
-	 * @param array $trustedProxies
-	 * @param string $remoteAddrNotForwarded
-	 * @param string $remoteAddr
-	 * @param bool $result
-	 */
-	public function testForwardedForHeadersWorking(array $trustedProxies, string $remoteAddrNotForwarded, string $remoteAddr, bool $result): void {
-		$this->config->expects($this->once())
-			->method('getSystemValue')
-			->with('trusted_proxies', [])
-			->willReturn($trustedProxies);
-		$this->request->expects($this->atLeastOnce())
-			->method('getHeader')
-			->willReturnMap([
-				['REMOTE_ADDR', $remoteAddrNotForwarded],
-				['X-Forwarded-Host', '']
-			]);
-		$this->request->expects($this->any())
-			->method('getRemoteAddress')
-			->willReturn($remoteAddr);
-
-		$this->assertEquals(
-			$result,
-			self::invokePrivate($this->checkSetupController, 'forwardedForHeadersWorking')
-		);
-	}
-
-	public function dataForwardedForHeadersWorking(): array {
-		return [
-			// description => trusted proxies, getHeader('REMOTE_ADDR'), getRemoteAddr, expected result
-			'no trusted proxies' => [[], '2.2.2.2', '2.2.2.2', true],
-			'trusted proxy, remote addr not trusted proxy' => [['1.1.1.1'], '2.2.2.2', '2.2.2.2', true],
-			'trusted proxy, remote addr is trusted proxy, x-forwarded-for working' => [['1.1.1.1'], '1.1.1.1', '2.2.2.2', true],
-			'trusted proxy, remote addr is trusted proxy, x-forwarded-for not set' => [['1.1.1.1'], '1.1.1.1', '1.1.1.1', false],
-		];
-	}
-
-	public function testForwardedHostPresentButTrustedProxiesNotAnArray(): void {
-		$this->config->expects($this->once())
-			->method('getSystemValue')
-			->with('trusted_proxies', [])
-			->willReturn('1.1.1.1');
-		$this->request->expects($this->atLeastOnce())
-			->method('getHeader')
-			->willReturnMap([
-				['REMOTE_ADDR', '1.1.1.1'],
-				['X-Forwarded-Host', 'nextcloud.test']
-			]);
-		$this->request->expects($this->any())
-			->method('getRemoteAddress')
-			->willReturn('1.1.1.1');
-
-		$this->assertEquals(
-			false,
-			self::invokePrivate($this->checkSetupController, 'forwardedForHeadersWorking')
-		);
-	}
-
-	public function testForwardedHostPresentButTrustedProxiesEmpty(): void {
-		$this->config->expects($this->once())
-			->method('getSystemValue')
-			->with('trusted_proxies', [])
-			->willReturn([]);
-		$this->request->expects($this->atLeastOnce())
-			->method('getHeader')
-			->willReturnMap([
-				['REMOTE_ADDR', '1.1.1.1'],
-				['X-Forwarded-Host', 'nextcloud.test']
-			]);
-		$this->request->expects($this->any())
-			->method('getRemoteAddress')
-			->willReturn('1.1.1.1');
-
-		$this->assertEquals(
-			false,
-			self::invokePrivate($this->checkSetupController, 'forwardedForHeadersWorking')
-		);
-	}
-
 	public function testCheck() {
 		$this->config->expects($this->any())
 			->method('getAppValue')
@@ -302,13 +221,8 @@ public function testCheck() {
 				['appstoreenabled', true, false],
 			]);
 
-		$this->request->expects($this->atLeastOnce())
-			->method('getHeader')
-			->willReturnMap([
-				['REMOTE_ADDR', '4.3.2.1'],
-				['X-Forwarded-Host', '']
-			]);
-
+		$this->request->expects($this->never())
+			->method('getHeader');
 		$this->clientService->expects($this->never())
 			->method('newClient');
 		$this->checkSetupController
diff --git a/apps/settings/tests/SetupChecks/ForwardedForHeadersTest.php b/apps/settings/tests/SetupChecks/ForwardedForHeadersTest.php
new file mode 100644
index 0000000000000..9da2bccda79c7
--- /dev/null
+++ b/apps/settings/tests/SetupChecks/ForwardedForHeadersTest.php
@@ -0,0 +1,140 @@
+<?php
+
+declare(strict_types=1);
+
+/**
+ * @copyright Copyright (c) 2021 Morris Jobke <hey@morrisjobke.de>
+ *
+ * @author Morris Jobke <hey@morrisjobke.de>
+ * @author Côme Chilliet <come.chilliet@nextcloud.com>
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+namespace OCA\Settings\Tests;
+
+use OCA\Settings\SetupChecks\ForwardedForHeaders;
+use OCP\IConfig;
+use OCP\IL10N;
+use OCP\IRequest;
+use OCP\IURLGenerator;
+use OCP\SetupCheck\SetupResult;
+use Test\TestCase;
+
+class ForwardedForHeadersTest extends TestCase {
+	private IL10N $l10n;
+	private IConfig $config;
+	private IURLGenerator $urlGenerator;
+	private IRequest $request;
+	private ForwardedForHeaders $check;
+
+	protected function setUp(): void {
+		parent::setUp();
+
+		$this->l10n = $this->getMockBuilder(IL10N::class)
+			->disableOriginalConstructor()->getMock();
+		$this->l10n->expects($this->any())
+			->method('t')
+			->willReturnCallback(function ($message, array $replace) {
+				return vsprintf($message, $replace);
+			});
+		$this->config = $this->getMockBuilder(IConfig::class)->getMock();
+		$this->urlGenerator = $this->getMockBuilder(IURLGenerator::class)->getMock();
+		$this->request = $this->getMockBuilder(IRequest::class)->getMock();
+		$this->check = new ForwardedForHeaders(
+			$this->l10n,
+			$this->config,
+			$this->urlGenerator,
+			$this->request,
+		);
+	}
+
+	/**
+	 * @dataProvider dataForwardedForHeadersWorking
+	 */
+	public function testForwardedForHeadersWorking(array $trustedProxies, string $remoteAddrNotForwarded, string $remoteAddr, string $result): void {
+		$this->config->expects($this->once())
+			->method('getSystemValue')
+			->with('trusted_proxies', [])
+			->willReturn($trustedProxies);
+		$this->request->expects($this->atLeastOnce())
+			->method('getHeader')
+			->willReturnMap([
+				['REMOTE_ADDR', $remoteAddrNotForwarded],
+				['X-Forwarded-Host', '']
+			]);
+		$this->request->expects($this->any())
+			->method('getRemoteAddress')
+			->willReturn($remoteAddr);
+
+		$this->assertEquals(
+			$result,
+			$this->check->run()->getSeverity()
+		);
+	}
+
+	public function dataForwardedForHeadersWorking(): array {
+		return [
+			// description => trusted proxies, getHeader('REMOTE_ADDR'), getRemoteAddr, expected result
+			'no trusted proxies' => [[], '2.2.2.2', '2.2.2.2', SetupResult::SUCCESS],
+			'trusted proxy, remote addr not trusted proxy' => [['1.1.1.1'], '2.2.2.2', '2.2.2.2', SetupResult::SUCCESS],
+			'trusted proxy, remote addr is trusted proxy, x-forwarded-for working' => [['1.1.1.1'], '1.1.1.1', '2.2.2.2', SetupResult::SUCCESS],
+			'trusted proxy, remote addr is trusted proxy, x-forwarded-for not set' => [['1.1.1.1'], '1.1.1.1', '1.1.1.1', SetupResult::WARNING],
+		];
+	}
+
+	public function testForwardedHostPresentButTrustedProxiesNotAnArray(): void {
+		$this->config->expects($this->once())
+			->method('getSystemValue')
+			->with('trusted_proxies', [])
+			->willReturn('1.1.1.1');
+		$this->request->expects($this->atLeastOnce())
+			->method('getHeader')
+			->willReturnMap([
+				['REMOTE_ADDR', '1.1.1.1'],
+				['X-Forwarded-Host', 'nextcloud.test']
+			]);
+		$this->request->expects($this->any())
+			->method('getRemoteAddress')
+			->willReturn('1.1.1.1');
+
+		$this->assertEquals(
+			SetupResult::ERROR,
+			$this->check->run()->getSeverity()
+		);
+	}
+
+	public function testForwardedHostPresentButTrustedProxiesEmpty(): void {
+		$this->config->expects($this->once())
+			->method('getSystemValue')
+			->with('trusted_proxies', [])
+			->willReturn([]);
+		$this->request->expects($this->atLeastOnce())
+			->method('getHeader')
+			->willReturnMap([
+				['REMOTE_ADDR', '1.1.1.1'],
+				['X-Forwarded-Host', 'nextcloud.test']
+			]);
+		$this->request->expects($this->any())
+			->method('getRemoteAddress')
+			->willReturn('1.1.1.1');
+
+		$this->assertEquals(
+			SetupResult::WARNING,
+			$this->check->run()->getSeverity()
+		);
+	}
+}