Hardening save method in BaseURL

This commit is contained in:
Philipp Holzer 2019-04-10 20:38:39 +02:00
parent 40c075cf47
commit 1dd1684885
No known key found for this signature in database
GPG key ID: 517BE60E2CE5C8A5
2 changed files with 92 additions and 12 deletions

View file

@ -137,35 +137,54 @@ class BaseURL
*/ */
public function save($hostname = null, $sslPolicy = null, $urlPath = null) public function save($hostname = null, $sslPolicy = null, $urlPath = null)
{ {
$success = true; $currHostname = $this->hostname;
$currSSLPolicy = $this->sslPolicy;
$currURLPath = $this->urlPath;
if (!empty($hostname) && $hostname !== $this->hostname) { if (!empty($hostname) && $hostname !== $this->hostname) {
if ($this->config->set('config', 'hostname', $hostname)) {
$this->hostname = $hostname; $this->hostname = $hostname;
if (!$this->config->set('config', 'hostname', $this->hostname)) { } else {
$success = false; return false;
} }
} }
if (isset($sslPolicy) && $sslPolicy !== $this->sslPolicy) { if (isset($sslPolicy) && $sslPolicy !== $this->sslPolicy) {
if ($this->config->set('system', 'ssl_policy', $sslPolicy)) {
$this->sslPolicy = $sslPolicy; $this->sslPolicy = $sslPolicy;
if (!$this->config->set('system', 'ssl_policy', $this->sslPolicy)) { } else {
$success = false; $this->hostname = $currHostname;
$this->config->set('config', 'hostname', $this->hostname);
return false;
} }
} }
if (isset($urlPath) && $urlPath !== $this->urlPath) { if (isset($urlPath) && $urlPath !== $this->urlPath) {
if ($this->config->set('system', 'urlpath', $urlPath)) {
$this->urlPath = $urlPath; $this->urlPath = $urlPath;
if (!$this->config->set('system', 'urlpath', $this->urlPath)) { } else {
$success = false; $this->hostname = $currHostname;
$this->sslPolicy = $currSSLPolicy;
$this->config->set('config', 'hostname', $this->hostname);
$this->config->set('system', 'ssl_policy', $this->sslPolicy);
return false;
} }
} }
$this->determineBaseUrl(); $this->determineBaseUrl();
if (!$this->config->set('system', 'url', $this->url)) { if (!$this->config->set('system', 'url', $this->url)) {
$success = false; $this->hostname = $currHostname;
$this->sslPolicy = $currSSLPolicy;
$this->urlPath = $currURLPath;
$this->determineBaseUrl();
$this->config->set('config', 'hostname', $this->hostname);
$this->config->set('system', 'ssl_policy', $this->sslPolicy);
$this->config->set('system', 'urlpath', $this->urlPath);
return false;
} }
return $success; return true;
} }
/** /**

View file

@ -470,4 +470,65 @@ class BaseURLTest extends MockedTest
$this->assertEquals($redirect, $baseUrl->checkRedirectHttps()); $this->assertEquals($redirect, $baseUrl->checkRedirectHttps());
} }
public function dataWrongSave()
{
return [
'wrongHostname' => [
'fail' => 'hostname',
],
'wrongSSLPolicy' => [
'fail' => 'sslPolicy',
],
'wrongURLPath' => [
'fail' => 'urlPath',
],
'wrongURL' => [
'fail' => 'url',
],
];
}
/**
* Test the save() method with wrong parameters
* @dataProvider dataWrongSave
*/
public function testWrongSave($fail)
{
$configMock = \Mockery::mock(Configuration::class);
$configMock->shouldReceive('get')->with('config', 'hostname')->andReturn('friendica.local');
$configMock->shouldReceive('get')->with('system', 'urlpath')->andReturn('new/test');
$configMock->shouldReceive('get')->with('system', 'ssl_policy')->andReturn(BaseURL::DEFAULT_SSL_SCHEME);
$configMock->shouldReceive('get')->with('system', 'url')->andReturn('http://friendica.local/new/test');
switch ($fail) {
case 'hostname':
$configMock->shouldReceive('set')->with('config', 'hostname', \Mockery::any())->andReturn(false)->once();
break;
case 'sslPolicy':
$configMock->shouldReceive('set')->with('config', 'hostname', \Mockery::any())->andReturn(true)->twice();
$configMock->shouldReceive('set')->with('system', 'ssl_policy', \Mockery::any())->andReturn(false)->once();
break;
case 'urlPath':
$configMock->shouldReceive('set')->with('config', 'hostname', \Mockery::any())->andReturn(true)->twice();
$configMock->shouldReceive('set')->with('system', 'ssl_policy', \Mockery::any())->andReturn(true)->twice();
$configMock->shouldReceive('set')->with('system', 'urlpath', \Mockery::any())->andReturn(false)->once();
break;
case 'url':
$configMock->shouldReceive('set')->with('config', 'hostname', \Mockery::any())->andReturn(true)->twice();
$configMock->shouldReceive('set')->with('system', 'ssl_policy', \Mockery::any())->andReturn(true)->twice();
$configMock->shouldReceive('set')->with('system', 'urlpath', \Mockery::any())->andReturn(true)->twice();
$configMock->shouldReceive('set')->with('system', 'url', \Mockery::any())->andReturn(false)->once();
break;
}
$baseUrl = new BaseURL($configMock, []);
$this->assertFalse($baseUrl->save('test', 10, 'nope'));
// nothing should have changed because we never successfully saved anything
$this->assertEquals($baseUrl->getHostname(), 'friendica.local');
$this->assertEquals($baseUrl->getUrlPath(), 'new/test');
$this->assertEquals($baseUrl->getSSLPolicy(), BaseURL::DEFAULT_SSL_SCHEME);
$this->assertEquals($baseUrl->get(), 'http://friendica.local/new/test');
}
} }