From 422655bf1e5baace2cd715ea1335b752944d080f Mon Sep 17 00:00:00 2001 From: Ferdinand Thiessen Date: Wed, 5 Feb 2025 23:46:28 +0100 Subject: [PATCH] fix(provisioning_api): Correct limit for `editUser` Signed-off-by: Ferdinand Thiessen --- .../lib/Controller/UsersController.php | 2 +- .../lib/Controller/UsersController.php | 2 ++ .../features/bootstrap/BasicStructure.php | 6 +++++- .../features/bootstrap/FeatureContext.php | 7 +++++++ .../features/provisioning-v1.feature | 21 ++++++++++++------- 5 files changed, 29 insertions(+), 9 deletions(-) diff --git a/apps/provisioning_api/lib/Controller/UsersController.php b/apps/provisioning_api/lib/Controller/UsersController.php index 373e0990777..a8f29843d81 100644 --- a/apps/provisioning_api/lib/Controller/UsersController.php +++ b/apps/provisioning_api/lib/Controller/UsersController.php @@ -889,7 +889,7 @@ class UsersController extends AUserData { */ #[PasswordConfirmationRequired] #[NoAdminRequired] - #[UserRateLimit(limit: 50, period: 60)] + #[UserRateLimit(limit: 50, period: 600)] public function editUser(string $userId, string $key, string $value): DataResponse { $currentLoggedInUser = $this->userSession->getUser(); diff --git a/apps/settings/lib/Controller/UsersController.php b/apps/settings/lib/Controller/UsersController.php index 10a3e392194..9fe1fe40cf4 100644 --- a/apps/settings/lib/Controller/UsersController.php +++ b/apps/settings/lib/Controller/UsersController.php @@ -31,6 +31,7 @@ use OCP\AppFramework\Http\Attribute\NoAdminRequired; use OCP\AppFramework\Http\Attribute\NoCSRFRequired; use OCP\AppFramework\Http\Attribute\OpenAPI; use OCP\AppFramework\Http\Attribute\PasswordConfirmationRequired; +use OCP\AppFramework\Http\Attribute\UserRateLimit; use OCP\AppFramework\Http\DataResponse; use OCP\AppFramework\Http\JSONResponse; use OCP\AppFramework\Http\TemplateResponse; @@ -312,6 +313,7 @@ class UsersController extends Controller { */ #[NoAdminRequired] #[PasswordConfirmationRequired] + #[UserRateLimit(limit: 5, period: 60)] public function setUserSettings(?string $avatarScope = null, ?string $displayname = null, ?string $displaynameScope = null, diff --git a/build/integration/features/bootstrap/BasicStructure.php b/build/integration/features/bootstrap/BasicStructure.php index 57f4b7de2e4..4c39c75be22 100644 --- a/build/integration/features/bootstrap/BasicStructure.php +++ b/build/integration/features/bootstrap/BasicStructure.php @@ -120,7 +120,11 @@ trait BasicStructure { * @return string */ public function getOCSResponse($response) { - return simplexml_load_string($response->getBody())->meta[0]->statuscode; + $body = simplexml_load_string((string)$response->getBody()); + if ($body === false) { + throw new \RuntimeException('Could not parse OCS response, body is not valid XML'); + } + return $body->meta[0]->statuscode; } /** diff --git a/build/integration/features/bootstrap/FeatureContext.php b/build/integration/features/bootstrap/FeatureContext.php index 59f1d0068dd..c91c5e7cfa3 100644 --- a/build/integration/features/bootstrap/FeatureContext.php +++ b/build/integration/features/bootstrap/FeatureContext.php @@ -13,9 +13,16 @@ require __DIR__ . '/../../vendor/autoload.php'; * Features context. */ class FeatureContext implements Context, SnippetAcceptingContext { + use AppConfiguration; use ContactsMenu; use ExternalStorage; use Search; use WebDav; use Trashbin; + + protected function resetAppConfigs(): void { + $this->deleteServerConfig('bruteForce', 'whitelist_0'); + $this->deleteServerConfig('bruteForce', 'whitelist_1'); + $this->deleteServerConfig('bruteforcesettings', 'apply_allowlist_to_ratelimit'); + } } diff --git a/build/integration/features/provisioning-v1.feature b/build/integration/features/provisioning-v1.feature index f3f4aa6bf6c..61a2eeca18c 100644 --- a/build/integration/features/provisioning-v1.feature +++ b/build/integration/features/provisioning-v1.feature @@ -4,6 +4,9 @@ Feature: provisioning Background: Given using api version "1" + Given parameter "whitelist_0" of app "bruteForce" is set to "127.0.0.1" + Given parameter "whitelist_1" of app "bruteForce" is set to "::1" + Given parameter "apply_allowlist_to_ratelimit" of app "bruteforcesettings" is set to "true" Scenario: Getting an not existing user Given As an "admin" @@ -570,7 +573,7 @@ Feature: provisioning And group "new-group" does not exist Scenario: Delete a group with special characters - Given As an "admin" + Given As an "admin" And group "España" exists When sending "DELETE" to "/cloud/groups/España" Then the OCS status code should be "100" @@ -600,6 +603,7 @@ Feature: provisioning | settings | | sharebymail | | systemtags | + | testing | | theming | | twofactor_backupcodes | | updatenotification | @@ -625,6 +629,7 @@ Feature: provisioning And the HTTP status code should be "200" Scenario: enable an app + Given invoking occ with "app:disable testing" Given As an "admin" And app "testing" is disabled When sending "POST" to "/cloud/apps/testing" @@ -638,13 +643,15 @@ Feature: provisioning Then the OCS status code should be "998" And the HTTP status code should be "200" - Scenario: disable an app - Given As an "admin" - And app "testing" is enabled - When sending "DELETE" to "/cloud/apps/testing" - Then the OCS status code should be "100" - And the HTTP status code should be "200" + Scenario: disable an app + Given invoking occ with "app:enable testing" + Given As an "admin" + And app "testing" is enabled + When sending "DELETE" to "/cloud/apps/testing" + Then the OCS status code should be "100" + And the HTTP status code should be "200" And app "testing" is disabled + Given invoking occ with "app:enable testing" Scenario: disable an user Given As an "admin"