test: add tests for ProfilePageController

Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>

Author: kesselb

core/Controller/ProfilePageController.php

@@ -29,13 +29,15 @@
 
 use OC\Profile\ProfileManager;
 use OCP\AppFramework\Controller;
+use OCP\AppFramework\Http\Attribute\AnonRateLimit;
+use OCP\AppFramework\Http\Attribute\BruteForceProtection;
 use OCP\AppFramework\Http\Attribute\OpenAPI;
+use OCP\AppFramework\Http\Attribute\UserRateLimit;
 use OCP\AppFramework\Http\TemplateResponse;
 use OCP\AppFramework\Services\IInitialState;
 use OCP\EventDispatcher\IEventDispatcher;
 use OCP\INavigationManager;
 use OCP\IRequest;
-use OCP\IUser;
 use OCP\IUserManager;
 use OCP\IUserSession;
 use OCP\Profile\BeforeTemplateRenderedEvent;
@@ -65,6 +67,9 @@ public function __construct(
 	 * @NoAdminRequired
 	 * @NoSubAdminRequired
 	 */
+	#[BruteForceProtection(action: 'user')]
+	#[UserRateLimit(limit: 30, period: 120)]
+	#[AnonRateLimit(limit: 30, period: 120)]
 	public function index(string $targetUserId): TemplateResponse {
 		$profileNotFoundTemplate = new TemplateResponse(
 			'core',
@@ -74,7 +79,11 @@ public function index(string $targetUserId): TemplateResponse {
 		);
 
 		$targetUser = $this->userManager->get($targetUserId);
-		if (!($targetUser instanceof IUser) || !$targetUser->isEnabled()) {
+		if ($targetUser === null) {
+			$profileNotFoundTemplate->throttle();
+			return $profileNotFoundTemplate;
+		}
+		if (!$targetUser->isEnabled()) {
 			return $profileNotFoundTemplate;
 		}
 		$visitingUser = $this->userSession->getUser();

tests/Core/Controller/ProfilePageControllerTest.php

@@ -0,0 +1,78 @@
+<?php
+
+declare(strict_types=1);
+
+/**
+ * SPDX-FileCopyrightText: 2024 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-License-Identifier: AGPL-3.0-or-later
+ */
+
+namespace Core\Controller;
+
+use OC\Core\Controller\ProfilePageController;
+use OC\Profile\ProfileManager;
+use OC\UserStatus\Manager;
+use OCP\AppFramework\Services\IInitialState;
+use OCP\EventDispatcher\IEventDispatcher;
+use OCP\INavigationManager;
+use OCP\IRequest;
+use OCP\IUser;
+use OCP\IUserManager;
+use OCP\IUserSession;
+use OCP\Share\IManager;
+use Test\TestCase;
+
+class ProfilePageControllerTest extends TestCase {
+
+	private IUserManager $userManager;
+	private ProfilePageController $controller;
+
+	protected function setUp(): void {
+		parent::setUp();
+
+		$request = $this->createMock(IRequest::class);
+		$initialStateService = $this->createMock(IInitialState::class);
+		$profileManager = $this->createMock(ProfileManager::class);
+		$shareManager = $this->createMock(IManager::class);
+		$this->userManager = $this->createMock(IUserManager::class);
+		$userSession = $this->createMock(IUserSession::class);
+		$userStatusManager = $this->createMock(Manager::class);
+		$navigationManager = $this->createMock(INavigationManager::class);
+		$eventDispatcher = $this->createMock(IEventDispatcher::class);
+
+		$this->controller = new ProfilePageController(
+			'core',
+			$request,
+			$initialStateService,
+			$profileManager,
+			$shareManager,
+			$this->userManager,
+			$userSession,
+			$userStatusManager,
+			$navigationManager,
+			$eventDispatcher,
+		);
+	}
+
+	public function testUserNotFound(): void {
+		$this->userManager->method('get')
+			->willReturn(null);
+
+		$response = $this->controller->index('bob');
+
+		$this->assertTrue($response->isThrottled());
+	}
+
+	public function testUserDisabled(): void {
+		$user = $this->createMock(IUser::class);
+		$user->method('isEnabled')
+			->willReturn(false);
+
+		$this->userManager->method('get')
+			->willReturn($user);
+
+		$response = $this->controller->index('bob');
+
+		$this->assertFalse($response->isThrottled());
+	}
+}