From 668663f1e77dbe521a9663d7c63ca8fb3743213d Mon Sep 17 00:00:00 2001
From: Daniel Kesselberg <mail@danielkesselberg.de>
Date: Wed, 12 Jun 2024 11:46:12 +0200
Subject: [PATCH] test: add tests for ProfilePageController

Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
---
 core/Controller/ProfilePageController.php     | 10 ++-
 .../Controller/ProfilePageControllerTest.php  | 77 +++++++++++++++++++
 2 files changed, 85 insertions(+), 2 deletions(-)
 create mode 100644 tests/Core/Controller/ProfilePageControllerTest.php

diff --git a/core/Controller/ProfilePageController.php b/core/Controller/ProfilePageController.php
index 4b710911482e4..596551d50ace8 100644
--- a/core/Controller/ProfilePageController.php
+++ b/core/Controller/ProfilePageController.php
@@ -32,7 +32,6 @@
 use OCP\AppFramework\Http\TemplateResponse;
 use OCP\AppFramework\Services\IInitialState;
 use OCP\IRequest;
-use OCP\IUser;
 use OCP\IUserManager;
 use OCP\IUserSession;
 use OCP\Share\IManager as IShareManager;
@@ -74,6 +73,9 @@ public function __construct(
 	 * @NoCSRFRequired
 	 * @NoAdminRequired
 	 * @NoSubAdminRequired
+	 * @BruteForceProtection(action=user)
+	 * @UserRateThrottle(limit=30, period=120)
+	 * @AnonRateThrottle(limit=30, period=120)
 	 */
 	public function index(string $targetUserId): TemplateResponse {
 		$profileNotFoundTemplate = new TemplateResponse(
@@ -84,7 +86,11 @@ public function index(string $targetUserId): TemplateResponse {
 		);
 
 		$targetUser = $this->userManager->get($targetUserId);
-		if (!($targetUser instanceof IUser) || !$targetUser->isEnabled()) {
+		if ($targetUser === null) {
+			$profileNotFoundTemplate->throttle();
+			return $profileNotFoundTemplate;
+		}
+		if (!$targetUser->isEnabled()) {
 			return $profileNotFoundTemplate;
 		}
 		$visitingUser = $this->userSession->getUser();
diff --git a/tests/Core/Controller/ProfilePageControllerTest.php b/tests/Core/Controller/ProfilePageControllerTest.php
new file mode 100644
index 0000000000000..0be8c9ee784b0
--- /dev/null
+++ b/tests/Core/Controller/ProfilePageControllerTest.php
@@ -0,0 +1,77 @@
+<?php
+
+declare(strict_types=1);
+
+/**
+ * SPDX-FileCopyrightText: 2024 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-License-Identifier: AGPL-3.0-or-later
+ */
+
+namespace Core\Controller;
+
+use OC\Core\Controller\ProfilePageController;
+use OC\Profile\ProfileManager;
+use OC\UserStatus\Manager;
+use OCP\AppFramework\Services\IInitialState;
+use OCP\EventDispatcher\IEventDispatcher;
+use OCP\INavigationManager;
+use OCP\IRequest;
+use OCP\IUser;
+use OCP\IUserManager;
+use OCP\IUserSession;
+use OCP\Share\IManager;
+use Test\TestCase;
+
+class ProfilePageControllerTest extends TestCase {
+	private IUserManager $userManager;
+	private ProfilePageController $controller;
+
+	protected function setUp(): void {
+		parent::setUp();
+
+		$request = $this->createMock(IRequest::class);
+		$initialStateService = $this->createMock(IInitialState::class);
+		$profileManager = $this->createMock(ProfileManager::class);
+		$shareManager = $this->createMock(IManager::class);
+		$this->userManager = $this->createMock(IUserManager::class);
+		$userSession = $this->createMock(IUserSession::class);
+		$userStatusManager = $this->createMock(Manager::class);
+		$navigationManager = $this->createMock(INavigationManager::class);
+		$eventDispatcher = $this->createMock(IEventDispatcher::class);
+
+		$this->controller = new ProfilePageController(
+			'core',
+			$request,
+			$initialStateService,
+			$profileManager,
+			$shareManager,
+			$this->userManager,
+			$userSession,
+			$userStatusManager,
+			$navigationManager,
+			$eventDispatcher,
+		);
+	}
+
+	public function testUserNotFound(): void {
+		$this->userManager->method('get')
+			->willReturn(null);
+
+		$response = $this->controller->index('bob');
+
+		$this->assertTrue($response->isThrottled());
+	}
+
+	public function testUserDisabled(): void {
+		$user = $this->createMock(IUser::class);
+		$user->method('isEnabled')
+			->willReturn(false);
+
+		$this->userManager->method('get')
+			->willReturn($user);
+
+		$response = $this->controller->index('bob');
+
+		$this->assertFalse($response->isThrottled());
+	}
+}