From: Nicolas LÅ“uillet Date: Wed, 11 Feb 2015 05:45:14 +0000 (+0100) Subject: Merge pull request #1072 from wallabag/v2-entry-test X-Git-Tag: 2.0.0-alpha.0~81 X-Git-Url: https://git.immae.eu/?a=commitdiff_plain;h=fa8d56393413fc599a972699ad4780e92f1a2010;hp=f59f45d74093e92656f9717c8c5f4e37c56d2173;p=github%2Fwallabag%2Fwallabag.git Merge pull request #1072 from wallabag/v2-entry-test Add more tests to Entry controller + security --- diff --git a/app/build.xml b/app/build.xml index a8e43f0d..bdc4b4d8 100644 --- a/app/build.xml +++ b/app/build.xml @@ -38,7 +38,6 @@ - diff --git a/src/Wallabag/CoreBundle/Controller/EntryController.php b/src/Wallabag/CoreBundle/Controller/EntryController.php index 5378486a..89677bef 100644 --- a/src/Wallabag/CoreBundle/Controller/EntryController.php +++ b/src/Wallabag/CoreBundle/Controller/EntryController.php @@ -12,8 +12,10 @@ use Wallabag\CoreBundle\Helper\Url; class EntryController extends Controller { /** - * @param Request $request + * @param Request $request + * * @Route("/new", name="new_entry") + * * @return \Symfony\Component\HttpFoundation\Response */ public function addEntryAction(Request $request) @@ -54,6 +56,7 @@ class EntryController extends Controller * Shows unread entries for current user * * @Route("/unread", name="unread") + * * @return \Symfony\Component\HttpFoundation\Response */ public function showUnreadAction() @@ -73,6 +76,7 @@ class EntryController extends Controller * Shows read entries for current user * * @Route("/archive", name="archive") + * * @return \Symfony\Component\HttpFoundation\Response */ public function showArchiveAction() @@ -92,6 +96,7 @@ class EntryController extends Controller * Shows starred entries for current user * * @Route("/starred", name="starred") + * * @return \Symfony\Component\HttpFoundation\Response */ public function showStarredAction() @@ -110,12 +115,16 @@ class EntryController extends Controller /** * Shows entry content * - * @param Entry $entry + * @param Entry $entry + * * @Route("/view/{id}", requirements={"id" = "\d+"}, name="view") + * * @return \Symfony\Component\HttpFoundation\Response */ public function viewAction(Entry $entry) { + $this->checkUserAction($entry); + return $this->render( 'WallabagCoreBundle:Entry:entry.html.twig', array('entry' => $entry) @@ -125,13 +134,17 @@ class EntryController extends Controller /** * Changes read status for an entry * - * @param Request $request - * @param Entry $entry + * @param Request $request + * @param Entry $entry + * * @Route("/archive/{id}", requirements={"id" = "\d+"}, name="archive_entry") + * * @return \Symfony\Component\HttpFoundation\RedirectResponse */ public function toggleArchiveAction(Request $request, Entry $entry) { + $this->checkUserAction($entry); + $entry->toggleArchive(); $this->getDoctrine()->getManager()->flush(); @@ -146,13 +159,17 @@ class EntryController extends Controller /** * Changes favorite status for an entry * - * @param Request $request - * @param Entry $entry + * @param Request $request + * @param Entry $entry + * * @Route("/star/{id}", requirements={"id" = "\d+"}, name="star_entry") + * * @return \Symfony\Component\HttpFoundation\RedirectResponse */ public function toggleStarAction(Request $request, Entry $entry) { + $this->checkUserAction($entry); + $entry->toggleStar(); $this->getDoctrine()->getManager()->flush(); @@ -167,17 +184,19 @@ class EntryController extends Controller /** * Deletes entry * - * @param Request $request - * @param Entry $entry + * @param Request $request + * @param Entry $entry + * * @Route("/delete/{id}", requirements={"id" = "\d+"}, name="delete_entry") + * * @return \Symfony\Component\HttpFoundation\RedirectResponse */ public function deleteEntryAction(Request $request, Entry $entry) { - $em = $this->getDoctrine()->getManager(); + $this->checkUserAction($entry); + $entry->setDeleted(1); - $em->persist($entry); - $em->flush(); + $this->getDoctrine()->getManager()->flush(); $this->get('session')->getFlashBag()->add( 'notice', @@ -186,4 +205,16 @@ class EntryController extends Controller return $this->redirect($request->headers->get('referer')); } + + /** + * Check if the logged user can manage the given entry + * + * @param Entry $entry + */ + private function checkUserAction(Entry $entry) + { + if ($this->getUser()->getId() != $entry->getUser()->getId()) { + throw $this->createAccessDeniedException('You can not use this entry.'); + } + } } diff --git a/src/Wallabag/CoreBundle/DataFixtures/ORM/LoadEntryData.php b/src/Wallabag/CoreBundle/DataFixtures/ORM/LoadEntryData.php index fccd06be..520b44b8 100644 --- a/src/Wallabag/CoreBundle/DataFixtures/ORM/LoadEntryData.php +++ b/src/Wallabag/CoreBundle/DataFixtures/ORM/LoadEntryData.php @@ -16,13 +16,32 @@ class LoadEntryData extends AbstractFixture implements OrderedFixtureInterface { $entry1 = new Entry($this->getReference('admin-user')); $entry1->setUrl('http://0.0.0.0'); - $entry1->setTitle('test title'); + $entry1->setTitle('test title entry1'); $entry1->setContent('This is my content /o/'); $manager->persist($entry1); - $manager->flush(); $this->addReference('entry1', $entry1); + + $entry2 = new Entry($this->getReference('admin-user')); + $entry2->setUrl('http://0.0.0.0'); + $entry2->setTitle('test title entry2'); + $entry2->setContent('This is my content /o/'); + + $manager->persist($entry2); + + $this->addReference('entry2', $entry2); + + $entry3 = new Entry($this->getReference('bob-user')); + $entry3->setUrl('http://0.0.0.0'); + $entry3->setTitle('test title entry3'); + $entry3->setContent('This is my content /o/'); + + $manager->persist($entry3); + + $this->addReference('entry3', $entry3); + + $manager->flush(); } /** diff --git a/src/Wallabag/CoreBundle/DataFixtures/ORM/LoadUserData.php b/src/Wallabag/CoreBundle/DataFixtures/ORM/LoadUserData.php index da788218..e4751f20 100644 --- a/src/Wallabag/CoreBundle/DataFixtures/ORM/LoadUserData.php +++ b/src/Wallabag/CoreBundle/DataFixtures/ORM/LoadUserData.php @@ -15,13 +15,26 @@ class LoadUserData extends AbstractFixture implements OrderedFixtureInterface public function load(ObjectManager $manager) { $userAdmin = new User(); + $userAdmin->setName('Big boss'); + $userAdmin->setEmail('bigboss@wallabag.org'); $userAdmin->setUsername('admin'); $userAdmin->setPassword('test'); $manager->persist($userAdmin); - $manager->flush(); $this->addReference('admin-user', $userAdmin); + + $bobUser = new User(); + $bobUser->setName('Bobby'); + $bobUser->setEmail('bobby@wallabag.org'); + $bobUser->setUsername('bob'); + $bobUser->setPassword('test'); + + $manager->persist($bobUser); + + $this->addReference('bob-user', $bobUser); + + $manager->flush(); } /** diff --git a/src/Wallabag/CoreBundle/Repository/EntryRepository.php b/src/Wallabag/CoreBundle/Repository/EntryRepository.php index b6f86707..bedc90d2 100644 --- a/src/Wallabag/CoreBundle/Repository/EntryRepository.php +++ b/src/Wallabag/CoreBundle/Repository/EntryRepository.php @@ -2,7 +2,6 @@ namespace Wallabag\CoreBundle\Repository; -use Doctrine\ORM\Query; use Doctrine\ORM\EntityRepository; use Doctrine\ORM\Tools\Pagination\Paginator; diff --git a/src/Wallabag/CoreBundle/Tests/Controller/EntryControllerTest.php b/src/Wallabag/CoreBundle/Tests/Controller/EntryControllerTest.php index 5d8daea3..7276f8e4 100644 --- a/src/Wallabag/CoreBundle/Tests/Controller/EntryControllerTest.php +++ b/src/Wallabag/CoreBundle/Tests/Controller/EntryControllerTest.php @@ -3,6 +3,7 @@ namespace Wallabag\CoreBundle\Tests\Controller; use Wallabag\CoreBundle\Tests\WallabagTestCase; +use Doctrine\ORM\AbstractQuery; class EntryControllerTest extends WallabagTestCase { @@ -10,7 +11,7 @@ class EntryControllerTest extends WallabagTestCase { $client = $this->getClient(); - $crawler = $client->request('GET', '/new'); + $client->request('GET', '/new'); $this->assertEquals(302, $client->getResponse()->getStatusCode()); $this->assertContains('login', $client->getResponse()->headers->get('location')); @@ -18,7 +19,7 @@ class EntryControllerTest extends WallabagTestCase public function testGetNew() { - $this->logIn(); + $this->logInAs('admin'); $client = $this->getClient(); $crawler = $client->request('GET', '/new'); @@ -31,7 +32,7 @@ class EntryControllerTest extends WallabagTestCase public function testPostNewEmpty() { - $this->logIn(); + $this->logInAs('admin'); $client = $this->getClient(); $crawler = $client->request('GET', '/new'); @@ -49,7 +50,7 @@ class EntryControllerTest extends WallabagTestCase public function testPostNewOk() { - $this->logIn(); + $this->logInAs('admin'); $client = $this->getClient(); $crawler = $client->request('GET', '/new'); @@ -74,27 +75,27 @@ class EntryControllerTest extends WallabagTestCase public function testArchive() { - $this->logIn(); + $this->logInAs('admin'); $client = $this->getClient(); - $crawler = $client->request('GET', '/archive'); + $client->request('GET', '/archive'); $this->assertEquals(200, $client->getResponse()->getStatusCode()); } public function testStarred() { - $this->logIn(); + $this->logInAs('admin'); $client = $this->getClient(); - $crawler = $client->request('GET', '/starred'); + $client->request('GET', '/starred'); $this->assertEquals(200, $client->getResponse()->getStatusCode()); } public function testView() { - $this->logIn(); + $this->logInAs('admin'); $client = $this->getClient(); $content = $client->getContainer() @@ -102,13 +103,96 @@ class EntryControllerTest extends WallabagTestCase ->getRepository('WallabagCoreBundle:Entry') ->findOneByIsArchived(false); - if (!$content) { - $this->markTestSkipped('No content found in db.'); - } - - $crawler = $client->request('GET', '/view/'.$content->getId()); + $client->request('GET', '/view/'.$content->getId()); $this->assertEquals(200, $client->getResponse()->getStatusCode()); $this->assertContains($content->getTitle(), $client->getResponse()->getContent()); } + + public function testToggleArchive() + { + $this->logInAs('admin'); + $client = $this->getClient(); + + $content = $client->getContainer() + ->get('doctrine.orm.entity_manager') + ->getRepository('WallabagCoreBundle:Entry') + ->findOneByIsArchived(false); + + $client->request('GET', '/archive/'.$content->getId()); + + $this->assertEquals(302, $client->getResponse()->getStatusCode()); + + $res = $client->getContainer() + ->get('doctrine.orm.entity_manager') + ->getRepository('WallabagCoreBundle:Entry') + ->findOneById($content->getId()); + + $this->assertEquals($res->isArchived(), true); + } + + public function testToggleStar() + { + $this->logInAs('admin'); + $client = $this->getClient(); + + $content = $client->getContainer() + ->get('doctrine.orm.entity_manager') + ->getRepository('WallabagCoreBundle:Entry') + ->findOneByIsStarred(false); + + $client->request('GET', '/star/'.$content->getId()); + + $this->assertEquals(302, $client->getResponse()->getStatusCode()); + + $res = $client->getContainer() + ->get('doctrine.orm.entity_manager') + ->getRepository('WallabagCoreBundle:Entry') + ->findOneById($content->getId()); + + $this->assertEquals($res->isStarred(), true); + } + + public function testDelete() + { + $this->logInAs('admin'); + $client = $this->getClient(); + + $content = $client->getContainer() + ->get('doctrine.orm.entity_manager') + ->getRepository('WallabagCoreBundle:Entry') + ->findOneByIsDeleted(false); + + $client->request('GET', '/delete/'.$content->getId()); + + $this->assertEquals(302, $client->getResponse()->getStatusCode()); + + $res = $client->getContainer() + ->get('doctrine.orm.entity_manager') + ->getRepository('WallabagCoreBundle:Entry') + ->findOneById($content->getId()); + + $this->assertEquals($res->isDeleted(), true); + } + + public function testViewOtherUserEntry() + { + $this->logInAs('bob'); + $client = $this->getClient(); + + $content = $client->getContainer() + ->get('doctrine.orm.entity_manager') + ->getRepository('WallabagCoreBundle:Entry') + ->createQueryBuilder('e') + ->select('e.id') + ->leftJoin('e.user', 'u') + ->where('u.username != :username')->setParameter('username', 'bob') + ->setMaxResults(1) + ->getQuery() + ->getSingleResult(AbstractQuery::HYDRATE_ARRAY); + + $client->request('GET', '/view/'.$content['id']); + + $this->assertEquals(403, $client->getResponse()->getStatusCode()); + } } diff --git a/src/Wallabag/CoreBundle/Tests/WallabagTestCase.php b/src/Wallabag/CoreBundle/Tests/WallabagTestCase.php index edc7d992..a80b8bac 100644 --- a/src/Wallabag/CoreBundle/Tests/WallabagTestCase.php +++ b/src/Wallabag/CoreBundle/Tests/WallabagTestCase.php @@ -18,12 +18,12 @@ class WallabagTestCase extends WebTestCase $this->client = static::createClient(); } - public function logIn() + public function logInAs($username) { $crawler = $this->client->request('GET', '/login'); $form = $crawler->filter('button[type=submit]')->form(); $data = array( - '_username' => 'admin', + '_username' => $username, '_password' => 'test', );