]> git.immae.eu Git - github/wallabag/wallabag.git/blobdiff - tests/Wallabag/ApiBundle/Controller/TagRestControllerTest.php
projects / github / wallabag / wallabag.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
TagRestController: add tests to ensure that other user's tags are unreachable
[github/wallabag/wallabag.git] / tests / Wallabag / ApiBundle / Controller / TagRestControllerTest.php
diff --git a/tests/Wallabag/ApiBundle/Controller/TagRestControllerTest.php b/tests/Wallabag/ApiBundle/Controller/TagRestControllerTest.php
index 7f69bd67ca985f4008d0219582088a422014c5a4..8f1e6f02a674431cd992a7ad25c8a1a7d5706b47 100644 (file)
--- a/tests/Wallabag/ApiBundle/Controller/TagRestControllerTest.php
+++ b/tests/Wallabag/ApiBundle/Controller/TagRestControllerTest.php
@@ -7,11 +7,13 @@ use Wallabag\CoreBundle\Entity\Tag;
 
 class TagRestControllerTest extends WallabagApiTestCase
 {
+    private $otherUserTagLabel = 'bob';
+
     public function testGetUserTags()
     {
         $this->client->request('GET', '/api/tags.json');
 
-        $this->assertEquals(200, $this->client->getResponse()->getStatusCode());
+        $this->assertSame(200, $this->client->getResponse()->getStatusCode());
 
         $content = json_decode($this->client->getResponse()->getContent(), true);
 
@@ -19,6 +21,12 @@ class TagRestControllerTest extends WallabagApiTestCase
         $this->assertArrayHasKey('id', $content[0]);
         $this->assertArrayHasKey('label', $content[0]);
 
+        $tagLabels = array_map(function ($i) {
+            return $i['label'];
+        }, $content);
+
+        $this->assertNotContains($this->otherUserTagLabel, $tagLabels, 'There is a possible tag leak');
+
         return end($content);
     }
 
@@ -33,15 +41,15 @@ class TagRestControllerTest extends WallabagApiTestCase
         $em->flush();
         $em->clear();
 
-        $this->client->request('DELETE', '/api/tags/'.$tag->getId().'.json');
+        $this->client->request('DELETE', '/api/tags/' . $tag->getId() . '.json');
 
-        $this->assertEquals(200, $this->client->getResponse()->getStatusCode());
+        $this->assertSame(200, $this->client->getResponse()->getStatusCode());
 
         $content = json_decode($this->client->getResponse()->getContent(), true);
 
         $this->assertArrayHasKey('label', $content);
-        $this->assertEquals($tag->getLabel(), $content['label']);
-        $this->assertEquals($tag->getSlug(), $content['slug']);
+        $this->assertSame($tag->getLabel(), $content['label']);
+        $this->assertSame($tag->getSlug(), $content['slug']);
 
         $entries = $em->getRepository('WallabagCoreBundle:Entry')
             ->findAllByTagId($this->user->getId(), $tag->getId());
@@ -50,7 +58,17 @@ class TagRestControllerTest extends WallabagApiTestCase
 
         $tag = $em->getRepository('WallabagCoreBundle:Tag')->findOneByLabel($tagLabel);
 
-        $this->assertNull($tag, $tagLabel.' was removed because it begun an orphan tag');
+        $this->assertNull($tag, $tagLabel . ' was removed because it begun an orphan tag');
+    }
+
+    public function testDeleteOtherUserTag()
+    {
+        $em = $this->client->getContainer()->get('doctrine.orm.entity_manager');
+        $tag = $em->getRepository('WallabagCoreBundle:Tag')->findOneByLabel($this->otherUserTagLabel);
+
+        $this->client->request('DELETE', '/api/tags/' . $tag->getId() . '.json');
+
+        $this->assertSame(404, $this->client->getResponse()->getStatusCode());
     }
 
     public function dataForDeletingTagByLabel()
@@ -84,18 +102,18 @@ class TagRestControllerTest extends WallabagApiTestCase
         $em->flush();
 
         if ($useQueryString) {
-            $this->client->request('DELETE', '/api/tag/label.json?tag='.$tag->getLabel());
+            $this->client->request('DELETE', '/api/tag/label.json?tag=' . $tag->getLabel());
         } else {
             $this->client->request('DELETE', '/api/tag/label.json', ['tag' => $tag->getLabel()]);
         }
 
-        $this->assertEquals(200, $this->client->getResponse()->getStatusCode());
+        $this->assertSame(200, $this->client->getResponse()->getStatusCode());
 
         $content = json_decode($this->client->getResponse()->getContent(), true);
 
         $this->assertArrayHasKey('label', $content);
-        $this->assertEquals($tag->getLabel(), $content['label']);
-        $this->assertEquals($tag->getSlug(), $content['slug']);
+        $this->assertSame($tag->getLabel(), $content['label']);
+        $this->assertSame($tag->getSlug(), $content['slug']);
 
         $entries = $this->client->getContainer()
             ->get('doctrine.orm.entity_manager')
@@ -109,7 +127,14 @@ class TagRestControllerTest extends WallabagApiTestCase
     {
         $this->client->request('DELETE', '/api/tag/label.json', ['tag' => 'does not exist']);
 
-        $this->assertEquals(404, $this->client->getResponse()->getStatusCode());
+        $this->assertSame(404, $this->client->getResponse()->getStatusCode());
+    }
+
+    public function testDeleteTagByLabelOtherUser()
+    {
+        $this->client->request('DELETE', '/api/tag/label.json', ['tag' => $this->otherUserTagLabel]);
+
+        $this->assertSame(404, $this->client->getResponse()->getStatusCode());
     }
 
     /**
@@ -140,24 +165,24 @@ class TagRestControllerTest extends WallabagApiTestCase
         $em->flush();
 
         if ($useQueryString) {
-            $this->client->request('DELETE', '/api/tags/label.json?tags='.$tag->getLabel().','.$tag2->getLabel());
+            $this->client->request('DELETE', '/api/tags/label.json?tags=' . $tag->getLabel() . ',' . $tag2->getLabel());
         } else {
-            $this->client->request('DELETE', '/api/tags/label.json', ['tags' => $tag->getLabel().','.$tag2->getLabel()]);
+            $this->client->request('DELETE', '/api/tags/label.json', ['tags' => $tag->getLabel() . ',' . $tag2->getLabel()]);
         }
 
-        $this->assertEquals(200, $this->client->getResponse()->getStatusCode());
+        $this->assertSame(200, $this->client->getResponse()->getStatusCode());
 
         $content = json_decode($this->client->getResponse()->getContent(), true);
 
         $this->assertCount(2, $content);
 
         $this->assertArrayHasKey('label', $content[0]);
-        $this->assertEquals($tag->getLabel(), $content[0]['label']);
-        $this->assertEquals($tag->getSlug(), $content[0]['slug']);
+        $this->assertSame($tag->getLabel(), $content[0]['label']);
+        $this->assertSame($tag->getSlug(), $content[0]['slug']);
 
         $this->assertArrayHasKey('label', $content[1]);
-        $this->assertEquals($tag2->getLabel(), $content[1]['label']);
-        $this->assertEquals($tag2->getSlug(), $content[1]['slug']);
+        $this->assertSame($tag2->getLabel(), $content[1]['label']);
+        $this->assertSame($tag2->getSlug(), $content[1]['slug']);
 
         $entries = $this->client->getContainer()
             ->get('doctrine.orm.entity_manager')
@@ -178,6 +203,13 @@ class TagRestControllerTest extends WallabagApiTestCase
     {
         $this->client->request('DELETE', '/api/tags/label.json', ['tags' => 'does not exist']);
 
-        $this->assertEquals(404, $this->client->getResponse()->getStatusCode());
+        $this->assertSame(404, $this->client->getResponse()->getStatusCode());
+    }
+
+    public function testDeleteTagsByLabelOtherUser()
+    {
+        $this->client->request('DELETE', '/api/tags/label.json', ['tags' => $this->otherUserTagLabel]);
+
+        $this->assertSame(404, $this->client->getResponse()->getStatusCode());
     }
 }
A self hostable application for saving web pages: Save and classify articles. Read them later. Freely.