Move all admin controller into a dedicated group

Also handle authentication check in a new middleware for the admin group.
author: ArthurHoaro <arthur@hoa.ro> 2020-08-13 11:08:13 +0200
committer: ArthurHoaro <arthur@hoa.ro> 2020-08-13 11:08:13 +0200
commit: bedbb845eec20363b928b424143787dbe988eefe (patch)
tree: 6b835ca247e39157b333323a539dde3c410c08f5 /tests/front
parent: 1a68ae5a29bc33ab80c9cfbe043cb1213551533c (diff)
download: Shaarli-bedbb845eec20363b928b424143787dbe988eefe.tar.gz
Shaarli-bedbb845eec20363b928b424143787dbe988eefe.tar.zst
Shaarli-bedbb845eec20363b928b424143787dbe988eefe.zip
5 files changed, 152 insertions, 67 deletions
diff --git a/tests/front/ShaarliAdminMiddlewareTest.php b/tests/front/ShaarliAdminMiddlewareTest.php
new file mode 100644
index 00000000..7451330b
--- /dev/null
+++ b/tests/front/ShaarliAdminMiddlewareTest.php
@@ -0,0 +1,100 @@
+<?php
+declare(strict_types=1);
+namespace Shaarli\Front;
+use PHPUnit\Framework\TestCase;
+use Shaarli\Config\ConfigManager;
+use Shaarli\Container\ShaarliContainer;
+use Shaarli\Security\LoginManager;
+use Shaarli\Updater\Updater;
+use Slim\Http\Request;
+use Slim\Http\Response;
+use Slim\Http\Uri;
+class ShaarliAdminMiddlewareTest extends TestCase
+{
+    protected const TMP_MOCK_FILE = '.tmp';
+    /** @var ShaarliContainer */
+    protected $container;
+    /** @var ShaarliMiddleware  */
+    protected $middleware;
+    public function setUp(): void
+    {
+        $this->container = $this->createMock(ShaarliContainer::class);
+        touch(static::TMP_MOCK_FILE);
+        $this->container->conf = $this->createMock(ConfigManager::class);
+        $this->container->conf->method('getConfigFileExt')->willReturn(static::TMP_MOCK_FILE);
+        $this->container->loginManager = $this->createMock(LoginManager::class);
+        $this->container->updater = $this->createMock(Updater::class);
+        $this->container->environment = ['REQUEST_URI' => 'http://shaarli/subfolder/path'];
+        $this->middleware = new ShaarliAdminMiddleware($this->container);
+    }
+    public function tearDown(): void
+    {
+        unlink(static::TMP_MOCK_FILE);
+    }
+    /**
+     * Try to access an admin controller while logged out -> redirected to login page.
+     */
+    public function testMiddlewareWhileLoggedOut(): void
+    {
+        $this->container->loginManager->expects(static::once())->method('isLoggedIn')->willReturn(false);
+        $request = $this->createMock(Request::class);
+        $request->method('getUri')->willReturnCallback(function (): Uri {
+            $uri = $this->createMock(Uri::class);
+            $uri->method('getBasePath')->willReturn('/subfolder');
+            return $uri;
+        });
+        $response = new Response();
+        /** @var Response $result */
+        $result = $this->middleware->__invoke($request, $response, function () {});
+        static::assertSame(302, $result->getStatusCode());
+        static::assertSame(
+            '/subfolder/login?returnurl=' . urlencode('http://shaarli/subfolder/path'),
+            $result->getHeader('location')[0]
+        );
+    }
+    /**
+     * Process controller while logged in.
+     */
+    public function testMiddlewareWhileLoggedIn(): void
+    {
+        $this->container->loginManager->method('isLoggedIn')->willReturn(true);
+        $request = $this->createMock(Request::class);
+        $request->method('getUri')->willReturnCallback(function (): Uri {
+            $uri = $this->createMock(Uri::class);
+            $uri->method('getBasePath')->willReturn('/subfolder');
+            return $uri;
+        });
+        $response = new Response();
+        $controller = function (Request $request, Response $response): Response {
+            return $response->withStatus(418); // I'm a tea pot
+        };
+        /** @var Response $result */
+        $result = $this->middleware->__invoke($request, $response, $controller);
+        static::assertSame(418, $result->getStatusCode());
+    }
+}
diff --git a/tests/front/ShaarliMiddlewareTest.php b/tests/front/ShaarliMiddlewareTest.php
index 09bebd04..d435f506 100644
--- a/tests/front/ShaarliMiddlewareTest.php
+++ b/tests/front/ShaarliMiddlewareTest.php
@@ -43,7 +43,7 @@ class ShaarliMiddlewareTest extends TestCase
        $this->middleware = new ShaarliMiddleware($this->container);
    }
-    public function tearDown()
+    public function tearDown(): void
    {
        unlink(static::TMP_MOCK_FILE);
    }
diff --git a/tests/front/controller/admin/SessionFilterControllerTest.php b/tests/front/controller/admin/SessionFilterControllerTest.php
index 7d5511ed..d306c6e9 100644
--- a/tests/front/controller/admin/SessionFilterControllerTest.php
+++ b/tests/front/controller/admin/SessionFilterControllerTest.php
@@ -174,55 +174,4 @@ class SessionFilterControllerTest extends TestCase
        static::assertSame(302, $result->getStatusCode());
        static::assertSame(['/subfolder/controller/?searchtag=abc'], $result->getHeader('location'));
    }
-    /**
-     * Untagged only - valid call
-     */
-    public function testUntaggedOnly(): void
-    {
-        $this->container->environment = ['HTTP_REFERER' => 'http://shaarli/subfolder/controller/?searchtag=abc'];
-        $request = $this->createMock(Request::class);
-        $response = new Response();
-        $this->container->sessionManager
-            ->expects(static::once())
-            ->method('setSessionParameter')
-            ->with(SessionManager::KEY_UNTAGGED_ONLY, true)
-        ;
-        $result = $this->controller->untaggedOnly($request, $response);
-        static::assertInstanceOf(Response::class, $result);
-        static::assertSame(302, $result->getStatusCode());
-        static::assertSame(['/subfolder/controller/?searchtag=abc'], $result->getHeader('location'));
-    }
-    /**
-     * Untagged only - toggle off
-     */
-    public function testUntaggedOnlyToggleOff(): void
-    {
-        $this->container->environment = ['HTTP_REFERER' => 'http://shaarli/subfolder/controller/?searchtag=abc'];
-        $request = $this->createMock(Request::class);
-        $response = new Response();
-        $this->container->sessionManager
-            ->method('getSessionParameter')
-            ->with(SessionManager::KEY_UNTAGGED_ONLY)
-            ->willReturn(true)
-        ;
-        $this->container->sessionManager
-            ->expects(static::once())
-            ->method('setSessionParameter')
-            ->with(SessionManager::KEY_UNTAGGED_ONLY, false)
-        ;
-        $result = $this->controller->untaggedOnly($request, $response);
-        static::assertInstanceOf(Response::class, $result);
-        static::assertSame(302, $result->getStatusCode());
-        static::assertSame(['/subfolder/controller/?searchtag=abc'], $result->getHeader('location'));
-    }
 }
diff --git a/tests/front/controller/admin/ShaarliAdminControllerTest.php b/tests/front/controller/admin/ShaarliAdminControllerTest.php
index 7c5f50a6..fff427cb 100644
--- a/tests/front/controller/admin/ShaarliAdminControllerTest.php
+++ b/tests/front/controller/admin/ShaarliAdminControllerTest.php
@@ -5,9 +5,7 @@ declare(strict_types=1);
 namespace Shaarli\Front\Controller\Admin;
 use PHPUnit\Framework\TestCase;
-use Shaarli\Front\Exception\UnauthorizedException;
 use Shaarli\Front\Exception\WrongTokenException;
-use Shaarli\Security\LoginManager;
 use Shaarli\Security\SessionManager;
 use Slim\Http\Request;
@@ -53,19 +51,6 @@ class ShaarliAdminControllerTest extends TestCase
    }
    /**
-     * Creating an instance of an admin controller while logged out should raise an exception.
-     */
-    public function testInstantiateWhileLoggedOut(): void
-    {
-        $this->expectException(UnauthorizedException::class);
-        $this->container->loginManager = $this->createMock(LoginManager::class);
-        $this->container->loginManager->method('isLoggedIn')->willReturn(false);
-        $this->controller = new class($this->container) extends ShaarliAdminController {};
-    }
-    /**
     * Trigger controller's checkToken with a valid token.
     */
    public function testCheckTokenWithValidToken(): void
diff --git a/tests/front/controller/visitor/PublicSessionFilterControllerTest.php b/tests/front/controller/visitor/PublicSessionFilterControllerTest.php
index 3aa1cb99..06352750 100644
--- a/tests/front/controller/visitor/PublicSessionFilterControllerTest.php
+++ b/tests/front/controller/visitor/PublicSessionFilterControllerTest.php
@@ -68,4 +68,55 @@ class PublicSessionFilterControllerTest extends TestCase
        static::assertSame(302, $result->getStatusCode());
        static::assertSame(['/subfolder/'], $result->getHeader('location'));
    }
+    /**
+     * Untagged only - valid call
+     */
+    public function testUntaggedOnly(): void
+    {
+        $this->container->environment = ['HTTP_REFERER' => 'http://shaarli/subfolder/controller/?searchtag=abc'];
+        $request = $this->createMock(Request::class);
+        $response = new Response();
+        $this->container->sessionManager
+            ->expects(static::once())
+            ->method('setSessionParameter')
+            ->with(SessionManager::KEY_UNTAGGED_ONLY, true)
+        ;
+        $result = $this->controller->untaggedOnly($request, $response);
+        static::assertInstanceOf(Response::class, $result);
+        static::assertSame(302, $result->getStatusCode());
+        static::assertSame(['/subfolder/controller/?searchtag=abc'], $result->getHeader('location'));
+    }
+    /**
+     * Untagged only - toggle off
+     */
+    public function testUntaggedOnlyToggleOff(): void
+    {
+        $this->container->environment = ['HTTP_REFERER' => 'http://shaarli/subfolder/controller/?searchtag=abc'];
+        $request = $this->createMock(Request::class);
+        $response = new Response();
+        $this->container->sessionManager
+            ->method('getSessionParameter')
+            ->with(SessionManager::KEY_UNTAGGED_ONLY)
+            ->willReturn(true)
+        ;
+        $this->container->sessionManager
+            ->expects(static::once())
+            ->method('setSessionParameter')
+            ->with(SessionManager::KEY_UNTAGGED_ONLY, false)
+        ;
+        $result = $this->controller->untaggedOnly($request, $response);
+        static::assertInstanceOf(Response::class, $result);
+        static::assertSame(302, $result->getStatusCode());
+        static::assertSame(['/subfolder/controller/?searchtag=abc'], $result->getHeader('location'));
+    }
 }
author	ArthurHoaro <arthur@hoa.ro>	2020-08-13 11:08:13 +0200
committer	ArthurHoaro <arthur@hoa.ro>	2020-08-13 11:08:13 +0200
commit	bedbb845eec20363b928b424143787dbe988eefe (patch)
tree	6b835ca247e39157b333323a539dde3c410c08f5 /tests/front
parent	1a68ae5a29bc33ab80c9cfbe043cb1213551533c (diff)
download	Shaarli-bedbb845eec20363b928b424143787dbe988eefe.tar.gz Shaarli-bedbb845eec20363b928b424143787dbe988eefe.tar.zst Shaarli-bedbb845eec20363b928b424143787dbe988eefe.zip

diff --git a/tests/front/ShaarliAdminMiddlewareTest.php b/tests/front/ShaarliAdminMiddlewareTest.php new file mode 100644 index 00000000..7451330b --- /dev/null +++ b/tests/front/ShaarliAdminMiddlewareTest.php
@@ -0,0 +1,100 @@
		1	<?php
		2
		3	declare(strict_types=1);
		4
		5	namespace Shaarli\Front;
		6
		7	use PHPUnit\Framework\TestCase;
		8	use Shaarli\Config\ConfigManager;
		9	use Shaarli\Container\ShaarliContainer;
		10	use Shaarli\Security\LoginManager;
		11	use Shaarli\Updater\Updater;
		12	use Slim\Http\Request;
		13	use Slim\Http\Response;
		14	use Slim\Http\Uri;
		15
		16	class ShaarliAdminMiddlewareTest extends TestCase
		17	{
		18	protected const TMP_MOCK_FILE = '.tmp';
		19
		20	/** @var ShaarliContainer */
		21	protected $container;
		22
		23	/** @var ShaarliMiddleware */
		24	protected $middleware;
		25
		26	public function setUp(): void
		27	{
		28	$this->container = $this->createMock(ShaarliContainer::class);
		29
		30	touch(static::TMP_MOCK_FILE);
		31
		32	$this->container->conf = $this->createMock(ConfigManager::class);
		33	$this->container->conf->method('getConfigFileExt')->willReturn(static::TMP_MOCK_FILE);
		34
		35	$this->container->loginManager = $this->createMock(LoginManager::class);
		36	$this->container->updater = $this->createMock(Updater::class);
		37
		38	$this->container->environment = ['REQUEST_URI' => 'http://shaarli/subfolder/path'];
		39
		40	$this->middleware = new ShaarliAdminMiddleware($this->container);
		41	}
		42
		43	public function tearDown(): void
		44	{
		45	unlink(static::TMP_MOCK_FILE);
		46	}
		47
		48	/**
		49	* Try to access an admin controller while logged out -> redirected to login page.
		50	*/
		51	public function testMiddlewareWhileLoggedOut(): void
		52	{
		53	$this->container->loginManager->expects(static::once())->method('isLoggedIn')->willReturn(false);
		54
		55	$request = $this->createMock(Request::class);
		56	$request->method('getUri')->willReturnCallback(function (): Uri {
		57	$uri = $this->createMock(Uri::class);
		58	$uri->method('getBasePath')->willReturn('/subfolder');
		59
		60	return $uri;
		61	});
		62
		63	$response = new Response();
		64
		65	/** @var Response $result */
		66	$result = $this->middleware->__invoke($request, $response, function () {});
		67
		68	static::assertSame(302, $result->getStatusCode());
		69	static::assertSame(
		70	'/subfolder/login?returnurl=' . urlencode('http://shaarli/subfolder/path'),
		71	$result->getHeader('location')[0]
		72	);
		73	}
		74
		75	/**
		76	* Process controller while logged in.
		77	*/
		78	public function testMiddlewareWhileLoggedIn(): void
		79	{
		80	$this->container->loginManager->method('isLoggedIn')->willReturn(true);
		81
		82	$request = $this->createMock(Request::class);
		83	$request->method('getUri')->willReturnCallback(function (): Uri {
		84	$uri = $this->createMock(Uri::class);
		85	$uri->method('getBasePath')->willReturn('/subfolder');
		86
		87	return $uri;
		88	});
		89
		90	$response = new Response();
		91	$controller = function (Request $request, Response $response): Response {
		92	return $response->withStatus(418); // I'm a tea pot
		93	};
		94
		95	/** @var Response $result */
		96	$result = $this->middleware->__invoke($request, $response, $controller);
		97
		98	static::assertSame(418, $result->getStatusCode());
		99	}
		100	}


diff --git a/tests/front/ShaarliMiddlewareTest.php b/tests/front/ShaarliMiddlewareTest.php index 09bebd04..d435f506 100644 --- a/tests/front/ShaarliMiddlewareTest.php +++ b/tests/front/ShaarliMiddlewareTest.php
@@ -43,7 +43,7 @@ class ShaarliMiddlewareTest extends TestCase
43	$this->middleware = new ShaarliMiddleware($this->container);	43	$this->middleware = new ShaarliMiddleware($this->container);
44	}	44	}
45		45
46	public function tearDown()	46	public function tearDown(): void
47	{	47	{
48	unlink(static::TMP_MOCK_FILE);	48	unlink(static::TMP_MOCK_FILE);
49	}	49	}


diff --git a/tests/front/controller/admin/SessionFilterControllerTest.php b/tests/front/controller/admin/SessionFilterControllerTest.php index 7d5511ed..d306c6e9 100644 --- a/tests/front/controller/admin/SessionFilterControllerTest.php +++ b/tests/front/controller/admin/SessionFilterControllerTest.php
@@ -174,55 +174,4 @@ class SessionFilterControllerTest extends TestCase
174	static::assertSame(302, $result->getStatusCode());	174	static::assertSame(302, $result->getStatusCode());
175	static::assertSame(['/subfolder/controller/?searchtag=abc'], $result->getHeader('location'));	175	static::assertSame(['/subfolder/controller/?searchtag=abc'], $result->getHeader('location'));
176	}	176	}
177
178	/**
179	* Untagged only - valid call
180	*/
181	public function testUntaggedOnly(): void
182	{
183	$this->container->environment = ['HTTP_REFERER' => 'http://shaarli/subfolder/controller/?searchtag=abc'];
184
185	$request = $this->createMock(Request::class);
186	$response = new Response();
187
188	$this->container->sessionManager
189	->expects(static::once())
190	->method('setSessionParameter')
191	->with(SessionManager::KEY_UNTAGGED_ONLY, true)
192	;
193
194	$result = $this->controller->untaggedOnly($request, $response);
195
196	static::assertInstanceOf(Response::class, $result);
197	static::assertSame(302, $result->getStatusCode());
198	static::assertSame(['/subfolder/controller/?searchtag=abc'], $result->getHeader('location'));
199	}
200
201	/**
202	* Untagged only - toggle off
203	*/
204	public function testUntaggedOnlyToggleOff(): void
205	{
206	$this->container->environment = ['HTTP_REFERER' => 'http://shaarli/subfolder/controller/?searchtag=abc'];
207
208	$request = $this->createMock(Request::class);
209	$response = new Response();
210
211	$this->container->sessionManager
212	->method('getSessionParameter')
213	->with(SessionManager::KEY_UNTAGGED_ONLY)
214	->willReturn(true)
215	;
216	$this->container->sessionManager
217	->expects(static::once())
218	->method('setSessionParameter')
219	->with(SessionManager::KEY_UNTAGGED_ONLY, false)
220	;
221
222	$result = $this->controller->untaggedOnly($request, $response);
223
224	static::assertInstanceOf(Response::class, $result);
225	static::assertSame(302, $result->getStatusCode());
226	static::assertSame(['/subfolder/controller/?searchtag=abc'], $result->getHeader('location'));
227	}
228	}	177	}


diff --git a/tests/front/controller/admin/ShaarliAdminControllerTest.php b/tests/front/controller/admin/ShaarliAdminControllerTest.php index 7c5f50a6..fff427cb 100644 --- a/tests/front/controller/admin/ShaarliAdminControllerTest.php +++ b/tests/front/controller/admin/ShaarliAdminControllerTest.php
@@ -5,9 +5,7 @@ declare(strict_types=1);
5	namespace Shaarli\Front\Controller\Admin;	5	namespace Shaarli\Front\Controller\Admin;
6		6
7	use PHPUnit\Framework\TestCase;	7	use PHPUnit\Framework\TestCase;
8	use Shaarli\Front\Exception\UnauthorizedException;
9	use Shaarli\Front\Exception\WrongTokenException;	8	use Shaarli\Front\Exception\WrongTokenException;
10	use Shaarli\Security\LoginManager;
11	use Shaarli\Security\SessionManager;	9	use Shaarli\Security\SessionManager;
12	use Slim\Http\Request;	10	use Slim\Http\Request;
13		11
@@ -53,19 +51,6 @@ class ShaarliAdminControllerTest extends TestCase
53	}	51	}
54		52
55	/**	53	/**
56	* Creating an instance of an admin controller while logged out should raise an exception.
57	*/
58	public function testInstantiateWhileLoggedOut(): void
59	{
60	$this->expectException(UnauthorizedException::class);
61
62	$this->container->loginManager = $this->createMock(LoginManager::class);
63	$this->container->loginManager->method('isLoggedIn')->willReturn(false);
64
65	$this->controller = new class($this->container) extends ShaarliAdminController {};
66	}
67
68	/**
69	* Trigger controller's checkToken with a valid token.	54	* Trigger controller's checkToken with a valid token.
70	*/	55	*/
71	public function testCheckTokenWithValidToken(): void	56	public function testCheckTokenWithValidToken(): void


diff --git a/tests/front/controller/visitor/PublicSessionFilterControllerTest.php b/tests/front/controller/visitor/PublicSessionFilterControllerTest.php index 3aa1cb99..06352750 100644 --- a/tests/front/controller/visitor/PublicSessionFilterControllerTest.php +++ b/tests/front/controller/visitor/PublicSessionFilterControllerTest.php
@@ -68,4 +68,55 @@ class PublicSessionFilterControllerTest extends TestCase
68	static::assertSame(302, $result->getStatusCode());	68	static::assertSame(302, $result->getStatusCode());
69	static::assertSame(['/subfolder/'], $result->getHeader('location'));	69	static::assertSame(['/subfolder/'], $result->getHeader('location'));
70	}	70	}
		71
		72	/**
		73	* Untagged only - valid call
		74	*/
		75	public function testUntaggedOnly(): void
		76	{
		77	$this->container->environment = ['HTTP_REFERER' => 'http://shaarli/subfolder/controller/?searchtag=abc'];
		78
		79	$request = $this->createMock(Request::class);
		80	$response = new Response();
		81
		82	$this->container->sessionManager
		83	->expects(static::once())
		84	->method('setSessionParameter')
		85	->with(SessionManager::KEY_UNTAGGED_ONLY, true)
		86	;
		87
		88	$result = $this->controller->untaggedOnly($request, $response);
		89
		90	static::assertInstanceOf(Response::class, $result);
		91	static::assertSame(302, $result->getStatusCode());
		92	static::assertSame(['/subfolder/controller/?searchtag=abc'], $result->getHeader('location'));
		93	}
		94
		95	/**
		96	* Untagged only - toggle off
		97	*/
		98	public function testUntaggedOnlyToggleOff(): void
		99	{
		100	$this->container->environment = ['HTTP_REFERER' => 'http://shaarli/subfolder/controller/?searchtag=abc'];
		101
		102	$request = $this->createMock(Request::class);
		103	$response = new Response();
		104
		105	$this->container->sessionManager
		106	->method('getSessionParameter')
		107	->with(SessionManager::KEY_UNTAGGED_ONLY)
		108	->willReturn(true)
		109	;
		110	$this->container->sessionManager
		111	->expects(static::once())
		112	->method('setSessionParameter')
		113	->with(SessionManager::KEY_UNTAGGED_ONLY, false)
		114	;
		115
		116	$result = $this->controller->untaggedOnly($request, $response);
		117
		118	static::assertInstanceOf(Response::class, $result);
		119	static::assertSame(302, $result->getStatusCode());
		120	static::assertSame(['/subfolder/controller/?searchtag=abc'], $result->getHeader('location'));
		121	}
71	}	122	}