Process session filters through Slim controllers

Including: - visibility - links per page - untagged only
author: ArthurHoaro <arthur@hoa.ro> 2020-05-22 11:02:56 +0200
committer: ArthurHoaro <arthur@hoa.ro> 2020-07-23 21:19:21 +0200
commit: af290059d10319e76d1e7d78b592cab99c26d91a (patch)
tree: b088526052182d4b4f3c0af20db89f7d28fc3d9a /tests
parent: 893f5159c64e5bcff505c8367e6dc22cc2a7b14d (diff)
download: Shaarli-af290059d10319e76d1e7d78b592cab99c26d91a.tar.gz
Shaarli-af290059d10319e76d1e7d78b592cab99c26d91a.tar.zst
Shaarli-af290059d10319e76d1e7d78b592cab99c26d91a.zip
3 files changed, 478 insertions, 0 deletions
diff --git a/tests/front/controller/SessionFilterControllerTest.php b/tests/front/controller/SessionFilterControllerTest.php
new file mode 100644
index 00000000..f541de03
--- /dev/null
+++ b/tests/front/controller/SessionFilterControllerTest.php
@@ -0,0 +1,290 @@
+<?php
+declare(strict_types=1);
+namespace Shaarli\Front\Controller;
+use PHPUnit\Framework\TestCase;
+use Shaarli\Security\SessionManager;
+use Slim\Http\Request;
+use Slim\Http\Response;
+class SessionFilterControllerTest extends TestCase
+{
+    use FrontControllerMockHelper;
+    /** @var SessionFilterController */
+    protected $controller;
+    public function setUp(): void
+    {
+        $this->createContainer();
+        $this->controller = new SessionFilterController($this->container);
+    }
+    /**
+     * Link per page - Default call with valid parameter and a referer.
+     */
+    public function testLinksPerPage(): void
+    {
+        $this->createValidContainerMockSet();
+        $this->container->environment = ['HTTP_REFERER' => 'http://shaarli/subfolder/controller/?searchtag=abc'];
+        $request = $this->createMock(Request::class);
+        $request->method('getParam')->with('nb')->willReturn('8');
+        $response = new Response();
+        $this->container->sessionManager
+            ->expects(static::once())
+            ->method('setSessionParameter')
+            ->with(SessionManager::KEY_LINKS_PER_PAGE, 8)
+        ;
+        $result = $this->controller->linksPerPage($request, $response);
+        static::assertInstanceOf(Response::class, $result);
+        static::assertSame(302, $result->getStatusCode());
+        static::assertSame(['/subfolder/controller/?searchtag=abc'], $result->getHeader('location'));
+    }
+    /**
+     * Link per page - Invalid value, should use default value (20)
+     */
+    public function testLinksPerPageNotValid(): void
+    {
+        $this->createValidContainerMockSet();
+        $request = $this->createMock(Request::class);
+        $request->method('getParam')->with('nb')->willReturn('test');
+        $response = new Response();
+        $this->container->sessionManager
+            ->expects(static::once())
+            ->method('setSessionParameter')
+            ->with(SessionManager::KEY_LINKS_PER_PAGE, 20)
+        ;
+        $result = $this->controller->linksPerPage($request, $response);
+        static::assertInstanceOf(Response::class, $result);
+        static::assertSame(302, $result->getStatusCode());
+        static::assertSame(['./'], $result->getHeader('location'));
+    }
+    /**
+     * Visibility - Default call for private filter while logged in without current value
+     */
+    public function testVisibility(): void
+    {
+        $this->createValidContainerMockSet();
+        $arg = ['visibility' => 'private'];
+        $this->container->environment = ['HTTP_REFERER' => 'http://shaarli/subfolder/controller/?searchtag=abc'];
+        $this->container->loginManager->method('isLoggedIn')->willReturn(true);
+        $this->container->sessionManager
+            ->expects(static::once())
+            ->method('setSessionParameter')
+            ->with(SessionManager::KEY_VISIBILITY, 'private')
+        ;
+        $request = $this->createMock(Request::class);
+        $response = new Response();
+        $result = $this->controller->visibility($request, $response, $arg);
+        static::assertInstanceOf(Response::class, $result);
+        static::assertSame(302, $result->getStatusCode());
+        static::assertSame(['/subfolder/controller/?searchtag=abc'], $result->getHeader('location'));
+    }
+    /**
+     * Visibility - Toggle off private visibility
+     */
+    public function testVisibilityToggleOff(): void
+    {
+        $this->createValidContainerMockSet();
+        $arg = ['visibility' => 'private'];
+        $this->container->environment = ['HTTP_REFERER' => 'http://shaarli/subfolder/controller/?searchtag=abc'];
+        $this->container->loginManager->method('isLoggedIn')->willReturn(true);
+        $this->container->sessionManager
+            ->method('getSessionParameter')
+            ->with(SessionManager::KEY_VISIBILITY)
+            ->willReturn('private')
+        ;
+        $this->container->sessionManager
+            ->expects(static::never())
+            ->method('setSessionParameter')
+        ;
+        $this->container->sessionManager
+            ->expects(static::once())
+            ->method('deleteSessionParameter')
+            ->with(SessionManager::KEY_VISIBILITY)
+        ;
+        $request = $this->createMock(Request::class);
+        $response = new Response();
+        $result = $this->controller->visibility($request, $response, $arg);
+        static::assertInstanceOf(Response::class, $result);
+        static::assertSame(302, $result->getStatusCode());
+        static::assertSame(['/subfolder/controller/?searchtag=abc'], $result->getHeader('location'));
+    }
+    /**
+     * Visibility - Change private to public
+     */
+    public function testVisibilitySwitch(): void
+    {
+        $this->createValidContainerMockSet();
+        $arg = ['visibility' => 'private'];
+        $this->container->loginManager->method('isLoggedIn')->willReturn(true);
+        $this->container->sessionManager
+            ->method('getSessionParameter')
+            ->with(SessionManager::KEY_VISIBILITY)
+            ->willReturn('public')
+        ;
+        $this->container->sessionManager
+            ->expects(static::once())
+            ->method('setSessionParameter')
+            ->with(SessionManager::KEY_VISIBILITY, 'private')
+        ;
+        $request = $this->createMock(Request::class);
+        $response = new Response();
+        $result = $this->controller->visibility($request, $response, $arg);
+        static::assertInstanceOf(Response::class, $result);
+        static::assertSame(302, $result->getStatusCode());
+        static::assertSame(['./'], $result->getHeader('location'));
+    }
+    /**
+     * Visibility - With invalid value - should remove any visibility setting
+     */
+    public function testVisibilityInvalidValue(): void
+    {
+        $this->createValidContainerMockSet();
+        $arg = ['visibility' => 'test'];
+        $this->container->environment = ['HTTP_REFERER' => 'http://shaarli/subfolder/controller/?searchtag=abc'];
+        $this->container->loginManager->method('isLoggedIn')->willReturn(true);
+        $this->container->sessionManager
+            ->expects(static::never())
+            ->method('setSessionParameter')
+        ;
+        $this->container->sessionManager
+            ->expects(static::once())
+            ->method('deleteSessionParameter')
+            ->with(SessionManager::KEY_VISIBILITY)
+        ;
+        $request = $this->createMock(Request::class);
+        $response = new Response();
+        $result = $this->controller->visibility($request, $response, $arg);
+        static::assertInstanceOf(Response::class, $result);
+        static::assertSame(302, $result->getStatusCode());
+        static::assertSame(['/subfolder/controller/?searchtag=abc'], $result->getHeader('location'));
+    }
+    /**
+     * Visibility - Try to change visibility while logged out
+     */
+    public function testVisibilityLoggedOut(): void
+    {
+        $this->createValidContainerMockSet();
+        $arg = ['visibility' => 'test'];
+        $this->container->environment = ['HTTP_REFERER' => 'http://shaarli/subfolder/controller/?searchtag=abc'];
+        $this->container->loginManager->method('isLoggedIn')->willReturn(false);
+        $this->container->sessionManager
+            ->expects(static::never())
+            ->method('setSessionParameter')
+        ;
+        $this->container->sessionManager
+            ->expects(static::never())
+            ->method('deleteSessionParameter')
+            ->with(SessionManager::KEY_VISIBILITY)
+        ;
+        $request = $this->createMock(Request::class);
+        $response = new Response();
+        $result = $this->controller->visibility($request, $response, $arg);
+        static::assertInstanceOf(Response::class, $result);
+        static::assertSame(302, $result->getStatusCode());
+        static::assertSame(['/subfolder/controller/?searchtag=abc'], $result->getHeader('location'));
+    }
+    /**
+     * Untagged only - valid call
+     */
+    public function testUntaggedOnly(): void
+    {
+        $this->createValidContainerMockSet();
+        $this->container->environment = ['HTTP_REFERER' => 'http://shaarli/subfolder/controller/?searchtag=abc'];
+        $request = $this->createMock(Request::class);
+        $response = new Response();
+        $this->container->sessionManager
+            ->expects(static::once())
+            ->method('setSessionParameter')
+            ->with(SessionManager::KEY_UNTAGGED_ONLY, true)
+        ;
+        $result = $this->controller->untaggedOnly($request, $response);
+        static::assertInstanceOf(Response::class, $result);
+        static::assertSame(302, $result->getStatusCode());
+        static::assertSame(['/subfolder/controller/?searchtag=abc'], $result->getHeader('location'));
+    }
+    /**
+     * Untagged only - toggle off
+     */
+    public function testUntaggedOnlyToggleOff(): void
+    {
+        $this->createValidContainerMockSet();
+        $this->container->environment = ['HTTP_REFERER' => 'http://shaarli/subfolder/controller/?searchtag=abc'];
+        $request = $this->createMock(Request::class);
+        $response = new Response();
+        $this->container->sessionManager
+            ->method('getSessionParameter')
+            ->with(SessionManager::KEY_UNTAGGED_ONLY)
+            ->willReturn(true)
+        ;
+        $this->container->sessionManager
+            ->expects(static::once())
+            ->method('setSessionParameter')
+            ->with(SessionManager::KEY_UNTAGGED_ONLY, false)
+        ;
+        $result = $this->controller->untaggedOnly($request, $response);
+        static::assertInstanceOf(Response::class, $result);
+        static::assertSame(302, $result->getStatusCode());
+        static::assertSame(['/subfolder/controller/?searchtag=abc'], $result->getHeader('location'));
+    }
+}
diff --git a/tests/front/controller/ShaarliControllerTest.php b/tests/front/controller/ShaarliControllerTest.php
index 3efe4d95..a6011b49 100644
--- a/tests/front/controller/ShaarliControllerTest.php
+++ b/tests/front/controller/ShaarliControllerTest.php
@@ -6,6 +6,7 @@ namespace Shaarli\Front\Controller;
 use PHPUnit\Framework\TestCase;
 use Shaarli\Bookmark\BookmarkFilter;
+use Slim\Http\Response;
 /**
 * Class ShaarliControllerTest
@@ -38,6 +39,14 @@ class ShaarliControllerTest extends TestCase
            {
                return parent::render($template);
            }
+            public function redirectFromReferer(
+                Response $response,
+                array $loopTerms = [],
+                array $clearParams = []
+            ): Response {
+                return parent::redirectFromReferer($response, $loopTerms, $clearParams);
+            }
        };
        $this->assignedValues = [];
    }
@@ -91,4 +100,126 @@ class ShaarliControllerTest extends TestCase
        static::assertSame('templateName', $this->assignedValues['plugins_footer']['render_footer']['target']);
        static::assertTrue($this->assignedValues['plugins_footer']['render_footer']['loggedin']);
    }
+    /**
+     * Test redirectFromReferer() - Default behaviour
+     */
+    public function testRedirectFromRefererDefault(): void
+    {
+        $this->createValidContainerMockSet();
+        $this->container->environment['HTTP_REFERER'] = 'http://shaarli.tld/subfolder/controller?query=param&other=2';
+        $response = new Response();
+        $result = $this->controller->redirectFromReferer($response);
+        static::assertSame(302, $result->getStatusCode());
+        static::assertSame(['/subfolder/controller?query=param&other=2'], $result->getHeader('location'));
+    }
+    /**
+     * Test redirectFromReferer() - With a loop term not matched in the referer
+     */
+    public function testRedirectFromRefererWithUnmatchedLoopTerm(): void
+    {
+        $this->createValidContainerMockSet();
+        $this->container->environment['HTTP_REFERER'] = 'http://shaarli.tld/subfolder/controller?query=param&other=2';
+        $response = new Response();
+        $result = $this->controller->redirectFromReferer($response, ['nope']);
+        static::assertSame(302, $result->getStatusCode());
+        static::assertSame(['/subfolder/controller?query=param&other=2'], $result->getHeader('location'));
+    }
+    /**
+     * Test redirectFromReferer() - With a loop term matching the referer in its path -> redirect to default
+     */
+    public function testRedirectFromRefererWithMatchingLoopTermInPath(): void
+    {
+        $this->createValidContainerMockSet();
+        $this->container->environment['HTTP_REFERER'] = 'http://shaarli.tld/subfolder/controller?query=param&other=2';
+        $response = new Response();
+        $result = $this->controller->redirectFromReferer($response, ['nope', 'controller']);
+        static::assertSame(302, $result->getStatusCode());
+        static::assertSame(['./'], $result->getHeader('location'));
+    }
+    /**
+     * Test redirectFromReferer() - With a loop term matching the referer in its query parameters -> redirect to default
+     */
+    public function testRedirectFromRefererWithMatchingLoopTermInQueryParam(): void
+    {
+        $this->createValidContainerMockSet();
+        $this->container->environment['HTTP_REFERER'] = 'http://shaarli.tld/subfolder/controller?query=param&other=2';
+        $response = new Response();
+        $result = $this->controller->redirectFromReferer($response, ['nope', 'other']);
+        static::assertSame(302, $result->getStatusCode());
+        static::assertSame(['./'], $result->getHeader('location'));
+    }
+    /**
+     * Test redirectFromReferer() - With a loop term matching the referer in its query value
+     *                              -> we do not block redirection for query parameter values.
+     */
+    public function testRedirectFromRefererWithMatchingLoopTermInQueryValue(): void
+    {
+        $this->createValidContainerMockSet();
+        $this->container->environment['HTTP_REFERER'] = 'http://shaarli.tld/subfolder/controller?query=param&other=2';
+        $response = new Response();
+        $result = $this->controller->redirectFromReferer($response, ['nope', 'param']);
+        static::assertSame(302, $result->getStatusCode());
+        static::assertSame(['/subfolder/controller?query=param&other=2'], $result->getHeader('location'));
+    }
+    /**
+     * Test redirectFromReferer() - With a loop term matching the referer in its domain name
+     *                              -> we do not block redirection for shaarli's hosts
+     */
+    public function testRedirectFromRefererWithLoopTermInDomain(): void
+    {
+        $this->createValidContainerMockSet();
+        $this->container->environment['HTTP_REFERER'] = 'http://shaarli.tld/subfolder/controller?query=param&other=2';
+        $response = new Response();
+        $result = $this->controller->redirectFromReferer($response, ['shaarli']);
+        static::assertSame(302, $result->getStatusCode());
+        static::assertSame(['/subfolder/controller?query=param&other=2'], $result->getHeader('location'));
+    }
+    /**
+     * Test redirectFromReferer() - With a loop term matching a query parameter AND clear this query param
+     *                              -> the param should be cleared before checking if it matches the redir loop terms
+     */
+    public function testRedirectFromRefererWithMatchingClearedParam(): void
+    {
+        $this->createValidContainerMockSet();
+        $this->container->environment['HTTP_REFERER'] = 'http://shaarli.tld/subfolder/controller?query=param&other=2';
+        $response = new Response();
+        $result = $this->controller->redirectFromReferer($response, ['query'], ['query']);
+        static::assertSame(302, $result->getStatusCode());
+        static::assertSame(['/subfolder/controller?other=2'], $result->getHeader('location'));
+    }
 }
diff --git a/tests/security/SessionManagerTest.php b/tests/security/SessionManagerTest.php
index f264505e..d9db775e 100644
--- a/tests/security/SessionManagerTest.php
+++ b/tests/security/SessionManagerTest.php
@@ -269,4 +269,61 @@ class SessionManagerTest extends TestCase
        $this->session['ip'] = 'ip_id_one';
        $this->assertTrue($this->sessionManager->hasClientIpChanged('ip_id_two'));
    }
+    /**
+     * Test creating an entry in the session array
+     */
+    public function testSetSessionParameterCreate(): void
+    {
+        $this->sessionManager->setSessionParameter('abc', 'def');
+        static::assertSame('def', $this->session['abc']);
+    }
+    /**
+     * Test updating an entry in the session array
+     */
+    public function testSetSessionParameterUpdate(): void
+    {
+        $this->session['abc'] = 'ghi';
+        $this->sessionManager->setSessionParameter('abc', 'def');
+        static::assertSame('def', $this->session['abc']);
+    }
+    /**
+     * Test updating an entry in the session array with null value
+     */
+    public function testSetSessionParameterUpdateNull(): void
+    {
+        $this->session['abc'] = 'ghi';
+        $this->sessionManager->setSessionParameter('abc', null);
+        static::assertArrayHasKey('abc', $this->session);
+        static::assertNull($this->session['abc']);
+    }
+    /**
+     * Test deleting an existing entry in the session array
+     */
+    public function testDeleteSessionParameter(): void
+    {
+        $this->session['abc'] = 'def';
+        $this->sessionManager->deleteSessionParameter('abc');
+        static::assertArrayNotHasKey('abc', $this->session);
+    }
+    /**
+     * Test deleting a non existent entry in the session array
+     */
+    public function testDeleteSessionParameterNotExisting(): void
+    {
+        $this->sessionManager->deleteSessionParameter('abc');
+        static::assertArrayNotHasKey('abc', $this->session);
+    }
 }
author	ArthurHoaro <arthur@hoa.ro>	2020-05-22 11:02:56 +0200
committer	ArthurHoaro <arthur@hoa.ro>	2020-07-23 21:19:21 +0200
commit	af290059d10319e76d1e7d78b592cab99c26d91a (patch)
tree	b088526052182d4b4f3c0af20db89f7d28fc3d9a /tests
parent	893f5159c64e5bcff505c8367e6dc22cc2a7b14d (diff)
download	Shaarli-af290059d10319e76d1e7d78b592cab99c26d91a.tar.gz Shaarli-af290059d10319e76d1e7d78b592cab99c26d91a.tar.zst Shaarli-af290059d10319e76d1e7d78b592cab99c26d91a.zip

diff --git a/tests/front/controller/SessionFilterControllerTest.php b/tests/front/controller/SessionFilterControllerTest.php new file mode 100644 index 00000000..f541de03 --- /dev/null +++ b/tests/front/controller/SessionFilterControllerTest.php
@@ -0,0 +1,290 @@
		1	<?php
		2
		3	declare(strict_types=1);
		4
		5	namespace Shaarli\Front\Controller;
		6
		7	use PHPUnit\Framework\TestCase;
		8	use Shaarli\Security\SessionManager;
		9	use Slim\Http\Request;
		10	use Slim\Http\Response;
		11
		12	class SessionFilterControllerTest extends TestCase
		13	{
		14	use FrontControllerMockHelper;
		15
		16	/** @var SessionFilterController */
		17	protected $controller;
		18
		19	public function setUp(): void
		20	{
		21	$this->createContainer();
		22
		23	$this->controller = new SessionFilterController($this->container);
		24	}
		25
		26	/**
		27	* Link per page - Default call with valid parameter and a referer.
		28	*/
		29	public function testLinksPerPage(): void
		30	{
		31	$this->createValidContainerMockSet();
		32
		33	$this->container->environment = ['HTTP_REFERER' => 'http://shaarli/subfolder/controller/?searchtag=abc'];
		34
		35	$request = $this->createMock(Request::class);
		36	$request->method('getParam')->with('nb')->willReturn('8');
		37	$response = new Response();
		38
		39	$this->container->sessionManager
		40	->expects(static::once())
		41	->method('setSessionParameter')
		42	->with(SessionManager::KEY_LINKS_PER_PAGE, 8)
		43	;
		44
		45	$result = $this->controller->linksPerPage($request, $response);
		46
		47	static::assertInstanceOf(Response::class, $result);
		48	static::assertSame(302, $result->getStatusCode());
		49	static::assertSame(['/subfolder/controller/?searchtag=abc'], $result->getHeader('location'));
		50	}
		51
		52	/**
		53	* Link per page - Invalid value, should use default value (20)
		54	*/
		55	public function testLinksPerPageNotValid(): void
		56	{
		57	$this->createValidContainerMockSet();
		58
		59	$request = $this->createMock(Request::class);
		60	$request->method('getParam')->with('nb')->willReturn('test');
		61	$response = new Response();
		62
		63	$this->container->sessionManager
		64	->expects(static::once())
		65	->method('setSessionParameter')
		66	->with(SessionManager::KEY_LINKS_PER_PAGE, 20)
		67	;
		68
		69	$result = $this->controller->linksPerPage($request, $response);
		70
		71	static::assertInstanceOf(Response::class, $result);
		72	static::assertSame(302, $result->getStatusCode());
		73	static::assertSame(['./'], $result->getHeader('location'));
		74	}
		75
		76	/**
		77	* Visibility - Default call for private filter while logged in without current value
		78	*/
		79	public function testVisibility(): void
		80	{
		81	$this->createValidContainerMockSet();
		82
		83	$arg = ['visibility' => 'private'];
		84
		85	$this->container->environment = ['HTTP_REFERER' => 'http://shaarli/subfolder/controller/?searchtag=abc'];
		86
		87	$this->container->loginManager->method('isLoggedIn')->willReturn(true);
		88	$this->container->sessionManager
		89	->expects(static::once())
		90	->method('setSessionParameter')
		91	->with(SessionManager::KEY_VISIBILITY, 'private')
		92	;
		93
		94	$request = $this->createMock(Request::class);
		95	$response = new Response();
		96
		97	$result = $this->controller->visibility($request, $response, $arg);
		98
		99	static::assertInstanceOf(Response::class, $result);
		100	static::assertSame(302, $result->getStatusCode());
		101	static::assertSame(['/subfolder/controller/?searchtag=abc'], $result->getHeader('location'));
		102	}
		103
		104	/**
		105	* Visibility - Toggle off private visibility
		106	*/
		107	public function testVisibilityToggleOff(): void
		108	{
		109	$this->createValidContainerMockSet();
		110
		111	$arg = ['visibility' => 'private'];
		112
		113	$this->container->environment = ['HTTP_REFERER' => 'http://shaarli/subfolder/controller/?searchtag=abc'];
		114
		115	$this->container->loginManager->method('isLoggedIn')->willReturn(true);
		116	$this->container->sessionManager
		117	->method('getSessionParameter')
		118	->with(SessionManager::KEY_VISIBILITY)
		119	->willReturn('private')
		120	;
		121	$this->container->sessionManager
		122	->expects(static::never())
		123	->method('setSessionParameter')
		124	;
		125	$this->container->sessionManager
		126	->expects(static::once())
		127	->method('deleteSessionParameter')
		128	->with(SessionManager::KEY_VISIBILITY)
		129	;
		130
		131	$request = $this->createMock(Request::class);
		132	$response = new Response();
		133
		134	$result = $this->controller->visibility($request, $response, $arg);
		135
		136	static::assertInstanceOf(Response::class, $result);
		137	static::assertSame(302, $result->getStatusCode());
		138	static::assertSame(['/subfolder/controller/?searchtag=abc'], $result->getHeader('location'));
		139	}
		140
		141	/**
		142	* Visibility - Change private to public
		143	*/
		144	public function testVisibilitySwitch(): void
		145	{
		146	$this->createValidContainerMockSet();
		147
		148	$arg = ['visibility' => 'private'];
		149
		150	$this->container->loginManager->method('isLoggedIn')->willReturn(true);
		151	$this->container->sessionManager
		152	->method('getSessionParameter')
		153	->with(SessionManager::KEY_VISIBILITY)
		154	->willReturn('public')
		155	;
		156	$this->container->sessionManager
		157	->expects(static::once())
		158	->method('setSessionParameter')
		159	->with(SessionManager::KEY_VISIBILITY, 'private')
		160	;
		161
		162	$request = $this->createMock(Request::class);
		163	$response = new Response();
		164
		165	$result = $this->controller->visibility($request, $response, $arg);
		166
		167	static::assertInstanceOf(Response::class, $result);
		168	static::assertSame(302, $result->getStatusCode());
		169	static::assertSame(['./'], $result->getHeader('location'));
		170	}
		171
		172	/**
		173	* Visibility - With invalid value - should remove any visibility setting
		174	*/
		175	public function testVisibilityInvalidValue(): void
		176	{
		177	$this->createValidContainerMockSet();
		178
		179	$arg = ['visibility' => 'test'];
		180
		181	$this->container->environment = ['HTTP_REFERER' => 'http://shaarli/subfolder/controller/?searchtag=abc'];
		182
		183	$this->container->loginManager->method('isLoggedIn')->willReturn(true);
		184	$this->container->sessionManager
		185	->expects(static::never())
		186	->method('setSessionParameter')
		187	;
		188	$this->container->sessionManager
		189	->expects(static::once())
		190	->method('deleteSessionParameter')
		191	->with(SessionManager::KEY_VISIBILITY)
		192	;
		193
		194	$request = $this->createMock(Request::class);
		195	$response = new Response();
		196
		197	$result = $this->controller->visibility($request, $response, $arg);
		198
		199	static::assertInstanceOf(Response::class, $result);
		200	static::assertSame(302, $result->getStatusCode());
		201	static::assertSame(['/subfolder/controller/?searchtag=abc'], $result->getHeader('location'));
		202	}
		203
		204	/**
		205	* Visibility - Try to change visibility while logged out
		206	*/
		207	public function testVisibilityLoggedOut(): void
		208	{
		209	$this->createValidContainerMockSet();
		210
		211	$arg = ['visibility' => 'test'];
		212
		213	$this->container->environment = ['HTTP_REFERER' => 'http://shaarli/subfolder/controller/?searchtag=abc'];
		214
		215	$this->container->loginManager->method('isLoggedIn')->willReturn(false);
		216	$this->container->sessionManager
		217	->expects(static::never())
		218	->method('setSessionParameter')
		219	;
		220	$this->container->sessionManager
		221	->expects(static::never())
		222	->method('deleteSessionParameter')
		223	->with(SessionManager::KEY_VISIBILITY)
		224	;
		225
		226	$request = $this->createMock(Request::class);
		227	$response = new Response();
		228
		229	$result = $this->controller->visibility($request, $response, $arg);
		230
		231	static::assertInstanceOf(Response::class, $result);
		232	static::assertSame(302, $result->getStatusCode());
		233	static::assertSame(['/subfolder/controller/?searchtag=abc'], $result->getHeader('location'));
		234	}
		235
		236	/**
		237	* Untagged only - valid call
		238	*/
		239	public function testUntaggedOnly(): void
		240	{
		241	$this->createValidContainerMockSet();
		242
		243	$this->container->environment = ['HTTP_REFERER' => 'http://shaarli/subfolder/controller/?searchtag=abc'];
		244
		245	$request = $this->createMock(Request::class);
		246	$response = new Response();
		247
		248	$this->container->sessionManager
		249	->expects(static::once())
		250	->method('setSessionParameter')
		251	->with(SessionManager::KEY_UNTAGGED_ONLY, true)
		252	;
		253
		254	$result = $this->controller->untaggedOnly($request, $response);
		255
		256	static::assertInstanceOf(Response::class, $result);
		257	static::assertSame(302, $result->getStatusCode());
		258	static::assertSame(['/subfolder/controller/?searchtag=abc'], $result->getHeader('location'));
		259	}
		260
		261	/**
		262	* Untagged only - toggle off
		263	*/
		264	public function testUntaggedOnlyToggleOff(): void
		265	{
		266	$this->createValidContainerMockSet();
		267
		268	$this->container->environment = ['HTTP_REFERER' => 'http://shaarli/subfolder/controller/?searchtag=abc'];
		269
		270	$request = $this->createMock(Request::class);
		271	$response = new Response();
		272
		273	$this->container->sessionManager
		274	->method('getSessionParameter')
		275	->with(SessionManager::KEY_UNTAGGED_ONLY)
		276	->willReturn(true)
		277	;
		278	$this->container->sessionManager
		279	->expects(static::once())
		280	->method('setSessionParameter')
		281	->with(SessionManager::KEY_UNTAGGED_ONLY, false)
		282	;
		283
		284	$result = $this->controller->untaggedOnly($request, $response);
		285
		286	static::assertInstanceOf(Response::class, $result);
		287	static::assertSame(302, $result->getStatusCode());
		288	static::assertSame(['/subfolder/controller/?searchtag=abc'], $result->getHeader('location'));
		289	}
		290	}


diff --git a/tests/front/controller/ShaarliControllerTest.php b/tests/front/controller/ShaarliControllerTest.php index 3efe4d95..a6011b49 100644 --- a/tests/front/controller/ShaarliControllerTest.php +++ b/tests/front/controller/ShaarliControllerTest.php
@@ -6,6 +6,7 @@ namespace Shaarli\Front\Controller;
6		6
7	use PHPUnit\Framework\TestCase;	7	use PHPUnit\Framework\TestCase;
8	use Shaarli\Bookmark\BookmarkFilter;	8	use Shaarli\Bookmark\BookmarkFilter;
		9	use Slim\Http\Response;
9		10
10	/**	11	/**
11	* Class ShaarliControllerTest	12	* Class ShaarliControllerTest
@@ -38,6 +39,14 @@ class ShaarliControllerTest extends TestCase
38	{	39	{
39	return parent::render($template);	40	return parent::render($template);
40	}	41	}
		42
		43	public function redirectFromReferer(
		44	Response $response,
		45	array $loopTerms = [],
		46	array $clearParams = []
		47	): Response {
		48	return parent::redirectFromReferer($response, $loopTerms, $clearParams);
		49	}
41	};	50	};
42	$this->assignedValues = [];	51	$this->assignedValues = [];
43	}	52	}
@@ -91,4 +100,126 @@ class ShaarliControllerTest extends TestCase
91	static::assertSame('templateName', $this->assignedValues['plugins_footer']['render_footer']['target']);	100	static::assertSame('templateName', $this->assignedValues['plugins_footer']['render_footer']['target']);
92	static::assertTrue($this->assignedValues['plugins_footer']['render_footer']['loggedin']);	101	static::assertTrue($this->assignedValues['plugins_footer']['render_footer']['loggedin']);
93	}	102	}
		103
		104	/**
		105	* Test redirectFromReferer() - Default behaviour
		106	*/
		107	public function testRedirectFromRefererDefault(): void
		108	{
		109	$this->createValidContainerMockSet();
		110
		111	$this->container->environment['HTTP_REFERER'] = 'http://shaarli.tld/subfolder/controller?query=param&other=2';
		112
		113	$response = new Response();
		114
		115	$result = $this->controller->redirectFromReferer($response);
		116
		117	static::assertSame(302, $result->getStatusCode());
		118	static::assertSame(['/subfolder/controller?query=param&other=2'], $result->getHeader('location'));
		119	}
		120
		121	/**
		122	* Test redirectFromReferer() - With a loop term not matched in the referer
		123	*/
		124	public function testRedirectFromRefererWithUnmatchedLoopTerm(): void
		125	{
		126	$this->createValidContainerMockSet();
		127
		128	$this->container->environment['HTTP_REFERER'] = 'http://shaarli.tld/subfolder/controller?query=param&other=2';
		129
		130	$response = new Response();
		131
		132	$result = $this->controller->redirectFromReferer($response, ['nope']);
		133
		134	static::assertSame(302, $result->getStatusCode());
		135	static::assertSame(['/subfolder/controller?query=param&other=2'], $result->getHeader('location'));
		136	}
		137
		138	/**
		139	* Test redirectFromReferer() - With a loop term matching the referer in its path -> redirect to default
		140	*/
		141	public function testRedirectFromRefererWithMatchingLoopTermInPath(): void
		142	{
		143	$this->createValidContainerMockSet();
		144
		145	$this->container->environment['HTTP_REFERER'] = 'http://shaarli.tld/subfolder/controller?query=param&other=2';
		146
		147	$response = new Response();
		148
		149	$result = $this->controller->redirectFromReferer($response, ['nope', 'controller']);
		150
		151	static::assertSame(302, $result->getStatusCode());
		152	static::assertSame(['./'], $result->getHeader('location'));
		153	}
		154
		155	/**
		156	* Test redirectFromReferer() - With a loop term matching the referer in its query parameters -> redirect to default
		157	*/
		158	public function testRedirectFromRefererWithMatchingLoopTermInQueryParam(): void
		159	{
		160	$this->createValidContainerMockSet();
		161
		162	$this->container->environment['HTTP_REFERER'] = 'http://shaarli.tld/subfolder/controller?query=param&other=2';
		163
		164	$response = new Response();
		165
		166	$result = $this->controller->redirectFromReferer($response, ['nope', 'other']);
		167
		168	static::assertSame(302, $result->getStatusCode());
		169	static::assertSame(['./'], $result->getHeader('location'));
		170	}
		171
		172	/**
		173	* Test redirectFromReferer() - With a loop term matching the referer in its query value
		174	* -> we do not block redirection for query parameter values.
		175	*/
		176	public function testRedirectFromRefererWithMatchingLoopTermInQueryValue(): void
		177	{
		178	$this->createValidContainerMockSet();
		179
		180	$this->container->environment['HTTP_REFERER'] = 'http://shaarli.tld/subfolder/controller?query=param&other=2';
		181
		182	$response = new Response();
		183
		184	$result = $this->controller->redirectFromReferer($response, ['nope', 'param']);
		185
		186	static::assertSame(302, $result->getStatusCode());
		187	static::assertSame(['/subfolder/controller?query=param&other=2'], $result->getHeader('location'));
		188	}
		189
		190	/**
		191	* Test redirectFromReferer() - With a loop term matching the referer in its domain name
		192	* -> we do not block redirection for shaarli's hosts
		193	*/
		194	public function testRedirectFromRefererWithLoopTermInDomain(): void
		195	{
		196	$this->createValidContainerMockSet();
		197
		198	$this->container->environment['HTTP_REFERER'] = 'http://shaarli.tld/subfolder/controller?query=param&other=2';
		199
		200	$response = new Response();
		201
		202	$result = $this->controller->redirectFromReferer($response, ['shaarli']);
		203
		204	static::assertSame(302, $result->getStatusCode());
		205	static::assertSame(['/subfolder/controller?query=param&other=2'], $result->getHeader('location'));
		206	}
		207
		208	/**
		209	* Test redirectFromReferer() - With a loop term matching a query parameter AND clear this query param
		210	* -> the param should be cleared before checking if it matches the redir loop terms
		211	*/
		212	public function testRedirectFromRefererWithMatchingClearedParam(): void
		213	{
		214	$this->createValidContainerMockSet();
		215
		216	$this->container->environment['HTTP_REFERER'] = 'http://shaarli.tld/subfolder/controller?query=param&other=2';
		217
		218	$response = new Response();
		219
		220	$result = $this->controller->redirectFromReferer($response, ['query'], ['query']);
		221
		222	static::assertSame(302, $result->getStatusCode());
		223	static::assertSame(['/subfolder/controller?other=2'], $result->getHeader('location'));
		224	}
94	}	225	}


diff --git a/tests/security/SessionManagerTest.php b/tests/security/SessionManagerTest.php index f264505e..d9db775e 100644 --- a/tests/security/SessionManagerTest.php +++ b/tests/security/SessionManagerTest.php
@@ -269,4 +269,61 @@ class SessionManagerTest extends TestCase
269	$this->session['ip'] = 'ip_id_one';	269	$this->session['ip'] = 'ip_id_one';
270	$this->assertTrue($this->sessionManager->hasClientIpChanged('ip_id_two'));	270	$this->assertTrue($this->sessionManager->hasClientIpChanged('ip_id_two'));
271	}	271	}
		272
		273	/**
		274	* Test creating an entry in the session array
		275	*/
		276	public function testSetSessionParameterCreate(): void
		277	{
		278	$this->sessionManager->setSessionParameter('abc', 'def');
		279
		280	static::assertSame('def', $this->session['abc']);
		281	}
		282
		283	/**
		284	* Test updating an entry in the session array
		285	*/
		286	public function testSetSessionParameterUpdate(): void
		287	{
		288	$this->session['abc'] = 'ghi';
		289
		290	$this->sessionManager->setSessionParameter('abc', 'def');
		291
		292	static::assertSame('def', $this->session['abc']);
		293	}
		294
		295	/**
		296	* Test updating an entry in the session array with null value
		297	*/
		298	public function testSetSessionParameterUpdateNull(): void
		299	{
		300	$this->session['abc'] = 'ghi';
		301
		302	$this->sessionManager->setSessionParameter('abc', null);
		303
		304	static::assertArrayHasKey('abc', $this->session);
		305	static::assertNull($this->session['abc']);
		306	}
		307
		308	/**
		309	* Test deleting an existing entry in the session array
		310	*/
		311	public function testDeleteSessionParameter(): void
		312	{
		313	$this->session['abc'] = 'def';
		314
		315	$this->sessionManager->deleteSessionParameter('abc');
		316
		317	static::assertArrayNotHasKey('abc', $this->session);
		318	}
		319
		320	/**
		321	* Test deleting a non existent entry in the session array
		322	*/
		323	public function testDeleteSessionParameterNotExisting(): void
		324	{
		325	$this->sessionManager->deleteSessionParameter('abc');
		326
		327	static::assertArrayNotHasKey('abc', $this->session);
		328	}
272	}	329	}