diff options
3 files changed, 203 insertions, 2 deletions
diff --git a/application/front/controller/admin/ShaarliAdminController.php b/application/front/controller/admin/ShaarliAdminController.php index 3385006c..3bc5bb6b 100644 --- a/application/front/controller/admin/ShaarliAdminController.php +++ b/application/front/controller/admin/ShaarliAdminController.php | |||
@@ -34,11 +34,13 @@ abstract class ShaarliAdminController extends ShaarliVisitorController | |||
34 | /** | 34 | /** |
35 | * Any persistent action to the config or data store must check the XSRF token validity. | 35 | * Any persistent action to the config or data store must check the XSRF token validity. |
36 | */ | 36 | */ |
37 | protected function checkToken(Request $request): void | 37 | protected function checkToken(Request $request): bool |
38 | { | 38 | { |
39 | if (!$this->container->sessionManager->checkToken($request->getParam('token'))) { | 39 | if (!$this->container->sessionManager->checkToken($request->getParam('token'))) { |
40 | throw new WrongTokenException(); | 40 | throw new WrongTokenException(); |
41 | } | 41 | } |
42 | |||
43 | return true; | ||
42 | } | 44 | } |
43 | 45 | ||
44 | /** | 46 | /** |
diff --git a/tests/front/controller/admin/ShaarliAdminControllerTest.php b/tests/front/controller/admin/ShaarliAdminControllerTest.php new file mode 100644 index 00000000..7c5f50a6 --- /dev/null +++ b/tests/front/controller/admin/ShaarliAdminControllerTest.php | |||
@@ -0,0 +1,199 @@ | |||
1 | <?php | ||
2 | |||
3 | declare(strict_types=1); | ||
4 | |||
5 | namespace Shaarli\Front\Controller\Admin; | ||
6 | |||
7 | use PHPUnit\Framework\TestCase; | ||
8 | use Shaarli\Front\Exception\UnauthorizedException; | ||
9 | use Shaarli\Front\Exception\WrongTokenException; | ||
10 | use Shaarli\Security\LoginManager; | ||
11 | use Shaarli\Security\SessionManager; | ||
12 | use Slim\Http\Request; | ||
13 | |||
14 | /** | ||
15 | * Class ShaarliControllerTest | ||
16 | * | ||
17 | * This class is used to test default behavior of ShaarliAdminController abstract class. | ||
18 | * It uses a dummy non abstract controller. | ||
19 | */ | ||
20 | class ShaarliAdminControllerTest extends TestCase | ||
21 | { | ||
22 | use FrontAdminControllerMockHelper; | ||
23 | |||
24 | /** @var ShaarliAdminController */ | ||
25 | protected $controller; | ||
26 | |||
27 | public function setUp(): void | ||
28 | { | ||
29 | $this->createContainer(); | ||
30 | |||
31 | $this->controller = new class($this->container) extends ShaarliAdminController | ||
32 | { | ||
33 | public function checkToken(Request $request): bool | ||
34 | { | ||
35 | return parent::checkToken($request); | ||
36 | } | ||
37 | |||
38 | public function saveSuccessMessage(string $message): void | ||
39 | { | ||
40 | parent::saveSuccessMessage($message); | ||
41 | } | ||
42 | |||
43 | public function saveWarningMessage(string $message): void | ||
44 | { | ||
45 | parent::saveWarningMessage($message); | ||
46 | } | ||
47 | |||
48 | public function saveErrorMessage(string $message): void | ||
49 | { | ||
50 | parent::saveErrorMessage($message); | ||
51 | } | ||
52 | }; | ||
53 | } | ||
54 | |||
55 | /** | ||
56 | * Creating an instance of an admin controller while logged out should raise an exception. | ||
57 | */ | ||
58 | public function testInstantiateWhileLoggedOut(): void | ||
59 | { | ||
60 | $this->expectException(UnauthorizedException::class); | ||
61 | |||
62 | $this->container->loginManager = $this->createMock(LoginManager::class); | ||
63 | $this->container->loginManager->method('isLoggedIn')->willReturn(false); | ||
64 | |||
65 | $this->controller = new class($this->container) extends ShaarliAdminController {}; | ||
66 | } | ||
67 | |||
68 | /** | ||
69 | * Trigger controller's checkToken with a valid token. | ||
70 | */ | ||
71 | public function testCheckTokenWithValidToken(): void | ||
72 | { | ||
73 | $request = $this->createMock(Request::class); | ||
74 | $request->method('getParam')->with('token')->willReturn($token = '12345'); | ||
75 | |||
76 | $this->container->sessionManager = $this->createMock(SessionManager::class); | ||
77 | $this->container->sessionManager->method('checkToken')->with($token)->willReturn(true); | ||
78 | |||
79 | static::assertTrue($this->controller->checkToken($request)); | ||
80 | } | ||
81 | |||
82 | /** | ||
83 | * Trigger controller's checkToken with na valid token should raise an exception. | ||
84 | */ | ||
85 | public function testCheckTokenWithNotValidToken(): void | ||
86 | { | ||
87 | $request = $this->createMock(Request::class); | ||
88 | $request->method('getParam')->with('token')->willReturn($token = '12345'); | ||
89 | |||
90 | $this->container->sessionManager = $this->createMock(SessionManager::class); | ||
91 | $this->container->sessionManager->method('checkToken')->with($token)->willReturn(false); | ||
92 | |||
93 | $this->expectException(WrongTokenException::class); | ||
94 | |||
95 | $this->controller->checkToken($request); | ||
96 | } | ||
97 | |||
98 | /** | ||
99 | * Test saveSuccessMessage() with a first message. | ||
100 | */ | ||
101 | public function testSaveSuccessMessage(): void | ||
102 | { | ||
103 | $this->container->sessionManager | ||
104 | ->expects(static::once()) | ||
105 | ->method('setSessionParameter') | ||
106 | ->with(SessionManager::KEY_SUCCESS_MESSAGES, [$message = 'bravo!']) | ||
107 | ; | ||
108 | |||
109 | $this->controller->saveSuccessMessage($message); | ||
110 | } | ||
111 | |||
112 | /** | ||
113 | * Test saveSuccessMessage() with existing messages. | ||
114 | */ | ||
115 | public function testSaveSuccessMessageWithExistingMessages(): void | ||
116 | { | ||
117 | $this->container->sessionManager | ||
118 | ->expects(static::once()) | ||
119 | ->method('getSessionParameter') | ||
120 | ->with(SessionManager::KEY_SUCCESS_MESSAGES) | ||
121 | ->willReturn(['success1', 'success2']) | ||
122 | ; | ||
123 | $this->container->sessionManager | ||
124 | ->expects(static::once()) | ||
125 | ->method('setSessionParameter') | ||
126 | ->with(SessionManager::KEY_SUCCESS_MESSAGES, ['success1', 'success2', $message = 'bravo!']) | ||
127 | ; | ||
128 | |||
129 | $this->controller->saveSuccessMessage($message); | ||
130 | } | ||
131 | |||
132 | /** | ||
133 | * Test saveWarningMessage() with a first message. | ||
134 | */ | ||
135 | public function testSaveWarningMessage(): void | ||
136 | { | ||
137 | $this->container->sessionManager | ||
138 | ->expects(static::once()) | ||
139 | ->method('setSessionParameter') | ||
140 | ->with(SessionManager::KEY_WARNING_MESSAGES, [$message = 'warning!']) | ||
141 | ; | ||
142 | |||
143 | $this->controller->saveWarningMessage($message); | ||
144 | } | ||
145 | |||
146 | /** | ||
147 | * Test saveWarningMessage() with existing messages. | ||
148 | */ | ||
149 | public function testSaveWarningMessageWithExistingMessages(): void | ||
150 | { | ||
151 | $this->container->sessionManager | ||
152 | ->expects(static::once()) | ||
153 | ->method('getSessionParameter') | ||
154 | ->with(SessionManager::KEY_WARNING_MESSAGES) | ||
155 | ->willReturn(['warning1', 'warning2']) | ||
156 | ; | ||
157 | $this->container->sessionManager | ||
158 | ->expects(static::once()) | ||
159 | ->method('setSessionParameter') | ||
160 | ->with(SessionManager::KEY_WARNING_MESSAGES, ['warning1', 'warning2', $message = 'warning!']) | ||
161 | ; | ||
162 | |||
163 | $this->controller->saveWarningMessage($message); | ||
164 | } | ||
165 | |||
166 | /** | ||
167 | * Test saveErrorMessage() with a first message. | ||
168 | */ | ||
169 | public function testSaveErrorMessage(): void | ||
170 | { | ||
171 | $this->container->sessionManager | ||
172 | ->expects(static::once()) | ||
173 | ->method('setSessionParameter') | ||
174 | ->with(SessionManager::KEY_ERROR_MESSAGES, [$message = 'error!']) | ||
175 | ; | ||
176 | |||
177 | $this->controller->saveErrorMessage($message); | ||
178 | } | ||
179 | |||
180 | /** | ||
181 | * Test saveErrorMessage() with existing messages. | ||
182 | */ | ||
183 | public function testSaveErrorMessageWithExistingMessages(): void | ||
184 | { | ||
185 | $this->container->sessionManager | ||
186 | ->expects(static::once()) | ||
187 | ->method('getSessionParameter') | ||
188 | ->with(SessionManager::KEY_ERROR_MESSAGES) | ||
189 | ->willReturn(['error1', 'error2']) | ||
190 | ; | ||
191 | $this->container->sessionManager | ||
192 | ->expects(static::once()) | ||
193 | ->method('setSessionParameter') | ||
194 | ->with(SessionManager::KEY_ERROR_MESSAGES, ['error1', 'error2', $message = 'error!']) | ||
195 | ; | ||
196 | |||
197 | $this->controller->saveErrorMessage($message); | ||
198 | } | ||
199 | } | ||
diff --git a/tests/front/controller/visitor/ShaarliPublicControllerTest.php b/tests/front/controller/visitor/ShaarliPublicControllerTest.php index 1f7d57ad..899b280b 100644 --- a/tests/front/controller/visitor/ShaarliPublicControllerTest.php +++ b/tests/front/controller/visitor/ShaarliPublicControllerTest.php | |||
@@ -16,7 +16,7 @@ use Slim\Http\Uri; | |||
16 | * This class is used to test default behavior of ShaarliController abstract class. | 16 | * This class is used to test default behavior of ShaarliController abstract class. |
17 | * It uses a dummy non abstract controller. | 17 | * It uses a dummy non abstract controller. |
18 | */ | 18 | */ |
19 | class ShaarliControllerTest extends TestCase | 19 | class ShaarliPublicControllerTest extends TestCase |
20 | { | 20 | { |
21 | use FrontControllerMockHelper; | 21 | use FrontControllerMockHelper; |
22 | 22 | ||