diff options
Diffstat (limited to 'tests/front/controller/ShaarliControllerTest.php')
| -rw-r--r-- | tests/front/controller/ShaarliControllerTest.php | 131 |
1 files changed, 131 insertions, 0 deletions
diff --git a/tests/front/controller/ShaarliControllerTest.php b/tests/front/controller/ShaarliControllerTest.php index 3efe4d95..a6011b49 100644 --- a/tests/front/controller/ShaarliControllerTest.php +++ b/tests/front/controller/ShaarliControllerTest.php | |||
| @@ -6,6 +6,7 @@ namespace Shaarli\Front\Controller; | |||
| 6 | 6 | ||
| 7 | use PHPUnit\Framework\TestCase; | 7 | use PHPUnit\Framework\TestCase; |
| 8 | use Shaarli\Bookmark\BookmarkFilter; | 8 | use Shaarli\Bookmark\BookmarkFilter; |
| 9 | use Slim\Http\Response; | ||
| 9 | 10 | ||
| 10 | /** | 11 | /** |
| 11 | * Class ShaarliControllerTest | 12 | * Class ShaarliControllerTest |
| @@ -38,6 +39,14 @@ class ShaarliControllerTest extends TestCase | |||
| 38 | { | 39 | { |
| 39 | return parent::render($template); | 40 | return parent::render($template); |
| 40 | } | 41 | } |
| 42 | |||
| 43 | public function redirectFromReferer( | ||
| 44 | Response $response, | ||
| 45 | array $loopTerms = [], | ||
| 46 | array $clearParams = [] | ||
| 47 | ): Response { | ||
| 48 | return parent::redirectFromReferer($response, $loopTerms, $clearParams); | ||
| 49 | } | ||
| 41 | }; | 50 | }; |
| 42 | $this->assignedValues = []; | 51 | $this->assignedValues = []; |
| 43 | } | 52 | } |
| @@ -91,4 +100,126 @@ class ShaarliControllerTest extends TestCase | |||
| 91 | static::assertSame('templateName', $this->assignedValues['plugins_footer']['render_footer']['target']); | 100 | static::assertSame('templateName', $this->assignedValues['plugins_footer']['render_footer']['target']); |
| 92 | static::assertTrue($this->assignedValues['plugins_footer']['render_footer']['loggedin']); | 101 | static::assertTrue($this->assignedValues['plugins_footer']['render_footer']['loggedin']); |
| 93 | } | 102 | } |
| 103 | |||
| 104 | /** | ||
| 105 | * Test redirectFromReferer() - Default behaviour | ||
| 106 | */ | ||
| 107 | public function testRedirectFromRefererDefault(): void | ||
| 108 | { | ||
| 109 | $this->createValidContainerMockSet(); | ||
| 110 | |||
| 111 | $this->container->environment['HTTP_REFERER'] = 'http://shaarli.tld/subfolder/controller?query=param&other=2'; | ||
| 112 | |||
| 113 | $response = new Response(); | ||
| 114 | |||
| 115 | $result = $this->controller->redirectFromReferer($response); | ||
| 116 | |||
| 117 | static::assertSame(302, $result->getStatusCode()); | ||
| 118 | static::assertSame(['/subfolder/controller?query=param&other=2'], $result->getHeader('location')); | ||
| 119 | } | ||
| 120 | |||
| 121 | /** | ||
| 122 | * Test redirectFromReferer() - With a loop term not matched in the referer | ||
| 123 | */ | ||
| 124 | public function testRedirectFromRefererWithUnmatchedLoopTerm(): void | ||
| 125 | { | ||
| 126 | $this->createValidContainerMockSet(); | ||
| 127 | |||
| 128 | $this->container->environment['HTTP_REFERER'] = 'http://shaarli.tld/subfolder/controller?query=param&other=2'; | ||
| 129 | |||
| 130 | $response = new Response(); | ||
| 131 | |||
| 132 | $result = $this->controller->redirectFromReferer($response, ['nope']); | ||
| 133 | |||
| 134 | static::assertSame(302, $result->getStatusCode()); | ||
| 135 | static::assertSame(['/subfolder/controller?query=param&other=2'], $result->getHeader('location')); | ||
| 136 | } | ||
| 137 | |||
| 138 | /** | ||
| 139 | * Test redirectFromReferer() - With a loop term matching the referer in its path -> redirect to default | ||
| 140 | */ | ||
| 141 | public function testRedirectFromRefererWithMatchingLoopTermInPath(): void | ||
| 142 | { | ||
| 143 | $this->createValidContainerMockSet(); | ||
| 144 | |||
| 145 | $this->container->environment['HTTP_REFERER'] = 'http://shaarli.tld/subfolder/controller?query=param&other=2'; | ||
| 146 | |||
| 147 | $response = new Response(); | ||
| 148 | |||
| 149 | $result = $this->controller->redirectFromReferer($response, ['nope', 'controller']); | ||
| 150 | |||
| 151 | static::assertSame(302, $result->getStatusCode()); | ||
| 152 | static::assertSame(['./'], $result->getHeader('location')); | ||
| 153 | } | ||
| 154 | |||
| 155 | /** | ||
| 156 | * Test redirectFromReferer() - With a loop term matching the referer in its query parameters -> redirect to default | ||
| 157 | */ | ||
| 158 | public function testRedirectFromRefererWithMatchingLoopTermInQueryParam(): void | ||
| 159 | { | ||
| 160 | $this->createValidContainerMockSet(); | ||
| 161 | |||
| 162 | $this->container->environment['HTTP_REFERER'] = 'http://shaarli.tld/subfolder/controller?query=param&other=2'; | ||
| 163 | |||
| 164 | $response = new Response(); | ||
| 165 | |||
| 166 | $result = $this->controller->redirectFromReferer($response, ['nope', 'other']); | ||
| 167 | |||
| 168 | static::assertSame(302, $result->getStatusCode()); | ||
| 169 | static::assertSame(['./'], $result->getHeader('location')); | ||
| 170 | } | ||
| 171 | |||
| 172 | /** | ||
| 173 | * Test redirectFromReferer() - With a loop term matching the referer in its query value | ||
| 174 | * -> we do not block redirection for query parameter values. | ||
| 175 | */ | ||
| 176 | public function testRedirectFromRefererWithMatchingLoopTermInQueryValue(): void | ||
| 177 | { | ||
| 178 | $this->createValidContainerMockSet(); | ||
| 179 | |||
| 180 | $this->container->environment['HTTP_REFERER'] = 'http://shaarli.tld/subfolder/controller?query=param&other=2'; | ||
| 181 | |||
| 182 | $response = new Response(); | ||
| 183 | |||
| 184 | $result = $this->controller->redirectFromReferer($response, ['nope', 'param']); | ||
| 185 | |||
| 186 | static::assertSame(302, $result->getStatusCode()); | ||
| 187 | static::assertSame(['/subfolder/controller?query=param&other=2'], $result->getHeader('location')); | ||
| 188 | } | ||
| 189 | |||
| 190 | /** | ||
| 191 | * Test redirectFromReferer() - With a loop term matching the referer in its domain name | ||
| 192 | * -> we do not block redirection for shaarli's hosts | ||
| 193 | */ | ||
| 194 | public function testRedirectFromRefererWithLoopTermInDomain(): void | ||
| 195 | { | ||
| 196 | $this->createValidContainerMockSet(); | ||
| 197 | |||
| 198 | $this->container->environment['HTTP_REFERER'] = 'http://shaarli.tld/subfolder/controller?query=param&other=2'; | ||
| 199 | |||
| 200 | $response = new Response(); | ||
| 201 | |||
| 202 | $result = $this->controller->redirectFromReferer($response, ['shaarli']); | ||
| 203 | |||
| 204 | static::assertSame(302, $result->getStatusCode()); | ||
| 205 | static::assertSame(['/subfolder/controller?query=param&other=2'], $result->getHeader('location')); | ||
| 206 | } | ||
| 207 | |||
| 208 | /** | ||
| 209 | * Test redirectFromReferer() - With a loop term matching a query parameter AND clear this query param | ||
| 210 | * -> the param should be cleared before checking if it matches the redir loop terms | ||
| 211 | */ | ||
| 212 | public function testRedirectFromRefererWithMatchingClearedParam(): void | ||
| 213 | { | ||
| 214 | $this->createValidContainerMockSet(); | ||
| 215 | |||
| 216 | $this->container->environment['HTTP_REFERER'] = 'http://shaarli.tld/subfolder/controller?query=param&other=2'; | ||
| 217 | |||
| 218 | $response = new Response(); | ||
| 219 | |||
| 220 | $result = $this->controller->redirectFromReferer($response, ['query'], ['query']); | ||
| 221 | |||
| 222 | static::assertSame(302, $result->getStatusCode()); | ||
| 223 | static::assertSame(['/subfolder/controller?other=2'], $result->getHeader('location')); | ||
| 224 | } | ||
| 94 | } | 225 | } |