aboutsummaryrefslogtreecommitdiffhomepage
path: root/tests
diff options
context:
space:
mode:
Diffstat (limited to 'tests')
-rw-r--r--tests/front/controller/SessionFilterControllerTest.php290
-rw-r--r--tests/front/controller/ShaarliControllerTest.php131
-rw-r--r--tests/security/SessionManagerTest.php57
3 files changed, 478 insertions, 0 deletions
diff --git a/tests/front/controller/SessionFilterControllerTest.php b/tests/front/controller/SessionFilterControllerTest.php
new file mode 100644
index 00000000..f541de03
--- /dev/null
+++ b/tests/front/controller/SessionFilterControllerTest.php
@@ -0,0 +1,290 @@
1<?php
2
3declare(strict_types=1);
4
5namespace Shaarli\Front\Controller;
6
7use PHPUnit\Framework\TestCase;
8use Shaarli\Security\SessionManager;
9use Slim\Http\Request;
10use Slim\Http\Response;
11
12class SessionFilterControllerTest extends TestCase
13{
14 use FrontControllerMockHelper;
15
16 /** @var SessionFilterController */
17 protected $controller;
18
19 public function setUp(): void
20 {
21 $this->createContainer();
22
23 $this->controller = new SessionFilterController($this->container);
24 }
25
26 /**
27 * Link per page - Default call with valid parameter and a referer.
28 */
29 public function testLinksPerPage(): void
30 {
31 $this->createValidContainerMockSet();
32
33 $this->container->environment = ['HTTP_REFERER' => 'http://shaarli/subfolder/controller/?searchtag=abc'];
34
35 $request = $this->createMock(Request::class);
36 $request->method('getParam')->with('nb')->willReturn('8');
37 $response = new Response();
38
39 $this->container->sessionManager
40 ->expects(static::once())
41 ->method('setSessionParameter')
42 ->with(SessionManager::KEY_LINKS_PER_PAGE, 8)
43 ;
44
45 $result = $this->controller->linksPerPage($request, $response);
46
47 static::assertInstanceOf(Response::class, $result);
48 static::assertSame(302, $result->getStatusCode());
49 static::assertSame(['/subfolder/controller/?searchtag=abc'], $result->getHeader('location'));
50 }
51
52 /**
53 * Link per page - Invalid value, should use default value (20)
54 */
55 public function testLinksPerPageNotValid(): void
56 {
57 $this->createValidContainerMockSet();
58
59 $request = $this->createMock(Request::class);
60 $request->method('getParam')->with('nb')->willReturn('test');
61 $response = new Response();
62
63 $this->container->sessionManager
64 ->expects(static::once())
65 ->method('setSessionParameter')
66 ->with(SessionManager::KEY_LINKS_PER_PAGE, 20)
67 ;
68
69 $result = $this->controller->linksPerPage($request, $response);
70
71 static::assertInstanceOf(Response::class, $result);
72 static::assertSame(302, $result->getStatusCode());
73 static::assertSame(['./'], $result->getHeader('location'));
74 }
75
76 /**
77 * Visibility - Default call for private filter while logged in without current value
78 */
79 public function testVisibility(): void
80 {
81 $this->createValidContainerMockSet();
82
83 $arg = ['visibility' => 'private'];
84
85 $this->container->environment = ['HTTP_REFERER' => 'http://shaarli/subfolder/controller/?searchtag=abc'];
86
87 $this->container->loginManager->method('isLoggedIn')->willReturn(true);
88 $this->container->sessionManager
89 ->expects(static::once())
90 ->method('setSessionParameter')
91 ->with(SessionManager::KEY_VISIBILITY, 'private')
92 ;
93
94 $request = $this->createMock(Request::class);
95 $response = new Response();
96
97 $result = $this->controller->visibility($request, $response, $arg);
98
99 static::assertInstanceOf(Response::class, $result);
100 static::assertSame(302, $result->getStatusCode());
101 static::assertSame(['/subfolder/controller/?searchtag=abc'], $result->getHeader('location'));
102 }
103
104 /**
105 * Visibility - Toggle off private visibility
106 */
107 public function testVisibilityToggleOff(): void
108 {
109 $this->createValidContainerMockSet();
110
111 $arg = ['visibility' => 'private'];
112
113 $this->container->environment = ['HTTP_REFERER' => 'http://shaarli/subfolder/controller/?searchtag=abc'];
114
115 $this->container->loginManager->method('isLoggedIn')->willReturn(true);
116 $this->container->sessionManager
117 ->method('getSessionParameter')
118 ->with(SessionManager::KEY_VISIBILITY)
119 ->willReturn('private')
120 ;
121 $this->container->sessionManager
122 ->expects(static::never())
123 ->method('setSessionParameter')
124 ;
125 $this->container->sessionManager
126 ->expects(static::once())
127 ->method('deleteSessionParameter')
128 ->with(SessionManager::KEY_VISIBILITY)
129 ;
130
131 $request = $this->createMock(Request::class);
132 $response = new Response();
133
134 $result = $this->controller->visibility($request, $response, $arg);
135
136 static::assertInstanceOf(Response::class, $result);
137 static::assertSame(302, $result->getStatusCode());
138 static::assertSame(['/subfolder/controller/?searchtag=abc'], $result->getHeader('location'));
139 }
140
141 /**
142 * Visibility - Change private to public
143 */
144 public function testVisibilitySwitch(): void
145 {
146 $this->createValidContainerMockSet();
147
148 $arg = ['visibility' => 'private'];
149
150 $this->container->loginManager->method('isLoggedIn')->willReturn(true);
151 $this->container->sessionManager
152 ->method('getSessionParameter')
153 ->with(SessionManager::KEY_VISIBILITY)
154 ->willReturn('public')
155 ;
156 $this->container->sessionManager
157 ->expects(static::once())
158 ->method('setSessionParameter')
159 ->with(SessionManager::KEY_VISIBILITY, 'private')
160 ;
161
162 $request = $this->createMock(Request::class);
163 $response = new Response();
164
165 $result = $this->controller->visibility($request, $response, $arg);
166
167 static::assertInstanceOf(Response::class, $result);
168 static::assertSame(302, $result->getStatusCode());
169 static::assertSame(['./'], $result->getHeader('location'));
170 }
171
172 /**
173 * Visibility - With invalid value - should remove any visibility setting
174 */
175 public function testVisibilityInvalidValue(): void
176 {
177 $this->createValidContainerMockSet();
178
179 $arg = ['visibility' => 'test'];
180
181 $this->container->environment = ['HTTP_REFERER' => 'http://shaarli/subfolder/controller/?searchtag=abc'];
182
183 $this->container->loginManager->method('isLoggedIn')->willReturn(true);
184 $this->container->sessionManager
185 ->expects(static::never())
186 ->method('setSessionParameter')
187 ;
188 $this->container->sessionManager
189 ->expects(static::once())
190 ->method('deleteSessionParameter')
191 ->with(SessionManager::KEY_VISIBILITY)
192 ;
193
194 $request = $this->createMock(Request::class);
195 $response = new Response();
196
197 $result = $this->controller->visibility($request, $response, $arg);
198
199 static::assertInstanceOf(Response::class, $result);
200 static::assertSame(302, $result->getStatusCode());
201 static::assertSame(['/subfolder/controller/?searchtag=abc'], $result->getHeader('location'));
202 }
203
204 /**
205 * Visibility - Try to change visibility while logged out
206 */
207 public function testVisibilityLoggedOut(): void
208 {
209 $this->createValidContainerMockSet();
210
211 $arg = ['visibility' => 'test'];
212
213 $this->container->environment = ['HTTP_REFERER' => 'http://shaarli/subfolder/controller/?searchtag=abc'];
214
215 $this->container->loginManager->method('isLoggedIn')->willReturn(false);
216 $this->container->sessionManager
217 ->expects(static::never())
218 ->method('setSessionParameter')
219 ;
220 $this->container->sessionManager
221 ->expects(static::never())
222 ->method('deleteSessionParameter')
223 ->with(SessionManager::KEY_VISIBILITY)
224 ;
225
226 $request = $this->createMock(Request::class);
227 $response = new Response();
228
229 $result = $this->controller->visibility($request, $response, $arg);
230
231 static::assertInstanceOf(Response::class, $result);
232 static::assertSame(302, $result->getStatusCode());
233 static::assertSame(['/subfolder/controller/?searchtag=abc'], $result->getHeader('location'));
234 }
235
236 /**
237 * Untagged only - valid call
238 */
239 public function testUntaggedOnly(): void
240 {
241 $this->createValidContainerMockSet();
242
243 $this->container->environment = ['HTTP_REFERER' => 'http://shaarli/subfolder/controller/?searchtag=abc'];
244
245 $request = $this->createMock(Request::class);
246 $response = new Response();
247
248 $this->container->sessionManager
249 ->expects(static::once())
250 ->method('setSessionParameter')
251 ->with(SessionManager::KEY_UNTAGGED_ONLY, true)
252 ;
253
254 $result = $this->controller->untaggedOnly($request, $response);
255
256 static::assertInstanceOf(Response::class, $result);
257 static::assertSame(302, $result->getStatusCode());
258 static::assertSame(['/subfolder/controller/?searchtag=abc'], $result->getHeader('location'));
259 }
260
261 /**
262 * Untagged only - toggle off
263 */
264 public function testUntaggedOnlyToggleOff(): void
265 {
266 $this->createValidContainerMockSet();
267
268 $this->container->environment = ['HTTP_REFERER' => 'http://shaarli/subfolder/controller/?searchtag=abc'];
269
270 $request = $this->createMock(Request::class);
271 $response = new Response();
272
273 $this->container->sessionManager
274 ->method('getSessionParameter')
275 ->with(SessionManager::KEY_UNTAGGED_ONLY)
276 ->willReturn(true)
277 ;
278 $this->container->sessionManager
279 ->expects(static::once())
280 ->method('setSessionParameter')
281 ->with(SessionManager::KEY_UNTAGGED_ONLY, false)
282 ;
283
284 $result = $this->controller->untaggedOnly($request, $response);
285
286 static::assertInstanceOf(Response::class, $result);
287 static::assertSame(302, $result->getStatusCode());
288 static::assertSame(['/subfolder/controller/?searchtag=abc'], $result->getHeader('location'));
289 }
290}
diff --git a/tests/front/controller/ShaarliControllerTest.php b/tests/front/controller/ShaarliControllerTest.php
index 3efe4d95..a6011b49 100644
--- a/tests/front/controller/ShaarliControllerTest.php
+++ b/tests/front/controller/ShaarliControllerTest.php
@@ -6,6 +6,7 @@ namespace Shaarli\Front\Controller;
6 6
7use PHPUnit\Framework\TestCase; 7use PHPUnit\Framework\TestCase;
8use Shaarli\Bookmark\BookmarkFilter; 8use Shaarli\Bookmark\BookmarkFilter;
9use Slim\Http\Response;
9 10
10/** 11/**
11 * Class ShaarliControllerTest 12 * Class ShaarliControllerTest
@@ -38,6 +39,14 @@ class ShaarliControllerTest extends TestCase
38 { 39 {
39 return parent::render($template); 40 return parent::render($template);
40 } 41 }
42
43 public function redirectFromReferer(
44 Response $response,
45 array $loopTerms = [],
46 array $clearParams = []
47 ): Response {
48 return parent::redirectFromReferer($response, $loopTerms, $clearParams);
49 }
41 }; 50 };
42 $this->assignedValues = []; 51 $this->assignedValues = [];
43 } 52 }
@@ -91,4 +100,126 @@ class ShaarliControllerTest extends TestCase
91 static::assertSame('templateName', $this->assignedValues['plugins_footer']['render_footer']['target']); 100 static::assertSame('templateName', $this->assignedValues['plugins_footer']['render_footer']['target']);
92 static::assertTrue($this->assignedValues['plugins_footer']['render_footer']['loggedin']); 101 static::assertTrue($this->assignedValues['plugins_footer']['render_footer']['loggedin']);
93 } 102 }
103
104 /**
105 * Test redirectFromReferer() - Default behaviour
106 */
107 public function testRedirectFromRefererDefault(): void
108 {
109 $this->createValidContainerMockSet();
110
111 $this->container->environment['HTTP_REFERER'] = 'http://shaarli.tld/subfolder/controller?query=param&other=2';
112
113 $response = new Response();
114
115 $result = $this->controller->redirectFromReferer($response);
116
117 static::assertSame(302, $result->getStatusCode());
118 static::assertSame(['/subfolder/controller?query=param&other=2'], $result->getHeader('location'));
119 }
120
121 /**
122 * Test redirectFromReferer() - With a loop term not matched in the referer
123 */
124 public function testRedirectFromRefererWithUnmatchedLoopTerm(): void
125 {
126 $this->createValidContainerMockSet();
127
128 $this->container->environment['HTTP_REFERER'] = 'http://shaarli.tld/subfolder/controller?query=param&other=2';
129
130 $response = new Response();
131
132 $result = $this->controller->redirectFromReferer($response, ['nope']);
133
134 static::assertSame(302, $result->getStatusCode());
135 static::assertSame(['/subfolder/controller?query=param&other=2'], $result->getHeader('location'));
136 }
137
138 /**
139 * Test redirectFromReferer() - With a loop term matching the referer in its path -> redirect to default
140 */
141 public function testRedirectFromRefererWithMatchingLoopTermInPath(): void
142 {
143 $this->createValidContainerMockSet();
144
145 $this->container->environment['HTTP_REFERER'] = 'http://shaarli.tld/subfolder/controller?query=param&other=2';
146
147 $response = new Response();
148
149 $result = $this->controller->redirectFromReferer($response, ['nope', 'controller']);
150
151 static::assertSame(302, $result->getStatusCode());
152 static::assertSame(['./'], $result->getHeader('location'));
153 }
154
155 /**
156 * Test redirectFromReferer() - With a loop term matching the referer in its query parameters -> redirect to default
157 */
158 public function testRedirectFromRefererWithMatchingLoopTermInQueryParam(): void
159 {
160 $this->createValidContainerMockSet();
161
162 $this->container->environment['HTTP_REFERER'] = 'http://shaarli.tld/subfolder/controller?query=param&other=2';
163
164 $response = new Response();
165
166 $result = $this->controller->redirectFromReferer($response, ['nope', 'other']);
167
168 static::assertSame(302, $result->getStatusCode());
169 static::assertSame(['./'], $result->getHeader('location'));
170 }
171
172 /**
173 * Test redirectFromReferer() - With a loop term matching the referer in its query value
174 * -> we do not block redirection for query parameter values.
175 */
176 public function testRedirectFromRefererWithMatchingLoopTermInQueryValue(): void
177 {
178 $this->createValidContainerMockSet();
179
180 $this->container->environment['HTTP_REFERER'] = 'http://shaarli.tld/subfolder/controller?query=param&other=2';
181
182 $response = new Response();
183
184 $result = $this->controller->redirectFromReferer($response, ['nope', 'param']);
185
186 static::assertSame(302, $result->getStatusCode());
187 static::assertSame(['/subfolder/controller?query=param&other=2'], $result->getHeader('location'));
188 }
189
190 /**
191 * Test redirectFromReferer() - With a loop term matching the referer in its domain name
192 * -> we do not block redirection for shaarli's hosts
193 */
194 public function testRedirectFromRefererWithLoopTermInDomain(): void
195 {
196 $this->createValidContainerMockSet();
197
198 $this->container->environment['HTTP_REFERER'] = 'http://shaarli.tld/subfolder/controller?query=param&other=2';
199
200 $response = new Response();
201
202 $result = $this->controller->redirectFromReferer($response, ['shaarli']);
203
204 static::assertSame(302, $result->getStatusCode());
205 static::assertSame(['/subfolder/controller?query=param&other=2'], $result->getHeader('location'));
206 }
207
208 /**
209 * Test redirectFromReferer() - With a loop term matching a query parameter AND clear this query param
210 * -> the param should be cleared before checking if it matches the redir loop terms
211 */
212 public function testRedirectFromRefererWithMatchingClearedParam(): void
213 {
214 $this->createValidContainerMockSet();
215
216 $this->container->environment['HTTP_REFERER'] = 'http://shaarli.tld/subfolder/controller?query=param&other=2';
217
218 $response = new Response();
219
220 $result = $this->controller->redirectFromReferer($response, ['query'], ['query']);
221
222 static::assertSame(302, $result->getStatusCode());
223 static::assertSame(['/subfolder/controller?other=2'], $result->getHeader('location'));
224 }
94} 225}
diff --git a/tests/security/SessionManagerTest.php b/tests/security/SessionManagerTest.php
index f264505e..d9db775e 100644
--- a/tests/security/SessionManagerTest.php
+++ b/tests/security/SessionManagerTest.php
@@ -269,4 +269,61 @@ class SessionManagerTest extends TestCase
269 $this->session['ip'] = 'ip_id_one'; 269 $this->session['ip'] = 'ip_id_one';
270 $this->assertTrue($this->sessionManager->hasClientIpChanged('ip_id_two')); 270 $this->assertTrue($this->sessionManager->hasClientIpChanged('ip_id_two'));
271 } 271 }
272
273 /**
274 * Test creating an entry in the session array
275 */
276 public function testSetSessionParameterCreate(): void
277 {
278 $this->sessionManager->setSessionParameter('abc', 'def');
279
280 static::assertSame('def', $this->session['abc']);
281 }
282
283 /**
284 * Test updating an entry in the session array
285 */
286 public function testSetSessionParameterUpdate(): void
287 {
288 $this->session['abc'] = 'ghi';
289
290 $this->sessionManager->setSessionParameter('abc', 'def');
291
292 static::assertSame('def', $this->session['abc']);
293 }
294
295 /**
296 * Test updating an entry in the session array with null value
297 */
298 public function testSetSessionParameterUpdateNull(): void
299 {
300 $this->session['abc'] = 'ghi';
301
302 $this->sessionManager->setSessionParameter('abc', null);
303
304 static::assertArrayHasKey('abc', $this->session);
305 static::assertNull($this->session['abc']);
306 }
307
308 /**
309 * Test deleting an existing entry in the session array
310 */
311 public function testDeleteSessionParameter(): void
312 {
313 $this->session['abc'] = 'def';
314
315 $this->sessionManager->deleteSessionParameter('abc');
316
317 static::assertArrayNotHasKey('abc', $this->session);
318 }
319
320 /**
321 * Test deleting a non existent entry in the session array
322 */
323 public function testDeleteSessionParameterNotExisting(): void
324 {
325 $this->sessionManager->deleteSessionParameter('abc');
326
327 static::assertArrayNotHasKey('abc', $this->session);
328 }
272} 329}