aboutsummaryrefslogtreecommitdiffhomepage
path: root/tests
Commit message (Collapse)AuthorAgeFilesLines
* SessionManager+LoginManager: fix checkLoginState logicVirtualTam2018-06-021-5/+10
| | | | Signed-off-by: VirtualTam <virtualtam@flibidi.net>
* Add test coverage for LoginManager methodsVirtualTam2018-06-023-6/+157
| | | | Signed-off-by: VirtualTam <virtualtam@flibidi.net>
* SessionManager: remove unused UID tokenVirtualTam2018-06-021-13/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | There already are dedicated tokens for: - CSRF protection - user stay-signed-in feature, via cookie This token was most likely intended as a randomly generated, server-side, secret key to be used when generating hashes. See http://sebsauvage.net/wiki/doku.php?id=php:session [FR] Relevant section: Une clé secrète unique aléatoire est générée côté serveur (et jamais envoyée). Elle peut servir pour signer les formulaires (HMAC) ou générer des token de formulaires (protection contre XSRF). Voir $_SESSION['uid']. Translation: A unique, server-side secret key is randomly generated (and never transmitted). It can be used to sign forms (HMAC) or generate form tokens (protection against XSRF). See $_SESSION['uid'] Signed-off-by: VirtualTam <virtualtam@flibidi.net>
* Refactor LoginManager stay-signed-in token managementVirtualTam2018-06-021-0/+31
| | | | Signed-off-by: VirtualTam <virtualtam@flibidi.net>
* Refactor session and cookie timeout controlVirtualTam2018-06-021-22/+159
| | | | Signed-off-by: VirtualTam <virtualtam@flibidi.net>
* Move LoginManager and SessionManager to the Security namespaceVirtualTam2018-06-022-2/+2
| | | | Signed-off-by: VirtualTam <virtualtam@flibidi.net>
* Refactor user credential validation at login timeVirtualTam2018-05-291-2/+2
| | | | | | | | Changed: - move login/password verification to LoginManager - code cleanup Signed-off-by: VirtualTam <virtualtam@flibidi.net>
* Refactor client session hijacking protectionVirtualTam2018-05-291-0/+52
| | | | Signed-off-by: VirtualTam <virtualtam@flibidi.net>
* Fix feed permalink rendering with markdown escape set to trueArthurHoaro2018-05-191-0/+55
| | | | Fixes #1134
* Update parsedown to its latest version instead of fixed 1.6ArthurHoaro2018-03-311-2/+2
|
* Merge pull request #1093 from ArthurHoaro/feature/theme-translationArthurHoaro2018-03-264-0/+68
|\ | | | | Load theme translations files automatically
| * Load theme translations files automaticallyArthurHoaro2018-03-264-0/+68
| | | | | | | | | | | | Fixes #1077 Take a look at the docs update to see how it works
* | Merge pull request #1096 from ArthurHoaro/feature/download-paramsArthurHoaro2018-03-131-0/+64
|\ \ | | | | | | Make max download size and timeout configurable
| * | Make max download size and timeout configurableArthurHoaro2018-03-071-0/+64
| |/ | | | | | | Fixes #1061
* / PSR: use elseif instead of else ifArthurHoaro2018-02-281-1/+1
|/ | | | See https://www.php-fig.org/psr/psr-2/\#51-if-elseif-else
* Ignore the case while checking DOCTYPE during the file importArthurHoaro2018-02-232-0/+23
| | | | Fixes #1091
* Refactor login / ban authentication stepsVirtualTam2018-02-052-1/+233
| | | | | | | | | | | | | | | | | Relates to https://github.com/shaarli/Shaarli/issues/324 Added: - Add the `LoginManager` class to manage logins and bans Changed: - Refactor IP ban management - Simplify logic - Avoid using globals, inject dependencies Fixed: - Use `ban_duration` instead of `ban_after` when setting a new ban Signed-off-by: VirtualTam <virtualtam@flibidi.net>
* Merge pull request #1074 from kalvn/feature/dailymarkdownArthurHoaro2018-02-021-17/+11
|\ | | | | Executes daily hooks before creating columns.
| * Executes daily hooks before creating columns.kalvn2018-02-011-17/+11
| |
* | Drop PHP 5.5 compatibility and upgrade PHPUnit to v5.xArthurHoaro2018-02-021-2/+4
|/ | | | PHPUnit 4.x contains deprecated PHP functions in PHP 7.2.
* Fix warnings when upgrading from legacy SebSauvage versionArthurHoaro2018-01-252-0/+15
| | | | Fixes #1040
* Merge pull request #977 from ArthurHoaro/feature/dl-filterArthurHoaro2018-01-231-20/+224
|\ | | | | Extract the title/charset during page download, and check content type
| * Extract the title/charset during page download, and check content typeArthurHoaro2017-10-281-20/+224
| | | | | | | | | | | | | | Use CURLOPT_WRITEFUNCTION to check the response code and content type (only allow HTML). Also extract the title and charset during downloading chunk of data, and stop it when everything has been extracted. Closes #579
* | Merge pull request #1025 from ArthurHoaro/hotfix/proxy-443ArthurHoaro2017-12-031-0/+32
|\ \ | | | | | | Force HTTPS if the original port is 443 behind a reverse proxy
| * | Force HTTPS if the original port is 443 behind a reverse proxyArthurHoaro2017-12-021-0/+32
| | | | | | | | | | | | Fixes #1022
* | | Improve SessionManager constructor and testsVirtualTam2017-11-082-21/+22
|/ / | | | | | | | | | | | | | | | | | | | | Relates to https://github.com/shaarli/Shaarli/pull/1005 Changed: - pass a copy of the ConfigManager instance instead of a reference - move FakeConfigManager to a dedicated file - update tests Signed-off-by: VirtualTam <virtualtam@flibidi.net>
* | Don't URL encode description links if parameter 'redirector.encode_url' is ↵ArthurHoaro2017-11-071-0/+15
| | | | | | | | set to false
* | Merge pull request #962 from ArthurHoaro/feature/perfs2ArthurHoaro2017-10-282-1/+35
|\ \ | | | | | | Performances: reorder links when they're written instead of read
| * | Performances: reorder links when they're written instead of readArthurHoaro2017-09-022-1/+35
| | | | | | | | | | | | relates to #891
* | | Improve SessionManager testsVirtualTam2017-10-241-0/+23
| | | | | | | | | | | | Signed-off-by: VirtualTam <virtualtam@flibidi.net>
* | | Move session ID check to SessionManagerVirtualTam2017-10-222-59/+66
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Relates to https://github.com/shaarli/Shaarli/issues/324 Changed: - `is_session_id_valid()` -> `SessionManager::checkId()` - update tests Signed-off-by: VirtualTam <virtualtam@flibidi.net>
* | | Refactor session token managementVirtualTam2017-10-221-0/+72
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Relates to https://github.com/shaarli/Shaarli/issues/324 Added: - `SessionManager` class to group session-related features - unit tests Changed: - `getToken()` -> `SessionManager->generateToken()` - `tokenOk()` -> `SessionManager->checkToken()` - inject a `$token` parameter to `PageBuilder`'s constructor Signed-off-by: VirtualTam <virtualtam@flibidi.net>
* | | Add language selection in the configure page of the default themeArthurHoaro2017-10-222-4/+8
| | |
* | | Shaarli's translationArthurHoaro2017-10-227-31/+388
| | | | | | | | | | | | | | | | | | | | | | | | | | | * translation system and unit tests * Translations everywhere Dont use translation merge It is not available with PHP builtin gettext, so it would have lead to inconsistency.
* | | Don't write History for link importArthurHoaro2017-10-071-43/+38
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | With large imports it has a large impact on performances and isn't really useful. Instead, write an IMPORT event, which let client using the history service resync its DB. -> 15k link import done in 6 seconds. Fixes #985
* | | Merge pull request #976 from ArthurHoaro/hotfix/url-parenthesesArthurHoaro2017-09-301-0/+10
|\ \ \ | |_|/ |/| | Fix parsing for description links with parentheses
| * | Fix parsing for description links with parenthesesArthurHoaro2017-09-291-0/+10
| | | | | | | | | | | | | | | | | | With markdown plugin disabled relates to #966
* | | Merge pull request #947 from thewilli/wildcardsearchArthurHoaro2017-09-291-0/+83
|\ \ \ | |/ / |/| | wildcard tag search support
| * | wildcard tag search supportWilli Eggeling2017-08-301-0/+83
| | | | | | | | | | | | | | | | | | | | | - when searching for tags you can now include '*' as wildcard placeholder - new search reduces overall overhead when filtering for tags - fixed combination with description tag search ('#' prefix) - tests added
* | | Tests: update localization testsVirtualTam2017-09-193-18/+18
| |/ |/| | | | | | | | | | | Rely on `mag_IN` (Magahi - INDIA) being unavailable when running localization test suites, instead of `pt_BR` that is now available from Travis build images. Signed-off-by: VirtualTam <virtualtam@flibidi.net>
* | Make work behind a reverse proxyArthurHoaro2017-09-021-0/+36
|/ | | | Without HTTP_X_FORWARDED_PORT check, might be set to false even though the user is using HTTPS, thus disabling Firefox Social block display
* Merge pull request #887 from ArthurHoaro/hotfix/dash-tag-renameArthurHoaro2017-08-051-0/+55
|\ | | | | Make sure that the tag exists before altering/removing it
| * Move tag renaming code to LinkDB and unit test itArthurHoaro2017-08-051-0/+55
| |
* | Merge pull request #889 from Lucas-C/masterVirtualTam2017-08-031-2/+1
|\ \ | | | | | | Using only one form in linklist.html - fix #885
| * | Using only one form in linklist.html + adding untaggedonly filter - fix #885Lucas Cimon2017-07-301-2/+1
| |/
* / Add tests to cover new server_url behaviorStephen Muth2017-07-121-0/+28
|/
* Merge pull request #880 from ArthurHoaro/hotfix/allowed-protocolsArthurHoaro2017-05-314-5/+92
|\ | | | | Add a whitelist of protocols for URLs
| * Add a whitelist of protocols for URLsArthurHoaro2017-05-254-5/+92
| | | | | | | | | | | | | | - for Shaare - for markdown description links and images Not whitelisted protocols will be replaced by `http://`
* | Merge pull request #841 from ArthurHoaro/feature/search-no-tagArthurHoaro2017-05-255-9/+46
|\ \ | | | | | | Empty tag search will look for not tagged links
| * | Empty tag search will look for not tagged linksArthurHoaro2017-05-255-9/+46
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes #784 From now, searching for tags with an empty value will return only not tagged links, with the search bar showing `x results [not tagged]`. Note that using the api, the searchtags request parameter must be set to `false` to get the same result. - [ ] Update API doc