aboutsummaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorKevin Decherf <kevin@kdecherf.com>2018-12-29 19:43:07 +0100
committerKevin Decherf <kevin@kdecherf.com>2018-12-30 01:34:49 +0100
commit0ee9848231d0a7a02fdc8e915d830ebaf6cc09c0 (patch)
tree55890da9a068a0cfbc8821de1d98433e8895a652
parent6708bf238de46d7ce861e3c0eeb6a9b4623931ed (diff)
downloadwallabag-0ee9848231d0a7a02fdc8e915d830ebaf6cc09c0.tar.gz
wallabag-0ee9848231d0a7a02fdc8e915d830ebaf6cc09c0.tar.zst
wallabag-0ee9848231d0a7a02fdc8e915d830ebaf6cc09c0.zip
TagRestController: add tests to ensure that other user's tags are unreachable
Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
-rw-r--r--tests/Wallabag/ApiBundle/Controller/TagRestControllerTest.php32
1 files changed, 32 insertions, 0 deletions
diff --git a/tests/Wallabag/ApiBundle/Controller/TagRestControllerTest.php b/tests/Wallabag/ApiBundle/Controller/TagRestControllerTest.php
index 430e548d..8f1e6f02 100644
--- a/tests/Wallabag/ApiBundle/Controller/TagRestControllerTest.php
+++ b/tests/Wallabag/ApiBundle/Controller/TagRestControllerTest.php
@@ -7,6 +7,8 @@ use Wallabag\CoreBundle\Entity\Tag;
7 7
8class TagRestControllerTest extends WallabagApiTestCase 8class TagRestControllerTest extends WallabagApiTestCase
9{ 9{
10 private $otherUserTagLabel = 'bob';
11
10 public function testGetUserTags() 12 public function testGetUserTags()
11 { 13 {
12 $this->client->request('GET', '/api/tags.json'); 14 $this->client->request('GET', '/api/tags.json');
@@ -19,6 +21,12 @@ class TagRestControllerTest extends WallabagApiTestCase
19 $this->assertArrayHasKey('id', $content[0]); 21 $this->assertArrayHasKey('id', $content[0]);
20 $this->assertArrayHasKey('label', $content[0]); 22 $this->assertArrayHasKey('label', $content[0]);
21 23
24 $tagLabels = array_map(function ($i) {
25 return $i['label'];
26 }, $content);
27
28 $this->assertNotContains($this->otherUserTagLabel, $tagLabels, 'There is a possible tag leak');
29
22 return end($content); 30 return end($content);
23 } 31 }
24 32
@@ -53,6 +61,16 @@ class TagRestControllerTest extends WallabagApiTestCase
53 $this->assertNull($tag, $tagLabel . ' was removed because it begun an orphan tag'); 61 $this->assertNull($tag, $tagLabel . ' was removed because it begun an orphan tag');
54 } 62 }
55 63
64 public function testDeleteOtherUserTag()
65 {
66 $em = $this->client->getContainer()->get('doctrine.orm.entity_manager');
67 $tag = $em->getRepository('WallabagCoreBundle:Tag')->findOneByLabel($this->otherUserTagLabel);
68
69 $this->client->request('DELETE', '/api/tags/' . $tag->getId() . '.json');
70
71 $this->assertSame(404, $this->client->getResponse()->getStatusCode());
72 }
73
56 public function dataForDeletingTagByLabel() 74 public function dataForDeletingTagByLabel()
57 { 75 {
58 return [ 76 return [
@@ -112,6 +130,13 @@ class TagRestControllerTest extends WallabagApiTestCase
112 $this->assertSame(404, $this->client->getResponse()->getStatusCode()); 130 $this->assertSame(404, $this->client->getResponse()->getStatusCode());
113 } 131 }
114 132
133 public function testDeleteTagByLabelOtherUser()
134 {
135 $this->client->request('DELETE', '/api/tag/label.json', ['tag' => $this->otherUserTagLabel]);
136
137 $this->assertSame(404, $this->client->getResponse()->getStatusCode());
138 }
139
115 /** 140 /**
116 * @dataProvider dataForDeletingTagByLabel 141 * @dataProvider dataForDeletingTagByLabel
117 */ 142 */
@@ -180,4 +205,11 @@ class TagRestControllerTest extends WallabagApiTestCase
180 205
181 $this->assertSame(404, $this->client->getResponse()->getStatusCode()); 206 $this->assertSame(404, $this->client->getResponse()->getStatusCode());
182 } 207 }
208
209 public function testDeleteTagsByLabelOtherUser()
210 {
211 $this->client->request('DELETE', '/api/tags/label.json', ['tags' => $this->otherUserTagLabel]);
212
213 $this->assertSame(404, $this->client->getResponse()->getStatusCode());
214 }
183} 215}