diff options
author | Kevin Decherf <kevin@kdecherf.com> | 2018-12-29 19:43:07 +0100 |
---|---|---|
committer | Kevin Decherf <kevin@kdecherf.com> | 2018-12-30 01:34:49 +0100 |
commit | 0ee9848231d0a7a02fdc8e915d830ebaf6cc09c0 (patch) | |
tree | 55890da9a068a0cfbc8821de1d98433e8895a652 | |
parent | 6708bf238de46d7ce861e3c0eeb6a9b4623931ed (diff) | |
download | wallabag-0ee9848231d0a7a02fdc8e915d830ebaf6cc09c0.tar.gz wallabag-0ee9848231d0a7a02fdc8e915d830ebaf6cc09c0.tar.zst wallabag-0ee9848231d0a7a02fdc8e915d830ebaf6cc09c0.zip |
TagRestController: add tests to ensure that other user's tags are unreachable
Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
-rw-r--r-- | tests/Wallabag/ApiBundle/Controller/TagRestControllerTest.php | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/tests/Wallabag/ApiBundle/Controller/TagRestControllerTest.php b/tests/Wallabag/ApiBundle/Controller/TagRestControllerTest.php index 430e548d..8f1e6f02 100644 --- a/tests/Wallabag/ApiBundle/Controller/TagRestControllerTest.php +++ b/tests/Wallabag/ApiBundle/Controller/TagRestControllerTest.php | |||
@@ -7,6 +7,8 @@ use Wallabag\CoreBundle\Entity\Tag; | |||
7 | 7 | ||
8 | class TagRestControllerTest extends WallabagApiTestCase | 8 | class TagRestControllerTest extends WallabagApiTestCase |
9 | { | 9 | { |
10 | private $otherUserTagLabel = 'bob'; | ||
11 | |||
10 | public function testGetUserTags() | 12 | public function testGetUserTags() |
11 | { | 13 | { |
12 | $this->client->request('GET', '/api/tags.json'); | 14 | $this->client->request('GET', '/api/tags.json'); |
@@ -19,6 +21,12 @@ class TagRestControllerTest extends WallabagApiTestCase | |||
19 | $this->assertArrayHasKey('id', $content[0]); | 21 | $this->assertArrayHasKey('id', $content[0]); |
20 | $this->assertArrayHasKey('label', $content[0]); | 22 | $this->assertArrayHasKey('label', $content[0]); |
21 | 23 | ||
24 | $tagLabels = array_map(function ($i) { | ||
25 | return $i['label']; | ||
26 | }, $content); | ||
27 | |||
28 | $this->assertNotContains($this->otherUserTagLabel, $tagLabels, 'There is a possible tag leak'); | ||
29 | |||
22 | return end($content); | 30 | return end($content); |
23 | } | 31 | } |
24 | 32 | ||
@@ -53,6 +61,16 @@ class TagRestControllerTest extends WallabagApiTestCase | |||
53 | $this->assertNull($tag, $tagLabel . ' was removed because it begun an orphan tag'); | 61 | $this->assertNull($tag, $tagLabel . ' was removed because it begun an orphan tag'); |
54 | } | 62 | } |
55 | 63 | ||
64 | public function testDeleteOtherUserTag() | ||
65 | { | ||
66 | $em = $this->client->getContainer()->get('doctrine.orm.entity_manager'); | ||
67 | $tag = $em->getRepository('WallabagCoreBundle:Tag')->findOneByLabel($this->otherUserTagLabel); | ||
68 | |||
69 | $this->client->request('DELETE', '/api/tags/' . $tag->getId() . '.json'); | ||
70 | |||
71 | $this->assertSame(404, $this->client->getResponse()->getStatusCode()); | ||
72 | } | ||
73 | |||
56 | public function dataForDeletingTagByLabel() | 74 | public function dataForDeletingTagByLabel() |
57 | { | 75 | { |
58 | return [ | 76 | return [ |
@@ -112,6 +130,13 @@ class TagRestControllerTest extends WallabagApiTestCase | |||
112 | $this->assertSame(404, $this->client->getResponse()->getStatusCode()); | 130 | $this->assertSame(404, $this->client->getResponse()->getStatusCode()); |
113 | } | 131 | } |
114 | 132 | ||
133 | public function testDeleteTagByLabelOtherUser() | ||
134 | { | ||
135 | $this->client->request('DELETE', '/api/tag/label.json', ['tag' => $this->otherUserTagLabel]); | ||
136 | |||
137 | $this->assertSame(404, $this->client->getResponse()->getStatusCode()); | ||
138 | } | ||
139 | |||
115 | /** | 140 | /** |
116 | * @dataProvider dataForDeletingTagByLabel | 141 | * @dataProvider dataForDeletingTagByLabel |
117 | */ | 142 | */ |
@@ -180,4 +205,11 @@ class TagRestControllerTest extends WallabagApiTestCase | |||
180 | 205 | ||
181 | $this->assertSame(404, $this->client->getResponse()->getStatusCode()); | 206 | $this->assertSame(404, $this->client->getResponse()->getStatusCode()); |
182 | } | 207 | } |
208 | |||
209 | public function testDeleteTagsByLabelOtherUser() | ||
210 | { | ||
211 | $this->client->request('DELETE', '/api/tags/label.json', ['tags' => $this->otherUserTagLabel]); | ||
212 | |||
213 | $this->assertSame(404, $this->client->getResponse()->getStatusCode()); | ||
214 | } | ||
183 | } | 215 | } |