aboutsummaryrefslogtreecommitdiffhomepage
path: root/src
diff options
context:
space:
mode:
authorNicolas LÅ“uillet <nicolas@loeuillet.org>2015-02-11 06:45:14 +0100
committerNicolas LÅ“uillet <nicolas@loeuillet.org>2015-02-11 06:45:14 +0100
commitfa8d56393413fc599a972699ad4780e92f1a2010 (patch)
tree5ed25ecf43e6af0a8da5a13704fd51aae42a21c0 /src
parentf59f45d74093e92656f9717c8c5f4e37c56d2173 (diff)
parentda93261a7d729084c4913e8dcc5052a781426ef7 (diff)
downloadwallabag-fa8d56393413fc599a972699ad4780e92f1a2010.tar.gz
wallabag-fa8d56393413fc599a972699ad4780e92f1a2010.tar.zst
wallabag-fa8d56393413fc599a972699ad4780e92f1a2010.zip
Merge pull request #1072 from wallabag/v2-entry-test
Add more tests to Entry controller + security
Diffstat (limited to 'src')
-rw-r--r--src/Wallabag/CoreBundle/Controller/EntryController.php53
-rw-r--r--src/Wallabag/CoreBundle/DataFixtures/ORM/LoadEntryData.php23
-rw-r--r--src/Wallabag/CoreBundle/DataFixtures/ORM/LoadUserData.php15
-rw-r--r--src/Wallabag/CoreBundle/Repository/EntryRepository.php1
-rw-r--r--src/Wallabag/CoreBundle/Tests/Controller/EntryControllerTest.php112
-rw-r--r--src/Wallabag/CoreBundle/Tests/WallabagTestCase.php4
6 files changed, 177 insertions, 31 deletions
diff --git a/src/Wallabag/CoreBundle/Controller/EntryController.php b/src/Wallabag/CoreBundle/Controller/EntryController.php
index 5378486a..89677bef 100644
--- a/src/Wallabag/CoreBundle/Controller/EntryController.php
+++ b/src/Wallabag/CoreBundle/Controller/EntryController.php
@@ -12,8 +12,10 @@ use Wallabag\CoreBundle\Helper\Url;
12class EntryController extends Controller 12class EntryController extends Controller
13{ 13{
14 /** 14 /**
15 * @param Request $request 15 * @param Request $request
16 *
16 * @Route("/new", name="new_entry") 17 * @Route("/new", name="new_entry")
18 *
17 * @return \Symfony\Component\HttpFoundation\Response 19 * @return \Symfony\Component\HttpFoundation\Response
18 */ 20 */
19 public function addEntryAction(Request $request) 21 public function addEntryAction(Request $request)
@@ -54,6 +56,7 @@ class EntryController extends Controller
54 * Shows unread entries for current user 56 * Shows unread entries for current user
55 * 57 *
56 * @Route("/unread", name="unread") 58 * @Route("/unread", name="unread")
59 *
57 * @return \Symfony\Component\HttpFoundation\Response 60 * @return \Symfony\Component\HttpFoundation\Response
58 */ 61 */
59 public function showUnreadAction() 62 public function showUnreadAction()
@@ -73,6 +76,7 @@ class EntryController extends Controller
73 * Shows read entries for current user 76 * Shows read entries for current user
74 * 77 *
75 * @Route("/archive", name="archive") 78 * @Route("/archive", name="archive")
79 *
76 * @return \Symfony\Component\HttpFoundation\Response 80 * @return \Symfony\Component\HttpFoundation\Response
77 */ 81 */
78 public function showArchiveAction() 82 public function showArchiveAction()
@@ -92,6 +96,7 @@ class EntryController extends Controller
92 * Shows starred entries for current user 96 * Shows starred entries for current user
93 * 97 *
94 * @Route("/starred", name="starred") 98 * @Route("/starred", name="starred")
99 *
95 * @return \Symfony\Component\HttpFoundation\Response 100 * @return \Symfony\Component\HttpFoundation\Response
96 */ 101 */
97 public function showStarredAction() 102 public function showStarredAction()
@@ -110,12 +115,16 @@ class EntryController extends Controller
110 /** 115 /**
111 * Shows entry content 116 * Shows entry content
112 * 117 *
113 * @param Entry $entry 118 * @param Entry $entry
119 *
114 * @Route("/view/{id}", requirements={"id" = "\d+"}, name="view") 120 * @Route("/view/{id}", requirements={"id" = "\d+"}, name="view")
121 *
115 * @return \Symfony\Component\HttpFoundation\Response 122 * @return \Symfony\Component\HttpFoundation\Response
116 */ 123 */
117 public function viewAction(Entry $entry) 124 public function viewAction(Entry $entry)
118 { 125 {
126 $this->checkUserAction($entry);
127
119 return $this->render( 128 return $this->render(
120 'WallabagCoreBundle:Entry:entry.html.twig', 129 'WallabagCoreBundle:Entry:entry.html.twig',
121 array('entry' => $entry) 130 array('entry' => $entry)
@@ -125,13 +134,17 @@ class EntryController extends Controller
125 /** 134 /**
126 * Changes read status for an entry 135 * Changes read status for an entry
127 * 136 *
128 * @param Request $request 137 * @param Request $request
129 * @param Entry $entry 138 * @param Entry $entry
139 *
130 * @Route("/archive/{id}", requirements={"id" = "\d+"}, name="archive_entry") 140 * @Route("/archive/{id}", requirements={"id" = "\d+"}, name="archive_entry")
141 *
131 * @return \Symfony\Component\HttpFoundation\RedirectResponse 142 * @return \Symfony\Component\HttpFoundation\RedirectResponse
132 */ 143 */
133 public function toggleArchiveAction(Request $request, Entry $entry) 144 public function toggleArchiveAction(Request $request, Entry $entry)
134 { 145 {
146 $this->checkUserAction($entry);
147
135 $entry->toggleArchive(); 148 $entry->toggleArchive();
136 $this->getDoctrine()->getManager()->flush(); 149 $this->getDoctrine()->getManager()->flush();
137 150
@@ -146,13 +159,17 @@ class EntryController extends Controller
146 /** 159 /**
147 * Changes favorite status for an entry 160 * Changes favorite status for an entry
148 * 161 *
149 * @param Request $request 162 * @param Request $request
150 * @param Entry $entry 163 * @param Entry $entry
164 *
151 * @Route("/star/{id}", requirements={"id" = "\d+"}, name="star_entry") 165 * @Route("/star/{id}", requirements={"id" = "\d+"}, name="star_entry")
166 *
152 * @return \Symfony\Component\HttpFoundation\RedirectResponse 167 * @return \Symfony\Component\HttpFoundation\RedirectResponse
153 */ 168 */
154 public function toggleStarAction(Request $request, Entry $entry) 169 public function toggleStarAction(Request $request, Entry $entry)
155 { 170 {
171 $this->checkUserAction($entry);
172
156 $entry->toggleStar(); 173 $entry->toggleStar();
157 $this->getDoctrine()->getManager()->flush(); 174 $this->getDoctrine()->getManager()->flush();
158 175
@@ -167,17 +184,19 @@ class EntryController extends Controller
167 /** 184 /**
168 * Deletes entry 185 * Deletes entry
169 * 186 *
170 * @param Request $request 187 * @param Request $request
171 * @param Entry $entry 188 * @param Entry $entry
189 *
172 * @Route("/delete/{id}", requirements={"id" = "\d+"}, name="delete_entry") 190 * @Route("/delete/{id}", requirements={"id" = "\d+"}, name="delete_entry")
191 *
173 * @return \Symfony\Component\HttpFoundation\RedirectResponse 192 * @return \Symfony\Component\HttpFoundation\RedirectResponse
174 */ 193 */
175 public function deleteEntryAction(Request $request, Entry $entry) 194 public function deleteEntryAction(Request $request, Entry $entry)
176 { 195 {
177 $em = $this->getDoctrine()->getManager(); 196 $this->checkUserAction($entry);
197
178 $entry->setDeleted(1); 198 $entry->setDeleted(1);
179 $em->persist($entry); 199 $this->getDoctrine()->getManager()->flush();
180 $em->flush();
181 200
182 $this->get('session')->getFlashBag()->add( 201 $this->get('session')->getFlashBag()->add(
183 'notice', 202 'notice',
@@ -186,4 +205,16 @@ class EntryController extends Controller
186 205
187 return $this->redirect($request->headers->get('referer')); 206 return $this->redirect($request->headers->get('referer'));
188 } 207 }
208
209 /**
210 * Check if the logged user can manage the given entry
211 *
212 * @param Entry $entry
213 */
214 private function checkUserAction(Entry $entry)
215 {
216 if ($this->getUser()->getId() != $entry->getUser()->getId()) {
217 throw $this->createAccessDeniedException('You can not use this entry.');
218 }
219 }
189} 220}
diff --git a/src/Wallabag/CoreBundle/DataFixtures/ORM/LoadEntryData.php b/src/Wallabag/CoreBundle/DataFixtures/ORM/LoadEntryData.php
index fccd06be..520b44b8 100644
--- a/src/Wallabag/CoreBundle/DataFixtures/ORM/LoadEntryData.php
+++ b/src/Wallabag/CoreBundle/DataFixtures/ORM/LoadEntryData.php
@@ -16,13 +16,32 @@ class LoadEntryData extends AbstractFixture implements OrderedFixtureInterface
16 { 16 {
17 $entry1 = new Entry($this->getReference('admin-user')); 17 $entry1 = new Entry($this->getReference('admin-user'));
18 $entry1->setUrl('http://0.0.0.0'); 18 $entry1->setUrl('http://0.0.0.0');
19 $entry1->setTitle('test title'); 19 $entry1->setTitle('test title entry1');
20 $entry1->setContent('This is my content /o/'); 20 $entry1->setContent('This is my content /o/');
21 21
22 $manager->persist($entry1); 22 $manager->persist($entry1);
23 $manager->flush();
24 23
25 $this->addReference('entry1', $entry1); 24 $this->addReference('entry1', $entry1);
25
26 $entry2 = new Entry($this->getReference('admin-user'));
27 $entry2->setUrl('http://0.0.0.0');
28 $entry2->setTitle('test title entry2');
29 $entry2->setContent('This is my content /o/');
30
31 $manager->persist($entry2);
32
33 $this->addReference('entry2', $entry2);
34
35 $entry3 = new Entry($this->getReference('bob-user'));
36 $entry3->setUrl('http://0.0.0.0');
37 $entry3->setTitle('test title entry3');
38 $entry3->setContent('This is my content /o/');
39
40 $manager->persist($entry3);
41
42 $this->addReference('entry3', $entry3);
43
44 $manager->flush();
26 } 45 }
27 46
28 /** 47 /**
diff --git a/src/Wallabag/CoreBundle/DataFixtures/ORM/LoadUserData.php b/src/Wallabag/CoreBundle/DataFixtures/ORM/LoadUserData.php
index da788218..e4751f20 100644
--- a/src/Wallabag/CoreBundle/DataFixtures/ORM/LoadUserData.php
+++ b/src/Wallabag/CoreBundle/DataFixtures/ORM/LoadUserData.php
@@ -15,13 +15,26 @@ class LoadUserData extends AbstractFixture implements OrderedFixtureInterface
15 public function load(ObjectManager $manager) 15 public function load(ObjectManager $manager)
16 { 16 {
17 $userAdmin = new User(); 17 $userAdmin = new User();
18 $userAdmin->setName('Big boss');
19 $userAdmin->setEmail('bigboss@wallabag.org');
18 $userAdmin->setUsername('admin'); 20 $userAdmin->setUsername('admin');
19 $userAdmin->setPassword('test'); 21 $userAdmin->setPassword('test');
20 22
21 $manager->persist($userAdmin); 23 $manager->persist($userAdmin);
22 $manager->flush();
23 24
24 $this->addReference('admin-user', $userAdmin); 25 $this->addReference('admin-user', $userAdmin);
26
27 $bobUser = new User();
28 $bobUser->setName('Bobby');
29 $bobUser->setEmail('bobby@wallabag.org');
30 $bobUser->setUsername('bob');
31 $bobUser->setPassword('test');
32
33 $manager->persist($bobUser);
34
35 $this->addReference('bob-user', $bobUser);
36
37 $manager->flush();
25 } 38 }
26 39
27 /** 40 /**
diff --git a/src/Wallabag/CoreBundle/Repository/EntryRepository.php b/src/Wallabag/CoreBundle/Repository/EntryRepository.php
index b6f86707..bedc90d2 100644
--- a/src/Wallabag/CoreBundle/Repository/EntryRepository.php
+++ b/src/Wallabag/CoreBundle/Repository/EntryRepository.php
@@ -2,7 +2,6 @@
2 2
3namespace Wallabag\CoreBundle\Repository; 3namespace Wallabag\CoreBundle\Repository;
4 4
5use Doctrine\ORM\Query;
6use Doctrine\ORM\EntityRepository; 5use Doctrine\ORM\EntityRepository;
7use Doctrine\ORM\Tools\Pagination\Paginator; 6use Doctrine\ORM\Tools\Pagination\Paginator;
8 7
diff --git a/src/Wallabag/CoreBundle/Tests/Controller/EntryControllerTest.php b/src/Wallabag/CoreBundle/Tests/Controller/EntryControllerTest.php
index 5d8daea3..7276f8e4 100644
--- a/src/Wallabag/CoreBundle/Tests/Controller/EntryControllerTest.php
+++ b/src/Wallabag/CoreBundle/Tests/Controller/EntryControllerTest.php
@@ -3,6 +3,7 @@
3namespace Wallabag\CoreBundle\Tests\Controller; 3namespace Wallabag\CoreBundle\Tests\Controller;
4 4
5use Wallabag\CoreBundle\Tests\WallabagTestCase; 5use Wallabag\CoreBundle\Tests\WallabagTestCase;
6use Doctrine\ORM\AbstractQuery;
6 7
7class EntryControllerTest extends WallabagTestCase 8class EntryControllerTest extends WallabagTestCase
8{ 9{
@@ -10,7 +11,7 @@ class EntryControllerTest extends WallabagTestCase
10 { 11 {
11 $client = $this->getClient(); 12 $client = $this->getClient();
12 13
13 $crawler = $client->request('GET', '/new'); 14 $client->request('GET', '/new');
14 15
15 $this->assertEquals(302, $client->getResponse()->getStatusCode()); 16 $this->assertEquals(302, $client->getResponse()->getStatusCode());
16 $this->assertContains('login', $client->getResponse()->headers->get('location')); 17 $this->assertContains('login', $client->getResponse()->headers->get('location'));
@@ -18,7 +19,7 @@ class EntryControllerTest extends WallabagTestCase
18 19
19 public function testGetNew() 20 public function testGetNew()
20 { 21 {
21 $this->logIn(); 22 $this->logInAs('admin');
22 $client = $this->getClient(); 23 $client = $this->getClient();
23 24
24 $crawler = $client->request('GET', '/new'); 25 $crawler = $client->request('GET', '/new');
@@ -31,7 +32,7 @@ class EntryControllerTest extends WallabagTestCase
31 32
32 public function testPostNewEmpty() 33 public function testPostNewEmpty()
33 { 34 {
34 $this->logIn(); 35 $this->logInAs('admin');
35 $client = $this->getClient(); 36 $client = $this->getClient();
36 37
37 $crawler = $client->request('GET', '/new'); 38 $crawler = $client->request('GET', '/new');
@@ -49,7 +50,7 @@ class EntryControllerTest extends WallabagTestCase
49 50
50 public function testPostNewOk() 51 public function testPostNewOk()
51 { 52 {
52 $this->logIn(); 53 $this->logInAs('admin');
53 $client = $this->getClient(); 54 $client = $this->getClient();
54 55
55 $crawler = $client->request('GET', '/new'); 56 $crawler = $client->request('GET', '/new');
@@ -74,27 +75,27 @@ class EntryControllerTest extends WallabagTestCase
74 75
75 public function testArchive() 76 public function testArchive()
76 { 77 {
77 $this->logIn(); 78 $this->logInAs('admin');
78 $client = $this->getClient(); 79 $client = $this->getClient();
79 80
80 $crawler = $client->request('GET', '/archive'); 81 $client->request('GET', '/archive');
81 82
82 $this->assertEquals(200, $client->getResponse()->getStatusCode()); 83 $this->assertEquals(200, $client->getResponse()->getStatusCode());
83 } 84 }
84 85
85 public function testStarred() 86 public function testStarred()
86 { 87 {
87 $this->logIn(); 88 $this->logInAs('admin');
88 $client = $this->getClient(); 89 $client = $this->getClient();
89 90
90 $crawler = $client->request('GET', '/starred'); 91 $client->request('GET', '/starred');
91 92
92 $this->assertEquals(200, $client->getResponse()->getStatusCode()); 93 $this->assertEquals(200, $client->getResponse()->getStatusCode());
93 } 94 }
94 95
95 public function testView() 96 public function testView()
96 { 97 {
97 $this->logIn(); 98 $this->logInAs('admin');
98 $client = $this->getClient(); 99 $client = $this->getClient();
99 100
100 $content = $client->getContainer() 101 $content = $client->getContainer()
@@ -102,13 +103,96 @@ class EntryControllerTest extends WallabagTestCase
102 ->getRepository('WallabagCoreBundle:Entry') 103 ->getRepository('WallabagCoreBundle:Entry')
103 ->findOneByIsArchived(false); 104 ->findOneByIsArchived(false);
104 105
105 if (!$content) { 106 $client->request('GET', '/view/'.$content->getId());
106 $this->markTestSkipped('No content found in db.');
107 }
108
109 $crawler = $client->request('GET', '/view/'.$content->getId());
110 107
111 $this->assertEquals(200, $client->getResponse()->getStatusCode()); 108 $this->assertEquals(200, $client->getResponse()->getStatusCode());
112 $this->assertContains($content->getTitle(), $client->getResponse()->getContent()); 109 $this->assertContains($content->getTitle(), $client->getResponse()->getContent());
113 } 110 }
111
112 public function testToggleArchive()
113 {
114 $this->logInAs('admin');
115 $client = $this->getClient();
116
117 $content = $client->getContainer()
118 ->get('doctrine.orm.entity_manager')
119 ->getRepository('WallabagCoreBundle:Entry')
120 ->findOneByIsArchived(false);
121
122 $client->request('GET', '/archive/'.$content->getId());
123
124 $this->assertEquals(302, $client->getResponse()->getStatusCode());
125
126 $res = $client->getContainer()
127 ->get('doctrine.orm.entity_manager')
128 ->getRepository('WallabagCoreBundle:Entry')
129 ->findOneById($content->getId());
130
131 $this->assertEquals($res->isArchived(), true);
132 }
133
134 public function testToggleStar()
135 {
136 $this->logInAs('admin');
137 $client = $this->getClient();
138
139 $content = $client->getContainer()
140 ->get('doctrine.orm.entity_manager')
141 ->getRepository('WallabagCoreBundle:Entry')
142 ->findOneByIsStarred(false);
143
144 $client->request('GET', '/star/'.$content->getId());
145
146 $this->assertEquals(302, $client->getResponse()->getStatusCode());
147
148 $res = $client->getContainer()
149 ->get('doctrine.orm.entity_manager')
150 ->getRepository('WallabagCoreBundle:Entry')
151 ->findOneById($content->getId());
152
153 $this->assertEquals($res->isStarred(), true);
154 }
155
156 public function testDelete()
157 {
158 $this->logInAs('admin');
159 $client = $this->getClient();
160
161 $content = $client->getContainer()
162 ->get('doctrine.orm.entity_manager')
163 ->getRepository('WallabagCoreBundle:Entry')
164 ->findOneByIsDeleted(false);
165
166 $client->request('GET', '/delete/'.$content->getId());
167
168 $this->assertEquals(302, $client->getResponse()->getStatusCode());
169
170 $res = $client->getContainer()
171 ->get('doctrine.orm.entity_manager')
172 ->getRepository('WallabagCoreBundle:Entry')
173 ->findOneById($content->getId());
174
175 $this->assertEquals($res->isDeleted(), true);
176 }
177
178 public function testViewOtherUserEntry()
179 {
180 $this->logInAs('bob');
181 $client = $this->getClient();
182
183 $content = $client->getContainer()
184 ->get('doctrine.orm.entity_manager')
185 ->getRepository('WallabagCoreBundle:Entry')
186 ->createQueryBuilder('e')
187 ->select('e.id')
188 ->leftJoin('e.user', 'u')
189 ->where('u.username != :username')->setParameter('username', 'bob')
190 ->setMaxResults(1)
191 ->getQuery()
192 ->getSingleResult(AbstractQuery::HYDRATE_ARRAY);
193
194 $client->request('GET', '/view/'.$content['id']);
195
196 $this->assertEquals(403, $client->getResponse()->getStatusCode());
197 }
114} 198}
diff --git a/src/Wallabag/CoreBundle/Tests/WallabagTestCase.php b/src/Wallabag/CoreBundle/Tests/WallabagTestCase.php
index edc7d992..a80b8bac 100644
--- a/src/Wallabag/CoreBundle/Tests/WallabagTestCase.php
+++ b/src/Wallabag/CoreBundle/Tests/WallabagTestCase.php
@@ -18,12 +18,12 @@ class WallabagTestCase extends WebTestCase
18 $this->client = static::createClient(); 18 $this->client = static::createClient();
19 } 19 }
20 20
21 public function logIn() 21 public function logInAs($username)
22 { 22 {
23 $crawler = $this->client->request('GET', '/login'); 23 $crawler = $this->client->request('GET', '/login');
24 $form = $crawler->filter('button[type=submit]')->form(); 24 $form = $crawler->filter('button[type=submit]')->form();
25 $data = array( 25 $data = array(
26 '_username' => 'admin', 26 '_username' => $username,
27 '_password' => 'test', 27 '_password' => 'test',
28 ); 28 );
29 29