11 files changed, 195 insertions, 100 deletions

diff --git a/composer.json b/composer.json
index 78b32307..d84e1f8b 100644
--- a/composer.json
+++ b/composer.json
@@ -62,7 +62,8 @@
         "wallabag/php-mobi": "~1.0.0",
         "kphoen/rulerz-bundle": "~0.10",
         "guzzlehttp/guzzle": "^5.2.0",
-        "doctrine/doctrine-migrations-bundle": "^1.0"
+        "doctrine/doctrine-migrations-bundle": "^1.0",
+        "paragonie/random_compat": "~1.0"
     },
     "require-dev": {
         "doctrine/doctrine-fixtures-bundle": "~2.2",
diff --git a/src/Wallabag/CoreBundle/Command/TagAllCommand.php b/src/Wallabag/CoreBundle/Command/TagAllCommand.php
index 2cf3f808..db1a9ab7 100644
--- a/src/Wallabag/CoreBundle/Command/TagAllCommand.php
+++ b/src/Wallabag/CoreBundle/Command/TagAllCommand.php
@@ -28,7 +28,7 @@ class TagAllCommand extends ContainerAwareCommand
         try {
             $user = $this->getUser($input->getArgument('username'));
         } catch (NoResultException $e) {
-            $output->writeln(sprintf('<error>User %s not found.</error>', $input->getArgument('username')));
+            $output->writeln(sprintf('<error>User "%s" not found.</error>', $input->getArgument('username')));
 
             return 1;
         }
diff --git a/src/Wallabag/CoreBundle/Controller/ConfigController.php b/src/Wallabag/CoreBundle/Controller/ConfigController.php
index d0cf91de..6c375909 100644
--- a/src/Wallabag/CoreBundle/Controller/ConfigController.php
+++ b/src/Wallabag/CoreBundle/Controller/ConfigController.php
@@ -125,7 +125,7 @@ class ConfigController extends Controller
         $newUser->setEnabled(true);
         $newUserForm = $this->createForm(NewUserType::class, $newUser, array(
             'validation_groups' => array('Profile'),
-            'action' => $this->generateUrl('config').'#set5',
+            'action' => $this->generateUrl('config').'#set6',
         ));
         $newUserForm->handleRequest($request);
 
diff --git a/src/Wallabag/CoreBundle/Controller/EntryController.php b/src/Wallabag/CoreBundle/Controller/EntryController.php
index 9dd904f1..3e1b512f 100644
--- a/src/Wallabag/CoreBundle/Controller/EntryController.php
+++ b/src/Wallabag/CoreBundle/Controller/EntryController.php
@@ -54,10 +54,10 @@ class EntryController extends Controller
             if (false !== $existingEntry) {
                 $this->get('session')->getFlashBag()->add(
                     'notice',
-                    'Entry already saved on '.$existingEntry['createdAt']->format('d-m-Y')
+                    'Entry already saved on '.$existingEntry->getCreatedAt()->format('d-m-Y')
                 );
 
-                return $this->redirect($this->generateUrl('view', array('id' => $existingEntry['id'])));
+                return $this->redirect($this->generateUrl('view', array('id' => $existingEntry->getId())));
             }
 
             $this->updateEntry($entry);
diff --git a/src/Wallabag/CoreBundle/Tests/Command/TagAllCommandTest.php b/src/Wallabag/CoreBundle/Tests/Command/TagAllCommandTest.php
new file mode 100644
index 00000000..653c1a93
--- /dev/null
+++ b/src/Wallabag/CoreBundle/Tests/Command/TagAllCommandTest.php
@@ -0,0 +1,60 @@
+<?php
+
+namespace Wallabag\CoreBundle\Tests\Command;
+
+use Symfony\Bundle\FrameworkBundle\Console\Application;
+use Symfony\Component\Console\Tester\CommandTester;
+use Wallabag\CoreBundle\Command\TagAllCommand;
+use Wallabag\CoreBundle\Tests\WallabagCoreTestCase;
+
+class TagAllCommandTest extends WallabagCoreTestCase
+{
+    /**
+     * @expectedException Symfony\Component\Console\Exception\RuntimeException
+     * @expectedExceptionMessage Not enough arguments (missing: "username")
+     */
+    public function testRunTagAllCommandWithoutUsername()
+    {
+        $application = new Application($this->getClient()->getKernel());
+        $application->add(new TagAllCommand());
+
+        $command = $application->find('wallabag:tag:all');
+
+        $tester = new CommandTester($command);
+        $tester->execute(array(
+            'command' => $command->getName(),
+        ));
+    }
+
+    public function testRunTagAllCommandWithBadUsername()
+    {
+        $application = new Application($this->getClient()->getKernel());
+        $application->add(new TagAllCommand());
+
+        $command = $application->find('wallabag:tag:all');
+
+        $tester = new CommandTester($command);
+        $tester->execute(array(
+            'command' => $command->getName(),
+            'username' => 'unknown',
+        ));
+
+        $this->assertContains('User "unknown" not found', $tester->getDisplay());
+    }
+
+    public function testRunTagAllCommand()
+    {
+        $application = new Application($this->getClient()->getKernel());
+        $application->add(new TagAllCommand());
+
+        $command = $application->find('wallabag:tag:all');
+
+        $tester = new CommandTester($command);
+        $tester->execute(array(
+            'command' => $command->getName(),
+            'username' => 'admin',
+        ));
+
+        $this->assertContains('Tagging entries for user « admin »... Done', $tester->getDisplay());
+    }
+}
diff --git a/src/Wallabag/CoreBundle/Tests/Controller/ConfigControllerTest.php b/src/Wallabag/CoreBundle/Tests/Controller/ConfigControllerTest.php
index 89ca31e2..c8807425 100644
--- a/src/Wallabag/CoreBundle/Tests/Controller/ConfigControllerTest.php
+++ b/src/Wallabag/CoreBundle/Tests/Controller/ConfigControllerTest.php
@@ -520,18 +520,61 @@ class ConfigControllerTest extends WallabagCoreTestCase
         return array(
             array(
                 array(
-                    'rss_config[rule]' => 'unknownVar <= 3',
-                    'rss_config[tags]' => 'cool tag',
+                    'tagging_rule[rule]' => 'unknownVar <= 3',
+                    'tagging_rule[tags]' => 'cool tag',
+                ),
+                array(
+                    'The variable',
+                    'does not exist.',
                 ),
-                'The variable « unknownVar » does not exist.',
             ),
             array(
                 array(
-                    'rss_config[rule]' => 'length(domainName) <= 42',
-                    'rss_config[tags]' => 'cool tag',
+                    'tagging_rule[rule]' => 'length(domainName) <= 42',
+                    'tagging_rule[tags]' => 'cool tag',
+                ),
+                array(
+                    'The operator',
+                    'does not exist.',
                 ),
-                'The operator « length » does not exist.',
             ),
         );
     }
+
+    /**
+     * @dataProvider dataForTaggingRuleFailed
+     */
+    public function testTaggingRuleCreationFail($data, $messages)
+    {
+        $this->logInAs('admin');
+        $client = $this->getClient();
+
+        $crawler = $client->request('GET', '/config');
+
+        $this->assertTrue($client->getResponse()->isSuccessful());
+
+        $form = $crawler->filter('button[id=tagging_rule_save]')->form();
+
+        $client->submit($form, $data);
+
+        $this->assertEquals(200, $client->getResponse()->getStatusCode());
+
+        foreach ($messages as $message) {
+            $this->assertContains($message, $client->getResponse()->getContent());
+        }
+    }
+
+    public function testDeletingTaggingRuleFromAnOtherUser()
+    {
+        $this->logInAs('bob');
+        $client = $this->getClient();
+
+        $rule = $client->getContainer()->get('doctrine.orm.entity_manager')
+            ->getRepository('WallabagCoreBundle:TaggingRule')
+            ->findAll()[0];
+
+        $client->request('GET', '/tagging-rule/delete/'.$rule->getId());
+        $this->assertEquals(403, $client->getResponse()->getStatusCode());
+        $this->assertContains('You can not access this tagging ryle', $client->getResponse()->getContent());
+    }
 }
diff --git a/src/Wallabag/CoreBundle/Tests/Controller/EntryControllerTest.php b/src/Wallabag/CoreBundle/Tests/Controller/EntryControllerTest.php
index 1d1620dc..32d6a575 100644
--- a/src/Wallabag/CoreBundle/Tests/Controller/EntryControllerTest.php
+++ b/src/Wallabag/CoreBundle/Tests/Controller/EntryControllerTest.php
@@ -127,10 +127,35 @@ class EntryControllerTest extends WallabagCoreTestCase
 
         $this->assertEquals(302, $client->getResponse()->getStatusCode());
 
-        $crawler = $client->followRedirect();
+        $content = $client->getContainer()
+            ->get('doctrine.orm.entity_manager')
+            ->getRepository('WallabagCoreBundle:Entry')
+            ->findByUrlAndUserId($this->url, $this->getLoggedInUserId());
+
+        $this->assertInstanceOf('Wallabag\CoreBundle\Entity\Entry', $content);
+        $this->assertEquals($this->url, $content->getUrl());
+        $this->assertContains('Google', $content->getTitle());
+    }
+
+    public function testPostNewOkUrlExist()
+    {
+        $this->logInAs('admin');
+        $client = $this->getClient();
+
+        $crawler = $client->request('GET', '/new');
+
+        $this->assertEquals(200, $client->getResponse()->getStatusCode());
+
+        $form = $crawler->filter('button[type=submit]')->form();
+
+        $data = array(
+            'entry[url]' => $this->url,
+        );
 
-        $this->assertGreaterThan(1, $alert = $crawler->filter('h2 a')->extract(array('_text')));
-        $this->assertContains('Google', $alert[0]);
+        $client->submit($form, $data);
+
+        $this->assertEquals(302, $client->getResponse()->getStatusCode());
+        $this->assertContains('/view/', $client->getResponse()->getTargetUrl());
     }
 
     /**
diff --git a/src/Wallabag/CoreBundle/Tools/Utils.php b/src/Wallabag/CoreBundle/Tools/Utils.php
index a16baca9..0c783110 100644
--- a/src/Wallabag/CoreBundle/Tools/Utils.php
+++ b/src/Wallabag/CoreBundle/Tools/Utils.php
@@ -7,20 +7,13 @@ class Utils
     /**
      * Generate a token used for RSS.
      *
+     * @param int $length Length of the token
+     *
      * @return string
      */
-    public static function generateToken()
+    public static function generateToken($length = 15)
     {
-        if (ini_get('open_basedir') === '') {
-            if (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') {
-                // alternative to /dev/urandom for Windows
-                $token = substr(base64_encode(uniqid(mt_rand(), true)), 0, 20);
-            } else {
-                $token = substr(base64_encode(file_get_contents('/dev/urandom', false, null, 0, 20)), 0, 15);
-            }
-        } else {
-            $token = substr(base64_encode(uniqid(mt_rand(), true)), 0, 20);
-        }
+        $token = substr(base64_encode(random_bytes($length)), 0, $length);
 
         // remove character which can broken the url
         return str_replace(array('+', '/'), '', $token);
diff --git a/src/Wallabag/UserBundle/Controller/ResettingController.php b/src/Wallabag/UserBundle/Controller/ResettingController.php
deleted file mode 100644
index 62e27d00..00000000
--- a/src/Wallabag/UserBundle/Controller/ResettingController.php
+++ /dev/null
@@ -1,75 +0,0 @@
-<?php
-
-namespace Wallabag\UserBundle\Controller;
-
-use FOS\UserBundle\Event\FilterUserResponseEvent;
-use FOS\UserBundle\Event\FormEvent;
-use FOS\UserBundle\Event\GetResponseUserEvent;
-use FOS\UserBundle\FOSUserEvents;
-use Symfony\Component\HttpFoundation\RedirectResponse;
-use Symfony\Component\HttpFoundation\Request;
-use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
-
-class ResettingController extends \FOS\UserBundle\Controller\ResettingController
-{
-    /**
-     * Extends ResettingController to change the redirection after success.
-     *
-     * @param Request $request
-     * @param $token
-     *
-     * @return null|RedirectResponse|\Symfony\Component\HttpFoundation\Response
-     */
-    public function resetAction(Request $request, $token)
-    {
-        /** @var $formFactory \FOS\UserBundle\Form\Factory\FactoryInterface */
-        $formFactory = $this->get('fos_user.resetting.form.factory');
-        /** @var $userManager \FOS\UserBundle\Model\UserManagerInterface */
-        $userManager = $this->get('fos_user.user_manager');
-        /** @var $dispatcher \Symfony\Component\EventDispatcher\EventDispatcherInterface */
-        $dispatcher = $this->get('event_dispatcher');
-
-        $user = $userManager->findUserByConfirmationToken($token);
-
-        if (null === $user) {
-            throw new NotFoundHttpException(sprintf('The user with "confirmation token" does not exist for value "%s"', $token));
-        }
-
-        $event = new GetResponseUserEvent($user, $request);
-        $dispatcher->dispatch(FOSUserEvents::RESETTING_RESET_INITIALIZE, $event);
-
-        if (null !== $event->getResponse()) {
-            return $event->getResponse();
-        }
-
-        $form = $formFactory->createForm();
-        $form->setData($user);
-
-        $form->handleRequest($request);
-
-        if ($form->isValid()) {
-            $event = new FormEvent($form, $request);
-            $dispatcher->dispatch(FOSUserEvents::RESETTING_RESET_SUCCESS, $event);
-
-            $userManager->updateUser($user);
-
-            if (null === $response = $event->getResponse()) {
-                $this->get('session')->getFlashBag()->add(
-                    'notice',
-                    'Password updated'
-                );
-                $url = $this->generateUrl('homepage');
-                $response = new RedirectResponse($url);
-            }
-
-            $dispatcher->dispatch(FOSUserEvents::RESETTING_RESET_COMPLETED, new FilterUserResponseEvent($user, $request, $response));
-
-            return $response;
-        }
-
-        return $this->render('FOSUserBundle:Resetting:reset.html.twig', array(
-            'token' => $token,
-            'form' => $form->createView(),
-        ));
-    }
-}
diff --git a/src/Wallabag/UserBundle/EventListener/PasswordResettingListener.php b/src/Wallabag/UserBundle/EventListener/PasswordResettingListener.php
new file mode 100644
index 00000000..128e85a4
--- /dev/null
+++ b/src/Wallabag/UserBundle/EventListener/PasswordResettingListener.php
@@ -0,0 +1,41 @@
+<?php
+
+namespace Wallabag\UserBundle\EventListener;
+
+use FOS\UserBundle\FOSUserEvents;
+use FOS\UserBundle\Event\FormEvent;
+use Symfony\Component\EventDispatcher\EventSubscriberInterface;
+use Symfony\Component\HttpFoundation\RedirectResponse;
+use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
+
+/**
+ * Listener responsible to change the redirection at the end of the password resetting.
+ *
+ * @see http://symfony.com/doc/current/bundles/FOSUserBundle/controller_events.html
+ */
+class PasswordResettingListener implements EventSubscriberInterface
+{
+    private $router;
+
+    public function __construct(UrlGeneratorInterface $router)
+    {
+        $this->router = $router;
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public static function getSubscribedEvents()
+    {
+        return array(
+            FOSUserEvents::RESETTING_RESET_SUCCESS => 'onPasswordResettingSuccess',
+        );
+    }
+
+    public function onPasswordResettingSuccess(FormEvent $event)
+    {
+        $url = $this->router->generate('homepage');
+
+        $event->setResponse(new RedirectResponse($url));
+    }
+}
diff --git a/src/Wallabag/UserBundle/Resources/config/services.yml b/src/Wallabag/UserBundle/Resources/config/services.yml
index 93e04d59..bf9e036a 100644
--- a/src/Wallabag/UserBundle/Resources/config/services.yml
+++ b/src/Wallabag/UserBundle/Resources/config/services.yml
@@ -8,3 +8,10 @@ services:
             - "%scheb_two_factor.email.sender_name%"
             - "%wallabag_support_url%"
             - "%wallabag_url%"
+
+    wallabag_user.password_resetting:
+        class: Wallabag\UserBundle\EventListener\PasswordResettingListener
+        arguments:
+            - "@router"
+        tags:
+            - { name: kernel.event_subscriber }