From 0ee9848231d0a7a02fdc8e915d830ebaf6cc09c0 Mon Sep 17 00:00:00 2001 From: Kevin Decherf Date: Sat, 29 Dec 2018 19:43:07 +0100 Subject: TagRestController: add tests to ensure that other user's tags are unreachable Signed-off-by: Kevin Decherf --- .../ApiBundle/Controller/TagRestControllerTest.php | 32 ++++++++++++++++++++++ 1 file changed, 32 insertions(+) (limited to 'tests/Wallabag/ApiBundle/Controller') diff --git a/tests/Wallabag/ApiBundle/Controller/TagRestControllerTest.php b/tests/Wallabag/ApiBundle/Controller/TagRestControllerTest.php index 430e548d..8f1e6f02 100644 --- a/tests/Wallabag/ApiBundle/Controller/TagRestControllerTest.php +++ b/tests/Wallabag/ApiBundle/Controller/TagRestControllerTest.php @@ -7,6 +7,8 @@ use Wallabag\CoreBundle\Entity\Tag; class TagRestControllerTest extends WallabagApiTestCase { + private $otherUserTagLabel = 'bob'; + public function testGetUserTags() { $this->client->request('GET', '/api/tags.json'); @@ -19,6 +21,12 @@ class TagRestControllerTest extends WallabagApiTestCase $this->assertArrayHasKey('id', $content[0]); $this->assertArrayHasKey('label', $content[0]); + $tagLabels = array_map(function ($i) { + return $i['label']; + }, $content); + + $this->assertNotContains($this->otherUserTagLabel, $tagLabels, 'There is a possible tag leak'); + return end($content); } @@ -53,6 +61,16 @@ class TagRestControllerTest extends WallabagApiTestCase $this->assertNull($tag, $tagLabel . ' was removed because it begun an orphan tag'); } + public function testDeleteOtherUserTag() + { + $em = $this->client->getContainer()->get('doctrine.orm.entity_manager'); + $tag = $em->getRepository('WallabagCoreBundle:Tag')->findOneByLabel($this->otherUserTagLabel); + + $this->client->request('DELETE', '/api/tags/' . $tag->getId() . '.json'); + + $this->assertSame(404, $this->client->getResponse()->getStatusCode()); + } + public function dataForDeletingTagByLabel() { return [ @@ -112,6 +130,13 @@ class TagRestControllerTest extends WallabagApiTestCase $this->assertSame(404, $this->client->getResponse()->getStatusCode()); } + public function testDeleteTagByLabelOtherUser() + { + $this->client->request('DELETE', '/api/tag/label.json', ['tag' => $this->otherUserTagLabel]); + + $this->assertSame(404, $this->client->getResponse()->getStatusCode()); + } + /** * @dataProvider dataForDeletingTagByLabel */ @@ -180,4 +205,11 @@ class TagRestControllerTest extends WallabagApiTestCase $this->assertSame(404, $this->client->getResponse()->getStatusCode()); } + + public function testDeleteTagsByLabelOtherUser() + { + $this->client->request('DELETE', '/api/tags/label.json', ['tags' => $this->otherUserTagLabel]); + + $this->assertSame(404, $this->client->getResponse()->getStatusCode()); + } } -- cgit v1.2.3 From 6c40d7fc85b98e335adf765d1c6b4465647da62c Mon Sep 17 00:00:00 2001 From: Kevin Decherf Date: Sat, 29 Dec 2018 20:43:34 +0100 Subject: TagRestController: fix test for tag without entries As the deletion now requires that at least one entry for the user must be linked to the given tag, we fix the test testDeleteUserTag by linking it to an entry. Signed-off-by: Kevin Decherf --- .../ApiBundle/Controller/TagRestControllerTest.php | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) (limited to 'tests/Wallabag/ApiBundle/Controller') diff --git a/tests/Wallabag/ApiBundle/Controller/TagRestControllerTest.php b/tests/Wallabag/ApiBundle/Controller/TagRestControllerTest.php index 8f1e6f02..9daa94cd 100644 --- a/tests/Wallabag/ApiBundle/Controller/TagRestControllerTest.php +++ b/tests/Wallabag/ApiBundle/Controller/TagRestControllerTest.php @@ -32,12 +32,22 @@ class TagRestControllerTest extends WallabagApiTestCase public function testDeleteUserTag() { + $em = $this->client->getContainer()->get('doctrine.orm.entity_manager'); + $entry = $this->client->getContainer() + ->get('doctrine.orm.entity_manager') + ->getRepository('WallabagCoreBundle:Entry') + ->findOneWithTags($this->user->getId()); + + $entry = $entry[0]; + $tagLabel = 'tagtest'; $tag = new Tag(); $tag->setLabel($tagLabel); - - $em = $this->client->getContainer()->get('doctrine.orm.entity_manager'); $em->persist($tag); + + $entry->addTag($tag); + + $em->persist($entry); $em->flush(); $em->clear(); -- cgit v1.2.3 From 3a2d4cf9fda87760c86320a7f8a5041d1d4256c6 Mon Sep 17 00:00:00 2001 From: Jeremy Benoist Date: Wed, 9 Jan 2019 23:29:30 +0100 Subject: Cast client id to avoid PG error If someone send a malformated client_id when trying to authenticate using the API we got a 500 if wallabag use postgres because the request send a string instead of an integer. --- .../ApiBundle/Controller/DeveloperControllerTest.php | 14 ++++++++++++++ 1 file changed, 14 insertions(+) (limited to 'tests/Wallabag/ApiBundle/Controller') diff --git a/tests/Wallabag/ApiBundle/Controller/DeveloperControllerTest.php b/tests/Wallabag/ApiBundle/Controller/DeveloperControllerTest.php index f58d1c12..e1a0ac7e 100644 --- a/tests/Wallabag/ApiBundle/Controller/DeveloperControllerTest.php +++ b/tests/Wallabag/ApiBundle/Controller/DeveloperControllerTest.php @@ -56,6 +56,20 @@ class DeveloperControllerTest extends WallabagCoreTestCase $this->assertArrayHasKey('refresh_token', $data); } + public function testCreateTokenWithBadClientId() + { + $client = $this->getClient(); + $client->request('POST', '/oauth/v2/token', [ + 'grant_type' => 'password', + 'client_id' => '$WALLABAG_CLIENT_ID', + 'client_secret' => 'secret', + 'username' => 'admin', + 'password' => 'mypassword', + ]); + + $this->assertSame(400, $client->getResponse()->getStatusCode()); + } + public function testListingClient() { $this->logInAs('admin'); -- cgit v1.2.3 From 78e3fafa3fab86638295fe1ee2a05a559bf56ab1 Mon Sep 17 00:00:00 2001 From: Jeremy Benoist Date: Mon, 14 Jan 2019 17:01:21 +0100 Subject: Avoid error when a bad `order` parameter is given Only allowed parameter are asc & desc --- tests/Wallabag/ApiBundle/Controller/EntryRestControllerTest.php | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'tests/Wallabag/ApiBundle/Controller') diff --git a/tests/Wallabag/ApiBundle/Controller/EntryRestControllerTest.php b/tests/Wallabag/ApiBundle/Controller/EntryRestControllerTest.php index 58b617f3..2a1d2e15 100644 --- a/tests/Wallabag/ApiBundle/Controller/EntryRestControllerTest.php +++ b/tests/Wallabag/ApiBundle/Controller/EntryRestControllerTest.php @@ -242,6 +242,15 @@ class EntryRestControllerTest extends WallabagApiTestCase $this->assertSame(2, $content['limit']); } + public function testGetStarredEntriesWithBadSort() + { + $this->client->request('GET', '/api/entries', ['starred' => 1, 'sort' => 'updated', 'order' => 'unknown']); + + $this->assertSame(400, $this->client->getResponse()->getStatusCode()); + + $this->assertSame('application/json', $this->client->getResponse()->headers->get('Content-Type')); + } + public function testGetStarredEntries() { $this->client->request('GET', '/api/entries', ['starred' => 1, 'sort' => 'updated']); -- cgit v1.2.3