Adding new tests in PostControllerTest to check for potential private post leakage.
This commit is contained in:
Alexey Skobkin
parent
5e8935ce66
commit
b455a6c8e7
|
|
@ -8,6 +8,12 @@ use Skobkin\Bundle\PointToolsBundle\Entity\{Blogs\Post, User};
|
||||||
|
|
||||||
class LoadPostData extends AbstractFixture implements OrderedFixtureInterface
|
class LoadPostData extends AbstractFixture implements OrderedFixtureInterface
|
||||||
{
|
{
|
||||||
|
public const POST_ID_LONG = 'longpost';
|
||||||
|
public const POST_ID_SHORT = 'shortpost';
|
||||||
|
public const POST_ID_PR_USER = 'prusrpst';
|
||||||
|
public const POST_ID_WL_USER = 'wlusrpst';
|
||||||
|
public const POST_ID_PR_WL_USER = 'prwlusrpst';
|
||||||
|
|
||||||
public function load(ObjectManager $om)
|
public function load(ObjectManager $om)
|
||||||
{
|
{
|
||||||
/** @var User $mainUser */
|
/** @var User $mainUser */
|
||||||
|
|
@ -19,31 +25,31 @@ class LoadPostData extends AbstractFixture implements OrderedFixtureInterface
|
||||||
/** @var User $prWlUser */
|
/** @var User $prWlUser */
|
||||||
$prWlUser = $this->getReference('test_user_'.LoadUserData::USER_PRWL_ID);
|
$prWlUser = $this->getReference('test_user_'.LoadUserData::USER_PRWL_ID);
|
||||||
|
|
||||||
$longPost = (new Post('longpost', $mainUser, new \DateTime(), Post::TYPE_POST))
|
$longPost = (new Post(self::POST_ID_LONG, $mainUser, new \DateTime(), Post::TYPE_POST))
|
||||||
->setText('Test post with many comments')
|
->setText('Test post with many comments')
|
||||||
->setPrivate(false)
|
->setPrivate(false)
|
||||||
->setDeleted(false)
|
->setDeleted(false)
|
||||||
;
|
;
|
||||||
|
|
||||||
$shortPost = (new Post('shortpost', $mainUser, new \DateTime(), Post::TYPE_POST))
|
$shortPost = (new Post(self::POST_ID_SHORT, $mainUser, new \DateTime(), Post::TYPE_POST))
|
||||||
->setText('Test short post')
|
->setText('Test short post')
|
||||||
->setPrivate(false)
|
->setPrivate(false)
|
||||||
->setDeleted(false)
|
->setDeleted(false)
|
||||||
;
|
;
|
||||||
|
|
||||||
$privateUserPost = (new Post('prusrpst', $privateUser, new \DateTime(), Post::TYPE_POST))
|
$privateUserPost = (new Post(self::POST_ID_PR_USER, $privateUser, new \DateTime(), Post::TYPE_POST))
|
||||||
->setText('Post from private user. Should not be visible in the public feed.')
|
->setText('Post from private user. Should not be visible in the public feed.')
|
||||||
->setPrivate(false)
|
->setPrivate(false)
|
||||||
->setDeleted(false)
|
->setDeleted(false)
|
||||||
;
|
;
|
||||||
|
|
||||||
$wlUserPost = (new Post('wlusrpst', $wlUser, new \DateTime(), Post::TYPE_POST))
|
$wlUserPost = (new Post(self::POST_ID_WL_USER, $wlUser, new \DateTime(), Post::TYPE_POST))
|
||||||
->setText('Post from whitelist-only user. Should only be visible for whitelisted users.')
|
->setText('Post from whitelist-only user. Should only be visible for whitelisted users.')
|
||||||
->setPrivate(false)
|
->setPrivate(false)
|
||||||
->setDeleted(false)
|
->setDeleted(false)
|
||||||
;
|
;
|
||||||
|
|
||||||
$privateWlUserPost = (new Post('prwlusrpst', $prWlUser, new \DateTime(), Post::TYPE_POST))
|
$privateWlUserPost = (new Post(self::POST_ID_PR_WL_USER, $prWlUser, new \DateTime(), Post::TYPE_POST))
|
||||||
->setText('Post from private AND whitelist-only user. Should not be visible in the public feed.')
|
->setText('Post from private AND whitelist-only user. Should not be visible in the public feed.')
|
||||||
->setPrivate(false)
|
->setPrivate(false)
|
||||||
->setDeleted(false)
|
->setDeleted(false)
|
||||||
|
|
|
||||||
|
|
@ -2,15 +2,15 @@
|
||||||
|
|
||||||
namespace Tests\Skobkin\PointToolsBundle\Controller;
|
namespace Tests\Skobkin\PointToolsBundle\Controller;
|
||||||
|
|
||||||
use Symfony\Bundle\FrameworkBundle\Test\WebTestCase;
|
use Skobkin\Bundle\PointToolsBundle\DataFixtures\ORM\LoadPostData;
|
||||||
|
use Symfony\Bundle\FrameworkBundle\{Client, Test\WebTestCase};
|
||||||
use Symfony\Component\DomCrawler\Crawler;
|
use Symfony\Component\DomCrawler\Crawler;
|
||||||
|
|
||||||
class PostControllerTest extends WebTestCase
|
class PostControllerTest extends WebTestCase
|
||||||
{
|
{
|
||||||
public function testNonExistingPostPage()
|
public function testNonExistingPostPage()
|
||||||
{
|
{
|
||||||
$client = static::createClient();
|
$client = $this->createClientForPostId('nonexistingpost');
|
||||||
$client->request('GET', '/nonexistingpost');
|
|
||||||
|
|
||||||
$this->assertTrue($client->getResponse()->isNotFound(), '404 response code for non-existing post');
|
$this->assertTrue($client->getResponse()->isNotFound(), '404 response code for non-existing post');
|
||||||
}
|
}
|
||||||
|
|
@ -20,12 +20,11 @@ class PostControllerTest extends WebTestCase
|
||||||
*/
|
*/
|
||||||
public function testShortPostPageIsOk()
|
public function testShortPostPageIsOk()
|
||||||
{
|
{
|
||||||
$client = static::createClient();
|
$client = $this->createClientForPostId(LoadPostData::POST_ID_SHORT);
|
||||||
$crawler = $client->request('GET', '/shortpost');
|
|
||||||
|
|
||||||
$this->assertTrue($client->getResponse()->isOk(), '200 response code for existing post');
|
$this->assertTrue($client->getResponse()->isOk(), '200 response code for existing post');
|
||||||
|
|
||||||
return $crawler;
|
return $client->getCrawler();
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
@ -58,4 +57,33 @@ class PostControllerTest extends WebTestCase
|
||||||
$this->assertEquals(1, $p->count(), '.post-text has zero or more than one paragraphs');
|
$this->assertEquals(1, $p->count(), '.post-text has zero or more than one paragraphs');
|
||||||
$this->assertEquals('Test short post', $p->text(), '.post-text has no correct post text');
|
$this->assertEquals('Test short post', $p->text(), '.post-text has no correct post text');
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function testPrivateUserPostForbidden()
|
||||||
|
{
|
||||||
|
$client = $this->createClientForPostId(LoadPostData::POST_ID_PR_USER);
|
||||||
|
|
||||||
|
$this->assertTrue($client->getResponse()->isForbidden(), '403 response code for private user\'s post');
|
||||||
|
}
|
||||||
|
|
||||||
|
public function testWhitelistOnlyUserPostForbidden()
|
||||||
|
{
|
||||||
|
$client = $this->createClientForPostId(LoadPostData::POST_ID_WL_USER);
|
||||||
|
|
||||||
|
$this->assertTrue($client->getResponse()->isForbidden(), '403 response code for whitelist-only user\'s post');
|
||||||
|
}
|
||||||
|
|
||||||
|
public function testPrivateWhitelistOnlyUserPostForbidden()
|
||||||
|
{
|
||||||
|
$client = $this->createClientForPostId(LoadPostData::POST_ID_PR_WL_USER);
|
||||||
|
|
||||||
|
$this->assertTrue($client->getResponse()->isForbidden(), '403 response code for private whitelist-only user\'s post');
|
||||||
|
}
|
||||||
|
|
||||||
|
private function createClientForPostId(string $id): Client
|
||||||
|
{
|
||||||
|
$client = static::createClient();
|
||||||
|
$client->request('GET', '/'.$id);
|
||||||
|
|
||||||
|
return $client;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue